last executing test programs: 11m43.580360374s ago: executing program 4 (id=408): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407e050e20000000000001090224000100005000090400feb903000100092104000801220800090581030000070503"], 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0x2, "b05e2f86"}, @main=@item_012={0x2, 0x0, 0x8, '\x00\x00'}]}}, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340)={0x7, 0x6, 0x31, 0x5, 0x80, 0x9, 0x42, 0x1, 0xb, 0x7, 0x8, 0x8, 0xfe, 0x4}, 0xe) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) shutdown(r1, 0x1) syz_emit_ethernet(0x66, &(0x7f0000000040)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x23}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x11, 0x10, 0x0, 0x0, 0x0, {[@mptcp=@synack={0x1e, 0x10, 0x0, 0x2, 0x9, 0x10, 0x8}, @mptcp=@syn={0x1e, 0xc, 0x0, 0x1, 0x0, 0x7c}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x3}, &(0x7f0000000280)=0x8) syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0) 11m37.779366906s ago: executing program 4 (id=416): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000700)={'syz_tun\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xb, 0x7, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRESDEC=r1], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000007c0)={r2, r1, 0x25, 0x0, @val=@netfilter={0x7, 0x0, 0x800, 0x1}}, 0x20) syz_emit_ethernet(0xfdef, &(0x7f0000000800)=ANY=[@ANYBLOB], 0x0) r3 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES8], 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="2001f13b78"], 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x1) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io(r5, 0x0, 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x7, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r6, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x1, {}, {0x1, 0xc, 0x9, 0xc, 0x6, 0x8, "ef00"}, 0xa1d4, 0x2, {0x0}, 0x96001}) r7 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x48700, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f00000003c0)={{0x3c, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x4, 0xd, 0x80012d58, 0x12d5c}}, 0x44) fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000780)='/\x88\x04v/nvm\x00-fabrics\x00\xfbU{\x18\xd4\x10\xe50q?98\x1eu\xa3\n\x8a\xb3\a\x91TBW\xf28\xce4\x00S%\xc8\xaa\x8d#\x85r\xc1Q\xe9\x85\\', 0x0, 0xffffffffffffffff) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f00000006c0)={0xdddd0000, 0x101000}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0), 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffd32}, 0x8000) socket$kcm(0xa, 0x3, 0x11) 11m34.52129733s ago: executing program 4 (id=422): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000680)='(', 0x1) setsockopt$inet6_int(r0, 0x29, 0x3c, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0xffff, 0x0, 0x3, 0x5}, 0x20) bpf$OBJ_GET_MAP(0x7, &(0x7f0000001740)=@o_path={&(0x7f0000001700)='./file0\x00', 0x0, 0x4000}, 0x18) 11m34.119138218s ago: executing program 4 (id=425): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) getpeername$ax25(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @null}, [@default, @rose, @rose, @remote, @null, @bcast, @null, @netrom]}, &(0x7f0000000080)=0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181800, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) r2 = dup(r1) read$FUSE(r2, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=@newneigh={0x1c, 0x1c, 0x400, 0x70bd2c, 0x25dfdbfd, {0x2, 0x0, 0x0, r4, 0x1, 0x9, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x400c004}, 0x0) openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) r5 = getpgrp(0x0) sched_setaffinity(r5, 0x8, &(0x7f00000002c0)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) r9 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) getsockopt$sock_buf(r9, 0x1, 0x1c, 0x0, &(0x7f0000001000)) 11m33.084635284s ago: executing program 4 (id=427): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) getpeername$ax25(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @null}, [@default, @rose, @rose, @remote, @null, @bcast, @null, @netrom]}, &(0x7f0000000080)=0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181800, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd) r4 = dup(r3) read$FUSE(r4, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=@newneigh={0x1c, 0x1c, 0x400, 0x70bd2c, 0x25dfdbfd, {0x2, 0x0, 0x0, r6, 0x1, 0x9, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x400c004}, 0x0) openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = getpgrp(0x0) sched_setaffinity(r7, 0x8, &(0x7f00000002c0)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r9 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r9, 0x1, 0x0) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0) ioctl$XFS_IOC_GOINGDOWN(r4, 0x8004587d, &(0x7f0000000440)=0x8) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="10005a800c000180050009"], 0x2c}}, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000001000)) 11m31.83580111s ago: executing program 4 (id=430): socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r3, 0x402c542b, &(0x7f0000000080)={0xffbe3523, 0x100006, 0xed34, 0x400ff7, 0xb4, "20cde7b23a5cf0b4a5a300000400", 0x1e, 0xdb25}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000340)={&(0x7f0000000240)=[0x0], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) r6 = getpgrp(r0) write$cgroup_pid(r5, &(0x7f00000003c0)=r6, 0x12) r7 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x20044015}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x9800, &(0x7f0000000080)={0x97, 0xf8, 0x40000}, 0x20) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) epoll_create1(0x0) 11m16.451483472s ago: executing program 32 (id=430): socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r3, 0x402c542b, &(0x7f0000000080)={0xffbe3523, 0x100006, 0xed34, 0x400ff7, 0xb4, "20cde7b23a5cf0b4a5a300000400", 0x1e, 0xdb25}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000340)={&(0x7f0000000240)=[0x0], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) r6 = getpgrp(r0) write$cgroup_pid(r5, &(0x7f00000003c0)=r6, 0x12) r7 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x20044015}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mount_setattr(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x9800, &(0x7f0000000080)={0x97, 0xf8, 0x40000}, 0x20) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) epoll_create1(0x0) 9.950104495s ago: executing program 2 (id=2139): write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000e80), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000, 0x2, 0x0) fchown(r2, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000001480)={0x3c, r0, 0x1, 0x70bd25, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 9.599911539s ago: executing program 1 (id=2141): syz_io_uring_setup(0x214e, 0x0, 0x0, &(0x7f0000000040)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f00000003c0)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080)=r4, 0x12) 9.545098628s ago: executing program 3 (id=2143): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 8.31622879s ago: executing program 2 (id=2144): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0xffff}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 8.14128135s ago: executing program 1 (id=2145): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x7) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newqdisc={0x44, 0x24, 0xe0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd, 0xe}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_ATM={0x8, 0x4, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24020080}, 0x4044080) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f88a8068986dd0300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 8.11652683s ago: executing program 3 (id=2146): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000280)=0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.860954725s ago: executing program 2 (id=2147): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x18, 0x1402, 0x1, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x40) 7.641499184s ago: executing program 2 (id=2150): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x69deddea}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) clock_gettime(0x0, &(0x7f0000000180)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x103c02, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x4, 0x0, 0x6, 0x7, 0x2}) setsockopt$inet_int(r4, 0x0, 0x12, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(0xffffffffffffffff, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)={0x14, 0x17, 0x9, 0x70bd27, 0x25dfdbff, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 7.629218895s ago: executing program 1 (id=2151): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x24040084) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 7.423465722s ago: executing program 5 (id=2153): syz_emit_ethernet(0x32, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @multicast1}, {{0x0, 0x6558, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d8621b", 0x0, "2c17a9"}}}}}}, 0x0) 7.27213632s ago: executing program 5 (id=2154): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="6000000002060108000000000000000005000003050005000a000000050001000700000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c69700014000780080006400000020008000840", @ANYRES32], 0x60}, 0x1, 0x0, 0x0, 0x90}, 0x40c0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 6.935801951s ago: executing program 5 (id=2155): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = syz_clone(0x80000400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r2) tkill(r2, 0x12) ptrace(0x8, r2) ptrace(0x4207, r2) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xc}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00001b5000/0x2000)=nil, 0x2000}, 0x3}) madvise(&(0x7f00001b4000/0x4000)=nil, 0x4000, 0x4) ioctl$UFFDIO_MOVE(r3, 0xc028aa05, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x0, 0x0, 0x50, 0x0, 0x7, 0x8, 0x8, 0x20000, 0x400003}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) pipe2$watch_queue(0x0, 0x80) ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r5, 0xc0106450, &(0x7f0000000140)={0x0, 0x0, 0x2}) sendfile(0xffffffffffffffff, r5, 0x0, 0x7ffffffd) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r6, &(0x7f0000000600)=""/4093, 0x1049, 0xfffffffd) socket$nl_generic(0x10, 0x3, 0x10) 6.243680688s ago: executing program 3 (id=2156): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x258) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x11c, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@local, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xffff, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@empty, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x84, 0x3500, 0x2, 0x1, 0x8, 0x20}, [@user_kmaddress={0x2c, 0x13, {@in=@dev={0xac, 0x14, 0x14, 0x25}, @in=@broadcast, 0x0, 0xb}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x84}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) 5.208699563s ago: executing program 3 (id=2157): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x1003, r2}, 0x38) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1, &(0x7f0000000740), 0x0, 0x80}, 0xbba0e750fb86e36c) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x388, 0x7ffffffe) get_mempolicy(0x0, 0x0, 0x206, &(0x7f0000394000/0x3000)=nil, 0x3) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) io_submit(0x0, 0x0, &(0x7f0000001d00)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r4, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000110}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x4}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x40000c0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000001c0)={0xffffffffffffffff, 0x1, 0x4, 0x3, @vifc_lcl_addr=@private=0xa010100, @local}, 0x10) syz_emit_ethernet(0x7a, &(0x7f0000007640)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd606ed6c400442ffffc020000000000000000000000000000ff020000000000000000000000000001242088a80000fffc00000800000086dd88a888be08000000100800fe0100000000000801080022eb000000042000c000020000000000000000000000080065580000000055d25935166cc76ce6f0b10d2ac03e4e1e36335e622e6abcef0b6f75de3944b6081846c80854ef99c1039a7153f580335c1068ceb5f636c596ec4042a7639b356ed72aaec2"], 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000300)='./mnt\x00', &(0x7f0000007740)=ANY=[@ANYBLOB="1c00000081000000050000000000000000100000000000000c00000000000000fcffffffdc10933a9e25b6da0c99a13026633897560573e8f6adb35c4a"], &(0x7f0000001500), 0x200) sendmsg$netlink(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d00", @ANYRESHEX=0x0, @ANYRES8=r1], 0x1c}], 0x1}, 0x0) 4.53799408s ago: executing program 2 (id=2158): syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) write$char_usb(r0, &(0x7f0000000000)='\x00', 0x1) close(0x3) setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0) 4.41164794s ago: executing program 3 (id=2159): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, &(0x7f0000002a00)={0x44, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x20, 0x0, 0x4, {0x3, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$inet(0x2, 0x1, 0x100) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) syz_usb_control_io$hid(r2, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r4, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r4, 0x0, 0xd, &(0x7f0000000040)=0x1f7, 0x4) setsockopt$inet_int(r4, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4) recvmmsg(r4, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)=""/4096, 0x1000}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 4.207152458s ago: executing program 1 (id=2161): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000840), &(0x7f0000000880)=0x4) 2.418599702s ago: executing program 0 (id=2163): setsockopt$inet6_mreq(0xffffffffffffffff, 0x84, 0x1c, 0x0, 0x0) 2.358444569s ago: executing program 1 (id=2164): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x18, 0x32, 0x7e086431b233259, 0x70bd2d, 0x2, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4010) 2.26185939s ago: executing program 5 (id=2165): syz_io_uring_setup(0x214e, 0x0, 0x0, &(0x7f0000000040)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(r3, &(0x7f00000003c0)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000080)=r4, 0x12) 2.19704396s ago: executing program 0 (id=2166): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x80000) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000300)={0x10000000}) 1.821613913s ago: executing program 0 (id=2167): unshare(0x24020400) r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x17) syz_emit_ethernet(0xb2, &(0x7f0000000300)={@local, @remote, @void, {@ipv4={0x800, @tipc={{0x21, 0x4, 0x3, 0x38, 0xa4, 0x68, 0x0, 0x7f, 0x6, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x2f}, {[@cipso={0x86, 0xd, 0x0, [{0x2, 0x7, "c3f96d531f"}]}, @generic={0x82, 0xb, "00e3b428163f4652d4"}, @lsrr={0x83, 0x7, 0x25, [@empty]}, @timestamp={0x44, 0x14, 0x65, 0x0, 0x0, [0xec9, 0x2, 0xe6c, 0xf81]}, @timestamp_addr={0x44, 0xc, 0xa9, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x2, 0x0}, 0x3ce}]}, @rr={0x7, 0xb, 0xe7, [@remote, @private=0xa010101]}, @timestamp_prespec={0x44, 0x24, 0xbd, 0x3, 0x8, [{@loopback, 0x7fffffff}, {@private=0xa010101, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xa}, {@private=0xa010102, 0x6}]}]}}, @payload_direct={{{{0x20, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, 0x2, 0x3766, 0x0, 0x1, 0x5, 0x4c1b4ea72191ce6b, 0x3, 0x81, 0x6, 0x4, 0x4e24, 0x4e21}, 0x3, 0x4}}}}}}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x0, 0x6, 0x4d, 0x39cc1919, 0x6800000, 0x9, 0x3, 0x2, 0x0, 0x8, 0x8, 0x0, 0x2, 0x5, 0x7, 0x4, 0x3c5b, 0x1, 0x1fc, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xd, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x4, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x5, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a1, 0x2, 0xe752, 0x20000000, 0x200182, 0x9a, 0x7, 0x8, 0x18, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x5, 0x1800, 0xfffffffc, 0x4, 0x0, 0x7, 0x5, 0x2f, 0x8, 0x8, 0x1, 0x0, 0x2, 0x8, 0x4, 0x8000, 0x9, 0x5, 0x401, 0x3, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0xb, 0xb, 0xa, 0x400001, 0x1, 0x2, 0x2, 0x7b, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x942, 0x9, 0x48c93694, 0x42, 0x400004], [0x3, 0x6, 0x81000003, 0x2, 0xff, 0x40000100, 0x8d2, 0x80000001, 0x5, 0x5, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x9, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x5, 0x1fe, 0x80, 0x2, 0xcc56, 0x950bfaf, 0x1000, 0xa2, 0x4, 0x53cf697b, 0xfffffff9, 0x80000001, 0xac8, 0x5, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120002, 0x40005, 0x6, 0xaaed, 0x4, 0xdf], [0x10, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0xffffffff, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x7, 0x8, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x82, 0x100, 0x9602, 0x4, 0x3, 0xffff, 0x9649, 0x1, 0x10080, 0x6, 0x2, 0x30b1d691, 0x5a2d, 0xc, 0x7, 0x1, 0x35cb92d0, 0x80, 0x4, 0x4, 0xb19, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, &(0x7f0000000080)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) r3 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x3, 0xffff}}) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x300) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x202000) file_setattr(r4, 0x0, &(0x7f0000000000)={0x2000, 0xfffffffc, 0xed, 0x0, 0x400}, 0x18, 0x1000) socket$nl_generic(0x10, 0x3, 0x10) 1.284841634s ago: executing program 5 (id=2168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x0) 1.164587274s ago: executing program 0 (id=2169): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1.163430524s ago: executing program 2 (id=2170): socket$inet_smc(0x2b, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000040)=@dellink={0x34, 0x11, 0x1, 0x70bd26, 0x5dfdbff, {0x0, 0x0, 0x0, 0x0, 0x42008, 0x40000}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x200000000000000, 0x0, 0x240040c4}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000000000040f003040040000102030109021b00010400000009040000020701010009050102"], 0x0) syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0xffffffffffffff42, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x1, 0x1}}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000300)="ec", 0x1}], 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'ipvlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdd25060000000c00018008000100", @ANYRES32=r5], 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x30008010) 347.529182ms ago: executing program 0 (id=2171): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0xce23, @broadcast}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f0000000180)=0x8) 347.265245ms ago: executing program 1 (id=2172): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 346.872583ms ago: executing program 5 (id=2173): r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x201c2, 0x0) ftruncate(r0, 0x8800000) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r1, r0, 0x0, 0x578410ed) 1.224218ms ago: executing program 0 (id=2174): syz_usb_connect(0x2, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) 0s ago: executing program 3 (id=2175): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {0x0, 0x5, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0xf}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {0xfffffffd}, {}, {}, {}, {0x0, 0x0, 0x6}, {}, {0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x233b, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x5, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0xffff}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{0x0, 0x1}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) kernel console output (not intermixed with test programs): _urb failed: -32 [ 752.873570][ T5960] input input21: Device does not respond to id packet P [ 752.873867][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.873891][ T5960] input input21: Device does not respond to id packet B [ 752.874300][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.874325][ T5960] input input21: Device does not respond to id packet N [ 752.876837][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.878261][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.879420][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.879764][ T5960] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 752.914268][T11289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1492'. [ 752.914292][T11289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1492'. [ 752.951051][T11291] random: crng reseeded on system resumption [ 753.158483][ T31] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 753.254722][ C1] sd 0:0:1:0: [sda] tag#8581 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 753.254792][ C1] sd 0:0:1:0: [sda] tag#8581 CDB: Write(6) 0a 10 00 00 03 00 00 00 00 00 00 00 [ 753.289123][ T5960] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input21 [ 753.311216][ T31] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 753.658631][ T5960] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 753.782306][T11293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.782838][T11293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.819111][ T5960] usb 3-1: Using ep0 maxpacket: 32 [ 753.822891][ T5960] usb 3-1: config 0 has an invalid interface number: 172 but max is 0 [ 753.822916][ T5960] usb 3-1: config 0 has no interface number 0 [ 753.822960][ T5960] usb 3-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 753.822984][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.827187][ T5960] usb 3-1: config 0 descriptor?? [ 753.834129][ T5960] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 753.878634][ T10] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 754.028648][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 754.032164][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 754.035369][ T10] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 754.035385][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.035395][ T10] usb 6-1: Product: syz [ 754.035403][ T10] usb 6-1: Manufacturer: syz [ 754.035410][ T10] usb 6-1: SerialNumber: syz [ 754.055638][ T10] usb 6-1: config 0 descriptor?? [ 754.096294][T11304] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1500'. [ 754.113305][ T5960] gspca_sn9c2028: read1 error -71 [ 754.116702][ T10] mcba_usb 6-1:0.0: Can't find endpoints [ 754.118238][ T5960] gspca_sn9c2028: read1 error -71 [ 754.119973][ T5960] gspca_sn9c2028: read1 error -71 [ 754.120057][ T5960] sn9c2028 3-1:0.172: probe with driver sn9c2028 failed with error -71 [ 754.157753][ T5960] usb 3-1: USB disconnect, device number 39 [ 754.324546][T11312] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1503'. [ 754.425739][ T10] usb 6-1: USB disconnect, device number 26 [ 754.502955][T11320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1505'. [ 754.571935][T11320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1505'. [ 754.698005][T11320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1505'. [ 754.842905][ T10] usb 4-1: USB disconnect, device number 43 [ 756.066239][T11349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 756.068034][T11349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 756.068361][T11349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 757.199037][ T6008] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 757.662348][ T6008] usb 4-1: Using ep0 maxpacket: 32 [ 757.722265][ T6008] usb 4-1: config 0 has an invalid interface number: 172 but max is 0 [ 757.722292][ T6008] usb 4-1: config 0 has no interface number 0 [ 757.722336][ T6008] usb 4-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 757.722359][ T6008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.103872][ T6008] usb 4-1: config 0 descriptor?? [ 758.130313][ T6008] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 758.431961][T11359] __nla_validate_parse: 1 callbacks suppressed [ 758.432831][T11359] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1517'. [ 758.471578][ T6008] gspca_sn9c2028: read1 error -71 [ 758.471956][ T6008] gspca_sn9c2028: read1 error -71 [ 758.472332][ T6008] gspca_sn9c2028: read1 error -71 [ 758.472418][ T6008] sn9c2028 4-1:0.172: probe with driver sn9c2028 failed with error -71 [ 758.506114][ T6008] usb 4-1: USB disconnect, device number 44 [ 758.798646][ T5808] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 758.959964][ T5808] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 758.959993][ T5808] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 758.960026][ T5808] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 758.960048][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.865983][ T5808] usb 2-1: config 0 descriptor?? [ 760.948423][T11421] netlink: 71 bytes leftover after parsing attributes in process `syz.0.1528'. [ 760.995807][T11421] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1528'. [ 761.658371][ T6008] usb 2-1: USB disconnect, device number 49 [ 762.057700][T11433] FAULT_INJECTION: forcing a failure. [ 762.057700][T11433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 762.057736][T11433] CPU: 0 UID: 0 PID: 11433 Comm: syz.3.1534 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 762.057761][T11433] Tainted: [L]=SOFTLOCKUP [ 762.057768][T11433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 762.057778][T11433] Call Trace: [ 762.057785][T11433] [ 762.057793][T11433] dump_stack_lvl+0xe8/0x150 [ 762.057821][T11433] should_fail_ex+0x46b/0x600 [ 762.057847][T11433] _copy_from_iter+0x1d3/0x1670 [ 762.057880][T11433] ? __pfx__copy_from_iter+0x10/0x10 [ 762.057900][T11433] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 762.057919][T11433] ? __lock_acquire+0x6b5/0x2cf0 [ 762.057944][T11433] ? _parse_integer_limit+0x1ae/0x1f0 [ 762.057962][T11433] ? skb_put+0x11b/0x210 [ 762.057989][T11433] hci_sock_sendmsg+0x426/0xf40 [ 762.058017][T11433] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 762.058043][T11433] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 762.058065][T11433] sock_write_iter+0x509/0x550 [ 762.058088][T11433] ? __pfx_sock_write_iter+0x10/0x10 [ 762.058135][T11433] vfs_write+0x629/0xba0 [ 762.058161][T11433] ? __pfx_vfs_write+0x10/0x10 [ 762.058189][T11433] ? __fget_files+0x2a/0x420 [ 762.058219][T11433] ksys_write+0x156/0x270 [ 762.058239][T11433] ? __pfx_ksys_write+0x10/0x10 [ 762.058268][T11433] do_syscall_64+0x14d/0xf80 [ 762.058289][T11433] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.058306][T11433] ? trace_irq_disable+0x37/0x100 [ 762.058321][T11433] ? clear_bhb_loop+0x40/0x90 [ 762.058343][T11433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.058360][T11433] RIP: 0033:0x7f69d450bf79 [ 762.058377][T11433] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 762.058392][T11433] RSP: 002b:00007f69d275e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 762.058411][T11433] RAX: ffffffffffffffda RBX: 00007f69d4785fa0 RCX: 00007f69d450bf79 [ 762.058424][T11433] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000009 [ 762.058436][T11433] RBP: 00007f69d275e090 R08: 0000000000000000 R09: 0000000000000000 [ 762.058448][T11433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 762.058459][T11433] R13: 00007f69d4786038 R14: 00007f69d4785fa0 R15: 00007fff7e0f56d8 [ 762.058494][T11433] [ 763.913503][ T5808] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 764.200783][T11447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1539'. [ 764.849789][ T5808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 764.849831][ T5808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 764.849869][ T5808] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 764.849892][ T5808] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.901600][ T5808] usb 6-1: config 0 descriptor?? [ 765.405140][ T5808] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0 [ 766.132024][ T5808] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 767.083653][ T5808] cp2112 0003:10C4:EA90.000F: error requesting version [ 767.086395][ T5808] cp2112 0003:10C4:EA90.000F: probe with driver cp2112 failed with error -71 [ 767.148883][ T5808] usb 6-1: USB disconnect, device number 27 [ 767.249935][T11465] fido_id[11465]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 768.095176][T11476] FAULT_INJECTION: forcing a failure. [ 768.095176][T11476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 768.095211][T11476] CPU: 1 UID: 0 PID: 11476 Comm: syz.5.1545 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 768.095237][T11476] Tainted: [L]=SOFTLOCKUP [ 768.095243][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 768.095254][T11476] Call Trace: [ 768.095262][T11476] [ 768.095270][T11476] dump_stack_lvl+0xe8/0x150 [ 768.095299][T11476] should_fail_ex+0x46b/0x600 [ 768.095326][T11476] _copy_to_user+0x31/0xb0 [ 768.095351][T11476] simple_read_from_buffer+0xe1/0x170 [ 768.095379][T11476] proc_fail_nth_read+0x1be/0x230 [ 768.095402][T11476] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 768.095425][T11476] ? rw_verify_area+0x2ac/0x4e0 [ 768.095449][T11476] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 768.095469][T11476] vfs_read+0x212/0xa70 [ 768.095494][T11476] ? __pfx_vfs_read+0x10/0x10 [ 768.095514][T11476] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 768.095537][T11476] ? lockdep_hardirqs_on+0x7a/0x110 [ 768.095562][T11476] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 768.095583][T11476] ? mutex_lock_nested+0x152/0x1d0 [ 768.095599][T11476] ? fdget_pos+0x252/0x320 [ 768.095629][T11476] ksys_read+0x156/0x270 [ 768.095649][T11476] ? __pfx_ksys_read+0x10/0x10 [ 768.095677][T11476] do_syscall_64+0x14d/0xf80 [ 768.095698][T11476] ? rcu_is_watching+0x15/0xb0 [ 768.095719][T11476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.095736][T11476] ? clear_bhb_loop+0x40/0x90 [ 768.095757][T11476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.095774][T11476] RIP: 0033:0x7fb84f40c84e [ 768.095790][T11476] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 768.095806][T11476] RSP: 002b:00007fb84d6a5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 768.095825][T11476] RAX: ffffffffffffffda RBX: 00007fb84d6a66c0 RCX: 00007fb84f40c84e [ 768.095838][T11476] RDX: 000000000000000f RSI: 00007fb84d6a60a0 RDI: 0000000000000003 [ 768.095850][T11476] RBP: 00007fb84d6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 768.095861][T11476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 768.095871][T11476] R13: 00007fb84f6c6038 R14: 00007fb84f6c5fa0 R15: 00007ffdc5595fe8 [ 768.095902][T11476] [ 769.120031][T11482] FAULT_INJECTION: forcing a failure. [ 769.120031][T11482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 769.120077][T11482] CPU: 1 UID: 0 PID: 11482 Comm: syz.3.1537 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 769.120092][T11482] Tainted: [L]=SOFTLOCKUP [ 769.120095][T11482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 769.120101][T11482] Call Trace: [ 769.120106][T11482] [ 769.120111][T11482] dump_stack_lvl+0xe8/0x150 [ 769.120129][T11482] should_fail_ex+0x46b/0x600 [ 769.120145][T11482] _copy_from_user+0x2d/0xb0 [ 769.120160][T11482] kstrtouint_from_user+0xd6/0x180 [ 769.120173][T11482] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 769.120194][T11482] proc_fail_nth_write+0x8e/0x210 [ 769.120210][T11482] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 769.120224][T11482] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 769.120235][T11482] vfs_write+0x2a3/0xba0 [ 769.120249][T11482] ? __pfx_vfs_write+0x10/0x10 [ 769.120260][T11482] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 769.120288][T11482] ? lockdep_hardirqs_on+0x7a/0x110 [ 769.120308][T11482] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 769.120327][T11482] ? mutex_lock_nested+0x152/0x1d0 [ 769.120342][T11482] ? fdget_pos+0x252/0x320 [ 769.120372][T11482] ksys_write+0x156/0x270 [ 769.120392][T11482] ? __pfx_ksys_write+0x10/0x10 [ 769.120423][T11482] do_syscall_64+0x14d/0xf80 [ 769.120444][T11482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.120454][T11482] ? trace_irq_disable+0x37/0x100 [ 769.120463][T11482] ? clear_bhb_loop+0x40/0x90 [ 769.120475][T11482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.120485][T11482] RIP: 0033:0x7f69d44cc84e [ 769.120495][T11482] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 769.120504][T11482] RSP: 002b:00007f69d271bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 769.120515][T11482] RAX: ffffffffffffffda RBX: 00007f69d271c6c0 RCX: 00007f69d44cc84e [ 769.120522][T11482] RDX: 0000000000000001 RSI: 00007f69d271c0a0 RDI: 0000000000000006 [ 769.120529][T11482] RBP: 00007f69d271c090 R08: 0000000000000000 R09: 0000000000000000 [ 769.120534][T11482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 769.120540][T11482] R13: 00007f69d4786218 R14: 00007f69d4786180 R15: 00007fff7e0f56d8 [ 769.120557][T11482] [ 769.204102][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1546'. [ 769.297908][T11483] erspan1: entered allmulticast mode [ 774.357871][T11519] FAULT_INJECTION: forcing a failure. [ 774.357871][T11519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 774.357906][T11519] CPU: 1 UID: 0 PID: 11519 Comm: syz.1.1560 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 774.357932][T11519] Tainted: [L]=SOFTLOCKUP [ 774.357939][T11519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 774.357949][T11519] Call Trace: [ 774.357957][T11519] [ 774.357965][T11519] dump_stack_lvl+0xe8/0x150 [ 774.357994][T11519] should_fail_ex+0x46b/0x600 [ 774.358020][T11519] _copy_to_user+0x31/0xb0 [ 774.358045][T11519] simple_read_from_buffer+0xe1/0x170 [ 774.358071][T11519] proc_fail_nth_read+0x1be/0x230 [ 774.358093][T11519] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 774.358116][T11519] ? rw_verify_area+0x2ac/0x4e0 [ 774.358139][T11519] ? __fget_files+0x2a/0x420 [ 774.358159][T11519] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 774.358179][T11519] vfs_read+0x212/0xa70 [ 774.358205][T11519] ? __pfx_vfs_read+0x10/0x10 [ 774.358225][T11519] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 774.358248][T11519] ? lockdep_hardirqs_on+0x7a/0x110 [ 774.358269][T11519] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 774.358291][T11519] ? mutex_lock_nested+0x152/0x1d0 [ 774.358307][T11519] ? fdget_pos+0x252/0x320 [ 774.358337][T11519] ksys_read+0x156/0x270 [ 774.358357][T11519] ? __pfx_ksys_read+0x10/0x10 [ 774.358386][T11519] do_syscall_64+0x14d/0xf80 [ 774.358407][T11519] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.358424][T11519] ? trace_irq_disable+0x37/0x100 [ 774.358440][T11519] ? clear_bhb_loop+0x40/0x90 [ 774.358462][T11519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.358480][T11519] RIP: 0033:0x7f1448ffc84e [ 774.358508][T11519] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 774.358523][T11519] RSP: 002b:00007f1447295fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 774.358541][T11519] RAX: ffffffffffffffda RBX: 00007f14472966c0 RCX: 00007f1448ffc84e [ 774.358552][T11519] RDX: 000000000000000f RSI: 00007f14472960a0 RDI: 0000000000000005 [ 774.358563][T11519] RBP: 00007f1447296090 R08: 0000000000000000 R09: 0000000000000000 [ 774.358574][T11519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 774.358583][T11519] R13: 00007f14492b6038 R14: 00007f14492b5fa0 R15: 00007ffc7eb81248 [ 774.358611][T11519] [ 774.701392][T11528] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 776.493679][T11546] program syz.5.1568 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 777.489908][T11544] xt_socket: unknown flags 0x4 [ 777.825025][T11558] sctp: [Deprecated]: syz.5.1571 (pid 11558) Use of int in max_burst socket option. [ 777.825025][T11558] Use struct sctp_assoc_value instead [ 778.068695][ T5808] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 778.230674][ T5808] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 778.230701][ T5808] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 778.231867][ T5808] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 778.231894][ T5808] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 778.231913][ T5808] usb 6-1: SerialNumber: syz [ 778.485677][ T5808] usb 6-1: 0:2 : does not exist [ 778.485765][ T5808] usb 6-1: unit 5: unexpected type 0x09 [ 778.680308][ T5808] usb 6-1: USB disconnect, device number 28 [ 778.849715][ T8138] udevd[8138]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 780.073525][ T37] kauditd_printk_skb: 16 callbacks suppressed [ 780.073542][ T37] audit: type=1326 audit(1771294724.299:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x0 [ 780.184694][ T37] audit: type=1326 audit(1771294724.409:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.184828][ T37] audit: type=1326 audit(1771294724.409:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.185050][ T37] audit: type=1326 audit(1771294724.409:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.185426][ T37] audit: type=1326 audit(1771294724.409:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.191154][T11595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1584'. [ 780.191172][T11595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1584'. [ 780.195697][ T37] audit: type=1326 audit(1771294724.419:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.195738][ T37] audit: type=1326 audit(1771294724.419:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.195776][ T37] audit: type=1326 audit(1771294724.419:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.195812][ T37] audit: type=1326 audit(1771294724.419:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.195849][ T37] audit: type=1326 audit(1771294724.419:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11589 comm="syz.2.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 780.512887][T11604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1589'. [ 780.898744][ T5960] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 781.051007][ T5960] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.051051][ T5960] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 781.051075][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.056330][ T5960] usb 6-1: config 0 descriptor?? [ 781.318260][T11618] xt_socket: unknown flags 0x4 [ 782.233823][ T5811] Bluetooth: hci0: unexpected event for opcode 0x200f [ 782.401181][T11636] netlink: 400 bytes leftover after parsing attributes in process `syz.0.1599'. [ 782.447567][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1599'. [ 782.747235][T11645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1601'. [ 784.234224][ T978] usb 6-1: USB disconnect, device number 29 [ 784.401732][T11656] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1604'. [ 784.629599][T11661] xt_socket: unknown flags 0x4 [ 784.855751][ T5811] Bluetooth: hci1: unexpected event for opcode 0x200f [ 784.878630][ T829] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 785.050928][ T829] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 785.054024][ T829] usb 6-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 785.054052][ T829] usb 6-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3 [ 785.054073][ T829] usb 6-1: Product: syz [ 785.054086][ T829] usb 6-1: Manufacturer: syz [ 785.054101][ T829] usb 6-1: SerialNumber: syz [ 785.066635][ T829] usb 6-1: config 0 descriptor?? [ 785.075926][ T829] kvaser_usb 6-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 785.278855][T11663] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1607'. [ 785.398973][ T36] usb 6-1: USB disconnect, device number 30 [ 785.730089][T11680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1613'. [ 787.369614][T11688] Invalid ELF header type: 2 != 1 [ 787.770532][T11682] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 787.862932][ T7025] bridge0: port 2(bridge_slave_1) entered disabled state [ 788.024561][T11706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1617'. [ 789.268634][ T36] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 789.418619][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 789.421729][ T36] usb 4-1: config 0 has an invalid interface number: 119 but max is 0 [ 789.421753][ T36] usb 4-1: config 0 has no interface number 0 [ 789.421784][ T36] usb 4-1: config 0 interface 119 has no altsetting 0 [ 789.425025][ T36] usb 4-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=da.f9 [ 789.425052][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.425072][ T36] usb 4-1: Product: syz [ 789.425086][ T36] usb 4-1: Manufacturer: syz [ 789.425101][ T36] usb 4-1: SerialNumber: syz [ 789.458628][ T978] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 789.500485][ T36] usb 4-1: config 0 descriptor?? [ 789.618650][ T5960] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 789.623348][ T978] usb 3-1: unable to get BOS descriptor or descriptor too short [ 789.626953][ T978] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 789.627051][ T978] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 789.627077][ T978] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 789.686530][ T978] usb 3-1: string descriptor 0 read error: -22 [ 789.686898][ T978] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 789.686972][ T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.755593][ T978] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 789.755854][ T978] cdc_ncm 3-1:1.0: bind() failure [ 789.768971][ T5960] usb 2-1: Using ep0 maxpacket: 32 [ 789.771084][ T5960] usb 2-1: config 0 has an invalid interface number: 172 but max is 0 [ 789.771106][ T5960] usb 2-1: config 0 has no interface number 0 [ 789.771149][ T5960] usb 2-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 789.771171][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.776165][ T5960] usb 2-1: config 0 descriptor?? [ 789.792975][ T5960] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 789.852351][ T978] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 789.852446][ T978] cdc_ncm 3-1:1.1: bind() failure [ 789.982705][T11723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 789.983490][T11723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.019047][T11723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.024268][T11723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.060477][T11734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.235355][T11734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.276613][ T36] mos7840 4-1:0.119: required endpoints missing [ 790.300718][ T5960] gspca_sn9c2028: read1 error -110 [ 790.328851][ T5960] gspca_sn9c2028: read1 error -32 [ 790.333982][ T5960] gspca_sn9c2028: read1 error -32 [ 790.334204][ T5960] sn9c2028 2-1:0.172: probe with driver sn9c2028 failed with error -32 [ 790.334278][T11723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.457004][T11723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.514691][ T978] usb 2-1: USB disconnect, device number 50 [ 790.546407][ T36] usb 4-1: USB disconnect, device number 45 [ 790.619208][ T5878] usb 3-1: USB disconnect, device number 40 [ 790.968661][ T36] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 791.192320][ T36] usb 4-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice=67.7a [ 791.192351][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.192371][ T36] usb 4-1: Product: syz [ 791.192385][ T36] usb 4-1: Manufacturer: syz [ 791.192398][ T36] usb 4-1: SerialNumber: syz [ 791.208710][ T36] gspca_main: spca501-2.14.0 probing 0497:c001 [ 791.549550][ T5878] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 791.616852][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 791.617623][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 791.647865][ T36] gspca_spca501: reg write: error -71 [ 791.647876][ T36] spca501 4-1:68.0: Reg write failed for 0x02,0x07,0x05 [ 791.647928][ T36] spca501 4-1:68.0: probe with driver spca501 failed with error -22 [ 791.670993][ T36] usb 4-1: USB disconnect, device number 46 [ 791.713021][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 791.715668][ T5878] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 791.715698][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 791.715713][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 791.715725][ T5878] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 791.715737][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 791.717380][ T5878] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 791.717402][ T5878] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 791.717413][ T5878] usb 3-1: Manufacturer: syz [ 791.725472][ T5878] usb 3-1: config 0 descriptor?? [ 791.922677][T11757] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1637'. [ 792.048631][ T5878] rc_core: IR keymap rc-hauppauge not found [ 792.048657][ T5878] Registered IR keymap rc-empty [ 792.053125][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.068703][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.110451][ T5878] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 792.114507][ T5878] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input22 [ 792.155973][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.169905][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.188832][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.208846][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.230473][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.248752][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.268688][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.288912][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.308778][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.328732][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 792.398818][ T5878] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 792.398843][ T5878] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 792.449125][ T5878] usb 3-1: USB disconnect, device number 41 [ 793.680588][T11768] xt_socket: unknown flags 0x4 [ 793.823795][T11776] FAULT_INJECTION: forcing a failure. [ 793.823795][T11776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 793.823831][T11776] CPU: 0 UID: 0 PID: 11776 Comm: syz.5.1644 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 793.823856][T11776] Tainted: [L]=SOFTLOCKUP [ 793.823862][T11776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 793.823872][T11776] Call Trace: [ 793.823879][T11776] [ 793.823887][T11776] dump_stack_lvl+0xe8/0x150 [ 793.823916][T11776] should_fail_ex+0x46b/0x600 [ 793.823941][T11776] _copy_from_user+0x2d/0xb0 [ 793.823965][T11776] memdup_user+0x5e/0xd0 [ 793.823987][T11776] strndup_user+0x68/0xd0 [ 793.824010][T11776] __se_sys_fsopen+0x3d/0x2c0 [ 793.824032][T11776] do_syscall_64+0x14d/0xf80 [ 793.824053][T11776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.824070][T11776] ? trace_irq_disable+0x37/0x100 [ 793.824085][T11776] ? clear_bhb_loop+0x40/0x90 [ 793.824106][T11776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.824122][T11776] RIP: 0033:0x7fb84f44bf79 [ 793.824138][T11776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 793.824154][T11776] RSP: 002b:00007fb84d6a6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 793.824173][T11776] RAX: ffffffffffffffda RBX: 00007fb84f6c5fa0 RCX: 00007fb84f44bf79 [ 793.824195][T11776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000280 [ 793.824207][T11776] RBP: 00007fb84d6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 793.824218][T11776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 793.824229][T11776] R13: 00007fb84f6c6038 R14: 00007fb84f6c5fa0 R15: 00007ffdc5595fe8 [ 793.824260][T11776] [ 794.514524][T11786] vlan0: entered promiscuous mode [ 794.690109][T11791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1645'. [ 794.690141][T11791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1645'. [ 795.089691][ T5878] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 795.268613][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 795.270717][ T5878] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 795.270743][ T5878] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 795.270765][ T5878] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 795.270790][ T5878] usb 4-1: config 1 interface 0 has no altsetting 0 [ 795.273353][ T5878] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 795.273380][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.273399][ T5878] usb 4-1: Product: syz [ 795.273413][ T5878] usb 4-1: Manufacturer: syz [ 795.273428][ T5878] usb 4-1: SerialNumber: syz [ 795.483834][ T5878] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 47 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 795.516166][T11810] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1656'. [ 796.511062][T11832] kernel read not supported for file /file1 (pid: 11832 comm: syz.0.1649) [ 796.511236][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 796.511250][ T37] audit: type=1800 audit(1771294740.739:1521): pid=11832 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1649" name="file1" dev="mqueue" ino=29299 res=0 errno=0 [ 796.829709][T11838] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1662'. [ 796.839685][T11838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1662'. [ 797.343775][T11846] netlink: 'syz.5.1666': attribute type 10 has an invalid length. [ 797.550537][ T9] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 797.572777][T11846] team0: Port device wlan1 added [ 797.645682][T11850] FAULT_INJECTION: forcing a failure. [ 797.645682][T11850] name failslab, interval 1, probability 0, space 0, times 0 [ 797.645714][T11850] CPU: 0 UID: 0 PID: 11850 Comm: syz.5.1668 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 797.645738][T11850] Tainted: [L]=SOFTLOCKUP [ 797.645744][T11850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 797.645754][T11850] Call Trace: [ 797.645760][T11850] [ 797.645768][T11850] dump_stack_lvl+0xe8/0x150 [ 797.645794][T11850] should_fail_ex+0x46b/0x600 [ 797.645820][T11850] should_failslab+0xa8/0x100 [ 797.645841][T11850] kmem_cache_alloc_noprof+0x87/0x680 [ 797.645860][T11850] ? do_getname+0x2e/0x250 [ 797.645884][T11850] do_getname+0x2e/0x250 [ 797.645906][T11850] __se_sys_symlinkat+0x3d/0x2b0 [ 797.645928][T11850] do_syscall_64+0x14d/0xf80 [ 797.645948][T11850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.645971][T11850] ? trace_irq_disable+0x37/0x100 [ 797.645985][T11850] ? clear_bhb_loop+0x40/0x90 [ 797.646005][T11850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.646020][T11850] RIP: 0033:0x7fb84f44bf79 [ 797.646036][T11850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 797.646051][T11850] RSP: 002b:00007fb84d6a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 797.646071][T11850] RAX: ffffffffffffffda RBX: 00007fb84f6c5fa0 RCX: 00007fb84f44bf79 [ 797.646084][T11850] RDX: 0000200000000080 RSI: ffffffffffffff9c RDI: 0000200000000400 [ 797.646097][T11850] RBP: 00007fb84d6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 797.646109][T11850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.646120][T11850] R13: 00007fb84f6c6038 R14: 00007fb84f6c5fa0 R15: 00007ffdc5595fe8 [ 797.646148][T11850] [ 797.836200][ T9] usb 2-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 797.836229][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.836249][ T9] usb 2-1: Product: syz [ 797.836261][ T9] usb 2-1: Manufacturer: syz [ 797.836275][ T9] usb 2-1: SerialNumber: syz [ 797.853401][ T36] usb 4-1: USB disconnect, device number 47 [ 797.864536][ T36] usblp0: removed [ 798.582134][T11856] netlink: 400 bytes leftover after parsing attributes in process `syz.5.1671'. [ 798.628785][T11856] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1671'. [ 798.636373][ T9] gspca_main: pac207-2.14.0 probing 093a:2476 [ 798.655413][ T9] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 798.656377][ T9] uvcvideo 2-1:13.0: Found UVC 0.00 device syz (093a:2476) [ 798.656405][ T9] uvcvideo 2-1:13.0: No valid video chain found. [ 798.681870][ T9] usb 2-1: USB disconnect, device number 51 [ 800.179955][T11878] FAULT_INJECTION: forcing a failure. [ 800.179955][T11878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 800.179991][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.2.1675 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 800.180017][T11878] Tainted: [L]=SOFTLOCKUP [ 800.180024][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 800.180034][T11878] Call Trace: [ 800.180041][T11878] [ 800.180050][T11878] dump_stack_lvl+0xe8/0x150 [ 800.180077][T11878] should_fail_ex+0x46b/0x600 [ 800.180104][T11878] _copy_from_user+0x2d/0xb0 [ 800.180128][T11878] ___sys_recvmsg+0x175/0x590 [ 800.180152][T11878] ? __pfx____sys_recvmsg+0x10/0x10 [ 800.180175][T11878] ? __fget_files+0x2a/0x420 [ 800.180225][T11878] do_recvmmsg+0x33a/0x800 [ 800.180252][T11878] ? __pfx_do_recvmmsg+0x10/0x10 [ 800.180283][T11878] ? rt_mutex_slowunlock+0x1cb/0x300 [ 800.180318][T11878] __x64_sys_recvmmsg+0x198/0x250 [ 800.180339][T11878] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 800.180370][T11878] do_syscall_64+0x14d/0xf80 [ 800.180390][T11878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.180407][T11878] ? trace_irq_disable+0x37/0x100 [ 800.180421][T11878] ? clear_bhb_loop+0x40/0x90 [ 800.180443][T11878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.180460][T11878] RIP: 0033:0x7eff2712bf79 [ 800.180475][T11878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.180491][T11878] RSP: 002b:00007eff25344028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 800.180511][T11878] RAX: ffffffffffffffda RBX: 00007eff273a6180 RCX: 00007eff2712bf79 [ 800.180525][T11878] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000007 [ 800.180537][T11878] RBP: 00007eff25344090 R08: 0000000000000000 R09: 0000000000000000 [ 800.180548][T11878] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 800.180559][T11878] R13: 00007eff273a6218 R14: 00007eff273a6180 R15: 00007ffc2f51b1b8 [ 800.180589][T11878] [ 801.658874][T11872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1676'. [ 801.660083][T11873] vlan0: entered promiscuous mode [ 803.077600][T11902] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1684'. [ 805.415102][T11921] vlan0: entered promiscuous mode [ 805.595333][T11923] tmpfs: Bad value for 'mpol' [ 805.606109][ T5878] IPVS: starting estimator thread 0... [ 805.718864][T11924] IPVS: using max 8 ests per chain, 19200 per kthread [ 806.141123][T11939] netlink: 400 bytes leftover after parsing attributes in process `syz.5.1696'. [ 806.244001][T11939] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1696'. [ 806.333266][T11948] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1697'. [ 806.340160][T11948] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1697'. [ 808.784370][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.784433][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.346792][T12000] netlink: 400 bytes leftover after parsing attributes in process `syz.3.1712'. [ 810.388730][T12000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1712'. [ 811.238607][ T829] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 811.600598][ T829] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 811.600627][ T829] usb 3-1: config 0 has no interface number 0 [ 811.600669][ T829] usb 3-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 811.600695][ T829] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 48, changing to 9 [ 811.600721][ T829] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8240, setting to 1024 [ 811.600761][ T829] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 811.600783][ T829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.606052][ T829] usb 3-1: config 0 descriptor?? [ 811.626837][ T829] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.120/input/input23 [ 812.726654][ T36] usb 3-1: USB disconnect, device number 42 [ 813.465338][T12035] xt_socket: unknown flags 0x4 [ 814.302296][T12039] kexec: Could not allocate control_code_buffer [ 816.402105][T12068] netlink: 400 bytes leftover after parsing attributes in process `syz.5.1732'. [ 816.490765][T12064] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1732'. [ 817.337761][T12084] FAULT_INJECTION: forcing a failure. [ 817.337761][T12084] name failslab, interval 1, probability 0, space 0, times 0 [ 817.337818][T12084] CPU: 0 UID: 0 PID: 12084 Comm: syz.5.1736 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 817.337845][T12084] Tainted: [L]=SOFTLOCKUP [ 817.337851][T12084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 817.337863][T12084] Call Trace: [ 817.337870][T12084] [ 817.337878][T12084] dump_stack_lvl+0xe8/0x150 [ 817.337907][T12084] should_fail_ex+0x46b/0x600 [ 817.337934][T12084] should_failslab+0xa8/0x100 [ 817.337956][T12084] __kmalloc_cache_noprof+0x84/0x690 [ 817.337978][T12084] ? __scm_send+0x687/0x14a0 [ 817.337996][T12084] ? __scm_send+0x25b/0x14a0 [ 817.338019][T12084] __scm_send+0x687/0x14a0 [ 817.338038][T12084] ? finish_task_switch+0x240/0x920 [ 817.338065][T12084] ? rcu_is_watching+0x15/0xb0 [ 817.338099][T12084] ? __pfx___scm_send+0x10/0x10 [ 817.338118][T12084] ? smack_socket_getpeersec_dgram+0x320/0x430 [ 817.338146][T12084] unix_stream_sendmsg+0x152/0xe80 [ 817.338166][T12084] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 817.338179][T12084] ? irqentry_exit+0x59e/0x620 [ 817.338197][T12084] ? lockdep_hardirqs_on+0x7a/0x110 [ 817.338214][T12084] ? irqentry_exit+0x59e/0x620 [ 817.338229][T12084] ? rcu_is_watching+0x15/0xb0 [ 817.338253][T12084] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 817.338273][T12084] ? tomoyo_socket_sendmsg+0x16/0x30 [ 817.338295][T12084] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 817.338313][T12084] ____sys_sendmsg+0xa4e/0xac0 [ 817.338327][T12084] ? __might_fault+0xaf/0x130 [ 817.338346][T12084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 817.338367][T12084] ? import_iovec+0x73/0xa0 [ 817.338388][T12084] ___sys_sendmsg+0x2a5/0x360 [ 817.338401][T12084] ? __lock_acquire+0x6b5/0x2cf0 [ 817.338422][T12084] ? __pfx____sys_sendmsg+0x10/0x10 [ 817.338462][T12084] ? __fget_files+0x2a/0x420 [ 817.338484][T12084] ? __fget_files+0x3a6/0x420 [ 817.338511][T12084] __x64_sys_sendmsg+0x1c3/0x2a0 [ 817.338528][T12084] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 817.338549][T12084] ? __pfx_ksys_write+0x10/0x10 [ 817.338572][T12084] do_syscall_64+0x14d/0xf80 [ 817.338589][T12084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.338602][T12084] ? trace_irq_disable+0x37/0x100 [ 817.338615][T12084] ? clear_bhb_loop+0x40/0x90 [ 817.338631][T12084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.338644][T12084] RIP: 0033:0x7fb84f44bf79 [ 817.338657][T12084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 817.338676][T12084] RSP: 002b:00007fb84d664028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 817.338692][T12084] RAX: ffffffffffffffda RBX: 00007fb84f6c6180 RCX: 00007fb84f44bf79 [ 817.338703][T12084] RDX: 000000000000c800 RSI: 0000200000000d80 RDI: 000000000000000b [ 817.338712][T12084] RBP: 00007fb84d664090 R08: 0000000000000000 R09: 0000000000000000 [ 817.338721][T12084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 817.338730][T12084] R13: 00007fb84f6c6218 R14: 00007fb84f6c6180 R15: 00007ffdc5595fe8 [ 817.338753][T12084] [ 818.241371][T12088] netlink: 'syz.3.1738': attribute type 10 has an invalid length. [ 818.242156][T12088] bridge0: port 3(macsec0) entered blocking state [ 818.242382][T12088] bridge0: port 3(macsec0) entered disabled state [ 818.242571][T12088] macsec0: entered allmulticast mode [ 818.242586][T12088] veth1_macvtap: entered allmulticast mode [ 818.245422][T12088] macsec0: entered promiscuous mode [ 818.249794][T12088] bridge0: port 3(macsec0) entered blocking state [ 818.250032][T12088] bridge0: port 3(macsec0) entered forwarding state [ 818.446071][T12096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1741'. [ 818.553145][T12099] netlink: 'syz.0.1742': attribute type 1 has an invalid length. [ 818.828610][ T6008] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 818.990038][ T6008] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 818.990069][ T6008] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.990089][ T6008] usb 2-1: Product: syz [ 818.990102][ T6008] usb 2-1: Manufacturer: syz [ 818.990117][ T6008] usb 2-1: SerialNumber: syz [ 819.021910][ T6008] usb 2-1: config 0 descriptor?? [ 819.315251][ T6008] usb-storage 2-1:0.0: USB Mass Storage device detected [ 819.799183][T12123] netlink: 400 bytes leftover after parsing attributes in process `syz.3.1748'. [ 820.088892][T12120] trusted_key: encrypted_key: insufficient parameters specified [ 820.158965][T12125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1748'. [ 820.318680][ T6008] usb 2-1: USB disconnect, device number 52 [ 823.244296][T12163] FAULT_INJECTION: forcing a failure. [ 823.244296][T12163] name failslab, interval 1, probability 0, space 0, times 0 [ 823.244352][T12163] CPU: 0 UID: 0 PID: 12163 Comm: syz.3.1760 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 823.244380][T12163] Tainted: [L]=SOFTLOCKUP [ 823.244386][T12163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 823.244396][T12163] Call Trace: [ 823.244402][T12163] [ 823.244408][T12163] dump_stack_lvl+0xe8/0x150 [ 823.244428][T12163] should_fail_ex+0x46b/0x600 [ 823.244444][T12163] should_failslab+0xa8/0x100 [ 823.244457][T12163] __kmalloc_noprof+0xdf/0x7b0 [ 823.244469][T12163] ? sock_kmalloc+0xd6/0x160 [ 823.244482][T12163] sock_kmalloc+0xd6/0x160 [ 823.244494][T12163] ____sys_sendmsg+0x1c2/0xac0 [ 823.244504][T12163] ? __might_fault+0xaf/0x130 [ 823.244518][T12163] ? __pfx_____sys_sendmsg+0x10/0x10 [ 823.244533][T12163] ? import_iovec+0x73/0xa0 [ 823.244548][T12163] ___sys_sendmsg+0x2a5/0x360 [ 823.244557][T12163] ? __lock_acquire+0x6b5/0x2cf0 [ 823.244574][T12163] ? __pfx____sys_sendmsg+0x10/0x10 [ 823.244585][T12163] ? __schedule+0x14f4/0x5210 [ 823.244612][T12163] ? __fget_files+0x2a/0x420 [ 823.244625][T12163] ? __fget_files+0x3a6/0x420 [ 823.244643][T12163] __x64_sys_sendmsg+0x1c3/0x2a0 [ 823.244655][T12163] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 823.244677][T12163] do_syscall_64+0x14d/0xf80 [ 823.244690][T12163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.244700][T12163] ? clear_bhb_loop+0x40/0x90 [ 823.244712][T12163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.244722][T12163] RIP: 0033:0x7f69d450bf79 [ 823.244732][T12163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 823.244741][T12163] RSP: 002b:00007f69d273d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.244752][T12163] RAX: ffffffffffffffda RBX: 00007f69d4786090 RCX: 00007f69d450bf79 [ 823.244759][T12163] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000005 [ 823.244766][T12163] RBP: 00007f69d273d090 R08: 0000000000000000 R09: 0000000000000000 [ 823.244772][T12163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 823.244777][T12163] R13: 00007f69d4786128 R14: 00007f69d4786090 R15: 00007fff7e0f56d8 [ 823.244793][T12163] [ 824.347252][T12167] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1762'. [ 824.347401][T12167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1762'. [ 824.378575][ T36] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 824.540973][ T36] usb 2-1: unable to get BOS descriptor or descriptor too short [ 824.542227][ T36] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 824.542272][ T36] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 824.542298][ T36] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 824.545531][ T36] usb 2-1: string descriptor 0 read error: -22 [ 824.545669][ T36] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 824.545692][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 824.888456][ T36] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 824.900868][ T36] cdc_ncm 2-1:1.0: bind() failure [ 824.924347][ T36] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 824.924393][ T36] cdc_ncm 2-1:1.1: bind() failure [ 825.673950][ T6008] usb 2-1: USB disconnect, device number 53 [ 825.728800][T12178] FAULT_INJECTION: forcing a failure. [ 825.728800][T12178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 825.728834][T12178] CPU: 0 UID: 0 PID: 12178 Comm: syz.5.1765 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 825.728859][T12178] Tainted: [L]=SOFTLOCKUP [ 825.728866][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 825.728875][T12178] Call Trace: [ 825.728882][T12178] [ 825.728891][T12178] dump_stack_lvl+0xe8/0x150 [ 825.728920][T12178] should_fail_ex+0x46b/0x600 [ 825.728946][T12178] _copy_from_user+0x2d/0xb0 [ 825.728970][T12178] __copy_msghdr+0x3c5/0x5b0 [ 825.728993][T12178] ___sys_sendmsg+0x213/0x360 [ 825.729009][T12178] ? __lock_acquire+0x6b5/0x2cf0 [ 825.729036][T12178] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.729060][T12178] ? kstrtouint+0x6e/0xe0 [ 825.729105][T12178] ? __fget_files+0x2a/0x420 [ 825.729126][T12178] ? __fget_files+0x3a6/0x420 [ 825.729156][T12178] __sys_sendmmsg+0x282/0x4e0 [ 825.729178][T12178] ? __pfx___sys_sendmmsg+0x10/0x10 [ 825.729204][T12178] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 825.729234][T12178] ? ksys_write+0x248/0x270 [ 825.729252][T12178] ? __pfx_ksys_write+0x10/0x10 [ 825.729274][T12178] __x64_sys_sendmmsg+0xa0/0xc0 [ 825.729295][T12178] do_syscall_64+0x14d/0xf80 [ 825.729315][T12178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.729332][T12178] ? trace_irq_disable+0x37/0x100 [ 825.729348][T12178] ? clear_bhb_loop+0x40/0x90 [ 825.729369][T12178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.729385][T12178] RIP: 0033:0x7fb84f44bf79 [ 825.729401][T12178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 825.729416][T12178] RSP: 002b:00007fb84d6a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 825.729435][T12178] RAX: ffffffffffffffda RBX: 00007fb84f6c5fa0 RCX: 00007fb84f44bf79 [ 825.729448][T12178] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000003 [ 825.729459][T12178] RBP: 00007fb84d6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 825.729470][T12178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 825.729482][T12178] R13: 00007fb84f6c6038 R14: 00007fb84f6c5fa0 R15: 00007ffdc5595fe8 [ 825.729512][T12178] [ 826.154248][T12182] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1767'. [ 826.199185][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1767'. [ 826.244762][T12186] openvswitch: netlink: Flow actions attr not present in new flow. [ 826.348803][ T9] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 826.622797][T12192] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 827.376245][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 827.389698][ T9] usb 6-1: config 0 has an invalid interface number: 150 but max is 0 [ 827.389726][ T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 827.389746][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 827.389764][ T9] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 827.389785][ T9] usb 6-1: config 0 has no interface number 0 [ 827.389840][ T9] usb 6-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 827.389865][ T9] usb 6-1: config 0 interface 150 has no altsetting 0 [ 827.389895][ T9] usb 6-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 827.389915][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.505602][T12194] FAULT_INJECTION: forcing a failure. [ 827.505602][T12194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 827.505694][T12194] CPU: 1 UID: 0 PID: 12194 Comm: syz.1.1769 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 827.505721][T12194] Tainted: [L]=SOFTLOCKUP [ 827.505728][T12194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 827.505739][T12194] Call Trace: [ 827.505746][T12194] [ 827.505753][T12194] dump_stack_lvl+0xe8/0x150 [ 827.505781][T12194] should_fail_ex+0x46b/0x600 [ 827.505809][T12194] strncpy_from_user+0x36/0x2b0 [ 827.505833][T12194] do_getname+0x77/0x250 [ 827.505858][T12194] __se_sys_renameat2+0x34/0x2c0 [ 827.505883][T12194] do_syscall_64+0x14d/0xf80 [ 827.505904][T12194] ? rcu_is_watching+0x15/0xb0 [ 827.505926][T12194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.505943][T12194] ? clear_bhb_loop+0x40/0x90 [ 827.505964][T12194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.505981][T12194] RIP: 0033:0x7f144903bf79 [ 827.505999][T12194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 827.506014][T12194] RSP: 002b:00007f1447254028 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 827.506033][T12194] RAX: ffffffffffffffda RBX: 00007f14492b6180 RCX: 00007f144903bf79 [ 827.506047][T12194] RDX: ffffffffffffff9c RSI: 0000200000000a00 RDI: ffffffffffffff9c [ 827.506060][T12194] RBP: 00007f1447254090 R08: 0000000000000002 R09: 0000000000000000 [ 827.506072][T12194] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000001 [ 827.506083][T12194] R13: 00007f14492b6218 R14: 00007f14492b6180 R15: 00007ffc7eb81248 [ 827.506113][T12194] [ 827.646813][ T9] usb 6-1: config 0 descriptor?? [ 828.170283][T12206] mmap: syz.2.1773 (12206) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 828.351974][T12208] netlink: 648 bytes leftover after parsing attributes in process `syz.5.1766'. [ 829.271846][T12210] xt_socket: unknown flags 0x4 [ 829.275052][ T978] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 829.331237][ T9] usb 6-1: USB disconnect, device number 31 [ 829.418601][ T978] usb 4-1: Using ep0 maxpacket: 32 [ 829.422099][ T978] usb 4-1: config 1 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 132, changing to 11 [ 829.422132][ T978] usb 4-1: config 1 interface 0 altsetting 129 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 829.422158][ T978] usb 4-1: config 1 interface 0 has no altsetting 0 [ 829.424973][ T978] usb 4-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.40 [ 829.425000][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 829.425019][ T978] usb 4-1: Product: Љ [ 829.425032][ T978] usb 4-1: Manufacturer: 㶊ëŸè²­çšµç»ƒì€¸è˜†å€¡é¸¼ê«˜ï”»ì¶»ä€µéƒ”ïŒà½ë©‘섷䢶圩童钶씜䷪忧휰秫ﳪä¹äŽ¢ã›Ÿë¼”醩஌棂çžé˜†ä¿šë½·ä°¢ì¡â™¿ [ 829.425052][ T978] usb 4-1: SerialNumber: Ἐ꯺ᚮוä§ã‹Žæ‹¬ê•¾è¹£ïº»ë½½ì¨ˆã¬ç“•ê°âŸã¼”ℶᕌ猖們釫㔬㱗%뛧⋾ä‡å‹œëµšì’‘⑉憌캧䟑慶ìŒë¾ží›´ãŽšç­ä§¢å„¼ãŠî‡‘廛굞嶪뗼ᢵﻗã’꭬輱伿禮ꤰངíºìŸìªƒéµ¯ï¦¥á‚¿ì‹Žé£ ë¿¼é¥á˜Ÿí£ê“™å­è³‰êšžèº¶Õ°ç¿Šï°¿ç¯¦ãˆä–®â¦“ë—šê¼îˆ© [ 829.840916][T12218] erofs (device nbd1): cannot find valid erofs superblock [ 830.648675][ T36] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 830.762626][T12221] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1777'. [ 830.763358][T12221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1777'. [ 830.801782][ T36] usb 3-1: unable to get BOS descriptor or descriptor too short [ 830.803611][ T36] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 830.803709][ T36] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 830.803735][ T36] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 830.808032][ T36] usb 3-1: string descriptor 0 read error: -22 [ 830.808223][ T36] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 830.808246][ T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.965125][ T978] usbhid 4-1:1.0: can't add hid device: -71 [ 830.965244][ T978] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 831.001341][ T978] usb 4-1: USB disconnect, device number 48 [ 831.247974][T12226] trusted_key: encrypted_key: insufficient parameters specified [ 832.123751][ T36] cdc_ncm 3-1:1.0: bind() failure [ 832.147510][ T36] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 832.147556][ T36] cdc_ncm 3-1:1.1: bind() failure [ 832.167048][ T36] usb 3-1: USB disconnect, device number 43 [ 833.458745][T12231] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1781'. [ 834.828784][T12235] faux_driver vgem: [drm] Unknown color mode 11; guessing buffer size. [ 835.398723][ T5960] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 835.454778][T12241] vlan0: entered promiscuous mode [ 835.559057][ T5960] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 835.559085][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.562053][ T5960] usb 3-1: config 0 descriptor?? [ 835.567153][ T5960] cp210x 3-1:0.0: cp210x converter detected [ 835.798692][ T5960] usb 3-1: cp210x converter now attached to ttyUSB0 [ 836.545031][T12248] xt_socket: unknown flags 0x4 [ 838.479237][ T5960] usb 3-1: USB disconnect, device number 44 [ 838.495296][ T5960] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 838.496020][ T5960] cp210x 3-1:0.0: device disconnected [ 839.366471][ T978] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 839.659671][ T978] usb 2-1: unable to get BOS descriptor or descriptor too short [ 839.809514][ T978] usb 2-1: config 0 has an invalid interface number: 24 but max is 0 [ 839.809637][ T978] usb 2-1: config 0 has no interface number 0 [ 839.810531][ T978] usb 2-1: config 0 interface 24 altsetting 136 endpoint 0x8B has invalid maxpacket 991, setting to 64 [ 839.810680][ T978] usb 2-1: config 0 interface 24 has no altsetting 0 [ 839.918397][ T978] usb 2-1: New USB device found, idVendor=413c, idProduct=8115, bcdDevice=6b.28 [ 839.918888][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.918932][ T978] usb 2-1: Product: syz [ 839.918967][ T978] usb 2-1: Manufacturer: syz [ 839.919003][ T978] usb 2-1: SerialNumber: syz [ 840.169973][ T978] usb 2-1: config 0 descriptor?? [ 840.404300][ T978] option 2-1:0.24: GSM modem (1-port) converter detected [ 840.467087][ T978] usb 2-1: USB disconnect, device number 54 [ 840.489873][ T978] option 2-1:0.24: device disconnected [ 840.663422][ T37] audit: type=1326 audit(1771294784.889:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.663469][ T37] audit: type=1326 audit(1771294784.889:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.699937][T12281] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1795'. [ 840.707074][T12281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1795'. [ 840.716117][ T37] audit: type=1326 audit(1771294784.929:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.716163][ T37] audit: type=1326 audit(1771294784.929:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.716200][ T37] audit: type=1326 audit(1771294784.929:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.716235][ T37] audit: type=1326 audit(1771294784.929:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.717384][ T37] audit: type=1326 audit(1771294784.939:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.717426][ T37] audit: type=1326 audit(1771294784.939:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 840.717464][ T37] audit: type=1326 audit(1771294784.939:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 840.771982][ T37] audit: type=1326 audit(1771294784.999:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12278 comm="syz.2.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 842.249692][ T6008] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 842.339077][ T978] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 842.513201][ T6008] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 842.513544][ T6008] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 842.594076][ T978] usb 2-1: unable to get BOS descriptor or descriptor too short [ 842.610791][ T6008] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 842.611169][ T6008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.611441][ T6008] usb 3-1: Product: syz [ 842.611455][ T6008] usb 3-1: Manufacturer: syz [ 842.611469][ T6008] usb 3-1: SerialNumber: syz [ 842.636182][ T978] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 842.636227][ T978] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 842.636252][ T978] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 842.690371][ T978] usb 2-1: string descriptor 0 read error: -22 [ 842.690465][ T978] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 842.690477][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.738962][T12301] trusted_key: encrypted_key: insufficient parameters specified [ 842.813438][ T978] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 842.813683][ T978] cdc_ncm 2-1:1.0: bind() failure [ 842.877047][ T978] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 842.877076][ T978] cdc_ncm 2-1:1.1: bind() failure [ 843.472808][ T978] usb 2-1: USB disconnect, device number 55 [ 844.670168][ T6008] cdc_ncm 3-1:1.0: bind() failure [ 844.728127][ T6008] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 844.884680][ T6008] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 844.898708][ T6008] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 845.949039][ T6008] usb 3-1: USB disconnect, device number 45 [ 846.024786][T12321] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1808'. [ 847.278599][ T5808] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 848.162196][T12332] xt_socket: unknown flags 0x4 [ 848.571776][T12335] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1812'. [ 848.611697][T12335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1812'. [ 848.628694][ T5808] usb 2-1: Using ep0 maxpacket: 32 [ 848.630264][ T5808] usb 2-1: config 0 has an invalid interface number: 172 but max is 0 [ 848.630279][ T5808] usb 2-1: config 0 has no interface number 0 [ 848.630305][ T5808] usb 2-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 848.630317][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 848.633252][ T5808] usb 2-1: config 0 descriptor?? [ 848.692338][ T5808] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 848.748634][ T6008] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 848.856492][T12324] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1810'. [ 848.865475][ T5808] gspca_sn9c2028: read1 error -71 [ 848.865864][ T5808] gspca_sn9c2028: read1 error -71 [ 848.866232][ T5808] gspca_sn9c2028: read1 error -71 [ 848.866313][ T5808] sn9c2028 2-1:0.172: probe with driver sn9c2028 failed with error -71 [ 848.908567][ T6008] usb 3-1: Using ep0 maxpacket: 8 [ 848.910461][ T5808] usb 2-1: USB disconnect, device number 56 [ 848.912332][ T6008] usb 3-1: unable to get BOS descriptor or descriptor too short [ 848.914286][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 848.914314][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 848.914337][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 848.914358][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 848.914384][ T6008] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 848.914407][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 848.914428][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 848.917151][ T6008] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 848.917177][ T6008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 848.917195][ T6008] usb 3-1: Product: syz [ 848.917208][ T6008] usb 3-1: Manufacturer: syz [ 848.917221][ T6008] usb 3-1: SerialNumber: syz [ 849.069675][ T6008] usb 3-1: config 0 descriptor?? [ 849.072999][T12328] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 849.097200][ T6008] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 850.788755][ T9] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 850.839220][ T6008] usb 3-1: USB disconnect, device number 46 [ 850.885517][ T7410] udevd[7410]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 850.968832][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 850.971675][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.971702][ T9] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 850.971715][ T9] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 850.983649][ T9] usb 2-1: string descriptor 0 read error: -22 [ 850.983785][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 850.983808][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.033369][ T9] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 851.033413][ T9] cdc_ncm 2-1:1.0: bind() failure [ 851.067137][ T9] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 851.067164][ T9] cdc_ncm 2-1:1.1: bind() failure [ 851.259001][ T6008] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 851.671587][ T978] usb 2-1: USB disconnect, device number 57 [ 851.788693][ T6008] usb 3-1: Using ep0 maxpacket: 32 [ 851.790786][ T6008] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 851.790810][ T6008] usb 3-1: config 0 has no interface number 0 [ 851.790854][ T6008] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 851.793585][ T6008] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 851.793611][ T6008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.793631][ T6008] usb 3-1: Product: syz [ 851.793644][ T6008] usb 3-1: Manufacturer: syz [ 851.793659][ T6008] usb 3-1: SerialNumber: syz [ 851.877308][ T6008] usb 3-1: config 0 descriptor?? [ 851.907860][ T6008] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 851.907896][ T6008] em28xx 3-1:0.132: Video interface 132 found: isoc [ 851.919109][T12355] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 853.893545][ T6008] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 853.977540][T12365] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1825'. [ 853.978209][T12365] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1825'. [ 853.998795][ T6008] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 853.998827][ T6008] em28xx 3-1:0.132: board has no eeprom [ 854.058554][ T6008] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 854.058597][ T6008] em28xx 3-1:0.132: analog set to isoc mode. [ 854.059261][T12305] em28xx 3-1:0.132: Registering V4L2 extension [ 854.304609][ T6008] usb 3-1: USB disconnect, device number 47 [ 854.536041][ T6008] em28xx 3-1:0.132: Disconnecting em28xx [ 854.699153][T12367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1826'. [ 856.814034][T12376] xt_socket: unknown flags 0x4 [ 857.742105][T12383] loop2: detected capacity change from 0 to 7 [ 857.769692][T12383] Dev loop2: unable to read RDB block 7 [ 857.769736][T12383] loop2: unable to read partition table [ 857.769948][T12383] loop2: partition table beyond EOD, truncated [ 857.769988][T12383] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 857.872700][T12305] em28xx 3-1:0.132: Config register raw data: 0xffffffed [ 857.872724][T12305] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 857.872744][T12305] em28xx 3-1:0.132: No AC97 audio processor [ 857.924193][T12305] usb 3-1: Decoder not found [ 857.924212][T12305] em28xx 3-1:0.132: failed to create media graph [ 857.926424][T12305] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 857.976906][T12305] em28xx 3-1:0.132: Remote control support is not available for this card. [ 857.976982][ T6008] em28xx 3-1:0.132: Closing input extension [ 858.064647][ T6008] em28xx 3-1:0.132: Freeing device [ 858.113632][T12389] FAULT_INJECTION: forcing a failure. [ 858.113632][T12389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 858.113667][T12389] CPU: 1 UID: 0 PID: 12389 Comm: syz.3.1822 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 858.113694][T12389] Tainted: [L]=SOFTLOCKUP [ 858.113701][T12389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 858.113719][T12389] Call Trace: [ 858.113727][T12389] [ 858.113736][T12389] dump_stack_lvl+0xe8/0x150 [ 858.113765][T12389] should_fail_ex+0x46b/0x600 [ 858.113792][T12389] _copy_from_iter+0x1d3/0x1670 [ 858.113818][T12389] ? rcu_is_watching+0x15/0xb0 [ 858.113847][T12389] ? __pfx__copy_from_iter+0x10/0x10 [ 858.113869][T12389] ? __build_skb_around+0x22d/0x3c0 [ 858.113896][T12389] ? __alloc_skb+0x193/0x390 [ 858.113919][T12389] ? netlink_sendmsg+0x650/0xb40 [ 858.113939][T12389] ? skb_put+0x11b/0x210 [ 858.113965][T12389] netlink_sendmsg+0x6c0/0xb40 [ 858.113996][T12389] ? __pfx_netlink_sendmsg+0x10/0x10 [ 858.114026][T12389] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 858.114049][T12389] ____sys_sendmsg+0xa4e/0xac0 [ 858.114067][T12389] ? __might_fault+0xaf/0x130 [ 858.114093][T12389] ? __pfx_____sys_sendmsg+0x10/0x10 [ 858.114121][T12389] ? import_iovec+0x73/0xa0 [ 858.114147][T12389] ___sys_sendmsg+0x2a5/0x360 [ 858.114165][T12389] ? __lock_acquire+0x6b5/0x2cf0 [ 858.114193][T12389] ? __pfx____sys_sendmsg+0x10/0x10 [ 858.114247][T12389] ? __fget_files+0x2a/0x420 [ 858.114268][T12389] ? __fget_files+0x3a6/0x420 [ 858.114300][T12389] __x64_sys_sendmsg+0x1c3/0x2a0 [ 858.114322][T12389] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 858.114350][T12389] ? rcu_is_watching+0x15/0xb0 [ 858.114384][T12389] do_syscall_64+0x14d/0xf80 [ 858.114406][T12389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.114424][T12389] ? trace_irq_disable+0x37/0x100 [ 858.114440][T12389] ? clear_bhb_loop+0x40/0x90 [ 858.114463][T12389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.114481][T12389] RIP: 0033:0x7f69d450bf79 [ 858.114498][T12389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 858.114515][T12389] RSP: 002b:00007f69d275e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 858.114536][T12389] RAX: ffffffffffffffda RBX: 00007f69d4785fa0 RCX: 00007f69d450bf79 [ 858.114550][T12389] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 858.114563][T12389] RBP: 00007f69d275e090 R08: 0000000000000000 R09: 0000000000000000 [ 858.114579][T12389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 858.114591][T12389] R13: 00007f69d4786038 R14: 00007f69d4785fa0 R15: 00007fff7e0f56d8 [ 858.114623][T12389] [ 860.172167][T12402] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1837'. [ 860.172929][T12402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1837'. [ 860.228594][ T6008] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 861.310179][ T6008] usb 3-1: config index 0 descriptor too short (expected 9, got 0) [ 861.310218][ T6008] usb 3-1: can't read configurations, error -22 [ 861.448547][ T6008] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 861.613026][ T6008] usb 3-1: config index 0 descriptor too short (expected 9, got 0) [ 861.613064][ T6008] usb 3-1: can't read configurations, error -22 [ 861.615036][ T6008] usb usb3-port1: attempt power cycle [ 861.998625][ T6008] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 862.031055][ T6008] usb 3-1: config index 0 descriptor too short (expected 9, got 0) [ 862.031078][ T6008] usb 3-1: can't read configurations, error -22 [ 862.168616][ T6008] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 862.188594][ T36] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 862.193009][ T6008] usb 3-1: config index 0 descriptor too short (expected 9, got 0) [ 862.193045][ T6008] usb 3-1: can't read configurations, error -22 [ 862.194158][ T6008] usb usb3-port1: unable to enumerate USB device [ 862.362030][ T36] usb 6-1: unable to get BOS descriptor or descriptor too short [ 862.382526][ T36] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 862.382561][ T36] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 862.382574][ T36] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 862.385980][ T36] usb 6-1: string descriptor 0 read error: -22 [ 862.386089][ T36] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 862.386102][ T36] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 862.514466][ T36] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found [ 862.514515][ T36] cdc_ncm 6-1:1.0: bind() failure [ 862.548085][ T36] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 862.548131][ T36] cdc_ncm 6-1:1.1: bind() failure [ 863.240060][ T5808] usb 6-1: USB disconnect, device number 32 [ 865.069789][ T5811] Bluetooth: Frame is too long (len 12, expected len 5) [ 865.418937][T12444] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1848'. [ 865.438627][T12444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1848'. [ 866.821307][T12456] netlink: 400 bytes leftover after parsing attributes in process `syz.1.1855'. [ 867.589668][T12456] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1855'. [ 869.808590][ T36] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 869.938575][ T36] usb 6-1: device descriptor read/64, error -71 [ 870.279156][ T36] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 870.892219][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.892287][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.018624][ T36] usb 6-1: device descriptor read/64, error -71 [ 871.138617][ T36] usb usb6-port1: attempt power cycle [ 871.599480][ T36] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 871.624667][ T36] usb 6-1: device descriptor read/8, error -71 [ 871.887120][ T36] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 871.916953][ T36] usb 6-1: device descriptor read/8, error -71 [ 872.026491][ T36] usb usb6-port1: unable to enumerate USB device [ 873.332335][ T5808] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 873.608799][ T5808] usb 2-1: device descriptor read/64, error -71 [ 873.848619][ T5808] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 874.018916][ T5808] usb 2-1: device descriptor read/64, error -71 [ 874.196963][ T5808] usb usb2-port1: attempt power cycle [ 874.314638][T12511] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1868'. [ 874.438756][ T978] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 874.623329][ T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 874.623350][ T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 874.623373][ T978] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 874.623385][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.627390][ T978] usb 4-1: config 0 descriptor?? [ 874.648681][ T5808] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 874.758425][T12518] openvswitch: netlink: Flow key attr not present in new flow. [ 875.135464][ T37] kauditd_printk_skb: 20 callbacks suppressed [ 875.135505][ T37] audit: type=1326 audit(1771294819.069:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12512 comm="syz.2.1869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 875.135751][ T37] audit: type=1326 audit(1771294819.069:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12512 comm="syz.2.1869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 875.136057][ T37] audit: type=1326 audit(1771294819.069:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12512 comm="syz.2.1869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 875.136315][ T37] audit: type=1326 audit(1771294819.069:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12512 comm="syz.2.1869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 875.136535][ T37] audit: type=1326 audit(1771294819.069:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12512 comm="syz.2.1869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 875.385144][ T5808] usb 2-1: device descriptor read/8, error -71 [ 875.618598][ T5808] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 875.639606][ T5808] usb 2-1: device descriptor read/8, error -71 [ 875.748917][ T5808] usb usb2-port1: unable to enumerate USB device [ 875.776310][T12524] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1871'. [ 875.794054][T12524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1871'. [ 875.826360][T12526] FAULT_INJECTION: forcing a failure. [ 875.826360][T12526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 875.826397][T12526] CPU: 1 UID: 0 PID: 12526 Comm: syz.5.1872 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 875.826424][T12526] Tainted: [L]=SOFTLOCKUP [ 875.826432][T12526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 875.826444][T12526] Call Trace: [ 875.826452][T12526] [ 875.826461][T12526] dump_stack_lvl+0xe8/0x150 [ 875.826490][T12526] should_fail_ex+0x46b/0x600 [ 875.826518][T12526] _copy_from_iter+0x4ff/0x1670 [ 875.826550][T12526] ? txopt_get+0x79/0x3f0 [ 875.826572][T12526] ? __pfx__copy_from_iter+0x10/0x10 [ 875.826591][T12526] ? txopt_get+0x343/0x3f0 [ 875.826611][T12526] ? txopt_get+0x79/0x3f0 [ 875.826631][T12526] ? __pfx_txopt_get+0x10/0x10 [ 875.826660][T12526] rawv6_sendmsg+0xbcb/0x18f0 [ 875.826697][T12526] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 875.826729][T12526] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 875.826772][T12526] ? sock_rps_record_flow+0x19/0x400 [ 875.826799][T12526] ? inet_sendmsg+0x2f4/0x370 [ 875.826822][T12526] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 875.826849][T12526] ____sys_sendmsg+0x875/0xac0 [ 875.826868][T12526] ? __might_fault+0xaf/0x130 [ 875.826896][T12526] ? __pfx_____sys_sendmsg+0x10/0x10 [ 875.826930][T12526] ? import_iovec+0x73/0xa0 [ 875.826957][T12526] ___sys_sendmsg+0x2a5/0x360 [ 875.826973][T12526] ? __lock_acquire+0x6b5/0x2cf0 [ 875.827000][T12526] ? __pfx____sys_sendmsg+0x10/0x10 [ 875.827022][T12526] ? kstrtouint+0x6e/0xe0 [ 875.827066][T12526] ? __fget_files+0x2a/0x420 [ 875.827086][T12526] ? __fget_files+0x3a6/0x420 [ 875.827117][T12526] __sys_sendmmsg+0x282/0x4e0 [ 875.827140][T12526] ? __pfx___sys_sendmmsg+0x10/0x10 [ 875.827168][T12526] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 875.827200][T12526] ? ksys_write+0x248/0x270 [ 875.827219][T12526] ? __pfx_ksys_write+0x10/0x10 [ 875.827243][T12526] __x64_sys_sendmmsg+0xa0/0xc0 [ 875.827263][T12526] do_syscall_64+0x14d/0xf80 [ 875.827284][T12526] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.827301][T12526] ? trace_irq_disable+0x37/0x100 [ 875.827318][T12526] ? clear_bhb_loop+0x40/0x90 [ 875.827340][T12526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.827358][T12526] RIP: 0033:0x7fb84f44bf79 [ 875.827376][T12526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 875.827392][T12526] RSP: 002b:00007fb84d6a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 875.827412][T12526] RAX: ffffffffffffffda RBX: 00007fb84f6c5fa0 RCX: 00007fb84f44bf79 [ 875.827426][T12526] RDX: 0000000000000001 RSI: 0000200000000780 RDI: 0000000000000003 [ 875.827439][T12526] RBP: 00007fb84d6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 875.827451][T12526] R10: 00000000000400c4 R11: 0000000000000246 R12: 0000000000000001 [ 875.827464][T12526] R13: 00007fb84f6c6038 R14: 00007fb84f6c5fa0 R15: 00007ffdc5595fe8 [ 875.827496][T12526] [ 875.976557][ T978] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 876.166212][ T978] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 876.219518][ T978] cp2112 0003:10C4:EA90.0010: Part Number: 0x09 Device Version: 0x69 [ 878.208949][ T5808] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 878.421200][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 878.421235][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 878.421274][ T5808] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 878.421298][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 878.558316][ T5808] usb 2-1: config 0 descriptor?? [ 879.002034][ T5808] corsair-cpro 0003:1B1C:1D00.0011: unknown main item tag 0x0 [ 879.002060][ T5808] corsair-cpro 0003:1B1C:1D00.0011: unknown main item tag 0x0 [ 879.002077][ T5808] corsair-cpro 0003:1B1C:1D00.0011: unknown main item tag 0x0 [ 879.002104][ T5808] corsair-cpro 0003:1B1C:1D00.0011: unknown main item tag 0x0 [ 879.002805][ T5808] corsair-cpro 0003:1B1C:1D00.0011: unknown main item tag 0x0 [ 879.069833][ T5808] corsair-cpro 0003:1B1C:1D00.0011: hidraw1: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.1-1/input0 [ 879.155416][T12549] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1879'. [ 879.175268][ T5808] corsair-cpro 0003:1B1C:1D00.0011: probe with driver corsair-cpro failed with error -38 [ 879.223253][ T5808] usb 2-1: USB disconnect, device number 62 [ 880.735598][T12552] fido_id[12552]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 881.286718][ T978] cp2112 0003:10C4:EA90.0010: error requesting SMBus config [ 881.296808][ T978] cp2112 0003:10C4:EA90.0010: probe with driver cp2112 failed with error -110 [ 881.528887][ T9] usb 4-1: USB disconnect, device number 49 [ 881.630274][ T5808] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 881.759080][T12568] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1886'. [ 881.764895][T12568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1886'. [ 881.782497][ T5808] usb 2-1: config index 0 descriptor too short (expected 44, got 18) [ 881.782524][ T5808] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 881.782543][ T5808] usb 2-1: config 0 has no interfaces? [ 881.782571][ T5808] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 881.782593][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.791567][ T5808] usb 2-1: config 0 descriptor?? [ 881.991321][ T5811] Bluetooth: Frame is too long (len 12, expected len 5) [ 882.772789][ T978] usb 2-1: USB disconnect, device number 63 [ 882.924886][T12581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1891'. [ 882.925136][T12582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1892'. [ 885.229081][ T978] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 885.401964][ T978] usb 4-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 885.401983][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 885.401994][ T978] usb 4-1: Product: syz [ 885.402002][ T978] usb 4-1: Manufacturer: syz [ 885.402016][ T978] usb 4-1: SerialNumber: syz [ 885.507228][ T5811] Bluetooth: Frame is too long (len 12, expected len 5) [ 885.708786][ T978] gspca_main: pac207-2.14.0 probing 093a:2476 [ 885.712086][ T978] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 885.712903][ T978] uvcvideo 4-1:13.0: Found UVC 0.00 device syz (093a:2476) [ 885.712935][ T978] uvcvideo 4-1:13.0: No valid video chain found. [ 885.759353][ T978] usb 4-1: USB disconnect, device number 50 [ 885.871110][T12608] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1900'. [ 885.879372][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1900'. [ 887.695940][T12623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1905'. [ 887.929467][T12627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1907'. [ 888.482480][T12632] erofs (device nbd5): cannot find valid erofs superblock [ 889.261297][T12649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1911'. [ 889.272753][T12649] bridge0: port 1(bridge_slave_0) entered disabled state [ 889.470148][T12654] FAULT_INJECTION: forcing a failure. [ 889.470148][T12654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 889.470184][T12654] CPU: 1 UID: 0 PID: 12654 Comm: syz.2.1913 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 889.470210][T12654] Tainted: [L]=SOFTLOCKUP [ 889.470217][T12654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 889.470230][T12654] Call Trace: [ 889.470238][T12654] [ 889.470248][T12654] dump_stack_lvl+0xe8/0x150 [ 889.470278][T12654] should_fail_ex+0x46b/0x600 [ 889.470305][T12654] _copy_to_user+0x31/0xb0 [ 889.470332][T12654] simple_read_from_buffer+0xe1/0x170 [ 889.470359][T12654] proc_fail_nth_read+0x1be/0x230 [ 889.470383][T12654] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 889.470407][T12654] ? rw_verify_area+0x2ac/0x4e0 [ 889.470432][T12654] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 889.470453][T12654] vfs_read+0x212/0xa70 [ 889.470480][T12654] ? __pfx_vfs_read+0x10/0x10 [ 889.470500][T12654] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 889.470524][T12654] ? lockdep_hardirqs_on+0x7a/0x110 [ 889.470546][T12654] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 889.470568][T12654] ? mutex_lock_nested+0x152/0x1d0 [ 889.470585][T12654] ? fdget_pos+0x252/0x320 [ 889.470616][T12654] ksys_read+0x156/0x270 [ 889.470637][T12654] ? __pfx_ksys_read+0x10/0x10 [ 889.470667][T12654] do_syscall_64+0x14d/0xf80 [ 889.470689][T12654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.470707][T12654] ? trace_irq_disable+0x37/0x100 [ 889.470723][T12654] ? clear_bhb_loop+0x40/0x90 [ 889.470746][T12654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.470763][T12654] RIP: 0033:0x7eff270ec84e [ 889.470780][T12654] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 889.470798][T12654] RSP: 002b:00007eff25364fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 889.470818][T12654] RAX: ffffffffffffffda RBX: 00007eff253656c0 RCX: 00007eff270ec84e [ 889.470832][T12654] RDX: 000000000000000f RSI: 00007eff253650a0 RDI: 0000000000000007 [ 889.470844][T12654] RBP: 00007eff25365090 R08: 0000000000000000 R09: 0000000000000000 [ 889.470856][T12654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 889.470868][T12654] R13: 00007eff273a6128 R14: 00007eff273a6090 R15: 00007ffc2f51b1b8 [ 889.470901][T12654] [ 889.672201][T12657] erofs (device nbd5): cannot find valid erofs superblock [ 890.705198][T12663] FAULT_INJECTION: forcing a failure. [ 890.705198][T12663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 890.705232][T12663] CPU: 0 UID: 0 PID: 12663 Comm: syz.2.1914 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 890.705258][T12663] Tainted: [L]=SOFTLOCKUP [ 890.705266][T12663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 890.705276][T12663] Call Trace: [ 890.705285][T12663] [ 890.705293][T12663] dump_stack_lvl+0xe8/0x150 [ 890.705323][T12663] should_fail_ex+0x46b/0x600 [ 890.705350][T12663] _copy_to_user+0x31/0xb0 [ 890.705375][T12663] simple_read_from_buffer+0xe1/0x170 [ 890.705403][T12663] proc_fail_nth_read+0x1be/0x230 [ 890.705426][T12663] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 890.705448][T12663] ? rw_verify_area+0x2ac/0x4e0 [ 890.705472][T12663] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 890.705492][T12663] vfs_read+0x212/0xa70 [ 890.705516][T12663] ? __pfx_vfs_read+0x10/0x10 [ 890.705534][T12663] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 890.705556][T12663] ? lockdep_hardirqs_on+0x7a/0x110 [ 890.705578][T12663] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 890.705599][T12663] ? mutex_lock_nested+0x152/0x1d0 [ 890.705616][T12663] ? fdget_pos+0x252/0x320 [ 890.705647][T12663] ksys_read+0x156/0x270 [ 890.705667][T12663] ? __pfx_ksys_read+0x10/0x10 [ 890.705697][T12663] do_syscall_64+0x14d/0xf80 [ 890.705718][T12663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.705736][T12663] ? trace_irq_disable+0x37/0x100 [ 890.705752][T12663] ? clear_bhb_loop+0x40/0x90 [ 890.705775][T12663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.705793][T12663] RIP: 0033:0x7eff270ec84e [ 890.705810][T12663] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 890.705827][T12663] RSP: 002b:00007eff25364fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 890.705846][T12663] RAX: ffffffffffffffda RBX: 00007eff253656c0 RCX: 00007eff270ec84e [ 890.705858][T12663] RDX: 000000000000000f RSI: 00007eff253650a0 RDI: 0000000000000006 [ 890.705870][T12663] RBP: 00007eff25365090 R08: 0000000000000000 R09: 0000000000000000 [ 890.705881][T12663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 890.705893][T12663] R13: 00007eff273a6128 R14: 00007eff273a6090 R15: 00007ffc2f51b1b8 [ 890.705924][T12663] [ 890.973689][T12649] bridge_slave_0 (unregistering): left allmulticast mode [ 890.973716][T12649] bridge_slave_0 (unregistering): left promiscuous mode [ 890.973812][T12649] bridge0: port 1(bridge_slave_0) entered disabled state [ 891.057007][T12672] Invalid ELF header magic: != ELF [ 891.108394][T12667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1916'. [ 891.592609][T12305] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 892.218989][T12687] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 892.500808][ T978] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 892.527206][ C1] raw-gadget.1 gadget.3: ignoring, device is not running [ 892.715882][ T978] usb 4-1: device descriptor read/64, error -32 [ 892.948631][ T978] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 892.948944][ C1] raw-gadget.1 gadget.3: ignoring, device is not running [ 893.078649][ T978] usb 4-1: device descriptor read/64, error -32 [ 893.171816][T12693] netlink: 400 bytes leftover after parsing attributes in process `syz.1.1924'. [ 893.188945][ T978] usb usb4-port1: attempt power cycle [ 893.274324][T12696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1924'. [ 893.448016][T12305] usb 3-1: unable to get BOS descriptor or descriptor too short [ 893.448942][T12305] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 893.448965][T12305] usb 3-1: can't read configurations, error -71 [ 893.538816][ T978] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 893.559336][ T978] usb 4-1: Using ep0 maxpacket: 32 [ 893.560721][ T978] usb 4-1: config 0 has an invalid interface number: 172 but max is 0 [ 893.560737][ T978] usb 4-1: config 0 has no interface number 0 [ 893.560763][ T978] usb 4-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 893.560776][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.611274][ T978] usb 4-1: config 0 descriptor?? [ 893.617841][ T978] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 893.839985][T12683] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1921'. [ 893.845108][ T978] gspca_sn9c2028: read1 error -71 [ 893.846016][ T978] gspca_sn9c2028: read1 error -71 [ 893.847442][ T978] gspca_sn9c2028: read1 error -71 [ 893.847529][ T978] sn9c2028 4-1:0.172: probe with driver sn9c2028 failed with error -71 [ 893.919216][ T978] usb 4-1: USB disconnect, device number 53 [ 895.433360][T12715] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1929'. [ 896.546691][T12724] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 897.065652][T12732] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1933'. [ 897.158839][T12736] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 898.354858][T12748] netlink: 400 bytes leftover after parsing attributes in process `syz.1.1938'. [ 898.461972][T12748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1938'. [ 898.881114][T12757] Invalid source name [ 899.638196][ T37] audit: type=1326 audit(1771294843.859:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.638245][ T37] audit: type=1326 audit(1771294843.859:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.638281][ T37] audit: type=1326 audit(1771294843.859:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.638316][ T37] audit: type=1326 audit(1771294843.859:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.638354][ T37] audit: type=1326 audit(1771294843.859:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.638393][ T37] audit: type=1326 audit(1771294843.859:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.654954][ T37] audit: type=1326 audit(1771294843.859:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.655001][ T37] audit: type=1326 audit(1771294843.859:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.686768][ T37] audit: type=1326 audit(1771294843.909:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 899.686798][ T37] audit: type=1326 audit(1771294843.909:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12756 comm="syz.3.1940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x7ffc0000 [ 901.108543][T12305] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 901.969135][T12305] usb 6-1: Using ep0 maxpacket: 32 [ 901.971848][T12305] usb 6-1: config 0 has an invalid interface number: 172 but max is 0 [ 901.971873][T12305] usb 6-1: config 0 has no interface number 0 [ 901.971919][T12305] usb 6-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 901.971942][T12305] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 902.022594][T12305] usb 6-1: config 0 descriptor?? [ 902.049855][T12305] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 902.324535][T12765] netlink: 252 bytes leftover after parsing attributes in process `syz.5.1942'. [ 902.351974][T12305] gspca_sn9c2028: read1 error -71 [ 902.352398][T12305] gspca_sn9c2028: read1 error -71 [ 902.354868][T12305] gspca_sn9c2028: read1 error -71 [ 902.354954][T12305] sn9c2028 6-1:0.172: probe with driver sn9c2028 failed with error -71 [ 902.397151][T12305] usb 6-1: USB disconnect, device number 37 [ 903.949603][T12788] erofs (device nbd1): cannot find valid erofs superblock [ 908.120333][ T37] kauditd_printk_skb: 59 callbacks suppressed [ 908.120351][ T37] audit: type=1326 audit(1771294850.609:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb84f44bf79 code=0x7ffc0000 [ 908.120395][ T37] audit: type=1326 audit(1771294850.609:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb84f44bf79 code=0x7ffc0000 [ 910.367510][T12805] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1950'. [ 910.947934][T12816] FAULT_INJECTION: forcing a failure. [ 910.947934][T12816] name failslab, interval 1, probability 0, space 0, times 0 [ 910.947971][T12816] CPU: 0 UID: 0 PID: 12816 Comm: syz.5.1954 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 910.947998][T12816] Tainted: [L]=SOFTLOCKUP [ 910.948006][T12816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 910.948017][T12816] Call Trace: [ 910.948024][T12816] [ 910.948035][T12816] dump_stack_lvl+0xe8/0x150 [ 910.948065][T12816] should_fail_ex+0x46b/0x600 [ 910.948092][T12816] should_failslab+0xa8/0x100 [ 910.948115][T12816] kmem_cache_alloc_lru_noprof+0x8b/0x680 [ 910.948137][T12816] ? hugetlbfs_alloc_inode+0xef/0x130 [ 910.948167][T12816] hugetlbfs_alloc_inode+0xef/0x130 [ 910.948193][T12816] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 910.948218][T12816] alloc_inode+0x6a/0x1b0 [ 910.948242][T12816] new_inode+0x22/0x170 [ 910.948263][T12816] ? resv_map_alloc+0x200/0x2e0 [ 910.948283][T12816] hugetlbfs_get_inode+0x80/0x640 [ 910.948307][T12816] ? fput+0xa0/0xd0 [ 910.948334][T12816] hugetlb_file_setup+0x21d/0x630 [ 910.948360][T12816] ksys_mmap_pgoff+0x22e/0x720 [ 910.948381][T12816] ? __x64_sys_mmap+0x7f/0x140 [ 910.948406][T12816] do_syscall_64+0x14d/0xf80 [ 910.948431][T12816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.948448][T12816] ? trace_irq_disable+0x37/0x100 [ 910.948463][T12816] ? clear_bhb_loop+0x40/0x90 [ 910.948484][T12816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.948502][T12816] RIP: 0033:0x7fb84f44bf79 [ 910.948519][T12816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 910.948535][T12816] RSP: 002b:00007fb84d664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 910.948554][T12816] RAX: ffffffffffffffda RBX: 00007fb84f6c6180 RCX: 00007fb84f44bf79 [ 910.948568][T12816] RDX: 0000000000000002 RSI: 0000000000ff5000 RDI: 0000200000000000 [ 910.948588][T12816] RBP: 00007fb84d664090 R08: ffffffffffffffff R09: 0000000000000000 [ 910.948601][T12816] R10: 000000000004ca31 R11: 0000000000000246 R12: 0000000000000001 [ 910.948613][T12816] R13: 00007fb84f6c6218 R14: 00007fb84f6c6180 R15: 00007ffdc5595fe8 [ 910.948644][T12816] [ 911.797800][T12823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1957'. [ 914.354182][T12832] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1959'. [ 914.354209][T12832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1959'. [ 914.429329][T12832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1959'. [ 916.793688][T12852] netlink: 400 bytes leftover after parsing attributes in process `syz.1.1956'. [ 916.912808][T12851] sg_write: process 1218 (syz.3.1963) changed security contexts after opening file descriptor, this is not allowed. [ 917.002588][T12856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1956'. [ 918.028763][T12858] xt_socket: unknown flags 0x4 [ 918.684197][T12866] FAULT_INJECTION: forcing a failure. [ 918.684197][T12866] name failslab, interval 1, probability 0, space 0, times 0 [ 918.684254][T12866] CPU: 0 UID: 0 PID: 12866 Comm: syz.3.1964 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 918.684281][T12866] Tainted: [L]=SOFTLOCKUP [ 918.684289][T12866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 918.684299][T12866] Call Trace: [ 918.684305][T12866] [ 918.684312][T12866] dump_stack_lvl+0xe8/0x150 [ 918.684332][T12866] should_fail_ex+0x46b/0x600 [ 918.684348][T12866] should_failslab+0xa8/0x100 [ 918.684362][T12866] __kmalloc_noprof+0xdf/0x7b0 [ 918.684373][T12866] ? kfree+0x4d/0x690 [ 918.684382][T12866] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 918.684397][T12866] tomoyo_realpath_from_path+0xe3/0x5d0 [ 918.684414][T12866] ? tomoyo_path_number_perm+0x219/0x630 [ 918.684430][T12866] tomoyo_path_number_perm+0x246/0x630 [ 918.684447][T12866] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 918.684464][T12866] ? preempt_schedule_thunk+0x16/0x30 [ 918.684493][T12866] ? __rcu_read_unlock+0x83/0xe0 [ 918.684506][T12866] ? __fget_files+0x2a/0x420 [ 918.684520][T12866] ? __fget_files+0x3a6/0x420 [ 918.684533][T12866] ? __fget_files+0x2a/0x420 [ 918.684548][T12866] security_file_ioctl+0xc3/0x2a0 [ 918.684566][T12866] __se_sys_ioctl+0x47/0x170 [ 918.684578][T12866] do_syscall_64+0x14d/0xf80 [ 918.684592][T12866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 918.684603][T12866] ? clear_bhb_loop+0x40/0x90 [ 918.684615][T12866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 918.684625][T12866] RIP: 0033:0x7f69d450bf79 [ 918.684636][T12866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 918.684645][T12866] RSP: 002b:00007f69d273d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 918.684656][T12866] RAX: ffffffffffffffda RBX: 00007f69d4786090 RCX: 00007f69d450bf79 [ 918.684664][T12866] RDX: 0000000000000000 RSI: 000000000000ae60 RDI: 0000000000000005 [ 918.684676][T12866] RBP: 00007f69d273d090 R08: 0000000000000000 R09: 0000000000000000 [ 918.684682][T12866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 918.684688][T12866] R13: 00007f69d4786128 R14: 00007f69d4786090 R15: 00007fff7e0f56d8 [ 918.684705][T12866] [ 918.684727][T12866] ERROR: Out of memory at tomoyo_realpath_from_path. [ 920.262495][T12305] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 921.060998][T12878] netlink: 'syz.2.1969': attribute type 1 has an invalid length. [ 921.061054][T12878] netlink: 'syz.2.1969': attribute type 2 has an invalid length. [ 921.061067][T12878] netlink: 'syz.2.1969': attribute type 1 has an invalid length. [ 921.061079][T12878] netlink: 'syz.2.1969': attribute type 3 has an invalid length. [ 921.061091][T12878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1969'. [ 921.204616][T12305] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 921.204654][T12305] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.231512][T12305] usb 6-1: config 0 descriptor?? [ 921.258865][T12305] cp210x 6-1:0.0: cp210x converter detected [ 921.990249][T12305] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 922.117180][T12305] cp210x 6-1:0.0: failed to get vendor val 0x3711 size 2: -121 [ 922.117238][T12305] cp210x 6-1:0.0: GPIO initialisation failed: -121 [ 922.269543][T12305] usb 6-1: cp210x converter now attached to ttyUSB0 [ 922.272913][T12305] usb 6-1: USB disconnect, device number 38 [ 922.279539][T12305] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 922.280266][T12305] cp210x 6-1:0.0: device disconnected [ 922.355537][T12888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'. [ 923.437042][T12898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1977'. [ 923.844003][T12903] fuse: Bad value for 'fd' [ 925.001758][T12920] netlink: 'syz.2.1981': attribute type 29 has an invalid length. [ 926.388847][T12926] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1984'. [ 926.448148][T12927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1984'. [ 926.899206][T12927] veth0_macvtap: left promiscuous mode [ 927.896492][ T37] audit: type=1326 audit(1771294872.109:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 927.896543][ T37] audit: type=1326 audit(1771294872.109:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 927.896843][T12934] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 927.896858][T12934] audit: out of memory in audit_log_start [ 927.897554][ T37] audit: type=1326 audit(1771294872.119:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 927.897595][ T37] audit: type=1326 audit(1771294872.119:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 927.897642][ T37] audit: type=1326 audit(1771294872.119:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 927.897680][ T37] audit: type=1326 audit(1771294872.119:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7eff270ec84e code=0x7ffc0000 [ 927.897717][ T37] audit: type=1326 audit(1771294872.119:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12933 comm="syz.2.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 928.395411][T12939] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1989'. [ 928.395837][T12938] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1989'. [ 929.357414][T12948] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1986'. [ 930.554359][T12954] fuse: Bad value for 'fd' [ 931.101120][T12953] erofs (device nbd1): cannot find valid erofs superblock [ 931.656393][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.656531][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.794044][ T5811] Bluetooth: Frame is too long (len 12, expected len 5) [ 933.980201][T12987] fuse: Bad value for 'fd' [ 936.676866][T13011] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2012'. [ 936.730890][ T31] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 936.878792][ T31] usb 3-1: Using ep0 maxpacket: 32 [ 936.881238][ T31] usb 3-1: config 0 has an invalid interface number: 172 but max is 0 [ 936.881263][ T31] usb 3-1: config 0 has no interface number 0 [ 936.881352][ T31] usb 3-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=c2.a1 [ 936.881375][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 936.926424][ T31] usb 3-1: config 0 descriptor?? [ 936.955884][ T31] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 937.185171][T13006] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2010'. [ 937.208803][ T31] gspca_sn9c2028: read1 error -71 [ 937.216919][ T31] gspca_sn9c2028: read1 error -71 [ 937.230087][ T31] gspca_sn9c2028: read1 error -71 [ 937.230177][ T31] sn9c2028 3-1:0.172: probe with driver sn9c2028 failed with error -71 [ 937.259992][ T31] usb 3-1: USB disconnect, device number 54 [ 937.388203][T13022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2016'. [ 938.067082][T13037] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2022'. [ 938.122099][T13040] FAULT_INJECTION: forcing a failure. [ 938.122099][T13040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 938.122134][T13040] CPU: 1 UID: 0 PID: 13040 Comm: syz.3.2023 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 938.122160][T13040] Tainted: [L]=SOFTLOCKUP [ 938.122166][T13040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 938.122177][T13040] Call Trace: [ 938.122185][T13040] [ 938.122193][T13040] dump_stack_lvl+0xe8/0x150 [ 938.122220][T13040] should_fail_ex+0x46b/0x600 [ 938.122244][T13040] _copy_to_user+0x31/0xb0 [ 938.122268][T13040] copy_siginfo_to_user+0x22/0xc0 [ 938.122289][T13040] x64_setup_rt_frame+0x77c/0xcb0 [ 938.122307][T13040] ? rt_spin_unlock+0x14f/0x200 [ 938.122342][T13040] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 938.122368][T13040] arch_do_signal_or_restart+0x429/0x830 [ 938.122389][T13040] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 938.122413][T13040] ? __x64_sys_recvmmsg+0x198/0x250 [ 938.122440][T13040] exit_to_user_mode_loop+0x86/0x480 [ 938.122462][T13040] ? rcu_is_watching+0x15/0xb0 [ 938.122487][T13040] do_syscall_64+0x32d/0xf80 [ 938.122507][T13040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.122523][T13040] ? clear_bhb_loop+0x40/0x90 [ 938.122543][T13040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.122558][T13040] RIP: 0033:0x7f69d450bf77 [ 938.122573][T13040] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 938.122588][T13040] RSP: 002b:00007f69d275e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 938.122605][T13040] RAX: 000000000000012b RBX: 00007f69d4785fa0 RCX: 00007f69d450bf79 [ 938.122617][T13040] RDX: 0000000000000001 RSI: 0000200000002d00 RDI: 0000000000000003 [ 938.122628][T13040] RBP: 00007f69d275e090 R08: 0000000000000000 R09: 0000000000000000 [ 938.122638][T13040] R10: 00000000400001a2 R11: 0000000000000246 R12: 0000000000000001 [ 938.122648][T13040] R13: 00007f69d4786038 R14: 00007f69d4785fa0 R15: 00007fff7e0f56d8 [ 938.122676][T13040] [ 940.849624][T13062] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2026'. [ 940.849656][T13062] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 941.607070][ T37] audit: type=1326 audit(1771294885.829:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13074 comm="syz.3.2032" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x0 [ 942.445975][T13098] netlink: 'syz.1.2039': attribute type 10 has an invalid length. [ 942.481712][T13098] syz_tun: entered promiscuous mode [ 942.543861][T13098] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 948.323003][T13152] pim6reg: entered allmulticast mode [ 948.325602][T13162] netlink: 'syz.0.2059': attribute type 12 has an invalid length. [ 948.325623][T13162] netlink: 'syz.0.2059': attribute type 29 has an invalid length. [ 948.325637][T13162] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2059'. [ 948.325659][T13162] netlink: 'syz.0.2059': attribute type 2 has an invalid length. [ 948.934722][T13172] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2063'. [ 948.935181][T13172] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2063'. [ 949.767381][T13188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2068'. [ 949.881750][T13190] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2069'. [ 949.946556][ T37] audit: type=1326 audit(1771294894.169:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff2712bf79 code=0x0 [ 950.087533][T13197] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2072'. [ 950.091920][T13197] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2072'. [ 950.239392][ T6008] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 950.418593][T13190] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2069'. [ 950.438791][ T6008] usb 3-1: Using ep0 maxpacket: 32 [ 950.442461][ T6008] usb 3-1: config 0 has an invalid interface number: 233 but max is 0 [ 950.442486][ T6008] usb 3-1: config 0 has no interface number 0 [ 950.477688][ T6008] usb 3-1: New USB device found, idVendor=1608, idProduct=0302, bcdDevice=d3.4f [ 950.477717][ T6008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.477737][ T6008] usb 3-1: Product: syz [ 950.477751][ T6008] usb 3-1: Manufacturer: syz [ 950.477818][ T6008] usb 3-1: SerialNumber: syz [ 950.515777][ T6008] usb 3-1: config 0 descriptor?? [ 950.537089][ T6008] io_ti 3-1:0.233: required endpoints missing [ 950.798179][ T37] audit: type=1326 audit(1771294894.949:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798238][ T37] audit: type=1326 audit(1771294894.949:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798278][ T37] audit: type=1326 audit(1771294894.949:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798317][ T37] audit: type=1326 audit(1771294894.949:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798356][ T37] audit: type=1326 audit(1771294894.949:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798395][ T37] audit: type=1326 audit(1771294894.949:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798879][ T37] audit: type=1326 audit(1771294894.949:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798921][ T37] audit: type=1326 audit(1771294894.949:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 950.798958][ T37] audit: type=1326 audit(1771294894.949:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13192 comm="syz.2.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff2712bf79 code=0x7ffc0000 [ 952.697857][T13213] tipc: Started in network mode [ 952.697877][T13213] tipc: Node identity ac1414aa, cluster identity 4711 [ 952.932417][T13213] tipc: Enabled bearer , priority 10 [ 953.027348][T13220] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 953.225964][ T6008] usb 3-1: USB disconnect, device number 55 [ 953.820318][T13244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2081'. [ 953.979841][ T36] tipc: Node number set to 2886997162 [ 956.636887][T13262] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 956.685609][T13274] netlink: 'syz.3.2090': attribute type 10 has an invalid length. [ 957.199107][ T37] kauditd_printk_skb: 606 callbacks suppressed [ 957.199126][ T37] audit: type=1326 audit(1771294901.419:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13275 comm="syz.3.2091" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69d450bf79 code=0x0 [ 960.263688][T13306] pim6reg: entered allmulticast mode [ 960.308573][T13306] pim6reg: left allmulticast mode [ 960.695186][T13318] kAFS: unable to lookup cell 'ÿ' [ 963.398604][ T9846] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 963.581820][ T9846] usb 4-1: device descriptor read/64, error -71 [ 963.646088][T13351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 963.872902][ T9846] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 964.026517][ T9846] usb 4-1: device descriptor read/64, error -71 [ 964.097659][T13323] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2106'. [ 964.129053][ T9846] usb usb4-port1: attempt power cycle [ 964.608506][ T9846] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 964.630359][ T9846] usb 4-1: device descriptor read/8, error -71 [ 965.558708][ T9846] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 965.616225][ T9846] usb 4-1: device descriptor read/8, error -71 [ 965.728637][ T9846] usb usb4-port1: unable to enumerate USB device [ 966.206190][T13382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2121'. [ 967.321827][ T5811] Bluetooth: hci0: unexpected event for opcode 0x2029 [ 967.351617][T13406] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2126'. [ 967.638613][ T9846] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 967.828645][ T9846] usb 3-1: Using ep0 maxpacket: 16 [ 967.831528][ T9846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 967.831553][ T9846] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 967.843413][ T9846] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 967.843444][ T9846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 967.843465][ T9846] usb 3-1: Product: syz [ 967.843480][ T9846] usb 3-1: Manufacturer: syz [ 967.843494][ T9846] usb 3-1: SerialNumber: syz [ 967.850506][ T9846] usb 3-1: config 0 descriptor?? [ 971.064999][ T9846] usb 3-1: USB disconnect, device number 56 [ 972.460061][T13474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 972.462607][T13474] 8021q: adding VLAN 0 to HW filter on device team0 [ 972.703510][T13474] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 975.144782][T13519] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2156'. [ 976.980312][ T10] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 977.078559][ T5960] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 977.148579][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 977.151732][ T10] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 977.151774][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 977.151879][ T10] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 977.151909][ T10] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 977.151937][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 977.155420][ T10] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 977.155447][ T10] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 977.155523][ T10] usb 3-1: Product: syz [ 977.155538][ T10] usb 3-1: Manufacturer: syz [ 977.155553][ T10] usb 3-1: SerialNumber: syz [ 977.290156][ T10] usb 3-1: config 0 descriptor?? [ 977.298117][ T10] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 978.260981][ T5960] usb 4-1: Using ep0 maxpacket: 32 [ 978.292825][ T10] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 978.323217][ T31] usb 3-1: USB disconnect, device number 57 [ 978.334235][ T31] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 978.338849][ T5960] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.338881][ T5960] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 978.338919][ T5960] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 978.338942][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.360397][ T5960] usb 4-1: config 0 descriptor?? [ 978.430893][ T5960] hub 4-1:0.0: USB hub found [ 978.566284][ T5960] hub 4-1:0.0: 1 port detected [ 979.168063][ T5960] hub 4-1:0.0: activate --> -90 [ 979.774287][T13548] tc_dump_action: action bad kind [ 980.933094][ T5960] hub 4-1:0.0: hub_ext_port_status failed (err = -32) [ 980.933123][ T5960] usb 4-1-port1: connect-debounce failed [ 980.933835][ T5960] usb 4-1-port1: cannot disable (err = -32) [ 981.196113][ T5960] usb 4-1: USB disconnect, device number 58 [ 981.297638][ T5803] ================================================================== [ 981.297658][ T5803] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 [ 981.297658][ T5803] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 [ 981.297690][ T5803] Read of size 8 at addr ffffc9000dc22008 by task kworker/u9:3/5803 [ 981.297706][ T5803] [ 981.297719][ T5803] CPU: 0 UID: 0 PID: 5803 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 981.297746][ T5803] Tainted: [L]=SOFTLOCKUP [ 981.297753][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 981.297765][ T5803] Workqueue: hci2 hci_rx_work [ 981.297792][ T5803] Call Trace: [ 981.297799][ T5803] [ 981.297808][ T5803] dump_stack_lvl+0xe8/0x150 [ 981.297833][ T5803] print_report+0xba/0x230 [ 981.297854][ T5803] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 981.297873][ T5803] kasan_report+0x117/0x150 [ 981.297891][ T5803] ? rt_spin_lock+0x20e/0x400 [ 981.297911][ T5803] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 981.297934][ T5803] __list_del_entry_valid_or_report+0xb5/0x190 [ 981.297955][ T5803] kcov_remote_start+0x2af/0x710 [ 981.297981][ T5803] hci_rx_work+0x10f/0x1030 [ 981.298008][ T5803] ? process_scheduled_works+0xa0f/0x17a0 [ 981.298029][ T5803] process_scheduled_works+0xaec/0x17a0 [ 981.298063][ T5803] ? __pfx_process_scheduled_works+0x10/0x10 [ 981.298086][ T5803] ? assign_work+0x3d5/0x5e0 [ 981.298108][ T5803] worker_thread+0xa50/0xfc0 [ 981.298139][ T5803] kthread+0x388/0x470 [ 981.298163][ T5803] ? __pfx_worker_thread+0x10/0x10 [ 981.298182][ T5803] ? __pfx_kthread+0x10/0x10 [ 981.298204][ T5803] ret_from_fork+0x51e/0xb90 [ 981.298227][ T5803] ? __pfx_ret_from_fork+0x10/0x10 [ 981.298247][ T5803] ? __switch_to+0xc7d/0x1400 [ 981.298266][ T5803] ? __pfx_kthread+0x10/0x10 [ 981.298289][ T5803] ret_from_fork_asm+0x1a/0x30 [ 981.298319][ T5803] [ 981.298326][ T5803] [ 981.298332][ T5803] The buggy address belongs to a vmalloc virtual mapping [ 981.298349][ T5803] Memory state around the buggy address: [ 981.298361][ T5803] ffffc9000dc21f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 981.298373][ T5803] ffffc9000dc21f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 981.298385][ T5803] >ffffc9000dc22000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 981.298397][ T5803] ^ [ 981.298413][ T5803] ffffc9000dc22080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 981.298423][ T5803] ffffc9000dc22100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 981.298431][ T5803] ================================================================== [ 981.316206][ T5803] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 981.316233][ T5803] CPU: 0 UID: 0 PID: 5803 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 981.316260][ T5803] Tainted: [L]=SOFTLOCKUP [ 981.316267][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 981.316279][ T5803] Workqueue: hci2 hci_rx_work [ 981.316307][ T5803] Call Trace: [ 981.316316][ T5803] [ 981.316325][ T5803] vpanic+0x1e0/0x670 [ 981.316351][ T5803] panic+0xc5/0xd0 [ 981.316373][ T5803] ? __pfx_panic+0x10/0x10 [ 981.316395][ T5803] ? preempt_schedule_thunk+0x16/0x30 [ 981.316428][ T5803] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 981.316449][ T5803] check_panic_on_warn+0x89/0xb0 [ 981.316468][ T5803] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 981.316487][ T5803] end_report+0x6f/0x140 [ 981.316506][ T5803] kasan_report+0x128/0x150 [ 981.316524][ T5803] ? rt_spin_lock+0x20e/0x400 [ 981.316544][ T5803] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 981.316567][ T5803] __list_del_entry_valid_or_report+0xb5/0x190 [ 981.316588][ T5803] kcov_remote_start+0x2af/0x710 [ 981.316614][ T5803] hci_rx_work+0x10f/0x1030 [ 981.316641][ T5803] ? process_scheduled_works+0xa0f/0x17a0 [ 981.316661][ T5803] process_scheduled_works+0xaec/0x17a0 [ 981.316695][ T5803] ? __pfx_process_scheduled_works+0x10/0x10 [ 981.316717][ T5803] ? assign_work+0x3d5/0x5e0 [ 981.316739][ T5803] worker_thread+0xa50/0xfc0 [ 981.316772][ T5803] kthread+0x388/0x470 [ 981.316795][ T5803] ? __pfx_worker_thread+0x10/0x10 [ 981.316814][ T5803] ? __pfx_kthread+0x10/0x10 [ 981.316837][ T5803] ret_from_fork+0x51e/0xb90 [ 981.316861][ T5803] ? __pfx_ret_from_fork+0x10/0x10 [ 981.316881][ T5803] ? __switch_to+0xc7d/0x1400 [ 981.316901][ T5803] ? __pfx_kthread+0x10/0x10 [ 981.316924][ T5803] ret_from_fork_asm+0x1a/0x30 [ 981.316956][ T5803] [ 981.317294][ T5803] Kernel Offset: disabled