last executing test programs: 15.0517712s ago: executing program 2 (id=3931): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x7}, 0x8) sendmmsg$inet6(r0, &(0x7f0000000980)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000000)="89", 0x1}], 0x1}}], 0x1, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000300)={0x0, 0x3ff, 0x2, [0x800, 0x0]}, 0xc) 14.650583243s ago: executing program 2 (id=3936): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket(0xa, 0x5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000040)=0x7ff, 0x4) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = syz_clone3(&(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$vim2m(0x0, 0x2c, 0x2) sched_getattr(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) socket$kcm(0xa, 0x0, 0x0) setns(0xffffffffffffffff, 0x24020000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) r7 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000000080)={r8, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}}) sendfile(r7, r7, 0x0, 0x1b) sendfile(r7, r8, &(0x7f0000000200)=0x4, 0x9) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5}, 0x94) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x29, 0x2, @thr={&(0x7f00000002c0)="455e2274bfc2f29a743f1b2c3e373c6dcb5c10e45ce2b2eb09769b8bd8354a40d3083bae515b12861cf09b1013b98c8554411c51dcb51b73257b0a78250f50883e1de6abcea935e5bd10cfe1b2fed09331b8", &(0x7f00000001c0)="b9f81664d5e6ce5d75c446b1b2f738f4a552620b06a49f35d0eecea22b3bb99eed5e44e2ea867954d2e6bf75f8203e2e4469fe5f8e1d354e2847c211ed0302feb766f7c5a649fa82f67ecb746b24cffdbe69363ad17ca43b0b8734c0a1b06e5366cf8b34465d02b93e3756f2747d14c073b2f3e01858fdc865c117c7b2f965a04870389ab63ecabb5cf75e81144817d1a1977acb86fa5131e65e5bd8dff2b96fe7a5caa3bf19c8d3d6821208b60e4d4e"}}, &(0x7f0000000100)) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5, r4}) 12.27797789s ago: executing program 3 (id=3947): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x14, 0x0, 0x2, 0x3, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x4, 0x6, 0x101}, 0x14}}, 0x0) fsopen(0x0, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r9, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050007000000140004"], 0x58}}, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x41000, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000180)={r12, 0x6fca31f1, 0x1}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r12, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) 8.715437309s ago: executing program 2 (id=3955): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x0, 0x41) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x7, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) fsopen(&(0x7f00000000c0)='ubifs\x00', 0x0) socket$netlink(0x10, 0x3, 0x15) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r4, @ANYBLOB=',rootmode=00000000000000000040000,use', @ANYBLOB="e296753dfca2eb009a52624c532a5c98a5117cc445c9d155659413d6900163fbde50138384152164194fb64a128f09e7e61d19285e4325eefe18fec831f081406025906b7f5f49167e4209d150b24ec0927481242858af4919c5df49a5b2b448c1ebf90eb526e09632e0ce636f5712984b2dd939611ace7fbcaf9ec8870d849176a90c1086ed408f88effea54f42e87b458ec22717ccff016ed382b4740861bec6e8f4834853ed516cc72e91b677f33d62250f7794bf5dc6dcb23698b88e0b1a2c6d4ab427b18838a40d1b86", @ANYRESDEC=0x0]) r5 = inotify_init1(0x800) inotify_add_watch(r5, &(0x7f0000000040)='./file0\x00', 0x540004a9) umount2(&(0x7f0000000000)='./file0\x00', 0x3) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x27, 0x1000, 0x30000, 0x0, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x10}}, 0x50) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'netdevsim0\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x6, 0x8, 0xfffffffd, "050040010082"}}) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r3, 0x111, 0x5, 0xb31c, 0x4) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c81, 0x6) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) 8.614951104s ago: executing program 3 (id=3956): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4, 0xff78) (fail_nth: 2) 8.372470871s ago: executing program 4 (id=3957): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0xfffffff9}]}}}]}, 0x3c}}, 0x4000010) (fail_nth: 2) 7.998064637s ago: executing program 4 (id=3959): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r6, 0x3e}, 0x80, &(0x7f0000002080)=[{&(0x7f0000000180)}], 0x1}, 0x0) 7.219489448s ago: executing program 0 (id=3962): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004e80), 0xffffffffffffffff) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) unshare(0x22020400) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) quotactl_fd$Q_GETFMT(r3, 0xffffffff80000401, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000005080)={0x0, 0x0, &(0x7f0000005040)={&(0x7f0000000280)={0xcc, r1, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xe}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00'}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x82}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0xfffffffffffffdf6, 0x5, 0x4}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40091}, 0x4008c80) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x71, 0x0, 0x333, 0x0, 0x4, {}, [@HEADER={0xc}]}, 0x20}}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x34, r5, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}}, 0x0) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x78280, 0x0) clock_gettime(0x0, &(0x7f00000004c0)={0x0, 0x0}) setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000580)={r7, r8/1000+10000}, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x94, 0x0, 0x2, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT={0x78, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x881}, 0x40080) 7.16598775s ago: executing program 3 (id=3963): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x80a06, 0x442c1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_TLB_DYNAMIC_LB={0x5, 0x1b, 0x2}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x680}, 0x20048040) (fail_nth: 2) 6.938249107s ago: executing program 4 (id=3964): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="400d06"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000740)={0x20, 0x17, 0x1, "e1"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="400b11"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x581, 0x2, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x7fffffff}, @IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004003}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000600)={0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="202548c9ca009f"], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, 0x0, 0x200a0891) 6.860951385s ago: executing program 2 (id=3965): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'syz_tun\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @local, @val={@void}, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x0, 0x1, 0x1, @dev={0xfe, 0x80, '\x00', 0xe}, @mcast2}}}}, 0x0) 4.093503831s ago: executing program 0 (id=3966): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f0000000040)=0x7c, 0x4) (fail_nth: 2) 4.067860879s ago: executing program 3 (id=3967): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4dea184fd7a0a0f4d441763e30d1bc4755", 0x158}, {&(0x7f0000000fc0)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295499abbcb388d291aa83e93db6cf9ab0954e6a8dfc19c3c1533a11d81e0382999bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442cfa6a84ad931e99549640705cd6261ca7094910df055747e2e2ae170e7850093bf0aa3370e03222b5de4597ca76f3193d4a45e424b540f292fd8b3523e5a2dd95177db84a801f0bc70819805a52b1b1b8f6c392056eb5f511d865324a88857277ce16e07bd12fc8b20b4c1b57b6ec2ca63497036679cad780c68628214c86c265e464c8c7715009f8b1c207e2cff5bfdeb2a9194a57901f7a40578f63146d41b7ceef1a2740c519952367f911ef0d1d0b64c39155939f0263567b73c924d61785096b4967d3c963", 0x1d9}], 0x2}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f", 0x85}, {&(0x7f0000000300)}, {&(0x7f0000000740)="b176d469f44ff7e206a24a3a5f3a112da35513", 0x13}], 0x3}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 3.805990584s ago: executing program 2 (id=3968): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) pwritev(r0, &(0x7f0000000500), 0x0, 0x5, 0xfffffff9) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r1, r1, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66) r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070400000900020073797a31000000000900010073797a3000000000100003"], 0xe0}}, 0x800) recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x3f, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$sock_buf(r8, 0x1, 0x1c, 0x0, &(0x7f00000000c0)=0x3a00) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f00000012c0)={r9, 0x0, 0x7fff, 0x0, 0x0, [0x0], [0x2], [0x0, 0x4, 0x2eb5, 0x5e8]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000080)={r10, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r11}) 3.690087538s ago: executing program 0 (id=3969): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4040014}, 0x8000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4084) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000140), 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) sendto$packet(r7, &(0x7f0000000480)="c1858aec1d0a21", 0x7, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r6, 0x1, 0x5, 0x6, @random="24f51e8e0a5a"}, 0x14) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.661604983s ago: executing program 4 (id=3970): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x40, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.3780141s ago: executing program 1 (id=3971): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000017c0)=@newsa={0xfc, 0x10, 0x1, 0x70bd2b, 0x25dfdbfc, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 0x4e24, 0x401, 0xa, 0x60, 0x0, 0x29}, {@in=@broadcast, 0x4d2, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x2b}, {0xffffffff, 0x1ff, 0x0, 0x100, 0x68, 0x6, 0x4, 0xfffffffffffffff2}, {0x62, 0x8b60, 0x8000000000000001, 0x1}, {0x0, 0xfffff3ca, 0x2}, 0x70bd25, 0x3502, 0x2, 0x1, 0x3, 0xc6}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x4}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4810}, 0x0) (fail_nth: 2) 3.315195319s ago: executing program 4 (id=3972): r0 = syz_usb_connect(0x1, 0x2d, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0xc17a) r1 = epoll_create(0x1) r2 = epoll_create1(0x0) syz_open_dev$amidi(0x0, 0x2, 0x0) r3 = epoll_create(0x7) r4 = epoll_create1(0x80000) migrate_pages(0x0, 0x9, 0x0, &(0x7f0000000380)=0x102) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000000)={0x2000}) getrandom(&(0x7f0000000380)=""/300, 0x12c, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_disconnect(r0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0xfff9) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x20044090}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.137495017s ago: executing program 1 (id=3973): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x440, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000380)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r2, 0x80045104, &(0x7f00000003c0)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x14e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x9) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000004c0)={0x7, [0x0, 0x1ff, 0xfff7, 0x9, 0x3, 0xa496, 0x83]}, &(0x7f0000000500)=0x12) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030006000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x4000000) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000480), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000180)) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r9, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240000c0}, 0x4000045) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x7, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(r4, 0x4068aea3, &(0x7f0000000400)={0xce, 0x0, r4}) io_uring_enter(r3, 0x7c2c, 0xc5f9, 0x20, &(0x7f0000000200)={[0x480000000000]}, 0x8) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.890318025s ago: executing program 3 (id=3974): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r6, 0x3e}, 0x80, &(0x7f0000002080)=[{&(0x7f0000000180)}], 0x1}, 0x0) 2.775948909s ago: executing program 0 (id=3975): ioprio_set$pid(0x2, 0x0, 0x0) io_setup(0x2, 0x0) eventfd(0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) r4 = io_uring_setup(0x3ca9, &(0x7f00000000c0)={0x0, 0xd4ea, 0x2, 0x0, 0x3}) io_uring_enter(r4, 0x6a8a, 0xffefffff, 0x21, &(0x7f0000000040)={[0xffffffffffffffff]}, 0x8) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000440)=@nat={'nat\x00', 0x670, 0x5, 0x450, 0x0, 0x210, 0xfeffffff, 0x0, 0x2e0, 0x3b8, 0x3b8, 0xffffffff, 0x3b8, 0x3b8, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0xffffff00, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@addrtype={{0x30}, {0x50, 0x0, 0x1, 0x1}}, @common=@inet=@tcp={{0x30}, {[0x4e24, 0x4e22], [0x4e23, 0x4e23], 0x8, 0x80, 0x8, 0xe}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x1], 0x2}}}, @common=@addrtype={{0x30}, {0x1, 0x522, 0x1, 0x1}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id=0x2, @gre_key=0x8}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@ttl={{0x28}, {0x3, 0x6}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00', {}, {0xff}}, 0x0, 0x90, 0xd8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev, @port=0xffff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) r6 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$update(0x2, r6, &(0x7f0000000140)="c4", 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x44000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)=@newqdisc={0x34, 0x24, 0x10, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xd, 0x7}, {0xa, 0x10}, {0x4, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_RATE={0x6, 0x5, {0x8, 0xe}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80c4}, 0x80) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1221}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0x5}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @local}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@allocspi={0x14c, 0x16, 0x61bb1f11be440ab3, 0x70bd26, 0x25dfdbfe, {{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@empty, 0x4e23, 0x8, 0x4e20, 0x2, 0xa, 0xa0, 0x120, 0x76}, {@in=@dev={0xac, 0x14, 0x14, 0x38}, 0x4d5, 0x33}, @in=@local, {0x0, 0x6, 0xfffffffffffffff9, 0x3, 0x2, 0x35, 0x9, 0x4}, {0xfffffffffffffffb, 0x860d, 0x310, 0x4}, {0x7fffffff, 0x8, 0x2ed9}, 0x70bd2b, 0x2502, 0xa, 0x0, 0x1}, 0x3, 0xffff}, [@etimer_thresh={0x8, 0x22, 0x9}, @algo_aead={0x4c, 0x12, {{'aegis256\x00'}, 0x0, 0x180}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x44041}, 0x4) 2.618027714s ago: executing program 1 (id=3976): syz_emit_ethernet(0x23c, &(0x7f0000004180)=ANY=[], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x2e34, &(0x7f0000000180)={0x0, 0xc506, 0x0, 0x1, 0x4}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r4 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x4002, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xbd5481c7e69bac80}, {0x0, 0xffff}}}, 0x24}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001a00)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f0000001b40)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="0f000000", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fddbdf254b0000000c00990019000000490000000a00f5000802110000010000"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x800) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r3, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000440)={{0x1, 0x1, 0xfffffffffffffc56, r2, {0xa0000}}, '\x00'}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000480)=""/160, 0xa0}, {&(0x7f0000000540)=""/31, 0x1f}, {&(0x7f0000000580)=""/17, 0x11}, {&(0x7f00000005c0)=""/47, 0x2f}, {&(0x7f0000000600)=""/226, 0xe2}, {&(0x7f0000000700)=""/135, 0x87}, {&(0x7f00000007c0)=""/163, 0xa3}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/185, 0xb9}], 0x9) sendmsg$nl_generic(r8, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440100001900000828bd7000fbdbdf25020000002e01f88008002b00030000c3fbe0dcb0f65b0329fe54220300000000000000494d82ffc87ee27474078510d4aac37041274c74d4bbe38dc75d9734a8fb5b867c14a90f868e1022735429750ff0b25ccf747bf03dd81ebd02000000c366c76248c992d44ba2b43987434fd4d9101099f191ca469e2a5156a87bb55576838d2dc760f50f001aab3b69857cbfb614c44a1843ad46f965ce24b9c049c6d8c7b55e8170438172d5833584b4584cee4f7dfc7068464aef6f0afe83c306a01587a3077dd0b522cda70732590ab764ea9c7d79af575abf7242ad831c1cc853441795f0623ea18b72604b06d809d2c3e551a498da17a2c4cb942df1a8558d4bd03b0bb6b4e8b8830529cd662a705f49a6ccadfb5d2c7b5ec9f94cc01f51f5e6d9177d0b58882f350100"/324], 0x144}, 0x1, 0x0, 0x0, 0x86}, 0x40084) writev(r2, &(0x7f000000cac0)=[{&(0x7f0000000040)="419591c78b30640ee91c8fc7c6079c0213a13dce386a64f8a51e9b3932", 0xfe8e}], 0x1) ioctl$F2FS_IOC_MOVE_RANGE(r8, 0xc020f509, &(0x7f00000002c0)={0xffffffffffffffff, 0xce72, 0x8000000000000001, 0x85}) 1.931171095s ago: executing program 3 (id=3977): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000040)=0xd9b1) syz_usb_connect(0x2, 0xa1, &(0x7f00000000c0)=ANY=[], &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0}) 1.560532681s ago: executing program 1 (id=3978): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0xc}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x39, 0x1a, r4, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) r7 = fanotify_init(0x200, 0x40000) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r7, 0x101, 0x48000059, r8, 0x0) write$binfmt_script(r6, &(0x7f0000000040)={'#! ', './file0'}, 0xb) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8093, 0x8268}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000) r11 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r11, &(0x7f00000002c0), 0x40000000000009f, 0x0) r12 = socket$alg(0x26, 0x5, 0x0) r13 = socket$inet_smc(0x2b, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setsockopt$IP_VS_SO_SET_ADD(r13, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x400000, 0x4}, 0x2c) bind$alg(r12, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) socket$inet_udp(0x2, 0x2, 0x0) 1.513542952s ago: executing program 4 (id=3979): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x80000}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0xcac6, 0x418080) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="050000009a0c00000100000000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="005804a723"], 0x80}}, 0x4) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0, 0x0, 0x56074974}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 445.955258ms ago: executing program 0 (id=3980): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1, 0x80) ioctl$SNDRV_PCM_IOCTL_UNLINK(r1, 0x4161, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f00000005c0)={0x0, 0x0, @start={0x0, 0x1}}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = socket(0xa, 0x3, 0xc7) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x14}, 0x78, r4}) (async) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x14}, 0x78, r4}) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x8936, &(0x7f0000000000)) (async) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x8936, &(0x7f0000000000)) write$uinput_user_dev(r2, &(0x7f0000001b40)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x39, 0x3, 0x4000401, 0x8, 0xe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xfffffffd, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x5, 0xfffffff6, 0x0, 0x8, 0x800000, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1], [0x3, 0xfffff41a, 0x0, 0x0, 0x4, 0x20000, 0x2000000, 0xedc0, 0x0, 0x5ee, 0x5, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x8, 0x80000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0xfffffff8, 0x2, 0x0, 0x2, 0x400, 0x0, 0x0, 0x8, 0x40000, 0x0, 0xc0800000, 0x100, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0xfffffffe, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x200, 0x2, 0x6, 0x80000000, 0x2, 0x47fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x3, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0xf88], [0xfffffffe, 0x0, 0x4, 0x0, 0xfffefffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x803, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffe, 0x3, 0x0, 0x4, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x17d, 0x0, 0x8000000, 0x4, 0xffffffff, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)={0x0, @adiantum, 0x0, @desc2}) ioctl$UI_DEV_CREATE(r2, 0x5501) 418.372297ms ago: executing program 2 (id=3981): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x2, 0x4}, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x3, &(0x7f0000000140)=[{0x20}, {0x54}, {0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bff000/0x400000)=nil) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='lp', 0x2) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r4, 0x1) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r5 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000080)={0x0, 0x0}) r6 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000e80)={0x0, 0x0}) ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000200)={{0x50000, 0x1, 0x9, 0x1, 0xcd, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0x3000, 0x80a0000, 0xd, 0xe, 0x5, 0x7, 0x4, 0x14, 0x4, 0x5, 0x0, 0x1}, {0x8000000, 0x102f8000, 0x1e, 0x5, 0x6, 0x7, 0x81, 0x3, 0x80, 0x1, 0xe, 0x78}, {0xeeef0000, 0x6000, 0x0, 0x3, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0x2e}, {0x2, 0x2000, 0xa, 0xff, 0x8, 0x8, 0x6, 0x7, 0x8, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x9, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x5, 0x1, 0xd, 0x9}, {0xdddd1000, 0x6000, 0x0, 0x1, 0xa, 0x8, 0x4, 0x63, 0x1c, 0x5, 0x1, 0xd}, {0xeeef0000, 0x4000, 0xa, 0x23, 0xc, 0x3, 0x9, 0x4a, 0xc, 0x8, 0x2, 0x3}, {0xeeee0000, 0x5}, {0xffff1000}, 0x0, 0x0, 0x1, 0x150690, 0x3, 0x4000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x1000]}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000140)={[0x9, 0x9, 0xa3, 0x8, 0xdc19, 0xc9, 0x6, 0x1, 0xfffffffffffffffb, 0x2, 0x10, 0x8, 0x0, 0x80000000, 0xebd9, 0xffffffffffffffff], 0xffffffff, 0x2000}) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000740)={"d200000000113aa16b365924c3128c89fe8764c41caa3ec7a095ce3692ae1ff4160c3dd483cc71d285c48c8fa445272281beb44357aa96da39f0ef45a90bfac537ba4c98038e0b871c2ba811d3d568ccdddd1e0e7edef9061d12bdd0fc1c83093613293d1779955c62df6a03c3a539051393b577bb6645c4ed2ddfd06df82c7359de2082e16a4c302d18db9ce698f22b519d55adbbe4881dda46ddbbc40a1ca428e404f0640e62eb7d76c8ca94cff34f26de20c2f44c22228eee44edcbec829ed8b5f24a8259fcc87d67b96441486cf9832274eff5271d3843178cd90827052ef8e6dee13ef4f8e23b8396f5bc4b03b8ee875350ac778233a13551f55cac915ce11f145063ef5b5111272d0859d6cdb62ab72a92f24d83ef5ff87aa8f6eae3986c403add562c0ad27ac61008eba63e3b71b3d466070a005541677a477392f9a499322ed2f09c6e1b401ad81bb4673274e7c344152c2617edc2f667329b0000c9d235de56d8642823643e0107339044417e2708d10e7dafefb5b2e72f696e1dc37c48f3c9266c9c8d2e771aabd4b7e4e7c2bccde0345d5d43ad7a4d98e9e1e3e152704ca29d286fe783f3579055a428ab231b9e81d77bd8ca4007607cd2ff60953a2d68353c4cc677124b7431edca5f604841f3baa90d46235ddaa03f158dd79c219be7f0c53dddd4cea58ecac6cef53e7a5b347b0842bb163bd35e19d2ed1b67e63a7e82ac470619ae164c3949884286c101417e6deeff735b8b3b9109e47725bbd5c400b24489fec1afe6771d5c8871f7cd31e7390cef6dce398b8a1dd7213229d282cb581a71c04ca04e9eb516a197583ba8470b0df0b2158a076bf257520500a7bfb42766c883231c1a2a4527dabb5037f9fa00172bc8b9327494b553735a4ebbfb8c9e7f5034b442418c7490919f81308b4a73bd46d57e1ebcc3b6cf7d1ba20e55d06e40e5796e568c206d51adc1be7186cb80962e8dfa41c354acd9ad1fbf84bdb6fa6dd83aa9aa0a23210b057328efa4239b8211b3a5f21ce22a193eb93f69c4d525f53e733b397786d808b928297748a3d54e5bb71bab6139d5e2721d237f019989842e398d049df2e9c63c424606fc73cece699407f3041826cc271a3cb44cc4d76ab77ddb15ef7dda76ddfa483029d228cf7dcc153988ef9f228a8158d6ae6fdc32ef2af1642e48d5218f10ba7c222e43da4e13f59e96ab4b467283b76d8b0c36665f02d943936041c00d7dbd2a3ab101aa56277b9ec5111428c047fb8b144f260b2fae62db101aad238ee50d222202969ed1929c2f8ab41e6e342ad1b0037be7e2d887f0563a722be94364dfe62482f7862da76fd58827712a1a80f69cc85f2fa9ba92cbfc48f7e4f11b2b87c71e6733a95d8ded91da74913fcf81bb1bb9cb8f380f40c702b447990e0100750c49f9328238eced88d16068bce90b"}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000340)={0x2, 0x0, @ioapic={0xe6ef0000, 0x4, 0x2, 0xffffffff, 0x0, [{0x5, 0x4, 0x3, '\x00', 0x21}, {0x8, 0x85, 0x2}, {0x4, 0x80, 0x1, '\x00', 0x2}, {0xc0, 0x6, 0x2, '\x00', 0x2}, {0x2, 0x4, 0x5}, {0xfa, 0x3, 0xf, '\x00', 0x25}, {0x0, 0x8, 0x1, '\x00', 0x7}, {0xbc, 0x1, 0x3, '\x00', 0x4f}, {0x6, 0x9, 0xc4, '\x00', 0x80}, {0x1, 0x80, 0x1, '\x00', 0x3}, {0x4, 0xa, 0x0, '\x00', 0xe}, {0x5, 0x4, 0x3, '\x00', 0x12}, {0x7, 0x12, 0x6, '\x00', 0x5}, {0x5, 0x6, 0xc, '\x00', 0xc3}, {0x2, 0x0, 0x0, '\x00', 0x2}, {0x4, 0xb, 0xa8, '\x00', 0x5}, {0x1, 0xd9, 0x9, '\x00', 0x5}, {0x5, 0x7, 0x42, '\x00', 0x2}, {0x8, 0x74, 0x9, '\x00', 0x3}, {0x2, 0x58, 0xff, '\x00', 0x8}, {0x7f, 0x6, 0x80, '\x00', 0x4}, {0xdc, 0x7, 0x0, '\x00', 0x2}, {0xa, 0x71, 0x6, '\x00', 0x6}, {0x6, 0x5, 0x6, '\x00', 0x80}]}}) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r2, 0x8040942d, &(0x7f0000000580)) 351.041699ms ago: executing program 1 (id=3982): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x40, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c61"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 166.116028ms ago: executing program 0 (id=3983): r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="10000000001f000000000409333d5c00"/28], 0x28, 0x4c00}, 0x810) r1 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r2, r2, &(0x7f0000000000)=0x2eb4, 0x2000007ff) write$UHID_CREATE2(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000327c08c5086723b8a31662000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ef0008000e0000009002000000000000010000001194fae7d5dd47dfd088f1d182eee8e8f84756166751b128bc8199d6518bafdc508a6ed9270d0483b91d5c805194cd53e253f93e174b8a9b4b865e3c9347c920d87488227ee9b0406f44f00ca72c84ca30aef829717562230da75ab9cb5798a4ecad9833c12f272f11aa9c4ef997892efd508929c9b87ba7c920ad2f6adf8e06da2a92a508db3f5baf8836e1254c6881b07e901da10fcb47ea57a9553ec2ae55cc3298b8bc0bd0ab8b84a3b0b05d2c549d9587c88710543bfb947d3b6c1e0a9ecc435ed3908e2a9f09ca0b6a6778dc2c408873a02a1a5cd7960e572f56cd572b804364a6"], 0x207) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000060a090400000000000000000600000014000480100001800a00010072616e67650000000900010073797a70000000000900020073797a3200000000140000001100010000000000000000000000000a40937e0d39bc425e71322e6fa37b393959380abdbc9418fada9eabcce0789c7e94d58baf943191255f0db4a4d41713170f878ed25ab219f239e89f5b8a9674874516be80d735419e62ed2500ef78aff567be4ca40674930600292be80c34835fbd8ae7b39a1135874ea165d2993a62"], 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = dup(0xffffffffffffffff) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7498f7445aa0700da0000000439000000000000f46c00000000120000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xcf, &(0x7f0000000640)=""/207, 0x0, 0x0, '\x00', 0x0, @fallback, r5}, 0x94) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000740)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20", @ANYRESDEC=r4, @ANYBLOB="60cba979cba86123ab4e7dc08d8514a052e81b8ef608818736aab376cf1653f857f341b8d26014f9d7f72bdfba7fe635a402892f569d06707d4b2f5232115d2f13bc14f7051c03c4837fe60c937bcb690e5b45684db6c1fa2f6c9a1da4f870845b4af06422a74a8dee7b5189c1c9120b18dedef65d253b8f0e64d6d169eecb3fb0c066c06a9aebc07902bff6cf1e75257ed4ee530becc712b3bd2879ee9a0121713abb96f26915024b50d0b066eb25ad0df65ec6cb3a527cb43ace4c8f2dc1be783d99d496622a7fe40b19a104be136381ae2e4a18b11a3dd33019a6cad6f1d6", @ANYRES32], 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) io_uring_setup(0x2b96, &(0x7f00000003c0)={0x0, 0xdaee, 0x10, 0x44, 0x246}) ioctl$FS_IOC_GETVERSION(r7, 0xc0145b0e, &(0x7f0000000040)) ioctl$FS_IOC_GETVERSION(r7, 0xc0145b0e, &(0x7f0000000000)) 0s ago: executing program 1 (id=3984): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)={'U-', 0x81}, 0x16, 0x0) r1 = syz_create_resource$binfmt(&(0x7f0000000100)='./file0\x00') r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) execveat$binfmt(0xffffffffffffff9c, r2, 0x0, 0x0, 0x1f00000000000000) openat$binfmt(0xffffffffffffff9c, r1, 0x41, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x1, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f0000000000)) syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120110030000000000000000bc2c010203010902120001000a840809040100003460821058383f92d8a72d9dc11776eef1c372a806cf0b8f0b013b51441afe59ad80bd8accbba566228c32deeb76b6091a73060cf3579990203254036886e37c44462cd6ed5d88b37c16cb15ec306b9c78ad93c6"], &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): 3e syscall=272 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 743.833616][ T29] audit: type=1326 audit(1777004754.727:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17226 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 743.856081][ T29] audit: type=1326 audit(1777004754.727:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17226 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 743.941763][T17234] FAULT_INJECTION: forcing a failure. [ 743.941763][T17234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 743.954854][T17234] CPU: 1 UID: 0 PID: 17234 Comm: syz.4.3582 Not tainted syzkaller #0 PREEMPT(full) [ 743.954879][T17234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 743.954891][T17234] Call Trace: [ 743.954901][T17234] [ 743.954909][T17234] dump_stack_lvl+0xe8/0x150 [ 743.954941][T17234] should_fail_ex+0x412/0x560 [ 743.954974][T17234] _copy_from_user+0x2d/0xb0 [ 743.954997][T17234] sk_setsockopt+0x2b3/0x2d60 [ 743.955025][T17234] ? __pfx_sk_setsockopt+0x10/0x10 [ 743.955047][T17234] ? aa_sk_perm+0x6d5/0x900 [ 743.955075][T17234] ? __fget_files+0x2a/0x420 [ 743.955099][T17234] ? __pfx_aa_sk_perm+0x10/0x10 [ 743.955128][T17234] ? __fget_files+0x2a/0x420 [ 743.955144][T17234] ? aa_sock_opt_perm+0xff/0x1a0 [ 743.955166][T17234] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 743.955192][T17234] do_sock_setsockopt+0x11b/0x1b0 [ 743.955216][T17234] __x64_sys_setsockopt+0x13d/0x1b0 [ 743.955238][T17234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.955258][T17234] do_syscall_64+0x15f/0xf80 [ 743.955281][T17234] ? trace_irq_disable+0x3b/0x140 [ 743.955304][T17234] ? clear_bhb_loop+0x40/0x90 [ 743.955327][T17234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.955346][T17234] RIP: 0033:0x7f9169b9cdd9 [ 743.955364][T17234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 743.955380][T17234] RSP: 002b:00007f916a9af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 743.955399][T17234] RAX: ffffffffffffffda RBX: 00007f9169e15fa0 RCX: 00007f9169b9cdd9 [ 743.955413][T17234] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 0000000000000003 [ 743.955424][T17234] RBP: 00007f916a9af090 R08: 0000000000000029 R09: 0000000000000000 [ 743.955436][T17234] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 743.955447][T17234] R13: 00007f9169e16038 R14: 00007f9169e15fa0 R15: 00007f9169f3fa48 [ 743.955477][T17234] [ 744.381896][T17238] FAULT_INJECTION: forcing a failure. [ 744.381896][T17238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 744.381929][T17238] CPU: 0 UID: 0 PID: 17238 Comm: syz.4.3583 Not tainted syzkaller #0 PREEMPT(full) [ 744.381949][T17238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 744.381960][T17238] Call Trace: [ 744.381968][T17238] [ 744.381976][T17238] dump_stack_lvl+0xe8/0x150 [ 744.382009][T17238] should_fail_ex+0x412/0x560 [ 744.382042][T17238] _copy_from_user+0x2d/0xb0 [ 744.382065][T17238] ___sys_sendmsg+0x1c6/0x360 [ 744.382085][T17238] ? __lock_acquire+0x6b5/0x2cf0 [ 744.382116][T17238] ? __pfx____sys_sendmsg+0x10/0x10 [ 744.382167][T17238] ? __fget_files+0x2a/0x420 [ 744.382186][T17238] ? __fget_files+0x3a0/0x420 [ 744.382214][T17238] __x64_sys_sendmsg+0x1bd/0x2a0 [ 744.382238][T17238] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 744.382264][T17238] ? __pfx_ksys_write+0x10/0x10 [ 744.382295][T17238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.382315][T17238] do_syscall_64+0x15f/0xf80 [ 744.382338][T17238] ? trace_irq_disable+0x3b/0x140 [ 744.382362][T17238] ? clear_bhb_loop+0x40/0x90 [ 744.382384][T17238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.382403][T17238] RIP: 0033:0x7f9169b9cdd9 [ 744.382420][T17238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 744.382436][T17238] RSP: 002b:00007f916a9af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 744.382455][T17238] RAX: ffffffffffffffda RBX: 00007f9169e15fa0 RCX: 00007f9169b9cdd9 [ 744.382469][T17238] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 744.382480][T17238] RBP: 00007f916a9af090 R08: 0000000000000000 R09: 0000000000000000 [ 744.382491][T17238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 744.382518][T17238] R13: 00007f9169e16038 R14: 00007f9169e15fa0 R15: 00007f9169f3fa48 [ 744.382547][T17238] [ 744.397788][T14743] Bluetooth: hci5: command 0x0406 tx timeout [ 744.975741][T17251] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3587'. [ 745.888606][ T29] audit: type=1326 audit(1777004756.947:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17226 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 745.928088][ T29] audit: type=1326 audit(1777004756.947:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17226 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 746.166602][T15099] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 746.175151][ T807] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 746.314943][T17271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3594'. [ 746.329561][T15099] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 746.339068][T15099] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 746.351120][T15099] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 746.360918][ T807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 746.374287][T15099] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 746.395358][ T807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 746.416731][ T807] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 746.428795][T15099] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 746.440277][T15099] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 746.462680][ T807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.512568][ T807] usb 2-1: config 0 descriptor?? [ 746.754863][T15099] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 746.765511][T15099] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 746.773571][T15099] usb 1-1: Product: syz [ 746.777737][T15099] usb 1-1: Manufacturer: syz [ 746.870997][T17268] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 746.895435][T15099] cdc_wdm 1-1:1.0: skipping garbage [ 746.901120][T15099] cdc_wdm 1-1:1.0: skipping garbage [ 746.908808][T15099] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 746.915072][T15099] cdc_wdm 1-1:1.0: Unknown control protocol [ 747.106857][ T5931] usb 1-1: USB disconnect, device number 8 [ 747.131838][ T807] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0 [ 747.140321][ T807] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0 [ 747.157206][ T807] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0012/input/input47 [ 747.269208][ T807] cm6533_jd 0003:0D8C:0022.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 747.486039][ T5922] usb 2-1: USB disconnect, device number 83 [ 747.495499][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.501826][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.874941][T17300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 747.885455][T17289] fuse: Bad value for 'fd' [ 747.892522][T17300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 747.936027][T17301] FAULT_INJECTION: forcing a failure. [ 747.936027][T17301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 747.949080][T17301] CPU: 0 UID: 0 PID: 17301 Comm: syz.4.3605 Not tainted syzkaller #0 PREEMPT(full) [ 747.949102][T17301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 747.949114][T17301] Call Trace: [ 747.949127][T17301] [ 747.949135][T17301] dump_stack_lvl+0xe8/0x150 [ 747.949167][T17301] should_fail_ex+0x412/0x560 [ 747.949200][T17301] _copy_to_user+0x31/0xb0 [ 747.949224][T17301] simple_read_from_buffer+0xe1/0x170 [ 747.949249][T17301] proc_fail_nth_read+0x1bb/0x230 [ 747.949273][T17301] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 747.949296][T17301] ? rw_verify_area+0x2a6/0x4d0 [ 747.949318][T17301] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 747.949340][T17301] vfs_read+0x20c/0xa70 [ 747.949367][T17301] ? __pfx___mutex_lock+0x10/0x10 [ 747.949392][T17301] ? __pfx_vfs_read+0x10/0x10 [ 747.949416][T17301] ? __fget_files+0x2a/0x420 [ 747.949439][T17301] ? __fget_files+0x3a0/0x420 [ 747.949457][T17301] ? __fget_files+0x2a/0x420 [ 747.949485][T17301] ksys_read+0x150/0x270 [ 747.949509][T17301] ? __pfx_ksys_read+0x10/0x10 [ 747.949540][T17301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.949561][T17301] do_syscall_64+0x15f/0xf80 [ 747.949583][T17301] ? trace_irq_disable+0x3b/0x140 [ 747.949607][T17301] ? clear_bhb_loop+0x40/0x90 [ 747.949630][T17301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.949648][T17301] RIP: 0033:0x7f9169b5d60e [ 747.949666][T17301] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 747.949682][T17301] RSP: 002b:00007f916a98dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 747.949702][T17301] RAX: ffffffffffffffda RBX: 00007f916a98e6c0 RCX: 00007f9169b5d60e [ 747.949716][T17301] RDX: 000000000000000f RSI: 00007f916a98e0a0 RDI: 0000000000000004 [ 747.949727][T17301] RBP: 00007f916a98e090 R08: 0000000000000000 R09: 0000000000000000 [ 747.949738][T17301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.949749][T17301] R13: 00007f9169e16128 R14: 00007f9169e16090 R15: 00007f9169f3fa48 [ 747.949780][T17301] [ 748.730563][T17319] netlink: 'syz.1.3613': attribute type 3 has an invalid length. [ 748.901918][T17323] FAULT_INJECTION: forcing a failure. [ 748.901918][T17323] name failslab, interval 1, probability 0, space 0, times 0 [ 748.914564][T17323] CPU: 0 UID: 0 PID: 17323 Comm: syz.0.3612 Not tainted syzkaller #0 PREEMPT(full) [ 748.914586][T17323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 748.914597][T17323] Call Trace: [ 748.914605][T17323] [ 748.914613][T17323] dump_stack_lvl+0xe8/0x150 [ 748.914645][T17323] should_fail_ex+0x412/0x560 [ 748.914677][T17323] should_failslab+0xa8/0x100 [ 748.914703][T17323] __kmalloc_cache_noprof+0x88/0x660 [ 748.914727][T17323] ? alloc_pipe_info+0xe8/0x4d0 [ 748.914755][T17323] alloc_pipe_info+0xe8/0x4d0 [ 748.914780][T17323] splice_direct_to_actor+0xa08/0xc70 [ 748.914806][T17323] ? kstrtouint+0x6e/0xe0 [ 748.914833][T17323] ? __pfx_direct_splice_actor+0x10/0x10 [ 748.914856][T17323] ? __pfx_aa_file_perm+0x10/0x10 [ 748.914880][T17323] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 748.914910][T17323] do_splice_direct+0x195/0x290 [ 748.914932][T17323] ? __pfx_do_splice_direct+0x10/0x10 [ 748.914953][T17323] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 748.914976][T17323] ? bpf_lsm_file_permission+0x9/0x20 [ 748.914998][T17323] ? security_file_permission+0x75/0x260 [ 748.915029][T17323] ? rw_verify_area+0x255/0x4d0 [ 748.915054][T17323] do_sendfile+0x535/0x7d0 [ 748.915080][T17323] ? __pfx_vfs_write+0x10/0x10 [ 748.915106][T17323] ? __pfx_do_sendfile+0x10/0x10 [ 748.915133][T17323] ? __fget_files+0x3a0/0x420 [ 748.915161][T17323] __se_sys_sendfile64+0x144/0x1a0 [ 748.915190][T17323] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 748.915223][T17323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.915243][T17323] do_syscall_64+0x15f/0xf80 [ 748.915266][T17323] ? trace_irq_disable+0x3b/0x140 [ 748.915289][T17323] ? clear_bhb_loop+0x40/0x90 [ 748.915311][T17323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.915329][T17323] RIP: 0033:0x7fb3e499cdd9 [ 748.915346][T17323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 748.915361][T17323] RSP: 002b:00007fb3e5847028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 748.915381][T17323] RAX: ffffffffffffffda RBX: 00007fb3e4c16090 RCX: 00007fb3e499cdd9 [ 748.915394][T17323] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 748.915405][T17323] RBP: 00007fb3e5847090 R08: 0000000000000000 R09: 0000000000000000 [ 748.915416][T17323] R10: 00000ffffffff000 R11: 0000000000000246 R12: 0000000000000001 [ 748.915428][T17323] R13: 00007fb3e4c16128 R14: 00007fb3e4c16090 R15: 00007fb3e4d3fa48 [ 748.915457][T17323] [ 749.706343][T17340] FAULT_INJECTION: forcing a failure. [ 749.706343][T17340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 749.744121][T17340] CPU: 0 UID: 0 PID: 17340 Comm: syz.3.3619 Not tainted syzkaller #0 PREEMPT(full) [ 749.744146][T17340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 749.744158][T17340] Call Trace: [ 749.744165][T17340] [ 749.744174][T17340] dump_stack_lvl+0xe8/0x150 [ 749.744206][T17340] should_fail_ex+0x412/0x560 [ 749.744238][T17340] _copy_from_user+0x2d/0xb0 [ 749.744259][T17340] do_ipv6_setsockopt+0x25c/0x3150 [ 749.744278][T17340] ? get_pid_task+0x20/0x1f0 [ 749.744306][T17340] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 749.744324][T17340] ? get_pid_task+0x20/0x1f0 [ 749.744343][T17340] ? get_pid_task+0x20/0x1f0 [ 749.744360][T17340] ? get_pid_task+0x20/0x1f0 [ 749.744388][T17340] ? __lock_acquire+0x6b5/0x2cf0 [ 749.744433][T17340] ? aa_sk_perm+0x6d5/0x900 [ 749.744460][T17340] ? __fget_files+0x2a/0x420 [ 749.744483][T17340] ? __pfx_aa_sk_perm+0x10/0x10 [ 749.744511][T17340] ? __fget_files+0x2a/0x420 [ 749.744528][T17340] ? aa_sock_opt_perm+0xff/0x1a0 [ 749.744549][T17340] ipv6_setsockopt+0x59/0x170 [ 749.744567][T17340] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 749.744595][T17340] do_sock_setsockopt+0x17c/0x1b0 [ 749.744618][T17340] __x64_sys_setsockopt+0x13d/0x1b0 [ 749.744639][T17340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.744660][T17340] do_syscall_64+0x15f/0xf80 [ 749.744684][T17340] ? clear_bhb_loop+0x40/0x90 [ 749.744706][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.744724][T17340] RIP: 0033:0x7f711d39cdd9 [ 749.744742][T17340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.744757][T17340] RSP: 002b:00007f711e19d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 749.744777][T17340] RAX: ffffffffffffffda RBX: 00007f711d615fa0 RCX: 00007f711d39cdd9 [ 749.744790][T17340] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 749.744802][T17340] RBP: 00007f711e19d090 R08: 0000000000000310 R09: 0000000000000000 [ 749.744814][T17340] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 749.744826][T17340] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 749.744855][T17340] [ 750.193341][T17350] tipc: Enabled bearer , priority 0 [ 750.211716][T17350] syzkaller0: entered promiscuous mode [ 750.218051][T17350] syzkaller0: entered allmulticast mode [ 750.241007][T17350] tipc: Resetting bearer [ 750.457174][ T807] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 750.498125][T17355] netlink: 'syz.4.3625': attribute type 11 has an invalid length. [ 750.694812][T17357] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.702006][T17357] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.787594][ T5922] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 750.801271][T17357] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 750.820087][T17357] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 751.091683][T14939] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.112252][T14939] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.164197][T14951] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.173122][ T807] usb 2-1: Using ep0 maxpacket: 16 [ 751.182738][T14951] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.210377][T17363] xt_CT: No such helper "pptp" [ 751.309291][T17366] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3628'. [ 751.347507][ T5932] tipc: Node number set to 50331648 [ 751.498878][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 751.502468][T17370] loop4: detected capacity change from 0 to 7 [ 751.511512][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 751.546713][ T5922] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 751.556592][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.574848][T17370] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 751.580154][T17370] loop4: partition table partially beyond EOD, truncated [ 751.619903][T17370] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 751.620470][ T5922] usb 4-1: config 0 descriptor?? [ 751.677569][ T5211] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 751.682891][ T5211] loop4: partition table partially beyond EOD, truncated [ 751.690013][ T5211] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 751.794556][ T5211] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 751.799911][ T5211] loop4: partition table partially beyond EOD, truncated [ 751.807073][ T5211] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 751.900348][ T5852] udevd[5852]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 752.141503][ T29] audit: type=1326 audit(1777004763.257:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.181247][ T29] audit: type=1326 audit(1777004763.257:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.203564][ T29] audit: type=1326 audit(1777004763.257:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.210074][ T807] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 752.225907][ T29] audit: type=1326 audit(1777004763.257:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.225949][ T29] audit: type=1326 audit(1777004763.257:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.225981][ T29] audit: type=1326 audit(1777004763.257:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.305042][ T807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=222 [ 752.389230][ T807] usb 2-1: SerialNumber: syz [ 752.396510][ T807] usb 2-1: config 0 descriptor?? [ 752.525228][ T5922] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0 [ 752.542940][T15099] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 752.555700][ T5922] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0 [ 752.560361][ T807] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 752.573544][ T807] usb 2-1: Detected FT232A [ 752.576254][ T5922] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0013/input/input48 [ 752.596696][ T807] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 752.633783][ T5922] cm6533_jd 0003:0D8C:0022.0013: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 752.777906][ T807] usb 4-1: USB disconnect, device number 106 [ 752.883672][ T5922] usb 2-1: USB disconnect, device number 84 [ 752.891396][ T29] audit: type=1326 audit(1777004763.977:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.913731][ T29] audit: type=1326 audit(1777004763.977:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.0.3637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 752.938561][ T5922] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 752.948123][T17346] tipc: Resetting bearer [ 752.949479][ T5922] ftdi_sio 2-1:0.0: device disconnected [ 753.003844][T17346] tipc: Disabling bearer [ 753.065292][T17395] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3640'. [ 753.207377][T15099] usb 5-1: Using ep0 maxpacket: 8 [ 753.798955][ T5854] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 753.809664][ T5854] Bluetooth: hci1: Injecting HCI hardware error event [ 753.903660][ T5932] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 753.907137][ T5854] Bluetooth: hci1: hardware error 0x00 [ 753.938080][T15099] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 753.946187][T15099] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 753.956226][T15099] usb 5-1: config 0 has no interface number 0 [ 753.962307][T15099] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 753.973826][T15099] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 753.984732][T15099] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 753.995902][T15099] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 754.008719][T15099] usb 5-1: config 0 interface 52 has no altsetting 0 [ 754.015395][T15099] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 754.024392][T15099] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.063200][T15099] usb 5-1: config 0 descriptor?? [ 754.237954][T17416] FAULT_INJECTION: forcing a failure. [ 754.237954][T17416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 754.256416][T17416] CPU: 1 UID: 0 PID: 17416 Comm: syz.3.3649 Not tainted syzkaller #0 PREEMPT(full) [ 754.256439][T17416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 754.256450][T17416] Call Trace: [ 754.256458][T17416] [ 754.256466][T17416] dump_stack_lvl+0xe8/0x150 [ 754.256497][T17416] should_fail_ex+0x412/0x560 [ 754.256529][T17416] _copy_from_user+0x2d/0xb0 [ 754.256550][T17416] ___sys_sendmsg+0x1c6/0x360 [ 754.256570][T17416] ? __lock_acquire+0x6b5/0x2cf0 [ 754.256599][T17416] ? __pfx____sys_sendmsg+0x10/0x10 [ 754.256626][T17416] ? __fget_files+0x2a/0x420 [ 754.256636][T17416] ? __fget_files+0x3a0/0x420 [ 754.256651][T17416] __x64_sys_sendmsg+0x1bd/0x2a0 [ 754.256663][T17416] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 754.256679][T17416] ? __pfx_ksys_write+0x10/0x10 [ 754.256695][T17416] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.256706][T17416] do_syscall_64+0x15f/0xf80 [ 754.256719][T17416] ? trace_irq_disable+0x3b/0x140 [ 754.256734][T17416] ? clear_bhb_loop+0x40/0x90 [ 754.256746][T17416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.256756][T17416] RIP: 0033:0x7f711d39cdd9 [ 754.256766][T17416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 754.256775][T17416] RSP: 002b:00007f711e19d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 754.256786][T17416] RAX: ffffffffffffffda RBX: 00007f711d615fa0 RCX: 00007f711d39cdd9 [ 754.256794][T17416] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 754.256800][T17416] RBP: 00007f711e19d090 R08: 0000000000000000 R09: 0000000000000000 [ 754.256806][T17416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.256812][T17416] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 754.256827][T17416] [ 754.695248][T17423] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3652'. [ 754.779771][T17425] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3653'. [ 754.789148][T17425] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 754.866106][ T807] usb 2-1: new full-speed USB device number 85 using dummy_hcd [ 755.331566][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 755.341227][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 755.350948][T15099] usb 5-1: Can not set alternate setting to 1, error: -71 [ 755.358064][T15099] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -71 [ 755.371652][T15099] usb 5-1: USB disconnect, device number 105 [ 755.835502][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 755.845202][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 756.133975][ T5854] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 756.304313][ T807] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 756.312347][ T807] usb 2-1: config 0 has no interface number 0 [ 756.616464][ T29] audit: type=1326 audit(1777004767.717:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17459 comm="syz.0.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 756.669097][ T29] audit: type=1326 audit(1777004767.717:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17459 comm="syz.0.3663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 756.669140][ T5932] usb 1-1: unable to read config index 2 descriptor/all [ 756.669180][ T5932] usb 1-1: can't read configurations, error -71 [ 756.956994][T17467] FAULT_INJECTION: forcing a failure. [ 756.956994][T17467] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 756.970035][T17467] CPU: 1 UID: 0 PID: 17467 Comm: syz.4.3665 Not tainted syzkaller #0 PREEMPT(full) [ 756.970048][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 756.970055][T17467] Call Trace: [ 756.970060][T17467] [ 756.970064][T17467] dump_stack_lvl+0xe8/0x150 [ 756.970084][T17467] should_fail_ex+0x412/0x560 [ 756.970103][T17467] _copy_from_user+0x2d/0xb0 [ 756.970116][T17467] ___sys_sendmsg+0x1c6/0x360 [ 756.970127][T17467] ? __lock_acquire+0x6b5/0x2cf0 [ 756.970145][T17467] ? __pfx____sys_sendmsg+0x10/0x10 [ 756.970172][T17467] ? __fget_files+0x2a/0x420 [ 756.970182][T17467] ? __fget_files+0x3a0/0x420 [ 756.970196][T17467] __x64_sys_sendmsg+0x1bd/0x2a0 [ 756.970209][T17467] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 756.970224][T17467] ? __pfx_ksys_write+0x10/0x10 [ 756.970246][T17467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.970257][T17467] do_syscall_64+0x15f/0xf80 [ 756.970270][T17467] ? trace_irq_disable+0x3b/0x140 [ 756.970283][T17467] ? clear_bhb_loop+0x40/0x90 [ 756.970295][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.970306][T17467] RIP: 0033:0x7f9169b9cdd9 [ 756.970316][T17467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.970325][T17467] RSP: 002b:00007f916a9af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 756.970336][T17467] RAX: ffffffffffffffda RBX: 00007f9169e15fa0 RCX: 00007f9169b9cdd9 [ 756.970343][T17467] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 756.970350][T17467] RBP: 00007f916a9af090 R08: 0000000000000000 R09: 0000000000000000 [ 756.970356][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.970362][T17467] R13: 00007f9169e16038 R14: 00007f9169e15fa0 R15: 00007f9169f3fa48 [ 756.970377][T17467] [ 757.146268][T17470] netlink: 43 bytes leftover after parsing attributes in process `syz.0.3666'. [ 757.263788][ T807] usb 2-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 757.272827][ T807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.280808][ T807] usb 2-1: Product: syz [ 757.284982][ T807] usb 2-1: Manufacturer: syz [ 757.289551][ T807] usb 2-1: SerialNumber: syz [ 757.304635][ T807] usb 2-1: config 0 descriptor?? [ 757.406470][T17472] FAULT_INJECTION: forcing a failure. [ 757.406470][T17472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 757.419545][T17472] CPU: 1 UID: 0 PID: 17472 Comm: syz.4.3667 Not tainted syzkaller #0 PREEMPT(full) [ 757.419568][T17472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 757.419578][T17472] Call Trace: [ 757.419586][T17472] [ 757.419593][T17472] dump_stack_lvl+0xe8/0x150 [ 757.419622][T17472] should_fail_ex+0x412/0x560 [ 757.419650][T17472] _copy_from_user+0x2d/0xb0 [ 757.419671][T17472] ucma_write+0x15d/0x2f0 [ 757.419698][T17472] ? __pfx_ucma_write+0x10/0x10 [ 757.419721][T17472] ? security_file_permission+0x75/0x260 [ 757.419746][T17472] ? rw_verify_area+0x255/0x4d0 [ 757.419772][T17472] vfs_writev+0x4bd/0x990 [ 757.419798][T17472] ? __pfx_ucma_write+0x10/0x10 [ 757.419828][T17472] ? __pfx_vfs_writev+0x10/0x10 [ 757.419866][T17472] ? __fget_files+0x2a/0x420 [ 757.419887][T17472] ? __fget_files+0x3a0/0x420 [ 757.419902][T17472] ? __fget_files+0x2a/0x420 [ 757.419999][T17472] do_writev+0x154/0x2e0 [ 757.420029][T17472] ? __pfx_do_writev+0x10/0x10 [ 757.420059][T17472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.420087][T17472] do_syscall_64+0x15f/0xf80 [ 757.420110][T17472] ? trace_irq_disable+0x3b/0x140 [ 757.420132][T17472] ? clear_bhb_loop+0x40/0x90 [ 757.420151][T17472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.420166][T17472] RIP: 0033:0x7f9169b9cdd9 [ 757.420183][T17472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 757.420197][T17472] RSP: 002b:00007f916a9af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 757.420217][T17472] RAX: ffffffffffffffda RBX: 00007f9169e15fa0 RCX: 00007f9169b9cdd9 [ 757.420231][T17472] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 000000000000000f [ 757.420241][T17472] RBP: 00007f916a9af090 R08: 0000000000000000 R09: 0000000000000000 [ 757.420252][T17472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 757.420262][T17472] R13: 00007f9169e16038 R14: 00007f9169e15fa0 R15: 00007f9169f3fa48 [ 757.420288][T17472] [ 757.508853][ T807] usb 2-1: selecting invalid altsetting 1 [ 757.509024][ T807] dvb_ttusb_budget: ttusb_init_controller: error [ 757.509040][ T807] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 757.572022][ T807] DVB: Unable to find symbol stv0299_attach() [ 757.919359][ T807] DVB: Unable to find symbol tda8083_attach() [ 757.925474][ T807] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 757.953572][ T807] usb 2-1: USB disconnect, device number 85 [ 758.024127][T17485] netlink: 'syz.0.3669': attribute type 11 has an invalid length. [ 759.522579][T17494] syzkaller0: entered promiscuous mode [ 759.535799][T17494] syzkaller0: entered allmulticast mode [ 759.836206][T17499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 759.877576][T17499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 760.078963][T17499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 760.087763][T17499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 760.112530][T17499] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3674'. [ 761.768684][ T807] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 761.910371][T17509] netlink: 'syz.4.3678': attribute type 9 has an invalid length. [ 761.918134][T17509] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3678'. [ 763.248311][ T807] usb 1-1: config 0 has no interfaces? [ 763.943797][T17511] bond1: (slave macvlan1): Releasing backup interface [ 764.134324][T17518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3681'. [ 764.200292][T17518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3681'. [ 764.240183][ T807] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 764.249323][ T807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 764.257404][ T807] usb 1-1: Product: syz [ 764.261573][ T807] usb 1-1: Manufacturer: syz [ 764.266186][ T807] usb 1-1: SerialNumber: syz [ 764.295315][ T807] usb 1-1: config 0 descriptor?? [ 764.569634][T17530] FAULT_INJECTION: forcing a failure. [ 764.569634][T17530] name failslab, interval 1, probability 0, space 0, times 0 [ 764.641793][ T807] usb 1-1: can't set config #0, error -71 [ 764.691069][T17530] CPU: 0 UID: 0 PID: 17530 Comm: syz.4.3686 Not tainted syzkaller #0 PREEMPT(full) [ 764.691094][T17530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 764.691106][T17530] Call Trace: [ 764.691114][T17530] [ 764.691123][T17530] dump_stack_lvl+0xe8/0x150 [ 764.691156][T17530] should_fail_ex+0x412/0x560 [ 764.691190][T17530] should_failslab+0xa8/0x100 [ 764.691223][T17530] __kmalloc_noprof+0xe8/0x760 [ 764.691247][T17530] ? tomoyo_encode+0x28b/0x550 [ 764.691272][T17530] tomoyo_encode+0x28b/0x550 [ 764.691297][T17530] tomoyo_realpath_from_path+0x58d/0x5d0 [ 764.691320][T17530] ? tomoyo_domain+0xd7/0x130 [ 764.691346][T17530] ? tomoyo_path_number_perm+0x219/0x630 [ 764.691373][T17530] tomoyo_path_number_perm+0x246/0x630 [ 764.691402][T17530] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 764.691428][T17530] ? __lock_acquire+0x6b5/0x2cf0 [ 764.691469][T17530] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 764.691514][T17530] ? __fget_files+0x2a/0x420 [ 764.691537][T17530] ? __fget_files+0x2a/0x420 [ 764.691554][T17530] ? __fget_files+0x3a0/0x420 [ 764.691572][T17530] ? __fget_files+0x2a/0x420 [ 764.691594][T17530] security_file_ioctl+0xc3/0x2a0 [ 764.691621][T17530] __se_sys_ioctl+0x47/0x170 [ 764.691645][T17530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.691666][T17530] do_syscall_64+0x15f/0xf80 [ 764.691688][T17530] ? trace_irq_disable+0x3b/0x140 [ 764.691712][T17530] ? clear_bhb_loop+0x40/0x90 [ 764.691735][T17530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.691753][T17530] RIP: 0033:0x7f9169b9cdd9 [ 764.691771][T17530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 764.691786][T17530] RSP: 002b:00007f916a9af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 764.691806][T17530] RAX: ffffffffffffffda RBX: 00007f9169e15fa0 RCX: 00007f9169b9cdd9 [ 764.691819][T17530] RDX: 0000200000000340 RSI: 00000000000089a3 RDI: 0000000000000003 [ 764.691831][T17530] RBP: 00007f916a9af090 R08: 0000000000000000 R09: 0000000000000000 [ 764.691843][T17530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 764.691854][T17530] R13: 00007f9169e16038 R14: 00007f9169e15fa0 R15: 00007f9169f3fa48 [ 764.691884][T17530] [ 764.691904][T17530] ERROR: Out of memory at tomoyo_realpath_from_path. [ 765.027957][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 765.060972][ T807] usb 1-1: USB disconnect, device number 11 [ 765.240874][ T5923] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 765.714137][T17546] netlink: 'syz.4.3689': attribute type 9 has an invalid length. [ 765.721908][T17546] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3689'. [ 765.922508][ T5923] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 39, changing to 4 [ 766.070957][ T5923] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 766.085217][ T5923] usb 4-1: config 0 interface 0 has no altsetting 0 [ 766.265502][ T5923] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 766.598029][ T807] IPVS: starting estimator thread 0... [ 766.699396][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 766.708657][ T5923] usb 4-1: Product: syz [ 766.713328][ T5923] usb 4-1: Manufacturer: syz [ 766.718600][ T5923] usb 4-1: SerialNumber: syz [ 766.934275][T17558] IPVS: using max 32 ests per chain, 76800 per kthread [ 767.350905][ T5923] usb 4-1: config 0 descriptor?? [ 767.378000][ T5923] usb 4-1: can't set config #0, error -71 [ 767.463654][ T5923] usb 4-1: USB disconnect, device number 107 [ 768.092112][T17575] loop9: detected capacity change from 0 to 7 [ 768.218116][T17575] buffer_io_error: 10 callbacks suppressed [ 768.218160][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.279384][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.296939][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.332723][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.359089][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.504370][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.512322][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.520192][T17575] ldm_validate_partition_table(): Disk read failed. [ 768.526820][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.534706][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.542596][T17575] Buffer I/O error on dev loop9, logical block 0, async page read [ 768.564722][T17586] netlink: 'syz.4.3700': attribute type 9 has an invalid length. [ 768.572489][T17586] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3700'. [ 768.676299][T17590] binder: 17573:17590 ioctl 4018620d 200000002540 returned -22 [ 768.685636][T17575] Dev loop9: unable to read RDB block 0 [ 768.691832][T17575] loop9: unable to read partition table [ 768.697656][T17575] loop9: partition table beyond EOD, truncated [ 768.703835][T17575] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 768.703835][T17575] ) failed (rc=-5) [ 769.038055][ T5922] usb 4-1: new full-speed USB device number 108 using dummy_hcd [ 769.271898][ T5922] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 769.356654][ T5922] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 769.401820][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.416569][ T5922] usb 4-1: Product: syz [ 769.441497][ T5922] usb 4-1: Manufacturer: syz [ 769.446135][ T5922] usb 4-1: SerialNumber: syz [ 769.453822][ T5922] usb 4-1: config 0 descriptor?? [ 769.538122][ T5922] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 769.584264][T17604] FAULT_INJECTION: forcing a failure. [ 769.584264][T17604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 769.598204][T17604] CPU: 1 UID: 0 PID: 17604 Comm: syz.1.3709 Not tainted syzkaller #0 PREEMPT(full) [ 769.598221][T17604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 769.598229][T17604] Call Trace: [ 769.598234][T17604] [ 769.598239][T17604] dump_stack_lvl+0xe8/0x150 [ 769.598260][T17604] should_fail_ex+0x412/0x560 [ 769.598279][T17604] _copy_to_user+0x31/0xb0 [ 769.598293][T17604] simple_read_from_buffer+0xe1/0x170 [ 769.598306][T17604] proc_fail_nth_read+0x1bb/0x230 [ 769.598319][T17604] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 769.598332][T17604] ? rw_verify_area+0x2a6/0x4d0 [ 769.598343][T17604] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 769.598355][T17604] vfs_read+0x20c/0xa70 [ 769.598370][T17604] ? __pfx___mutex_lock+0x10/0x10 [ 769.598384][T17604] ? __pfx_vfs_read+0x10/0x10 [ 769.598396][T17604] ? __fget_files+0x2a/0x420 [ 769.598409][T17604] ? __fget_files+0x3a0/0x420 [ 769.598418][T17604] ? __fget_files+0x2a/0x420 [ 769.598432][T17604] ksys_read+0x150/0x270 [ 769.598446][T17604] ? __pfx_ksys_read+0x10/0x10 [ 769.598462][T17604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.598472][T17604] do_syscall_64+0x15f/0xf80 [ 769.598485][T17604] ? trace_irq_disable+0x3b/0x140 [ 769.598499][T17604] ? clear_bhb_loop+0x40/0x90 [ 769.598512][T17604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.598522][T17604] RIP: 0033:0x7fbec6d5d60e [ 769.598532][T17604] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 769.598541][T17604] RSP: 002b:00007fbec7b83fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 769.598553][T17604] RAX: ffffffffffffffda RBX: 00007fbec7b846c0 RCX: 00007fbec6d5d60e [ 769.598560][T17604] RDX: 000000000000000f RSI: 00007fbec7b840a0 RDI: 0000000000000004 [ 769.598567][T17604] RBP: 00007fbec7b84090 R08: 0000000000000000 R09: 0000000000000000 [ 769.598573][T17604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 769.598579][T17604] R13: 00007fbec7016038 R14: 00007fbec7015fa0 R15: 00007fbec713fa48 [ 769.598595][T17604] [ 769.867356][ T5838] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 769.875097][ T5932] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 770.362540][ T5922] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 770.375541][ T5922] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 770.391894][ T5922] usb 4-1: USB disconnect, device number 108 [ 770.612522][ T5838] usb 5-1: Using ep0 maxpacket: 16 [ 770.652217][T17618] netlink: 'syz.1.3712': attribute type 11 has an invalid length. [ 771.342545][ T5838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 771.353479][ T5838] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 771.362514][ T5838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.370578][ T5932] usb 1-1: config 0 has no interfaces? [ 771.389236][ T5838] usb 5-1: config 0 descriptor?? [ 771.661339][T17626] syzkaller0: entered promiscuous mode [ 771.678718][T17626] syzkaller0: entered allmulticast mode [ 772.212047][ T5838] hid-multitouch 0003:1FD2:6007.0014: unknown main item tag 0x0 [ 772.219761][ T5838] hid-multitouch 0003:1FD2:6007.0014: unknown main item tag 0x0 [ 772.227420][ T5838] hid-multitouch 0003:1FD2:6007.0014: unknown main item tag 0x0 [ 772.235067][ T5838] hid-multitouch 0003:1FD2:6007.0014: unknown main item tag 0x0 [ 772.242711][ T5838] hid-multitouch 0003:1FD2:6007.0014: unknown main item tag 0x0 [ 772.254636][ T5838] hid-multitouch 0003:1FD2:6007.0014: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 772.323314][ T5932] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 772.332388][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 772.340457][ T5932] usb 1-1: Product: syz [ 772.344611][ T5932] usb 1-1: Manufacturer: syz [ 772.349198][ T5932] usb 1-1: SerialNumber: syz [ 772.361312][ T5932] usb 1-1: config 0 descriptor?? [ 772.618187][ T5932] usb 1-1: can't set config #0, error -71 [ 772.625739][ T5932] usb 1-1: USB disconnect, device number 12 [ 772.704600][ T807] usb 5-1: USB disconnect, device number 106 [ 773.367728][ T5923] usb 2-1: new low-speed USB device number 86 using dummy_hcd [ 773.590733][ T5932] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 773.614464][ T5923] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 773.670155][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 773.680893][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 773.692545][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 773.876970][ T5923] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 773.891877][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 773.915585][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 773.929041][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 774.050469][T17647] tipc: Enabled bearer , priority 0 [ 774.057656][T17647] syzkaller0: entered promiscuous mode [ 774.063107][T17647] syzkaller0: entered allmulticast mode [ 774.087044][T17647] tipc: Resetting bearer [ 774.094402][T17646] tipc: Resetting bearer [ 774.114498][T17646] tipc: Disabling bearer [ 774.156327][ T5923] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 774.164534][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 774.176365][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 774.189006][ T5923] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 774.207880][ T5923] usb 2-1: string descriptor 0 read error: -22 [ 774.215346][ T5923] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 774.225187][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.245060][ T5932] usb 1-1: Using ep0 maxpacket: 8 [ 774.335983][ T5923] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 774.616746][T17639] netlink: 'syz.1.3720': attribute type 64 has an invalid length. [ 774.624603][T17639] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3720'. [ 774.791038][T17654] syzkaller0: entered promiscuous mode [ 774.796644][T17654] syzkaller0: entered allmulticast mode [ 774.980239][ T5932] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 774.988492][ T5932] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 774.998241][ T5932] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 775.020156][ T5932] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 775.036200][ T5932] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 775.058601][ T5932] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 775.067675][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.229250][T17660] netlink: 'syz.2.3728': attribute type 11 has an invalid length. [ 775.498790][T17668] netlink: 'syz.3.3730': attribute type 11 has an invalid length. [ 775.589262][ T5932] usb 1-1: usb_control_msg returned -32 [ 775.594900][ T5932] usbtmc 1-1:16.0: can't read capabilities [ 775.762684][T17636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 775.779489][T17636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 775.951710][ T5922] usb 2-1: USB disconnect, device number 86 [ 776.010508][T17636] xt_CT: You must specify a L4 protocol and not use inversions on it [ 776.019652][ T5931] usb 1-1: USB disconnect, device number 13 [ 777.016977][ T5922] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 777.058095][T17682] tipc: Enabled bearer , priority 0 [ 777.098391][T17682] syzkaller0: entered promiscuous mode [ 777.109287][T17682] syzkaller0: entered allmulticast mode [ 777.300870][T17685] program syz.2.3736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 777.316914][ T5922] usb 2-1: Using ep0 maxpacket: 8 [ 777.346108][ T5922] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 777.406561][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239 [ 777.418096][T17682] tipc: Resetting bearer [ 777.427714][T17681] tipc: Resetting bearer [ 777.435563][ T5922] usb 2-1: Product: syz [ 777.474684][ T5922] usb 2-1: Manufacturer: syz [ 777.475249][T17681] tipc: Disabling bearer [ 777.480748][ T5922] usb 2-1: SerialNumber: syz [ 777.558713][ T5922] usb 2-1: config 0 descriptor?? [ 777.666324][T17690] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3737'. [ 777.712777][ T5922] gspca_main: sq905-2.14.0 probing 2770:9120 [ 777.830998][T17690] batman_adv: batadv0: Adding interface: macvtap1 [ 777.837455][T17690] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 777.863134][T17690] batman_adv: batadv0: Not using interface macvtap1 (retrying later): interface not active [ 777.883173][T17690] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3737'. [ 777.895834][T17693] syzkaller0: entered promiscuous mode [ 777.901291][T17693] syzkaller0: entered allmulticast mode [ 777.907880][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 777.907894][ T29] audit: type=1326 audit(1777004788.967:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 777.945762][ T29] audit: type=1326 audit(1777004788.967:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 777.947370][ T5931] IPVS: starting estimator thread 0... [ 778.041749][ T29] audit: type=1326 audit(1777004788.967:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 778.066225][ T29] audit: type=1326 audit(1777004788.967:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 778.166478][ T29] audit: type=1326 audit(1777004788.967:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 778.233551][ T29] audit: type=1326 audit(1777004788.967:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 778.256805][ T29] audit: type=1326 audit(1777004788.967:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.4.3737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9169b9cdd9 code=0x7ffc0000 [ 778.371974][T17697] syzkaller0: entered promiscuous mode [ 778.377596][T17697] syzkaller0: entered allmulticast mode [ 778.474791][T17695] IPVS: using max 38 ests per chain, 91200 per kthread [ 779.008317][ T5922] gspca_sq905: bulk read fail (-22) len 0/4 [ 779.015225][ T5922] sq905 2-1:0.0: probe with driver sq905 failed with error -5 [ 779.246649][T17680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 779.256157][T17680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 779.266197][ T807] usb 2-1: USB disconnect, device number 87 [ 779.619026][T17714] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 779.626290][T17714] IPv6: NLM_F_CREATE should be set when creating new route [ 779.633631][T17714] IPv6: NLM_F_CREATE should be set when creating new route [ 779.997585][T17718] syzkaller0: entered promiscuous mode [ 780.003113][T17718] syzkaller0: entered allmulticast mode [ 780.309109][ T5854] Bluetooth: hci4: command 0x0406 tx timeout [ 780.330388][T17725] tipc: Enabled bearer , priority 0 [ 780.337515][T17725] syzkaller0: entered promiscuous mode [ 780.342973][T17725] syzkaller0: entered allmulticast mode [ 780.362567][T17724] tipc: Resetting bearer [ 780.378248][T17724] tipc: Disabling bearer [ 780.558482][ T5932] usb 5-1: new low-speed USB device number 107 using dummy_hcd [ 780.939379][T17729] syzkaller0: entered promiscuous mode [ 780.944901][T17729] syzkaller0: entered allmulticast mode [ 781.325976][T17742] FAULT_INJECTION: forcing a failure. [ 781.325976][T17742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 781.390384][T17742] CPU: 0 UID: 0 PID: 17742 Comm: syz.2.3757 Not tainted syzkaller #0 PREEMPT(full) [ 781.390410][T17742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 781.390422][T17742] Call Trace: [ 781.390430][T17742] [ 781.390438][T17742] dump_stack_lvl+0xe8/0x150 [ 781.390471][T17742] should_fail_ex+0x412/0x560 [ 781.390503][T17742] _copy_from_iter+0x1d3/0x1670 [ 781.390529][T17742] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 781.390558][T17742] ? __pfx_policy_nodemask+0x10/0x10 [ 781.390586][T17742] ? __pfx__copy_from_iter+0x10/0x10 [ 781.390607][T17742] ? alloc_pages_mpol+0x3c0/0x490 [ 781.390638][T17742] copy_page_from_iter+0x220/0x2d0 [ 781.390662][T17742] tun_get_user+0x1bf7/0x43e0 [ 781.390690][T17742] ? tun_get_user+0x8aa/0x43e0 [ 781.390731][T17742] ? aa_file_perm+0x50e/0x15e0 [ 781.390751][T17742] ? __pfx_tun_get_user+0x10/0x10 [ 781.390780][T17742] ? __lock_acquire+0x6b5/0x2cf0 [ 781.390819][T17742] ? ref_tracker_alloc+0x35c/0x4c0 [ 781.390841][T17742] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 781.390862][T17742] ? tun_get+0x1c/0x2f0 [ 781.390888][T17742] ? tun_get+0x1c/0x2f0 [ 781.390918][T17742] ? tun_get+0x1c/0x2f0 [ 781.390943][T17742] ? tun_get+0x1c/0x2f0 [ 781.390972][T17742] tun_chr_write_iter+0x113/0x200 [ 781.391001][T17742] vfs_write+0x61d/0xb90 [ 781.391030][T17742] ? __pfx_vfs_write+0x10/0x10 [ 781.391061][T17742] ? __fget_files+0x2a/0x420 [ 781.391088][T17742] ksys_write+0x150/0x270 [ 781.391112][T17742] ? __pfx_ksys_write+0x10/0x10 [ 781.391140][T17742] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.391159][T17742] do_syscall_64+0x15f/0xf80 [ 781.391181][T17742] ? trace_irq_disable+0x3b/0x140 [ 781.391205][T17742] ? clear_bhb_loop+0x40/0x90 [ 781.391228][T17742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.391245][T17742] RIP: 0033:0x7f9e54b5d60e [ 781.391264][T17742] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 781.391279][T17742] RSP: 002b:00007f9e559defb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 781.391299][T17742] RAX: ffffffffffffffda RBX: 00007f9e559df6c0 RCX: 00007f9e54b5d60e [ 781.391313][T17742] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 00000000000000c8 [ 781.391325][T17742] RBP: 00007f9e559df090 R08: 0000000000000000 R09: 0000000000000000 [ 781.391336][T17742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 781.391347][T17742] R13: 00007f9e54e16128 R14: 00007f9e54e16090 R15: 00007f9e54f3fa48 [ 781.391376][T17742] [ 782.225545][T17751] xt_hashlimit: size too large, truncated to 1048576 [ 782.349630][ T5932] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 782.357669][ T5932] usb 5-1: config 0 has no interface number 0 [ 782.363770][ T5932] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 782.374717][ T5932] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 782.385416][ T5932] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 782.394717][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.470107][ T5932] usb 5-1: config 0 descriptor?? [ 782.600128][T17723] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 782.727556][ T5932] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 783.033381][T17723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3748'. [ 783.102346][ T5932] usb 5-1: USB disconnect, device number 107 [ 783.237529][ T29] audit: type=1326 audit(1777004794.317:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.325210][ T29] audit: type=1326 audit(1777004794.317:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.417000][ T29] audit: type=1326 audit(1777004794.317:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.439376][ T29] audit: type=1326 audit(1777004794.317:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.473987][ T807] IPVS: starting estimator thread 0... [ 783.495653][T17767] IPVS: sh: FWM 3 0x00000003 - no destination available [ 783.569776][ T29] audit: type=1326 audit(1777004794.317:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.660971][T17778] tipc: Started in network mode [ 783.667494][T17778] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 783.676747][T17774] IPVS: using max 54 ests per chain, 129600 per kthread [ 783.678949][ T29] audit: type=1326 audit(1777004794.317:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 783.749120][T17778] tipc: Enabled bearer , priority 10 [ 783.879855][T17781] dummy0: entered promiscuous mode [ 783.886967][T17781] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 783.899168][T17781] hsr1: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network [ 783.909364][T17781] hsr1: entered allmulticast mode [ 783.959299][T17781] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 784.223718][T17785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3771'. [ 784.245143][T17785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3771'. [ 784.286190][T17787] FAULT_INJECTION: forcing a failure. [ 784.286190][T17787] name failslab, interval 1, probability 0, space 0, times 0 [ 784.359581][T17787] CPU: 0 UID: 0 PID: 17787 Comm: syz.2.3772 Not tainted syzkaller #0 PREEMPT(full) [ 784.359608][T17787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 784.359620][T17787] Call Trace: [ 784.359629][T17787] [ 784.359638][T17787] dump_stack_lvl+0xe8/0x150 [ 784.359671][T17787] should_fail_ex+0x412/0x560 [ 784.359701][T17787] should_failslab+0xa8/0x100 [ 784.359728][T17787] __kvmalloc_node_noprof+0x178/0x8a0 [ 784.359753][T17787] ? xt_alloc_table_info+0x40/0xb0 [ 784.359783][T17787] xt_alloc_table_info+0x40/0xb0 [ 784.359805][T17787] do_ipt_set_ctl+0x903/0xe00 [ 784.359831][T17787] ? rcu_is_watching+0x15/0xb0 [ 784.359852][T17787] ? trace_contention_end+0x3d/0x140 [ 784.359875][T17787] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 784.359913][T17787] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 784.359936][T17787] ? __pfx___mutex_lock+0x10/0x10 [ 784.359961][T17787] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 784.359993][T17787] ? __pfx_aa_sk_perm+0x10/0x10 [ 784.360027][T17787] nf_setsockopt+0x26f/0x290 [ 784.360052][T17787] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 784.360081][T17787] do_sock_setsockopt+0x17c/0x1b0 [ 784.360104][T17787] __x64_sys_setsockopt+0x13d/0x1b0 [ 784.360125][T17787] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.360145][T17787] do_syscall_64+0x15f/0xf80 [ 784.360168][T17787] ? trace_irq_disable+0x3b/0x140 [ 784.360192][T17787] ? clear_bhb_loop+0x40/0x90 [ 784.360214][T17787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.360233][T17787] RIP: 0033:0x7f9e54b9cdd9 [ 784.360257][T17787] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 784.360273][T17787] RSP: 002b:00007f9e55a00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 784.360293][T17787] RAX: ffffffffffffffda RBX: 00007f9e54e15fa0 RCX: 00007f9e54b9cdd9 [ 784.360307][T17787] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 784.360318][T17787] RBP: 00007f9e55a00090 R08: 0000000000000378 R09: 0000000000000000 [ 784.360330][T17787] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 784.360342][T17787] R13: 00007f9e54e16038 R14: 00007f9e54e15fa0 R15: 00007f9e54f3fa48 [ 784.360371][T17787] [ 785.148566][ T29] audit: type=1326 audit(1777004796.187:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 785.306718][ T5838] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 785.316165][ T29] audit: type=1326 audit(1777004796.187:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 785.463499][ T5932] tipc: Node number set to 4269801488 [ 786.046973][T17807] FAULT_INJECTION: forcing a failure. [ 786.046973][T17807] name failslab, interval 1, probability 0, space 0, times 0 [ 786.059623][T17807] CPU: 0 UID: 0 PID: 17807 Comm: syz.3.3780 Not tainted syzkaller #0 PREEMPT(full) [ 786.059645][T17807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 786.059657][T17807] Call Trace: [ 786.059664][T17807] [ 786.059671][T17807] dump_stack_lvl+0xe8/0x150 [ 786.059703][T17807] should_fail_ex+0x412/0x560 [ 786.059737][T17807] should_failslab+0xa8/0x100 [ 786.059763][T17807] __kmalloc_noprof+0xe8/0x760 [ 786.059787][T17807] ? tomoyo_encode+0x28b/0x550 [ 786.059813][T17807] tomoyo_encode+0x28b/0x550 [ 786.059838][T17807] tomoyo_realpath_from_path+0x58d/0x5d0 [ 786.059860][T17807] ? tomoyo_domain+0xd7/0x130 [ 786.059887][T17807] ? tomoyo_path_number_perm+0x219/0x630 [ 786.059913][T17807] tomoyo_path_number_perm+0x246/0x630 [ 786.059942][T17807] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 786.059967][T17807] ? __lock_acquire+0x6b5/0x2cf0 [ 786.060009][T17807] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 786.060054][T17807] ? __fget_files+0x2a/0x420 [ 786.060082][T17807] ? __fget_files+0x2a/0x420 [ 786.060100][T17807] ? __fget_files+0x3a0/0x420 [ 786.060118][T17807] ? __fget_files+0x2a/0x420 [ 786.060140][T17807] security_file_ioctl+0xc3/0x2a0 [ 786.060167][T17807] __se_sys_ioctl+0x47/0x170 [ 786.060190][T17807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.060211][T17807] do_syscall_64+0x15f/0xf80 [ 786.060233][T17807] ? trace_irq_disable+0x3b/0x140 [ 786.060258][T17807] ? clear_bhb_loop+0x40/0x90 [ 786.060281][T17807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.060300][T17807] RIP: 0033:0x7f711d39cdd9 [ 786.060316][T17807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 786.060332][T17807] RSP: 002b:00007f711e19d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 786.060352][T17807] RAX: ffffffffffffffda RBX: 00007f711d615fa0 RCX: 00007f711d39cdd9 [ 786.060365][T17807] RDX: 0000200000000000 RSI: 00000000c048aec8 RDI: 0000000000000004 [ 786.060378][T17807] RBP: 00007f711e19d090 R08: 0000000000000000 R09: 0000000000000000 [ 786.060390][T17807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 786.060402][T17807] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 786.060432][T17807] [ 786.060453][T17807] ERROR: Out of memory at tomoyo_realpath_from_path. [ 786.388968][T17811] tipc: Enabled bearer , priority 0 [ 786.444133][T17805] syzkaller0: entered promiscuous mode [ 786.449702][T17805] syzkaller0: entered allmulticast mode [ 786.521106][T17811] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 786.808069][T17804] tipc: Resetting bearer [ 786.851678][T17804] tipc: Disabling bearer [ 786.873637][T14931] IPVS: stop unused estimator thread 0... [ 786.905598][ T5838] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 786.915715][ T5838] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 786.930483][T17817] tap0: tun_chr_ioctl cmd 1074025692 [ 786.938174][T17817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3779'. [ 788.009860][ T5838] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 788.018963][ T5838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 788.135725][ T5838] usb 5-1: can't set config #1, error -71 [ 788.144847][ T5838] usb 5-1: USB disconnect, device number 108 [ 789.843632][T17858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 789.856770][T17858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 789.865321][T17848] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3791'. [ 790.057072][T17861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.065930][T17861] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.529234][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 790.602457][T17867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.629572][T17866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.696076][T17867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.732008][T17866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 792.394807][T17878] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3801'. [ 792.968118][ T807] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 793.853584][ T5922] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 793.996641][T17902] binder: 17899:17902 ioctl 4018620d 0 returned -22 [ 794.187796][T17904] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3808'. [ 794.230726][T17905] binder: 17899:17905 ioctl 80106f05 200000007980 returned -22 [ 794.438639][ T807] usb 1-1: config 8 has an invalid interface number: 223 but max is 0 [ 794.446850][ T807] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 794.456920][ T807] usb 1-1: config 8 has no interface number 0 [ 794.463243][ T807] usb 1-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 794.583513][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 794.600363][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 794.614376][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 794.615912][T17907] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3809'. [ 794.635649][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 794.650343][ T5922] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 794.716603][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.717486][T17907] netlink: 'syz.3.3809': attribute type 23 has an invalid length. [ 794.732435][T17907] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3809'. [ 794.744803][ T5922] usb 5-1: config 0 descriptor?? [ 794.747547][T17907] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3809'. [ 794.866346][T17907] netlink: 'syz.3.3809': attribute type 23 has an invalid length. [ 794.874205][T17907] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3809'. [ 795.332478][ T5922] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 795.416880][ T807] usb 1-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 795.425965][ T807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.434028][ T807] usb 1-1: Product: syz [ 795.440672][ T807] usb 1-1: Manufacturer: syz [ 795.445290][ T807] usb 1-1: SerialNumber: syz [ 795.907563][ T807] usb 1-1: USB disconnect, device number 14 [ 796.115511][T17926] FAULT_INJECTION: forcing a failure. [ 796.115511][T17926] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.123986][T17902] syz.1.3807 (17902): drop_caches: 2 [ 796.201680][T17929] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3806'. [ 796.246098][T17926] CPU: 0 UID: 0 PID: 17926 Comm: syz.2.3817 Not tainted syzkaller #0 PREEMPT(full) [ 796.246125][T17926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 796.246136][T17926] Call Trace: [ 796.246144][T17926] [ 796.246152][T17926] dump_stack_lvl+0xe8/0x150 [ 796.246185][T17926] should_fail_ex+0x412/0x560 [ 796.246217][T17926] _copy_to_user+0x31/0xb0 [ 796.246241][T17926] simple_read_from_buffer+0xe1/0x170 [ 796.246266][T17926] proc_fail_nth_read+0x1bb/0x230 [ 796.246290][T17926] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 796.246313][T17926] ? rw_verify_area+0x2a6/0x4d0 [ 796.246335][T17926] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 796.246357][T17926] vfs_read+0x20c/0xa70 [ 796.246384][T17926] ? __pfx___mutex_lock+0x10/0x10 [ 796.246410][T17926] ? __pfx_vfs_read+0x10/0x10 [ 796.246433][T17926] ? __fget_files+0x2a/0x420 [ 796.246457][T17926] ? __fget_files+0x3a0/0x420 [ 796.246475][T17926] ? __fget_files+0x2a/0x420 [ 796.246501][T17926] ksys_read+0x150/0x270 [ 796.246523][T17926] ? __pfx_ksys_read+0x10/0x10 [ 796.246553][T17926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.246573][T17926] do_syscall_64+0x15f/0xf80 [ 796.246595][T17926] ? trace_irq_disable+0x3b/0x140 [ 796.246619][T17926] ? clear_bhb_loop+0x40/0x90 [ 796.246641][T17926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.246659][T17926] RIP: 0033:0x7f9e54b5d60e [ 796.246678][T17926] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 796.246693][T17926] RSP: 002b:00007f9e559fffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 796.246714][T17926] RAX: ffffffffffffffda RBX: 00007f9e55a006c0 RCX: 00007f9e54b5d60e [ 796.246727][T17926] RDX: 000000000000000f RSI: 00007f9e55a000a0 RDI: 0000000000000004 [ 796.246739][T17926] RBP: 00007f9e55a00090 R08: 0000000000000000 R09: 0000000000000000 [ 796.246750][T17926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 796.246761][T17926] R13: 00007f9e54e16038 R14: 00007f9e54e15fa0 R15: 00007f9e54f3fa48 [ 796.246791][T17926] [ 796.539495][ T29] audit: type=1326 audit(1777004807.637:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 796.906304][ T5838] usb 5-1: USB disconnect, device number 109 [ 796.966305][ T29] audit: type=1326 audit(1777004807.637:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.001412][ T29] audit: type=1326 audit(1777004807.637:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.028012][ T29] audit: type=1326 audit(1777004807.637:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.052813][ T29] audit: type=1326 audit(1777004807.637:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.109487][ T29] audit: type=1326 audit(1777004807.637:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.146636][ T29] audit: type=1326 audit(1777004807.637:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.168998][ T29] audit: type=1326 audit(1777004807.637:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.265103][ T807] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 797.268801][ T29] audit: type=1326 audit(1777004807.637:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.3.3818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f711d39cdd9 code=0x7ffc0000 [ 797.669677][T17943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3821'. [ 797.678592][T17943] netlink: 'syz.4.3821': attribute type 23 has an invalid length. [ 797.686399][T17943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3821'. [ 797.703587][T17943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3821'. [ 797.712461][T17943] netlink: 'syz.4.3821': attribute type 23 has an invalid length. [ 797.755277][T17938] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3820'. [ 797.838013][T17943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3821'. [ 798.357564][T17951] FAULT_INJECTION: forcing a failure. [ 798.357564][T17951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 798.371232][T17951] CPU: 0 UID: 0 PID: 17951 Comm: syz.3.3825 Not tainted syzkaller #0 PREEMPT(full) [ 798.371257][T17951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 798.371269][T17951] Call Trace: [ 798.371277][T17951] [ 798.371284][T17951] dump_stack_lvl+0xe8/0x150 [ 798.371318][T17951] should_fail_ex+0x412/0x560 [ 798.371351][T17951] _copy_from_iter+0x1d3/0x1670 [ 798.371370][T17951] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 798.371400][T17951] ? __pfx_policy_nodemask+0x10/0x10 [ 798.371428][T17951] ? __pfx__copy_from_iter+0x10/0x10 [ 798.371451][T17951] ? alloc_pages_mpol+0x3c0/0x490 [ 798.371483][T17951] copy_page_from_iter+0x220/0x2d0 [ 798.371507][T17951] tun_get_user+0x1bf7/0x43e0 [ 798.371537][T17951] ? tun_get_user+0x8aa/0x43e0 [ 798.371579][T17951] ? aa_file_perm+0x50e/0x15e0 [ 798.371599][T17951] ? __pfx_tun_get_user+0x10/0x10 [ 798.371627][T17951] ? __lock_acquire+0x6b5/0x2cf0 [ 798.371667][T17951] ? ref_tracker_alloc+0x35c/0x4c0 [ 798.371689][T17951] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 798.371710][T17951] ? tun_get+0x1c/0x2f0 [ 798.371737][T17951] ? tun_get+0x1c/0x2f0 [ 798.371767][T17951] ? tun_get+0x1c/0x2f0 [ 798.371792][T17951] ? tun_get+0x1c/0x2f0 [ 798.371837][T17951] tun_chr_write_iter+0x113/0x200 [ 798.371867][T17951] vfs_write+0x61d/0xb90 [ 798.371896][T17951] ? __pfx_vfs_write+0x10/0x10 [ 798.371928][T17951] ? __fget_files+0x2a/0x420 [ 798.371955][T17951] ksys_write+0x150/0x270 [ 798.371980][T17951] ? __pfx_ksys_write+0x10/0x10 [ 798.372009][T17951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.372030][T17951] do_syscall_64+0x15f/0xf80 [ 798.372053][T17951] ? trace_irq_disable+0x3b/0x140 [ 798.372078][T17951] ? clear_bhb_loop+0x40/0x90 [ 798.372100][T17951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.372119][T17951] RIP: 0033:0x7f711d35d60e [ 798.372137][T17951] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 798.372153][T17951] RSP: 002b:00007f711e19cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 798.372173][T17951] RAX: ffffffffffffffda RBX: 00007f711e19d6c0 RCX: 00007f711d35d60e [ 798.372186][T17951] RDX: 000000000000002a RSI: 0000200000000680 RDI: 00000000000000c8 [ 798.372199][T17951] RBP: 00007f711e19d090 R08: 0000000000000000 R09: 0000000000000000 [ 798.372211][T17951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 798.372222][T17951] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 798.372251][T17951] [ 799.481418][ T807] usb 1-1: unable to read config index 0 descriptor/all [ 799.488440][ T807] usb 1-1: can't read configurations, error -71 [ 799.938204][T17977] FAULT_INJECTION: forcing a failure. [ 799.938204][T17977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 799.951250][T17977] CPU: 1 UID: 0 PID: 17977 Comm: syz.3.3831 Not tainted syzkaller #0 PREEMPT(full) [ 799.951274][T17977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 799.951286][T17977] Call Trace: [ 799.951294][T17977] [ 799.951302][T17977] dump_stack_lvl+0xe8/0x150 [ 799.951335][T17977] should_fail_ex+0x412/0x560 [ 799.951369][T17977] _copy_to_user+0x31/0xb0 [ 799.951393][T17977] simple_read_from_buffer+0xe1/0x170 [ 799.951418][T17977] proc_fail_nth_read+0x1bb/0x230 [ 799.951442][T17977] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 799.951466][T17977] ? rw_verify_area+0x2a6/0x4d0 [ 799.951488][T17977] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 799.951509][T17977] vfs_read+0x20c/0xa70 [ 799.951537][T17977] ? __pfx___mutex_lock+0x10/0x10 [ 799.951562][T17977] ? __pfx_vfs_read+0x10/0x10 [ 799.951586][T17977] ? __fget_files+0x2a/0x420 [ 799.951609][T17977] ? __fget_files+0x3a0/0x420 [ 799.951627][T17977] ? __fget_files+0x2a/0x420 [ 799.951654][T17977] ksys_read+0x150/0x270 [ 799.951691][T17977] ? __pfx_ksys_read+0x10/0x10 [ 799.951710][T17977] ? __se_sys_kcmp+0x80e/0x950 [ 799.951741][T17977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.951762][T17977] do_syscall_64+0x15f/0xf80 [ 799.951785][T17977] ? trace_irq_disable+0x3b/0x140 [ 799.951810][T17977] ? clear_bhb_loop+0x40/0x90 [ 799.951834][T17977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.951852][T17977] RIP: 0033:0x7f711d35d60e [ 799.951871][T17977] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 799.951887][T17977] RSP: 002b:00007f711e17bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 799.951906][T17977] RAX: ffffffffffffffda RBX: 00007f711e17c6c0 RCX: 00007f711d35d60e [ 799.951925][T17977] RDX: 000000000000000f RSI: 00007f711e17c0a0 RDI: 0000000000000005 [ 799.951937][T17977] RBP: 00007f711e17c090 R08: 0000000000000000 R09: 0000000000000000 [ 799.951949][T17977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 799.951961][T17977] R13: 00007f711d616128 R14: 00007f711d616090 R15: 00007f711d73fa48 [ 799.951991][T17977] [ 800.338268][T17973] syzkaller0: entered promiscuous mode [ 800.343779][T17973] syzkaller0: entered allmulticast mode [ 800.524338][ T29] audit: type=1326 audit(1777004811.617:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17971 comm="syz.2.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e54b9cdd9 code=0x7ffc0000 [ 800.819659][T17988] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3837'. [ 800.917212][T17985] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 800.970808][T17985] bond0: (slave lo): Error: Device can not be enslaved while up [ 801.406658][T17992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 801.603917][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 801.603949][ T29] audit: type=1326 audit(1777004812.677:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17997 comm="syz.1.3841" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x0 [ 801.692687][T17992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 801.701023][T17992] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3839'. [ 802.067468][ T5923] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 802.433781][T18010] FAULT_INJECTION: forcing a failure. [ 802.433781][T18010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 802.454505][T18010] CPU: 0 UID: 0 PID: 18010 Comm: syz.2.3844 Not tainted syzkaller #0 PREEMPT(full) [ 802.454531][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 802.454543][T18010] Call Trace: [ 802.454551][T18010] [ 802.454560][T18010] dump_stack_lvl+0xe8/0x150 [ 802.454592][T18010] should_fail_ex+0x412/0x560 [ 802.454625][T18010] _copy_from_user+0x2d/0xb0 [ 802.454648][T18010] __copy_msghdr+0x3c5/0x5b0 [ 802.454673][T18010] ___sys_sendmsg+0x213/0x360 [ 802.454699][T18010] ? __lock_acquire+0x6b5/0x2cf0 [ 802.454731][T18010] ? __pfx____sys_sendmsg+0x10/0x10 [ 802.454783][T18010] ? __fget_files+0x2a/0x420 [ 802.454803][T18010] ? __fget_files+0x3a0/0x420 [ 802.454831][T18010] __x64_sys_sendmsg+0x1bd/0x2a0 [ 802.454854][T18010] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 802.454883][T18010] ? __pfx_ksys_write+0x10/0x10 [ 802.454914][T18010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.454935][T18010] do_syscall_64+0x15f/0xf80 [ 802.454958][T18010] ? trace_irq_disable+0x3b/0x140 [ 802.454983][T18010] ? clear_bhb_loop+0x40/0x90 [ 802.455005][T18010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.455024][T18010] RIP: 0033:0x7f9e54b9cdd9 [ 802.455041][T18010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.455058][T18010] RSP: 002b:00007f9e55a00028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 802.455078][T18010] RAX: ffffffffffffffda RBX: 00007f9e54e15fa0 RCX: 00007f9e54b9cdd9 [ 802.455092][T18010] RDX: 0000000004000891 RSI: 0000200000000140 RDI: 0000000000000003 [ 802.455105][T18010] RBP: 00007f9e55a00090 R08: 0000000000000000 R09: 0000000000000000 [ 802.455117][T18010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 802.455129][T18010] R13: 00007f9e54e16038 R14: 00007f9e54e15fa0 R15: 00007f9e54f3fa48 [ 802.455158][T18010] [ 802.712154][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 802.772204][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 802.781964][ T5923] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 802.790967][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.806172][ T5923] usb 5-1: config 0 descriptor?? [ 803.581547][ T5923] cm6533_jd 0003:0D8C:0022.0016: unknown main item tag 0x0 [ 803.615326][ T29] audit: type=1326 audit(1777004814.707:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 803.693356][ T5923] cm6533_jd 0003:0D8C:0022.0016: unknown main item tag 0x0 [ 803.753450][ T5923] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0016/input/input52 [ 803.926421][ T29] audit: type=1326 audit(1777004814.707:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 803.992980][ T29] audit: type=1326 audit(1777004814.707:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 804.217082][ T29] audit: type=1326 audit(1777004814.777:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 804.324624][ T29] audit: type=1326 audit(1777004814.777:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 804.388199][ T5923] cm6533_jd 0003:0D8C:0022.0016: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 804.430796][ T5923] usb 5-1: USB disconnect, device number 110 [ 804.519724][ T29] audit: type=1326 audit(1777004814.777:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18021 comm="syz.0.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb3e499cdd9 code=0x7ffc0000 [ 805.300933][T18044] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 806.010081][ T807] usb 5-1: new low-speed USB device number 111 using dummy_hcd [ 806.676776][T15859] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 806.886964][T15859] usb 4-1: Using ep0 maxpacket: 8 [ 806.911962][T15859] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 806.922577][T15859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.931693][T15859] usb 4-1: Product: syz [ 806.935871][T15859] usb 4-1: Manufacturer: syz [ 806.940465][T15859] usb 4-1: SerialNumber: syz [ 806.949183][T15859] usb 4-1: config 0 descriptor?? [ 807.154621][T15859] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 807.399367][ T807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 807.409486][ T807] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 807.418514][ T807] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 807.482275][ T807] usb 5-1: config 1 interface 0 has no altsetting 0 [ 808.742523][ T807] usb 5-1: string descriptor 0 read error: -71 [ 808.749335][ T807] usb 5-1: New USB device found, idVendor=0644, idProduct=800e, bcdDevice= 0.40 [ 808.760647][ T807] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3 [ 808.854246][ T807] usb 5-1: can't set config #1, error -71 [ 808.861038][ T807] usb 5-1: USB disconnect, device number 111 [ 808.889274][T18095] syzkaller0: entered promiscuous mode [ 808.894778][T18095] syzkaller0: entered allmulticast mode [ 808.914880][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.921140][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.107919][ T5923] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 810.507448][ T5923] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 810.525725][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 810.562191][ T5923] usb 5-1: Product: syz [ 810.566402][ T5923] usb 5-1: Manufacturer: syz [ 810.571450][ T5923] usb 5-1: SerialNumber: syz [ 810.758136][T18132] fuse: Unknown parameter 'smackfshat' [ 811.005176][T18109] netlink: 'syz.4.3874': attribute type 1 has an invalid length. [ 811.199259][T18142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3874'. [ 811.220493][T18109] bond3: entered promiscuous mode [ 811.225581][T18109] bond3: entered allmulticast mode [ 811.231238][T18109] 8021q: adding VLAN 0 to HW filter on device bond3 [ 811.246851][T18140] erspan1: entered allmulticast mode [ 811.258677][T18140] bond3: (slave erspan1): making interface the new active one [ 811.266169][T18140] erspan1: entered promiscuous mode [ 811.273236][T18140] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 811.320274][T18142] bond3 (unregistering): (slave erspan1): Releasing active interface [ 811.328483][T18142] erspan1: left promiscuous mode [ 811.347758][T18142] bond3 (unregistering): Released all slaves [ 811.430711][T15859] gspca_sonixj: reg_w1 err -71 [ 811.517551][T18146] syzkaller0: entered promiscuous mode [ 811.523083][T18146] syzkaller0: entered allmulticast mode [ 811.653137][T15859] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 811.664951][T15859] usb 4-1: USB disconnect, device number 109 [ 811.851284][T18148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 811.859938][T18148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 812.009940][ C1] raw-gadget.1 gadget.4: ignoring, device is not running [ 812.019104][ C1] raw-gadget.1 gadget.4: ignoring, device is not running [ 812.031743][ C1] raw-gadget.1 gadget.4: ignoring, device is not running [ 812.224118][T18155] FAULT_INJECTION: forcing a failure. [ 812.224118][T18155] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 812.237178][T18155] CPU: 1 UID: 0 PID: 18155 Comm: syz.0.3890 Not tainted syzkaller #0 PREEMPT(full) [ 812.237193][T18155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 812.237200][T18155] Call Trace: [ 812.237205][T18155] [ 812.237209][T18155] dump_stack_lvl+0xe8/0x150 [ 812.237230][T18155] should_fail_ex+0x412/0x560 [ 812.237249][T18155] _copy_to_user+0x31/0xb0 [ 812.237263][T18155] simple_read_from_buffer+0xe1/0x170 [ 812.237276][T18155] proc_fail_nth_read+0x1bb/0x230 [ 812.237289][T18155] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 812.237302][T18155] ? rw_verify_area+0x2a6/0x4d0 [ 812.237314][T18155] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 812.237325][T18155] vfs_read+0x20c/0xa70 [ 812.237340][T18155] ? __pfx___mutex_lock+0x10/0x10 [ 812.237354][T18155] ? __pfx_vfs_read+0x10/0x10 [ 812.237366][T18155] ? __fget_files+0x2a/0x420 [ 812.237379][T18155] ? __fget_files+0x3a0/0x420 [ 812.237388][T18155] ? __fget_files+0x2a/0x420 [ 812.237403][T18155] ksys_read+0x150/0x270 [ 812.237415][T18155] ? __pfx_ksys_read+0x10/0x10 [ 812.237431][T18155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.237442][T18155] do_syscall_64+0x15f/0xf80 [ 812.237455][T18155] ? trace_irq_disable+0x3b/0x140 [ 812.237469][T18155] ? clear_bhb_loop+0x40/0x90 [ 812.237482][T18155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.237491][T18155] RIP: 0033:0x7fb3e495d60e [ 812.237502][T18155] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 812.237511][T18155] RSP: 002b:00007fb3e5867fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 812.237522][T18155] RAX: ffffffffffffffda RBX: 00007fb3e58686c0 RCX: 00007fb3e495d60e [ 812.237530][T18155] RDX: 000000000000000f RSI: 00007fb3e58680a0 RDI: 0000000000000005 [ 812.237536][T18155] RBP: 00007fb3e5868090 R08: 0000000000000000 R09: 0000000000000000 [ 812.237543][T18155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 812.237549][T18155] R13: 00007fb3e4c16038 R14: 00007fb3e4c15fa0 R15: 00007fb3e4d3fa48 [ 812.237565][T18155] [ 812.614291][ T5923] rtl8150 5-1:1.0: couldn't reset the device [ 812.624059][ T5923] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5 [ 812.637610][ T5923] usb 5-1: USB disconnect, device number 112 [ 812.936012][ T5922] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 812.943897][T15859] usb 4-1: new full-speed USB device number 110 using dummy_hcd [ 813.158064][ T1222] usb 2-1: new full-speed USB device number 88 using dummy_hcd [ 813.179236][T18173] FAULT_INJECTION: forcing a failure. [ 813.179236][T18173] name failslab, interval 1, probability 0, space 0, times 0 [ 813.191834][T18173] CPU: 1 UID: 0 PID: 18173 Comm: syz.2.3899 Not tainted syzkaller #0 PREEMPT(full) [ 813.191849][T18173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 813.191855][T18173] Call Trace: [ 813.191861][T18173] [ 813.191865][T18173] dump_stack_lvl+0xe8/0x150 [ 813.191886][T18173] should_fail_ex+0x412/0x560 [ 813.191904][T18173] should_failslab+0xa8/0x100 [ 813.191919][T18173] __kmalloc_cache_noprof+0x88/0x660 [ 813.191932][T18173] ? io_ring_ctx_alloc+0x53/0xc50 [ 813.191945][T18173] io_ring_ctx_alloc+0x53/0xc50 [ 813.191955][T18173] ? io_prepare_config+0x8c8/0xc70 [ 813.191968][T18173] io_uring_create+0x50/0x9a0 [ 813.191980][T18173] __se_sys_io_uring_setup+0x2a8/0x2c0 [ 813.191993][T18173] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 813.192011][T18173] ? __pfx_ksys_write+0x10/0x10 [ 813.192028][T18173] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.192039][T18173] do_syscall_64+0x15f/0xf80 [ 813.192053][T18173] ? trace_irq_disable+0x3b/0x140 [ 813.192067][T18173] ? clear_bhb_loop+0x40/0x90 [ 813.192079][T18173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.192089][T18173] RIP: 0033:0x7f9e54b9cdd9 [ 813.192099][T18173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 813.192108][T18173] RSP: 002b:00007f9e559fffb8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 813.192120][T18173] RAX: ffffffffffffffda RBX: 0000200000000380 RCX: 00007f9e54b9cdd9 [ 813.192127][T18173] RDX: 0000200000ff4000 RSI: 0000200000000380 RDI: 0000000000005b0f [ 813.192134][T18173] RBP: 00007f9e55a00090 R08: 0000000000000000 R09: 0000000000000101 [ 813.192140][T18173] R10: 0000200000000000 R11: 0000000000000206 R12: 0000200000ff4000 [ 813.192147][T18173] R13: 0000200000000000 R14: 00002000000002c0 R15: 00007f9e54f3fa48 [ 813.192163][T18173] [ 813.456650][T18178] FAULT_INJECTION: forcing a failure. [ 813.456650][T18178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 813.469732][T18178] CPU: 1 UID: 0 PID: 18178 Comm: syz.2.3900 Not tainted syzkaller #0 PREEMPT(full) [ 813.469757][T18178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 813.469767][T18178] Call Trace: [ 813.469773][T18178] [ 813.469780][T18178] dump_stack_lvl+0xe8/0x150 [ 813.469806][T18178] should_fail_ex+0x412/0x560 [ 813.469832][T18178] _copy_from_user+0x2d/0xb0 [ 813.469850][T18178] ___sys_recvmsg+0x175/0x590 [ 813.469871][T18178] ? __pfx____sys_recvmsg+0x10/0x10 [ 813.469891][T18178] ? __fget_files+0x2a/0x420 [ 813.469927][T18178] do_recvmmsg+0x334/0x800 [ 813.469949][T18178] ? __pfx_do_recvmmsg+0x10/0x10 [ 813.469974][T18178] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 813.470006][T18178] __x64_sys_recvmmsg+0x198/0x250 [ 813.470025][T18178] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 813.470047][T18178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.470063][T18178] do_syscall_64+0x15f/0xf80 [ 813.470081][T18178] ? trace_irq_disable+0x3b/0x140 [ 813.470100][T18178] ? clear_bhb_loop+0x40/0x90 [ 813.470118][T18178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.470132][T18178] RIP: 0033:0x7f9e54b9cdd9 [ 813.470146][T18178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 813.470158][T18178] RSP: 002b:00007f9e55a00028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 813.470174][T18178] RAX: ffffffffffffffda RBX: 00007f9e54e15fa0 RCX: 00007f9e54b9cdd9 [ 813.470185][T18178] RDX: 000000000000041f RSI: 00002000000003c0 RDI: 0000000000000003 [ 813.470195][T18178] RBP: 00007f9e55a00090 R08: 0000000000000000 R09: 0000000000000000 [ 813.470204][T18178] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 813.470212][T18178] R13: 00007f9e54e16038 R14: 00007f9e54e15fa0 R15: 00007f9e54f3fa48 [ 813.470234][T18178] [ 814.370392][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 814.384312][T15859] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 814.400076][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 814.418330][ T1222] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 814.428588][T15859] usb 4-1: config 0 interface 0 has no altsetting 0 [ 814.436094][ T1222] usb 2-1: config 0 has no interface number 0 [ 814.443039][ T5922] usb 1-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 814.454130][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.465784][T15859] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 814.475641][T15859] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 814.484592][ T1222] usb 2-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 814.496582][ T5922] usb 1-1: config 0 descriptor?? [ 814.503228][ T1222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.512840][T15859] usb 4-1: Product: syz [ 814.525259][T15859] usb 4-1: Manufacturer: syz [ 814.530952][ T1222] usb 2-1: Product: syz [ 814.535640][T15859] usb 4-1: SerialNumber: syz [ 814.540786][ T1222] usb 2-1: Manufacturer: syz [ 814.546718][ T1222] usb 2-1: SerialNumber: syz [ 814.553991][T15859] usb 4-1: config 0 descriptor?? [ 814.562406][ T1222] usb 2-1: config 0 descriptor?? [ 814.574996][T15859] usb 4-1: selecting invalid altsetting 0 [ 814.588726][ T1222] usb 2-1: selecting invalid altsetting 1 [ 814.609232][ T1222] dvb_ttusb_budget: ttusb_init_controller: error [ 814.616384][ T1222] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 814.645540][ T807] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 814.712403][ T1222] DVB: Unable to find symbol stv0299_attach() [ 814.788708][ T1222] DVB: Unable to find symbol tda8083_attach() [ 814.795850][ T1222] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 814.942238][T18166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 814.947528][T15099] usb 4-1: USB disconnect, device number 110 [ 814.984991][T18166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 815.033407][ T5932] usb 2-1: USB disconnect, device number 88 [ 815.373374][ T807] usb 5-1: Using ep0 maxpacket: 32 [ 815.464016][ T5922] usbhid 1-1:0.0: can't add hid device: -71 [ 815.471587][ T5922] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 815.491837][ T5922] usb 1-1: USB disconnect, device number 17 [ 816.091440][ T807] usb 5-1: config 12 has an invalid interface number: 17 but max is 0 [ 816.099664][ T807] usb 5-1: config 12 contains an unexpected descriptor of type 0x2, skipping [ 816.108446][ T807] usb 5-1: config 12 has no interface number 0 [ 816.114645][ T807] usb 5-1: config 12 interface 17 altsetting 129 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 816.125777][ T807] usb 5-1: config 12 interface 17 altsetting 129 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 816.136904][ T807] usb 5-1: config 12 interface 17 altsetting 129 bulk endpoint 0x9 has invalid maxpacket 1024 [ 816.147166][ T807] usb 5-1: config 12 interface 17 altsetting 129 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 816.158982][ T807] usb 5-1: config 12 interface 17 altsetting 129 endpoint 0x8E has invalid maxpacket 62271, setting to 1024 [ 816.170457][ T807] usb 5-1: config 12 interface 17 altsetting 129 bulk endpoint 0x8E has invalid maxpacket 1024 [ 816.259324][ T807] usb 5-1: config 12 interface 17 altsetting 129 has 7 endpoint descriptors, different from the interface descriptor's value: 6 [ 816.272584][ T807] usb 5-1: config 12 interface 17 has no altsetting 0 [ 816.343584][ T5932] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 817.191716][ T807] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a99, bcdDevice=a2.cd [ 817.200806][ T807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 817.208806][ T807] usb 5-1: Product: 模䖎㎄㿒䬁혈䩒잨첎陨罷括䊹皕ꏢ틊௺舛꼫Ȯ쁣鼵뎎ჼ龠뀠Ʞ壓ꏺࠋ萵썳伴쪣ᚾ㾯괶穉終撋囂ⴥ⣦鷒⢫暫ǐ玽补䣋㙒 [ 817.228176][ T807] usb 5-1: Manufacturer: М [ 817.232693][ T807] usb 5-1: SerialNumber: ᠊ [ 817.314432][T18195] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [ 817.324136][T18195] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [ 817.343348][T18238] netlink: 'syz.0.3921': attribute type 2 has an invalid length. [ 817.351103][T18238] netlink: 'syz.0.3921': attribute type 2 has an invalid length. [ 817.362963][T18234] 8021q: adding VLAN 0 to HW filter on device bond4 [ 817.372706][T18234] team0: Failed to send port change of device bond4 via netlink (err -105) [ 817.388062][T18234] team0: Failed to send options change via netlink (err -105) [ 817.395553][T18234] team0: Port device bond4 added [ 817.446636][ T807] usb 5-1: can't set config #12, error -71 [ 817.457114][ T156] team0: Failed to send port change of device bond4 via netlink (err -105) [ 817.476805][ T807] usb 5-1: USB disconnect, device number 113 [ 817.612458][T18244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 817.631072][T18244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 817.805962][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.816879][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.826642][ T5932] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 817.835680][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.846927][ T5932] usb 4-1: config 0 descriptor?? [ 817.981812][ T5922] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 818.160357][ T5922] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 818.172953][ T5922] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 818.496785][ T5922] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 818.507367][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.515357][ T5922] usb 1-1: Product: syz [ 818.519512][ T5922] usb 1-1: Manufacturer: syz [ 818.524102][ T5922] usb 1-1: SerialNumber: syz [ 818.524390][ T807] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 818.538933][ T5922] usb 1-1: config 0 descriptor?? [ 818.638686][ T5932] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 818.645983][ T5932] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 818.655221][ T5932] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0017/input/input55 [ 818.675413][ T5932] cm6533_jd 0003:0D8C:0022.0017: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 818.937384][ T5932] usb 4-1: USB disconnect, device number 111 [ 818.960532][T18238] qrtr: Invalid version 255 [ 818.966082][ T5922] usb 1-1: USB disconnect, device number 18 [ 819.626181][T18264] FAULT_INJECTION: forcing a failure. [ 819.626181][T18264] name failslab, interval 1, probability 0, space 0, times 0 [ 819.659392][T18264] CPU: 0 UID: 0 PID: 18264 Comm: syz.2.3930 Not tainted syzkaller #0 PREEMPT(full) [ 819.659418][T18264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 819.659430][T18264] Call Trace: [ 819.659437][T18264] [ 819.659445][T18264] dump_stack_lvl+0xe8/0x150 [ 819.659478][T18264] should_fail_ex+0x412/0x560 [ 819.659511][T18264] should_failslab+0xa8/0x100 [ 819.659536][T18264] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 819.659560][T18264] ? __alloc_skb+0x186/0x7d0 [ 819.659577][T18264] ? __alloc_skb+0x1d0/0x7d0 [ 819.659592][T18264] ? __local_bh_enable_ip+0xd0/0x130 [ 819.659622][T18264] __alloc_skb+0x1d0/0x7d0 [ 819.659638][T18264] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 819.659666][T18264] netlink_sendmsg+0x5d4/0xb40 [ 819.659692][T18264] ? __pfx_netlink_sendmsg+0x10/0x10 [ 819.659723][T18264] ? aa_sock_msg_perm+0xf1/0x1b0 [ 819.659742][T18264] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 819.659766][T18264] ____sys_sendmsg+0x972/0x9f0 [ 819.659786][T18264] ? __might_fault+0xaf/0x130 [ 819.659810][T18264] ? __pfx_____sys_sendmsg+0x10/0x10 [ 819.659837][T18264] ? import_iovec+0x73/0xa0 [ 819.659861][T18264] ___sys_sendmsg+0x2a5/0x360 [ 819.659879][T18264] ? __lock_acquire+0x6b5/0x2cf0 [ 819.659910][T18264] ? __pfx____sys_sendmsg+0x10/0x10 [ 819.659960][T18264] ? __fget_files+0x2a/0x420 [ 819.659979][T18264] ? __fget_files+0x3a0/0x420 [ 819.660006][T18264] __x64_sys_sendmsg+0x1bd/0x2a0 [ 819.660029][T18264] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 819.660057][T18264] ? __pfx_ksys_write+0x10/0x10 [ 819.660087][T18264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.660107][T18264] do_syscall_64+0x15f/0xf80 [ 819.660130][T18264] ? trace_irq_disable+0x3b/0x140 [ 819.660153][T18264] ? clear_bhb_loop+0x40/0x90 [ 819.660175][T18264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.660194][T18264] RIP: 0033:0x7f9e54b9cdd9 [ 819.660212][T18264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 819.660228][T18264] RSP: 002b:00007f9e55a00028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 819.660247][T18264] RAX: ffffffffffffffda RBX: 00007f9e54e15fa0 RCX: 00007f9e54b9cdd9 [ 819.660261][T18264] RDX: 000000002008c010 RSI: 0000200000000580 RDI: 0000000000000003 [ 819.660273][T18264] RBP: 00007f9e55a00090 R08: 0000000000000000 R09: 0000000000000000 [ 819.660285][T18264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.660296][T18264] R13: 00007f9e54e16038 R14: 00007f9e54e15fa0 R15: 00007f9e54f3fa48 [ 819.660325][T18264] [ 820.244294][ T807] usb 5-1: config 155 has an invalid interface number: 248 but max is 0 [ 820.252674][ T807] usb 5-1: config 155 has no interface number 0 [ 820.258970][ T807] usb 5-1: config 155 interface 248 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 820.270009][ T807] usb 5-1: config 155 interface 248 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 820.281046][ T807] usb 5-1: config 155 interface 248 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 820.292506][ T807] usb 5-1: config 155 interface 248 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 820.303655][ T807] usb 5-1: config 155 interface 248 altsetting 6 has a duplicate endpoint with address 0x7, skipping [ 820.314535][ T807] usb 5-1: config 155 interface 248 has no altsetting 0 [ 821.347827][ T807] usb 5-1: New USB device found, idVendor=11ca, idProduct=0212, bcdDevice=70.9f [ 821.356922][ T807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.467234][ T807] usb 5-1: can't set config #155, error -71 [ 821.475186][ T807] usb 5-1: USB disconnect, device number 114 [ 821.616024][T18298] FAULT_INJECTION: forcing a failure. [ 821.616024][T18298] name failslab, interval 1, probability 0, space 0, times 0 [ 821.634218][T18298] CPU: 0 UID: 0 PID: 18298 Comm: syz.3.3940 Not tainted syzkaller #0 PREEMPT(full) [ 821.634242][T18298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 821.634253][T18298] Call Trace: [ 821.634261][T18298] [ 821.634268][T18298] dump_stack_lvl+0xe8/0x150 [ 821.634300][T18298] should_fail_ex+0x412/0x560 [ 821.634331][T18298] should_failslab+0xa8/0x100 [ 821.634356][T18298] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 821.634375][T18298] ? __alloc_skb+0x186/0x7d0 [ 821.634390][T18298] ? __alloc_skb+0x1d0/0x7d0 [ 821.634403][T18298] ? __local_bh_enable_ip+0xd0/0x130 [ 821.634430][T18298] __alloc_skb+0x1d0/0x7d0 [ 821.634451][T18298] netlink_sendmsg+0x5d4/0xb40 [ 821.634474][T18298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 821.634493][T18298] ? aa_sock_msg_perm+0xf1/0x1b0 [ 821.634513][T18298] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 821.634532][T18298] ____sys_sendmsg+0x972/0x9f0 [ 821.634558][T18298] ? __might_fault+0xaf/0x130 [ 821.634582][T18298] ? __pfx_____sys_sendmsg+0x10/0x10 [ 821.634607][T18298] ? import_iovec+0x73/0xa0 [ 821.634627][T18298] ___sys_sendmsg+0x2a5/0x360 [ 821.634645][T18298] ? __lock_acquire+0x6b5/0x2cf0 [ 821.634672][T18298] ? __pfx____sys_sendmsg+0x10/0x10 [ 821.634715][T18298] ? __fget_files+0x2a/0x420 [ 821.634731][T18298] ? __fget_files+0x3a0/0x420 [ 821.634755][T18298] __x64_sys_sendmsg+0x1bd/0x2a0 [ 821.634776][T18298] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 821.634802][T18298] ? __pfx_ksys_write+0x10/0x10 [ 821.634827][T18298] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.634845][T18298] do_syscall_64+0x15f/0xf80 [ 821.634866][T18298] ? trace_irq_disable+0x3b/0x140 [ 821.634885][T18298] ? clear_bhb_loop+0x40/0x90 [ 821.634903][T18298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.634920][T18298] RIP: 0033:0x7f711d39cdd9 [ 821.634938][T18298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.634951][T18298] RSP: 002b:00007f711e19d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 821.634969][T18298] RAX: ffffffffffffffda RBX: 00007f711d615fa0 RCX: 00007f711d39cdd9 [ 821.634980][T18298] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 821.634990][T18298] RBP: 00007f711e19d090 R08: 0000000000000000 R09: 0000000000000000 [ 821.635002][T18298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 821.635011][T18298] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 821.635038][T18298] [ 822.193639][T18308] FAULT_INJECTION: forcing a failure. [ 822.193639][T18308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 822.206777][T18308] CPU: 0 UID: 0 PID: 18308 Comm: syz.3.3944 Not tainted syzkaller #0 PREEMPT(full) [ 822.206801][T18308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 822.206812][T18308] Call Trace: [ 822.206820][T18308] [ 822.206829][T18308] dump_stack_lvl+0xe8/0x150 [ 822.206862][T18308] should_fail_ex+0x412/0x560 [ 822.206894][T18308] _copy_from_user+0x2d/0xb0 [ 822.206916][T18308] sctp_setsockopt+0x1c4/0x12c0 [ 822.206941][T18308] ? sock_common_setsockopt+0x36/0xc0 [ 822.206966][T18308] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 822.206992][T18308] do_sock_setsockopt+0x17c/0x1b0 [ 822.207015][T18308] __x64_sys_setsockopt+0x13d/0x1b0 [ 822.207032][T18308] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.207052][T18308] do_syscall_64+0x15f/0xf80 [ 822.207070][T18308] ? trace_irq_disable+0x3b/0x140 [ 822.207092][T18308] ? clear_bhb_loop+0x40/0x90 [ 822.207111][T18308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.207128][T18308] RIP: 0033:0x7f711d39cdd9 [ 822.207143][T18308] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 822.207156][T18308] RSP: 002b:00007f711e19d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 822.207173][T18308] RAX: ffffffffffffffda RBX: 00007f711d615fa0 RCX: 00007f711d39cdd9 [ 822.207186][T18308] RDX: 0000000000000084 RSI: 0000000000000084 RDI: 0000000000000004 [ 822.207195][T18308] RBP: 00007f711e19d090 R08: 0000000000000090 R09: 0000000000000000 [ 822.207205][T18308] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 822.207217][T18308] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 822.207240][T18308] [ 822.766711][T18313] syzkaller0: entered promiscuous mode [ 822.830726][T18313] syzkaller0: entered allmulticast mode [ 822.848219][T18315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3946'. [ 823.068398][T18293] loop5: detected capacity change from 0 to 7 [ 823.241649][T18322] netlink: 'syz.3.3947': attribute type 11 has an invalid length. [ 824.182930][T18315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3946'. [ 824.236636][T18293] Dev loop5: unable to read RDB block 7 [ 824.238931][ C0] blk_print_req_error: 10 callbacks suppressed [ 824.238947][ C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 824.258202][ C0] buffer_io_error: 14 callbacks suppressed [ 824.258218][ C0] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 824.348473][ C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 824.358257][ C0] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 824.474813][T18293] loop5: unable to read partition table [ 824.570585][T18293] loop5: partition table beyond EOD, truncated [ 824.588055][T18293] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 825.089600][T18332] bond2: option downdelay: invalid value (18446744073709551609) [ 825.097301][T18332] bond2: option downdelay: allowed values 0 - 2147483647 [ 825.213276][T18332] bond2 (unregistering): Released all slaves [ 825.312953][ T5211] Dev loop5: unable to read RDB block 7 [ 825.318624][ T5211] loop5: unable to read partition table [ 825.324708][ T5211] loop5: partition table beyond EOD, truncated [ 826.636483][T18348] FAULT_INJECTION: forcing a failure. [ 826.636483][T18348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 826.667366][T18348] CPU: 1 UID: 0 PID: 18348 Comm: syz.3.3956 Not tainted syzkaller #0 PREEMPT(full) [ 826.667391][T18348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 826.667401][T18348] Call Trace: [ 826.667409][T18348] [ 826.667416][T18348] dump_stack_lvl+0xe8/0x150 [ 826.667447][T18348] should_fail_ex+0x412/0x560 [ 826.667476][T18348] _copy_to_user+0x31/0xb0 [ 826.667496][T18348] simple_read_from_buffer+0xe1/0x170 [ 826.667516][T18348] proc_fail_nth_read+0x1bb/0x230 [ 826.667536][T18348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 826.667554][T18348] ? rw_verify_area+0x2a6/0x4d0 [ 826.667571][T18348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 826.667587][T18348] vfs_read+0x20c/0xa70 [ 826.667608][T18348] ? __pfx___mutex_lock+0x10/0x10 [ 826.667628][T18348] ? __pfx_vfs_read+0x10/0x10 [ 826.667646][T18348] ? __fget_files+0x2a/0x420 [ 826.667665][T18348] ? __fget_files+0x3a0/0x420 [ 826.667681][T18348] ? __fget_files+0x2a/0x420 [ 826.667707][T18348] ksys_read+0x150/0x270 [ 826.667730][T18348] ? __pfx_ksys_read+0x10/0x10 [ 826.667760][T18348] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.667780][T18348] do_syscall_64+0x15f/0xf80 [ 826.667802][T18348] ? trace_irq_disable+0x3b/0x140 [ 826.667825][T18348] ? clear_bhb_loop+0x40/0x90 [ 826.667848][T18348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.667865][T18348] RIP: 0033:0x7f711d35d60e [ 826.667882][T18348] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 826.667896][T18348] RSP: 002b:00007f711e19cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 826.667910][T18348] RAX: ffffffffffffffda RBX: 00007f711e19d6c0 RCX: 00007f711d35d60e [ 826.667918][T18348] RDX: 000000000000000f RSI: 00007f711e19d0a0 RDI: 0000000000000004 [ 826.667924][T18348] RBP: 00007f711e19d090 R08: 0000000000000000 R09: 0000000000000000 [ 826.667931][T18348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 826.667936][T18348] R13: 00007f711d616038 R14: 00007f711d615fa0 R15: 00007f711d73fa48 [ 826.667952][T18348] [ 826.998613][T18355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3958'. [ 827.065451][T18355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3958'. [ 827.110077][T18357] fuse: fd is not a fuse device [ 827.254453][T18360] syzkaller0: entered promiscuous mode [ 827.259952][T18360] syzkaller0: entered allmulticast mode [ 827.889303][T18371] netlink: 'syz.3.3963': attribute type 1 has an invalid length. [ 827.907526][T18365] syzkaller0: entered promiscuous mode [ 827.913010][T18365] syzkaller0: entered allmulticast mode [ 828.232251][T18377] netlink: 'syz.2.3965': attribute type 1 has an invalid length. [ 828.524440][ T5903] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 829.258801][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 830.000257][ T5903] usb 5-1: config 0 has an invalid interface number: 251 but max is 0 [ 830.008464][ T5903] usb 5-1: config 0 has no interface number 0 [ 830.014534][ T5903] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 830.024403][ T5903] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 830.888125][T18371] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 830.893237][T18377] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 830.981811][ T5903] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 830.996882][T18383] FAULT_INJECTION: forcing a failure. [ 830.996882][T18383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 830.999118][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.999141][ T5903] usb 5-1: Product: syz [ 830.999157][ T5903] usb 5-1: Manufacturer: syz [ 830.999173][ T5903] usb 5-1: SerialNumber: syz [ 831.001805][ T5903] usb 5-1: config 0 descriptor?? [ 831.013924][T18383] CPU: 1 UID: 0 PID: 18383 Comm: syz.0.3966 Not tainted syzkaller #0 PREEMPT(full) [ 831.013950][T18383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 831.013960][T18383] Call Trace: [ 831.013969][T18383] [ 831.013977][T18383] dump_stack_lvl+0xe8/0x150 [ 831.014008][T18383] should_fail_ex+0x412/0x560 [ 831.014040][T18383] _copy_to_user+0x31/0xb0 [ 831.014063][T18383] simple_read_from_buffer+0xe1/0x170 [ 831.014086][T18383] proc_fail_nth_read+0x1bb/0x230 [ 831.014108][T18383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 831.014131][T18383] ? rw_verify_area+0x2a6/0x4d0 [ 831.014151][T18383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 831.014172][T18383] vfs_read+0x20c/0xa70 [ 831.014197][T18383] ? __pfx___mutex_lock+0x10/0x10 [ 831.014221][T18383] ? __pfx_vfs_read+0x10/0x10 [ 831.014243][T18383] ? __fget_files+0x2a/0x420 [ 831.014265][T18383] ? __fget_files+0x3a0/0x420 [ 831.014282][T18383] ? __fget_files+0x2a/0x420 [ 831.014307][T18383] ksys_read+0x150/0x270 [ 831.014330][T18383] ? __pfx_ksys_read+0x10/0x10 [ 831.014358][T18383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.014378][T18383] do_syscall_64+0x15f/0xf80 [ 831.014402][T18383] ? clear_bhb_loop+0x40/0x90 [ 831.014423][T18383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.014440][T18383] RIP: 0033:0x7fb3e495d60e [ 831.014457][T18383] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 831.014472][T18383] RSP: 002b:00007fb3e5867fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 831.014491][T18383] RAX: ffffffffffffffda RBX: 00007fb3e58686c0 RCX: 00007fb3e495d60e [ 831.014505][T18383] RDX: 000000000000000f RSI: 00007fb3e58680a0 RDI: 0000000000000004 [ 831.014517][T18383] RBP: 00007fb3e5868090 R08: 0000000000000000 R09: 0000000000000000 [ 831.014528][T18383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 831.014538][T18383] R13: 00007fb3e4c16038 R14: 00007fb3e4c15fa0 R15: 00007fb3e4d3fa48 [ 831.014566][T18383] [ 831.433160][T18391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3970'. [ 831.491524][ T5903] usb 5-1: can't set config #0, error -71 [ 831.500774][ T5903] usb 5-1: USB disconnect, device number 115 [ 831.517148][T18393] syzkaller0: entered promiscuous mode [ 831.522755][T18393] syzkaller0: entered allmulticast mode [ 831.530850][T18391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3970'. [ 832.520966][T18408] syzkaller0: entered promiscuous mode [ 832.526991][T18408] syzkaller0: entered allmulticast mode [ 833.036397][T18410] binder: BINDER_SET_CONTEXT_MGR already set [ 833.042916][T18410] binder: 18409:18410 ioctl 4018620d 200000004a80 returned -16 [ 833.212896][T18412] xt_TCPMSS: Only works on TCP SYN packets [ 833.567851][ T5903] usb 4-1: new full-speed USB device number 112 using dummy_hcd [ 833.649269][T18412] sit1: entered allmulticast mode [ 833.721635][T18421] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3978'. [ 833.843074][T18421] batman_adv: batadv0: Adding interface: macvtap1 [ 833.876602][T18421] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 833.954292][T18421] batman_adv: batadv0: Not using interface macvtap1 (retrying later): interface not active [ 834.025430][T18422] batman_adv: batadv0: Adding interface: macvtap2 [ 834.057917][ T5838] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 834.065727][ T5903] usb 4-1: device descriptor read/64, error -71 [ 834.154202][T18422] batman_adv: batadv0: The MTU of interface macvtap2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 834.177980][ T29] audit: type=1326 audit(1777004845.237:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.201959][ T29] audit: type=1326 audit(1777004845.237:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.224198][ T29] audit: type=1326 audit(1777004845.237:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.297148][T18422] batman_adv: batadv0: Not using interface macvtap2 (retrying later): interface not active [ 834.319961][ T29] audit: type=1326 audit(1777004845.237:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.342309][ T29] audit: type=1326 audit(1777004845.237:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.364619][ T29] audit: type=1326 audit(1777004845.237:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.386828][ T29] audit: type=1326 audit(1777004845.237:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.509241][ T29] audit: type=1326 audit(1777004845.237:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18420 comm="syz.1.3978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbec6d9cdd9 code=0x7ffc0000 [ 834.590813][ T5903] usb 4-1: new full-speed USB device number 113 using dummy_hcd [ 834.728652][T18425] input: syz0 as /devices/virtual/input/input56 [ 834.748804][T18429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3982'. [ 834.802647][ T5838] usb 5-1: Using ep0 maxpacket: 8 [ 834.859472][ T29] audit: type=1326 audit(1777004845.967:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18424 comm="syz.2.3981" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e54b9cdd9 code=0x0 [ 834.870951][T18429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3982'. [ 835.038458][ T5903] usb 4-1: device descriptor read/64, error -71 [ 835.161788][ T30] INFO: task kworker/0:6:5930 blocked for more than 143 seconds. [ 835.169560][ T30] Not tainted syzkaller #0 [ 835.174508][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 835.183178][ T30] task:kworker/0:6 state:D stack:21856 pid:5930 tgid:5930 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 835.195200][ T30] Workqueue: usb_hub_wq hub_event [ 835.200258][ T30] Call Trace: [ 835.203552][ T30] [ 835.206500][ T30] __schedule+0x17b4/0x5680 [ 835.211021][ T30] ? kasan_save_stack+0x3e/0x60 [ 835.217370][ T30] ? bus_for_each_drv+0x258/0x2f0 [ 835.222423][ T30] ? device_initial_probe+0xa1/0xd0 [ 835.227649][ T30] ? __device_attach_driver+0x279/0x430 [ 835.233207][ T30] ? __device_attach+0x2c5/0x450 [ 835.238177][ T30] ? look_up_lock_class+0x57/0x110 [ 835.243388][ T30] ? __pfx___schedule+0x10/0x10 [ 835.248270][ T30] ? schedule+0x90/0x360 [ 835.252538][ T30] schedule+0x164/0x360 [ 835.281314][ T5903] usb usb4-port1: attempt power cycle [ 835.288775][ T30] schedule_timeout+0xc3/0x2c0 [ 835.294275][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 835.300697][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 835.308723][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 835.314924][ T30] ? wait_for_completion+0x274/0x5e0 [ 835.320980][ T30] wait_for_completion+0x2cc/0x5e0 [ 835.337467][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 835.343953][ T30] i2c_del_adapter+0x5c0/0x790 [ 835.349625][ T30] ? __pfx_i2c_del_adapter+0x10/0x10 [ 835.355291][ T30] ? kfree+0x4d/0x640 [ 835.359757][ T30] dvb_usb_i2c_exit+0x64/0xb0 [ 835.364727][ T30] dvb_usb_device_exit+0x1cb/0x360 [ 835.370324][ T30] ? __pfx_dvb_usb_device_exit+0x10/0x10 [ 835.376263][ T30] cxusb_probe+0x60f/0x710 [ 835.381519][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 835.386738][ T30] ? __pfx_cxusb_probe+0x10/0x10 [ 835.391691][ T30] usb_probe_interface+0x659/0xc70 [ 835.396821][ T30] ? __pfx_usb_probe_interface+0x10/0x10 [ 835.400639][T15099] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 835.402686][ T30] really_probe+0x267/0xaf0 [ 835.414485][ T30] __driver_probe_device+0x1ef/0x380 [ 835.419796][ T30] driver_probe_device+0x4f/0x240 [ 835.424834][ T30] __device_attach_driver+0x279/0x430 [ 835.430228][ T30] bus_for_each_drv+0x258/0x2f0 [ 835.435093][ T30] ? __pfx___device_attach_driver+0x10/0x10 [ 835.440998][ T30] ? __pfx_bus_for_each_drv+0x10/0x10 [ 835.446395][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 835.451608][ T30] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 835.457502][ T30] __device_attach+0x2c5/0x450 [ 835.462254][ T30] ? __pfx___device_attach+0x10/0x10 [ 835.467520][ T30] ? _raw_spin_unlock+0x28/0x50 [ 835.472350][ T30] device_initial_probe+0xa1/0xd0 [ 835.477356][ T30] bus_probe_device+0x12a/0x220 [ 835.482196][ T30] device_add+0x7e9/0xbb0 [ 835.486544][ T30] usb_set_configuration+0x1a87/0x2110 [ 835.492331][ T30] usb_generic_driver_probe+0x8d/0x150 [ 835.497815][ T30] usb_probe_device+0x1c4/0x3b0 [ 835.521730][ T5932] usb 2-1: new full-speed USB device number 89 using dummy_hcd [ 835.530861][ T30] ? __pfx_usb_probe_device+0x10/0x10 [ 835.536262][ T30] really_probe+0x267/0xaf0 [ 835.540782][ T30] __driver_probe_device+0x1ef/0x380 [ 835.546080][ T30] driver_probe_device+0x4f/0x240 [ 835.551091][ T30] __device_attach_driver+0x279/0x430 [ 835.556441][ T30] bus_for_each_drv+0x258/0x2f0 [ 835.561272][ T30] ? __pfx___device_attach_driver+0x10/0x10 [ 835.567141][ T30] ? __pfx_bus_for_each_drv+0x10/0x10 [ 835.572490][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 835.577695][ T30] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 835.583482][ T30] __device_attach+0x2c5/0x450 [ 835.588231][ T30] ? __pfx___device_attach+0x10/0x10 [ 835.593507][ T30] ? _raw_spin_unlock+0x28/0x50 [ 835.598365][ T30] device_initial_probe+0xa1/0xd0 [ 835.603398][ T30] bus_probe_device+0x12a/0x220 [ 835.608237][ T30] device_add+0x7e9/0xbb0 [ 835.612551][ T30] usb_new_device+0xa08/0x16f0 [ 835.617797][ T30] ? __pfx_usb_new_device+0x10/0x10 [ 835.635727][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 835.635748][ T5838] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 835.635772][ T5838] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 835.640975][ T30] hub_event+0x2a1c/0x4f30 [ 835.651053][ T5838] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 835.659888][ T30] ? __pfx_hub_event+0x10/0x10 [ 835.664252][ T5838] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 835.675591][ T30] ? process_scheduled_works+0xa70/0x1860 [ 835.680341][ T5838] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 835.691344][ T30] ? process_scheduled_works+0xa70/0x1860 [ 835.697077][ T5838] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 835.722738][ T5838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.725179][ T30] ? process_scheduled_works+0xa70/0x1860 [ 835.742684][ T30] process_scheduled_works+0xb5d/0x1860 [ 835.748303][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 835.754302][ T30] ? assign_work+0x3d5/0x5e0 [ 835.762752][ T30] worker_thread+0xa53/0xfc0 [ 835.767415][ T30] kthread+0x388/0x470 [ 835.771494][ T30] ? __pfx_worker_thread+0x10/0x10 [ 835.776622][ T30] ? __pfx_kthread+0x10/0x10 [ 835.781194][ T30] ret_from_fork+0x514/0xb70 [ 835.785771][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 835.790882][ T30] ? __switch_to+0xc79/0x1410 [ 835.795542][ T30] ? __pfx_kthread+0x10/0x10 [ 835.800113][ T30] ret_from_fork_asm+0x1a/0x30 [ 835.804862][ T30] [ 835.807948][ T30] [ 835.807948][ T30] Showing all locks held in the system: [ 835.815652][ T30] 1 lock held by khungtaskd/30: [ 835.820481][ T30] #0: ffffffff8e95cce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 835.831731][ T30] 2 locks held by getty/5598: [ 835.836425][ T30] #0: ffff8880368f60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 835.846207][ T30] #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0 [ 835.857378][ T30] 5 locks held by kworker/0:3/5838: [ 835.876421][ T30] #0: ffff888021ad9d40 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 835.877107][ T5903] usb 4-1: new full-speed USB device number 114 using dummy_hcd [ 835.887789][ T30] #1: ffffc90003a47c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 835.907240][ T30] #2: ffff88802a88e1d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 835.916094][ T30] #3: ffff8880548841d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 835.925291][ T30] #4: ffff888029897f60 (hcd->bandwidth_mutex){+.+.}-{4:4}, at: usb_set_configuration+0x53e/0x2110 [ 835.944318][ T30] 5 locks held by kworker/0:5/5903: [ 835.950113][ T30] #0: ffff888021ad9d40 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 835.962195][ T30] #1: ffffc90003d67c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 835.974790][ T30] #2: ffff88802a84e1d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 835.984938][ T30] #3: ffff88802a86f568 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30 [ 835.994885][ T30] #4: ffff88802994f560 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21a2/0x4f30 [ 835.996713][ T5932] usb 2-1: device descriptor read/64, error -71 [ 836.004561][ T30] 5 locks held by kworker/0:6/5930: [ 836.012650][ T5838] hub 5-1:1.0: bad descriptor, ignoring hub [ 836.017207][ T30] #0: ffff888021ad9d40 ( [ 836.021849][ T5838] hub 5-1:1.0: probe with driver hub failed with error -5 [ 836.021856][ T30] (wq_completion)usb_hub_wq [ 836.022373][ T5838] cdc_wdm 5-1:1.0: skipping garbage [ 836.026177][ T30] ){+.+.}-{0:0} [ 836.033268][ T5838] cdc_wdm 5-1:1.0: skipping garbage [ 836.037745][ T30] , at: process_scheduled_works+0xa35/0x1860 [ 836.042999][ T5838] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 836.046353][ T30] #1: ffffc90003f57c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 836.077204][ T30] #2: ffff88823bff89d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 836.091521][ T30] #3: ffff88802952b1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 836.103272][ T30] #4: ffff88802df111a0 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 836.114448][ T30] 5 locks held by kworker/0:7/5932: [ 836.119993][T15099] usb 1-1: Using ep0 maxpacket: 8 [ 836.128964][ T30] #0: ffff888021ad9d40 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 836.140334][ T30] #1: ffffc90003f77c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 836.152267][ T30] #2: ffff88802a72c1d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 836.161179][ T30] #3: ffff88802a78d568 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30 [ 836.171129][ T30] #4: ffff88802a5af960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21a2/0x4f30 [ 836.180823][ T30] 4 locks held by udevd/6438: [ 836.185499][ T30] #0: ffff888048d4abd8 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 836.194323][ T30] #1: ffff88807bc08480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420 [ 836.203763][ T30] #2: ffff8880658e9e18 (kn->active#34){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420 [ 836.214593][ T30] #3: ffff88802952b1d8 (&dev->mutex){....}-{4:4}, at: serial_show+0x26/0xa0 [ 836.248702][ T5903] usb 4-1: device descriptor read/8, error -71 [ 836.255760][ T30] 5 locks held by kworker/u8:12/14939: [ 836.261236][ T30] 4 locks held by kworker/u8:18/14957: [ 836.266696][ T30] #0: ffff8880b873aea0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 836.276651][ T30] #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 836.285550][ T30] #2: ffffffff8e95cce0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 836.295233][ T30] #3: ffff888055a31170 (&sch->root_lock_key#49){+.-.}-{3:3}, at: net_tx_action+0x6d5/0xc30 [ 836.305377][ T30] 5 locks held by kworker/0:4/15099: [ 836.310669][ T30] #0: ffff888021ad9d40 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 836.322020][ T30] #1: ffffc900045a7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 836.333912][ T30] #2: ffff88802a5771d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 836.342834][ T30] #3: ffff88802a70d568 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30 [ 836.391607][ T5932] usb 2-1: new full-speed USB device number 90 using dummy_hcd [ 836.401486][ T30] #4: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 836.410426][ T30] 3 locks held by syz.4.3979/18418: [ 836.415622][ T30] #0: ffff88807dbc3e40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 836.425840][ T30] #1: ffff88807b8db260 (sk_lock-AF_CAN){+.+.}-{0:0}, at: bcm_release+0x1cd/0x940 [ 836.435122][ T30] #2: ffffffff8e962fe8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 [ 836.446035][ T30] 1 lock held by syz.2.3981/18424: [ 836.451145][ T30] #0: ffffffff8e962eb8 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 836.461633][ T30] [ 836.463968][ T30] ============================================= [ 836.463968][ T30] [ 836.472388][ T30] NMI backtrace for cpu 0 [ 836.472405][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 836.472426][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 836.472437][ T30] Call Trace: [ 836.472446][ T30] [ 836.472456][ T30] dump_stack_lvl+0xe8/0x150 [ 836.472487][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 836.472507][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 836.472534][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 836.472556][ T30] sys_info+0x135/0x170 [ 836.472583][ T30] watchdog+0xfd3/0x1030 [ 836.472613][ T30] ? watchdog+0x1c9/0x1030 [ 836.472641][ T30] kthread+0x388/0x470 [ 836.472663][ T30] ? __pfx_watchdog+0x10/0x10 [ 836.472684][ T30] ? __pfx_kthread+0x10/0x10 [ 836.472705][ T30] ret_from_fork+0x514/0xb70 [ 836.472735][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 836.472762][ T30] ? __switch_to+0xc79/0x1410 [ 836.472788][ T30] ? __pfx_kthread+0x10/0x10 [ 836.472810][ T30] ret_from_fork_asm+0x1a/0x30 [ 836.472843][ T30] [ 836.472850][ T30] Sending NMI from CPU 0 to CPUs 1: [ 836.607042][ C1] NMI backtrace for cpu 1 [ 836.607061][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 836.607079][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 836.607089][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 836.607116][ C1] Code: 0b 71 02 e9 53 f4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 c1 10 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 836.607129][ C1] RSP: 0018:ffffc90000197e20 EFLAGS: 00000242 [ 836.607143][ C1] RAX: 000000000154453d RBX: ffffffff819aae9a RCX: 0000000080000001 [ 836.607155][ C1] RDX: 0000000000000001 RSI: ffffffff8dfd7e8c RDI: ffffffff8c289f60 [ 836.607166][ C1] RBP: ffffc90000197f10 R08: ffff8880b87339db R09: 1ffff110170e673b [ 836.607177][ C1] R10: dffffc0000000000 R11: ffffed10170e673c R12: 0000000000000001 [ 836.607188][ C1] R13: 1ffff11003b5e000 R14: 0000000000000001 R15: 1ffff11003b5e000 [ 836.607199][ C1] FS: 0000000000000000(0000) GS:ffff888125314000(0000) knlGS:0000000000000000 [ 836.607212][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 836.607224][ C1] CR2: 00007f711d5ea2f8 CR3: 0000000074d94000 CR4: 00000000003526f0 [ 836.607238][ C1] Call Trace: [ 836.607245][ C1] [ 836.607252][ C1] default_idle+0x9/0x20 [ 836.607277][ C1] default_idle_call+0x72/0xb0 [ 836.607299][ C1] do_idle+0x36a/0x5f0 [ 836.607318][ C1] ? __pfx_do_idle+0x10/0x10 [ 836.607336][ C1] cpu_startup_entry+0x43/0x60 [ 836.607351][ C1] start_secondary+0x101/0x110 [ 836.607372][ C1] common_startup_64+0x13e/0x147 [ 836.607396][ C1] [ 836.816504][ T807] usb 5-1: USB disconnect, device number 116 [ 836.828492][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 836.835367][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 836.844481][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 836.854539][ T30] Call Trace: [ 836.857821][ T30] [ 836.860752][ T30] vpanic+0x56c/0xa60 [ 836.864739][ T30] ? __pfx___schedule+0x10/0x10 [ 836.869600][ T30] ? __pfx_vpanic+0x10/0x10 [ 836.874118][ T30] ? nmi_trigger_cpumask_backtrace+0x1f4/0x300 [ 836.880291][ T30] panic+0xc5/0xd0 [ 836.884023][ T30] ? __pfx_panic+0x10/0x10 [ 836.888446][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 836.893834][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 836.900001][ T30] watchdog+0x102c/0x1030 [ 836.904349][ T30] ? watchdog+0x1c9/0x1030 [ 836.908779][ T30] kthread+0x388/0x470 [ 836.912856][ T30] ? __pfx_watchdog+0x10/0x10 [ 836.917542][ T30] ? __pfx_kthread+0x10/0x10 [ 836.922140][ T30] ret_from_fork+0x514/0xb70 [ 836.926745][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 836.931871][ T30] ? __switch_to+0xc79/0x1410 [ 836.936562][ T30] ? __pfx_kthread+0x10/0x10 [ 836.941160][ T30] ret_from_fork_asm+0x1a/0x30 [ 836.945942][ T30] [ 836.949445][ T30] Kernel Offset: disabled [ 836.953759][ T30] Rebooting in 86400 seconds..