last executing test programs: 11.276053635s ago: executing program 1 (id=2801): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$kcm(0x29, 0x7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x16, 0x16, 0x0, 0x8000}}) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) syz_open_procfs$userns(0x0, &(0x7f0000000540)) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r0, 0x917, 0xfffffffe, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x6}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000) 9.827764326s ago: executing program 1 (id=2813): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x4c0, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000700)={0xa, 0x5, &(0x7f0000000180)=[0x401, 0x9, 0x9, 0x4455, 0x8], &(0x7f0000000140), &(0x7f00000000c0), 0x0}) r1 = syz_clone(0x1030000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56461, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0xd8, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xb, 0xd}, {0x0, 0xa}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0xa8, 0x2, [@TCA_BASIC_ACT={0xa4, 0x3, [@m_ctinfo={0xa0, 0x15, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x8}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x4}]}, {0x62, 0x6, "78decca1cea50d108b65747744617eff841c1ff7ce1095b2c8609e88f79533faa4e82187ec2e6150424143beb37c762738dea306164a999a1532c506b96982cfe98f24d7f1a42206624b67476786182de5021159657ec1b7da50bdcf86e0"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x10}, 0x0) setns(r2, 0x20000000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x200, 0x0, 0xff, 0x3}, 0x20) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'veth0_macvtap\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x1, [{0x200, 0x5}]}}) r10 = socket(0xa, 0x3, 0x87) ioctl$sock_inet6_tcp_SIOCINQ(r10, 0x890b, &(0x7f0000000000)) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000000206010800f6ff000000000003000000040007800500010006000000"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x20008810) getsockopt$IP_SET_OP_GET_BYINDEX(r11, 0x1, 0x53, &(0x7f0000000140)={0x7, 0x7, 0x4}, &(0x7f00000001c0)=0x28) r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r12, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%pI4 \x00'}, 0x1c) r14 = openat$uinput(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) r15 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_S_STD(r15, 0x40085618, &(0x7f0000000140)=0x50007) close_range(r13, r14, 0x2) 9.216043695s ago: executing program 1 (id=2815): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) timer_create(0x3, &(0x7f00000002c0)={0x0, 0x6, 0x1}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_emit_vhci(0x0, 0x7) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b05, &(0x7f00000004c0)={'wlan1\x00'}) keyctl$read(0x1f, 0x0, &(0x7f0000000080)=""/61, 0x3d) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0xa2602, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) socket(0x1a, 0x3, 0x0) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0x807, @empty, 'vlan1\x00'}}, 0x1e) sendmmsg(r3, &(0x7f0000001340), 0x0, 0x24048084) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x4}, 0x38) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) r5 = syz_open_dev$audion(&(0x7f0000000080), 0x5, 0x4002) ioctl$KVM_NMI(r5, 0xae9a) accept4(r0, 0x0, 0x0, 0x80000) 6.101382192s ago: executing program 1 (id=2823): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$kcm(0x29, 0x7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x16, 0x16, 0x0, 0x8000}}) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) syz_open_procfs$userns(0x0, &(0x7f0000000540)) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r0, 0x917, 0xfffffffe, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x6}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000) 5.979614698s ago: executing program 0 (id=2825): r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x21005, 0x40) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/81, 0x51}, {&(0x7f00000006c0)=""/176, 0xb0}], 0x2, &(0x7f0000000780)=""/251, 0xfb}, 0x3}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000880)=""/250, 0xfa}, {&(0x7f0000000a40)=""/247, 0xf7}, {&(0x7f0000000b40)=""/4096, 0x1000}], 0x3, &(0x7f0000001b40)=""/217, 0xd9}, 0xfffffffc}], 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x1, 0x0, 0x2, 0x4, 0x0, 0xfffffffc}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000400000000000900020073797a300000e5ff0400010007000000050005000a000000140007800800114000000000080012400000ffff12000300686173683a6e65742c706f7274000000"], 0x60}}, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000580)={@in6={0xa, 0x4e23, 0x6f5d, @local, 0xb}, {&(0x7f00000004c0)=""/137, 0x89}, &(0x7f00000000c0), 0x4e}, 0xa0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, 0x0, 0xffe) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x20, 0x1e, 0x3c964e403b131b43}, 0x20}}, 0x0) recvmmsg(r6, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x20, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) getsockopt(0xffffffffffffffff, 0x200000000114, 0x2710, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2f, 0xffffffd4, 0x0, 0x0, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) r8 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000440)=r7, 0x4) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100009060300", @ANYBLOB="adffa888f00306001c"], 0x3c}}, 0x40050) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x0) 5.624410499s ago: executing program 2 (id=2828): socket$kcm(0xa, 0x3, 0x87) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) (async) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000120000140000006000000000058700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) (async, rerun: 32) close(0xffffffffffffffff) (rerun: 32) 5.256209722s ago: executing program 2 (id=2829): r0 = userfaultfd(0x80001) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) write$sequencer(r1, &(0x7f0000000080)=[@l={0x92, 0xe, 0xe0, 0x1e, 0x2a, 0xe, 0x8}], 0x8) socket$tipc(0x1e, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r4 = syz_open_pts(r3, 0x8182) r5 = dup3(r4, r3, 0x0) ioctl$TCFLSH(r5, 0x540b, 0x2) r6 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r7, @ANYBLOB="0000000003120100500012800b00010062726964676500004000028008000500010000000600270000"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) socket$tipc(0x1e, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38010000170001000000000000000000fc020000000000000000000000000000000000000000000000000000000000000000000300000000020000005e000000", @ANYRESDEC=r5, @ANYRESHEX=r7, @ANYRESOCT], 0x138}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x400, 0x3, 0x4, 0x9325, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x7dc48146, 0x7fffffff, 0x5539e0cf}, 0x0, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0) 4.600873954s ago: executing program 0 (id=2830): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$ptmx(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00'}) (async, rerun: 32) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) syz_emit_ethernet(0x52, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd608a27f2000f2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000201"], 0x0) (async, rerun: 64) r0 = socket$alg(0x26, 0x5, 0x0) (rerun: 64) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58) (async, rerun: 64) r1 = accept4(r0, 0x0, 0x0, 0x80000) (rerun: 64) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000300)="a4eac90f", 0x4}], 0x1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 64) r3 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 64) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xb}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xffffffff, 0x4, 0x3, 0x0, 0x9}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f0000000340)={0x23, {{0x2, 0x4e24, @multicast1}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}}}, 0x104) (async) syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100039cb5160899115a68af560102030109022400010805008109049e0100000008a90905080020000101a809049e"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) 4.128222985s ago: executing program 1 (id=2831): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) personality(0x40000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @loopback, 0x3}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x804c040}, 0x81) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x4}, 0x8) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) r2 = dup(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000200)={0xffff, 0x800d, 0x2f59, 0x8}, 0x10) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x4d, 0x2}, @ramp={0x200, 0x47d2, {0xead5, 0x101, 0x7, 0x2}}}) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r4, 0x5501) ioctl$UI_DEV_DESTROY(r4, 0x4008556c) bind$inet(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1b18) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a3000000000400000001b0a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a30"], 0xf8}, 0x1, 0x0, 0x0, 0x4840}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="481b45149f9489ee61241811a175d85d61acb9e6cbb8466cd6a94dd87d61ae2c2924c428c0e43f97954b121f3e93a338048c50fa7dcc6e43c0e1bbd274cadf87fbdad9d6bb169dd0685a83c36b55d3fcceaeb2994d2aba3d6989481936bd07a1ec08247a99f5a30cd4991841b23855d2a94de2b21d9312106cd3d0191856f6a59e8533a2ab8afe2988dd5d9a9d44463c9bcba6fa7d1d664bc8a76d3b3bc8eab08f5117352acb9b1b7160cc668a2ec3963303a9c92bd8835a4c01cb0968f7da75443cc22642beeed27cce97", 0xcb}, {&(0x7f0000000180)="297b0e0dbeee7372d73fd883e99f0d8c296a9de27e000b92cfa65061da39a01e70eb9c5f882a5d665b2d4be931c7f99130893743281e4fabd93787af746ac5bbc7573389d9541aaf07de8cd9ef9fc53e31679d16fd", 0x55}, {&(0x7f0000000400)="0cf94551192da54e73ee461d7b371a3ee236d5d7e2316eaa64b7124f36f6c8d03a434a026d77b8f56de673475ec44ce01ead4803737f0562b91dec28c8c9196e63c01ce15e84e5070b88cf99135b1d06e01bca6a5656076765ba1154348d41f8c5c407d7f71cd155ae4f02a421de32dd5dcfcb5796f3b7b2aa9861dd3b50f7a2a936bf8e303570", 0x87}, {&(0x7f0000000540)="9a7a41fcc5071873be3bb35ffb11b81a71af04b891a9d9953904fc50b2e35a8439f7c70d7f2366e4a4cbe8f8815a5029fca0d01f320d046b7bccf6fd67de1d1bfd3c2a0dc24bcdc70f6ba5b2403a4ac54a86e79d315a1c64812859fc6a8190e53fcc3e299c30c9d0f076774733cd49a5252fded490f173e645d73f64c8784f914535b9850a086115bbf7d18626281da575da92", 0x93}], 0x4, &(0x7f0000000200)=[@ip_tos_int={{0x10, 0x0, 0x1, 0x6}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x5}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x7}}], 0x30}, 0x20000000) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 4.065005805s ago: executing program 0 (id=2832): openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19f2, 0x3, 0x5, 0x2800, 0x9, 0xffff, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) splice(r7, 0x0, 0xffffffffffffffff, 0x0, 0x40000000000080, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) connect$inet(r5, &(0x7f00000001c0)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000140)='=', 0x1}], 0x1}}], 0x1, 0x40008d0) recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/250, 0xfa}], 0x1}, 0xf}], 0x1, 0x10122, 0x0) 3.751851349s ago: executing program 2 (id=2836): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000000440)={0xf, {"a2e3ad21e08eeb661b5d310987f70e06d038e7ff7fc6e5539b0d750e8b089b3f363b68090890e0878f0e1ac6e7049b3b48959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63da1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e6409000000000000002fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec1109110900d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e1505f6bf39ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97912507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000010000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227eabc1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b649f07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c47f8156832369c33076da865d258734dd73583df292892448839ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059ec01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c27155005e797b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02c67141a360c3ace48aee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7fdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e44e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333b25bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475fb7807fb33b72685ec37a2d3f7664fe2f0459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b6cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5dd40b0000000000005f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128060000008261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b6c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb00600000000000000dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69cce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x0, 0xfffffffe, 0x1d}, &(0x7f0000000840)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x35, 0x6, r0, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x2}}) syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = dup(r9) ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f00000000c0)={0x0, 0x115000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000400)={0x10000, 0x7000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r10, 0x4010ae68, &(0x7f0000000040)={0xdddd7000, 0x6000, 0x1}) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_getattr(0xffffffffffffffff, &(0x7f0000000140)={0x38}, 0x38, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r11 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r11, &(0x7f0000000000)={0x500, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020200090f000000000000000000000002000600000000000a00"], 0x78}}, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) socket$inet6(0xa, 0x3, 0x8000000003c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) 3.751622646s ago: executing program 4 (id=2837): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000ac0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0x10002}, {0x3, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4008000) r5 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r5, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r4, 0x1, 0xd8, 0x6, @multicast}, 0x14) 3.303881842s ago: executing program 3 (id=2838): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) pipe(0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0x13dc, 0x9, 0x8, 0x0, 0x400003}, 0x0) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x401c, &(0x7f0000000240)='}\x00') r5 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x60) read$FUSE(0xffffffffffffffff, &(0x7f0000002980)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000000)=0xffff0018) ioctl$SOUND_PCM_READ_CHANNELS(r7, 0x80045006, 0x0) syz_emit_ethernet(0x42, &(0x7f00000003c0)=ANY=[], 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x7) sendmsg$key(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="42050006060000002dbd700004dbdf2504000300380000dc0f00000000000000f9ffffffffffffffff7f000000000000530707531c6937880a2088ba13f64c012f0f21fa74feddba70ad7331204fc959c4a0a86cc99c2e817ac3e3aa484ef8e5a8a375c947b53ea383140115bafd52ed0a416fea34cbcb7f1e08c4ec4fc951c0f99d8b0d1be0a04e59d1cdbd4ec51a82fe96b5395169c07b6055bb24d089d81c6978492b1c506a2cd75743ffbe4f37ba58b16361a997827c3f7c0074fd73abc1eb04689685eadb8da751e882f522244b9c646caf892cbc11d661d17e7ec4c83cb233e09f793103d68eea4080", @ANYRESHEX, @ANYRES64=r3, @ANYRES16=r6, @ANYRES8, @ANYRES16=r4, @ANYRES16=r3], 0x30}}, 0x4008810) r8 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_QUERYCTRL(r8, 0xc0445624, &(0x7f0000000340)={0x88000003, 0x0, "679c51ecbc83d0e22e845e3ede5adc714d88a57474315dc49c00", 0x1, 0x0, 0x0, 0x200, 0x2}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="640000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="0000000f000000004400128009000100626f6e64000000003400028008000300810000000800050000000000080004000000000008000f00ff01"], 0x64}}, 0x0) 2.525040755s ago: executing program 2 (id=2839): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a00000200000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000a4ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000a004e2400020000fe"], 0x210) 2.243669848s ago: executing program 4 (id=2840): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000023c0), 0xa0482, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000ffffffb1000040"]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r6, 0x5, &(0x7f00000001c0)='name', 0x0, r6) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES8=r5], 0x104}, 0x1, 0x0, 0x0, 0x4810}, 0x0) 2.024141044s ago: executing program 2 (id=2841): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$kcm(0x29, 0x7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@generic="c628b1d62c"]}, 0x1c}}, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_WKALM_SET(r3, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x16, 0x16, 0x0, 0x8000}}) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) syz_open_procfs$userns(0x0, &(0x7f0000000540)) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r0, 0x917, 0xfffffffe, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x6}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000) 1.889250724s ago: executing program 0 (id=2842): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000000e10a00c3040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x1, 0x0, 0x4}, 0x10}, 0x28) 1.832725006s ago: executing program 3 (id=2843): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b80)={0x14, r2, 0xff7bc437091e83af, 0x0, 0x0, {0x33}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r0) sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x64, r3, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "cef8068887274c6cfa9b9ea4fe2d35d13b3bd84dff100ec1bec8ab252d440379ca"}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0xc001}, 0x1) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@newsa={0x144, 0x10, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x6c}, @in=@empty, {}, {0x0, 0x0, 0x6}, {}, 0x0, 0xfffffffd, 0xa, 0x0, 0x0, 0x40}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xff}, @XFRMA_IF_ID={0x8}]}, 0x144}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x48, r7, 0x1, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="37e6fc966e04", {0x0, 0x7}}, 0x888, 0x5d, @default, @void, @void}}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.772118044s ago: executing program 4 (id=2844): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 1.771692491s ago: executing program 1 (id=2845): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x10d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0x2}}}}}]}}]}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELRULE={0x34, 0x6, 0xa, 0xe01, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "e6"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x5c}, 0x1, 0x0, 0x0, 0x20048880}, 0x0) sendmsg$NFT_MSG_GETRULE(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000070a0101"], 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000100)=0x6, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e22, 0x81, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80d}], 0x1c) r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) eventfd(0x6) syz_usb_control_io$hid(r1, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r5, 0x0, 0x17, &(0x7f0000000180)=0xabf, 0x4) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000780)={'dummy0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000140)={@private2, 0x3a, r8}) setsockopt$inet_int(r5, 0x0, 0x17, &(0x7f0000000040)=0xb, 0x4) syz_usb_control_io$hid(r1, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00220700000015ed272a9aad4f3084dd83746933fd973dc465944b85e2c0ddc51ce46dc871508453a4b63c0e7639bf0434a5ce19d96f93925babd32ec72186a8f1d183c62a1e3d35662f74eaa7b527eda542b0ff8df6317634b45e7b12054a385c39eebb1f2da2e77ec420e34037d5509f82d81538cfb70dbfaf6c98b970a3308d389698db78e21f01282f85a9c9056e088355da2d86a9cdfc015c4bad2b1f08a4d913b5416c7987569c99e21df5c9659bfdc6f5489a2048ea0af5"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect(0x2, 0x24, 0x0, 0x0) r9 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r9, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x3, 0x6000, 0x0, 0x0}, {0x1, 0x2a19, 0x0, 0x0}], 0x2}) 1.697061607s ago: executing program 0 (id=2846): r0 = userfaultfd(0x80001) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) write$sequencer(r1, &(0x7f0000000080)=[@l={0x92, 0xe, 0xe0, 0x1e, 0x2a, 0xe, 0x8}], 0x8) socket$tipc(0x1e, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r4 = syz_open_pts(r3, 0x8182) r5 = dup3(r4, r3, 0x0) ioctl$TCFLSH(r5, 0x540b, 0x2) r6 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r7, @ANYBLOB="0000000003120100500012800b00010062726964676500004000028008000500010000000600270000"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) socket$tipc(0x1e, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38010000170001000000000000000000fc020000000000000000000000000000000000000000000000000000000000000000000300000000020000005e000000", @ANYRESDEC=r5, @ANYRESHEX=r7, @ANYRESOCT], 0x138}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x400, 0x3, 0x4, 0x9325, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x7dc48146, 0x7fffffff, 0x5539e0cf}, 0x0, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0) 1.391625346s ago: executing program 4 (id=2847): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) 1.371125271s ago: executing program 3 (id=2848): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x48, r3, 0x1, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {0xd00}, @broadcast, @device_a, @random="37e6fc966e04", {0x0, 0x7}}, 0x888, 0x5d, @default, @void, @void}}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.176094514s ago: executing program 3 (id=2849): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060088470000971b02"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004400)={0x98, r6, 0x5, 0x0, 0x25dfdbfa, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x36, 0xe, {{{}, {}, @device_b, @device_a, @from_mac=@device_b, {0x0, 0x300}}, 0x0, @default, 0x8201, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0x4, 0x3, 0x7}}, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x2c, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x21, 0x2, "82d4f05a3d1092fb3d78bef3fafe67543a68834de6a2f6835f604bebc5"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x800007f}]}, 0x98}}, 0x840) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r8) r9 = socket$unix(0x1, 0x5, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7ff, 0x100000000, 0x6eb, 0x80000000, 0x7, 0x2c0b}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0xf, 0x0, 0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) r12 = socket$rds(0x15, 0x5, 0x0) bind$rds(r12, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r12, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r13 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r12, &(0x7f0000000140)={0x2000}) setsockopt$RDS_CANCEL_SENT_TO(r12, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) socket$netlink(0x10, 0x3, 0x12) 1.150814953s ago: executing program 4 (id=2850): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000ac0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0x10002}, {0x3, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4008000) r5 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r5, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r4, 0x1, 0xd8, 0x6, @multicast}, 0x14) 666.241481ms ago: executing program 0 (id=2851): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newlinkprop={0x28, 0x6c, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x12004, 0x8000}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040881}, 0x4008000) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000003a00)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x1, {0x4e24, 0x2}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001a00)}], 0x4}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x400101) poll(&(0x7f0000000180)=[{r4}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_io_uring_setup(0x111c, &(0x7f0000000480)={0x0, 0xb583, 0x150, 0x3, 0xd4}, &(0x7f0000000180)=0x0, &(0x7f0000000200)) r7 = syz_io_uring_setup(0x111, &(0x7f00000003c0)={0x0, 0x2887, 0x0, 0x0, 0x2df, 0x0, r5}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0xc0, &(0x7f0000001740)=0xfff, 0x0, 0x4) syz_io_uring_submit(r6, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r7, 0x3516, 0xa5b8, 0x40, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={r4, 0x58, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl1\x00', r10, 0x29, 0x1, 0x6, 0x3, 0x20, @mcast1, @private2, 0x1, 0x8000, 0x4}}) cachestat(0xffffffffffffffff, &(0x7f0000001180)={0x5, 0x6}, &(0x7f000009de80), 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101201, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000015000100fdffffff0400000002800400", @ANYRES32=r11, @ANYBLOB="140000510a2200f40000000000000000"], 0x2c}}, 0x20040050) ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000440)={0x3, 0x2, 0x1, 0x0, 0xe}) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r4, 0xc008aec1, &(0x7f0000001840)={0x9, 0x0, [{0x80000007, 0x7fffffff, 0x4, 0x401, 0xd, 0x400, 0x7}, {0x80000008, 0x496, 0x4, 0x2a, 0x0, 0x8, 0x6}, {0x2, 0x9, 0x2, 0x1, 0xb, 0xe, 0x4}, {0x8, 0x5, 0x3, 0xfffffffa, 0x4, 0x9, 0x8}, {0x80000001, 0x7, 0x7, 0x8, 0x7, 0x7, 0x1}, {0x7, 0x3, 0x2, 0x9, 0x10000, 0x400, 0x1}, {0xc0000000, 0xb, 0x5, 0x2, 0x0, 0x9, 0x86}, {0x6, 0x8, 0x2, 0x46, 0x8, 0x7f, 0x80}, {0x40000000, 0x8, 0x1, 0x1, 0x16000, 0xfffffffe, 0x2395}]}) ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000017c0)={0x80, 0x0, 0xa}) 552.680739ms ago: executing program 2 (id=2852): openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19f2, 0x3, 0x5, 0x2800, 0x9, 0xffff, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) splice(r7, 0x0, 0xffffffffffffffff, 0x0, 0x40000000000080, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) connect$inet(r5, &(0x7f00000001c0)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000140)='=', 0x1}], 0x1}}], 0x1, 0x40008d0) recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/250, 0xfa}], 0x1}, 0xf}], 0x1, 0x10122, 0x0) 489.748922ms ago: executing program 3 (id=2853): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8bc, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x888, 0x2, [@TCA_MATCHALL_ACT={0x884, 0x2, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0xfffffffb, 0x4, 0x2, 0xffffffc0, 0x5, 0x2234, 0x7f, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x4, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x5, 0x1, 0x5b1f, 0x7b0, 0x7, 0x100, 0x6, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffff9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x1, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x9, 0x0, 0x7f, 0x7, 0x863c, 0xff, 0x24, 0x5, 0x7, 0x6, 0x7a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0xf, 0xda56, 0x7ffffffe, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x2, 0x1, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0x0, 0xac, 0x9, 0x6, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x7fff, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0x9, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x1, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x1, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1080, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x4, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x1e4ff, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x100, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0x4, 0x3, 0x9, 0xc, 0x0, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x3, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x3, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x3, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0xfff, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x3, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x0, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x886}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8bc}, 0x1, 0x0, 0x0, 0x10}, 0x0) 306.189µs ago: executing program 3 (id=2854): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000023c0), 0xa0482, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000ffffffb1000040"]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r6, 0x5, &(0x7f00000001c0)='name', 0x0, r6) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES8=r5], 0x104}, 0x1, 0x0, 0x0, 0x4810}, 0x0) 0s ago: executing program 4 (id=2855): bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = request_key(&(0x7f0000000340)='id_legacy\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000003c0)='/dev/vsock\x00', 0xfffffffffffffffe) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket$key(0xf, 0x3, 0x2) request_key(&(0x7f0000019080)='rxrpc_s\x00', &(0x7f00000190c0)={'syz', 0x2}, &(0x7f0000019100)='}\x00', r2) sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000fffffffe0002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x100000, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe4) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000020000000000000000006ed50d169fd1259a4008814b921f312bdff9490675"], 0x10}}, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x8) prctl$PR_MCE_KILL(0x35, 0x1, 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) kernel console output (not intermixed with test programs): 4][T14237] CPU: 1 UID: 0 PID: 14237 Comm: syz.1.2402 Not tainted syzkaller #0 PREEMPT(full) [ 771.074023][T14237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 771.074037][T14237] Call Trace: [ 771.074047][T14237] [ 771.074056][T14237] dump_stack_lvl+0x189/0x250 [ 771.074092][T14237] ? __pfx____ratelimit+0x10/0x10 [ 771.074120][T14237] ? __pfx_dump_stack_lvl+0x10/0x10 [ 771.074150][T14237] ? __pfx__printk+0x10/0x10 [ 771.074178][T14237] ? __lock_acquire+0xab9/0xd20 [ 771.074207][T14237] should_fail_ex+0x414/0x560 [ 771.074243][T14237] should_failslab+0xa8/0x100 [ 771.074268][T14237] kmem_cache_alloc_noprof+0x74/0x6e0 [ 771.074300][T14237] ? skb_clone+0x212/0x3a0 [ 771.074337][T14237] skb_clone+0x212/0x3a0 [ 771.074366][T14237] __netlink_deliver_tap+0x404/0x850 [ 771.074412][T14237] ? netlink_deliver_tap+0x2e/0x1b0 [ 771.074448][T14237] netlink_deliver_tap+0x19c/0x1b0 [ 771.074484][T14237] netlink_unicast+0x7fa/0x9e0 [ 771.074525][T14237] ? __pfx_netlink_unicast+0x10/0x10 [ 771.074558][T14237] ? netlink_sendmsg+0x642/0xb30 [ 771.074577][T14237] ? skb_put+0x11b/0x210 [ 771.074602][T14237] netlink_sendmsg+0x805/0xb30 [ 771.074634][T14237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 771.074658][T14237] ? __import_iovec+0x5d4/0x7f0 [ 771.074684][T14237] ? aa_sock_msg_perm+0xf1/0x1d0 [ 771.074719][T14237] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 771.074741][T14237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 771.074763][T14237] __sock_sendmsg+0x21c/0x270 [ 771.074796][T14237] ____sys_sendmsg+0x505/0x830 [ 771.074826][T14237] ? __pfx_____sys_sendmsg+0x10/0x10 [ 771.074867][T14237] ___sys_sendmsg+0x21f/0x2a0 [ 771.074893][T14237] ? __pfx____sys_sendmsg+0x10/0x10 [ 771.074957][T14237] ? __fget_files+0x2a/0x420 [ 771.074978][T14237] ? __fget_files+0x3a0/0x420 [ 771.075011][T14237] __sys_sendmsg+0x164/0x220 [ 771.075036][T14237] ? __pfx___sys_sendmsg+0x10/0x10 [ 771.075071][T14237] ? __pfx_ksys_write+0x10/0x10 [ 771.075106][T14237] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 771.075139][T14237] ? lockdep_hardirqs_on+0x9c/0x150 [ 771.075172][T14237] __do_fast_syscall_32+0xb6/0x2b0 [ 771.075204][T14237] ? lockdep_hardirqs_on+0x9c/0x150 [ 771.075237][T14237] do_fast_syscall_32+0x34/0x80 [ 771.075269][T14237] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 771.075296][T14237] RIP: 0023:0xf704d539 [ 771.075324][T14237] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 771.075347][T14237] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 771.075369][T14237] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 771.075385][T14237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 771.075397][T14237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 771.075411][T14237] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 771.075424][T14237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 771.075456][T14237] [ 771.373742][ T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 771.380406][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 771.390161][ T24] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 771.401549][ T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 771.412375][ T24] usb 1-1: media controller created [ 771.419564][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 771.432507][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 771.438357][ T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 771.485838][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input122 [ 771.498401][ T24] dvb-usb: schedule remote query interval to 150 msecs. [ 771.505418][ T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 771.629772][T14247] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2406'. [ 771.656123][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 771.675511][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 771.681331][ T5919] dvb-usb: error while querying for an remote control event. [ 771.731145][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 771.845551][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 771.845587][ T5919] dvb-usb: error while querying for an remote control event. [ 772.008759][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.008824][ T5919] dvb-usb: error while querying for an remote control event. [ 772.176109][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.176145][ T5919] dvb-usb: error while querying for an remote control event. [ 772.345713][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.345753][ T5919] dvb-usb: error while querying for an remote control event. [ 772.505508][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.505547][ T5919] dvb-usb: error while querying for an remote control event. [ 772.667195][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.667238][ T5919] dvb-usb: error while querying for an remote control event. [ 772.825502][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.825541][ T5919] dvb-usb: error while querying for an remote control event. [ 772.927142][T14266] rtc_cmos 00:00: Alarms can be up to one day in the future [ 772.991957][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 772.991998][ T5919] dvb-usb: error while querying for an remote control event. [ 773.195749][ T5919] dvb-usb: bulk message failed: -22 (1/0) [ 773.195831][ T5919] dvb-usb: error while querying for an remote control event. [ 773.195942][ T5828] speedtch 5-1:0.0: speedtch_bind: wrong device class 68 [ 773.195959][ T5828] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 773.197929][ T5828] usb 5-1: USB disconnect, device number 111 [ 773.217285][ T5834] usb 1-1: USB disconnect, device number 2 [ 773.328928][ T5834] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 774.815506][ T5966] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 774.945493][ T5966] usb 3-1: device descriptor read/64, error -71 [ 775.255452][ T5966] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 775.386195][ T5966] usb 3-1: device descriptor read/64, error -71 [ 775.455698][ T9] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 775.519264][ T5966] usb usb3-port1: attempt power cycle [ 775.635724][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 775.649765][ T9] usb 2-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config [ 775.671610][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 775.693294][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 775.703362][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=6 [ 775.711859][ T9] usb 2-1: SerialNumber: syz [ 775.751934][ T9] usb 2-1: config 0 descriptor?? [ 775.865579][ T5966] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 775.908504][ T5966] usb 3-1: device descriptor read/8, error -71 [ 776.135414][ T5919] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 776.195643][ T5966] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 776.258521][ T5966] usb 3-1: device descriptor read/8, error -71 [ 776.355588][ T5919] usb 1-1: Using ep0 maxpacket: 16 [ 776.366027][ T5966] usb usb3-port1: unable to enumerate USB device [ 776.373743][ T5919] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 776.392829][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.416525][ T5919] usb 1-1: Product: syz [ 776.434217][ T5919] usb 1-1: Manufacturer: syz [ 776.535507][ T5919] usb 1-1: SerialNumber: syz [ 776.696603][ T5919] usb 1-1: config 0 descriptor?? [ 777.009818][T14309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 777.018841][T14309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 778.308977][ T5828] usb 2-1: USB disconnect, device number 101 [ 778.700393][T14324] FAULT_INJECTION: forcing a failure. [ 778.700393][T14324] name failslab, interval 1, probability 0, space 0, times 0 [ 778.755533][T14324] CPU: 1 UID: 0 PID: 14324 Comm: syz.2.2427 Not tainted syzkaller #0 PREEMPT(full) [ 778.755568][T14324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 778.755582][T14324] Call Trace: [ 778.755590][T14324] [ 778.755599][T14324] dump_stack_lvl+0x189/0x250 [ 778.755634][T14324] ? __pfx____ratelimit+0x10/0x10 [ 778.755661][T14324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 778.755706][T14324] ? __pfx__printk+0x10/0x10 [ 778.755730][T14324] ? __pfx___might_resched+0x10/0x10 [ 778.755750][T14324] should_fail_ex+0x414/0x560 [ 778.755776][T14324] should_failslab+0xa8/0x100 [ 778.755801][T14324] kmem_cache_alloc_node_noprof+0x77/0x710 [ 778.755832][T14324] ? __alloc_skb+0x112/0x2d0 [ 778.755869][T14324] __alloc_skb+0x112/0x2d0 [ 778.755903][T14324] netlink_ack+0x146/0xa50 [ 778.755924][T14324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 778.755941][T14324] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 778.755957][T14324] ? __pfx_nl80211_post_doit+0x10/0x10 [ 778.755982][T14324] netlink_rcv_skb+0x28c/0x470 [ 778.756004][T14324] ? __lock_acquire+0xab9/0xd20 [ 778.756019][T14324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 778.756038][T14324] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 778.756074][T14324] ? down_read+0x1ad/0x2e0 [ 778.756098][T14324] genl_rcv+0x28/0x40 [ 778.756115][T14324] netlink_unicast+0x82f/0x9e0 [ 778.756142][T14324] ? __pfx_netlink_unicast+0x10/0x10 [ 778.756164][T14324] ? netlink_sendmsg+0x642/0xb30 [ 778.756176][T14324] ? skb_put+0x11b/0x210 [ 778.756192][T14324] netlink_sendmsg+0x805/0xb30 [ 778.756213][T14324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 778.756229][T14324] ? __import_iovec+0x5d4/0x7f0 [ 778.756247][T14324] ? aa_sock_msg_perm+0xf1/0x1d0 [ 778.756270][T14324] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 778.756285][T14324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 778.756300][T14324] __sock_sendmsg+0x21c/0x270 [ 778.756324][T14324] ____sys_sendmsg+0x505/0x830 [ 778.756344][T14324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 778.756372][T14324] ___sys_sendmsg+0x21f/0x2a0 [ 778.756389][T14324] ? __pfx____sys_sendmsg+0x10/0x10 [ 778.756430][T14324] ? __fget_files+0x2a/0x420 [ 778.756444][T14324] ? __fget_files+0x3a0/0x420 [ 778.756465][T14324] __sys_sendmsg+0x164/0x220 [ 778.756482][T14324] ? __pfx___sys_sendmsg+0x10/0x10 [ 778.756504][T14324] ? __pfx_ksys_write+0x10/0x10 [ 778.756527][T14324] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 778.756549][T14324] ? lockdep_hardirqs_on+0x9c/0x150 [ 778.756576][T14324] __do_fast_syscall_32+0xb6/0x2b0 [ 778.756598][T14324] ? lockdep_hardirqs_on+0x9c/0x150 [ 778.756620][T14324] do_fast_syscall_32+0x34/0x80 [ 778.756641][T14324] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 778.756660][T14324] RIP: 0023:0xf702d539 [ 778.756673][T14324] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 778.756687][T14324] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 778.756703][T14324] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 778.756714][T14324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 778.756722][T14324] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 778.756731][T14324] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 778.756741][T14324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 778.756764][T14324] [ 779.760371][ T5919] speedtch 1-1:0.0: speedtch_bind: wrong device class 68 [ 779.767666][ T5919] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 779.823164][T14330] netlink: 'syz.2.2428': attribute type 1 has an invalid length. [ 779.886018][ T5919] usb 1-1: USB disconnect, device number 3 [ 780.337674][T14334] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2431'. [ 780.648350][T14342] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=680 (1360 ns) > initial count (1048 ns). Using initial count to start timer. [ 780.818434][T14349] netlink: 'syz.2.2434': attribute type 58 has an invalid length. [ 780.826414][T14349] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2434'. [ 781.075902][T14356] xt_TPROXY: Can be used only with -p tcp or -p udp [ 781.585537][ T5966] usb 5-1: new full-speed USB device number 112 using dummy_hcd [ 781.809871][ T5966] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 781.835581][ T5966] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 781.855160][ T5966] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 781.905318][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.947909][ T5966] usb 5-1: config 0 descriptor?? [ 781.969244][ T5966] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 781.982733][ T5966] dvb-usb: bulk message failed: -22 (3/0) [ 782.014364][ T5966] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 782.042441][ T5966] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 782.064635][ T5966] usb 5-1: media controller created [ 782.082074][ T5966] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 782.116134][ T5966] dvb-usb: bulk message failed: -22 (6/0) [ 782.136263][ T5966] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 782.161865][ T5966] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input123 [ 782.210616][ T5966] dvb-usb: schedule remote query interval to 150 msecs. [ 782.235713][ T5966] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 782.395923][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 782.401835][ T9] dvb-usb: error while querying for an remote control event. [ 782.566321][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 782.584019][ T9] dvb-usb: error while querying for an remote control event. [ 782.758318][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 782.764174][ T9] dvb-usb: error while querying for an remote control event. [ 782.935664][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 782.954083][ T9] dvb-usb: error while querying for an remote control event. [ 783.135519][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 783.141364][ T9] dvb-usb: error while querying for an remote control event. [ 783.306330][ T5834] dvb-usb: bulk message failed: -22 (1/0) [ 783.312377][ T5834] dvb-usb: error while querying for an remote control event. [ 783.415714][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 783.486440][ T5834] dvb-usb: bulk message failed: -22 (1/0) [ 783.513677][ T5834] dvb-usb: error while querying for an remote control event. [ 783.585997][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 783.600576][ T9] usb 1-1: config 0 has no interfaces? [ 783.629167][ T9] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 783.655104][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.674380][ T9] usb 1-1: Product: syz [ 783.680532][ T9] usb 1-1: Manufacturer: syz [ 783.685213][ T9] usb 1-1: SerialNumber: syz [ 783.690684][ T5834] dvb-usb: bulk message failed: -22 (1/0) [ 783.700465][ T5834] dvb-usb: error while querying for an remote control event. [ 783.712106][ T9] usb 1-1: config 0 descriptor?? [ 783.717187][ T30] audit: type=1326 audit(1761654034.425:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.1.2441" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704d539 code=0x0 [ 783.769274][T14368] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2441'. [ 783.895722][ T5834] dvb-usb: bulk message failed: -22 (1/0) [ 783.901586][ T5834] dvb-usb: error while querying for an remote control event. [ 783.963345][T14363] vlan3: entered promiscuous mode [ 784.062710][ T5828] usb 5-1: USB disconnect, device number 112 [ 784.090114][ T5834] dvb-usb: bulk message failed: -22 (1/0) [ 784.103164][ T5834] dvb-usb: error while querying for an remote control event. [ 784.142337][ T5828] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 784.146265][ T5834] usb 1-1: USB disconnect, device number 4 [ 784.164203][T14371] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2442'. [ 784.207295][T14371] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2442'. [ 784.297422][T14368] syz.1.2441 (14368): drop_caches: 1 [ 784.369302][T14373] xt_hashlimit: overflow, try lower: 60585/0 [ 785.016262][T14386] xt_CT: You must specify a L4 protocol and not use inversions on it [ 785.095564][ T5834] usb 3-1: new full-speed USB device number 108 using dummy_hcd [ 785.125783][T14392] rtc_cmos 00:00: Alarms can be up to one day in the future [ 785.298538][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 785.361646][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 785.395451][ T5834] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 785.405476][ T5966] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 785.438923][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.463695][ T5834] usb 3-1: config 0 descriptor?? [ 785.569063][ T5966] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 785.579733][ T5966] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 785.596083][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.614228][ T5966] usb 5-1: config 0 descriptor?? [ 785.687525][T14382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 785.702077][T14382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 785.725223][T14382] vlan2: entered promiscuous mode [ 785.944146][ T5966] pwc: Askey VC010 type 2 USB webcam detected. [ 785.979334][ T5834] usbhid 3-1:0.0: can't add hid device: -71 [ 785.988033][ T5834] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 786.016143][ T5834] usb 3-1: USB disconnect, device number 108 [ 786.176682][ T5966] pwc: recv_control_msg error -32 req 02 val 2b00 [ 786.184722][ T5966] pwc: recv_control_msg error -32 req 02 val 2700 [ 786.194227][ T5966] pwc: recv_control_msg error -32 req 02 val 2c00 [ 786.202228][ T5966] pwc: recv_control_msg error -32 req 04 val 1000 [ 786.209957][ T5966] pwc: recv_control_msg error -32 req 04 val 1300 [ 786.955828][T14404] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2453'. [ 787.845779][ T5834] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 787.978771][ T5966] pwc: recv_control_msg error -71 req 04 val 1400 [ 787.995300][ T5966] pwc: recv_control_msg error -71 req 02 val 2000 [ 788.005961][ T5834] usb 3-1: Using ep0 maxpacket: 16 [ 788.049881][ T5834] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 788.060746][ T5966] pwc: recv_control_msg error -71 req 02 val 2100 [ 788.070598][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.078934][ T5834] usb 3-1: Product: syz [ 788.083346][ T5966] pwc: recv_control_msg error -71 req 04 val 1500 [ 788.090307][ T5834] usb 3-1: Manufacturer: syz [ 788.095240][ T5966] pwc: recv_control_msg error -71 req 02 val 2500 [ 788.101770][ T5834] usb 3-1: SerialNumber: syz [ 788.115289][ T5966] pwc: recv_control_msg error -71 req 02 val 2400 [ 788.126158][ T5966] pwc: recv_control_msg error -71 req 02 val 2600 [ 788.134354][ T5834] usb 3-1: config 0 descriptor?? [ 788.147408][ T5966] pwc: recv_control_msg error -71 req 02 val 2900 [ 788.166716][ T5966] pwc: recv_control_msg error -71 req 02 val 2800 [ 788.192165][ T5966] pwc: recv_control_msg error -71 req 04 val 1100 [ 788.213348][ T5966] pwc: recv_control_msg error -71 req 04 val 1200 [ 788.236493][ T5966] pwc: Registered as video103. [ 788.269620][ T5966] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input124 [ 788.328318][ T5966] usb 5-1: USB disconnect, device number 113 [ 788.462132][T14429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 788.481867][T14429] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 788.655547][ T5966] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 788.681134][T14434] netlink: 'syz.3.2462': attribute type 58 has an invalid length. [ 788.689149][T14434] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2462'. [ 788.805701][ T5966] usb 5-1: Using ep0 maxpacket: 16 [ 788.996293][ T5966] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 789.013545][ T5966] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 789.027627][ T5966] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 789.036973][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.050680][ T5966] usb 5-1: Product: syz [ 789.096386][ T5966] usb 5-1: Manufacturer: syz [ 789.185958][ T5966] usb 5-1: SerialNumber: syz [ 789.252969][ T5966] usb 5-1: config 0 descriptor?? [ 789.445566][ T5966] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 789.504637][ T5966] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 790.035112][ T5966] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 790.042112][ T5966] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 790.250903][ T5966] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 790.258177][ T5966] em28xx 5-1:0.0: No AC97 audio processor [ 790.487591][ T5834] speedtch 3-1:0.0: speedtch_bind: wrong device class 68 [ 790.559394][ T5834] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 790.623757][T14448] rtc_cmos 00:00: Alarms can be up to one day in the future [ 790.648706][ T5834] usb 3-1: USB disconnect, device number 109 [ 791.678792][ T5947] usb 5-1: USB disconnect, device number 114 [ 791.686204][ T5947] em28xx 5-1:0.0: Disconnecting em28xx [ 791.696084][ T5947] em28xx 5-1:0.0: Freeing device [ 792.255546][ T5947] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 792.333377][T14470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2471'. [ 792.350199][T14473] Cannot find set identified by id 1 to match [ 792.437920][ T5947] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 792.446525][ T5947] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 792.473610][ T5947] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 792.488278][ T5947] usb 5-1: config 220 has no interface number 2 [ 792.494830][ T5947] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 792.508860][ T5947] usb 5-1: config 220 interface 0 has no altsetting 0 [ 792.516436][ T5947] usb 5-1: config 220 interface 76 has no altsetting 0 [ 792.592422][T14483] rtc_cmos 00:00: Alarms can be up to one day in the future [ 792.686646][ T5947] usb 5-1: config 220 interface 1 has no altsetting 0 [ 792.722080][T14485] netlink: 'syz.1.2475': attribute type 58 has an invalid length. [ 792.730252][T14485] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2475'. [ 792.780510][ T5947] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 792.789863][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.805695][ T5947] usb 5-1: Product: syz [ 792.815502][ T5947] usb 5-1: Manufacturer: syz [ 792.820328][ T5947] usb 5-1: SerialNumber: syz [ 792.826293][ T5919] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 792.999423][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 793.012139][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.037757][ T5919] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 793.074101][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 793.114960][ T5919] usb 1-1: config 0 descriptor?? [ 793.188307][ T5947] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 793.196171][ T5947] uvcvideo 5-1:220.0: No valid video chain found. [ 793.203032][ T5947] usb 5-1: selecting invalid altsetting 0 [ 793.230101][ T5947] usb 5-1: selecting invalid altsetting 0 [ 793.238324][ T5947] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 793.255065][ T5947] usb 5-1: USB disconnect, device number 115 [ 793.471606][T14481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 793.503450][T14481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 793.553040][T14481] vlan3: entered promiscuous mode [ 793.654966][ T5919] usbhid 1-1:0.0: can't add hid device: -71 [ 793.662007][ T5919] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 793.681306][ T5919] usb 1-1: USB disconnect, device number 5 [ 794.253154][T14490] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 794.315745][ T5947] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 794.495498][ T5947] usb 5-1: Using ep0 maxpacket: 8 [ 794.502702][ T5947] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 794.517526][ T5947] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 794.526773][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.545493][ T5947] usb 5-1: Product: syz [ 794.549758][ T5947] usb 5-1: Manufacturer: syz [ 794.554882][ T5947] usb 5-1: SerialNumber: syz [ 794.598744][ T5947] usb 5-1: config 0 descriptor?? [ 794.608860][ T5947] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22 [ 794.821756][ T5947] usb 5-1: USB disconnect, device number 116 [ 794.987881][T14501] rtc_cmos 00:00: Alarms can be up to one day in the future [ 795.790978][T14505] netlink: 'syz.4.2485': attribute type 1 has an invalid length. [ 795.802322][T14503] syzkaller0: entered promiscuous mode [ 795.865761][T14503] syzkaller0: entered allmulticast mode [ 796.035756][T14513] FAULT_INJECTION: forcing a failure. [ 796.035756][T14513] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.078788][T14514] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2487'. [ 796.118273][T14513] CPU: 0 UID: 0 PID: 14513 Comm: syz.3.2488 Not tainted syzkaller #0 PREEMPT(full) [ 796.118302][T14513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 796.118315][T14513] Call Trace: [ 796.118323][T14513] [ 796.118333][T14513] dump_stack_lvl+0x189/0x250 [ 796.118367][T14513] ? __pfx____ratelimit+0x10/0x10 [ 796.118393][T14513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 796.118422][T14513] ? __pfx__printk+0x10/0x10 [ 796.118445][T14513] ? __might_fault+0xb0/0x130 [ 796.118485][T14513] should_fail_ex+0x414/0x560 [ 796.118520][T14513] _copy_from_user+0x2d/0xb0 [ 796.118568][T14513] get_compat_msghdr+0xad/0x4a0 [ 796.118614][T14513] ? __pfx_get_compat_msghdr+0x10/0x10 [ 796.118650][T14513] ___sys_sendmsg+0x193/0x2a0 [ 796.118676][T14513] ? __pfx____sys_sendmsg+0x10/0x10 [ 796.118737][T14513] ? __fget_files+0x2a/0x420 [ 796.118757][T14513] ? __fget_files+0x3a0/0x420 [ 796.118789][T14513] __sys_sendmsg+0x164/0x220 [ 796.118814][T14513] ? __pfx___sys_sendmsg+0x10/0x10 [ 796.118847][T14513] ? __pfx_ksys_write+0x10/0x10 [ 796.118881][T14513] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 796.118921][T14513] ? lockdep_hardirqs_on+0x9c/0x150 [ 796.118953][T14513] __do_fast_syscall_32+0xb6/0x2b0 [ 796.118985][T14513] ? lockdep_hardirqs_on+0x9c/0x150 [ 796.119017][T14513] do_fast_syscall_32+0x34/0x80 [ 796.119049][T14513] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 796.119075][T14513] RIP: 0023:0xf7f77539 [ 796.119094][T14513] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 796.119116][T14513] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 796.119139][T14513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 796.119155][T14513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 796.119168][T14513] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 796.119182][T14513] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 796.119195][T14513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 796.119229][T14513] [ 796.399786][T14518] xt_CT: You must specify a L4 protocol and not use inversions on it [ 796.496978][T14522] ALSA: mixer_oss: invalid index 40000 [ 796.726303][ T5919] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 796.801754][T14533] rtc_cmos 00:00: Alarms can be up to one day in the future [ 796.904388][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 796.923011][ T5919] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 796.930820][T14535] fuse: Unknown parameter '0000000000000000000000000000000000000000000005' [ 796.941279][T14536] fuse: Unknown parameter '0000000000000000000000000000000000000000000005' [ 796.963218][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.007929][ T5919] usb 2-1: config 0 descriptor?? [ 797.024270][ T5919] pwc: Askey VC010 type 2 USB webcam detected. [ 797.199015][T14542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2496'. [ 797.335475][ T10] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 797.487922][ T5919] pwc: recv_control_msg error -32 req 02 val 2b00 [ 797.505447][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 797.511092][ T5919] pwc: recv_control_msg error -32 req 02 val 2700 [ 797.518880][ T5919] pwc: recv_control_msg error -32 req 02 val 2c00 [ 797.529358][ T5919] pwc: recv_control_msg error -32 req 04 val 1000 [ 797.530081][ T10] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 797.544767][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 797.569011][ T5919] pwc: recv_control_msg error -32 req 04 val 1300 [ 797.590953][ T10] usb 3-1: config 0 has no interface number 0 [ 797.600975][ T5919] pwc: recv_control_msg error -71 req 04 val 1400 [ 797.622163][ T10] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 797.625060][ T5919] pwc: recv_control_msg error -71 req 02 val 2000 [ 797.664946][ T5919] pwc: recv_control_msg error -71 req 02 val 2100 [ 797.684767][ T10] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 797.685756][ T5919] pwc: recv_control_msg error -71 req 04 val 1500 [ 797.705039][ T5919] pwc: recv_control_msg error -71 req 02 val 2500 [ 797.713400][ T5919] pwc: recv_control_msg error -71 req 02 val 2400 [ 797.723486][ T5919] pwc: recv_control_msg error -71 req 02 val 2600 [ 797.730337][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 797.745573][ T10] usb 3-1: config 0 interface 52 has no altsetting 0 [ 797.747480][ T5919] pwc: recv_control_msg error -71 req 02 val 2900 [ 797.757236][ T10] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 797.759829][ T5919] pwc: recv_control_msg error -71 req 02 val 2800 [ 797.775998][ T10] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 797.784971][ T10] usb 3-1: Manufacturer: syz [ 797.786120][ T5919] pwc: recv_control_msg error -71 req 04 val 1100 [ 797.798647][ T10] usb 3-1: config 0 descriptor?? [ 797.806157][ T5919] pwc: recv_control_msg error -71 req 04 val 1200 [ 797.817569][ T10] hub 3-1:0.52: bad descriptor, ignoring hub [ 797.823629][ T10] hub 3-1:0.52: probe with driver hub failed with error -5 [ 797.835972][ T5919] pwc: Registered as video103. [ 797.851349][ T5919] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input125 [ 797.895733][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 797.910316][ T24] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 797.925698][ T5919] usb 2-1: USB disconnect, device number 102 [ 797.932341][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.967481][ T24] usb 1-1: Product: syz [ 797.973878][ T24] usb 1-1: Manufacturer: syz [ 797.979095][ T24] usb 1-1: SerialNumber: syz [ 797.990801][ T24] usb 1-1: config 0 descriptor?? [ 798.040320][ T10] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input126 [ 798.104641][T14551] PKCS8: Unsupported PKCS#8 version [ 798.131517][T14551] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2500'. [ 798.173975][T14554] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2501'. [ 798.324682][T14557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 798.333884][T14557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.342783][ T10] usb 3-1: USB disconnect, device number 110 [ 798.620891][T14564] syzkaller0: entered promiscuous mode [ 798.627372][T14564] syzkaller0: entered allmulticast mode [ 798.963636][T14572] xt_hashlimit: overflow, try lower: 60585/0 [ 799.145985][ T10] usb 5-1: new full-speed USB device number 117 using dummy_hcd [ 799.338979][T14581] FAULT_INJECTION: forcing a failure. [ 799.338979][T14581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 799.376652][T14579] rtc_cmos 00:00: Alarms can be up to one day in the future [ 799.405494][T14581] CPU: 1 UID: 0 PID: 14581 Comm: syz.2.2511 Not tainted syzkaller #0 PREEMPT(full) [ 799.405525][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 799.405542][T14581] Call Trace: [ 799.405552][T14581] [ 799.405562][T14581] dump_stack_lvl+0x189/0x250 [ 799.405598][T14581] ? __pfx____ratelimit+0x10/0x10 [ 799.405624][T14581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 799.405655][T14581] ? __pfx__printk+0x10/0x10 [ 799.405677][T14581] ? __might_fault+0xb0/0x130 [ 799.405720][T14581] should_fail_ex+0x414/0x560 [ 799.405758][T14581] _copy_from_user+0x2d/0xb0 [ 799.405787][T14581] kstrtouint_from_user+0xc4/0x170 [ 799.405813][T14581] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 799.405854][T14581] proc_fail_nth_write+0x88/0x200 [ 799.405883][T14581] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 799.405919][T14581] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 799.405949][T14581] vfs_write+0x27e/0xb30 [ 799.405990][T14581] ? __pfx_vfs_write+0x10/0x10 [ 799.406022][T14581] ? __fget_files+0x2a/0x420 [ 799.406049][T14581] ? __fget_files+0x3a0/0x420 [ 799.406068][T14581] ? __fget_files+0x2a/0x420 [ 799.406099][T14581] ksys_write+0x145/0x250 [ 799.406132][T14581] ? __pfx_ksys_write+0x10/0x10 [ 799.406166][T14581] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 799.406199][T14581] ? lockdep_hardirqs_on+0x9c/0x150 [ 799.406230][T14581] __do_fast_syscall_32+0xb6/0x2b0 [ 799.406271][T14581] ? lockdep_hardirqs_on+0x9c/0x150 [ 799.406304][T14581] do_fast_syscall_32+0x34/0x80 [ 799.406335][T14581] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.406361][T14581] RIP: 0023:0xf702d539 [ 799.406380][T14581] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 799.406399][T14581] RSP: 002b:00000000f541d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 799.406422][T14581] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f541d620 [ 799.406437][T14581] RDX: 0000000000000001 RSI: 00000000f73c5ff4 RDI: 0000000000000000 [ 799.406452][T14581] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 799.406466][T14581] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 799.406479][T14581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 799.406513][T14581] [ 799.759173][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 799.907602][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 800.043839][ T10] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 800.063831][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.084435][ T10] usb 5-1: config 0 descriptor?? [ 800.315137][T14569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 800.340784][T14569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 800.367750][T14569] vlan2: entered promiscuous mode [ 800.529760][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 800.575695][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 800.609920][ T10] usb 5-1: USB disconnect, device number 117 [ 800.637253][ T24] speedtch 1-1:0.0: speedtch_bind: wrong device class 68 [ 800.644340][ T24] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 800.727080][ T24] usb 1-1: USB disconnect, device number 6 [ 801.017291][T14605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 801.026523][T14605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 801.617387][T14615] FAULT_INJECTION: forcing a failure. [ 801.617387][T14615] name failslab, interval 1, probability 0, space 0, times 0 [ 801.713813][T14615] CPU: 0 UID: 0 PID: 14615 Comm: syz.0.2516 Not tainted syzkaller #0 PREEMPT(full) [ 801.713855][T14615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.713867][T14615] Call Trace: [ 801.713875][T14615] [ 801.713884][T14615] dump_stack_lvl+0x189/0x250 [ 801.713917][T14615] ? __pfx____ratelimit+0x10/0x10 [ 801.713942][T14615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 801.713969][T14615] ? __pfx__printk+0x10/0x10 [ 801.713995][T14615] ? __pfx___might_resched+0x10/0x10 [ 801.714025][T14615] ? fs_reclaim_acquire+0x7d/0x100 [ 801.714060][T14615] should_fail_ex+0x414/0x560 [ 801.714094][T14615] should_failslab+0xa8/0x100 [ 801.714118][T14615] kmem_cache_alloc_node_noprof+0x77/0x710 [ 801.714148][T14615] ? __alloc_skb+0x112/0x2d0 [ 801.714179][T14615] ? netlink_autobind+0xdb/0x300 [ 801.714214][T14615] __alloc_skb+0x112/0x2d0 [ 801.714246][T14615] netlink_sendmsg+0x5c6/0xb30 [ 801.714274][T14615] ? __pfx_netlink_sendmsg+0x10/0x10 [ 801.714295][T14615] ? __import_iovec+0x5d4/0x7f0 [ 801.714317][T14615] ? aa_sock_msg_perm+0xf1/0x1d0 [ 801.714345][T14615] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 801.714364][T14615] ? __pfx_netlink_sendmsg+0x10/0x10 [ 801.714383][T14615] __sock_sendmsg+0x21c/0x270 [ 801.714412][T14615] ____sys_sendmsg+0x505/0x830 [ 801.714437][T14615] ? __pfx_____sys_sendmsg+0x10/0x10 [ 801.714473][T14615] ___sys_sendmsg+0x21f/0x2a0 [ 801.714496][T14615] ? __pfx____sys_sendmsg+0x10/0x10 [ 801.714543][T14615] ? __fget_files+0x2a/0x420 [ 801.714558][T14615] ? __fget_files+0x3a0/0x420 [ 801.714581][T14615] __sys_sendmsg+0x164/0x220 [ 801.714599][T14615] ? __pfx___sys_sendmsg+0x10/0x10 [ 801.714623][T14615] ? __pfx_ksys_write+0x10/0x10 [ 801.714648][T14615] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 801.714673][T14615] ? lockdep_hardirqs_on+0x9c/0x150 [ 801.714718][T14615] __do_fast_syscall_32+0xb6/0x2b0 [ 801.714743][T14615] ? lockdep_hardirqs_on+0x9c/0x150 [ 801.714768][T14615] do_fast_syscall_32+0x34/0x80 [ 801.714793][T14615] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 801.714814][T14615] RIP: 0023:0xf7fd4539 [ 801.714830][T14615] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 801.714845][T14615] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 801.714864][T14615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 801.714876][T14615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 801.714887][T14615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 801.714897][T14615] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 801.714907][T14615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 801.714932][T14615] [ 802.083694][T14619] FAULT_INJECTION: forcing a failure. [ 802.083694][T14619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 802.098420][T14619] CPU: 0 UID: 0 PID: 14619 Comm: syz.1.2521 Not tainted syzkaller #0 PREEMPT(full) [ 802.098441][T14619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 802.098451][T14619] Call Trace: [ 802.098458][T14619] [ 802.098465][T14619] dump_stack_lvl+0x189/0x250 [ 802.098492][T14619] ? __pfx____ratelimit+0x10/0x10 [ 802.098512][T14619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 802.098533][T14619] ? __pfx__printk+0x10/0x10 [ 802.098549][T14619] ? __might_fault+0xb0/0x130 [ 802.098579][T14619] should_fail_ex+0x414/0x560 [ 802.098607][T14619] _copy_from_user+0x2d/0xb0 [ 802.098627][T14619] get_compat_msghdr+0xad/0x4a0 [ 802.098647][T14619] ? __pfx_get_compat_msghdr+0x10/0x10 [ 802.098672][T14619] ___sys_sendmsg+0x193/0x2a0 [ 802.098690][T14619] ? __pfx____sys_sendmsg+0x10/0x10 [ 802.098732][T14619] ? __fget_files+0x2a/0x420 [ 802.098746][T14619] ? __fget_files+0x3a0/0x420 [ 802.098768][T14619] __sys_sendmsg+0x164/0x220 [ 802.098785][T14619] ? __pfx___sys_sendmsg+0x10/0x10 [ 802.098808][T14619] ? __pfx_ksys_write+0x10/0x10 [ 802.098832][T14619] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 802.098855][T14619] ? lockdep_hardirqs_on+0x9c/0x150 [ 802.098877][T14619] __do_fast_syscall_32+0xb6/0x2b0 [ 802.098900][T14619] ? lockdep_hardirqs_on+0x9c/0x150 [ 802.098922][T14619] do_fast_syscall_32+0x34/0x80 [ 802.098944][T14619] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 802.098964][T14619] RIP: 0023:0xf704d539 [ 802.098978][T14619] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 802.098991][T14619] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 802.099008][T14619] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 802.099019][T14619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 802.099028][T14619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 802.099037][T14619] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 802.099047][T14619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 802.099069][T14619] [ 802.681173][T14630] netlink: 'syz.4.2524': attribute type 58 has an invalid length. [ 802.689263][T14630] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2524'. [ 803.255456][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 803.447520][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 803.468618][ T24] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 803.478030][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.486429][ T24] usb 1-1: Product: syz [ 803.521174][ T24] usb 1-1: Manufacturer: syz [ 803.598061][ T24] usb 1-1: SerialNumber: syz [ 803.621739][ T24] usb 1-1: config 0 descriptor?? [ 803.975250][T14647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 803.984747][T14647] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 805.344022][T14662] vivid-005: ================= START STATUS ================= [ 805.354674][T14662] vivid-005: FM Deviation: 75000 [ 805.361243][T14662] vivid-005: ================== END STATUS ================== [ 805.835765][T14664] xt_hashlimit: overflow, try lower: 60585/0 [ 806.097830][ T24] speedtch 1-1:0.0: speedtch_bind: wrong device class 68 [ 806.238438][ T24] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 806.260687][ T24] usb 1-1: USB disconnect, device number 7 [ 806.580883][T14673] syzkaller0: entered promiscuous mode [ 806.599632][T14673] syzkaller0: entered allmulticast mode [ 807.634666][T14697] Cannot find add_set index 0 as target [ 807.658810][T14697] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 807.718611][T14697] macsec1: entered promiscuous mode [ 807.724072][T14697] macsec1: entered allmulticast mode [ 807.851031][ T10] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 807.876140][T14697] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 807.888832][T14697] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 807.917124][T14697] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 808.025298][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.039531][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.057612][ T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.068485][ T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.085105][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 808.099110][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 808.110907][T14704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2548'. [ 808.117880][ T10] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 808.188405][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.221781][ T10] usb 2-1: config 0 descriptor?? [ 808.458174][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2551'. [ 808.649839][ T10] hid-led 0003:0FC5:B080.0012: unknown main item tag 0x0 [ 808.657375][ T5947] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 808.666865][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.673285][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.918613][ T5947] usb 1-1: Using ep0 maxpacket: 16 [ 808.941785][ T5947] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 808.951734][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.966711][ T5947] usb 1-1: config 0 descriptor?? [ 808.977587][ T5947] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 809.075499][ T5966] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 809.191246][ T5947] usb 1-1: Detected FT232B [ 809.235493][ T5966] usb 3-1: Using ep0 maxpacket: 32 [ 809.252143][ T5966] usb 3-1: config 0 has no interfaces? [ 809.270499][ T5966] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 809.298943][ T5966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.324156][ T5966] usb 3-1: Product: syz [ 809.337474][ T5966] usb 3-1: Manufacturer: syz [ 809.351090][ T5966] usb 3-1: SerialNumber: syz [ 809.384660][ T5966] usb 3-1: config 0 descriptor?? [ 809.426577][ T5919] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 809.558070][ T5947] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 809.568152][ T10] hid-led 0003:0FC5:B080.0012: probe with driver hid-led failed with error -71 [ 809.590779][ T5947] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 809.612701][ T10] usb 2-1: USB disconnect, device number 103 [ 809.628212][T14717] vlan2: entered promiscuous mode [ 809.682805][ T5947] usb 3-1: USB disconnect, device number 111 [ 809.731284][ T5919] usb 5-1: too many configurations: 241, using maximum allowed: 8 [ 809.777064][ T5919] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 809.795481][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.803678][ T5919] usb 5-1: Product: syz [ 809.810561][ T24] usb 1-1: USB disconnect, device number 8 [ 809.819892][ T5919] usb 5-1: Manufacturer: syz [ 809.826551][ T5919] usb 5-1: SerialNumber: syz [ 809.833785][ T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 809.849732][ T5919] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 809.858652][ T24] ftdi_sio 1-1:0.0: device disconnected [ 809.891765][ T5920] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 810.083998][T14728] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2557'. [ 810.084071][T14729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2557'. [ 810.120010][T14721] netlink: 'syz.4.2554': attribute type 11 has an invalid length. [ 810.368683][ T10] usb 5-1: USB disconnect, device number 118 [ 810.536763][T14745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 810.554274][T14745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 810.874949][T14752] rtc_cmos 00:00: Alarms can be up to one day in the future [ 810.985593][ T5920] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 810.992713][ T5920] ath9k_htc: Failed to initialize the device [ 811.035258][ T10] usb 5-1: ath9k_htc: USB layer deinitialized [ 811.219077][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2565'. [ 811.476986][T14758] PKCS8: Unsupported PKCS#8 version [ 811.483471][T14758] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2567'. [ 811.528900][T14722] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 811.574676][T14761] hfs: unable to load iocharset "I†#hÆIarsÌ8ÒÎŽ wÑ·}+Ô[S‚“š_. ô,ƒs$n¡FÿBlÿbÆSR,Ð.R]^kŽR¥“Lý/­ J}&Æìo9b6˜Ž\wÜm¨$xšÙçųñCdeOé«jocÚ…`1Ò†Ÿ‚m‰#C”X^ݾOø;;ï©ï¦󣫭Xp­!°ì³+ÿ¥Æ‡ÇK=ÊA ‡­Øa2H‹îKAµ² Š»r·‹pæ" [ 811.717466][T14722] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 811.729632][T14722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 811.742371][T14722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 811.754713][T14722] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 811.767183][T14722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 811.798576][T14722] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 811.848321][T14722] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 811.859345][T14722] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.880236][T14722] usb 2-1: Product: syz [ 811.884445][T14722] usb 2-1: Manufacturer: syz [ 811.905527][T14722] usb 2-1: SerialNumber: syz [ 811.923830][T14722] usb 2-1: config 0 descriptor?? [ 811.938863][T14722] iguanair 2-1:0.0: probe with driver iguanair failed with error -12 [ 812.080133][T14772] rtc_cmos 00:00: Alarms can be up to one day in the future [ 812.189498][T14722] usb 2-1: USB disconnect, device number 104 [ 812.826946][T14776] xt_hashlimit: overflow, try lower: 60585/0 [ 813.645461][ T10] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 814.065449][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 814.087898][T14793] binder: BINDER_SET_CONTEXT_MGR already set [ 814.094130][T14793] binder: 14791:14793 ioctl 4018620d 80004a80 returned -16 [ 814.145525][ T24] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 814.166291][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 814.384770][ T10] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 814.395449][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.461375][ T10] usb 5-1: Product: syz [ 814.477385][T14799] hfs: unable to load iocharset "I†#hÆIarsÌ8ÒÎŽ wÑ·}+Ô[S‚“š_. ô,ƒs$n¡FÿBlÿbÆSR,Ð.R]^kŽR¥“Lý/­ J}&Æìo9b6˜Ž\wÜm¨$xšÙçųñCdeOé«jocÚ…`1Ò†Ÿ‚m‰#C”X^ݾOø;;ï©ï¦󣫭Xp­!°ì³+ÿ¥Æ‡ÇK=ÊA ‡­Øa2H‹îKAµ² Š»r·‹pæ" [ 814.511774][ T10] usb 5-1: Manufacturer: syz [ 814.545230][ T10] usb 5-1: SerialNumber: syz [ 814.575572][ T10] usb 5-1: config 0 descriptor?? [ 814.587158][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 814.627891][ T24] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 814.636931][ T10] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 814.636971][ T10] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 814.706916][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.747197][ T24] usb 3-1: config 0 descriptor?? [ 814.768643][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 815.196491][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 815.204057][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 815.207006][ T10] em28xx 5-1:0.0: chip ID is em2840 [ 815.211645][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 815.223271][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 815.230900][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 815.282892][T14804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2582'. [ 815.295742][ T5947] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 815.472742][T14806] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2583'. [ 815.483323][T14806] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2583'. [ 815.485545][ T5947] usb 1-1: Using ep0 maxpacket: 16 [ 815.500242][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 815.512767][ T5947] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 815.522608][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.546153][ T5947] usb 1-1: config 0 descriptor?? [ 815.592458][T14810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 815.601778][T14810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 815.759952][T14802] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2581'. [ 815.769094][T14802] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2581'. [ 815.836377][ T10] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 815.844923][ T10] em28xx 5-1:0.0: board has no eeprom [ 816.187383][ T10] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 816.201170][ T10] em28xx 5-1:0.0: dvb set to bulk mode. [ 816.215732][ T5834] em28xx 5-1:0.0: Binding DVB extension [ 816.255155][ T5947] usbhid 1-1:0.0: can't add hid device: -71 [ 816.269409][ T5947] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 816.297877][ T5947] usb 1-1: USB disconnect, device number 9 [ 816.380947][ T24] pwc: recv_control_msg error -71 req 04 val 1400 [ 816.389144][ T24] pwc: recv_control_msg error -71 req 02 val 2000 [ 816.400446][ T24] pwc: recv_control_msg error -71 req 02 val 2100 [ 816.407963][ T24] pwc: recv_control_msg error -71 req 04 val 1500 [ 816.418010][ T24] pwc: recv_control_msg error -71 req 02 val 2500 [ 816.431621][ T24] pwc: recv_control_msg error -71 req 02 val 2400 [ 816.438810][ T24] pwc: recv_control_msg error -71 req 02 val 2600 [ 816.446395][ T24] pwc: recv_control_msg error -71 req 02 val 2900 [ 816.453211][ T24] pwc: recv_control_msg error -71 req 02 val 2800 [ 816.460584][ T24] pwc: recv_control_msg error -71 req 04 val 1100 [ 816.467982][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 816.480168][ T24] pwc: Registered as video103. [ 816.499544][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input128 [ 816.545927][ T24] usb 3-1: USB disconnect, device number 112 [ 816.546263][ T10] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 816.727159][ T10] usb 2-1: config index 0 descriptor too short (expected 27749, got 36) [ 816.735822][ T10] usb 2-1: config 101 has too many interfaces: 112, using maximum allowed: 32 [ 816.744744][ T10] usb 2-1: config 101 has an invalid descriptor of length 32, skipping remainder of the config [ 816.755440][ T10] usb 2-1: config 101 has 0 interfaces, different from the descriptor's value: 112 [ 816.764809][ T10] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 816.774308][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.895496][ T24] usb 3-1: new full-speed USB device number 113 using dummy_hcd [ 816.990281][T14818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 816.999868][T14818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 817.015264][ T10] usb 2-1: string descriptor 0 read error: -71 [ 817.056264][ T10] usb 2-1: USB disconnect, device number 105 [ 817.058967][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 817.084203][ T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 817.095313][ T24] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 817.106820][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.125507][ T24] usb 3-1: config 0 descriptor?? [ 817.147132][T14787] em28xx 5-1:0.0: writing to i2c device at 0xfffe failed (error=-5) [ 817.173167][ T5947] usb 5-1: USB disconnect, device number 119 [ 817.186775][ T5947] em28xx 5-1:0.0: Disconnecting em28xx [ 817.264266][ T5834] em28xx 5-1:0.0: Registering input extension [ 817.288446][ T5947] em28xx 5-1:0.0: Closing input extension [ 817.318649][ T5947] em28xx 5-1:0.0: Freeing device [ 817.338968][T14823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 817.357885][T14823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 817.368943][T14823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 817.386010][T14823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 817.395753][T14823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2586'. [ 817.415185][T14823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2586'. [ 817.453545][ T5834] usb 3-1: USB disconnect, device number 113 [ 817.485466][ T5920] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 817.795051][ T5920] usb 2-1: Using ep0 maxpacket: 8 [ 817.959535][ T5920] usb 2-1: config index 0 descriptor too short (expected 72, got 36) [ 817.971892][ T5920] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 817.996582][ T5920] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice= 1.08 [ 818.038067][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.056757][ T5920] usb 2-1: Product: syz [ 818.061061][ T5920] usb 2-1: Manufacturer: syz [ 818.065876][ T5920] usb 2-1: SerialNumber: syz [ 818.482911][ T5834] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 818.645601][ T5834] usb 3-1: Using ep0 maxpacket: 32 [ 818.655122][ T5834] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 818.670962][ T5834] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 818.682470][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 818.692582][ T5834] usb 3-1: Product: syz [ 818.698485][ T5834] usb 3-1: Manufacturer: syz [ 818.714142][ T5834] usb 3-1: SerialNumber: syz [ 818.733017][T14848] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2593'. [ 818.747506][ T5834] usb 3-1: config 0 descriptor?? [ 818.755823][T14843] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 818.796888][ T5834] hub 3-1:0.0: bad descriptor, ignoring hub [ 818.829116][ T5834] hub 3-1:0.0: probe with driver hub failed with error -5 [ 818.995688][ T5834] usb 2-1: USB disconnect, device number 106 [ 819.188419][ T5966] usb 3-1: USB disconnect, device number 114 [ 819.274076][T14853] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2595'. [ 819.316705][T14855] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2596'. [ 819.401954][T14858] Cannot find add_set index 0 as target [ 819.462334][T14858] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 819.470021][T14858] macsec1: entered promiscuous mode [ 819.476937][T14858] macsec1: entered allmulticast mode [ 819.482593][T14858] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 819.493524][T14858] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 819.501345][T14858] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 819.675442][ T5834] usb 5-1: new full-speed USB device number 120 using dummy_hcd [ 819.683259][T14870] netlink: 'syz.1.2603': attribute type 1 has an invalid length. [ 819.865962][T14722] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 819.878845][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 820.093184][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 820.109176][ T5834] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 820.130733][T14722] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 820.141121][T14722] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 820.150224][T14722] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 820.160267][T14722] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.212681][T14722] usb 1-1: config 0 descriptor?? [ 820.555414][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.579287][ T5834] usb 5-1: config 0 descriptor?? [ 820.621529][T14884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2604'. [ 820.635926][T14880] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 820.642908][T14880] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 820.649970][T14880] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 820.658960][T14880] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 820.667761][T14867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 820.687555][T14867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 820.785856][T14884] bond2: option resend_igmp: invalid value (511) [ 820.792624][T14884] bond2: option resend_igmp: allowed values 0 - 255 [ 821.216095][T14867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 821.228340][T14884] bond2 (unregistering): Released all slaves [ 821.270695][T14867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.272821][T14861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 821.404803][T14861] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.444409][T14867] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2601'. [ 821.485575][T14867] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2601'. [ 821.555818][T14861] vlan2: entered promiscuous mode [ 821.603935][ T5920] usb 1-1: USB disconnect, device number 10 [ 821.653171][ T5834] usbhid 5-1:0.0: can't add hid device: -71 [ 821.670213][ T5834] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 821.736073][ T5834] usb 5-1: USB disconnect, device number 120 [ 821.965748][T14895] PKCS8: Unsupported PKCS#8 version [ 821.966545][T14895] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2610'. [ 822.103362][T14899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2611'. [ 822.308220][T14905] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2613'. [ 822.311159][ T30] audit: type=1326 audit(1761654073.035:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14903 comm="syz.4.2614" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x0 [ 822.567551][T14913] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2616'. [ 822.585590][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 822.747608][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 822.753875][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 822.760114][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout [ 822.803345][T14917] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2617'. [ 823.378697][T14928] bridge12: entered promiscuous mode [ 825.467534][T14948] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2624'. [ 825.678575][T14958] FAULT_INJECTION: forcing a failure. [ 825.678575][T14958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 825.755421][T14958] CPU: 1 UID: 0 PID: 14958 Comm: syz.1.2626 Not tainted syzkaller #0 PREEMPT(full) [ 825.755444][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 825.755454][T14958] Call Trace: [ 825.755461][T14958] [ 825.755468][T14958] dump_stack_lvl+0x189/0x250 [ 825.755493][T14958] ? __pfx____ratelimit+0x10/0x10 [ 825.755512][T14958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 825.755532][T14958] ? __pfx__printk+0x10/0x10 [ 825.755548][T14958] ? __might_fault+0xb0/0x130 [ 825.755597][T14958] should_fail_ex+0x414/0x560 [ 825.755625][T14958] _copy_from_iter+0x1de/0x1790 [ 825.755665][T14958] ? rcu_is_watching+0x15/0xb0 [ 825.755686][T14958] ? kmalloc_reserve+0xbd/0x290 [ 825.755711][T14958] ? __pfx__copy_from_iter+0x10/0x10 [ 825.755729][T14958] ? __build_skb_around+0x262/0x3f0 [ 825.755755][T14958] ? netlink_sendmsg+0x642/0xb30 [ 825.755768][T14958] ? skb_put+0x11b/0x210 [ 825.755785][T14958] netlink_sendmsg+0x6b2/0xb30 [ 825.755806][T14958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.755822][T14958] ? __import_iovec+0x5d4/0x7f0 [ 825.755841][T14958] ? aa_sock_msg_perm+0xf1/0x1d0 [ 825.755866][T14958] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 825.755882][T14958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.755897][T14958] __sock_sendmsg+0x21c/0x270 [ 825.755919][T14958] ____sys_sendmsg+0x505/0x830 [ 825.755939][T14958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 825.755967][T14958] ___sys_sendmsg+0x21f/0x2a0 [ 825.755984][T14958] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.756026][T14958] ? __fget_files+0x2a/0x420 [ 825.756040][T14958] ? __fget_files+0x3a0/0x420 [ 825.756062][T14958] __sys_sendmsg+0x164/0x220 [ 825.756079][T14958] ? __pfx___sys_sendmsg+0x10/0x10 [ 825.756102][T14958] ? __pfx_ksys_write+0x10/0x10 [ 825.756126][T14958] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 825.756149][T14958] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.756171][T14958] __do_fast_syscall_32+0xb6/0x2b0 [ 825.756193][T14958] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.756219][T14958] do_fast_syscall_32+0x34/0x80 [ 825.756241][T14958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 825.756261][T14958] RIP: 0023:0xf704d539 [ 825.756275][T14958] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 825.756289][T14958] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 825.756306][T14958] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 825.756317][T14958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 825.756326][T14958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 825.756335][T14958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 825.756344][T14958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 825.756367][T14958] [ 826.041145][ C1] vkms_vblank_simulate: vblank timer overrun [ 826.553097][T14969] fuse: Unknown parameter '' [ 826.648660][T14974] Cannot find add_set index 0 as target [ 826.672504][T14974] macsec1: entered promiscuous mode [ 826.694990][T14969] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2629'. [ 826.765306][T14974] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 826.846199][T14974] macsec1: entered allmulticast mode [ 826.964332][T14974] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 827.089746][T14975] bridge9: port 1(veth3) entered blocking state [ 827.099602][T14975] bridge9: port 1(veth3) entered disabled state [ 827.106947][T14975] veth3: entered allmulticast mode [ 827.131999][T14975] veth3: entered promiscuous mode [ 827.138452][T14983] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2634'. [ 827.165660][T14976] bridge9: port 2(veth0_to_bond) entered blocking state [ 827.200939][T14976] bridge9: port 2(veth0_to_bond) entered disabled state [ 827.215884][T14976] veth0_to_bond: entered allmulticast mode [ 827.226008][T14722] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 827.254551][T14976] veth0_to_bond: entered promiscuous mode [ 827.326925][T14980] bridge9: port 3(veth5) entered blocking state [ 827.339580][T14980] bridge9: port 3(veth5) entered disabled state [ 827.346181][T14980] veth5: entered allmulticast mode [ 827.353090][T14980] veth5: entered promiscuous mode [ 827.419711][T14722] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 827.435993][T14722] usb 1-1: config 0 has no interface number 0 [ 827.447358][T14722] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 827.462330][T14989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2632'. [ 827.481974][T14722] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 827.493064][T14722] usb 1-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 827.501388][T14722] usb 1-1: Manufacturer: syz [ 827.509995][T14722] usb 1-1: config 0 descriptor?? [ 827.569192][ T5966] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 827.608669][T14722] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input130 [ 827.680034][T14989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2632'. [ 827.735525][ T5966] usb 3-1: Using ep0 maxpacket: 8 [ 827.746995][ T5966] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 827.796523][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.796646][T14722] usb 1-1: USB disconnect, device number 11 [ 827.834048][ T5966] pvrusb2: Hardware description: Terratec Grabster AV400 [ 827.874528][ T5966] pvrusb2: ********** [ 827.897136][ T5966] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 827.924112][ T5966] pvrusb2: Important functionality might not be entirely working. [ 827.943669][ T5966] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 828.025877][ T5966] pvrusb2: ********** [ 828.064206][ T2345] pvrusb2: Invalid write control endpoint [ 828.153501][T15001] netlink: 'syz.3.2637': attribute type 58 has an invalid length. [ 828.161398][T15001] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2637'. [ 828.198543][ T2345] pvrusb2: Invalid write control endpoint [ 828.226708][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 828.241177][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 828.250070][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 828.270954][ T5966] usb 3-1: USB disconnect, device number 115 [ 828.281800][ T2345] pvrusb2: Device being rendered inoperable [ 828.291148][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 828.299677][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 828.319392][ T2345] pvrusb2: Attached sub-driver cx25840 [ 828.328959][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 828.340091][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 828.643202][T15013] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2641'. [ 828.730325][T15016] FAULT_INJECTION: forcing a failure. [ 828.730325][T15016] name failslab, interval 1, probability 0, space 0, times 0 [ 828.743818][T15016] CPU: 1 UID: 0 PID: 15016 Comm: syz.1.2642 Not tainted syzkaller #0 PREEMPT(full) [ 828.743843][T15016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 828.743855][T15016] Call Trace: [ 828.743863][T15016] [ 828.743870][T15016] dump_stack_lvl+0x189/0x250 [ 828.743900][T15016] ? __pfx____ratelimit+0x10/0x10 [ 828.743923][T15016] ? __pfx_dump_stack_lvl+0x10/0x10 [ 828.743947][T15016] ? __pfx__printk+0x10/0x10 [ 828.743968][T15016] ? __pfx___might_resched+0x10/0x10 [ 828.743989][T15016] ? fs_reclaim_acquire+0x7d/0x100 [ 828.744021][T15016] should_fail_ex+0x414/0x560 [ 828.744053][T15016] should_failslab+0xa8/0x100 [ 828.744074][T15016] kmem_cache_alloc_noprof+0x74/0x6e0 [ 828.744100][T15016] ? skb_clone+0x212/0x3a0 [ 828.744125][T15016] skb_clone+0x212/0x3a0 [ 828.744143][T15016] ? nfnetlink_rcv+0x4ba/0x2590 [ 828.744171][T15016] nfnetlink_rcv+0x4ec/0x2590 [ 828.744199][T15016] ? __dev_queue_xmit+0x27b/0x3b50 [ 828.744222][T15016] ? __dev_queue_xmit+0x1d79/0x3b50 [ 828.744241][T15016] ? kasan_save_track+0x3e/0x80 [ 828.744265][T15016] ? __kasan_slab_alloc+0x6c/0x80 [ 828.744298][T15016] ? __dev_queue_xmit+0x27b/0x3b50 [ 828.744330][T15016] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 828.744369][T15016] ? ref_tracker_free+0x63a/0x7d0 [ 828.744388][T15016] ? __asan_memcpy+0x40/0x70 [ 828.744411][T15016] ? __pfx_ref_tracker_free+0x10/0x10 [ 828.744427][T15016] ? __skb_clone+0x63/0x7a0 [ 828.744450][T15016] ? __skb_clone+0x483/0x7a0 [ 828.744475][T15016] ? skb_clone+0x246/0x3a0 [ 828.744500][T15016] ? __netlink_deliver_tap+0x807/0x850 [ 828.744529][T15016] ? netlink_deliver_tap+0x2e/0x1b0 [ 828.744571][T15016] netlink_unicast+0x82f/0x9e0 [ 828.744604][T15016] ? __pfx_netlink_unicast+0x10/0x10 [ 828.744638][T15016] ? netlink_sendmsg+0x642/0xb30 [ 828.744653][T15016] ? skb_put+0x11b/0x210 [ 828.744673][T15016] netlink_sendmsg+0x805/0xb30 [ 828.744698][T15016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 828.744727][T15016] ? __import_iovec+0x5d4/0x7f0 [ 828.744748][T15016] ? aa_sock_msg_perm+0xf1/0x1d0 [ 828.744777][T15016] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 828.744795][T15016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 828.744813][T15016] __sock_sendmsg+0x21c/0x270 [ 828.744840][T15016] ____sys_sendmsg+0x505/0x830 [ 828.744863][T15016] ? __pfx_____sys_sendmsg+0x10/0x10 [ 828.744896][T15016] ___sys_sendmsg+0x21f/0x2a0 [ 828.744918][T15016] ? __pfx____sys_sendmsg+0x10/0x10 [ 828.744967][T15016] ? __fget_files+0x2a/0x420 [ 828.744984][T15016] ? __fget_files+0x3a0/0x420 [ 828.745009][T15016] __sys_sendmsg+0x164/0x220 [ 828.745030][T15016] ? __pfx___sys_sendmsg+0x10/0x10 [ 828.745058][T15016] ? __pfx_ksys_write+0x10/0x10 [ 828.745087][T15016] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 828.745115][T15016] ? lockdep_hardirqs_on+0x9c/0x150 [ 828.745141][T15016] __do_fast_syscall_32+0xb6/0x2b0 [ 828.745168][T15016] ? lockdep_hardirqs_on+0x9c/0x150 [ 828.745196][T15016] do_fast_syscall_32+0x34/0x80 [ 828.745222][T15016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 828.745244][T15016] RIP: 0023:0xf704d539 [ 828.745261][T15016] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 828.745278][T15016] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 828.745298][T15016] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 828.745311][T15016] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 828.745326][T15016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 828.745336][T15016] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 828.745348][T15016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 828.745375][T15016] [ 828.771715][T15011] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2639'. [ 828.775767][ C1] vkms_vblank_simulate: vblank timer overrun [ 829.130494][T14722] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 829.184159][T15011] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2639'. [ 829.318322][T14722] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 829.341187][T14722] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 829.361421][T14722] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 829.397741][T14722] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.423103][T14722] usb 1-1: config 0 descriptor?? [ 829.575913][ T5920] usb 3-1: new full-speed USB device number 116 using dummy_hcd [ 829.717089][T15009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 829.728851][T15009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 829.800962][T15009] vlan3: entered promiscuous mode [ 829.888102][ T5920] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 829.925537][ T5920] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 829.935139][ T5920] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 829.945717][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.954135][T14722] usbhid 1-1:0.0: can't add hid device: -71 [ 829.962505][T14722] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 829.979649][ T5920] usb 3-1: config 0 descriptor?? [ 829.986023][ T24] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 830.001971][T14722] usb 1-1: USB disconnect, device number 12 [ 830.165412][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 830.178970][ T24] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 830.189501][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.200798][T15024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 830.211483][T15024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 830.222739][ T24] usb 5-1: Product: syz [ 830.227336][ T24] usb 5-1: Manufacturer: syz [ 830.227376][T15024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 830.241502][ T24] usb 5-1: SerialNumber: syz [ 830.250559][ T24] usb 5-1: config 0 descriptor?? [ 830.315984][T15024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 830.334614][T15024] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2645'. [ 830.350711][ T5920] usb 3-1: USB disconnect, device number 116 [ 830.573126][T15038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 830.672575][T15038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 832.205995][T15063] xt_hashlimit: overflow, try lower: 60585/0 [ 832.275047][T15068] FAULT_INJECTION: forcing a failure. [ 832.275047][T15068] name failslab, interval 1, probability 0, space 0, times 0 [ 832.370678][T15068] CPU: 0 UID: 0 PID: 15068 Comm: syz.2.2656 Not tainted syzkaller #0 PREEMPT(full) [ 832.370706][T15068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 832.370720][T15068] Call Trace: [ 832.370729][T15068] [ 832.370739][T15068] dump_stack_lvl+0x189/0x250 [ 832.370772][T15068] ? __pfx____ratelimit+0x10/0x10 [ 832.370796][T15068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 832.370821][T15068] ? __pfx__printk+0x10/0x10 [ 832.370840][T15068] ? __pfx___might_resched+0x10/0x10 [ 832.370861][T15068] ? fs_reclaim_acquire+0x7d/0x100 [ 832.370896][T15068] should_fail_ex+0x414/0x560 [ 832.370936][T15068] should_failslab+0xa8/0x100 [ 832.370952][T15068] __kmalloc_noprof+0xcb/0x7f0 [ 832.370972][T15068] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 832.370998][T15068] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 832.371032][T15068] genl_family_rcv_msg_doit+0xb8/0x300 [ 832.371063][T15068] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 832.371109][T15068] ? apparmor_capable+0x137/0x1b0 [ 832.371127][T15068] ? bpf_lsm_capable+0x9/0x20 [ 832.371148][T15068] ? security_capable+0x7e/0x2e0 [ 832.371184][T15068] genl_rcv_msg+0x60e/0x790 [ 832.371215][T15068] ? __pfx_genl_rcv_msg+0x10/0x10 [ 832.371238][T15068] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 832.371253][T15068] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 832.371272][T15068] ? __pfx_nl80211_post_doit+0x10/0x10 [ 832.371302][T15068] netlink_rcv_skb+0x208/0x470 [ 832.371334][T15068] ? __lock_acquire+0xab9/0xd20 [ 832.371355][T15068] ? __pfx_genl_rcv_msg+0x10/0x10 [ 832.371380][T15068] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 832.371417][T15068] ? down_read+0x1ad/0x2e0 [ 832.371443][T15068] genl_rcv+0x28/0x40 [ 832.371467][T15068] netlink_unicast+0x82f/0x9e0 [ 832.371506][T15068] ? __pfx_netlink_unicast+0x10/0x10 [ 832.371535][T15068] ? netlink_sendmsg+0x642/0xb30 [ 832.371548][T15068] ? skb_put+0x11b/0x210 [ 832.371564][T15068] netlink_sendmsg+0x805/0xb30 [ 832.371585][T15068] ? __pfx_netlink_sendmsg+0x10/0x10 [ 832.371606][T15068] ? __import_iovec+0x5d4/0x7f0 [ 832.371632][T15068] ? aa_sock_msg_perm+0xf1/0x1d0 [ 832.371666][T15068] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 832.371687][T15068] ? __pfx_netlink_sendmsg+0x10/0x10 [ 832.371707][T15068] __sock_sendmsg+0x21c/0x270 [ 832.371736][T15068] ____sys_sendmsg+0x505/0x830 [ 832.371758][T15068] ? __pfx_____sys_sendmsg+0x10/0x10 [ 832.371798][T15068] ___sys_sendmsg+0x21f/0x2a0 [ 832.371825][T15068] ? __pfx____sys_sendmsg+0x10/0x10 [ 832.371883][T15068] ? __fget_files+0x2a/0x420 [ 832.371898][T15068] ? __fget_files+0x3a0/0x420 [ 832.371937][T15068] __sys_sendmsg+0x164/0x220 [ 832.371962][T15068] ? __pfx___sys_sendmsg+0x10/0x10 [ 832.371994][T15068] ? __pfx_ksys_write+0x10/0x10 [ 832.372026][T15068] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 832.372053][T15068] ? lockdep_hardirqs_on+0x9c/0x150 [ 832.372081][T15068] __do_fast_syscall_32+0xb6/0x2b0 [ 832.372113][T15068] ? lockdep_hardirqs_on+0x9c/0x150 [ 832.372145][T15068] do_fast_syscall_32+0x34/0x80 [ 832.372176][T15068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 832.372202][T15068] RIP: 0023:0xf702d539 [ 832.372221][T15068] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 832.372241][T15068] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 832.372265][T15068] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 832.372279][T15068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 832.372291][T15068] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 832.372304][T15068] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 832.372314][T15068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 832.372336][T15068] [ 832.877733][ T24] speedtch 5-1:0.0: speedtch_bind: wrong device class 68 [ 832.895674][ T24] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 832.958706][ T24] usb 5-1: USB disconnect, device number 121 [ 833.162000][T15073] loop8: detected capacity change from 0 to 79 [ 833.456237][T15076] xt_CT: You must specify a L4 protocol and not use inversions on it [ 833.553541][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2660'. [ 833.563399][T15076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 833.574353][T15076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 833.940366][T15092] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2662'. [ 833.991954][T15092] bond2: option resend_igmp: invalid value (511) [ 834.013238][T15089] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 834.034622][T15089] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 834.044866][T15092] bond2: option resend_igmp: allowed values 0 - 255 [ 834.045112][T15089] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 834.126375][T15089] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 834.126412][T15092] bond2 (unregistering): Released all slaves [ 834.169964][T15098] netlink: 'syz.4.2664': attribute type 58 has an invalid length. [ 834.179605][T15098] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2664'. [ 834.426151][T15102] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2666'. [ 836.016165][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 836.095597][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 836.095608][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 836.175533][ T52] Bluetooth: hci4: command 0x0c1a tx timeout [ 836.505077][T15130] PKCS8: Unsupported PKCS#8 version [ 836.513396][T15130] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2674'. [ 837.495421][T14722] usb 5-1: new full-speed USB device number 122 using dummy_hcd [ 837.746885][T14722] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 837.765371][T14722] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 837.785304][T15156] xt_hashlimit: overflow, try lower: 60585/0 [ 837.791716][T14722] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 837.815491][T14722] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.886183][T14722] usb 5-1: config 0 descriptor?? [ 837.987035][T15160] FAULT_INJECTION: forcing a failure. [ 837.987035][T15160] name failslab, interval 1, probability 0, space 0, times 0 [ 838.000179][T15160] CPU: 1 UID: 0 PID: 15160 Comm: syz.2.2685 Not tainted syzkaller #0 PREEMPT(full) [ 838.000199][T15160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 838.000210][T15160] Call Trace: [ 838.000216][T15160] [ 838.000222][T15160] dump_stack_lvl+0x189/0x250 [ 838.000248][T15160] ? __pfx____ratelimit+0x10/0x10 [ 838.000267][T15160] ? __pfx_dump_stack_lvl+0x10/0x10 [ 838.000288][T15160] ? __pfx__printk+0x10/0x10 [ 838.000307][T15160] ? __pfx___might_resched+0x10/0x10 [ 838.000328][T15160] should_fail_ex+0x414/0x560 [ 838.000384][T15160] should_failslab+0xa8/0x100 [ 838.000402][T15160] kmem_cache_alloc_node_noprof+0x77/0x710 [ 838.000425][T15160] ? __alloc_skb+0x112/0x2d0 [ 838.000453][T15160] __alloc_skb+0x112/0x2d0 [ 838.000479][T15160] netlink_ack+0x146/0xa50 [ 838.000501][T15160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 838.000519][T15160] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 838.000535][T15160] ? __pfx_nl80211_post_doit+0x10/0x10 [ 838.000568][T15160] netlink_rcv_skb+0x28c/0x470 [ 838.000589][T15160] ? __lock_acquire+0xab9/0xd20 [ 838.000605][T15160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 838.000626][T15160] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 838.000664][T15160] ? down_read+0x1ad/0x2e0 [ 838.000689][T15160] genl_rcv+0x28/0x40 [ 838.000705][T15160] netlink_unicast+0x82f/0x9e0 [ 838.000733][T15160] ? __pfx_netlink_unicast+0x10/0x10 [ 838.000756][T15160] ? netlink_sendmsg+0x642/0xb30 [ 838.000770][T15160] ? skb_put+0x11b/0x210 [ 838.000795][T15160] netlink_sendmsg+0x805/0xb30 [ 838.000826][T15160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 838.000850][T15160] ? __import_iovec+0x5d4/0x7f0 [ 838.000877][T15160] ? aa_sock_msg_perm+0xf1/0x1d0 [ 838.000912][T15160] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 838.000945][T15160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 838.000967][T15160] __sock_sendmsg+0x21c/0x270 [ 838.000999][T15160] ____sys_sendmsg+0x505/0x830 [ 838.001028][T15160] ? __pfx_____sys_sendmsg+0x10/0x10 [ 838.001067][T15160] ___sys_sendmsg+0x21f/0x2a0 [ 838.001092][T15160] ? __pfx____sys_sendmsg+0x10/0x10 [ 838.001153][T15160] ? __fget_files+0x2a/0x420 [ 838.001173][T15160] ? __fget_files+0x3a0/0x420 [ 838.001206][T15160] __sys_sendmsg+0x164/0x220 [ 838.001231][T15160] ? __pfx___sys_sendmsg+0x10/0x10 [ 838.001263][T15160] ? __pfx_ksys_write+0x10/0x10 [ 838.001298][T15160] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 838.001330][T15160] ? lockdep_hardirqs_on+0x9c/0x150 [ 838.001361][T15160] __do_fast_syscall_32+0xb6/0x2b0 [ 838.001400][T15160] ? lockdep_hardirqs_on+0x9c/0x150 [ 838.001432][T15160] do_fast_syscall_32+0x34/0x80 [ 838.001463][T15160] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 838.001489][T15160] RIP: 0023:0xf702d539 [ 838.001509][T15160] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 838.001529][T15160] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 838.001551][T15160] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 838.001567][T15160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 838.001580][T15160] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 838.001593][T15160] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 838.001607][T15160] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 838.001639][T15160] [ 838.339144][T15149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 838.347965][T15149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 838.357358][T15149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 838.366090][T15149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 838.374756][T15149] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2680'. [ 838.387544][ T5920] usb 5-1: USB disconnect, device number 122 [ 838.609102][T15166] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2688'. [ 838.712135][T15168] xt_CT: You must specify a L4 protocol and not use inversions on it [ 838.721376][T15169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 838.759191][T15169] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 838.888526][T15173] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2690'. [ 838.995523][ T5966] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 838.999682][T15179] netlink: 'syz.1.2691': attribute type 58 has an invalid length. [ 839.011212][T15179] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2691'. [ 839.178023][ T5966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 839.188678][ T5966] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 839.198170][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 839.209061][ T5966] usb 3-1: config 0 descriptor?? [ 839.220806][ T5966] pwc: Askey VC010 type 2 USB webcam detected. [ 839.235490][ T5920] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 839.387386][ T5920] usb 5-1: Using ep0 maxpacket: 16 [ 839.402737][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 839.427924][ T5920] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 839.441404][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 839.449426][T15182] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2693'. [ 839.459654][ T5920] usb 5-1: Product: syz [ 839.463846][ T5920] usb 5-1: Manufacturer: syz [ 839.468851][ T5920] usb 5-1: SerialNumber: syz [ 839.487324][ T5920] usb 5-1: config 0 descriptor?? [ 839.495865][ T5920] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 839.509337][ T5920] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 839.583312][T15184] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2694'. [ 839.674564][ T5966] pwc: recv_control_msg error -32 req 02 val 2b00 [ 839.684473][ T5966] pwc: recv_control_msg error -32 req 02 val 2700 [ 839.698197][ T5966] pwc: recv_control_msg error -32 req 02 val 2c00 [ 839.706346][ T5966] pwc: recv_control_msg error -32 req 04 val 1000 [ 839.713741][ T5966] pwc: recv_control_msg error -32 req 04 val 1300 [ 839.791003][T15188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 839.801454][T15188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 839.822671][T15188] vlan0: entered promiscuous mode [ 840.107454][ T5920] em28xx 5-1:0.0: chip ID is em2765 [ 840.723333][ T5920] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 840.731550][ T5920] em28xx 5-1:0.0: board has no eeprom [ 841.063079][T15202] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 841.170361][ T5920] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 841.179655][ T5920] em28xx 5-1:0.0: dvb set to bulk mode. [ 841.190336][T14722] em28xx 5-1:0.0: Binding DVB extension [ 841.215665][T15206] FAULT_INJECTION: forcing a failure. [ 841.215665][T15206] name failslab, interval 1, probability 0, space 0, times 0 [ 841.247090][T15207] bridge14: entered promiscuous mode [ 841.328104][T15200] em28xx 5-1:0.0: write to i2c device at 0xfffe failed with unknown error (status=1) [ 841.347811][T15206] CPU: 0 UID: 0 PID: 15206 Comm: syz.0.2701 Not tainted syzkaller #0 PREEMPT(full) [ 841.347844][T15206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 841.347860][T15206] Call Trace: [ 841.347870][T15206] [ 841.347880][T15206] dump_stack_lvl+0x189/0x250 [ 841.347919][T15206] ? __pfx____ratelimit+0x10/0x10 [ 841.347947][T15206] ? __pfx_dump_stack_lvl+0x10/0x10 [ 841.347979][T15206] ? __pfx__printk+0x10/0x10 [ 841.348019][T15206] ? __pfx___might_resched+0x10/0x10 [ 841.348043][T15206] ? fs_reclaim_acquire+0x7d/0x100 [ 841.348089][T15206] should_fail_ex+0x414/0x560 [ 841.348129][T15206] should_failslab+0xa8/0x100 [ 841.348153][T15206] __kmalloc_cache_noprof+0x6f/0x6f0 [ 841.348185][T15206] ? nfnetlink_rcv+0xf97/0x2590 [ 841.348212][T15206] ? __nla_parse+0x40/0x60 [ 841.348240][T15206] nfnetlink_rcv+0xf97/0x2590 [ 841.348306][T15206] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 841.348354][T15206] ? ref_tracker_free+0x63a/0x7d0 [ 841.348405][T15206] ? __netlink_deliver_tap+0x807/0x850 [ 841.348439][T15206] ? netlink_deliver_tap+0x2e/0x1b0 [ 841.348490][T15206] netlink_unicast+0x82f/0x9e0 [ 841.348530][T15206] ? __pfx_netlink_unicast+0x10/0x10 [ 841.348563][T15206] ? netlink_sendmsg+0x642/0xb30 [ 841.348581][T15206] ? skb_put+0x11b/0x210 [ 841.348605][T15206] netlink_sendmsg+0x805/0xb30 [ 841.348636][T15206] ? __pfx_netlink_sendmsg+0x10/0x10 [ 841.348660][T15206] ? __import_iovec+0x5d4/0x7f0 [ 841.348685][T15206] ? aa_sock_msg_perm+0xf1/0x1d0 [ 841.348719][T15206] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 841.348740][T15206] ? __pfx_netlink_sendmsg+0x10/0x10 [ 841.348761][T15206] __sock_sendmsg+0x21c/0x270 [ 841.348794][T15206] ____sys_sendmsg+0x505/0x830 [ 841.348824][T15206] ? __pfx_____sys_sendmsg+0x10/0x10 [ 841.348864][T15206] ___sys_sendmsg+0x21f/0x2a0 [ 841.348890][T15206] ? __pfx____sys_sendmsg+0x10/0x10 [ 841.348951][T15206] ? __fget_files+0x2a/0x420 [ 841.348971][T15206] ? __fget_files+0x3a0/0x420 [ 841.349003][T15206] __sys_sendmsg+0x164/0x220 [ 841.349028][T15206] ? __pfx___sys_sendmsg+0x10/0x10 [ 841.349076][T15206] ? __pfx_ksys_write+0x10/0x10 [ 841.349108][T15206] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 841.349140][T15206] ? lockdep_hardirqs_on+0x9c/0x150 [ 841.349170][T15206] __do_fast_syscall_32+0xb6/0x2b0 [ 841.349198][T15206] ? lockdep_hardirqs_on+0x9c/0x150 [ 841.349226][T15206] do_fast_syscall_32+0x34/0x80 [ 841.349256][T15206] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 841.349281][T15206] RIP: 0023:0xf7fd4539 [ 841.349299][T15206] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 841.349316][T15206] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 841.349337][T15206] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 841.349350][T15206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 841.349358][T15206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 841.349366][T15206] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 841.349375][T15206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 841.349395][T15206] [ 842.083104][ T5966] pwc: recv_control_msg error -71 req 04 val 1400 [ 842.090088][ T5966] pwc: recv_control_msg error -71 req 02 val 2000 [ 842.097075][ T5966] pwc: recv_control_msg error -71 req 02 val 2100 [ 842.160198][ T5966] pwc: recv_control_msg error -71 req 04 val 1500 [ 842.169458][ T5966] pwc: recv_control_msg error -71 req 02 val 2500 [ 842.179737][ T5966] pwc: recv_control_msg error -71 req 02 val 2400 [ 842.193284][ T5966] pwc: recv_control_msg error -71 req 02 val 2600 [ 842.201165][ T5966] pwc: recv_control_msg error -71 req 02 val 2900 [ 842.208436][ T5966] pwc: recv_control_msg error -71 req 02 val 2800 [ 842.216985][ T5966] pwc: recv_control_msg error -71 req 04 val 1100 [ 842.230789][ T5966] pwc: recv_control_msg error -71 req 04 val 1200 [ 842.243262][ T5966] pwc: Registered as video103. [ 842.338886][ T5966] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input131 [ 842.410251][ T5966] usb 3-1: USB disconnect, device number 117 [ 842.981192][T14722] em28xx 5-1:0.0: Registering input extension [ 843.036836][T15225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 843.062479][T15225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 843.318340][ T5966] usb 5-1: USB disconnect, device number 123 [ 843.325440][ T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 843.363576][ T5966] em28xx 5-1:0.0: Disconnecting em28xx [ 843.377196][ T5966] em28xx 5-1:0.0: Closing input extension [ 843.427458][ T5966] em28xx 5-1:0.0: Freeing device [ 843.455987][ T24] usb 1-1: device descriptor read/64, error -71 [ 843.695555][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 843.717260][T15238] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2708'. [ 843.770544][T15234] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2708'. [ 843.825715][ T24] usb 1-1: device descriptor read/64, error -71 [ 843.946955][ T24] usb usb1-port1: attempt power cycle [ 844.295449][ T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 844.370047][ T24] usb 1-1: device descriptor read/8, error -71 [ 844.608541][T15253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 844.620467][T15253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 844.710576][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 844.780489][ T24] usb 1-1: device descriptor read/8, error -71 [ 844.916115][ T24] usb usb1-port1: unable to enumerate USB device [ 845.029130][T15259] netlink: 'syz.3.2714': attribute type 58 has an invalid length. [ 845.037395][T15259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2714'. [ 845.255189][T15262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2715'. [ 845.399788][T15266] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2717'. [ 846.081984][T15275] input: syz1 as /devices/virtual/input/input133 [ 846.111704][T15275] netlink: 'syz.0.2721': attribute type 21 has an invalid length. [ 846.119897][T15275] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2721'. [ 846.130424][T15274] netlink: 'syz.0.2721': attribute type 10 has an invalid length. [ 846.138489][T15275] netlink: 'syz.0.2721': attribute type 10 has an invalid length. [ 846.456746][T15280] rtc_cmos 00:00: Alarms can be up to one day in the future [ 846.531226][T15274] team0: left allmulticast mode [ 846.561706][T15274] team_slave_0: left allmulticast mode [ 846.589703][T15274] team_slave_1: left allmulticast mode [ 846.604262][T15274] bridge0: port 3(team0) entered disabled state [ 846.632035][T15274] 8021q: adding VLAN 0 to HW filter on device team0 [ 846.656270][T15274] bond0: (slave team0): Enslaving as an active interface with an up link [ 846.951387][T15284] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2722'. [ 847.122388][T15293] netlink: 'syz.2.2725': attribute type 1 has an invalid length. [ 847.305475][ T5966] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 847.352417][T15297] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2727'. [ 847.353218][T15297] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2727'. [ 847.387626][ T10] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 847.467320][ T5966] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 847.467351][ T5966] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 847.467392][ T5966] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 847.467418][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.471950][ T5966] usb 1-1: config 0 descriptor?? [ 847.505231][T15301] xt_hashlimit: overflow, try lower: 60585/0 [ 847.545813][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 847.563533][ T10] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 847.563561][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.563605][ T10] usb 2-1: Product: syz [ 847.563620][ T10] usb 2-1: Manufacturer: syz [ 847.563635][ T10] usb 2-1: SerialNumber: syz [ 847.568223][ T10] usb 2-1: config 0 descriptor?? [ 847.893305][T15311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 847.910556][ T5966] usb 1-1: string descriptor 0 read error: -71 [ 847.925902][T15311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 847.963441][ T5966] usb 1-1: USB disconnect, device number 17 [ 848.005436][ T5920] usb 5-1: new full-speed USB device number 124 using dummy_hcd [ 848.158688][ T5920] usb 5-1: device descriptor read/64, error -71 [ 848.322137][T15313] Cannot find set identified by id 1 to match [ 848.406309][ T5920] usb 5-1: new full-speed USB device number 125 using dummy_hcd [ 848.641194][T15317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 848.734068][T15317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 848.846226][T15324] FAULT_INJECTION: forcing a failure. [ 848.846226][T15324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 848.869484][T15324] CPU: 1 UID: 0 PID: 15324 Comm: syz.4.2735 Not tainted syzkaller #0 PREEMPT(full) [ 848.869516][T15324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 848.869531][T15324] Call Trace: [ 848.869540][T15324] [ 848.869550][T15324] dump_stack_lvl+0x189/0x250 [ 848.869599][T15324] ? __pfx____ratelimit+0x10/0x10 [ 848.869626][T15324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 848.869653][T15324] ? __pfx__printk+0x10/0x10 [ 848.869686][T15324] should_fail_ex+0x414/0x560 [ 848.869714][T15324] _copy_to_user+0x31/0xb0 [ 848.869742][T15324] simple_read_from_buffer+0xe1/0x170 [ 848.869781][T15324] proc_fail_nth_read+0x1b3/0x220 [ 848.869810][T15324] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 848.869837][T15324] ? rw_verify_area+0x2a6/0x4d0 [ 848.869856][T15324] ? __lock_acquire+0xab9/0xd20 [ 848.869870][T15324] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 848.869898][T15324] vfs_read+0x200/0xa30 [ 848.869928][T15324] ? fdget_pos+0x247/0x320 [ 848.869952][T15324] ? __pfx___mutex_lock+0x10/0x10 [ 848.869982][T15324] ? __pfx_vfs_read+0x10/0x10 [ 848.870004][T15324] ? __fget_files+0x2a/0x420 [ 848.870021][T15324] ? __fget_files+0x3a0/0x420 [ 848.870034][T15324] ? __fget_files+0x2a/0x420 [ 848.870064][T15324] ksys_read+0x145/0x250 [ 848.870096][T15324] ? __pfx_ksys_read+0x10/0x10 [ 848.870128][T15324] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 848.870153][T15324] ? lockdep_hardirqs_on+0x9c/0x150 [ 848.870175][T15324] __do_fast_syscall_32+0xb6/0x2b0 [ 848.870200][T15324] ? lockdep_hardirqs_on+0x9c/0x150 [ 848.870234][T15324] do_fast_syscall_32+0x34/0x80 [ 848.870262][T15324] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 848.870288][T15324] RIP: 0023:0xf7fd3539 [ 848.870307][T15324] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 848.870321][T15324] RSP: 002b:00000000f54c6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 848.870336][T15324] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54c6620 [ 848.870349][T15324] RDX: 000000000000000f RSI: 00000000f7465ff4 RDI: 0000000000000000 [ 848.870364][T15324] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 848.870377][T15324] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 848.870390][T15324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 848.870421][T15324] [ 849.110347][ C1] vkms_vblank_simulate: vblank timer overrun [ 849.223810][T15328] input: syz1 as /devices/virtual/input/input135 [ 849.995419][ T5920] usb 5-1: device descriptor read/64, error -71 [ 850.105676][ T5920] usb usb5-port1: attempt power cycle [ 850.377308][ T10] speedtch 2-1:0.0: speedtch_bind: wrong device class 68 [ 850.385205][ T10] speedtch 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 850.420604][ T10] usb 2-1: USB disconnect, device number 107 [ 850.489113][T15345] netlink: 'syz.0.2742': attribute type 58 has an invalid length. [ 850.497558][T15345] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2742'. [ 850.565675][ T5920] usb 5-1: new full-speed USB device number 126 using dummy_hcd [ 850.609499][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 850.620900][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 850.632367][ T5920] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 850.647087][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 850.708161][ T5920] usb 5-1: config 0 descriptor?? [ 850.924897][T15332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 850.934321][T15332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 850.963335][T15350] syzkaller0: entered promiscuous mode [ 850.969148][T15350] syzkaller0: entered allmulticast mode [ 851.025762][T15332] vlan2: entered promiscuous mode [ 851.127543][ T5920] usbhid 5-1:0.0: can't add hid device: -71 [ 851.143172][ T5920] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 851.202271][ T5920] usb 5-1: USB disconnect, device number 126 [ 851.619673][ T5834] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 851.645865][T15355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2745'. [ 851.790742][ T5834] usb 2-1: Using ep0 maxpacket: 16 [ 851.812802][ T5834] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 851.831615][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.840282][ T5834] usb 2-1: Product: syz [ 851.844890][ T5834] usb 2-1: Manufacturer: syz [ 851.863031][ T5834] usb 2-1: SerialNumber: syz [ 851.872066][ T5834] usb 2-1: config 0 descriptor?? [ 852.309557][T15371] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2748'. [ 853.451704][T15374] netlink: 'syz.0.2750': attribute type 1 has an invalid length. [ 854.195690][T15367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 854.204544][T15367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 854.245847][T15367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 854.290755][T15371] bond2: option resend_igmp: invalid value (511) [ 854.295767][T15367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 854.307362][T15371] bond2: option resend_igmp: allowed values 0 - 255 [ 854.350112][T15371] bond2 (unregistering): Released all slaves [ 854.460657][ T5834] speedtch 2-1:0.0: speedtch_bind: wrong device class 68 [ 854.500026][ T5834] speedtch 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 854.606966][T15388] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2753'. [ 854.695889][ T5834] usb 2-1: USB disconnect, device number 108 [ 854.937485][T15393] Cannot find set identified by id 1 to match [ 855.125620][ T5834] usb 2-1: new full-speed USB device number 109 using dummy_hcd [ 855.439947][ T5834] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 855.470071][ T5834] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 855.767577][ T5834] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 855.778024][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 855.789224][ T5834] usb 2-1: config 0 descriptor?? [ 855.795444][ T10] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 856.025427][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 856.128740][T15391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 856.150492][T15391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 856.166900][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 856.191572][ T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 856.199025][T15391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 856.205860][ T10] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 856.219116][ T10] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 856.227671][ T10] usb 3-1: Product: syz [ 856.236639][ T10] usb 3-1: Manufacturer: syz [ 856.241243][ T10] usb 3-1: SerialNumber: syz [ 856.280276][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 856.286371][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 856.292430][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 856.300309][T15391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 856.335775][ T52] Bluetooth: hci4: command 0x0c1a tx timeout [ 856.357073][T15391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2754'. [ 856.412410][ T5920] usb 2-1: USB disconnect, device number 109 [ 856.446319][ T10] usb 3-1: config 0 descriptor?? [ 856.475613][ T10] hub 3-1:0.0: bad descriptor, ignoring hub [ 856.489100][ T10] hub 3-1:0.0: probe with driver hub failed with error -5 [ 856.776312][ T5920] usb 3-1: USB disconnect, device number 118 [ 857.553926][ T30] audit: type=1326 audit(1761654107.895:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15414 comm="syz.4.2761" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x0 [ 857.785460][ T5834] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 857.947049][ T5834] usb 2-1: device descriptor read/64, error -71 [ 858.008157][T15428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2764'. [ 858.249314][ T5834] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 858.370817][T15433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 858.380970][T15433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 858.406734][ T5834] usb 2-1: device descriptor read/64, error -71 [ 858.516098][ T5834] usb usb2-port1: attempt power cycle [ 858.563887][T15440] dlm: non-version read from control device 36 [ 858.865433][ T5834] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 858.916029][ T5834] usb 2-1: device descriptor read/8, error -71 [ 859.068904][T15452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 859.096155][T15452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 859.121420][T15452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 859.144711][T15452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 859.160268][ T5834] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 859.176404][T15452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 859.206190][ T5834] usb 2-1: device descriptor read/8, error -71 [ 859.216138][T15452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 859.224472][T15458] tipc: Can't bind to reserved service type 2 [ 859.233506][T15452] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2772'. [ 859.249526][T15458] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2774'. [ 859.258950][T15458] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2774'. [ 859.345589][ T5834] usb usb2-port1: unable to enumerate USB device [ 859.491398][T15470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2779'. [ 859.751872][T15472] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 859.760228][T15472] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 859.767306][T15472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 859.774734][T15472] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 859.830301][T15472] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2777'. [ 859.983184][T15472] bond2: option resend_igmp: invalid value (511) [ 859.990794][T15472] bond2: option resend_igmp: allowed values 0 - 255 [ 860.192378][T15472] bond2 (unregistering): Released all slaves [ 860.418616][T15488] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2782'. [ 860.834264][T15486] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2782'. [ 861.723950][T15511] syzkaller0: entered promiscuous mode [ 861.730966][T15511] syzkaller0: entered allmulticast mode [ 861.779119][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout [ 861.785225][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 861.785261][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 861.791282][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 861.925510][T14722] usb 2-1: new full-speed USB device number 114 using dummy_hcd [ 862.176647][ T5947] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 862.257896][T14722] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 862.269720][T14722] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 862.279091][T14722] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 862.299080][T15527] program syz.4.2795 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 862.428029][ T5947] usb 1-1: Using ep0 maxpacket: 8 [ 862.440430][ T5947] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 862.452387][ T5947] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 862.470073][ T5947] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 862.497996][ T5947] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 862.548272][ T5947] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 862.583930][T14722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 862.601298][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 862.611914][T14722] usb 2-1: config 0 descriptor?? [ 862.835980][T15513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 862.846545][T15513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 862.856809][ T5947] usb 1-1: GET_CAPABILITIES returned 0 [ 862.863852][T15513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 862.873566][ T5947] usbtmc 1-1:16.0: can't read capabilities [ 862.886677][T15513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 862.915460][ T10] usb 3-1: new full-speed USB device number 119 using dummy_hcd [ 862.918622][T15513] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2791'. [ 862.960275][T14722] usb 2-1: USB disconnect, device number 114 [ 863.077563][T15495] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 863.096409][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 863.111276][ T5947] usb 1-1: USB disconnect, device number 18 [ 863.121654][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 863.144432][ T10] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 863.164184][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 863.181052][ T10] usb 3-1: config 0 descriptor?? [ 863.390282][T15529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 863.407862][T15529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 863.468186][T15529] vlan2: entered promiscuous mode [ 863.602090][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 863.614328][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 863.727518][ T10] usb 3-1: USB disconnect, device number 119 [ 863.799621][T15535] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2797'. [ 863.864658][T15532] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2797'. [ 864.297170][T15550] rtc_cmos 00:00: Alarms can be up to one day in the future [ 864.474223][T15553] netlink: 'syz.2.2804': attribute type 3 has an invalid length. [ 864.482692][T15553] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2804'. [ 864.634680][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2805'. [ 864.757073][T15559] syzkaller0: entered promiscuous mode [ 864.762845][T15559] syzkaller0: entered allmulticast mode [ 864.815475][ T5947] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 865.005408][ T5947] usb 3-1: Using ep0 maxpacket: 8 [ 865.066288][ T5947] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 865.079019][T15563] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 865.153035][ T5947] usb 3-1: config 0 has no interface number 0 [ 865.167677][T15563] macsec1: entered promiscuous mode [ 865.177148][ T5947] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 865.191243][T15563] macsec1: entered allmulticast mode [ 865.201375][T15563] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 865.208652][ T5947] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 865.233316][ T5947] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 865.244572][ T5947] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 865.264569][ T5947] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 865.274102][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 865.292169][ T5947] usb 3-1: config 0 descriptor?? [ 865.346190][ T5947] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 865.544990][T15572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 865.568559][T15571] Cannot find set identified by id 1 to match [ 865.574547][T15572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 865.614229][T15572] vlan0: entered promiscuous mode [ 865.895839][ T5920] usb 3-1: USB disconnect, device number 120 [ 865.926609][ T5920] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 866.355655][ T10] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 866.360411][T15594] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2816'. [ 866.381360][T15593] netlink: 'syz.1.2815': attribute type 58 has an invalid length. [ 866.389401][T15593] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2815'. [ 866.447964][T15592] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2816'. [ 866.515492][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 866.572510][ T10] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 1064, setting to 1024 [ 866.607746][ T10] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 866.644363][ T10] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 866.662312][ T10] usb 1-1: config 1 interface 0 has no altsetting 0 [ 866.677429][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 866.686667][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 866.694663][ T10] usb 1-1: Product: syz [ 866.699854][ T10] usb 1-1: Manufacturer: syz [ 866.704564][ T10] usb 1-1: SerialNumber: syz [ 866.774810][T15578] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 868.761055][T15614] syzkaller0: entered promiscuous mode [ 868.785511][T15614] syzkaller0: entered allmulticast mode [ 869.152075][ T10] usb 1-1: USB disconnect, device number 19 [ 869.180885][T15617] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2822'. [ 869.415582][T15625] rtc_cmos 00:00: Alarms can be up to one day in the future [ 869.516752][T15628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2826'. [ 869.585000][T15631] netlink: 'syz.0.2825': attribute type 1 has an invalid length. [ 869.681016][T15631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2825'. [ 869.880118][T15635] syzkaller1: entered promiscuous mode [ 869.896676][T15635] syzkaller1: entered allmulticast mode [ 870.161927][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.170988][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.679321][T15642] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2829'. [ 870.694879][T15642] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2829'. [ 871.876591][T15663] netlink: 'syz.3.2835': attribute type 1 has an invalid length. [ 871.961600][T15664] syzkaller0: entered promiscuous mode [ 871.961630][T15664] syzkaller0: entered allmulticast mode [ 872.763293][T15673] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2838'. [ 872.825793][T15671] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 872.832162][T15671] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 872.847044][T15671] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 872.865650][T15671] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 872.954670][T15673] bond2: option resend_igmp: invalid value (511) [ 872.970535][T15673] bond2: option resend_igmp: allowed values 0 - 255 [ 873.126610][T15674] input: syz1 as /devices/virtual/input/input136 [ 873.165242][T15673] bond2 (unregistering): Released all slaves [ 873.265022][T15654] tipc: Enabling of bearer rejected, failed to enable media [ 873.627044][T15685] rtc_cmos 00:00: Alarms can be up to one day in the future [ 874.045421][ T10] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 874.098530][T15697] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2846'. [ 874.143611][T15697] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2846'. [ 874.197704][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 874.280871][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 874.345508][T15702] syzkaller0: entered promiscuous mode [ 874.351051][T15702] syzkaller0: entered allmulticast mode [ 874.365045][ T10] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 874.386632][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.403529][ T10] usb 2-1: config 0 descriptor?? [ 874.439072][T15703] tipc: Started in network mode [ 874.445790][T15703] tipc: Node identity dadb8c01376d, cluster identity 4711 [ 874.455145][T15703] tipc: Enabled bearer , priority 0 [ 874.484112][T15703] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 874.565917][T15703] syzkaller0: entered promiscuous mode [ 874.571521][T15703] syzkaller0: entered allmulticast mode [ 874.637712][T15703] tipc: Resetting bearer [ 874.658265][T15700] tipc: Resetting bearer [ 874.698357][T15700] tipc: Disabling bearer [ 874.822145][T15692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 874.845276][T15692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 874.879968][T15692] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2845'. [ 874.899167][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 874.899184][T11197] Bluetooth: hci3: command 0x0c1a tx timeout [ 874.905230][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 874.912094][T11197] Bluetooth: hci2: command 0x0c1a tx timeout [ 874.921843][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.945411][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.952565][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.959730][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.967589][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.974593][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.982092][ T10] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 874.996005][ T10] cp2112 0003:10C4:EA90.0013: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 875.214919][ T10] cp2112 0003:10C4:EA90.0013: Part Number: 0x00 Device Version: 0x00 [ 875.760308][T15692] ------------[ cut here ]------------ [ 875.766139][T15692] usb 4-1: BOGUS control dir, pipe 80001580 doesn't match bRequestType c0 [ 875.776231][T15692] WARNING: CPU: 0 PID: 15692 at drivers/usb/core/urb.c:414 usb_submit_urb+0x114d/0x18b0 [ 875.786111][T15692] Modules linked in: [ 875.790219][T15692] CPU: 0 UID: 0 PID: 15692 Comm: syz.1.2845 Not tainted syzkaller #0 PREEMPT(full) [ 875.799682][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 875.809956][T15692] RIP: 0010:usb_submit_urb+0x114d/0x18b0 [ 875.815712][T15692] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 07 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 64 27 90 fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80 [ 875.835625][T15692] RSP: 0018:ffffc9001a7cf660 EFLAGS: 00010246 [ 875.841749][T15692] RAX: 4e250854d3544f00 RBX: ffff888056282700 RCX: 0000000000080000 [ 875.849759][T15692] RDX: ffffc9000ba81000 RSI: 00000000000040f6 RDI: 00000000000040f7 [ 875.858071][T15692] RBP: 1ffff1100d66b7c8 R08: ffff8880b8824293 R09: 1ffff11017104852 [ 875.866452][T15692] R10: dffffc0000000000 R11: ffffed1017104853 R12: ffff88807eb80100 [ 875.874463][T15692] R13: ffff88806b35be40 R14: 0000000080001580 R15: ffff88806ac45ea0 [ 875.882522][T15692] FS: 0000000000000000(0000) GS:ffff88812613e000(0063) knlGS:00000000f543db40 [ 875.891699][T15692] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 875.898440][T15692] CR2: 0000000080040018 CR3: 000000006b79e000 CR4: 00000000003526f0 [ 875.906498][T15692] Call Trace: [ 875.909799][T15692] [ 875.912750][T15692] usb_start_wait_urb+0x114/0x4c0 [ 875.917860][T15692] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 875.923442][T15692] usb_control_msg+0x232/0x3e0 [ 875.928272][T15692] dib0700_i2c_xfer+0xba7/0xf70 [ 875.933170][T15692] __i2c_transfer+0x874/0x2170 [ 875.938060][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 875.943302][T15692] ? __pfx___i2c_transfer+0x10/0x10 [ 875.948573][T15692] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 875.953964][T15692] ? i2c_transfer+0x120/0x3a0 [ 875.958758][T15692] i2c_transfer+0x25b/0x3a0 [ 875.963507][T15692] ? __pfx_i2c_transfer+0x10/0x10 [ 875.968676][T15692] ? _copy_from_user+0x94/0xb0 [ 875.973488][T15692] i2cdev_ioctl_rdwr+0x460/0x740 [ 875.978514][T15692] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 875.983682][T15692] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 875.989393][T15692] ? __fget_files+0x3a0/0x420 [ 875.994090][T15692] ? __fget_files+0x2a/0x420 [ 875.998738][T15692] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 876.004344][T15692] __ia32_compat_sys_ioctl+0x543/0x840 [ 876.009854][T15692] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 876.015984][T15692] ? __se_sys_futex_time32+0x360/0x3e0 [ 876.021508][T15692] ? __pfx_do_sys_openat2+0x10/0x10 [ 876.026756][T15692] ? rcu_is_watching+0x15/0xb0 [ 876.031540][T15692] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 876.038265][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.043479][T15692] __do_fast_syscall_32+0xb6/0x2b0 [ 876.048702][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.053946][T15692] do_fast_syscall_32+0x34/0x80 [ 876.058852][T15692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 876.065471][T15692] RIP: 0023:0xf704d539 [ 876.069571][T15692] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 876.089276][T15692] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 876.097784][T15692] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000707 [ 876.105801][T15692] RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 876.113959][T15692] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 876.122046][T15692] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 876.130128][T15692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 876.138204][T15692] [ 876.141286][T15692] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 876.148594][T15692] CPU: 0 UID: 0 PID: 15692 Comm: syz.1.2845 Not tainted syzkaller #0 PREEMPT(full) [ 876.157987][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 876.168076][T15692] Call Trace: [ 876.171401][T15692] [ 876.174351][T15692] dump_stack_lvl+0x99/0x250 [ 876.178979][T15692] ? __asan_memcpy+0x40/0x70 [ 876.183609][T15692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 876.188834][T15692] ? __pfx__printk+0x10/0x10 [ 876.193461][T15692] vpanic+0x237/0x6d0 [ 876.197478][T15692] ? __pfx_vpanic+0x10/0x10 [ 876.202028][T15692] panic+0xb9/0xc0 [ 876.205792][T15692] ? __pfx_panic+0x10/0x10 [ 876.210260][T15692] __warn+0x31b/0x4b0 [ 876.214279][T15692] ? usb_submit_urb+0x114d/0x18b0 [ 876.219351][T15692] ? usb_submit_urb+0x114d/0x18b0 [ 876.224407][T15692] report_bug+0x2be/0x4f0 [ 876.228778][T15692] ? usb_submit_urb+0x114d/0x18b0 [ 876.233832][T15692] ? usb_submit_urb+0x114d/0x18b0 [ 876.238909][T15692] ? usb_submit_urb+0x114f/0x18b0 [ 876.243969][T15692] handle_bug+0x84/0x160 [ 876.248271][T15692] exc_invalid_op+0x1a/0x50 [ 876.252837][T15692] asm_exc_invalid_op+0x1a/0x20 [ 876.257716][T15692] RIP: 0010:usb_submit_urb+0x114d/0x18b0 [ 876.263384][T15692] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 07 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 64 27 90 fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80 [ 876.283018][T15692] RSP: 0018:ffffc9001a7cf660 EFLAGS: 00010246 [ 876.289123][T15692] RAX: 4e250854d3544f00 RBX: ffff888056282700 RCX: 0000000000080000 [ 876.297128][T15692] RDX: ffffc9000ba81000 RSI: 00000000000040f6 RDI: 00000000000040f7 [ 876.305106][T15692] RBP: 1ffff1100d66b7c8 R08: ffff8880b8824293 R09: 1ffff11017104852 [ 876.313100][T15692] R10: dffffc0000000000 R11: ffffed1017104853 R12: ffff88807eb80100 [ 876.321183][T15692] R13: ffff88806b35be40 R14: 0000000080001580 R15: ffff88806ac45ea0 [ 876.329211][T15692] usb_start_wait_urb+0x114/0x4c0 [ 876.334707][T15692] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 876.340279][T15692] usb_control_msg+0x232/0x3e0 [ 876.345152][T15692] dib0700_i2c_xfer+0xba7/0xf70 [ 876.350032][T15692] __i2c_transfer+0x874/0x2170 [ 876.354814][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.360026][T15692] ? __pfx___i2c_transfer+0x10/0x10 [ 876.365231][T15692] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 876.370643][T15692] ? i2c_transfer+0x120/0x3a0 [ 876.375338][T15692] i2c_transfer+0x25b/0x3a0 [ 876.379865][T15692] ? __pfx_i2c_transfer+0x10/0x10 [ 876.384904][T15692] ? _copy_from_user+0x94/0xb0 [ 876.389682][T15692] i2cdev_ioctl_rdwr+0x460/0x740 [ 876.394639][T15692] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 876.399765][T15692] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 876.405413][T15692] ? __fget_files+0x3a0/0x420 [ 876.410116][T15692] ? __fget_files+0x2a/0x420 [ 876.414738][T15692] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 876.420328][T15692] __ia32_compat_sys_ioctl+0x543/0x840 [ 876.425811][T15692] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 876.431838][T15692] ? __se_sys_futex_time32+0x360/0x3e0 [ 876.437320][T15692] ? __pfx_do_sys_openat2+0x10/0x10 [ 876.442538][T15692] ? rcu_is_watching+0x15/0xb0 [ 876.447313][T15692] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 876.454013][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.459241][T15692] __do_fast_syscall_32+0xb6/0x2b0 [ 876.464369][T15692] ? lockdep_hardirqs_on+0x9c/0x150 [ 876.469583][T15692] do_fast_syscall_32+0x34/0x80 [ 876.474466][T15692] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 876.480803][T15692] RIP: 0023:0xf704d539 [ 876.484875][T15692] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 876.504490][T15692] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 876.513014][T15692] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000707 [ 876.520991][T15692] RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 876.528983][T15692] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 876.536961][T15692] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 876.544936][T15692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 876.552930][T15692] [ 876.556318][T15692] Kernel Offset: disabled [ 876.560643][T15692] Rebooting in 86400 seconds..