last executing test programs: 13.704209571s ago: executing program 0 (id=6395): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x2000) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 9.247280778s ago: executing program 0 (id=6399): syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x800000, 0x0, 0xffffffff}, 0x20, 0x0, 0x7, 0x8, 0x101, 0x14, 0x0, 0x0, 0x0, 0x0, {0x200}}}}]}, 0x78}}, 0x4080) 8.815221518s ago: executing program 4 (id=6405): unshare(0x22020400) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x200080, 0x0) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000040)={&(0x7f0000000000)=""/50, 0x32}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r0, 0x100000001, 0x2) 8.778381302s ago: executing program 0 (id=6406): syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000440)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8}) socket(0x1, 0x6, 0xc312) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) fsopen(&(0x7f00000001c0)='binder\x00', 0x1) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x77359400}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, 0x0, 0x0) listen(r1, 0xfffffffc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) socket(0x40000000015, 0x5, 0x0) 8.241799374s ago: executing program 2 (id=6408): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000f40)="b70b850975c8e10b4d3fda0fc03da61225ec9c522387844c1e73fcfd6cd39aab1f8d21f3fc31c7db41faf56b1957c3ca31d3227fc21424bc341cea86b652e03018790147f245a159bc8373a4991404dc0d09d75535da9196d0b09fa207e22a3ba31ca944779946d0e5519bef32f00314b8ce1d087995d1e08927c755c2e4062f98cc5e921168af08f4e0a905dea720d9396d0a9481d3cb7bd3ae59d640fe31e1f861ee4a425aad9de0fc0f1f9ee65d7e67f63f8ccf7d11a6a6cf3fa8f998fe00fe1fe5098beb30c0a9a0e18c55a24c93", 0xd0}], 0x1}}], 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="dbd3a489b7b2", 0x6}, {0x0}], 0x2}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000680)="72092df74f324642c3e319bb13b9e409f15e1f1146a926ab1c14d0dd7860fce270f820f953208dd8c5dacc041cc7de0ede5782144f811ea3e458f03529e87800e6cb2a5b069d7729c4fbfc8acba9d59eb6c86546eed46dae4a304bcfbe617ff951b32d4399e2e1b1348b173de109fbf78ef80ce505a6ada4b4de11f913b6d29e9e716edaa1c4e410b5af959056500f179131a1ccdacf3163df8688681aeb2d486a306e900dc58c368e64af5818eabc", 0xaf}, {&(0x7f0000000740)="cc651849576f441116eb13a7337eaeaa604da65c50a1af045819dafd89db85982efb9557d37b5808bce0c21041910f331e8b8aea209059087ba88d562dbc0155012bfab7b12040797b02e3a44d02c823e7d2a6d4df23b1558e0f19f5e3096ed9b40e1a8c93a6118004ca971304529f6f890ef0c70f1d6f6741abdd", 0x7b}, {0x0}, {&(0x7f0000000880)="3ca96daca516fbfb1a009f13ca55a2cf93fa0b0e57f35a0189cb87accc529b82f260343adf4fb1d13caa32c622ac", 0x2e}], 0x4, &(0x7f0000000940)}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000ac0)}, {&(0x7f0000000b40)="1dba4aeaa8e16b7ddfb08425c8a700d6ff177bec5a57e3cd8b3d677d4596309dbfa39e3378ffc65b033dca2351f53f21d7a5298e0439414b6f11", 0x3a}], 0x2}}, {{&(0x7f0000000c40)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000c80)="88c16da2e2c52876e026e154da7988013a74f575454e300b3df533d652fdfcabbdef0d0b44b8dd33b1d8c2d0fd4b54a6405b8c160304aa1ebbe81f2366cf742de2369d83d9acece6ff9c13dfb0b7677f6e7ad5af85f3f217ed4047eb9e7777e6234b85c8256f0a86d26720b74af13694a17fa1658632ab3f4d418f60a00bce890011f664cf5a54a3b92450aca72dd9f7f95c57a799576cb53011dd36aa77070beddf17b1e825b3b2189c4c9e64e0c2f1aef25014dba2715d687bdc920dd2acc4679b0b1538103f3bc9d855025e49c0375ab49c7403e45c514260853f", 0xdc}], 0x1, &(0x7f0000001040)}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001240)="cc6c865f7abe91cb82e1563621475902bdeb5a9bd84d2cc0f19213321434897c48c76af82f2b3c3568a4716be1117a748e4b0c7b6e6c28106464330d25bc4964123d8cdeed865cd8bd8a6a19708cebf61e622664375bd8215a1125d300e223899b1cbe7fc6496436", 0x68}, {&(0x7f0000001300)="7f47689305be7fbae40bb9dc948b6870ece3860bbc27fab793219bcab753745ee3266a949b46cb375dbcc5c898fe3c37960c8a4abfd40ef239e08ff0ea2ee84272f37ea42be650e8", 0x48}, {&(0x7f0000001380)="f40daf8814ae412116b2c80c9de50dbe4709bd8108451c1371c7e1059f7a3d3b76bc8dcde0f025f4fdf0b55316735ef388fb3a19c40fe9e811e86ce8a91ce8b7387a543ae4da4ff18d22c5a2a976c241183a51b213c8d6f44880478073ec885f0ba449c9e3f410184e7f6ab9e121e3d8f76c5eaa7532a594ccdbc80757fe3f2d2aa44bbdfa2061fc58b3181f4e5912f9c9dbba5959ae6a976b1fbb8d231f0f597dbebd61c9a814fbdb24c6f37063595f86be30995778ae06d6e4ec6b36f7bcc9392d74e23b4425e50e37702d62e2c7f90b9538b8ceaa6d4c208455291369aaa9249de753bddff723f163d764fd7610db001f6b169ac968d772a55c22eb", 0xfd}], 0x3, &(0x7f0000003640)}}], 0x5, 0x1) 7.259328481s ago: executing program 3 (id=6410): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f00000003c0)={0x17c04, 0xffffffffffffffff, 0x4ea, 0x10001, 0x0, 0x8}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4a24, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x2, 0x4e21, @multicast2}, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6f8, 0x1ff, 0x9}) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0xdc) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={0x0, 0x80}, 0x1, 0x7}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) io_setup(0x0, &(0x7f0000000000)) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)={0x28, 0x2d, 0xb, 0x70bd26, 0x4000, {0x3}, [@typed={0x14, 0x2, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x28}}, 0x4040080) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)=0xffff0018) syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00') 7.243890035s ago: executing program 2 (id=6411): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000e80)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000001140012800c0001006d6163766c616e00dbff028008000500", @ANYRES32=r0, @ANYBLOB="080004"], 0x50}}, 0x0) 6.983201428s ago: executing program 2 (id=6412): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000e80)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000001140012800c0001006d6163766c616e00dbff028008000500", @ANYRES32=r0, @ANYBLOB="080004"], 0x50}}, 0x0) (fail_nth: 1) 6.306028265s ago: executing program 2 (id=6414): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = syz_usb_connect$uac1(0x5, 0xba, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa8, 0x3, 0x1, 0x80, 0x10, 0x99, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0xd}, [@input_terminal={0xc, 0x24, 0x2, 0x1, 0x205, 0x5, 0xf, 0x8000, 0xd9, 0x6}, @extension_unit={0x7, 0x24, 0x8, 0x6, 0x2, 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x4, 0x1, 0xa, "22e577dfe0bd33"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x4, 0xc, 0x9f, {0x7, 0x25, 0x1, 0x81, 0xe, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0xdf3f, 0x2, 0x7, "a015efc28d"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x2, 0x3, 0x8, 0x10, "c6b44ee03bd53e37"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x7f, 0x3, 0xa8, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x41, 0x1, 0xd, {0x7, 0x25, 0x1, 0x83, 0x0, 0x400}}}}}}}]}}, &(0x7f0000000a00)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x22, 0x40, 0xa, 0x10, 0x40}, 0x15, &(0x7f00000000c0)={0x5, 0xf, 0x15, 0x1, [@ssp_cap={0x10, 0x10, 0xa, 0x9, 0x1, 0x2, 0x0, 0x400, [0x3f00]}]}}) syz_usb_ep_write(r2, 0x4, 0x0, &(0x7f0000000ac0)) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0xc, 0x8, 0x4, 0x3}, 0x0) r3 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000440)={0x80000000, 0x0, &(0x7f00000003c0)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000100)={r4, 0x0, &(0x7f0000000700)}) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f000500000003"], 0x40}}, 0x0) syz_usb_connect$uac1(0x5, 0xa8, &(0x7f0000000b00)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x3, 0x1, 0x3, 0x60, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xfb}, [@extension_unit={0x7, 0x24, 0x8, 0x6, 0x81, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x3, 0x2, 0xc, 0x0, "c7ce"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x5, 0xa5c5, 0x40}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x6c, 0x1, 0x2, 0x4}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x9, 0x3, 0xa9, {0x7, 0x25, 0x1, 0x1, 0x6, 0x89}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x1, 0x1, 0x1}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x2, 0x3, 0x0, 0x5, "822dc9ad511e"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xc, 0x9, 0x2, {0x7, 0x25, 0x1, 0x3, 0x2, 0x7}}}}}}}]}}, &(0x7f0000000f00)={0xa, &(0x7f0000000c00)={0xa, 0x6, 0x201, 0x3, 0x7, 0x9, 0xff, 0xc}, 0x30, &(0x7f0000000c40)={0x5, 0xf, 0x30, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x8c, 0x5, 0x9, 0x0, 0xf801, [0x30, 0x3f00, 0xff0000, 0xf, 0xff006f]}, @wireless={0xb, 0x10, 0x1, 0x4, 0xc2, 0x3, 0xf9, 0x1ff, 0x12}]}, 0x6, [{0x65, &(0x7f0000000c80)=@string={0x65, 0x3, "3b36a45d799b4659e0a9b78823a0783e9dc0304dd323de5399cb520cdc1e4288274c66c58b83e7bde622d0c6be067181d20114f021753b3add255e3bade079766b90ed4d0460bdec847a2ad2a0ca923d7df0addd1f72321d17565b73ab630c82187397"}}, {0x62, &(0x7f0000000d00)=@string={0x62, 0x3, "4836d338408ac0de3ae79d3387cdc2891f214dbf3c08f5d3afba98d08499d03e4a545d68041c8988c827049df1ade192c9140e02e57fa3f274046ab50c08437916cd6445b1e044365aa56275f350d2420493cb29fe4684f96c533f522ae96807"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x2009}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x500a}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x457}}, {0x3a, &(0x7f0000000e40)=@string={0x3a, 0x3, "a4f7f4004e924761cbe6b45830fe33e016f361535c2e66d168c4c5c36dbdf2fe19ed0625cdee979641c2e462c311fac6d4130d69b8cba6c7"}}]}) 5.507326786s ago: executing program 0 (id=6416): unshare(0x2040400) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) unshare(0x800) syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010002cc2cdf40630731203fad0102030109021200015f6562700904010800ff", @ANYRESDEC=0x0], &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0}) 5.101766564s ago: executing program 1 (id=6418): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40000002, 0x0, 0xa17433da3c5d69a5, 0x2, 0x81}, 0x9c) 4.927122827s ago: executing program 1 (id=6419): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x339) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @multicast}) close(r1) read$FUSE(r0, &(0x7f0000002780)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000002580)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r3, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e82449888c0a7daca90e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebaee23e66a1c7e85fd9ae2c8db001f03cd65f65a44610c0c6103d17161ad98baf711e5fee20bb929f890a1bafa2444469e49b65676376a1e4458f738ec65b2e980f3bc34835fb0ee8b23c3e0deb9b0cf615f2c0264cec3bcac0a3b684c7689c9dfd55592d6f33ce00003390dc9f952cb2a50dcc76f500000000000000004af4a9d032530c5afbfc2021650e2febc5fae3f59e91ad4abd2b2d6eb4b86134bcdf1dd8c144ff7c4724f60df3ad354f7ea97109b4830a0666f0b3a604a7ecfd7af3da58c15341e478a1d96aaabd54bec794a8e5779711080cfce69a7811035281c9901f51f7ae2868d28f6a0970f856645930a8c67c4d3f324a03fffa499a76f65e0152ce40b4e5080021546fdb7ddd9d267c4c2b55b210ae6fe6f5cfb2b11084d02296a846737456b53ad78c45950e0c674abaee178bc2c13c4063c107170894b206fb8e340fca54e14d98064d7ca9b79a82f4"], 0x1e0) 4.86220193s ago: executing program 4 (id=6420): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}], 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="dbd3a489b7b2", 0x6}, {0x0}], 0x2}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000680)="72092df74f324642c3e319bb13b9e409f15e1f1146a926ab1c14d0dd7860fce270f820f953208dd8c5dacc041cc7de0ede5782144f811ea3e458f03529e87800e6cb2a5b069d7729c4fbfc8acba9d59eb6c86546eed46dae4a304bcfbe617ff951b32d4399e2e1b1348b173de109fbf78ef80ce505a6ada4b4de11f913b6d29e9e716edaa1c4e410b5af959056500f179131a1ccdacf3163df8688681aeb2d486a306e900dc58c368e64af5818eabc", 0xaf}, {&(0x7f0000000740)="cc651849576f441116eb13a7337eaeaa604da65c50a1af045819dafd89db85982efb9557d37b5808bce0c21041910f331e8b8aea209059087ba88d562dbc0155012bfab7b12040797b02e3a44d02c823e7d2a6d4df23b1558e0f19f5e3096ed9b40e1a8c93a6118004ca971304529f6f890ef0c70f1d6f6741abdd", 0x7b}, {0x0}, {&(0x7f0000000880)="3ca96daca516fbfb1a009f13ca55a2cf93fa0b0e57f35a0189cb87accc529b82f260343adf4fb1d13caa32c622ac", 0x2e}], 0x4, &(0x7f0000000940)}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000ac0)}, {&(0x7f0000000b40)="1dba4aeaa8e16b7ddfb08425c8a700d6ff177bec5a57e3cd8b3d677d4596309dbfa39e3378ffc65b033dca2351f53f21d7a5298e0439414b6f11", 0x3a}], 0x2}}, {{&(0x7f0000000c40)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000c80)="88c16da2e2c52876e026e154da7988013a74f575454e300b3df533d652fdfcabbdef0d0b44b8dd33b1d8c2d0fd4b54a6405b8c160304aa1ebbe81f2366cf742de2369d83d9acece6ff9c13dfb0b7677f6e7ad5af85f3f217ed4047eb9e7777e6234b85c8256f0a86d26720b74af13694a17fa1658632ab3f4d418f60a00bce890011f664cf5a54a3b92450aca72dd9f7f95c57a799576cb53011dd36aa77070beddf17b1e825b3b2189c4c9e64e0c2f1aef25014dba2715d687bdc920dd2acc4679b0b1538103f3bc9d855025e49c0375ab49c7403e45c514260853f9b4d0d03abdb552fb38f33e26618", 0xea}], 0x1, &(0x7f0000001040)}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001240)="cc6c865f7abe91cb82e1563621475902bdeb5a9bd84d2cc0f19213321434897c48c76af82f2b3c3568a4716be1117a748e4b0c7b6e6c28106464330d25bc4964123d8cdeed865cd8bd8a6a19708cebf61e622664375bd8215a1125d300e223899b1cbe7fc6496436574fd951958f76d859197d946321b36ff4d78c6ff602", 0x7e}, {&(0x7f0000001300)="7f47689305be7fbae40bb9dc948b6870ece3860bbc27fab793219bcab753745ee3266a949b46cb375dbcc5c898fe3c37960c8a4abfd40ef239e08ff0ea2ee84272f37ea42be650e8521dd1562cd835eac96e39f1621ad1320e2d43a25b37783f4cf3954486", 0x65}, {&(0x7f0000001380)="f40daf8814ae412116b2c80c9de50dbe4709bd8108451c1371c7e1059f7a3d3b76bc8dcde0f025f4fdf0b55316735ef388fb3a19c40fe9e811e86ce8a91ce8b7387a543ae4da4ff18d22c5a2a976c241183a51b213c8d6f44880478073ec885f0ba449c9e3f410184e7f6ab9e121e3d8f76c5eaa7532a594ccdbc80757fe3f2d2aa44bbdfa2061fc58b3181f4e5912f9c9dbba5959ae6a976b1fbb8d231f0f597dbebd61c9a814fbdb24c6f37063595f86be30995778ae06d6e4ec6b36f7bcc9392d74e23b4425e50e37702d62e2c7f90b9538b8ceaa6d4c208455291369aaa9249de753bddff723f163d764fd7610db001f6b169ac968d772a55c22eb6b", 0xfe}, {&(0x7f0000001500)="adb9305215b515a24831f60b1fbdc5318613d57bc75f94d05d19656712a4a5dc08097d09c4c93b56818f37e07e3288657bf960f9df482c2d5f4764956e0fda66b2b989242c19958a1e1bb101247a848a7a6ce49f0e3d", 0x56}], 0x4, &(0x7f0000003640)}}], 0x5, 0x1) 4.016137968s ago: executing program 1 (id=6421): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000f40)="b70b850975c8e10b4d3fda0fc03da61225ec9c522387844c1e73fcfd6cd39aab1f8d21f3fc31c7db41faf56b1957c3ca31d3227fc21424bc341cea86b652e03018790147f245a159bc8373a4991404dc0d09d75535da9196d0b09fa207e22a3ba31ca944779946d0e5519bef32f00314b8ce1d087995d1e08927c755c2e4062f98cc5e921168af08f4e0a905dea720d9396d0a9481d3cb7bd3ae59d640fe31e1f861ee4a425aad9de0fc0f1f9ee65d7e67f63f8ccf7d11a6a6cf3fa8f998fe00fe1fe5098beb30c0a9a0e18c55a24c93", 0xd0}], 0x1}}], 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="dbd3a489b7b2", 0x6}, {0x0}], 0x2}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000680)="72092df74f324642c3e319bb13b9e409f15e1f1146a926ab1c14d0dd7860fce270f820f953208dd8c5dacc041cc7de0ede5782144f811ea3e458f03529e87800e6cb2a5b069d7729c4fbfc8acba9d59eb6c86546eed46dae4a304bcfbe617ff951b32d4399e2e1b1348b173de109fbf78ef80ce505a6ada4b4de11f913b6d29e9e716edaa1c4e410b5af959056500f179131a1ccdacf3163df8688681aeb2d486a306e900dc58c368e64af5818eabc", 0xaf}, {&(0x7f0000000740)="cc651849576f441116eb13a7337eaeaa604da65c50a1af045819dafd89db85982efb9557d37b5808bce0c21041910f331e8b8aea209059087ba88d562dbc0155012bfab7b12040797b02e3a44d02c823e7d2a6d4df23b1558e0f19f5e3096ed9b40e1a8c93a6118004ca971304529f6f890ef0c70f1d6f6741abdd", 0x7b}, {0x0}, {&(0x7f0000000880)="3ca96daca516fbfb1a009f13ca55a2cf93fa0b0e57f35a0189cb87accc529b82f260343adf4fb1d13caa32c622ac", 0x2e}], 0x4, &(0x7f0000000940)}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000ac0)}, {&(0x7f0000000b40)="1dba4aeaa8e16b7ddfb08425c8a700d6ff177bec5a57e3cd8b3d677d4596309dbfa39e3378ffc65b033dca2351f53f21d7a5298e0439414b6f11", 0x3a}], 0x2}}, {{&(0x7f0000000c40)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000c80)="88c16da2e2c52876e026e154da7988013a74f575454e300b3df533d652fdfcabbdef0d0b44b8dd33b1d8c2d0fd4b54a6405b8c160304aa1ebbe81f2366cf742de2369d83d9acece6ff9c13dfb0b7677f6e7ad5af85f3f217ed4047eb9e7777e6234b85c8256f0a86d26720b74af13694a17fa1658632ab3f4d418f60a00bce890011f664cf5a54a3b92450aca72dd9f7f95c57a799576cb53011dd36aa77070beddf17b1e825b3b2189c4c9e64e0c2f1aef25014dba2715d687bdc920dd2acc4679b0b1538103f3bc9d855025e49c0375ab49c7403e45c514260853f9b4d0d03abdb55", 0xe3}], 0x1, &(0x7f0000001040)}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001240)="cc6c865f7abe91cb82e1563621475902bdeb5a9bd84d2cc0f19213321434897c48c76af82f2b3c3568a4716be1117a748e4b0c7b6e6c28106464330d25bc4964123d8cdeed865cd8bd8a6a19708cebf61e622664375bd8215a1125d300e223899b1cbe7fc6496436", 0x68}, {&(0x7f0000001300)="7f47689305be7fbae40bb9dc948b6870ece3860bbc27fab793219bcab753745ee3266a949b46cb375dbcc5c898fe3c37960c8a4abfd40ef239e08ff0ea2ee84272f37ea42be650e8", 0x48}, {&(0x7f0000001380)="f40daf8814ae412116b2c80c9de50dbe4709bd8108451c1371c7e1059f7a3d3b76bc8dcde0f025f4fdf0b55316735ef388fb3a19c40fe9e811e86ce8a91ce8b7387a543ae4da4ff18d22c5a2a976c241183a51b213c8d6f44880478073ec885f0ba449c9e3f410184e7f6ab9e121e3d8f76c5eaa7532a594ccdbc80757fe3f2d2aa44bbdfa2061fc58b3181f4e5912f9c9dbba5959ae6a976b1fbb8d231f0f597dbebd61c9a814fbdb24c6f37063595f86be30995778ae06d6e4ec6b36f7bcc9392d74e23b4425e50e37702d62e2c7f90b9538b8ceaa6d4c208455291369aaa9249de753bddff723f163d764fd7610db001f6b169ac968d772a55c22eb", 0xfd}], 0x3, &(0x7f0000003640)}}], 0x5, 0x1) 3.856313221s ago: executing program 4 (id=6422): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c000180080001"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) (fail_nth: 1) 3.74126681s ago: executing program 3 (id=6423): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)="8f", 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e24, 0x2, @rand_addr=' \x01\x00', 0x6}, 0x1c, &(0x7f0000000700)=[{&(0x7f00000005c0)='<', 0x1}], 0x1}}], 0x2, 0x0) r2 = socket$kcm(0xa, 0x5, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="c2754713e36569b2fae8649eb50c4d0000000000", @ANYRES32=0x1], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8916, &(0x7f0000000000)={r3}) r4 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8916, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8936, &(0x7f0000000000)={r3}) shutdown(r1, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x4c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000000c0), &(0x7f00000001c0)=0x8) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0) 3.302177384s ago: executing program 4 (id=6424): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000002bc0)={&(0x7f0000002b80)={0x24, r1, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8800) 3.255562753s ago: executing program 1 (id=6425): sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a0005", 0x3b, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB], 0x4c}}, 0x0) 3.16835137s ago: executing program 4 (id=6426): syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000440)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8}) socket(0x1, 0x6, 0xc312) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) fsopen(&(0x7f00000001c0)='binder\x00', 0x1) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x77359400}}, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, 0x0, 0x0) listen(r1, 0xfffffffc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e09"], 0x0) socket(0x40000000015, 0x5, 0x0) 3.067711579s ago: executing program 3 (id=6427): r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x5c, 0x59455247, 0x640, 0x4b0, 0x0, @discrete={0x5, 0x6}}) (fail_nth: 1) 2.956926914s ago: executing program 1 (id=6428): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001280)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, 0x9}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000001900)="ada3468ff5b811c75a5cb675c4e3a6039748de9cec396af675712339f7fcdf949100e6dfe6ee2f169a4d5a06a34316", 0x2f}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010200002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801) sendmmsg$inet6(r0, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x804) (fail_nth: 1) 2.253887158s ago: executing program 1 (id=6429): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x1003502, 0xa}, [@offload={0xc}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x148}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000007d80)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000007cc0)={0x14, 0x6a, 0x15, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x5, 0x42) syz_usb_disconnect(r5) syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[], 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r6, &(0x7f00000000c0)={0x21, 0x3, 0x0, {0x1}}, 0x21) ioctl$RTC_IRQP_SET(r2, 0x4008700c, 0x178f) ioctl$EVIOCRMFF(r5, 0x550c, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="186536410f017d00440f20c03507000000440f22c00f23d80f219d970f23f8660f2263c4c17c77413e1c6767450f01cfb94d0800000f32c422d1b7900000c0fe", 0x40}], 0x1, 0x34, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$KVM_RUN(r4, 0xae80, 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r2) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x2f8, r7, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "f9e4400ced4332c575845a7976616f2b55b75ebe472d5c525be035d18510"}}]}, @TIPC_NLA_NODE={0x88, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "dbcea62b38f4a748b0c86a436da0394e2549d8a2c952"}}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "5a38ba38589774f09ba533899e09e1ae9f9c3ad8421eca33538eca9a"}}]}, @TIPC_NLA_BEARER={0xac, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'ib', 0x3a, 'pimreg\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x43}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x460, @empty, 0x10000}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "491f62702a3b76a7adec64a21f327d07c5541985568dafe3d53e2d9f4d5f65"}}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "dc2b58f0473be959b2c24ff8719e20f234dc99d2eb2f12273149f8fc"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x70, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81a92545}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x2f8}}, 0x4) openat$cgroup_ro(r2, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) 2.253610565s ago: executing program 3 (id=6430): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001280)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, 0x9}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000001900)="ada3468ff5b811c75a5cb675c4e3a6039748de9cec396af675712339f7fcdf949100e6dfe6ee2f169a4d5a06a34316", 0x2f}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010200002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801) sendmmsg$inet6(r0, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x804) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x800) 2.19686949s ago: executing program 0 (id=6431): syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1f220000aeff3b97e051ca622681837e9dca00000000000000", @ANYRES32, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r3, 0xffff8000) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3) r5 = landlock_create_ruleset(&(0x7f0000000280)={0x2050, 0x0, 0x1}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000340)={0x2000}, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000240)=""/203) rt_sigaction(0x40, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380)) r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000005840)={0x2020}, 0x2020) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f00000006c0)=""/85, 0x55}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf, 0x34000}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) r7 = syz_open_dev$radio(&(0x7f0000000480), 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r7, 0x402c5639, &(0x7f0000000e80)={0x8, 0x3, 0xd}) unlink(&(0x7f0000000300)='./file0\x00') ioctl$EVIOCGMASK(r6, 0x80104592, &(0x7f0000000300)={0x0, 0x9, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) 2.137835734s ago: executing program 3 (id=6432): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="9c", 0x1}], 0x1}}], 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="dbd3a489b7b2", 0x6}, {0x0}], 0x2}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000680)="72092df74f324642c3e319bb13b9e409f15e1f1146a926ab1c14d0dd7860fce270f820f953208dd8c5dacc041cc7de0ede5782144f811ea3e458f03529e87800e6cb2a5b069d7729c4fbfc8acba9d59eb6c86546eed46dae4a304bcfbe617ff951b32d4399e2e1b1348b173de109fbf78ef80ce505a6ada4b4de11f913b6d29e9e716edaa1c4e410b5af959056500f179131a1ccdacf3163df8688681aeb2d486a306e900dc58c368e64af5818eabc", 0xaf}, {&(0x7f0000000740)="cc651849576f441116eb13a7337eaeaa604da65c50a1af045819dafd89db85982efb9557d37b5808bce0c21041910f331e8b8aea209059087ba88d562dbc0155012bfab7b12040797b02e3a44d02c823e7d2a6d4df23b1558e0f19f5e3096ed9b40e1a8c93a6118004ca971304529f6f890ef0c70f1d6f6741abdd", 0x7b}, {0x0}, {&(0x7f0000000880)="3ca96daca516fbfb1a009f13ca55a2cf93fa0b0e57f35a0189cb87accc529b82f260343adf4fb1d13caa32c622ac", 0x2e}], 0x4, &(0x7f0000000940)}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000ac0)}, {&(0x7f0000000b40)="1dba4aeaa8e16b7ddfb08425c8a700d6ff177bec5a57e3cd8b3d677d4596309dbfa39e3378ffc65b033dca2351f53f21d7a5298e0439414b6f11", 0x3a}], 0x2}}, {{&(0x7f0000000c40)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000d80)=[{&(0x7f0000000c80)="88c16da2e2c52876e026e154da7988013a74f575454e300b3df533d652fdfcabbdef0d0b44b8dd33b1d8c2d0fd4b54a6405b8c160304aa1ebbe81f2366cf742de2369d83d9acece6ff9c13dfb0b7677f6e7ad5af85f3f217ed4047eb9e7777e6234b85c8256f0a86d26720b74af13694a17fa1658632ab3f4d418f60a00bce890011f664cf5a54a3b92450aca72dd9f7f95c57a799576cb53011dd36aa77070beddf17b1e825b3b2189c4c9e64e0c2f1aef25014dba2715d687bdc920dd2acc4679b0b1538103f3bc9d855025e49c0375ab49c7403e45c514260853f9b4d0d03abdb552fb38f33e26618", 0xea}], 0x1, &(0x7f0000001040)}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001240)="cc6c865f7abe91cb82e1563621475902bdeb5a9bd84d2cc0f19213321434897c48c76af82f2b3c3568a4716be1117a748e4b0c7b6e6c28106464330d25bc4964123d8cdeed865cd8bd8a6a19708cebf61e622664375bd8215a1125d300e223899b1cbe7fc6496436574fd951958f76d859197d946321b36ff4d78c6ff602", 0x7e}, {&(0x7f0000001300)="7f47689305be7fbae40bb9dc948b6870ece3860bbc27fab793219bcab753745ee3266a949b46cb375dbcc5c898fe3c37960c8a4abfd40ef239e08ff0ea2ee84272f37ea42be650e8521dd1562cd835eac96e39f1621ad1320e2d43a25b37783f4cf3954486", 0x65}, {&(0x7f0000001380)="f40daf8814ae412116b2c80c9de50dbe4709bd8108451c1371c7e1059f7a3d3b76bc8dcde0f025f4fdf0b55316735ef388fb3a19c40fe9e811e86ce8a91ce8b7387a543ae4da4ff18d22c5a2a976c241183a51b213c8d6f44880478073ec885f0ba449c9e3f410184e7f6ab9e121e3d8f76c5eaa7532a594ccdbc80757fe3f2d2aa44bbdfa2061fc58b3181f4e5912f9c9dbba5959ae6a976b1fbb8d231f0f597dbebd61c9a814fbdb24c6f37063595f86be30995778ae06d6e4ec6b36f7bcc9392d74e23b4425e50e37702d62e2c7f90b9538b8ceaa6d4c208455291369aaa9249de753bddff723f163d764fd7610db001f6b169ac968d772a55c22eb6b", 0xfe}, {&(0x7f0000001500)="adb9305215b515a24831f60b1fbdc5318613d57bc75f94d05d19656712a4a5dc08097d09c4c93b56818f37e07e3288657bf960f9df482c2d5f4764956e0fda66b2b989242c19958a1e1bb101247a848a7a6ce49f0e3d", 0x56}], 0x4, &(0x7f0000003640)}}], 0x5, 0x1) 1.996462283s ago: executing program 2 (id=6433): syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x3, &(0x7f00000001c0)='\x00\x00\x00'}, {0x2, 0x201, 0x0, 0x0}], 0x2}) 1.693394294s ago: executing program 3 (id=6434): socket$rds(0x15, 0x5, 0x0) r0 = socket(0x2b, 0x1, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0) brk(0x400000ffc000) syz_io_uring_setup(0x62ce, 0x0, 0x0, &(0x7f00000003c0)=0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0}) writev(0xffffffffffffffff, &(0x7f0000000280), 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x600}, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000080)={0x28, r7, 0x62c21a4ade68aba1, 0x70bd28, 0x0, {{0x32}, {@void, @val={0x8}, @val={0xc, 0x99, {0xffffffff, 0x28}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) ioctl$EVIOCGKEY(r6, 0x8040453f, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000025, &(0x7f0000000200)=0x1, 0x4) r9 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000180)={0xa, @pix_mp={0x0, 0x7, 0x32314d4e, 0x7, 0x0, [{}, {0xffffffff, 0x3}, {0x4}, {}, {}, {}, {0x0, 0xffffffff}], 0x4e}}) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r11, 0x4008ae89, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x10, 0x10, 0x0, 0x4b, {{0xa, 0x4, 0x0, 0x12, 0x28, 0x78, 0xfffc, 0x8, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x1f}, @multicast2, {[@end, @rr={0x7, 0x13, 0xdf, [@multicast2, @multicast1, @multicast2, @local]}]}}}}}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) 61.453801ms ago: executing program 0 (id=6435): r0 = memfd_secret(0x0) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x8, 0x1, 0x2, 0x4, {{0x36, 0x4, 0x1, 0x5, 0xd8, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@lsrr={0x83, 0x7, 0xed, [@loopback]}, @timestamp={0x44, 0x14, 0x81, 0x0, 0x1, [0x9, 0x0, 0x7ff, 0x1]}, @timestamp_addr={0x44, 0x14, 0xbb, 0x1, 0x2, [{@empty, 0x7}, {@local, 0x7ff}]}, @cipso={0x86, 0x6e, 0xffffffffffffffff, [{0x7, 0x12, "13bbe2eea6bf734cb4afac7436d678dc"}, {0x6, 0x9, "8468f651127f28"}, {0x5, 0x10, "44d3e96ab8b4feccabe142ba26a0"}, {0x2, 0x11, "22714b82f754d10e3479aee8c54ab4"}, {0x5, 0x7, "26a1fd94fb"}, {0x5, 0x12, "0890ac1059f20ef3139c2085e10e38b2"}, {0x2, 0xd, "90cf49205bb5920956c4e6"}, {0x7, 0x4, "c76c"}, {0x5, 0x2}]}, @lsrr={0x83, 0x27, 0xd5, [@remote, @dev={0xac, 0x14, 0x14, 0x25}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @loopback]}]}}}}}) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000180)={@initdev, @empty, 0x0}, &(0x7f00000001c0)=0xc) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=@bridge_dellink={0xc0, 0x11, 0x100, 0x70bd26, 0x25dfdbfe, {0x7, 0x0, 0x0, r1, 0x4040, 0x2}, [@IFLA_EVENT={0x8, 0x2c, 0x2}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x35ed9}, @IFLA_PORT_SELF={0x80, 0x19, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "4d0eca748c3bd06e5d7420063fbcaf00"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "c6db688a393231a0f24ea48626892b49"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "1ff643edd63f44a3db84c165cc0f19d3"}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x9}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x3}, @IFLA_PORT_VF={0x8, 0x1, 0x7d2}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "48f124e76818bd36b6516b85abe9ebbb"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "cebd24f13bd8d312ebb07d9e30c52797"}]}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x1}]}, 0xc0}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000340)={0xaa, 0x20}) (async) getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r3 = fcntl$getown(r0, 0x9) sendmsg$nl_route(r0, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@getlink={0x7c, 0x12, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x22484, 0x3}, [@IFLA_BROADCAST={0xa, 0x2, @random="6f5a597aae52"}, @IFLA_MAP={0x24, 0xe, {0x4, 0xd, 0xfffffffffffffffc, 0x3, 0x9}}, @IFLA_EXT_MASK={0x8, 0x1d, 0x800}, @IFLA_NET_NS_PID={0x8, 0x13, r3}, @IFLA_EVENT={0x8, 0x2c, 0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x6a3e2}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000001}, 0x80) (async) getdents(r0, &(0x7f0000000540)=""/85, 0x55) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x84040, 0x0) (async) ioctl$KVM_RUN(r0, 0xae80, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELTABLE={0x128, 0x2, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x40, 0x6, "03c5fab1417f90c370f298690d2bf4cf88b7481ec60d84dedba2deb53577733a608ef566a608272c9005710bd828b769fda73d115bb7c46032b68dc0"}, @NFTA_TABLE_USERDATA={0x3b, 0x6, "8e16695a93a83357f0aba4f6595f8a15f764e5dec55c9c3e5b5f2dee036084b6e2493f7615a23a2d3ba6739239fdea1aa84378fc6848c7"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x35, 0x6, "8c39b334d8e679ac37bc20d689108802f95acde7d393f3623b185748c07b8db534b20478dffec0df6ee9d5cb4439ff7c73"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x25, 0x6, "96664ac0365e3d6de01da1f3ec52c929b6074b745c49e495fc2c6d93975123a240"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x150}, 0x1, 0x0, 0x0, 0x40044}, 0x41) (async, rerun: 64) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000840), 0x4) (async, rerun: 64) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000880), &(0x7f00000008c0)=0xe) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5, 0x11, r0, 0xef277000) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r0, 0x1e, &(0x7f0000000900)={r4}, 0x1) (async) r5 = inotify_add_watch(r0, &(0x7f0000000940)='./file0\x00', 0x21000102) inotify_rm_watch(r0, r5) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), r0) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x14, r6, 0x800, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44010}, 0x20000054) (async) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$FIGETBSZ(r7, 0x2, &(0x7f0000000ac0)) (async, rerun: 64) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000b00)) (async, rerun: 64) r8 = socket(0x25, 0x800, 0xe5) (async) mq_unlink(&(0x7f0000000b40)='\x00') (async) epoll_pwait(r0, &(0x7f0000000b80)=[{}, {}, {}, {}], 0x4, 0x3, &(0x7f0000000bc0)={[0x3]}, 0x8) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r8, 0x89f8, &(0x7f0000000cc0)={'erspan0\x00', &(0x7f0000000c40)={'tunl0\x00', 0x0, 0x7, 0x8, 0x0, 0x10, {{0x14, 0x4, 0x3, 0x2d, 0x50, 0x67, 0x0, 0x7, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x25}, {[@lsrr={0x83, 0x7, 0xaa, [@private=0xa010102]}, @ra={0x94, 0x4}, @ra={0x94, 0x4}, @generic={0x7, 0x3, '^'}, @ssrr={0x89, 0x27, 0x89, [@rand_addr=0x64010101, @local, @empty, @rand_addr=0x64010102, @rand_addr=0x64010100, @remote, @local, @local, @remote]}]}}}}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r9, &(0x7f0000001140)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001100)={&(0x7f0000000d00)={0x3f0, 0x0, 0x0, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xfffffffb}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x178, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x5c, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x789a}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xaeb}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40000000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syztnl0\x00'}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xc8, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffe00}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syztnl0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '*/-&{\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '*@#-#\x10-/\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x51}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '!-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffe}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_BITS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xf6}]}]}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x1b4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd7, 0x4, "e330d8d6e0c7d4e3506ace9d5a7b39900f2be8b23781793a39055f58346cb49029256242b272b81b02ed3c4ad82063289df4c5145db0d232110a10d20caa6f38fbfda864d05ee56f6d08db99dc98b4a681cae005a271a0fbd48b1851270802c9820837075c0bbf8d88148aa5ce5d65eccebf7dd03811813cc0d39fc59b9bffd68e5812089ea17fe79131d830582558c3df225b36011dc04cef07bb51002c189e899cb53eb8e28bd9c111b0896af84a1fed6f5b8e3d6dfe6fe78e6486603d4b9d6f149677ae1df8dacfd1ddf1f19fb722c1bc5c"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xc8, 0x3, 0x0, 0x1, [{0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\xaa\xaa\xaa\xaa\xaa'}, @ETHTOOL_A_BITSET_BIT_NAME={0x10, 0x2, '^-.#\n$}{:%$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syztnl1\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syztnl0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '\xdf+//@][\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x3f0}, 0x1, 0x0, 0x0, 0x8010}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001580)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001540)={&(0x7f0000001200)={0x324, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_OURS={0x130, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x87, 0x5, "7c70e64c9ced85c24dc3ce1ae383d680118fb92647c50f4de3e6036a8746b4b825e4bac28944401dcead76a164f239cd93dee43376706b7bae679346a2518cfed2ce80927f9185ee3dd9665a5bbcfb9c2db255ec25308cb83d3c5c76e90ea338d1b5f81a917aaf09ce298f419e7e620a53efdb916dc546b3dc711e0c41707b73ec1b24"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x50, 0x5, "3c23b248b0bc3a47a847a1c887f89eb147974b88ab5287e1a48e0cbf4eac976c61af65f8818edb4fdb76e58f326bbdbf40d5713a2f05d7c33379246a92b1cdafc6e48d469f0b8dff4a26ff49"}, @ETHTOOL_A_BITSET_MASK={0x3c, 0x5, "f16627813ee5761014edeba60873364972de69cc79c0fcbaca3ad843bfcb25356126f2c28b1cf0ba8a169e3badfb4cf16a64411c9e7afdf9"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_OURS={0x1d8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0xe4, 0x5, "fb89493107e7886e983c0636ce76b0ad4db235de252685f513ac8e6a38dadf0f10fda9d7538350229e418622300a57678cb8f862da39917ba6be74d4e90878c5ae82cb81c579bb6d18790cf5956bdf5746dcbcb2fbef7d9976ef149380b2508cb4fd0cc533b93da517cf87880b77405c1c2b6119f037045270f844f0d77f2075a6b785851f6836b4536c00b79e215553f7b610e1bd2fbb2f8d65410d10ff706fdd26bf2a57ac8ddb4f2c5fdfea2cf8496280ce669c094226add08d35a730e3f3272b165b154d92013731cd3af1d3e6656776f3a98fb3ba769bcd4dfbf964a1f6"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_BITS={0xe0, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syztnl1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '$\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '[\\\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '*/-&{\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '^/\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff8}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'erspan0\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x4}]}, 0x324}, 0x1, 0x0, 0x0, 0x20000000}, 0x44818) 21.667959ms ago: executing program 4 (id=6436): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = epoll_create1(0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = epoll_create1(0x0) bind$unix(0xffffffffffffffff, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x40400c0}, 0x200000d0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000000)={0xa0000001}) poll(&(0x7f00000000c0)=[{r6, 0x1009}], 0x1, 0x8000007) rseq(0x0, 0x0, 0x0, 0x0) setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x2000000000002, 0x6, 0x0, 0x676, 0x100000000000008, 0x0, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x5d, 0x5e62, 0x0, 0xbce3, 0x9, 0x7}, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) inotify_init1(0x0) 0s ago: executing program 2 (id=6437): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) r0 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_attach_bpf(r0, 0x29, 0x4b, 0x0, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}}, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000002c0)=""/139, &(0x7f0000000100)=0x8b) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@dev, @in=@loopback}}, {{@in6=@ipv4={""/10, ""/2, @remote}}, 0x0, @in=@multicast1}}, &(0x7f0000000080)=0xe8) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000380), &(0x7f00000003c0)=0x8) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001040)={'ip_vti0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x6c, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x78, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000180)=0xc) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x9f, 0x600100) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064d1, &(0x7f0000000600)={&(0x7f0000000180), 0x0, 0x0, 0x0}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc0000001900010000000000fedbdf2520010000000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000866bd0b00000000000000000000000000000000a000000000000000000000080400000000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff00000000000000000000000000000000000300"/180], 0xfc}}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xbc, 0x21, 0x1, 0x0, 0x0, {{@in=@broadcast, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}}, [@migrate={0x50, 0x11, [{@in=@loopback, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x64010100, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x2}]}, @encap={0x1c, 0x4, {0x2, 0x4e24, 0x4e23, @in6=@private1}}]}, 0xbc}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) kernel console output (not intermixed with test programs): f [ 991.868450][T22293] ? clear_bhb_loop+0x60/0xb0 [ 991.868477][T22293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.868499][T22293] RIP: 0033:0x7fbb5038d33c [ 991.868518][T22293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 991.868538][T22293] RSP: 002b:00007fbb51174030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 991.868561][T22293] RAX: ffffffffffffffda RBX: 00007fbb505b5fa0 RCX: 00007fbb5038d33c [ 991.868578][T22293] RDX: 000000000000000f RSI: 00007fbb511740a0 RDI: 0000000000000004 [ 991.868592][T22293] RBP: 00007fbb51174090 R08: 0000000000000000 R09: 0000000000000000 [ 991.868606][T22293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 991.868619][T22293] R13: 0000000000000000 R14: 00007fbb505b5fa0 R15: 00007fbb506dfa28 [ 991.868653][T22293] [ 992.251683][ T5166] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 992.268037][ T5166] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 992.360536][ T5166] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 992.425020][ T5166] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 992.452336][T21128] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 993.305058][T22298] chnl_net:caif_netlink_parms(): no params data found [ 993.925547][T22298] bridge0: port 1(bridge_slave_0) entered blocking state [ 993.933416][T22298] bridge0: port 1(bridge_slave_0) entered disabled state [ 993.941381][T22298] bridge_slave_0: entered allmulticast mode [ 993.949911][T22298] bridge_slave_0: entered promiscuous mode [ 993.959272][T22298] bridge0: port 2(bridge_slave_1) entered blocking state [ 993.968020][T22298] bridge0: port 2(bridge_slave_1) entered disabled state [ 993.976516][T22298] bridge_slave_1: entered allmulticast mode [ 993.985373][T22298] bridge_slave_1: entered promiscuous mode [ 994.062015][T22298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 994.090960][T22298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 994.397526][T22298] team0: Port device team_slave_0 added [ 994.433169][T22298] team0: Port device team_slave_1 added [ 994.497834][T21128] Bluetooth: hci2: command tx timeout [ 994.592606][T22298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 994.637644][T22298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.668270][T22298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 994.709975][T22298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 994.758014][T22298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 995.157761][T22298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 995.653298][T22298] hsr_slave_0: entered promiscuous mode [ 995.702911][T22298] hsr_slave_1: entered promiscuous mode [ 995.723109][T22298] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 995.765813][T22298] Cannot create hsr debugfs directory [ 996.567856][T21128] Bluetooth: hci2: command tx timeout [ 997.481160][T22298] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.543424][T22358] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 998.446025][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.460049][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.485252][T22298] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.647849][T21128] Bluetooth: hci2: command tx timeout [ 998.792956][T22298] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.978887][T22377] netlink: 'syz.4.6068': attribute type 1 has an invalid length. [ 999.191955][T22380] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6068'. [ 999.230464][T22377] 8021q: adding VLAN 0 to HW filter on device bond9 [ 999.315722][T22298] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.398406][T22379] 8021q: adding VLAN 0 to HW filter on device bond9 [ 999.419685][T22379] bond9: (slave vxcan5): The slave device specified does not support setting the MAC address [ 999.449605][T22379] bond9: (slave vxcan5): Error -95 calling set_mac_address [ 999.492052][T22380] 8021q: adding VLAN 0 to HW filter on device bond9 [ 999.762781][T22298] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 999.775934][T22298] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 999.807500][T22298] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 999.846884][T22298] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1000.273939][T22298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1000.314904][T22298] 8021q: adding VLAN 0 to HW filter on device team0 [ 1000.339763][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1000.347008][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1000.377578][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1000.384892][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1000.615076][T22298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1000.738280][T21128] Bluetooth: hci2: command tx timeout [ 1000.867325][T22298] veth0_vlan: entered promiscuous mode [ 1000.905903][T22298] veth1_vlan: entered promiscuous mode [ 1001.193826][ T5921] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1001.293060][T22298] veth0_macvtap: entered promiscuous mode [ 1001.385325][T22298] veth1_macvtap: entered promiscuous mode [ 1001.427954][ T5921] usb 3-1: Using ep0 maxpacket: 16 [ 1001.491862][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1001.559643][ T5921] usb 3-1: config 0 has no interfaces? [ 1001.568691][T22298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1001.615711][ T5921] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1001.693044][T22298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1001.710745][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1001.750115][ T5921] usb 3-1: Product: syz [ 1001.750148][ T5921] usb 3-1: Manufacturer: syz [ 1001.750166][ T5921] usb 3-1: SerialNumber: syz [ 1001.794637][ T5921] usb 3-1: config 0 descriptor?? [ 1001.808216][ T5941] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1001.811723][T22298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.811763][T22298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.811795][T22298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.811827][T22298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.008555][ T5941] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1002.008591][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1002.008614][ T5941] usb 4-1: Product: syz [ 1002.008631][ T5941] usb 4-1: Manufacturer: syz [ 1002.008648][ T5941] usb 4-1: SerialNumber: syz [ 1002.051751][T22414] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6078'. [ 1002.051798][T22414] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6078'. [ 1002.052916][ T5941] usb 4-1: config 0 descriptor?? [ 1002.077141][ T5941] ch341 4-1:0.0: ch341-uart converter detected [ 1002.093239][T21673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1002.093263][T21673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1002.107477][T22414] team0: entered promiscuous mode [ 1002.107774][T22414] team_slave_0: entered promiscuous mode [ 1002.109761][T22414] team_slave_1: entered promiscuous mode [ 1002.113000][T22414] batadv_slave_1: entered promiscuous mode [ 1002.204195][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1002.204221][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1002.285462][ T5941] usb 4-1: failed to receive control message: -71 [ 1002.285511][ T5941] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1002.289920][ T5941] usb 4-1: USB disconnect, device number 70 [ 1002.291005][ T5941] ch341 4-1:0.0: device disconnected [ 1003.333554][T22435] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6084'. [ 1003.877730][ T5941] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1004.008544][ T5941] usb 2-1: device descriptor read/64, error -71 [ 1004.277828][ T5941] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1004.427690][ T5941] usb 2-1: device descriptor read/64, error -71 [ 1004.509373][ T5920] usb 3-1: USB disconnect, device number 77 [ 1004.593483][ T5941] usb usb2-port1: attempt power cycle [ 1004.957952][ T5941] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1005.009459][ T5941] usb 2-1: device descriptor read/8, error -71 [ 1005.368289][ T5941] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1005.431046][ T5941] usb 2-1: device descriptor read/8, error -71 [ 1005.581399][ T5941] usb usb2-port1: unable to enumerate USB device [ 1006.370841][T22472] netlink: 372 bytes leftover after parsing attributes in process `syz.3.6096'. [ 1006.428003][T22472] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 1006.837947][ T1216] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1006.917967][T22480] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6100'. [ 1007.018009][ T1216] usb 3-1: Using ep0 maxpacket: 16 [ 1007.029176][ T1216] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1007.055350][ T1216] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1007.077473][ T1216] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 1007.090301][ T1216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.100844][ T1216] usb 3-1: Product: syz [ 1007.105056][ T1216] usb 3-1: Manufacturer: syz [ 1007.110308][ T1216] usb 3-1: SerialNumber: syz [ 1007.125890][ T1216] usb 3-1: config 0 descriptor?? [ 1007.194949][T22490] netlink: 'syz.1.6102': attribute type 1 has an invalid length. [ 1007.203653][T22490] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6102'. [ 1007.215746][T22490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6102'. [ 1007.233595][T22489] syzkaller0: entered allmulticast mode [ 1007.247766][ T860] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1007.272743][T22489] syzkaller0 (unregistering): left allmulticast mode [ 1007.345689][ T1216] usb 3-1: USB disconnect, device number 78 [ 1007.398098][ T860] usb 4-1: Using ep0 maxpacket: 32 [ 1007.418962][ T860] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 1007.446347][ T860] usb 4-1: config 0 has no interface number 0 [ 1007.478049][ T860] usb 4-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1007.503943][ T860] usb 4-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1007.528897][ T860] usb 4-1: config 0 interface 2 has no altsetting 0 [ 1007.606776][ T860] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1007.621277][ T860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1007.668331][ T860] usb 4-1: config 0 descriptor?? [ 1007.705574][ T860] usbhid 4-1:0.2: couldn't find an input interrupt endpoint [ 1007.888679][T22482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1007.897498][T22482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1008.005264][T22496] fuse: Unknown parameter 'group[id' [ 1008.278146][ T1216] usb 3-1: new full-speed USB device number 79 using dummy_hcd [ 1008.442085][ T1216] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1008.487209][ T1216] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1008.529232][ T1216] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1008.552646][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1008.771441][ T1216] usb 3-1: usb_control_msg returned -32 [ 1008.800122][ T1216] usbtmc 3-1:16.0: can't read capabilities [ 1009.242839][T22502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1009.293186][T22502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1009.350115][T22502] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1009.425337][T22509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1009.462829][T22509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1009.493243][T22509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1009.522516][T22509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1009.815874][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1009.815894][ T30] audit: type=1326 audit(1752775785.737:3399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22517 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1009.865365][ T30] audit: type=1326 audit(1752775785.737:3400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22517 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1009.898634][ T30] audit: type=1326 audit(1752775785.777:3401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22517 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1009.919401][T22520] FAULT_INJECTION: forcing a failure. [ 1009.919401][T22520] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.933893][ T30] audit: type=1326 audit(1752775785.777:3402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22517 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1009.939154][T22520] CPU: 0 UID: 0 PID: 22520 Comm: syz.0.6113 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1009.939189][T22520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1009.939204][T22520] Call Trace: [ 1009.939214][T22520] [ 1009.939224][T22520] dump_stack_lvl+0x189/0x250 [ 1009.939262][T22520] ? __pfx____ratelimit+0x10/0x10 [ 1009.939289][T22520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1009.939319][T22520] ? __pfx__printk+0x10/0x10 [ 1009.939356][T22520] ? __pfx___schedule+0x10/0x10 [ 1009.939390][T22520] should_fail_ex+0x414/0x560 [ 1009.939421][T22520] should_failslab+0xa8/0x100 [ 1009.939472][T22520] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1009.939508][T22520] ? __alloc_skb+0x112/0x2d0 [ 1009.939548][T22520] __alloc_skb+0x112/0x2d0 [ 1009.939586][T22520] xfrm_send_policy_notify+0x29d/0x1bb0 [ 1009.939623][T22520] ? __lock_acquire+0xab9/0xd20 [ 1009.939653][T22520] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 1009.939694][T22520] ? km_policy_notify+0x28/0x200 [ 1009.939739][T22520] ? km_policy_notify+0x28/0x200 [ 1009.939771][T22520] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 1009.939805][T22520] km_policy_notify+0x11e/0x200 [ 1009.939836][T22520] ? km_policy_notify+0x28/0x200 [ 1009.939870][T22520] xfrm_add_policy+0x4c7/0x800 [ 1009.939924][T22520] ? __pfx_xfrm_add_policy+0x10/0x10 [ 1009.939954][T22520] ? apparmor_capable+0x137/0x1b0 [ 1009.939995][T22520] ? __nla_parse+0x40/0x60 [ 1009.940030][T22520] xfrm_user_rcv_msg+0x7a3/0xab0 [ 1009.940092][T22520] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1009.940167][T22520] ? __mutex_trylock_common+0x153/0x260 [ 1009.940202][T22520] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1009.940240][T22520] ? rcu_is_watching+0x15/0xb0 [ 1009.940272][T22520] ? trace_contention_end+0x39/0x120 [ 1009.940311][T22520] netlink_rcv_skb+0x205/0x470 [ 1009.940348][T22520] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 1009.940384][T22520] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1009.940429][T22520] ? netlink_deliver_tap+0x2e/0x1b0 [ 1009.940469][T22520] ? netlink_deliver_tap+0x2e/0x1b0 [ 1009.940506][T22520] xfrm_netlink_rcv+0x79/0x90 [ 1009.940540][T22520] netlink_unicast+0x75c/0x8e0 [ 1009.940584][T22520] netlink_sendmsg+0x805/0xb30 [ 1009.940630][T22520] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1009.940669][T22520] ? aa_sock_msg_perm+0x94/0x160 [ 1009.940698][T22520] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1009.940724][T22520] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1009.940760][T22520] __sock_sendmsg+0x219/0x270 [ 1009.940793][T22520] ____sys_sendmsg+0x505/0x830 [ 1009.940837][T22520] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1009.940887][T22520] ? import_iovec+0x74/0xa0 [ 1009.940927][T22520] ___sys_sendmsg+0x21f/0x2a0 [ 1009.940967][T22520] ? __pfx____sys_sendmsg+0x10/0x10 [ 1009.941050][T22520] ? __fget_files+0x2a/0x420 [ 1009.941073][T22520] ? __fget_files+0x3a0/0x420 [ 1009.941111][T22520] __x64_sys_sendmsg+0x19b/0x260 [ 1009.941151][T22520] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1009.941203][T22520] ? __pfx_ksys_write+0x10/0x10 [ 1009.941236][T22520] ? rcu_is_watching+0x15/0xb0 [ 1009.941272][T22520] ? do_syscall_64+0xbe/0x3b0 [ 1009.941305][T22520] do_syscall_64+0xfa/0x3b0 [ 1009.941332][T22520] ? lockdep_hardirqs_on+0x9c/0x150 [ 1009.941356][T22520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.941381][T22520] ? clear_bhb_loop+0x60/0xb0 [ 1009.941414][T22520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.941438][T22520] RIP: 0033:0x7fd019b8e929 [ 1009.941469][T22520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1009.941493][T22520] RSP: 002b:00007fd0179f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1009.941520][T22520] RAX: ffffffffffffffda RBX: 00007fd019db5fa0 RCX: 00007fd019b8e929 [ 1009.941538][T22520] RDX: 0000000000004000 RSI: 0000200000000440 RDI: 0000000000000004 [ 1009.941555][T22520] RBP: 00007fd0179f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1009.941570][T22520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1009.941585][T22520] R13: 0000000000000000 R14: 00007fd019db5fa0 R15: 00007fd019edfa28 [ 1009.941623][T22520] [ 1010.447392][ T5920] usb 4-1: USB disconnect, device number 71 [ 1010.464362][ T30] audit: type=1326 audit(1752775785.777:3403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22517 comm="syz.0.6112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1010.787911][ T1216] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1010.839899][T22531] syzkaller1: entered promiscuous mode [ 1010.845449][T22531] syzkaller1: entered allmulticast mode [ 1010.987163][ T1216] usb 2-1: Using ep0 maxpacket: 32 [ 1011.020393][ T1216] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 1011.029286][ T1216] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1011.042838][ T1216] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1011.086163][ T1216] usb 2-1: config 1 has no interface number 0 [ 1011.095312][ T1216] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1011.188637][T22537] netlink: 'syz.3.6115': attribute type 11 has an invalid length. [ 1011.255016][ T1216] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1011.316695][ T1216] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1011.644763][ T1216] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.662070][ T5949] usb 3-1: USB disconnect, device number 79 [ 1011.669025][ T1216] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 1011.929403][ T1216] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 1012.138630][T22542] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 1012.319414][T22522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1012.496308][T22522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1012.639808][ T5920] usb 2-1: USB disconnect, device number 74 [ 1012.650029][ T5920] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 1015.354720][T22568] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1015.637712][ T1216] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1015.678954][T22423] IPVS: starting estimator thread 0... [ 1015.768091][ T1216] usb 3-1: device descriptor read/64, error -71 [ 1015.774609][T22573] IPVS: using max 27 ests per chain, 64800 per kthread [ 1016.011411][ T1216] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1016.227721][ T1216] usb 3-1: device descriptor read/64, error -71 [ 1016.348950][ T1216] usb usb3-port1: attempt power cycle [ 1016.848048][ T1216] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1016.868467][ T1216] usb 3-1: device descriptor read/8, error -71 [ 1017.108272][ T1216] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1017.128717][ T1216] usb 3-1: device descriptor read/8, error -71 [ 1017.238038][ T1216] usb usb3-port1: unable to enumerate USB device [ 1017.608503][T22593] FAULT_INJECTION: forcing a failure. [ 1017.608503][T22593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1017.624578][T22593] CPU: 1 UID: 0 PID: 22593 Comm: syz.1.6134 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1017.624611][T22593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1017.624626][T22593] Call Trace: [ 1017.624643][T22593] [ 1017.624653][T22593] dump_stack_lvl+0x189/0x250 [ 1017.624687][T22593] ? __pfx____ratelimit+0x10/0x10 [ 1017.624712][T22593] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1017.624739][T22593] ? __pfx__printk+0x10/0x10 [ 1017.624769][T22593] ? __might_fault+0xb0/0x130 [ 1017.624823][T22593] should_fail_ex+0x414/0x560 [ 1017.624850][T22593] _copy_from_user+0x2d/0xb0 [ 1017.624881][T22593] __sys_sendto+0x25c/0x520 [ 1017.624912][T22593] ? __pfx___sys_sendto+0x10/0x10 [ 1017.624938][T22593] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1017.624976][T22593] ? __fget_files+0x3a0/0x420 [ 1017.625008][T22593] ? ksys_write+0x22a/0x250 [ 1017.625040][T22593] ? __pfx_ksys_write+0x10/0x10 [ 1017.625067][T22593] ? rcu_is_watching+0x15/0xb0 [ 1017.625097][T22593] __x64_sys_sendto+0xde/0x100 [ 1017.625128][T22593] do_syscall_64+0xfa/0x3b0 [ 1017.625148][T22593] ? lockdep_hardirqs_on+0x9c/0x150 [ 1017.625186][T22593] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.625206][T22593] ? clear_bhb_loop+0x60/0xb0 [ 1017.625228][T22593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.625249][T22593] RIP: 0033:0x7f067438e929 [ 1017.625268][T22593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1017.625287][T22593] RSP: 002b:00007f06752de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1017.625310][T22593] RAX: ffffffffffffffda RBX: 00007f06745b5fa0 RCX: 00007f067438e929 [ 1017.625325][T22593] RDX: 0000000000000014 RSI: 0000200000000080 RDI: 0000000000000003 [ 1017.625339][T22593] RBP: 00007f06752de090 R08: 0000200000000340 R09: 0000000000000014 [ 1017.625354][T22593] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000001 [ 1017.625366][T22593] R13: 0000000000000000 R14: 00007f06745b5fa0 R15: 00007f06746dfa28 [ 1017.625392][T22593] [ 1017.971710][T22599] FAULT_INJECTION: forcing a failure. [ 1017.971710][T22599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1017.994537][T22599] CPU: 1 UID: 0 PID: 22599 Comm: syz.1.6136 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1017.994571][T22599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1017.994587][T22599] Call Trace: [ 1017.994597][T22599] [ 1017.994616][T22599] dump_stack_lvl+0x189/0x250 [ 1017.994649][T22599] ? __pfx____ratelimit+0x10/0x10 [ 1017.994673][T22599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1017.994702][T22599] ? __pfx__printk+0x10/0x10 [ 1017.994734][T22599] ? __might_fault+0xb0/0x130 [ 1017.994777][T22599] should_fail_ex+0x414/0x560 [ 1017.994807][T22599] _copy_from_user+0x2d/0xb0 [ 1017.994840][T22599] userio_char_write+0xc0/0x430 [ 1017.994867][T22599] ? common_file_perm+0x199/0x200 [ 1017.994894][T22599] ? __pfx_userio_char_write+0x10/0x10 [ 1017.994921][T22599] ? cgroup_put+0x40/0x290 [ 1017.994940][T22599] ? security_file_permission+0x75/0x290 [ 1017.994975][T22599] ? rw_verify_area+0x258/0x650 [ 1017.995003][T22599] ? __pfx_userio_char_write+0x10/0x10 [ 1017.995032][T22599] vfs_write+0x27b/0xa90 [ 1017.995068][T22599] ? __pfx_vfs_write+0x10/0x10 [ 1017.995093][T22599] ? __fget_files+0x2a/0x420 [ 1017.995111][T22599] ? __fget_files+0x2a/0x420 [ 1017.995126][T22599] ? __fget_files+0x3a0/0x420 [ 1017.995140][T22599] ? __fget_files+0x2a/0x420 [ 1017.995163][T22599] ksys_write+0x145/0x250 [ 1017.995189][T22599] ? __pfx_ksys_write+0x10/0x10 [ 1017.995212][T22599] ? rcu_is_watching+0x15/0xb0 [ 1017.995237][T22599] ? do_syscall_64+0xbe/0x3b0 [ 1017.995260][T22599] do_syscall_64+0xfa/0x3b0 [ 1017.995279][T22599] ? lockdep_hardirqs_on+0x9c/0x150 [ 1017.995297][T22599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.995314][T22599] ? clear_bhb_loop+0x60/0xb0 [ 1017.995336][T22599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.995353][T22599] RIP: 0033:0x7f067438e929 [ 1017.995370][T22599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1017.995386][T22599] RSP: 002b:00007f06752de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1017.995405][T22599] RAX: ffffffffffffffda RBX: 00007f06745b5fa0 RCX: 00007f067438e929 [ 1017.995418][T22599] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000003 [ 1017.995433][T22599] RBP: 00007f06752de090 R08: 0000000000000000 R09: 0000000000000000 [ 1017.995444][T22599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1017.995454][T22599] R13: 0000000000000000 R14: 00007f06745b5fa0 R15: 00007f06746dfa28 [ 1017.995480][T22599] [ 1018.374776][ T30] audit: type=1326 audit(1752775794.297:3404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22589 comm="syz.4.6133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d7b58e929 code=0x7fc00000 [ 1018.594228][T22610] program syz.3.6135 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1018.608935][T22610] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1019.298717][T22612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1019.313871][T22612] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1019.487426][T22627] loop8: detected capacity change from 0 to 16384 [ 1019.701593][ C1] I/O error, dev loop8, sector 128 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 1019.714867][T22629] loop8: detected capacity change from 16384 to 0 [ 1019.720763][ C0] I/O error, dev loop8, sector 3328 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 1019.737787][ C0] I/O error, dev loop8, sector 3584 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 1020.019201][T22638] syzkaller1: entered promiscuous mode [ 1020.024781][T22638] syzkaller1: entered allmulticast mode [ 1020.202302][T22639] netlink: 'syz.1.6145': attribute type 11 has an invalid length. [ 1020.346746][T22642] syzkaller1: entered allmulticast mode [ 1020.841863][T22650] FAULT_INJECTION: forcing a failure. [ 1020.841863][T22650] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.870439][T22650] CPU: 0 UID: 0 PID: 22650 Comm: syz.3.6149 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1020.870473][T22650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1020.870488][T22650] Call Trace: [ 1020.870498][T22650] [ 1020.870508][T22650] dump_stack_lvl+0x189/0x250 [ 1020.870646][T22650] ? __pfx____ratelimit+0x10/0x10 [ 1020.870680][T22650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1020.870709][T22650] ? __pfx__printk+0x10/0x10 [ 1020.870744][T22650] ? __pfx___might_resched+0x10/0x10 [ 1020.870769][T22650] ? fs_reclaim_acquire+0x7d/0x100 [ 1020.870796][T22650] should_fail_ex+0x414/0x560 [ 1020.870826][T22650] should_failslab+0xa8/0x100 [ 1020.870863][T22650] __kmalloc_noprof+0xcb/0x4f0 [ 1020.870893][T22650] ? kfree+0x4d/0x440 [ 1020.870919][T22650] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1020.870953][T22650] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1020.870988][T22650] ? tomoyo_domain+0xd9/0x130 [ 1020.871022][T22650] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1020.871057][T22650] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1020.871095][T22650] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1020.871161][T22650] ? __lock_acquire+0xab9/0xd20 [ 1020.871207][T22650] ? __fget_files+0x2a/0x420 [ 1020.871232][T22650] ? __fget_files+0x2a/0x420 [ 1020.871250][T22650] ? __fget_files+0x3a0/0x420 [ 1020.871270][T22650] ? __fget_files+0x2a/0x420 [ 1020.871306][T22650] security_file_ioctl+0xcb/0x2d0 [ 1020.871344][T22650] __se_sys_ioctl+0x47/0x170 [ 1020.871375][T22650] do_syscall_64+0xfa/0x3b0 [ 1020.871399][T22650] ? lockdep_hardirqs_on+0x9c/0x150 [ 1020.871423][T22650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.871446][T22650] ? clear_bhb_loop+0x60/0xb0 [ 1020.871474][T22650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.871497][T22650] RIP: 0033:0x7f52aa78e929 [ 1020.871517][T22650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1020.871537][T22650] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1020.871561][T22650] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1020.871578][T22650] RDX: 0000200000000140 RSI: 000000008140aecc RDI: 0000000000000005 [ 1020.871594][T22650] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1020.871609][T22650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1020.871623][T22650] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1020.871658][T22650] [ 1020.871871][T22650] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1020.978042][ T5920] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1021.323060][ T5920] usb 3-1: Using ep0 maxpacket: 32 [ 1021.332477][ T5920] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 1021.341112][ T5920] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1021.356133][ T5920] usb 3-1: config 0 has no interface number 0 [ 1021.373352][ T5920] usb 3-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1021.419395][ T5920] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 1021.495317][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.521788][ T5920] usb 3-1: Product: syz [ 1021.533172][ T5920] usb 3-1: Manufacturer: syz [ 1021.543741][ T5920] usb 3-1: SerialNumber: syz [ 1021.572816][ T5920] usb 3-1: config 0 descriptor?? [ 1021.612894][ T5920] radio-si470x 3-1:0.35: could not find interrupt in endpoint [ 1021.634330][ T5920] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5 [ 1021.893498][T22664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6152'. [ 1021.976181][ T5920] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 1022.131070][ T5920] radio-raremono 3-1:0.35: V4L2 device registered as radio48 [ 1022.332780][ T860] usb 3-1: USB disconnect, device number 84 [ 1022.342591][ T860] radio-raremono 3-1:0.35: Thanko's Raremono disconnected [ 1022.453838][T22673] netlink: 'syz.3.6156': attribute type 1 has an invalid length. [ 1022.612146][T22673] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1022.678500][T22675] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1022.698275][T22673] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6156'. [ 1022.714785][T22675] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1022.734468][T22675] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 1022.795882][T22673] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1023.377236][T22691] program syz.1.6160 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1024.200435][T22701] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6164'. [ 1024.972028][T22708] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1025.015815][T22711] netlink: 'syz.4.6168': attribute type 1 has an invalid length. [ 1025.150764][T22711] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1025.246536][T22713] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1025.275406][T22713] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address [ 1025.317503][T22716] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6168'. [ 1025.352747][T22713] bond10: (slave vxcan5): Error -95 calling set_mac_address [ 1025.883867][ T5949] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1026.124521][ T5949] usb 4-1: Using ep0 maxpacket: 32 [ 1026.248020][ T5949] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 1026.259725][ T5949] usb 4-1: config 0 has no interface number 0 [ 1026.265889][ T5949] usb 4-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1026.303874][ T5949] usb 4-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1026.316343][ T5949] usb 4-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1026.330511][ T5949] usb 4-1: config 0 interface 2 has no altsetting 0 [ 1026.339746][ T5949] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1026.349752][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.510216][T22711] veth5: entered promiscuous mode [ 1026.550897][T22716] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1026.635440][ T5949] usb 4-1: config 0 descriptor?? [ 1026.780400][T22734] FAULT_INJECTION: forcing a failure. [ 1026.780400][T22734] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.793404][T22734] CPU: 0 UID: 0 PID: 22734 Comm: syz.0.6173 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1026.793426][T22734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1026.793437][T22734] Call Trace: [ 1026.793444][T22734] [ 1026.793451][T22734] dump_stack_lvl+0x189/0x250 [ 1026.793475][T22734] ? __pfx____ratelimit+0x10/0x10 [ 1026.793496][T22734] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1026.793515][T22734] ? __pfx__printk+0x10/0x10 [ 1026.793542][T22734] ? __pfx___might_resched+0x10/0x10 [ 1026.793561][T22734] ? fs_reclaim_acquire+0x7d/0x100 [ 1026.793581][T22734] should_fail_ex+0x414/0x560 [ 1026.793601][T22734] should_failslab+0xa8/0x100 [ 1026.793627][T22734] __kmalloc_noprof+0xcb/0x4f0 [ 1026.793648][T22734] ? kfree+0x4d/0x440 [ 1026.793667][T22734] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1026.793690][T22734] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1026.793711][T22734] ? tomoyo_domain+0xd9/0x130 [ 1026.793735][T22734] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1026.793761][T22734] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1026.793788][T22734] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1026.793828][T22734] ? __lock_acquire+0xab9/0xd20 [ 1026.793861][T22734] ? __fget_files+0x2a/0x420 [ 1026.793877][T22734] ? __fget_files+0x2a/0x420 [ 1026.793891][T22734] ? __fget_files+0x3a0/0x420 [ 1026.793904][T22734] ? __fget_files+0x2a/0x420 [ 1026.793921][T22734] security_file_ioctl+0xcb/0x2d0 [ 1026.793947][T22734] __se_sys_ioctl+0x47/0x170 [ 1026.793969][T22734] do_syscall_64+0xfa/0x3b0 [ 1026.793988][T22734] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.794003][T22734] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1026.794019][T22734] ? clear_bhb_loop+0x60/0xb0 [ 1026.794038][T22734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.794054][T22734] RIP: 0033:0x7fd019b8e929 [ 1026.794075][T22734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.794089][T22734] RSP: 002b:00007fd0179f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1026.794106][T22734] RAX: ffffffffffffffda RBX: 00007fd019db5fa0 RCX: 00007fd019b8e929 [ 1026.794117][T22734] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 1026.794128][T22734] RBP: 00007fd0179f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1026.794138][T22734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1026.794148][T22734] R13: 0000000000000000 R14: 00007fd019db5fa0 R15: 00007fd019edfa28 [ 1026.794171][T22734] [ 1026.794196][T22734] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1027.057797][T22723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1027.088530][T22723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1027.333967][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.357448][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.410596][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.447094][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.478661][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.521970][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.540438][T22741] FAULT_INJECTION: forcing a failure. [ 1027.540438][T22741] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.567617][ T5949] uclogic 0003:5543:0781.001B: unknown main item tag 0x0 [ 1027.594135][T22741] CPU: 0 UID: 0 PID: 22741 Comm: syz.4.6175 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1027.594170][T22741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1027.594184][T22741] Call Trace: [ 1027.594193][T22741] [ 1027.594204][T22741] dump_stack_lvl+0x189/0x250 [ 1027.594235][T22741] ? __pfx____ratelimit+0x10/0x10 [ 1027.594255][T22741] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1027.594280][T22741] ? __pfx__printk+0x10/0x10 [ 1027.594315][T22741] ? __pfx___might_resched+0x10/0x10 [ 1027.594341][T22741] ? fs_reclaim_acquire+0x7d/0x100 [ 1027.594368][T22741] should_fail_ex+0x414/0x560 [ 1027.594395][T22741] should_failslab+0xa8/0x100 [ 1027.594430][T22741] __kmalloc_noprof+0xcb/0x4f0 [ 1027.594460][T22741] ? kfree+0x4d/0x440 [ 1027.594486][T22741] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1027.594520][T22741] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1027.594551][T22741] ? tomoyo_domain+0xd9/0x130 [ 1027.594585][T22741] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1027.594621][T22741] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1027.594661][T22741] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1027.594716][T22741] ? __lock_acquire+0xab9/0xd20 [ 1027.594763][T22741] ? __fget_files+0x2a/0x420 [ 1027.594787][T22741] ? __fget_files+0x2a/0x420 [ 1027.594806][T22741] ? __fget_files+0x3a0/0x420 [ 1027.594824][T22741] ? __fget_files+0x2a/0x420 [ 1027.594850][T22741] security_file_ioctl+0xcb/0x2d0 [ 1027.594887][T22741] __se_sys_ioctl+0x47/0x170 [ 1027.594919][T22741] do_syscall_64+0xfa/0x3b0 [ 1027.594943][T22741] ? lockdep_hardirqs_on+0x9c/0x150 [ 1027.594966][T22741] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1027.594994][T22741] ? clear_bhb_loop+0x60/0xb0 [ 1027.595021][T22741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1027.595051][T22741] RIP: 0033:0x7f4d7b58e929 [ 1027.595072][T22741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1027.595093][T22741] RSP: 002b:00007f4d7c399038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1027.595116][T22741] RAX: ffffffffffffffda RBX: 00007f4d7b7b5fa0 RCX: 00007f4d7b58e929 [ 1027.595134][T22741] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1027.595148][T22741] RBP: 00007f4d7c399090 R08: 0000000000000000 R09: 0000000000000000 [ 1027.595163][T22741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1027.595176][T22741] R13: 0000000000000000 R14: 00007f4d7b7b5fa0 R15: 00007f4d7b8dfa28 [ 1027.595210][T22741] [ 1027.595393][T22741] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1027.866497][ T5949] uclogic 0003:5543:0781.001B: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.3-1/input2 [ 1027.950798][T22741] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1027.976294][ T5949] usb 4-1: USB disconnect, device number 72 [ 1028.131963][T22743] fido_id[22743]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1028.670989][T22770] netlink: 'syz.3.6185': attribute type 11 has an invalid length. [ 1028.838740][T22778] FAULT_INJECTION: forcing a failure. [ 1028.838740][T22778] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1028.890302][T22778] CPU: 1 UID: 0 PID: 22778 Comm: syz.4.6187 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1028.890336][T22778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1028.890350][T22778] Call Trace: [ 1028.890360][T22778] [ 1028.890370][T22778] dump_stack_lvl+0x189/0x250 [ 1028.890404][T22778] ? __pfx____ratelimit+0x10/0x10 [ 1028.890427][T22778] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1028.890454][T22778] ? __pfx__printk+0x10/0x10 [ 1028.890483][T22778] ? __might_fault+0xb0/0x130 [ 1028.890524][T22778] should_fail_ex+0x414/0x560 [ 1028.890551][T22778] _copy_from_user+0x2d/0xb0 [ 1028.890583][T22778] ___sys_recvmsg+0x12e/0x510 [ 1028.890624][T22778] ? __pfx____sys_recvmsg+0x10/0x10 [ 1028.890687][T22778] ? __fget_files+0x3a0/0x420 [ 1028.890720][T22778] do_recvmmsg+0x307/0x770 [ 1028.890750][T22778] ? __pfx_do_recvmmsg+0x10/0x10 [ 1028.890785][T22778] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1028.890829][T22778] __x64_sys_recvmmsg+0x190/0x240 [ 1028.890854][T22778] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1028.890874][T22778] ? rcu_is_watching+0x15/0xb0 [ 1028.890912][T22778] ? do_syscall_64+0xbe/0x3b0 [ 1028.890941][T22778] do_syscall_64+0xfa/0x3b0 [ 1028.890964][T22778] ? lockdep_hardirqs_on+0x9c/0x150 [ 1028.890986][T22778] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1028.891007][T22778] ? clear_bhb_loop+0x60/0xb0 [ 1028.891033][T22778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1028.891055][T22778] RIP: 0033:0x7f4d7b58e929 [ 1028.891076][T22778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1028.891095][T22778] RSP: 002b:00007f4d7c399038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1028.891118][T22778] RAX: ffffffffffffffda RBX: 00007f4d7b7b5fa0 RCX: 00007f4d7b58e929 [ 1028.891135][T22778] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003 [ 1028.891149][T22778] RBP: 00007f4d7c399090 R08: 0000000000000000 R09: 0000000000000000 [ 1028.891162][T22778] R10: 0000000040010080 R11: 0000000000000246 R12: 0000000000000001 [ 1028.891176][T22778] R13: 0000000000000000 R14: 00007f4d7b7b5fa0 R15: 00007f4d7b8dfa28 [ 1028.891207][T22778] [ 1029.370324][T22787] FAULT_INJECTION: forcing a failure. [ 1029.370324][T22787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1029.427767][T22787] CPU: 1 UID: 0 PID: 22787 Comm: syz.3.6189 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1029.427804][T22787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1029.427818][T22787] Call Trace: [ 1029.427828][T22787] [ 1029.427839][T22787] dump_stack_lvl+0x189/0x250 [ 1029.427872][T22787] ? __pfx____ratelimit+0x10/0x10 [ 1029.427896][T22787] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1029.427923][T22787] ? __pfx__printk+0x10/0x10 [ 1029.427964][T22787] ? __might_fault+0xb0/0x130 [ 1029.428008][T22787] should_fail_ex+0x414/0x560 [ 1029.428037][T22787] _copy_from_user+0x2d/0xb0 [ 1029.428070][T22787] __sys_bind+0x199/0x3e0 [ 1029.428102][T22787] ? __pfx___sys_bind+0x10/0x10 [ 1029.428143][T22787] ? __pfx_ksys_write+0x10/0x10 [ 1029.428172][T22787] ? rcu_is_watching+0x15/0xb0 [ 1029.428206][T22787] __x64_sys_bind+0x7a/0x90 [ 1029.428236][T22787] do_syscall_64+0xfa/0x3b0 [ 1029.428260][T22787] ? lockdep_hardirqs_on+0x9c/0x150 [ 1029.428283][T22787] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.428305][T22787] ? clear_bhb_loop+0x60/0xb0 [ 1029.428332][T22787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.428354][T22787] RIP: 0033:0x7f52aa78e929 [ 1029.428374][T22787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1029.428394][T22787] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1029.428419][T22787] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1029.428436][T22787] RDX: 0000000000000080 RSI: 0000200000000180 RDI: 0000000000000003 [ 1029.428451][T22787] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1029.428465][T22787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1029.428479][T22787] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1029.428512][T22787] [ 1029.685504][T22793] netlink: 'syz.3.6193': attribute type 1 has an invalid length. [ 1029.811607][T22796] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1029.855161][T22796] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 1029.967113][T22801] macvlan2: entered promiscuous mode [ 1029.988506][T22801] macvlan2: entered allmulticast mode [ 1031.367917][ T5920] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1031.531831][ T5920] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1031.552263][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.571646][ T5920] usb 3-1: Product: syz [ 1031.575891][ T5920] usb 3-1: Manufacturer: syz [ 1031.587407][ T5920] usb 3-1: SerialNumber: syz [ 1031.606905][ T5920] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1031.672303][ T1216] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1031.758017][ T5941] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1031.947690][ T5941] usb 2-1: Using ep0 maxpacket: 32 [ 1031.956054][ T5941] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 1031.967758][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1031.984529][ T5941] usb 2-1: config 0 has no interface number 0 [ 1032.023557][ T5941] usb 2-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1032.072709][ T5941] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 1032.092551][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.109977][ T5941] usb 2-1: Product: syz [ 1032.114442][ T5941] usb 2-1: Manufacturer: syz [ 1032.119635][ T5941] usb 2-1: SerialNumber: syz [ 1032.129447][ T5941] usb 2-1: config 0 descriptor?? [ 1032.140883][ T5941] radio-si470x 2-1:0.35: could not find interrupt in endpoint [ 1032.148956][ T5941] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5 [ 1032.390474][ T5941] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 1032.429026][ T5920] usb 3-1: USB disconnect, device number 85 [ 1032.591199][ T5941] radio-raremono 2-1:0.35: raremono_cmd_main failed (-71) [ 1032.636492][ T5941] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 1032.659190][ T5941] usb 2-1: USB disconnect, device number 75 [ 1032.672404][ T5941] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 1032.768244][ T1216] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1032.786668][T22849] netlink: 'syz.0.6214': attribute type 1 has an invalid length. [ 1032.798633][ T1216] ath9k_htc: Failed to initialize the device [ 1032.825356][ T5920] usb 3-1: ath9k_htc: USB layer deinitialized [ 1033.024415][T22849] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1033.066527][T22849] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6214'. [ 1033.106237][T22854] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1033.122565][T22854] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1033.166634][T22854] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 1033.260960][T22849] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1033.387223][T22865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6217'. [ 1033.448869][T22868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6217'. [ 1033.706197][T22876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6221'. [ 1033.723017][T22876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6221'. [ 1034.530932][ T5949] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1034.713165][ T5949] usb 2-1: Using ep0 maxpacket: 32 [ 1034.735027][ T5949] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 1034.772032][ T5949] usb 2-1: config 0 has no interface number 0 [ 1034.802705][ T5949] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1034.843183][ T5949] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1034.874751][ T5949] usb 2-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1034.918399][ T5949] usb 2-1: config 0 interface 2 has no altsetting 0 [ 1034.925396][ T5949] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1034.944316][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.994996][ T5949] usb 2-1: config 0 descriptor?? [ 1035.108087][T22891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6225'. [ 1035.117166][T22891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6225'. [ 1035.270786][T22883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1035.296054][T22883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1035.514864][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.522453][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.530010][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.537244][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.544767][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.554724][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.569937][ T5949] uclogic 0003:5543:0781.001C: unknown main item tag 0x0 [ 1035.584117][ T5949] uclogic 0003:5543:0781.001C: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.1-1/input2 [ 1035.638657][ T5920] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 1035.714930][ T5949] usb 2-1: USB disconnect, device number 76 [ 1035.829903][ T5920] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1035.844303][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1035.854059][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1035.866440][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1035.875736][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1035.884947][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1035.896600][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1035.904806][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1035.913955][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1035.925628][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1035.941123][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1035.950703][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1035.962481][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1035.971127][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1035.981457][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1035.992577][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1036.001203][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1036.010818][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1036.021987][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1036.031949][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1036.041541][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1036.052635][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1036.064462][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1036.075389][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1036.087023][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1036.094000][T21128] Bluetooth: hci1: command 0x0406 tx timeout [ 1036.111664][ T5920] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1036.127326][ T5920] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1036.136801][ T5920] usb 3-1: Product: syz [ 1036.142770][ T5920] usb 3-1: Manufacturer: syz [ 1036.148049][ T5920] usb 3-1: SerialNumber: syz [ 1036.156137][ T5920] usb 3-1: config 0 descriptor?? [ 1036.179953][ T5920] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 1036.319035][ T30] audit: type=1326 audit(1752775812.237:3405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22900 comm="syz.4.6229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d7b58e929 code=0x7fc00000 [ 1036.384082][T22905] netlink: 'syz.1.6230': attribute type 1 has an invalid length. [ 1036.436763][T22905] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1036.446032][ C1] usb 3-1: yurex_control_callback - control failed: -71 [ 1036.454835][ T5920] usb 3-1: USB disconnect, device number 86 [ 1036.492273][ T5920] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 1036.590330][T22909] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1036.605144][T22912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1036.616518][T22909] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1036.630299][T22912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1036.670274][T22909] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 1036.724944][T22918] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6230'. [ 1036.763390][T22918] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1037.452756][T22932] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 1037.459342][T22932] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1037.548544][T22932] vhci_hcd vhci_hcd.0: Device attached [ 1037.563576][T22934] vhci_hcd: connection closed [ 1037.563900][T21673] vhci_hcd: stop threads [ 1037.583470][T21673] vhci_hcd: release socket [ 1037.627398][T21673] vhci_hcd: disconnect device [ 1038.366154][ T860] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1038.733449][T22950] netdevsim netdevsim3: Direct firmware load for nel/config failed with error -2 [ 1038.743512][T22950] netdevsim netdevsim3: Falling back to sysfs fallback for: nel/config [ 1039.111032][ T860] usb 2-1: Using ep0 maxpacket: 32 [ 1039.160323][T22943] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 1039.166904][T22943] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1039.186513][ T860] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 1039.196031][ T860] usb 2-1: config 0 has no interface number 0 [ 1039.211160][ T860] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1039.222605][T22949] vhci_hcd: connection closed [ 1039.222616][ T860] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1039.238740][ T860] usb 2-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1039.252067][ T860] usb 2-1: config 0 interface 2 has no altsetting 0 [ 1039.256527][T22943] vhci_hcd vhci_hcd.0: Device attached [ 1039.266675][T21673] vhci_hcd: stop threads [ 1039.271887][T21673] vhci_hcd: release socket [ 1039.276675][T21673] vhci_hcd: disconnect device [ 1039.281742][ T860] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1039.293093][ T860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.446803][ T860] usb 2-1: config 0 descriptor?? [ 1039.551158][T22956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6243'. [ 1039.694718][T22942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1039.714883][T22942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1039.976300][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.009248][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.042185][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.066647][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.104710][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.209179][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.277883][ T860] uclogic 0003:5543:0781.001D: unknown main item tag 0x0 [ 1040.305166][ T860] uclogic 0003:5543:0781.001D: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.1-1/input2 [ 1040.380982][ T860] usb 2-1: USB disconnect, device number 77 [ 1040.521623][T22967] FAULT_INJECTION: forcing a failure. [ 1040.521623][T22967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1040.547214][T22967] CPU: 1 UID: 0 PID: 22967 Comm: syz.0.6246 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1040.547248][T22967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1040.547263][T22967] Call Trace: [ 1040.547274][T22967] [ 1040.547285][T22967] dump_stack_lvl+0x189/0x250 [ 1040.547318][T22967] ? __pfx____ratelimit+0x10/0x10 [ 1040.547342][T22967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1040.547371][T22967] ? __pfx__printk+0x10/0x10 [ 1040.547401][T22967] ? __might_fault+0xb0/0x130 [ 1040.547443][T22967] should_fail_ex+0x414/0x560 [ 1040.547471][T22967] _copy_from_user+0x2d/0xb0 [ 1040.547504][T22967] __sys_connect+0x123/0x440 [ 1040.547540][T22967] ? __pfx___sys_connect+0x10/0x10 [ 1040.547581][T22967] ? __pfx_ksys_write+0x10/0x10 [ 1040.547610][T22967] ? rcu_is_watching+0x15/0xb0 [ 1040.547645][T22967] __x64_sys_connect+0x7a/0x90 [ 1040.547677][T22967] do_syscall_64+0xfa/0x3b0 [ 1040.547700][T22967] ? lockdep_hardirqs_on+0x9c/0x150 [ 1040.547723][T22967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.547755][T22967] ? clear_bhb_loop+0x60/0xb0 [ 1040.547783][T22967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.547804][T22967] RIP: 0033:0x7fd019b8e929 [ 1040.547822][T22967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1040.547843][T22967] RSP: 002b:00007fd0179f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1040.547866][T22967] RAX: ffffffffffffffda RBX: 00007fd019db5fa0 RCX: 00007fd019b8e929 [ 1040.547883][T22967] RDX: 0000000000000026 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1040.547897][T22967] RBP: 00007fd0179f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1040.547911][T22967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1040.547924][T22967] R13: 0000000000000000 R14: 00007fd019db5fa0 R15: 00007fd019edfa28 [ 1040.547957][T22967] [ 1040.990383][T22964] fido_id[22964]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1041.087663][ T5941] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1041.262442][ T5941] usb 4-1: config 0 has no interfaces? [ 1041.277110][ T5941] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1041.286992][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1041.300061][T22975] warning: `syz.0.6249' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1041.323709][ T5941] usb 4-1: Product: syz [ 1041.332850][ T5941] usb 4-1: Manufacturer: syz [ 1041.345181][ T5941] usb 4-1: SerialNumber: syz [ 1041.371821][ T5941] usb 4-1: config 0 descriptor?? [ 1041.425383][T22976] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1042.454271][T22986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6251'. [ 1043.190047][T22997] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6254'. [ 1043.217675][T22997] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6254'. [ 1043.457993][ T5941] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1043.664344][ T5941] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1043.694710][ T5941] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1044.209244][ T5941] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1044.271214][ T5941] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1044.285513][T23007] FAULT_INJECTION: forcing a failure. [ 1044.285513][T23007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1044.290962][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1044.354707][T23007] CPU: 0 UID: 0 PID: 23007 Comm: syz.4.6256 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1044.354738][T23007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1044.354753][T23007] Call Trace: [ 1044.354762][T23007] [ 1044.354771][T23007] dump_stack_lvl+0x189/0x250 [ 1044.354805][T23007] ? __pfx____ratelimit+0x10/0x10 [ 1044.354828][T23007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1044.354857][T23007] ? __pfx__printk+0x10/0x10 [ 1044.354888][T23007] ? __might_fault+0xb0/0x130 [ 1044.354931][T23007] should_fail_ex+0x414/0x560 [ 1044.354961][T23007] _copy_from_user+0x2d/0xb0 [ 1044.354994][T23007] ___sys_sendmsg+0x158/0x2a0 [ 1044.355031][T23007] ? __pfx____sys_sendmsg+0x10/0x10 [ 1044.355104][T23007] ? __fget_files+0x2a/0x420 [ 1044.355124][T23007] ? __fget_files+0x3a0/0x420 [ 1044.355156][T23007] __x64_sys_sendmsg+0x19b/0x260 [ 1044.355191][T23007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1044.355234][T23007] ? __pfx_ksys_write+0x10/0x10 [ 1044.355260][T23007] ? rcu_is_watching+0x15/0xb0 [ 1044.355291][T23007] ? do_syscall_64+0xbe/0x3b0 [ 1044.355319][T23007] do_syscall_64+0xfa/0x3b0 [ 1044.355342][T23007] ? lockdep_hardirqs_on+0x9c/0x150 [ 1044.355364][T23007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.355385][T23007] ? clear_bhb_loop+0x60/0xb0 [ 1044.355412][T23007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.355443][T23007] RIP: 0033:0x7f4d7b58e929 [ 1044.355464][T23007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1044.355484][T23007] RSP: 002b:00007f4d7c399038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1044.355508][T23007] RAX: ffffffffffffffda RBX: 00007f4d7b7b5fa0 RCX: 00007f4d7b58e929 [ 1044.355524][T23007] RDX: 0000000000000850 RSI: 0000200000000240 RDI: 0000000000000003 [ 1044.355539][T23007] RBP: 00007f4d7c399090 R08: 0000000000000000 R09: 0000000000000000 [ 1044.355554][T23007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1044.355567][T23007] R13: 0000000000000000 R14: 00007f4d7b7b5fa0 R15: 00007f4d7b8dfa28 [ 1044.355600][T23007] [ 1044.379473][T22998] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1044.777721][ T860] usb 4-1: USB disconnect, device number 73 [ 1044.864163][T23010] netlink: 'syz.0.6258': attribute type 1 has an invalid length. [ 1045.013272][T23010] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1045.175978][T23017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6258'. [ 1045.217062][T23010] veth3: entered promiscuous mode [ 1045.265009][T23010] bond5: (slave veth3): Enslaving as an active interface with a down link [ 1045.873799][T23034] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6266'. [ 1045.904454][T23034] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6266'. [ 1046.145994][ T30] audit: type=1326 audit(1752775822.067:3406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.237677][ T30] audit: type=1326 audit(1752775822.067:3407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.307384][ T30] audit: type=1326 audit(1752775822.067:3408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.376905][ T30] audit: type=1326 audit(1752775822.067:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.437484][ T30] audit: type=1326 audit(1752775822.067:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.477156][T23039] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1046.519556][ T30] audit: type=1326 audit(1752775822.067:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.596925][ T5941] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 1046.604372][ T30] audit: type=1326 audit(1752775822.067:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.641877][ T5941] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input35 [ 1046.683446][ T30] audit: type=1326 audit(1752775822.067:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.764433][ T5941] usb 3-1: USB disconnect, device number 87 [ 1046.771234][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1046.799303][ T30] audit: type=1326 audit(1752775822.067:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1046.885570][ T30] audit: type=1326 audit(1752775822.067:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23036 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd019b8e929 code=0x7ffc0000 [ 1047.001118][T23044] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6268'. [ 1047.527986][ T5941] usb 4-1: new full-speed USB device number 74 using dummy_hcd [ 1047.569143][T23052] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6271'. [ 1047.679481][ T5941] usb 4-1: config 143 has too many interfaces: 181, using maximum allowed: 32 [ 1047.689374][ T5941] usb 4-1: config 143 has 1 interface, different from the descriptor's value: 181 [ 1047.699887][ T5941] usb 4-1: config 143 has no interface number 0 [ 1047.706221][ T5941] usb 4-1: config 143 interface 8 altsetting 0 has an endpoint descriptor with address 0xCA, changing to 0x8A [ 1047.719596][ T5941] usb 4-1: config 143 interface 8 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1047.732305][ T5941] usb 4-1: config 143 interface 8 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1047.745085][ T5941] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1047.755178][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1047.767041][ T5941] usb 4-1: Product: syz [ 1047.772190][ T5941] usb 4-1: SerialNumber: syz [ 1047.855648][T23056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6273'. [ 1047.951322][T23058] mac80211_hwsim hwsim26 wlan0: entered promiscuous mode [ 1047.966764][T23058] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1048.020553][ T5941] cm109 4-1:143.8: invalid payload size 0, expected 4 [ 1048.042228][ T5941] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:143.8/input/input37 [ 1048.062495][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.071568][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.079366][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.086746][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.094308][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.101779][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.118068][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.125483][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.132874][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.141808][ C1] cm109 4-1:143.8: cm109_urb_ctl_callback: urb status -71 [ 1048.187038][ T5941] usb 4-1: USB disconnect, device number 74 [ 1048.193111][ C1] cm109 4-1:143.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1048.230528][ T5941] cm109 4-1:143.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1048.364112][T23065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6277'. [ 1048.373294][T23065] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6277'. [ 1048.786496][T23075] FAULT_INJECTION: forcing a failure. [ 1048.786496][T23075] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1048.855731][T23075] CPU: 1 UID: 0 PID: 23075 Comm: syz.3.6280 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1048.855766][T23075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1048.855782][T23075] Call Trace: [ 1048.855791][T23075] [ 1048.855802][T23075] dump_stack_lvl+0x189/0x250 [ 1048.855836][T23075] ? __pfx____ratelimit+0x10/0x10 [ 1048.855861][T23075] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1048.855889][T23075] ? __pfx__printk+0x10/0x10 [ 1048.855922][T23075] ? __might_fault+0xb0/0x130 [ 1048.855966][T23075] should_fail_ex+0x414/0x560 [ 1048.855997][T23075] _copy_from_user+0x2d/0xb0 [ 1048.856031][T23075] ___sys_sendmsg+0x158/0x2a0 [ 1048.856071][T23075] ? __pfx____sys_sendmsg+0x10/0x10 [ 1048.856146][T23075] ? __fget_files+0x2a/0x420 [ 1048.856166][T23075] ? __fget_files+0x3a0/0x420 [ 1048.856200][T23075] __x64_sys_sendmsg+0x19b/0x260 [ 1048.856238][T23075] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1048.856285][T23075] ? __pfx_ksys_write+0x10/0x10 [ 1048.856315][T23075] ? rcu_is_watching+0x15/0xb0 [ 1048.856357][T23075] ? do_syscall_64+0xbe/0x3b0 [ 1048.856386][T23075] do_syscall_64+0xfa/0x3b0 [ 1048.856411][T23075] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.856434][T23075] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.856457][T23075] ? clear_bhb_loop+0x60/0xb0 [ 1048.856485][T23075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.856507][T23075] RIP: 0033:0x7f52aa78e929 [ 1048.856528][T23075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1048.856548][T23075] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1048.856577][T23075] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1048.856594][T23075] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 1048.856609][T23075] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1048.856624][T23075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1048.856638][T23075] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1048.856672][T23075] [ 1049.169737][T23076] netlink: 'syz.1.6281': attribute type 2 has an invalid length. [ 1049.179037][ T5941] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 1049.478502][ T5941] usb 3-1: Using ep0 maxpacket: 16 [ 1050.207678][ T5920] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1050.550316][ T5920] usb 2-1: config 0 has no interfaces? [ 1050.606489][ T5920] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1050.654969][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.689546][ T5920] usb 2-1: Product: syz [ 1050.710935][ T5920] usb 2-1: Manufacturer: syz [ 1050.725538][ T5920] usb 2-1: SerialNumber: syz [ 1050.842009][ T5920] usb 2-1: config 0 descriptor?? [ 1051.075445][T23099] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6289'. [ 1051.107482][T23099] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6289'. [ 1052.122192][ T860] IPVS: starting estimator thread 0... [ 1052.227636][T23117] IPVS: using max 36 ests per chain, 86400 per kthread [ 1053.176984][ T5941] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1053.200696][ T5941] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1053.225438][ T5941] usb 3-1: can't read configurations, error -71 [ 1053.635278][T23135] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1053.652400][ T860] usb 2-1: USB disconnect, device number 78 [ 1053.692699][T23136] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6300'. [ 1053.706947][T23136] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6300'. [ 1053.794608][T23140] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6302'. [ 1054.001570][T23147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6305'. [ 1054.107435][T23151] FAULT_INJECTION: forcing a failure. [ 1054.107435][T23151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1054.121672][T23151] CPU: 1 UID: 0 PID: 23151 Comm: syz.2.6306 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1054.121706][T23151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1054.121721][T23151] Call Trace: [ 1054.121731][T23151] [ 1054.121741][T23151] dump_stack_lvl+0x189/0x250 [ 1054.121774][T23151] ? __pfx____ratelimit+0x10/0x10 [ 1054.121798][T23151] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1054.121826][T23151] ? __pfx__printk+0x10/0x10 [ 1054.121858][T23151] ? __might_fault+0xb0/0x130 [ 1054.121902][T23151] should_fail_ex+0x414/0x560 [ 1054.121931][T23151] _copy_from_iter+0x1db/0x16f0 [ 1054.121968][T23151] ? __lock_acquire+0xab9/0xd20 [ 1054.121993][T23151] ? __pfx__copy_from_iter+0x10/0x10 [ 1054.122032][T23151] ? page_copy_sane+0x4e/0x280 [ 1054.122062][T23151] copy_page_from_iter+0xdd/0x170 [ 1054.122095][T23151] tun_get_user+0x1c4d/0x3ce0 [ 1054.122127][T23151] ? tun_get_user+0x693/0x3ce0 [ 1054.122169][T23151] ? aa_file_perm+0x11f/0xed0 [ 1054.122196][T23151] ? __pfx_tun_get_user+0x10/0x10 [ 1054.122223][T23151] ? aa_file_perm+0x11f/0xed0 [ 1054.122248][T23151] ? aa_file_perm+0x3e7/0xed0 [ 1054.122287][T23151] ? ref_tracker_alloc+0x318/0x460 [ 1054.122311][T23151] ? __lock_acquire+0xab9/0xd20 [ 1054.122336][T23151] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1054.122368][T23151] ? tun_get+0x1c/0x2f0 [ 1054.122402][T23151] ? tun_get+0x1c/0x2f0 [ 1054.122429][T23151] ? tun_get+0x1c/0x2f0 [ 1054.122462][T23151] tun_chr_write_iter+0x113/0x200 [ 1054.122494][T23151] vfs_write+0x548/0xa90 [ 1054.122533][T23151] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1054.122563][T23151] ? __pfx_vfs_write+0x10/0x10 [ 1054.122611][T23151] ? __fget_files+0x2a/0x420 [ 1054.122642][T23151] ksys_write+0x145/0x250 [ 1054.122676][T23151] ? __pfx_ksys_write+0x10/0x10 [ 1054.122703][T23151] ? rcu_is_watching+0x15/0xb0 [ 1054.122735][T23151] ? do_syscall_64+0xbe/0x3b0 [ 1054.122764][T23151] do_syscall_64+0xfa/0x3b0 [ 1054.122788][T23151] ? lockdep_hardirqs_on+0x9c/0x150 [ 1054.122810][T23151] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.122833][T23151] ? clear_bhb_loop+0x60/0xb0 [ 1054.122860][T23151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.122882][T23151] RIP: 0033:0x7fbb5038d3df [ 1054.122902][T23151] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1054.122921][T23151] RSP: 002b:00007fbb51153000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1054.122945][T23151] RAX: ffffffffffffffda RBX: 00007fbb505b6080 RCX: 00007fbb5038d3df [ 1054.122961][T23151] RDX: 000000000000004a RSI: 00002000000000c0 RDI: 00000000000000c8 [ 1054.122976][T23151] RBP: 00007fbb51153090 R08: 0000000000000000 R09: 0000000000000000 [ 1054.122991][T23151] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001 [ 1054.123004][T23151] R13: 0000000000000000 R14: 00007fbb505b6080 R15: 00007fbb506dfa28 [ 1054.123037][T23151] [ 1054.535702][T23155] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1054.908151][ T1216] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1055.084039][ T1216] usb 4-1: Using ep0 maxpacket: 8 [ 1055.114371][ T1216] usb 4-1: New USB device found, idVendor=0471, idProduct=0313, bcdDevice=81.d5 [ 1055.130269][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.148907][ T1216] usb 4-1: Product: syz [ 1055.158685][ T1216] usb 4-1: Manufacturer: syz [ 1055.166513][T23177] FAULT_INJECTION: forcing a failure. [ 1055.166513][T23177] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1055.168275][ T1216] usb 4-1: SerialNumber: syz [ 1055.232984][ T1216] usb 4-1: config 0 descriptor?? [ 1055.335880][T23177] CPU: 0 UID: 0 PID: 23177 Comm: syz.2.6316 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1055.335911][T23177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1055.335926][T23177] Call Trace: [ 1055.335935][T23177] [ 1055.335945][T23177] dump_stack_lvl+0x189/0x250 [ 1055.335978][T23177] ? __pfx____ratelimit+0x10/0x10 [ 1055.335999][T23177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1055.336027][T23177] ? __pfx__printk+0x10/0x10 [ 1055.336058][T23177] ? __might_fault+0xb0/0x130 [ 1055.336100][T23177] should_fail_ex+0x414/0x560 [ 1055.336129][T23177] _copy_from_user+0x2d/0xb0 [ 1055.336159][T23177] ___sys_recvmsg+0x12e/0x510 [ 1055.336201][T23177] ? __pfx____sys_recvmsg+0x10/0x10 [ 1055.336260][T23177] ? __fget_files+0x3a0/0x420 [ 1055.336290][T23177] do_recvmmsg+0x307/0x770 [ 1055.336321][T23177] ? __pfx_do_recvmmsg+0x10/0x10 [ 1055.336356][T23177] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1055.336408][T23177] __x64_sys_recvmmsg+0x190/0x240 [ 1055.336438][T23177] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1055.336458][T23177] ? rcu_is_watching+0x15/0xb0 [ 1055.336491][T23177] ? do_syscall_64+0xbe/0x3b0 [ 1055.336519][T23177] do_syscall_64+0xfa/0x3b0 [ 1055.336542][T23177] ? lockdep_hardirqs_on+0x9c/0x150 [ 1055.336565][T23177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.336587][T23177] ? clear_bhb_loop+0x60/0xb0 [ 1055.336614][T23177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.336635][T23177] RIP: 0033:0x7fbb5038e929 [ 1055.336655][T23177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1055.336674][T23177] RSP: 002b:00007fbb51174038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1055.336696][T23177] RAX: ffffffffffffffda RBX: 00007fbb505b5fa0 RCX: 00007fbb5038e929 [ 1055.336713][T23177] RDX: 0000000000000001 RSI: 0000200000005600 RDI: 0000000000000003 [ 1055.336727][T23177] RBP: 00007fbb51174090 R08: 0000000000000000 R09: 0000000000000000 [ 1055.336741][T23177] R10: 0000000000010061 R11: 0000000000000246 R12: 0000000000000001 [ 1055.336755][T23177] R13: 0000000000000000 R14: 00007fbb505b5fa0 R15: 00007fbb506dfa28 [ 1055.336795][T23177] [ 1055.551285][ C0] vkms_vblank_simulate: vblank timer overrun [ 1055.569079][ T1216] pwc: Philips PCVC720K/40 (ToUCam XS) USB webcam detected. [ 1055.607607][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1055.641446][T23181] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6318'. [ 1055.650652][T23181] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6318'. [ 1056.088086][ T5941] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1056.191436][ T1216] pwc: send_video_command error -71 [ 1056.239743][ T1216] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1056.247708][ T1216] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 1056.262095][ T5941] usb 2-1: Using ep0 maxpacket: 16 [ 1056.319063][ T1216] usb 4-1: USB disconnect, device number 75 [ 1056.336392][ T5941] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1056.355608][ T5941] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1056.452257][ T5941] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1056.547199][ T5941] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1056.559624][ T5941] usb 2-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 1056.581082][T21128] Bluetooth: hci4: command 0x0406 tx timeout [ 1056.637688][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1056.699452][ T5941] usb 2-1: config 0 descriptor?? [ 1056.712597][T23199] netlink: 'syz.4.6319': attribute type 11 has an invalid length. [ 1056.918845][ T1216] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1057.162198][ T1216] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 1057.182163][ T1216] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1057.203200][ T1216] usb 4-1: can't read configurations, error -61 [ 1057.214803][ T5941] pantherlord 0003:0810:0001.001E: item fetching failed at offset 0/2 [ 1057.228867][ T5941] pantherlord 0003:0810:0001.001E: parse failed [ 1057.263951][ T5941] pantherlord 0003:0810:0001.001E: probe with driver pantherlord failed with error -22 [ 1057.519489][ T5941] usb 2-1: USB disconnect, device number 79 [ 1057.527989][ T1216] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1057.703988][ T1216] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 1057.718663][ T1216] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1057.726660][ T1216] usb 4-1: can't read configurations, error -61 [ 1057.751229][ T1216] usb usb4-port1: attempt power cycle [ 1058.026831][T23204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6322'. [ 1058.168477][ T1216] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1058.190833][ T1216] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 1058.200770][ T1216] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1058.209121][T23195] syzkaller1: entered promiscuous mode [ 1058.216200][T23195] syzkaller1: entered allmulticast mode [ 1058.236016][ T1216] usb 4-1: can't read configurations, error -61 [ 1058.387916][ T1216] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1058.409560][ T1216] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 1058.423034][ T1216] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1058.437890][ T1216] usb 4-1: can't read configurations, error -61 [ 1058.475356][ T1216] usb usb4-port1: unable to enumerate USB device [ 1058.639443][T23213] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1058.646714][T23213] IPv6: NLM_F_CREATE should be set when creating new route [ 1058.654029][T23213] IPv6: NLM_F_CREATE should be set when creating new route [ 1058.687976][T23213] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1059.626405][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.633446][T23211] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6324'. [ 1059.646999][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.937941][ T5941] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 1060.097808][ T5941] usb 3-1: Using ep0 maxpacket: 32 [ 1060.129703][ T5941] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1060.169088][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 1060.197180][T23242] FAULT_INJECTION: forcing a failure. [ 1060.197180][T23242] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.247604][T23242] CPU: 0 UID: 0 PID: 23242 Comm: syz.4.6335 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1060.247635][T23242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1060.247648][T23242] Call Trace: [ 1060.247657][T23242] [ 1060.247667][T23242] dump_stack_lvl+0x189/0x250 [ 1060.247699][T23242] ? __pfx____ratelimit+0x10/0x10 [ 1060.247722][T23242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1060.247748][T23242] ? __pfx__printk+0x10/0x10 [ 1060.247784][T23242] ? __pfx___might_resched+0x10/0x10 [ 1060.247792][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 1060.247823][T23242] ? fs_reclaim_acquire+0x7d/0x100 [ 1060.247850][T23242] should_fail_ex+0x414/0x560 [ 1060.247874][T23242] should_failslab+0xa8/0x100 [ 1060.247911][T23242] __kmalloc_noprof+0xcb/0x4f0 [ 1060.247944][T23242] ? kfree+0x4d/0x440 [ 1060.247973][T23242] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1060.248010][T23242] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1060.248042][T23242] ? tomoyo_domain+0xd9/0x130 [ 1060.248079][T23242] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1060.248123][T23242] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1060.248179][T23242] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1060.248236][T23242] ? __lock_acquire+0xab9/0xd20 [ 1060.248285][T23242] ? __fget_files+0x2a/0x420 [ 1060.248311][T23242] ? __fget_files+0x2a/0x420 [ 1060.248331][T23242] ? __fget_files+0x3a0/0x420 [ 1060.248353][T23242] ? __fget_files+0x2a/0x420 [ 1060.248380][T23242] security_file_ioctl+0xcb/0x2d0 [ 1060.248418][T23242] __se_sys_ioctl+0x47/0x170 [ 1060.248453][T23242] do_syscall_64+0xfa/0x3b0 [ 1060.248479][T23242] ? lockdep_hardirqs_on+0x9c/0x150 [ 1060.248504][T23242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.248527][T23242] ? clear_bhb_loop+0x60/0xb0 [ 1060.248559][T23242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.248582][T23242] RIP: 0033:0x7f4d7b58e929 [ 1060.248605][T23242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1060.248626][T23242] RSP: 002b:00007f4d7c399038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.248652][T23242] RAX: ffffffffffffffda RBX: 00007f4d7b7b5fa0 RCX: 00007f4d7b58e929 [ 1060.248670][T23242] RDX: 0000200000000100 RSI: 0000000000008946 RDI: 0000000000000003 [ 1060.248687][T23242] RBP: 00007f4d7c399090 R08: 0000000000000000 R09: 0000000000000000 [ 1060.248703][T23242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1060.248718][T23242] R13: 0000000000000000 R14: 00007f4d7b7b5fa0 R15: 00007f4d7b8dfa28 [ 1060.248755][T23242] [ 1060.248840][T23242] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1060.287906][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 1060.287947][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 1060.305883][ T5941] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 1060.598772][ T5941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.608111][ T5941] usb 3-1: Product: syz [ 1060.612941][ T5941] usb 3-1: Manufacturer: syz [ 1060.622072][ T5941] usb 3-1: SerialNumber: syz [ 1060.628658][T23251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6337'. [ 1060.672339][ T5941] usb 3-1: config 0 descriptor?? [ 1060.777490][T23254] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6340'. [ 1061.081017][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 1061.122137][ T5941] input input38: Device does not respond to id packet M [ 1061.167247][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 1061.225655][ T5941] input input38: Device does not respond to id packet P [ 1061.289607][ T5941] input input38: Device does not respond to id packet B [ 1061.495522][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 1061.526261][ T5941] input input38: Device does not respond to id packet N [ 1061.580096][T23272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.605211][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 1061.612573][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 1061.623527][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 1061.630906][ T5941] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 1061.641504][ T5941] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input38 [ 1061.670084][ T5941] usb 3-1: USB disconnect, device number 90 [ 1061.681001][T23272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1061.824054][T23272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.837755][ T860] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1061.892429][T23272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1062.077828][ T860] usb 4-1: Using ep0 maxpacket: 32 [ 1062.111237][ T860] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1062.148914][ T860] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1062.165431][ T860] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1062.185351][ T860] usb 4-1: Product: syz [ 1062.211041][ T860] usb 4-1: Manufacturer: syz [ 1062.253447][ T860] usb 4-1: SerialNumber: syz [ 1062.326422][ T860] usb 4-1: config 0 descriptor?? [ 1062.373201][T23281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6347'. [ 1062.457387][T23285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6349'. [ 1062.560473][ T5941] usb 4-1: USB disconnect, device number 80 [ 1062.777352][T23291] FAULT_INJECTION: forcing a failure. [ 1062.777352][T23291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1062.798159][T23291] CPU: 0 UID: 0 PID: 23291 Comm: syz.1.6351 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1062.798192][T23291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1062.798207][T23291] Call Trace: [ 1062.798217][T23291] [ 1062.798227][T23291] dump_stack_lvl+0x189/0x250 [ 1062.798260][T23291] ? __pfx____ratelimit+0x10/0x10 [ 1062.798283][T23291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1062.798311][T23291] ? __pfx__printk+0x10/0x10 [ 1062.798341][T23291] ? __might_fault+0xb0/0x130 [ 1062.798384][T23291] should_fail_ex+0x414/0x560 [ 1062.798413][T23291] _copy_from_user+0x2d/0xb0 [ 1062.798446][T23291] get_timespec64+0x8e/0x1a0 [ 1062.798469][T23291] ? __pfx_get_timespec64+0x10/0x10 [ 1062.798503][T23291] __se_sys_pselect6+0x129/0x300 [ 1062.798543][T23291] ? __pfx___se_sys_pselect6+0x10/0x10 [ 1062.798576][T23291] ? __pfx_ksys_write+0x10/0x10 [ 1062.798603][T23291] ? rcu_is_watching+0x15/0xb0 [ 1062.798636][T23291] ? __x64_sys_pselect6+0x21/0xf0 [ 1062.798671][T23291] do_syscall_64+0xfa/0x3b0 [ 1062.798695][T23291] ? lockdep_hardirqs_on+0x9c/0x150 [ 1062.798716][T23291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.798739][T23291] ? clear_bhb_loop+0x60/0xb0 [ 1062.798765][T23291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.798786][T23291] RIP: 0033:0x7f067438e929 [ 1062.798805][T23291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1062.798825][T23291] RSP: 002b:00007f06752de038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1062.798847][T23291] RAX: ffffffffffffffda RBX: 00007f06745b5fa0 RCX: 00007f067438e929 [ 1062.798860][T23291] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040 [ 1062.798873][T23291] RBP: 00007f06752de090 R08: 0000200000000280 R09: 0000000000000000 [ 1062.798888][T23291] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 1062.798917][T23291] R13: 0000000000000000 R14: 00007f06745b5fa0 R15: 00007f06746dfa28 [ 1062.798948][T23291] [ 1063.401411][T23297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6352'. [ 1063.414599][T23294] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1063.784737][T23304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6354'. [ 1064.236117][T23309] FAULT_INJECTION: forcing a failure. [ 1064.236117][T23309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1064.282399][T23309] CPU: 0 UID: 0 PID: 23309 Comm: syz.1.6357 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1064.282433][T23309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1064.282448][T23309] Call Trace: [ 1064.282457][T23309] [ 1064.282468][T23309] dump_stack_lvl+0x189/0x250 [ 1064.282501][T23309] ? __pfx____ratelimit+0x10/0x10 [ 1064.282523][T23309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1064.282550][T23309] ? __pfx__printk+0x10/0x10 [ 1064.282593][T23309] should_fail_ex+0x414/0x560 [ 1064.282622][T23309] _copy_to_user+0x31/0xb0 [ 1064.282655][T23309] simple_read_from_buffer+0xe1/0x170 [ 1064.282692][T23309] proc_fail_nth_read+0x1df/0x250 [ 1064.282719][T23309] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1064.282744][T23309] ? rw_verify_area+0x258/0x650 [ 1064.282782][T23309] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1064.282806][T23309] vfs_read+0x1fd/0x980 [ 1064.282840][T23309] ? __pfx___mutex_lock+0x10/0x10 [ 1064.282866][T23309] ? __pfx_vfs_read+0x10/0x10 [ 1064.282896][T23309] ? __fget_files+0x2a/0x420 [ 1064.282921][T23309] ? __fget_files+0x3a0/0x420 [ 1064.282940][T23309] ? __fget_files+0x2a/0x420 [ 1064.282969][T23309] ksys_read+0x145/0x250 [ 1064.283020][T23309] ? __pfx_ksys_read+0x10/0x10 [ 1064.283047][T23309] ? rcu_is_watching+0x15/0xb0 [ 1064.283081][T23309] ? do_syscall_64+0xbe/0x3b0 [ 1064.283111][T23309] do_syscall_64+0xfa/0x3b0 [ 1064.283134][T23309] ? lockdep_hardirqs_on+0x9c/0x150 [ 1064.283157][T23309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.283180][T23309] ? clear_bhb_loop+0x60/0xb0 [ 1064.283208][T23309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.283231][T23309] RIP: 0033:0x7f067438d33c [ 1064.283252][T23309] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1064.283272][T23309] RSP: 002b:00007f06752de030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1064.283295][T23309] RAX: ffffffffffffffda RBX: 00007f06745b5fa0 RCX: 00007f067438d33c [ 1064.283312][T23309] RDX: 000000000000000f RSI: 00007f06752de0a0 RDI: 0000000000000005 [ 1064.283327][T23309] RBP: 00007f06752de090 R08: 0000000000000000 R09: 0000000000000000 [ 1064.283341][T23309] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1064.283355][T23309] R13: 0000000000000000 R14: 00007f06745b5fa0 R15: 00007f06746dfa28 [ 1064.283389][T23309] [ 1064.899870][T23313] FAULT_INJECTION: forcing a failure. [ 1064.899870][T23313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1064.926818][T23313] CPU: 0 UID: 0 PID: 23313 Comm: syz.2.6360 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1064.926853][T23313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1064.926868][T23313] Call Trace: [ 1064.926878][T23313] [ 1064.926888][T23313] dump_stack_lvl+0x189/0x250 [ 1064.926920][T23313] ? __pfx____ratelimit+0x10/0x10 [ 1064.926944][T23313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1064.926979][T23313] ? __pfx__printk+0x10/0x10 [ 1064.927010][T23313] ? __might_fault+0xb0/0x130 [ 1064.927054][T23313] should_fail_ex+0x414/0x560 [ 1064.927083][T23313] _copy_from_user+0x2d/0xb0 [ 1064.927116][T23313] ___sys_sendmsg+0x158/0x2a0 [ 1064.927154][T23313] ? __pfx____sys_sendmsg+0x10/0x10 [ 1064.927228][T23313] ? __fget_files+0x2a/0x420 [ 1064.927247][T23313] ? __fget_files+0x3a0/0x420 [ 1064.927279][T23313] __x64_sys_sendmsg+0x19b/0x260 [ 1064.927316][T23313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1064.927361][T23313] ? __pfx_ksys_write+0x10/0x10 [ 1064.927389][T23313] ? rcu_is_watching+0x15/0xb0 [ 1064.927422][T23313] ? do_syscall_64+0xbe/0x3b0 [ 1064.927450][T23313] do_syscall_64+0xfa/0x3b0 [ 1064.927474][T23313] ? lockdep_hardirqs_on+0x9c/0x150 [ 1064.927496][T23313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.927521][T23313] ? clear_bhb_loop+0x60/0xb0 [ 1064.927547][T23313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1064.927569][T23313] RIP: 0033:0x7fbb5038e929 [ 1064.927588][T23313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1064.927608][T23313] RSP: 002b:00007fbb51174038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1064.927631][T23313] RAX: ffffffffffffffda RBX: 00007fbb505b5fa0 RCX: 00007fbb5038e929 [ 1064.927648][T23313] RDX: 0000000004040000 RSI: 0000200000000480 RDI: 0000000000000003 [ 1064.927663][T23313] RBP: 00007fbb51174090 R08: 0000000000000000 R09: 0000000000000000 [ 1064.927677][T23313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1064.927690][T23313] R13: 0000000000000000 R14: 00007fbb505b5fa0 R15: 00007fbb506dfa28 [ 1064.927723][T23313] [ 1065.883544][T23323] bridge0: port 2(bridge_slave_1) entered disabled state [ 1065.891549][T23323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.277062][T23323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1066.315002][T23323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1066.427323][T23350] FAULT_INJECTION: forcing a failure. [ 1066.427323][T23350] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1066.459123][T23350] CPU: 1 UID: 0 PID: 23350 Comm: syz.3.6370 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1066.459158][T23350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1066.459173][T23350] Call Trace: [ 1066.459183][T23350] [ 1066.459194][T23350] dump_stack_lvl+0x189/0x250 [ 1066.459228][T23350] ? __pfx____ratelimit+0x10/0x10 [ 1066.459252][T23350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1066.459280][T23350] ? __pfx__printk+0x10/0x10 [ 1066.459311][T23350] ? __might_fault+0xb0/0x130 [ 1066.459355][T23350] should_fail_ex+0x414/0x560 [ 1066.459385][T23350] _copy_from_user+0x2d/0xb0 [ 1066.459418][T23350] ___sys_sendmsg+0x158/0x2a0 [ 1066.459456][T23350] ? __pfx____sys_sendmsg+0x10/0x10 [ 1066.459549][T23350] ? __fget_files+0x2a/0x420 [ 1066.459568][T23350] ? __fget_files+0x3a0/0x420 [ 1066.459601][T23350] __x64_sys_sendmsg+0x19b/0x260 [ 1066.459640][T23350] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1066.459685][T23350] ? __pfx_ksys_write+0x10/0x10 [ 1066.459714][T23350] ? rcu_is_watching+0x15/0xb0 [ 1066.459747][T23350] ? do_syscall_64+0xbe/0x3b0 [ 1066.459777][T23350] do_syscall_64+0xfa/0x3b0 [ 1066.459801][T23350] ? lockdep_hardirqs_on+0x9c/0x150 [ 1066.459823][T23350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.459846][T23350] ? clear_bhb_loop+0x60/0xb0 [ 1066.459875][T23350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.459897][T23350] RIP: 0033:0x7f52aa78e929 [ 1066.459926][T23350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1066.459946][T23350] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1066.459970][T23350] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1066.459988][T23350] RDX: 0000000020000050 RSI: 0000200000000100 RDI: 0000000000000005 [ 1066.460003][T23350] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1066.460018][T23350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1066.460032][T23350] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1066.460065][T23350] [ 1066.772772][T23323] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.797071][T23323] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.806128][T23323] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.815342][T23323] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.855603][T23323] mac80211_hwsim hwsim26 wlan0: left promiscuous mode [ 1067.427703][T22423] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1067.588044][T22423] usb 3-1: Using ep0 maxpacket: 32 [ 1067.604363][T22423] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 1067.624301][T22423] usb 3-1: config 0 has no interface number 0 [ 1067.632092][T22423] usb 3-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1067.645796][T22423] usb 3-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1067.660075][T22423] usb 3-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1067.676817][T22423] usb 3-1: config 0 interface 2 has no altsetting 0 [ 1067.686175][T22423] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1067.699684][T22423] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.745600][T22423] usb 3-1: config 0 descriptor?? [ 1067.795446][T23384] FAULT_INJECTION: forcing a failure. [ 1067.795446][T23384] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.810091][T23384] CPU: 1 UID: 0 PID: 23384 Comm: syz.3.6383 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1067.810114][T23384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1067.810125][T23384] Call Trace: [ 1067.810132][T23384] [ 1067.810139][T23384] dump_stack_lvl+0x189/0x250 [ 1067.810173][T23384] ? __pfx____ratelimit+0x10/0x10 [ 1067.810197][T23384] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1067.810224][T23384] ? __pfx__printk+0x10/0x10 [ 1067.810260][T23384] ? __pfx___might_resched+0x10/0x10 [ 1067.810281][T23384] ? fs_reclaim_acquire+0x7d/0x100 [ 1067.810301][T23384] should_fail_ex+0x414/0x560 [ 1067.810328][T23384] should_failslab+0xa8/0x100 [ 1067.810366][T23384] __kmalloc_noprof+0xcb/0x4f0 [ 1067.810394][T23384] ? kfree+0x4d/0x440 [ 1067.810419][T23384] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1067.810443][T23384] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1067.810465][T23384] ? tomoyo_domain+0xd9/0x130 [ 1067.810498][T23384] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1067.810534][T23384] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1067.810572][T23384] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1067.810614][T23384] ? __lock_acquire+0xab9/0xd20 [ 1067.810654][T23384] ? __fget_files+0x2a/0x420 [ 1067.810680][T23384] ? __fget_files+0x2a/0x420 [ 1067.810699][T23384] ? __fget_files+0x3a0/0x420 [ 1067.810716][T23384] ? __fget_files+0x2a/0x420 [ 1067.810745][T23384] security_file_ioctl+0xcb/0x2d0 [ 1067.810773][T23384] __se_sys_ioctl+0x47/0x170 [ 1067.810798][T23384] do_syscall_64+0xfa/0x3b0 [ 1067.810822][T23384] ? lockdep_hardirqs_on+0x9c/0x150 [ 1067.810845][T23384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.810867][T23384] ? clear_bhb_loop+0x60/0xb0 [ 1067.810892][T23384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.810910][T23384] RIP: 0033:0x7f52aa78e929 [ 1067.810925][T23384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1067.810940][T23384] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.810961][T23384] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1067.810978][T23384] RDX: 0000200000000080 RSI: 00000000c0285628 RDI: 0000000000000003 [ 1067.810996][T23384] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1067.811010][T23384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1067.811023][T23384] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1067.811053][T23384] [ 1067.811163][T23384] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1067.980343][T23365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.127361][T23365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1068.154532][T23365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.181605][T23365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1068.423877][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.441710][T23390] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6386'. [ 1068.456833][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.477736][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.484878][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.509138][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.536598][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.550313][T22423] uclogic 0003:5543:0781.001F: unknown main item tag 0x0 [ 1068.563650][T22423] uclogic 0003:5543:0781.001F: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.2-1/input2 [ 1068.616620][T22423] usb 3-1: USB disconnect, device number 91 [ 1068.767487][T23395] fido_id[23395]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1068.807269][T23401] input: syz1 as /devices/virtual/input/input39 [ 1068.832907][T23401] input: failed to attach handler leds to device input39, error: -6 [ 1069.533223][T23417] syzkaller1: entered promiscuous mode [ 1069.541892][T23417] syzkaller1: entered allmulticast mode [ 1069.857788][ T5941] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1069.985894][T23423] netlink: 'syz.2.6394': attribute type 11 has an invalid length. [ 1070.007821][ T5941] usb 2-1: device descriptor read/64, error -71 [ 1070.377711][ T5941] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1070.555439][ T5941] usb 2-1: device descriptor read/64, error -71 [ 1070.702820][ T5941] usb usb2-port1: attempt power cycle [ 1070.941385][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805649b400: rx timeout, send abort [ 1070.951304][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805649b400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 1071.048107][ T5941] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1071.241264][ T5941] usb 2-1: device descriptor read/8, error -71 [ 1071.504740][ T5941] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1071.798474][ T5941] usb 2-1: device descriptor read/8, error -71 [ 1071.957971][ T5941] usb usb2-port1: unable to enumerate USB device [ 1073.650929][T23414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6388'. [ 1074.232569][T23444] netlink: 'syz.2.6402': attribute type 1 has an invalid length. [ 1074.345617][T23444] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1074.418027][T23457] veth3: entered promiscuous mode [ 1074.488389][T23444] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6402'. [ 1074.501581][T22423] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1074.522763][T23457] bond1: (slave veth3): Enslaving as an active interface with a down link [ 1074.678940][T22423] usb 2-1: Using ep0 maxpacket: 32 [ 1074.686534][T22423] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 1074.696748][T22423] usb 2-1: config 0 has no interface number 0 [ 1074.727421][T22423] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1074.766381][T22423] usb 2-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1074.803114][T22423] usb 2-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1074.854770][T22423] usb 2-1: config 0 interface 2 has no altsetting 0 [ 1074.882055][T22423] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 1074.905810][T22423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1074.940917][T22423] usb 2-1: config 0 descriptor?? [ 1075.177916][T23448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1075.196268][T23448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1075.474243][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.529385][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.581760][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.621460][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.636940][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.685306][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.706700][T22423] uclogic 0003:5543:0781.0020: unknown main item tag 0x0 [ 1075.727482][T22423] uclogic 0003:5543:0781.0020: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.1-1/input2 [ 1075.775892][T22423] usb 2-1: USB disconnect, device number 84 [ 1075.863388][T23503] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6411'. [ 1075.894105][T23500] fido_id[23500]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1075.904029][T23503] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6411'. [ 1076.088108][T23507] syzkaller1: entered promiscuous mode [ 1076.093673][T23507] syzkaller1: entered allmulticast mode [ 1076.176277][T23509] FAULT_INJECTION: forcing a failure. [ 1076.176277][T23509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1076.192273][T23509] CPU: 1 UID: 0 PID: 23509 Comm: syz.2.6412 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1076.192325][T23509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1076.192348][T23509] Call Trace: [ 1076.192366][T23509] [ 1076.192384][T23509] dump_stack_lvl+0x189/0x250 [ 1076.192438][T23509] ? __pfx____ratelimit+0x10/0x10 [ 1076.192480][T23509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1076.192529][T23509] ? __pfx__printk+0x10/0x10 [ 1076.192569][T23509] ? __might_fault+0xb0/0x130 [ 1076.192618][T23509] should_fail_ex+0x414/0x560 [ 1076.192652][T23509] _copy_from_user+0x2d/0xb0 [ 1076.192689][T23509] ___sys_sendmsg+0x158/0x2a0 [ 1076.192731][T23509] ? __pfx____sys_sendmsg+0x10/0x10 [ 1076.192815][T23509] ? __fget_files+0x2a/0x420 [ 1076.192844][T23509] ? __fget_files+0x3a0/0x420 [ 1076.192881][T23509] __x64_sys_sendmsg+0x19b/0x260 [ 1076.192924][T23509] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1076.192976][T23509] ? __pfx_ksys_write+0x10/0x10 [ 1076.193007][T23509] ? rcu_is_watching+0x15/0xb0 [ 1076.193044][T23509] ? do_syscall_64+0xbe/0x3b0 [ 1076.193077][T23509] do_syscall_64+0xfa/0x3b0 [ 1076.193104][T23509] ? lockdep_hardirqs_on+0x9c/0x150 [ 1076.193131][T23509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.193157][T23509] ? clear_bhb_loop+0x60/0xb0 [ 1076.193188][T23509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.193213][T23509] RIP: 0033:0x7fbb5038e929 [ 1076.193235][T23509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1076.193258][T23509] RSP: 002b:00007fbb51174038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1076.193284][T23509] RAX: ffffffffffffffda RBX: 00007fbb505b5fa0 RCX: 00007fbb5038e929 [ 1076.193304][T23509] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1076.193321][T23509] RBP: 00007fbb51174090 R08: 0000000000000000 R09: 0000000000000000 [ 1076.193338][T23509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1076.193354][T23509] R13: 0000000000000000 R14: 00007fbb505b5fa0 R15: 00007fbb506dfa28 [ 1076.193391][T23509] [ 1076.548427][T23510] netlink: 'syz.3.6410': attribute type 11 has an invalid length. [ 1076.856522][T23514] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6413'. [ 1077.249437][T23523] vivid-000: disconnect [ 1077.418110][ T1216] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1077.482289][T23521] vivid-000: reconnect [ 1077.591315][ T1216] usb 3-1: Using ep0 maxpacket: 32 [ 1077.622072][ T1216] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1077.631595][ T1216] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1077.647671][ T1216] usb 3-1: config 1 has no interface number 1 [ 1077.705578][ T1216] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1077.891594][ T1216] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 65, changing to 7 [ 1078.225818][ T1216] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1078.268917][ T1216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.291569][ T1216] usb 3-1: Product: syz [ 1078.295807][ T1216] usb 3-1: Manufacturer: syz [ 1078.306095][T23532] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1078.399068][T23533] pim6reg1: entered promiscuous mode [ 1078.404640][T23533] pim6reg1: entered allmulticast mode [ 1078.424076][ T1216] usb 3-1: SerialNumber: syz [ 1078.479353][T23535] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>f_ٮ,<_eF" [ 1078.537881][T23535] CUSE: unknown device info "3ܟ,v" [ 1078.544025][T23535] CUSE: unknown device info "J2S Z !e/J+-na4D|G$5O~q [ 1078.544025][T23535] fzXSAxjTǔw xRɐQ(hҏj pVdY0|M?2JIv^R@" [ 1078.596669][T23535] CUSE: unknown device info "!To}ݝ&|L+Uoϲ"FstV:׌E gJ<@c4TMM|" [ 1078.630096][T23535] CUSE: DEVNAME unspecified [ 1078.741727][T23520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1078.754183][T23520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1079.248896][T23539] FAULT_INJECTION: forcing a failure. [ 1079.248896][T23539] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1079.273733][T23539] CPU: 1 UID: 0 PID: 23539 Comm: syz.4.6422 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1079.273767][T23539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1079.273781][T23539] Call Trace: [ 1079.273795][T23539] [ 1079.273806][T23539] dump_stack_lvl+0x189/0x250 [ 1079.273839][T23539] ? __pfx____ratelimit+0x10/0x10 [ 1079.273862][T23539] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1079.273898][T23539] ? __pfx__printk+0x10/0x10 [ 1079.273930][T23539] ? __might_fault+0xb0/0x130 [ 1079.273974][T23539] should_fail_ex+0x414/0x560 [ 1079.274004][T23539] _copy_from_user+0x2d/0xb0 [ 1079.274037][T23539] ___sys_sendmsg+0x158/0x2a0 [ 1079.274074][T23539] ? __pfx____sys_sendmsg+0x10/0x10 [ 1079.274149][T23539] ? __fget_files+0x2a/0x420 [ 1079.274169][T23539] ? __fget_files+0x3a0/0x420 [ 1079.274201][T23539] __x64_sys_sendmsg+0x19b/0x260 [ 1079.274239][T23539] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1079.274284][T23539] ? __pfx_ksys_write+0x10/0x10 [ 1079.274312][T23539] ? rcu_is_watching+0x15/0xb0 [ 1079.274345][T23539] ? do_syscall_64+0xbe/0x3b0 [ 1079.274374][T23539] do_syscall_64+0xfa/0x3b0 [ 1079.274397][T23539] ? lockdep_hardirqs_on+0x9c/0x150 [ 1079.274421][T23539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.274443][T23539] ? clear_bhb_loop+0x60/0xb0 [ 1079.274471][T23539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.274494][T23539] RIP: 0033:0x7f4d7b58e929 [ 1079.274515][T23539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1079.274535][T23539] RSP: 002b:00007f4d7c399038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1079.274558][T23539] RAX: ffffffffffffffda RBX: 00007f4d7b7b5fa0 RCX: 00007f4d7b58e929 [ 1079.274574][T23539] RDX: 0000000000000080 RSI: 0000200000000280 RDI: 0000000000000003 [ 1079.274588][T23539] RBP: 00007f4d7c399090 R08: 0000000000000000 R09: 0000000000000000 [ 1079.274602][T23539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1079.274615][T23539] R13: 0000000000000000 R14: 00007f4d7b7b5fa0 R15: 00007f4d7b8dfa28 [ 1079.274647][T23539] [ 1079.736617][T23541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6423'. [ 1079.917265][T23547] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6425'. [ 1080.004639][T23549] FAULT_INJECTION: forcing a failure. [ 1080.004639][T23549] name failslab, interval 1, probability 0, space 0, times 0 [ 1080.101867][T23549] CPU: 0 UID: 0 PID: 23549 Comm: syz.3.6427 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1080.101902][T23549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1080.101916][T23549] Call Trace: [ 1080.101926][T23549] [ 1080.101937][T23549] dump_stack_lvl+0x189/0x250 [ 1080.101973][T23549] ? __pfx____ratelimit+0x10/0x10 [ 1080.101998][T23549] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1080.102027][T23549] ? __pfx__printk+0x10/0x10 [ 1080.102065][T23549] ? __pfx___might_resched+0x10/0x10 [ 1080.102092][T23549] ? fs_reclaim_acquire+0x7d/0x100 [ 1080.102121][T23549] should_fail_ex+0x414/0x560 [ 1080.102152][T23549] should_failslab+0xa8/0x100 [ 1080.102189][T23549] __kmalloc_noprof+0xcb/0x4f0 [ 1080.102220][T23549] ? kfree+0x4d/0x440 [ 1080.102246][T23549] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1080.102281][T23549] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1080.102312][T23549] ? tomoyo_domain+0xd9/0x130 [ 1080.102347][T23549] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1080.102386][T23549] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1080.102427][T23549] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1080.102500][T23549] ? __lock_acquire+0xab9/0xd20 [ 1080.102556][T23549] ? __fget_files+0x2a/0x420 [ 1080.102580][T23549] ? __fget_files+0x2a/0x420 [ 1080.102600][T23549] ? __fget_files+0x3a0/0x420 [ 1080.102618][T23549] ? __fget_files+0x2a/0x420 [ 1080.102644][T23549] security_file_ioctl+0xcb/0x2d0 [ 1080.102682][T23549] __se_sys_ioctl+0x47/0x170 [ 1080.102714][T23549] do_syscall_64+0xfa/0x3b0 [ 1080.102739][T23549] ? lockdep_hardirqs_on+0x9c/0x150 [ 1080.102763][T23549] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.102786][T23549] ? clear_bhb_loop+0x60/0xb0 [ 1080.102815][T23549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.102839][T23549] RIP: 0033:0x7f52aa78e929 [ 1080.102860][T23549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1080.102885][T23549] RSP: 002b:00007f52ab672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1080.102911][T23549] RAX: ffffffffffffffda RBX: 00007f52aa9b5fa0 RCX: 00007f52aa78e929 [ 1080.102929][T23549] RDX: 0000200000000100 RSI: 00000000c034564b RDI: 0000000000000003 [ 1080.102945][T23549] RBP: 00007f52ab672090 R08: 0000000000000000 R09: 0000000000000000 [ 1080.102960][T23549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1080.102975][T23549] R13: 0000000000000000 R14: 00007f52aa9b5fa0 R15: 00007f52aaadfa28 [ 1080.103010][T23549] [ 1080.103090][T23549] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1080.404634][T23551] FAULT_INJECTION: forcing a failure. [ 1080.404634][T23551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1080.441542][T23551] CPU: 0 UID: 0 PID: 23551 Comm: syz.1.6428 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1080.441578][T23551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1080.441592][T23551] Call Trace: [ 1080.441601][T23551] [ 1080.441612][T23551] dump_stack_lvl+0x189/0x250 [ 1080.441646][T23551] ? __pfx____ratelimit+0x10/0x10 [ 1080.441670][T23551] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1080.441699][T23551] ? __pfx__printk+0x10/0x10 [ 1080.441731][T23551] ? __might_fault+0xb0/0x130 [ 1080.441775][T23551] should_fail_ex+0x414/0x560 [ 1080.441804][T23551] _copy_from_user+0x2d/0xb0 [ 1080.441837][T23551] ___sys_sendmsg+0x158/0x2a0 [ 1080.441875][T23551] ? __pfx____sys_sendmsg+0x10/0x10 [ 1080.441948][T23551] ? __fget_files+0x2a/0x420 [ 1080.441968][T23551] ? __fget_files+0x3a0/0x420 [ 1080.442000][T23551] __sys_sendmmsg+0x227/0x430 [ 1080.442041][T23551] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1080.442072][T23551] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1080.442127][T23551] ? ksys_write+0x22a/0x250 [ 1080.442160][T23551] ? __pfx_ksys_write+0x10/0x10 [ 1080.442187][T23551] ? rcu_is_watching+0x15/0xb0 [ 1080.442222][T23551] __x64_sys_sendmmsg+0xa0/0xc0 [ 1080.442259][T23551] do_syscall_64+0xfa/0x3b0 [ 1080.442283][T23551] ? lockdep_hardirqs_on+0x9c/0x150 [ 1080.442304][T23551] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.442326][T23551] ? clear_bhb_loop+0x60/0xb0 [ 1080.442354][T23551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.442376][T23551] RIP: 0033:0x7f067438e929 [ 1080.442397][T23551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1080.442416][T23551] RSP: 002b:00007f06752de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1080.442456][T23551] RAX: ffffffffffffffda RBX: 00007f06745b5fa0 RCX: 00007f067438e929 [ 1080.442479][T23551] RDX: 0000000000000001 RSI: 0000200000001740 RDI: 0000000000000003 [ 1080.442493][T23551] RBP: 00007f06752de090 R08: 0000000000000000 R09: 0000000000000000 [ 1080.442508][T23551] R10: 0000000000000804 R11: 0000000000000246 R12: 0000000000000001 [ 1080.442522][T23551] R13: 0000000000000000 R14: 00007f06745b5fa0 R15: 00007f06746dfa28 [ 1080.442556][T23551] [ 1080.969561][ T1216] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1081.088756][ T1216] usb 3-1: USB disconnect, device number 92 [ 1081.209085][ T5941] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1081.378322][ T5941] usb 2-1: Using ep0 maxpacket: 16 [ 1081.399605][ T5941] usb 2-1: config 0 has no interfaces? [ 1081.415751][ T5941] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1081.434975][ T5941] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1081.445028][ T5941] usb 2-1: Manufacturer: syz [ 1081.584495][ T5941] usb 2-1: config 0 descriptor?? [ 1081.741531][ T1216] usb 3-1: new full-speed USB device number 93 using dummy_hcd [ 1081.980217][ T1216] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1081.988595][ T1216] usb 3-1: config 0 has no interface number 0 [ 1081.994802][ T1216] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1082.045542][T23555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1082.054565][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1082.058141][T23555] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1082.194415][ T1216] usb 3-1: config 0 descriptor?? [ 1082.211700][ T1216] usb 3-1: selecting invalid altsetting 1 [ 1082.227416][ T1216] dvb_ttusb_budget: ttusb_init_controller: error [ 1082.247094][ T1216] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1082.602708][ T1216] DVB: Unable to find symbol cx22700_attach() [ 1082.762577][ T1216] DVB: Unable to find symbol tda10046_attach() [ 1082.786160][ T1216] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1082.848069][ T1216] usb 3-1: USB disconnect, device number 93 [ 1083.078916][T23580] ------------[ cut here ]------------ [ 1083.085011][T23580] WARNING: CPU: 0 PID: 23580 at fs/exec.c:119 path_noexec+0x1af/0x200 [ 1083.093356][T23580] Modules linked in: [ 1083.097942][T23580] CPU: 0 UID: 0 PID: 23580 Comm: syz.0.6435 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1083.110104][T23580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1083.120293][T23580] RIP: 0010:path_noexec+0x1af/0x200 [ 1083.125561][T23580] Code: 02 31 ff 48 89 de e8 80 ae 8b ff d1 eb eb 07 e8 97 a9 8b ff b3 01 89 d8 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 a9 8b ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6 [ 1083.145981][T23580] RSP: 0018:ffffc9000d267bd8 EFLAGS: 00010293 [ 1083.152205][T23580] RAX: ffffffff82347fbe RBX: ffff8880799393c0 RCX: ffff88804ee88000 [ 1083.160290][T23580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1083.169659][T23580] RBP: 0000000000080000 R08: ffff88804ee88000 R09: 0000000000000003 [ 1083.178669][T23580] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000011 [ 1083.186695][T23580] R13: 1ffff92001a4cf90 R14: 0000000000000000 R15: dffffc0000000000 [ 1083.194789][T23580] FS: 00007fd0179b46c0(0000) GS:ffff888125c23000(0000) knlGS:0000000000000000 [ 1083.203995][T23580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1083.210737][T23580] CR2: 00007fd0179b3f98 CR3: 000000006cb68000 CR4: 00000000003526f0 [ 1083.218911][T23580] Call Trace: [ 1083.222252][T23580] [ 1083.225246][T23580] do_mmap+0xa43/0x10d0 [ 1083.229579][T23580] ? __pfx_do_mmap+0x10/0x10 [ 1083.234219][T23580] ? down_write_killable+0x178/0x230 [ 1083.239740][T23580] ? end_current_label_crit_section+0x152/0x180 [ 1083.246037][T23580] ? __pfx_down_write_killable+0x10/0x10 [ 1083.251780][T23580] vm_mmap_pgoff+0x31b/0x4c0 [ 1083.256424][T23580] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1083.261642][T23580] ? __fget_files+0x2a/0x420 [ 1083.266719][T23580] ? __fget_files+0x3a0/0x420 [ 1083.272735][T23580] ? __fget_files+0x2a/0x420 [ 1083.277384][T23580] ksys_mmap_pgoff+0x51f/0x760 [ 1083.283306][T23580] do_syscall_64+0xfa/0x3b0 [ 1083.287906][T23580] ? lockdep_hardirqs_on+0x9c/0x150 [ 1083.293156][T23580] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.299337][T23580] ? clear_bhb_loop+0x60/0xb0 [ 1083.304063][T23580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.310091][T23580] RIP: 0033:0x7fd019b8e929 [ 1083.314544][T23580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1083.334304][T23580] RSP: 002b:00007fd0179b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1083.342878][T23580] RAX: ffffffffffffffda RBX: 00007fd019db6160 RCX: 00007fd019b8e929 [ 1083.350916][T23580] RDX: 0000000000000005 RSI: 0000000000001000 RDI: 0000200000ffc000 [ 1083.358992][T23580] RBP: 00007fd019c10ca1 R08: 0000000000000003 R09: 00000000ef277000 [ 1083.366978][T23580] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 1083.375922][T23580] R13: 0000000000000001 R14: 00007fd019db6160 R15: 00007fd019edfa28 [ 1083.384626][T23580] [ 1083.387790][T23580] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1083.395096][T23580] CPU: 0 UID: 0 PID: 23580 Comm: syz.0.6435 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 1083.407166][T23580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1083.417237][T23580] Call Trace: [ 1083.420622][T23580] [ 1083.423563][T23580] dump_stack_lvl+0x99/0x250 [ 1083.428169][T23580] ? __asan_memcpy+0x40/0x70 [ 1083.432769][T23580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1083.437986][T23580] ? __pfx__printk+0x10/0x10 [ 1083.442616][T23580] panic+0x2db/0x790 [ 1083.446535][T23580] ? __pfx_panic+0x10/0x10 [ 1083.451005][T23580] __warn+0x31b/0x4b0 [ 1083.454998][T23580] ? path_noexec+0x1af/0x200 [ 1083.459604][T23580] ? path_noexec+0x1af/0x200 [ 1083.464207][T23580] report_bug+0x2be/0x4f0 [ 1083.468546][T23580] ? path_noexec+0x1af/0x200 [ 1083.473147][T23580] ? path_noexec+0x1af/0x200 [ 1083.477753][T23580] ? path_noexec+0x1b1/0x200 [ 1083.482355][T23580] handle_bug+0x84/0x160 [ 1083.486623][T23580] exc_invalid_op+0x1a/0x50 [ 1083.491162][T23580] asm_exc_invalid_op+0x1a/0x20 [ 1083.496020][T23580] RIP: 0010:path_noexec+0x1af/0x200 [ 1083.501234][T23580] Code: 02 31 ff 48 89 de e8 80 ae 8b ff d1 eb eb 07 e8 97 a9 8b ff b3 01 89 d8 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 a9 8b ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6 [ 1083.520854][T23580] RSP: 0018:ffffc9000d267bd8 EFLAGS: 00010293 [ 1083.526934][T23580] RAX: ffffffff82347fbe RBX: ffff8880799393c0 RCX: ffff88804ee88000 [ 1083.534915][T23580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1083.542897][T23580] RBP: 0000000000080000 R08: ffff88804ee88000 R09: 0000000000000003 [ 1083.550887][T23580] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000011 [ 1083.558883][T23580] R13: 1ffff92001a4cf90 R14: 0000000000000000 R15: dffffc0000000000 [ 1083.566873][T23580] ? path_noexec+0x1ae/0x200 [ 1083.571509][T23580] ? path_noexec+0x1ae/0x200 [ 1083.576114][T23580] do_mmap+0xa43/0x10d0 [ 1083.580294][T23580] ? __pfx_do_mmap+0x10/0x10 [ 1083.584894][T23580] ? down_write_killable+0x178/0x230 [ 1083.590191][T23580] ? end_current_label_crit_section+0x152/0x180 [ 1083.596465][T23580] ? __pfx_down_write_killable+0x10/0x10 [ 1083.602122][T23580] vm_mmap_pgoff+0x31b/0x4c0 [ 1083.606730][T23580] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1083.611857][T23580] ? __fget_files+0x2a/0x420 [ 1083.616468][T23580] ? __fget_files+0x3a0/0x420 [ 1083.621153][T23580] ? __fget_files+0x2a/0x420 [ 1083.625755][T23580] ksys_mmap_pgoff+0x51f/0x760 [ 1083.630540][T23580] do_syscall_64+0xfa/0x3b0 [ 1083.635056][T23580] ? lockdep_hardirqs_on+0x9c/0x150 [ 1083.640263][T23580] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.646339][T23580] ? clear_bhb_loop+0x60/0xb0 [ 1083.651127][T23580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.657399][T23580] RIP: 0033:0x7fd019b8e929 [ 1083.661904][T23580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1083.681536][T23580] RSP: 002b:00007fd0179b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1083.689966][T23580] RAX: ffffffffffffffda RBX: 00007fd019db6160 RCX: 00007fd019b8e929 [ 1083.697950][T23580] RDX: 0000000000000005 RSI: 0000000000001000 RDI: 0000200000ffc000 [ 1083.705937][T23580] RBP: 00007fd019c10ca1 R08: 0000000000000003 R09: 00000000ef277000 [ 1083.713924][T23580] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 1083.722003][T23580] R13: 0000000000000001 R14: 00007fd019db6160 R15: 00007fd019edfa28 [ 1083.730087][T23580] [ 1083.733435][T23580] Kernel Offset: disabled [ 1083.737949][T23580] Rebooting in 86400 seconds..