last executing test programs: 11.43065127s ago: executing program 3 (id=2317): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x12, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r1, r0, 0x0, 0x578410eb) 10.224948188s ago: executing program 3 (id=2320): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r1, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x1, 0x41, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020) 9.660930319s ago: executing program 4 (id=2321): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) r2 = fsopen(&(0x7f0000000240)='jfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x1eb640) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) writev(r3, &(0x7f00000014c0)=[{0x0}], 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x7fffffff, 0x2, 0x1a00, 0x0, 0xffffffffffffffff, 0x2fc, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x50) pipe2$watch_queue(0x0, 0x80) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, &(0x7f0000000380), &(0x7f0000000280)='syzkaller\x00', 0x5, 0x0, &(0x7f00000002c0), 0x40f00, 0x10, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0xbd4a, 0x2, 0x7eab, 0x9}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000700)=[r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000740)=[{0x3, 0x5, 0xb, 0x1}, {0x2, 0x2, 0x9, 0x8}, {0x2, 0x2, 0xd, 0x9}, {0x0, 0x3, 0xe, 0xa}, {0x1, 0x1, 0x4, 0x4}], 0x10, 0x9}, 0x94) write$sysctl(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x2) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x8850) openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) r8 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x281, 0x3) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4) connect$inet(r7, &(0x7f00000001c0)={0x2, 0x2, @rand_addr=0x64010101}, 0x10) setsockopt$inet_msfilter(r8, 0x0, 0x29, &(0x7f0000000040)={@loopback, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x3, [@remote, @loopback, @dev={0xac, 0x14, 0x14, 0x21}]}, 0x1c) r9 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_current(r9, &(0x7f0000000040)=@profile={'stack ', ':\x00'}, 0x8) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x10, &(0x7f0000000140)={0x20, 0x14, 0x3, "eaeeda"}, 0x0, 0x0}) 9.184610977s ago: executing program 3 (id=2322): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0) (async) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0xb1900201}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x78c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES8=r0, @ANYRESDEC=r2, @ANYRES32=r0, @ANYRES64=r2, @ANYBLOB="f04c3f1eb78c20795cbdb7b77ea07979750da3c1811f47642922b72b125451bb02aef51eee0087b1eb3e0809112f718ce1241b9beab87ff043bfbf040200bd92e25329850fe4bab7ba77e9850cf3507ba8aac5e8242d9e6e9ac3a8fac478ff688fee5a7c13cdcbeb13e986f9861d68a9410cc8830c7929100379f7cf7f400c09c2aa1dc4c1116fa7ead3c6f337d09696c43450c2f3fb49a48bf64ee8", @ANYRESDEC=0x0], 0x15) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r7, &(0x7f0000000000)={0x11, 0x4, r9, 0x1, 0xfe, 0x6, @remote}, 0x14) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) syz_emit_ethernet(0xe, &(0x7f0000000180)=ANY=[], 0x0) 7.368475627s ago: executing program 1 (id=2326): syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0xfd3b) socket$netlink(0x10, 0x3, 0x10) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x6}, 0x0, [0x0, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffefffffffff, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x3, 0xfffffeffbfffffff, 0x0, 0xfffffff3, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0xa28, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffd, 0x1000000000, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x20, 0x0, 0x0, 0x2, 0x100000000000, 0x0, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x2, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, 0x80]}) socket$packet(0x11, 0x3, 0x300) socket$netlink(0x10, 0x3, 0x4) r4 = socket(0xf, 0x1000, 0x8) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) r8 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x5, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6fe2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0x4, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 6.820386941s ago: executing program 2 (id=2329): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x4) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r5 = socket(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x2, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x21d, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x400c8b4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000000080)) syslog(0xa, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0xfffffffffffffda9, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x24080800}, 0x4000800) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x10) 6.603540666s ago: executing program 4 (id=2330): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000400)={{0x1, 0x0, 0xfffffffe, 0x2, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) syz_emit_ethernet(0x104e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa015ec200000186dd6000000010182b00fe80000000000000000000000000003afe8000000000000000000000000000aa670000000000000021"], 0x0) 6.14125655s ago: executing program 4 (id=2331): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0x2}, 0x18) connect$can_j1939(r0, &(0x7f0000000740)={0x1d, r1, 0x0, {0x0, 0xf0}}, 0x18) sendmmsg(r0, &(0x7f0000004580), 0x654, 0x0) connect$can_j1939(r0, 0x0, 0x0) 6.004786208s ago: executing program 3 (id=2333): r0 = socket$netlink(0x10, 0x3, 0x8000000004) socket$inet(0x2, 0x6, 0xa) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000300)="effdffff1500add427323b472545b456020200ffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 5.75406652s ago: executing program 4 (id=2334): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = getpid() syz_pidfd_open(r0, 0x0) tkill(r0, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') open_tree(r3, &(0x7f0000006180)='./mnt\x00', 0x1) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x24000840) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r5, 0xc018643a, &(0x7f0000000140)={0x4000000}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth1_macvtap\x00', 0x0}) r7 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'vxcan1\x00', &(0x7f00000000c0)=@ethtool_ts_info={0x1f}}) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_TUNER(r9, 0x4054561e, &(0x7f0000000040)={0xfffffffd, "f8f44fa604e0937938b160bc0f359ebf496ac2d64cd825060102dda9631d379f", 0x0, 0x0, 0xda6c}) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="4400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r6, @ANYBLOB="08000a00d3"], 0x44}}, 0x20008040) 5.401694422s ago: executing program 3 (id=2337): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x6a, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r4, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f00000007c0)={0x14c, r5, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x400, 0x57}}}}, [@key_params=[@NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x4}, @NL80211_ATTR_KEY_SEQ={0x9, 0xa, "e10ea2aa33"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "833ca601c5e186131f6b348d1e"}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x18, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}]}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1d6}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2e}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x244}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x274}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x12}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x37}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1b}], @chandef_params, @key_params=[@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "a43acae889"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x1c, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}]}]]}, 0x14c}}, 0x4) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRESDEC=r3, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) socket$inet(0x2, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r7 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r8 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r10, {0x0, 0xa}, {0xffff, 0xffff}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa, 0x0, 0x6}}}}]}, 0x44}}, 0x44080) sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r10, {0x0, 0x9}, {0x0, 0xa}, {0x0, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, r7, &(0x7f0000000240)=""/112, 0x349b7f55) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000000)=ANY=[@ANYRES8], 0x0) 4.719792055s ago: executing program 0 (id=2338): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000030000000050afd010000000000000000010020000c00024000000000000000010900010073797a3100000000040004802c000000000a01040000000000000000070000020900010073797a30492500000c000440000000000000000214000000110001"], 0xe4}}, 0x200000d4) (fail_nth: 5) 4.716878934s ago: executing program 1 (id=2339): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000140)=0x1000201, 0x4) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000080)=@mmap={0x6, 0x6, 0x4, 0x10000, 0xffffffff, {}, {0x2, 0x8, 0xda, 0x6d, 0xae, 0x94, "476c7519"}, 0x1, 0x1, {}, 0xffffffff}) syz_usb_connect$cdc_ecm(0x0, 0x6f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109025d000101000000090400000002060000052406000005240000000d240000000000000400000000152412"], 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000040)={'veth1_to_hsr\x00'}) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9) r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, r2, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', 'new '}, 0x19, 0xfffffffffffffffe) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000440)=0x0) r5 = getegid() keyctl$chown(0x4, r3, r4, r5) ioctl$VIDIOC_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f0000000100)={0x0, @reserved}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000e4ff0000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f798585fb5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c26211a2b975eb4a9d08501c000c00000000000097e50f118c4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add613658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741b0665bb33be6f0e742213d0bf5528a601b5934b867f39f7d776ac00a434949b4455b7c6c678de4d9740d8dff6169c664b55ce550fb4e686ae169d9f7abbeb08e02799374ae0081858bdf144d8c7fb67dcec5e43a0e8099e543116b1b7d144b5613845cca4388344d82de45f0c1b7d041db040fd777791232d5db32d14bc1c3d000000000000000000000016a1049b6f094e504c28d7daa2f61b2a7c14d2343b4308b36e6b141371c958406e212b3accb45f87aef8bd5e2181fd7826b9e5cb2f6a63f113491239dca17e4fb33e670daf1cd7a99015ae9e1ca32b4e64dc38b55d525bd10971b0898be9d6e6154dfc99b20622b604b87ba03524c2fed51056d672b1b966657de5c86ab09195fba55af17663fecf1b5c5a76cf07615c7ee54c361449e275371a8c4243b9060ecdeecfb1603b061a8a62159830049061800953f7d00c43c95068c62c2ca1ad7fea9de97216dbc9c8e36a5607608e77d1d7d72b78b4f1eab8e40000000000000000adc90eb850f42f44e4b48c9cc39412c0ce6c9f4b95936ec36efc8dfbc54eb44affe1cd0f14d124df0c29c51b5628646b8155a1859358aa08f71fd2d9b2c4288a0d8870e8767173c65476e1a4f000c580f61d73f5be35ca1aa1235cf309650cdf8c6cd950c477890089be400b26dedec1199479b1b5adfaf2b6e05b7f90c9098ed4accddabd802ac5dc1b436e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf8}, 0x48) r6 = socket$l2tp6(0xa, 0x2, 0x73) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000400)={'wg2\x00'}) syz_usb_connect(0x5, 0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001d4f86540d804830047da010203010902380001020840b3090400b2010202019405240600"], 0x0) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r7, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000000)=""/195, 0xc3}, {&(0x7f0000000840)=""/241, 0xf6}, {&(0x7f0000000580)=""/84, 0x54}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001a80), 0x6}, 0xb0}, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x4a}, 0x6}, {{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @remote}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/188, 0xbc}], 0x1, &(0x7f0000000340)=""/146, 0x92}, 0x8}], 0x9, 0x20, 0x0) connect$l2tp6(r6, &(0x7f00000001c0)={0xa, 0x0, 0xcfc, @dev={0xfe, 0x80, '\x00', 0x13}, 0x230b, 0x4}, 0x20) 4.244664682s ago: executing program 0 (id=2340): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x21, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010040000e00400000006000100050000000800090002"], 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) 3.521789127s ago: executing program 0 (id=2341): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x38a0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, 0x0, 0x0) r3 = syz_io_uring_setup(0x10d6, &(0x7f0000000280)={0x0, 0x7734, 0x80, 0xfffffffc, 0x34f, 0x0, r2}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) vmsplice(r6, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000300)={0x5, &(0x7f0000000340)=[{0x2e, 0x0, 0x0, 0x4}, {0xd3d, 0x6, 0x0, 0xc}, {0x0, 0x8, 0x62, 0x4}, {0x6, 0x4e, 0x3, 0xffffc8f6}, {0x6, 0xee, 0x8, 0x1}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$iommufd(0xffffff9c, 0x0, 0x200, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 3.380671377s ago: executing program 2 (id=2342): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)={0x6c, r1, 0x1, 0x170bd2b, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0xf8}}, {0x20, 0x2, @in6={0xa, 0x0, 0x5, @mcast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 3.332516721s ago: executing program 4 (id=2343): setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000300)={{0xa, 0x4e21, 0x10000, @private1, 0xca}, {0xa, 0x4e21, 0x99f, @private2, 0x6}, 0x0, {[0x580cfda, 0x400, 0x9, 0x40, 0x2b4a, 0x1, 0x1000, 0x3]}}, 0x5c) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES64], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) (async) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x2, 0x3, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x58}, 0x1, 0x7}, 0x0) write$sndseq(r5, &(0x7f0000000000)=[{0x80, 0x9, 0x3, 0x0, @time={0x7, 0x664}, {}, {}, @time=@time={0x7, 0x725e}}], 0x1c) (async) write$sndseq(r5, &(0x7f0000000000)=[{0x80, 0x9, 0x3, 0x0, @time={0x7, 0x664}, {}, {}, @time=@time={0x7, 0x725e}}], 0x1c) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0008000000000000000000000000000000000000132d4beafea10ef2e1f378097b4f66d0da62f48e20d01d9fe1f172da1ef05f13425ed8acfa83fd95b4331f913fb1aedc23fb1ec3f354f27153d62726a4871d2013e7e37ae2ba0232670a3696d96a1d726f3f1845c7405a313830515719cf96a6e23002a336e2ed23746950e67d0cfa15828f89b5511e9daf7de05a677bf4aa1d831d53516c21eb590bbf81a13342409ff9dc827474c5a52a34cf19b701e99db89f90921324990379ffab12696b7f700787524be9a982519af0c67121733e0274871685309b22533bdd35e271524d329acbbb0ed56da0248ca21eeaeba104be387c407c641afb798f11005eea43595e3fc6322a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0008000000000000000000000000000000000000132d4beafea10ef2e1f378097b4f66d0da62f48e20d01d9fe1f172da1ef05f13425ed8acfa83fd95b4331f913fb1aedc23fb1ec3f354f27153d62726a4871d2013e7e37ae2ba0232670a3696d96a1d726f3f1845c7405a313830515719cf96a6e23002a336e2ed23746950e67d0cfa15828f89b5511e9daf7de05a677bf4aa1d831d53516c21eb590bbf81a13342409ff9dc827474c5a52a34cf19b701e99db89f90921324990379ffab12696b7f700787524be9a982519af0c67121733e0274871685309b22533bdd35e271524d329acbbb0ed56da0248ca21eeaeba104be387c407c641afb798f11005eea43595e3fc6322a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d) r9 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r10, 0x8b1b, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000001c0)={'sit0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x3}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48801}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRES64=r1, @ANYBLOB="ff3fd888d59cf517cbc7c2cfc46431225e67ea49892e9379e8fb61523b924af3fa61dc0395d4f3c878e8d84f06edae2654a97103d814d2070d3bee78142c42ce9473cd1fb7de6dfd978898cf55cd31ae0965ec5fd97886ecaf731321ea2dda224ccf62688e42be6e7641be4279d7a8a1b0a634de26fa0ec008ab754010619f544090960bc6eb30c08e2afa3f1fc0211427a727242c42ce65ba1798e4"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRES64=r1, @ANYBLOB="ff3fd888d59cf517cbc7c2cfc46431225e67ea49892e9379e8fb61523b924af3fa61dc0395d4f3c878e8d84f06edae2654a97103d814d2070d3bee78142c42ce9473cd1fb7de6dfd978898cf55cd31ae0965ec5fd97886ecaf731321ea2dda224ccf62688e42be6e7641be4279d7a8a1b0a634de26fa0ec008ab754010619f544090960bc6eb30c08e2afa3f1fc0211427a727242c42ce65ba1798e4"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.504739533s ago: executing program 1 (id=2344): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0x2}, 0x18) connect$can_j1939(r0, &(0x7f0000000740)={0x1d, r1, 0x0, {0x0, 0xf0}}, 0x18) sendmmsg(r0, &(0x7f0000004580), 0x654, 0x0) connect$can_j1939(r0, 0x0, 0x0) 2.287950944s ago: executing program 1 (id=2345): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b700000000000000180818000000000000000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x3, &(0x7f000000cf3d)=""/195}, 0x23) r0 = openat$dlm_plock(0xffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$PPPIOCDISCONN(r0, 0x7439) readv(r0, &(0x7f0000001080)=[{&(0x7f0000000000)=""/122, 0x7a}, {&(0x7f0000000080)=""/4096, 0x1000}], 0x2) ioctl$PPPIOCGUNIT(r0, 0x80047456, &(0x7f00000010c0)) 2.120380246s ago: executing program 1 (id=2346): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r1) tkill(r1, 0x12) ptrace(0x4208, r1) tkill(r1, 0x12) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000051000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000080)=0x2, 0x95, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@setlink={0xc4, 0x13, 0x1, 0x70bd2c, 0x25dfdbf6, {0x0, 0x0, 0x0, r3, 0x0, 0x8223}, [@IFLA_VFINFO_LIST={0x9c, 0x16, 0x0, 0x1, [{0x98, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x5, @remote}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x9, 0x6}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x14000, 0x205}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x6}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0xfffffffd, 0x9}}, @IFLA_VF_MAC={0x28, 0x1, {0x3, @local}}, @IFLA_VF_VLAN={0x10, 0x2, {0x6, 0xa39, 0x4}}]}]}, @IFLA_CARRIER={0x5, 0x21, 0xfc}]}, 0xc4}, 0x1, 0x0, 0x0, 0x3000c054}, 0x24000004) 2.104267661s ago: executing program 2 (id=2347): syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000000f8ffffff0000ffff0a010102fe8000000000000000000000000000aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0) 1.924777992s ago: executing program 0 (id=2348): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r0 = syz_io_uring_setup(0xcaf, &(0x7f0000000100)={0x0, 0xb601, 0x1000, 0x0, 0x9c3}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x98e2, 0x10100, 0x3}, &(0x7f0000000200)=0x0, &(0x7f00000000c0)=0x0) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x48, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r4, 0x6fa0, 0x4004, 0x0, 0x0, 0x0) sendmsg$netlink(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x3, 0x10100, 0xeffffffe}, 0x0, &(0x7f0000000140)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0xfffffffffffffdab, 0x1, 0x0, 0x1, @connlimit={{0xe}, @void}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}, 0x1, 0x0, 0x0, 0x20000841}, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r9}}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xc, 0x4000, @fd_index=0x8, 0x7, 0x0, 0x0, 0xd7aca665e090110, 0x0, {0x1, r9}}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0xe) 1.907724352s ago: executing program 2 (id=2349): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) syz_usb_connect(0x4, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00979ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) 1.54337718s ago: executing program 3 (id=2350): syz_io_uring_setup(0x6ae1, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x20024c}, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_io_uring_setup(0x186, &(0x7f0000000180)={0x0, 0xddb3, 0x80}, &(0x7f00000002c0), &(0x7f00000003c0)) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') pread64(r1, &(0x7f0000000140)=""/15, 0xf, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0xfe, "0062ba7d00f7380963040c00"}) syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) r3 = socket$key(0xf, 0x3, 0x2) r4 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000480)='wlan1\x00', r4) r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000000)=0x1) r6 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) inotify_add_watch(r6, 0x0, 0x20) ioctl$vim2m_VIDIOC_DQBUF(r5, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x2, 0x0, {0x0, 0x2710}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '#\x00'}, 0x0, 0x2, {0x0}, 0x0, 0x0, r6}) poll(&(0x7f0000000040)=[{r5, 0x4}], 0x1, 0x3ff) syz_usb_connect(0x0, 0x24, 0x0, 0x0) sendmsg$key(r3, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="020300021000000000000000000000000200080008000000d700000000000000050006002b0000000a004e23000000062001000000000000000000000000000100800000000000000200010000000000000009229700008005000500000000000a004e24000000729d60d63ee0d0c100000c53838e16449097000000cf63"], 0x80}, 0x1, 0x7}, 0x0) 1.33441581s ago: executing program 0 (id=2351): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_mtu(r2, 0x29, 0x1e, &(0x7f0000000200)=0x4, 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$fuse(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) splice(0xffffffffffffffff, &(0x7f0000000140)=0x8c, 0xffffffffffffffff, &(0x7f00000002c0)=0x6cd, 0x9, 0xc) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000017000000440006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc9387cca4198904000500206e6e5714f3b3687a6fbd2741ec8b117acedaa43a150db67ec86fdaaff7138c63cce949109233b86b312e9b96c749da89124ce2beef73704b180bf263ef9754fb0a"], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) write(0xffffffffffffffff, &(0x7f0000000080)="1400000052004f030e789e7ee2ce", 0xe) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000300), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, 0x0, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r6, 0x0, 0x0) io_uring_setup(0x5c48, 0x0) unshare(0x6a040000) 1.247457927s ago: executing program 2 (id=2352): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10001, @loopback, 0xe}, 0x1c) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r1) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000240)={0x0, 0x33, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x0, [0x0], [], [], [0xd]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={r4, 0x10, 0x3ff, 0x34325241, 0x3, [r5, 0x0, 0x0, r5], [0x2b8, 0x0, 0x1000], [0x35b], [0x1a7a]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc01c64b9, &(0x7f00000001c0)={&(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1, r4, 0xe0e0e0e0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = socket(0x2, 0x80805, 0x0) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r7, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f0000000500)={0x7, 0x9dc5, 0x105, 0x0, 0x6}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f0000000380)={0x4, 0x3ff, 0x101, 0x0, 0xe}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r6, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r8, 0xfffffffb}, 0x8) 606.197226ms ago: executing program 2 (id=2353): syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x29, 0x6f, 0xb6, 0x8, 0x9022, 0xd484, 0xff88, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x0, 0x81, [{{0x9, 0x4, 0x1e, 0x80, 0x0, 0x56, 0xa7, 0xf6, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16}) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x1900, 0x6000, 0x0, 0x0}], 0x1}) 548.61406ms ago: executing program 4 (id=2354): syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100032988ff0102030109021200010495008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16}) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x0, {0x0, 0x0, 0x0, 0x1, 0xffffffffffffff23, 0x0, 0x0, 0x4, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x3, 0x6000, 0x0, 0x0}], 0x1}) r3 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000080), 0x12000, 0x0) ioctl$FITHAW(r3, 0xc0045878) 484.745677ms ago: executing program 1 (id=2355): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd3}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='g') r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$PTP_EXTTS_REQUEST2(r2, 0x40103d0b, &(0x7f00000000c0)={0x2, 0x1}) syz_usb_control_io(r0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x8, 0x5, {0x5, 0x0, 'TMR'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb, 0x30, 0xfd, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x7, 0x1, 0x3, 0xa7, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x5, 0x3, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x6, 0xfc, 0x2}}]}}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x7, 0x7, 0xf7, 0xbf, 0x5}, 0x5f, &(0x7f00000000c0)={0x5, 0xf, 0x5f, 0x5, [@generic={0x47, 0x10, 0x3, "d5861bd4002325e5a3de507b1cda5079369cb736737452026a2c540dc3bdfedcc4813b9d86b31ded0f1fcd6b1db90fe1102924cb1ba6084d2b5d5ede4a155a06b865a971"}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xfd, 0x1}]}, 0x7, [{0x4, &(0x7f0000000180)=@lang_id={0xfffffffffffffee4, 0x3, 0x3c0a}}, {0xd9, &(0x7f00000001c0)=@string={0xd9, 0x3, "cfa1d58150e2798ee15a128015109e214480da47b4b1d5924dec4a42196842777c99419bf1b0ca77abd45be94f467bc9c86ae6debf318068c50a6edf56b0e2b4bd65d792963ae91a10010a48f3eb3446854abfe7c875801cc13d0745c81689daf825f356e7979275d9f6e59fa4a249b94219c06f5a3822dc767d3a880be595d9a11f54cac716824226aadc4c66949737a4c9f6dcfab39b8f8545d3eba435a82e13ddaee2f7399d8edf0a284b3ec3a100b75bfdd7f4cf2ddc3204d8f38eb3cc123ab44ae29c2c9de5bf1ac7ff9b63b5bf343d12c6d2472a"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x424}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41f}}, {0x102, &(0x7f0000000a80)=@string={0x102, 0x3, "96192250fdb93c8fab284a0b82e1e8c9691dbf880e8fccfa6c36eab8eb5c01b74ae3e4d8edd5b8d1dff4d1c0d8f41d8d55a1feee648ee8456763c5884cb791514ce00496df9b3392230fcbdecf4f2d09af046b97df7585cdc9b6386eb338ee87203eb10445b8ef243860ad80f38c2799b6788a83d2237382e02c6b02e720545fedad4d7a60cf68ffbc6e826985a9695d93ab594af9d65f9fbb2bf166e58e83e63512ea64c06b8217fef60c1c13e35a51873944dc51c29c888a67a093115a82a6f615670693c28df4a16b92f9d6705b61eaa65316aebb04fe73ef5385741707d7ae13a65a1a53b9192a60f5badc0dd2527f58f3cdef2460329dcd6b5973240490"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x43e}}, {0xd5, &(0x7f0000000480)=ANY=[@ANYBLOB="d50392485deea5ff693d929220d1bf7175ae4864a5af43937af542ba58d29ef6e92379fbce839b125583df45fc6defeee2d7bac1ffdf6a461eed41a980e004be2ef3580d5de9960d6afb9dfa01f4634e359f973c4736a0988c0bc7029a85b87d9fffdc91118b79bb210730f3e994b0de3d55d09702c5fcf4853dfcade0a1e91e42587147073c90eb4624b278208fee1c3bc383be033c6255b9a0d423731bec7d66a40fb218aa410003ba609d516fc1bca26200e599972b199b9d9d2f4f5675dd09124459e596533884200271ebdd2fd405347ffb39"]}]}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x80800) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, 0x0, &(0x7f0000000200)) sendmmsg$alg(r5, &(0x7f0000000d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="10000000260000000300000010000000170100000200000000000000"], 0x20, 0x8000}], 0x1, 0x40800) syz_usb_control_io$printer(r3, &(0x7f0000000380)={0xc, &(0x7f0000000640)={0x0, 0x6, 0x8c, {0x8c, 0x10, "4dc34eb4679ed7f4d3a0c233fab3b472f4a67a953ba24946e699b587bdd1edeb53f8221af582921e437f9fc51b235613985651d52407f9c7a5111951911de8c80303d52d6496ce4fd97ef4090ed470a2f0dd1c9a62872317cb3b496c51f9e57376bcff72c983de5330d43a42132ab1d7b0d75a88d32d76477081df5c2e0c7e5e975dad4dcddc0f96ea7e"}}, &(0x7f0000000700)={0x0, 0x3, 0x54, @string={0x54, 0x3, "a834774c0ada3a8fb1c9c598583bfd31ebf368bb666cdc9ba2d4866a880b061506e9a9bab354e5d4bbbc79f200e2ebdfa55404b6e6836397c0a8763c6c39a41889ae7179068647d8d26f4ffdf8906e5d0844"}}}, &(0x7f0000000a40)={0x1c, &(0x7f00000007c0)={0x20, 0x9, 0xcf, "8bbda26f8021e63816dad4f8350ce00d12ba6bd9294a1d94a236a32bb0ef5c53f4a7943b4b6ef319a31dacc2c4fa93a733a7ff1c3f300dc5261c69591c95b428d4d50ba75810c742fdf3eeab7f5b339d8ddbbd01b3e5807d51f29e04b1d57c8284cd5787ea0b404efb8fbb5b96f3ff1bf083854a2ea4d4a66474da67c4d3d4f28cf6cd1a306544aabe182adf6783a001cfb041ed69eda8a4ede8bc1fc94301dd4f12d88d9f67a59f7a06800df8033e71b67dfdb857910648297e93a180599ae57d11efb296afbe7a3a8438e1f16625"}, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0xf9}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000940)={0x20, 0x0, 0x77, {0x75, "655ed1a4b5c31575233a6398449c2d8ead398caeced61d499ecf63d53bf53e4efff162b65ba4f2186f4e5fc6bd525f071aacbfaa43a5a43c523d2ab2d6e004812da7e840cd59d0ac4c78a32e6a4ff9a4636950dead6ed9b23a49c65e6297c3f6891cdc25527567abbd6fa2dd3c982513b104e0ac8d"}}, &(0x7f00000009c0)={0x20, 0x1, 0x1}, &(0x7f0000000a00)={0x20, 0x0, 0x1, 0x2e}}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd3}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0) (async) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='g') (async) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) ioctl$PTP_EXTTS_REQUEST2(r2, 0x40103d0b, &(0x7f00000000c0)={0x2, 0x1}) (async) syz_usb_control_io(r0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x8, 0x5, {0x5, 0x0, 'TMR'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb, 0x30, 0xfd, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x7, 0x1, 0x3, 0xa7, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x5, 0x3, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x6, 0xfc, 0x2}}]}}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x7, 0x7, 0xf7, 0xbf, 0x5}, 0x5f, &(0x7f00000000c0)={0x5, 0xf, 0x5f, 0x5, [@generic={0x47, 0x10, 0x3, "d5861bd4002325e5a3de507b1cda5079369cb736737452026a2c540dc3bdfedcc4813b9d86b31ded0f1fcd6b1db90fe1102924cb1ba6084d2b5d5ede4a155a06b865a971"}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xfd, 0x1}]}, 0x7, [{0x4, &(0x7f0000000180)=@lang_id={0xfffffffffffffee4, 0x3, 0x3c0a}}, {0xd9, &(0x7f00000001c0)=@string={0xd9, 0x3, "cfa1d58150e2798ee15a128015109e214480da47b4b1d5924dec4a42196842777c99419bf1b0ca77abd45be94f467bc9c86ae6debf318068c50a6edf56b0e2b4bd65d792963ae91a10010a48f3eb3446854abfe7c875801cc13d0745c81689daf825f356e7979275d9f6e59fa4a249b94219c06f5a3822dc767d3a880be595d9a11f54cac716824226aadc4c66949737a4c9f6dcfab39b8f8545d3eba435a82e13ddaee2f7399d8edf0a284b3ec3a100b75bfdd7f4cf2ddc3204d8f38eb3cc123ab44ae29c2c9de5bf1ac7ff9b63b5bf343d12c6d2472a"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x424}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41f}}, {0x102, &(0x7f0000000a80)=@string={0x102, 0x3, "96192250fdb93c8fab284a0b82e1e8c9691dbf880e8fccfa6c36eab8eb5c01b74ae3e4d8edd5b8d1dff4d1c0d8f41d8d55a1feee648ee8456763c5884cb791514ce00496df9b3392230fcbdecf4f2d09af046b97df7585cdc9b6386eb338ee87203eb10445b8ef243860ad80f38c2799b6788a83d2237382e02c6b02e720545fedad4d7a60cf68ffbc6e826985a9695d93ab594af9d65f9fbb2bf166e58e83e63512ea64c06b8217fef60c1c13e35a51873944dc51c29c888a67a093115a82a6f615670693c28df4a16b92f9d6705b61eaa65316aebb04fe73ef5385741707d7ae13a65a1a53b9192a60f5badc0dd2527f58f3cdef2460329dcd6b5973240490"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x43e}}, {0xd5, &(0x7f0000000480)=ANY=[@ANYBLOB="d50392485deea5ff693d929220d1bf7175ae4864a5af43937af542ba58d29ef6e92379fbce839b125583df45fc6defeee2d7bac1ffdf6a461eed41a980e004be2ef3580d5de9960d6afb9dfa01f4634e359f973c4736a0988c0bc7029a85b87d9fffdc91118b79bb210730f3e994b0de3d55d09702c5fcf4853dfcade0a1e91e42587147073c90eb4624b278208fee1c3bc383be033c6255b9a0d423731bec7d66a40fb218aa410003ba609d516fc1bca26200e599972b199b9d9d2f4f5675dd09124459e596533884200271ebdd2fd405347ffb39"]}]}) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async) accept4(r4, 0x0, 0x0, 0x80800) (async) socket(0x1, 0x803, 0x0) (async) getsockname$packet(r6, 0x0, &(0x7f0000000200)) (async) sendmmsg$alg(r5, &(0x7f0000000d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="10000000260000000300000010000000170100000200000000000000"], 0x20, 0x8000}], 0x1, 0x40800) (async) syz_usb_control_io$printer(r3, &(0x7f0000000380)={0xc, &(0x7f0000000640)={0x0, 0x6, 0x8c, {0x8c, 0x10, "4dc34eb4679ed7f4d3a0c233fab3b472f4a67a953ba24946e699b587bdd1edeb53f8221af582921e437f9fc51b235613985651d52407f9c7a5111951911de8c80303d52d6496ce4fd97ef4090ed470a2f0dd1c9a62872317cb3b496c51f9e57376bcff72c983de5330d43a42132ab1d7b0d75a88d32d76477081df5c2e0c7e5e975dad4dcddc0f96ea7e"}}, &(0x7f0000000700)={0x0, 0x3, 0x54, @string={0x54, 0x3, "a834774c0ada3a8fb1c9c598583bfd31ebf368bb666cdc9ba2d4866a880b061506e9a9bab354e5d4bbbc79f200e2ebdfa55404b6e6836397c0a8763c6c39a41889ae7179068647d8d26f4ffdf8906e5d0844"}}}, &(0x7f0000000a40)={0x1c, &(0x7f00000007c0)={0x20, 0x9, 0xcf, "8bbda26f8021e63816dad4f8350ce00d12ba6bd9294a1d94a236a32bb0ef5c53f4a7943b4b6ef319a31dacc2c4fa93a733a7ff1c3f300dc5261c69591c95b428d4d50ba75810c742fdf3eeab7f5b339d8ddbbd01b3e5807d51f29e04b1d57c8284cd5787ea0b404efb8fbb5b96f3ff1bf083854a2ea4d4a66474da67c4d3d4f28cf6cd1a306544aabe182adf6783a001cfb041ed69eda8a4ede8bc1fc94301dd4f12d88d9f67a59f7a06800df8033e71b67dfdb857910648297e93a180599ae57d11efb296afbe7a3a8438e1f16625"}, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0xf9}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000940)={0x20, 0x0, 0x77, {0x75, "655ed1a4b5c31575233a6398449c2d8ead398caeced61d499ecf63d53bf53e4efff162b65ba4f2186f4e5fc6bd525f071aacbfaa43a5a43c523d2ab2d6e004812da7e840cd59d0ac4c78a32e6a4ff9a4636950dead6ed9b23a49c65e6297c3f6891cdc25527567abbd6fa2dd3c982513b104e0ac8d"}}, &(0x7f00000009c0)={0x20, 0x1, 0x1}, &(0x7f0000000a00)={0x20, 0x0, 0x1, 0x2e}}) (async) 0s ago: executing program 0 (id=2356): socket(0x80000000000000a, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, &(0x7f00000000c0)) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200ddff070045000044000000000021907800000000ffffffff050090780a01010200002a77ec0000ac1e0001ac141401071300e00000f10f0562b6420200000000ffffffffac140000"], 0x0) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000840)={r5, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x8000) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f00000004c0)={0x41, 0x3}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) memfd_create(&(0x7f0000000040)='\x01\xfd\xae.+\xa6\x8c\xf8\xff2\x199\x94S,|\x99x?Ue[\xbd\xe1!\x03[d \xa0\x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xd3\a\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\xfa\x18\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xccV\xa6w%\x06\x19\x7f\xc3\xb3O\xe5t3\x03\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6x\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\x01\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\x9f\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\ti\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x17&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\b\x00\x00\x00\x00\x00\x00\x00\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\xbfM.\xe3\x84\x82\x9c\x91\a\x9b\x191c\xaeLz\xe0\x04Daz\x8d\xc3\x03\xab\x8dEGC$\x00e,\x94#\xcd4\xf9\x05\x88.\x13\x03\x04\xdb\x00\x00\x00\x00\x00', 0x4) r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) syz_usb_connect$uac1(0x5, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000206b1d01014000010203010902780003010000060904000000010100000a24010200000201020a24080304004000000009040100000102000009040101010102000009050109100001fc0b0725018107010809040200000102000009040201010102000008240201002647ba0724010604021009058209000410070707"], 0x0) kernel console output (not intermixed with test programs): r , priority 0 [ 892.687562][T13942] syzkaller0: entered promiscuous mode [ 892.687587][T13942] syzkaller0: entered allmulticast mode [ 892.736155][T13942] syzkaller0: mtu greater than device maximum [ 892.737222][T13941] tipc: Resetting bearer [ 892.789486][T13941] tipc: Disabling bearer [ 892.965169][T13951] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 893.206975][T13954] fuse: Unknown parameter 'n' [ 894.765701][T13961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2014'. [ 895.343338][ T44] usb 5-1: new full-speed USB device number 66 using dummy_hcd [ 895.473225][T13969] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2016'. [ 895.505379][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 64 [ 895.522058][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 895.599819][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 895.646579][ T44] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 895.696669][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 895.725790][ T44] usb 5-1: config 0 descriptor?? [ 895.736178][T13965] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 895.833243][ T9] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 895.990833][T13965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 895.999746][T13965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 896.013841][ T44] usb 5-1: USB disconnect, device number 66 [ 896.038900][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 896.069332][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 896.197093][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 896.206401][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.214629][ T9] usb 2-1: Product: syz [ 896.218865][ T9] usb 2-1: Manufacturer: syz [ 896.223591][ T9] usb 2-1: SerialNumber: syz [ 896.240133][T13981] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2018'. [ 896.353312][T13985] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 896.502603][T13984] macvlan2: entered promiscuous mode [ 896.513298][T13984] macvlan2: entered allmulticast mode [ 896.572805][T13984] bond3: entered promiscuous mode [ 896.584026][T13984] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 896.642493][T13984] bond3: left promiscuous mode [ 896.856747][T13992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 896.866617][T13992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 898.782995][T14012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2026'. [ 899.145390][T14012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2026'. [ 899.303136][ T44] usb 2-1: USB disconnect, device number 74 [ 899.488343][T14016] tipc: Started in network mode [ 899.503735][T14016] tipc: Node identity 929c65d2259a, cluster identity 4711 [ 899.518356][T14016] tipc: Enabled bearer , priority 0 [ 899.545167][T14021] syzkaller0: entered promiscuous mode [ 899.553893][T14021] syzkaller0: entered allmulticast mode [ 899.571246][T14020] FAULT_INJECTION: forcing a failure. [ 899.571246][T14020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 899.590428][T14016] syzkaller0: mtu greater than device maximum [ 899.636931][T14020] CPU: 1 UID: 0 PID: 14020 Comm: syz.1.2028 Not tainted syzkaller #0 PREEMPT(full) [ 899.636955][T14020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 899.636965][T14020] Call Trace: [ 899.636972][T14020] [ 899.636979][T14020] dump_stack_lvl+0x189/0x250 [ 899.637003][T14020] ? __pfx____ratelimit+0x10/0x10 [ 899.637027][T14020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 899.637046][T14020] ? __pfx__printk+0x10/0x10 [ 899.637078][T14020] should_fail_ex+0x414/0x560 [ 899.637104][T14020] _copy_to_user+0x31/0xb0 [ 899.637125][T14020] simple_read_from_buffer+0xe1/0x170 [ 899.637152][T14020] proc_fail_nth_read+0x1b3/0x220 [ 899.637173][T14020] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 899.637193][T14020] ? rw_verify_area+0x2a6/0x4d0 [ 899.637213][T14020] ? __lock_acquire+0xab9/0xd20 [ 899.637235][T14020] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 899.637255][T14020] vfs_read+0x200/0xa30 [ 899.637284][T14020] ? fdget_pos+0x247/0x320 [ 899.637307][T14020] ? __pfx___mutex_lock+0x10/0x10 [ 899.637342][T14020] ? __pfx_vfs_read+0x10/0x10 [ 899.637373][T14020] ? __fget_files+0x2a/0x420 [ 899.637410][T14020] ? __fget_files+0x3a0/0x420 [ 899.637442][T14020] ? __fget_files+0x2a/0x420 [ 899.637486][T14020] ksys_read+0x145/0x250 [ 899.637518][T14020] ? __pfx_ksys_read+0x10/0x10 [ 899.637551][T14020] ? lockdep_hardirqs_on+0x9c/0x150 [ 899.637590][T14020] __do_fast_syscall_32+0xb6/0x2b0 [ 899.637625][T14020] ? lockdep_hardirqs_on+0x9c/0x150 [ 899.637661][T14020] do_fast_syscall_32+0x34/0x80 [ 899.637696][T14020] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 899.637723][T14020] RIP: 0023:0xf709e539 [ 899.637742][T14020] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 899.637762][T14020] RSP: 002b:00000000f548e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 899.637786][T14020] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f548e620 [ 899.637802][T14020] RDX: 000000000000000f RSI: 00000000f7404ff4 RDI: 0000000000000000 [ 899.637822][T14020] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 899.637836][T14020] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 899.637849][T14020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 899.637881][T14020] [ 899.641776][T14015] tipc: Resetting bearer [ 900.027984][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2030'. [ 900.134983][T14015] tipc: Disabling bearer [ 900.187062][T14025] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 901.233142][ T44] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 901.841113][ T44] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 901.859207][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 901.910560][ T44] usb 3-1: config 0 descriptor?? [ 901.932513][T14050] usb usb8: usbfs: process 14050 (syz.4.2037) did not claim interface 0 before use [ 902.597389][T14050] can: request_module (can-proto-4) failed. [ 902.774598][ T9] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 903.017629][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 903.026576][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 903.076799][ T9] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 903.178365][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 903.192642][ T9] usb 2-1: config 0 descriptor?? [ 903.205371][ T9] usb 2-1: bad CDC descriptors [ 903.577904][ T9855] usb 2-1: USB disconnect, device number 75 [ 903.954410][ T44] usb 3-1: Cannot read MAC address [ 903.960070][ T44] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 904.066408][ T44] usb 3-1: USB disconnect, device number 86 [ 904.662896][T14077] : renamed from batadv_slave_1 [ 904.691043][T14081] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 905.027806][T14089] FAULT_INJECTION: forcing a failure. [ 905.027806][T14089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.103750][T14089] CPU: 1 UID: 0 PID: 14089 Comm: syz.3.2040 Not tainted syzkaller #0 PREEMPT(full) [ 905.103782][T14089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 905.103798][T14089] Call Trace: [ 905.103807][T14089] [ 905.103817][T14089] dump_stack_lvl+0x189/0x250 [ 905.103850][T14089] ? __pfx____ratelimit+0x10/0x10 [ 905.103883][T14089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 905.103911][T14089] ? __pfx__printk+0x10/0x10 [ 905.103944][T14089] ? __might_fault+0xb0/0x130 [ 905.103988][T14089] should_fail_ex+0x414/0x560 [ 905.104023][T14089] _copy_from_user+0x2d/0xb0 [ 905.104051][T14089] memdup_user+0x5e/0xd0 [ 905.104077][T14089] strndup_user+0x68/0xd0 [ 905.104102][T14089] __se_sys_fsconfig+0x66f/0x8d0 [ 905.104137][T14089] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 905.104160][T14089] ? ksys_write+0x22a/0x250 [ 905.104201][T14089] ? lockdep_hardirqs_on+0x9c/0x150 [ 905.104232][T14089] ? __ia32_sys_fsconfig+0x20/0xc0 [ 905.104260][T14089] __do_fast_syscall_32+0xb6/0x2b0 [ 905.104296][T14089] ? lockdep_hardirqs_on+0x9c/0x150 [ 905.104333][T14089] do_fast_syscall_32+0x34/0x80 [ 905.104376][T14089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 905.104405][T14089] RIP: 0023:0xf7f45539 [ 905.104424][T14089] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 905.104445][T14089] RSP: 002b:00000000f542455c EFLAGS: 00000206 ORIG_RAX: 00000000000001af [ 905.104469][T14089] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 [ 905.104485][T14089] RDX: 0000000080000000 RSI: 0000000080000180 RDI: 0000000000000000 [ 905.104500][T14089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 905.104514][T14089] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 905.104528][T14089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 905.104560][T14089] [ 905.778206][T14091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2047'. [ 905.995804][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 905.995826][ T30] audit: type=1326 audit(1755998266.863:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.165142][ T30] audit: type=1326 audit(1755998266.863:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.329654][ T30] audit: type=1326 audit(1755998266.953:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.460565][ T30] audit: type=1326 audit(1755998266.953:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.485159][ T44] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 906.569110][ T30] audit: type=1326 audit(1755998266.953:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.690801][T14102] fuse: Unknown parameter 'n' [ 906.703197][ T30] audit: type=1326 audit(1755998266.953:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.725533][ T44] usb 4-1: Using ep0 maxpacket: 8 [ 906.735810][ T44] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 906.747308][ T30] audit: type=1326 audit(1755998266.953:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.763210][ T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 906.891725][ T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 906.901742][ T30] audit: type=1326 audit(1755998266.953:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.901809][ T30] audit: type=1326 audit(1755998266.953:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 906.901856][ T30] audit: type=1326 audit(1755998266.953:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14094 comm="syz.0.2049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 907.103462][ T44] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 907.118827][ T9] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 907.140113][ T44] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 907.157181][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 907.495290][ T9] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 907.504039][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 907.773323][ T44] usb 4-1: GET_CAPABILITIES returned 0 [ 907.778880][ T9855] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 907.797950][ T44] usbtmc 4-1:16.0: can't read capabilities [ 907.828457][T14108] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 907.835033][T14108] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 907.847918][T14108] vhci_hcd vhci_hcd.0: Device attached [ 907.888414][T14108] usb usb8: usbfs: process 14108 (syz.0.2049) did not claim interface 0 before use [ 907.913659][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 908.101964][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 908.120494][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 908.153343][ T5925] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 908.183185][ T9855] usb 2-1: Using ep0 maxpacket: 16 [ 908.263485][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 908.283603][ T9] usb 5-1: config 0 descriptor?? [ 908.289570][T14106] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 908.713299][ T9] plantronics 0003:047F:FFFF.000B: item fetching failed at offset 11/15 [ 908.754463][ T5976] usb 4-1: USB disconnect, device number 61 [ 908.821432][ T9] plantronics 0003:047F:FFFF.000B: parse failed [ 908.870275][ T9] plantronics 0003:047F:FFFF.000B: probe with driver plantronics failed with error -22 [ 908.893511][T14115] vhci_hcd: connection reset by peer [ 908.916120][T10613] vhci_hcd: stop threads [ 908.927969][T10613] vhci_hcd: release socket [ 908.974422][T14106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 909.017204][T14106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 909.033240][T10613] vhci_hcd: disconnect device [ 909.054617][ T44] usb 5-1: USB disconnect, device number 67 [ 909.192377][T14123] fuse: blksize only supported for fuseblk [ 909.443182][ T5932] usb 3-1: new full-speed USB device number 87 using dummy_hcd [ 909.657503][ T5932] usb 3-1: config 13 has an invalid interface number: 82 but max is 0 [ 909.666623][ T5932] usb 3-1: config 13 has an invalid descriptor of length 1, skipping remainder of the config [ 909.691277][ T5932] usb 3-1: config 13 has no interface number 0 [ 909.712304][T14132] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 909.719940][ T5932] usb 3-1: config 13 interface 82 altsetting 192 has an invalid descriptor for endpoint zero, skipping [ 909.734185][ T5932] usb 3-1: config 13 interface 82 altsetting 192 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 909.782765][ T5932] usb 3-1: config 13 interface 82 altsetting 192 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 909.890910][ T5932] usb 3-1: config 13 interface 82 altsetting 192 has an invalid descriptor for endpoint zero, skipping [ 910.061895][ T5932] usb 3-1: config 13 interface 82 altsetting 192 has a duplicate endpoint with address 0xE, skipping [ 910.173907][ T9855] usb 2-1: unable to get BOS descriptor or descriptor too short [ 910.191877][ T9855] usb 2-1: no configurations [ 910.203223][ T9855] usb 2-1: can't read configurations, error -22 [ 910.369987][ T5932] usb 3-1: config 13 interface 82 altsetting 192 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 910.621006][ T5932] usb 3-1: config 13 interface 82 altsetting 192 has an invalid descriptor for endpoint zero, skipping [ 910.633495][ T5932] usb 3-1: config 13 interface 82 altsetting 192 has 8 endpoint descriptors, different from the interface descriptor's value: 16 [ 910.657261][ T5932] usb 3-1: config 13 interface 82 has no altsetting 0 [ 910.694288][ T5932] usb 3-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=f7.71 [ 910.704009][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.718850][ T5932] usb 3-1: Product: syz [ 910.728352][ T5932] usb 3-1: Manufacturer: 礯巸鬵Ꝋ瞧볟䋂嬛Ӟჾﻲ揭㒴呦⑜ꂻဩ쉯ᕉ经ﲬ䖦뺲엢탨ᗽ蠨熼粝햣య洱࿣列ꏑ楣㔫Έὂㄺ湢椥噼瘵ᆶ䠐ꠉﯭ㟒칀 [ 910.748506][ T5932] usb 3-1: SerialNumber: syz [ 911.246886][ T5932] gspca_main: spca506-2.14.0 probing 99fa:8988 [ 911.535980][ T5932] usb 3-1: USB disconnect, device number 87 [ 912.701485][T14165] FAULT_INJECTION: forcing a failure. [ 912.701485][T14165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 912.714791][T14165] CPU: 0 UID: 0 PID: 14165 Comm: syz.3.2066 Not tainted syzkaller #0 PREEMPT(full) [ 912.714812][T14165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 912.714823][T14165] Call Trace: [ 912.714831][T14165] [ 912.714839][T14165] dump_stack_lvl+0x189/0x250 [ 912.714863][T14165] ? __pfx____ratelimit+0x10/0x10 [ 912.714887][T14165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 912.714913][T14165] ? __pfx__printk+0x10/0x10 [ 912.714945][T14165] ? __might_fault+0xb0/0x130 [ 912.715001][T14165] should_fail_ex+0x414/0x560 [ 912.715033][T14165] _copy_from_iter+0x1de/0x1790 [ 912.715054][T14165] ? rcu_is_watching+0x15/0xb0 [ 912.715071][T14165] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 912.715094][T14165] ? __pfx__copy_from_iter+0x10/0x10 [ 912.715111][T14165] ? __build_skb_around+0x257/0x3e0 [ 912.715138][T14165] ? netlink_sendmsg+0x642/0xb30 [ 912.715160][T14165] ? skb_put+0x11b/0x210 [ 912.715177][T14165] netlink_sendmsg+0x6b2/0xb30 [ 912.715207][T14165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 912.715233][T14165] ? __import_iovec+0x5d4/0x7f0 [ 912.715248][T14165] ? aa_sock_msg_perm+0xf1/0x1d0 [ 912.715264][T14165] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 912.715281][T14165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 912.715305][T14165] __sock_sendmsg+0x21c/0x270 [ 912.715328][T14165] ____sys_sendmsg+0x505/0x830 [ 912.715350][T14165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 912.715379][T14165] ___sys_sendmsg+0x21f/0x2a0 [ 912.715397][T14165] ? __pfx____sys_sendmsg+0x10/0x10 [ 912.715439][T14165] ? __fget_files+0x2a/0x420 [ 912.715461][T14165] ? __fget_files+0x3a0/0x420 [ 912.715491][T14165] __sys_sendmsg+0x164/0x220 [ 912.715509][T14165] ? __pfx___sys_sendmsg+0x10/0x10 [ 912.715536][T14165] ? lockdep_hardirqs_on+0x9c/0x150 [ 912.715560][T14165] __do_fast_syscall_32+0xb6/0x2b0 [ 912.715584][T14165] ? lockdep_hardirqs_on+0x9c/0x150 [ 912.715615][T14165] do_fast_syscall_32+0x34/0x80 [ 912.715639][T14165] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 912.715658][T14165] RIP: 0023:0xf7f45539 [ 912.715672][T14165] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 912.715686][T14165] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 912.715702][T14165] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 912.715712][T14165] RDX: 0000000000048044 RSI: 0000000000000000 RDI: 0000000000000000 [ 912.715722][T14165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 912.715731][T14165] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 912.715740][T14165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 912.715760][T14165] [ 912.988467][ C0] vkms_vblank_simulate: vblank timer overrun [ 913.406599][ T5925] vhci_hcd: vhci_device speed not set [ 913.549237][T14171] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 913.623221][ T5976] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 913.813501][ T5976] usb 5-1: Using ep0 maxpacket: 16 [ 913.826882][ T5976] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 913.843363][ T5976] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 913.897689][ T5976] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 913.929608][ T5976] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 913.948078][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 913.982795][ T5976] usb 5-1: Product: syz [ 913.995659][ T5976] usb 5-1: Manufacturer: syz [ 914.011332][ T5976] usb 5-1: SerialNumber: syz [ 914.431479][T14182] tipc: Started in network mode [ 914.441833][ T5976] usb 5-1: 0:2 : does not exist [ 914.451452][T14182] tipc: Node identity 1600a6a73e5f, cluster identity 4711 [ 914.465943][T14182] tipc: Enabled bearer , priority 0 [ 914.547146][T14185] syzkaller0: entered promiscuous mode [ 914.553370][T14185] syzkaller0: entered allmulticast mode [ 914.569821][T14182] syzkaller0: mtu greater than device maximum [ 914.617147][T14181] tipc: Resetting bearer [ 914.865720][T14168] netlink: 'syz.4.2067': attribute type 16 has an invalid length. [ 914.893204][T14168] netlink: 'syz.4.2067': attribute type 1 has an invalid length. [ 914.968629][T14168] netlink: 'syz.4.2067': attribute type 2 has an invalid length. [ 915.325532][T14181] tipc: Disabling bearer [ 915.636372][T14189] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2073'. [ 915.983142][ T5925] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 916.045642][T14192] FAULT_INJECTION: forcing a failure. [ 916.045642][T14192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 916.097026][T14192] CPU: 0 UID: 0 PID: 14192 Comm: syz.3.2074 Not tainted syzkaller #0 PREEMPT(full) [ 916.097057][T14192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 916.097075][T14192] Call Trace: [ 916.097084][T14192] [ 916.097094][T14192] dump_stack_lvl+0x189/0x250 [ 916.097127][T14192] ? __pfx____ratelimit+0x10/0x10 [ 916.097159][T14192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 916.097184][T14192] ? __pfx__printk+0x10/0x10 [ 916.097214][T14192] ? __might_fault+0xb0/0x130 [ 916.097262][T14192] should_fail_ex+0x414/0x560 [ 916.097298][T14192] _copy_from_iter+0x1de/0x1790 [ 916.097328][T14192] ? rcu_is_watching+0x15/0xb0 [ 916.097352][T14192] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 916.097384][T14192] ? __pfx__copy_from_iter+0x10/0x10 [ 916.097407][T14192] ? __build_skb_around+0x257/0x3e0 [ 916.097445][T14192] ? netlink_sendmsg+0x642/0xb30 [ 916.097477][T14192] ? skb_put+0x11b/0x210 [ 916.097500][T14192] netlink_sendmsg+0x6b2/0xb30 [ 916.097543][T14192] ? __pfx_netlink_sendmsg+0x10/0x10 [ 916.097577][T14192] ? __import_iovec+0x5d4/0x7f0 [ 916.097600][T14192] ? aa_sock_msg_perm+0xf1/0x1d0 [ 916.097623][T14192] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 916.097646][T14192] ? __pfx_netlink_sendmsg+0x10/0x10 [ 916.097677][T14192] __sock_sendmsg+0x21c/0x270 [ 916.097703][T14192] ____sys_sendmsg+0x505/0x830 [ 916.097726][T14192] ? __pfx_____sys_sendmsg+0x10/0x10 [ 916.097757][T14192] ___sys_sendmsg+0x21f/0x2a0 [ 916.097776][T14192] ? __pfx____sys_sendmsg+0x10/0x10 [ 916.097823][T14192] ? __fget_files+0x2a/0x420 [ 916.097848][T14192] ? __fget_files+0x3a0/0x420 [ 916.097881][T14192] __sys_sendmsg+0x164/0x220 [ 916.097901][T14192] ? __pfx___sys_sendmsg+0x10/0x10 [ 916.097931][T14192] ? lockdep_hardirqs_on+0x9c/0x150 [ 916.097958][T14192] __do_fast_syscall_32+0xb6/0x2b0 [ 916.097986][T14192] ? lockdep_hardirqs_on+0x9c/0x150 [ 916.098013][T14192] do_fast_syscall_32+0x34/0x80 [ 916.098039][T14192] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 916.098060][T14192] RIP: 0023:0xf7f45539 [ 916.098074][T14192] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 916.098089][T14192] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 916.098107][T14192] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 916.098120][T14192] RDX: 00000000200000d4 RSI: 0000000000000000 RDI: 0000000000000000 [ 916.098130][T14192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 916.098139][T14192] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 916.098150][T14192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 916.098173][T14192] [ 916.368454][ C0] vkms_vblank_simulate: vblank timer overrun [ 916.474554][ C0] vkms_vblank_simulate: vblank timer overrun [ 916.523457][T14204] fuse: Unknown parameter 'g' [ 916.541952][ T5925] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 916.551747][ T5925] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 916.561706][ T5925] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 916.578889][ T5925] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 916.588132][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.596270][ T5925] usb 3-1: Product: syz [ 916.600486][ T5925] usb 3-1: Manufacturer: syz [ 916.605166][ T5925] usb 3-1: SerialNumber: syz [ 916.950364][ T5925] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 88 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 916.978378][T14189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 917.066637][T14189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 917.080862][ T5925] usb 3-1: USB disconnect, device number 88 [ 917.120238][ T5925] usblp0: removed [ 917.492615][T14215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2081'. [ 917.672801][T14218] FAULT_INJECTION: forcing a failure. [ 917.672801][T14218] name failslab, interval 1, probability 0, space 0, times 0 [ 917.755944][ T5976] usb 5-1: USB disconnect, device number 68 [ 917.764811][T14218] CPU: 1 UID: 0 PID: 14218 Comm: syz.4.2082 Not tainted syzkaller #0 PREEMPT(full) [ 917.764841][T14218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 917.764855][T14218] Call Trace: [ 917.764864][T14218] [ 917.764875][T14218] dump_stack_lvl+0x189/0x250 [ 917.764908][T14218] ? __pfx____ratelimit+0x10/0x10 [ 917.764941][T14218] ? __pfx_dump_stack_lvl+0x10/0x10 [ 917.764968][T14218] ? __pfx__printk+0x10/0x10 [ 917.765006][T14218] ? __pfx___might_resched+0x10/0x10 [ 917.765028][T14218] ? fs_reclaim_acquire+0x7d/0x100 [ 917.765069][T14218] should_fail_ex+0x414/0x560 [ 917.765114][T14218] should_failslab+0xa8/0x100 [ 917.765148][T14218] kmem_cache_alloc_bulk_noprof+0x77/0x790 [ 917.765185][T14218] ? rcu_is_watching+0x15/0xb0 [ 917.765208][T14218] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 917.765235][T14218] ? kmem_cache_alloc_noprof+0x21a/0x3c0 [ 917.765264][T14218] ? mas_alloc_nodes+0x2e9/0x8e0 [ 917.765301][T14218] mas_alloc_nodes+0x447/0x8e0 [ 917.765343][T14218] mas_preallocate+0x3ad/0x6f0 [ 917.765372][T14218] ? __lock_acquire+0xab9/0xd20 [ 917.765409][T14218] ? __pfx_mas_preallocate+0x10/0x10 [ 917.765452][T14218] ? __mas_set_range+0x12f/0x3c0 [ 917.765486][T14218] vma_link+0x102/0x450 [ 917.765514][T14218] ? __pfx_vma_link+0x10/0x10 [ 917.765547][T14218] ? anon_vma_clone+0x494/0x4f0 [ 917.765591][T14218] copy_vma+0x70c/0x940 [ 917.765626][T14218] ? __pfx_copy_vma+0x10/0x10 [ 917.765649][T14218] ? get_page_from_freelist+0x21e4/0x22c0 [ 917.765682][T14218] ? __vma_enter_locked+0x1f4/0x380 [ 917.765743][T14218] move_vma+0x81f/0x1840 [ 917.765766][T14218] ? __lock_acquire+0xab9/0xd20 [ 917.765819][T14218] ? arch_get_unmapped_area_topdown+0x251/0xbc0 [ 917.765850][T14218] ? __pfx_move_vma+0x10/0x10 [ 917.765882][T14218] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 917.765922][T14218] ? cap_mmap_addr+0xb0/0x100 [ 917.765953][T14218] ? bpf_lsm_mmap_addr+0x9/0x20 [ 917.765980][T14218] ? security_mmap_addr+0x71/0x270 [ 917.766020][T14218] mremap_to+0x6d6/0x7a0 [ 917.766055][T14218] ? __pfx_mremap_to+0x10/0x10 [ 917.766086][T14218] ? check_prep_vma+0x724/0xb00 [ 917.766142][T14218] __se_sys_mremap+0xad2/0xfc0 [ 917.766196][T14218] ? __pfx___se_sys_mremap+0x10/0x10 [ 917.766230][T14218] ? fput+0xa0/0xd0 [ 917.766253][T14218] ? ksys_write+0x22a/0x250 [ 917.766291][T14218] ? lockdep_hardirqs_on+0x9c/0x150 [ 917.766319][T14218] ? __ia32_sys_mremap+0x20/0xc0 [ 917.766345][T14218] __do_fast_syscall_32+0xb6/0x2b0 [ 917.766380][T14218] ? lockdep_hardirqs_on+0x9c/0x150 [ 917.766416][T14218] do_fast_syscall_32+0x34/0x80 [ 917.766450][T14218] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 917.766478][T14218] RIP: 0023:0xf7fd7539 [ 917.766498][T14218] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 917.766519][T14218] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 00000000000000a3 [ 917.766542][T14218] RAX: ffffffffffffffda RBX: 0000000080fec000 RCX: 0000000000004000 [ 917.766558][T14218] RDX: 0000000000004000 RSI: 0000000000000003 RDI: 0000000080ffb000 [ 917.766573][T14218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 917.766586][T14218] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 917.766600][T14218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 917.766631][T14218] [ 918.339905][ T6509] udevd[6509]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 921.409614][T14255] delete_channel: no stack [ 922.429262][ T5976] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 922.617592][ T5976] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 922.654944][ T5976] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 922.713259][ T9] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 922.763403][ T5976] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 922.789489][ T5976] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 922.801954][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.810945][ T5976] usb 2-1: Product: syz [ 922.816118][ T5976] usb 2-1: Manufacturer: syz [ 922.820795][ T5976] usb 2-1: SerialNumber: syz [ 922.933358][ T5925] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 923.070082][ T9] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 923.079466][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.281428][ T5925] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 923.290883][ T9] usb 3-1: config 0 descriptor?? [ 923.303293][T14262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 923.314577][ T5976] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 78 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 923.332215][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.372799][T14262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 923.388313][ T5925] usb 1-1: config 0 descriptor?? [ 924.784911][ T5932] usb 2-1: USB disconnect, device number 78 [ 924.811501][ T5932] usblp0: removed [ 925.364326][T14280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2098'. [ 925.463948][ T9] usb 3-1: Cannot read MAC address [ 925.501062][ T9] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 925.570687][ T9] usb 3-1: USB disconnect, device number 89 [ 925.666102][T14283] FAULT_INJECTION: forcing a failure. [ 925.666102][T14283] name failslab, interval 1, probability 0, space 0, times 0 [ 925.678844][T14283] CPU: 1 UID: 0 PID: 14283 Comm: syz.2.2100 Not tainted syzkaller #0 PREEMPT(full) [ 925.678889][T14283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 925.678904][T14283] Call Trace: [ 925.678914][T14283] [ 925.678924][T14283] dump_stack_lvl+0x189/0x250 [ 925.678957][T14283] ? __pfx____ratelimit+0x10/0x10 [ 925.678991][T14283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 925.679018][T14283] ? __pfx__printk+0x10/0x10 [ 925.679067][T14283] should_fail_ex+0x414/0x560 [ 925.679117][T14283] should_failslab+0xa8/0x100 [ 925.679153][T14283] kmem_cache_alloc_noprof+0x73/0x3c0 [ 925.679183][T14283] ? inet_frag_find+0x894/0x1e70 [ 925.679217][T14283] inet_frag_find+0x894/0x1e70 [ 925.679253][T14283] ? __pfx_ip6frag_obj_cmpfn+0x10/0x10 [ 925.679296][T14283] ? __pfx_inet_frag_find+0x10/0x10 [ 925.679333][T14283] ? nf_frag_pernet+0x23/0x240 [ 925.679372][T14283] nf_ct_frag6_gather+0x86d/0x2010 [ 925.679412][T14283] ? nf_ct_frag6_gather+0x661/0x2010 [ 925.679456][T14283] ? __pfx_nf_ct_frag6_gather+0x10/0x10 [ 925.679498][T14283] ? __lock_acquire+0xab9/0xd20 [ 925.679539][T14283] ? NF_HOOK+0x9a/0x3a0 [ 925.679574][T14283] ipv6_defrag+0x2a9/0x3b0 [ 925.679603][T14283] ? __pfx_ipv6_defrag+0x10/0x10 [ 925.679635][T14283] nf_hook_slow+0xc5/0x220 [ 925.679664][T14283] NF_HOOK+0x206/0x3a0 [ 925.679693][T14283] ? skb_orphan+0x4f/0xd0 [ 925.679726][T14283] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 925.679757][T14283] ? NF_HOOK+0x9a/0x3a0 [ 925.679787][T14283] ? __pfx_NF_HOOK+0x10/0x10 [ 925.679821][T14283] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 925.679864][T14283] __netif_receive_skb+0xd3/0x380 [ 925.679904][T14283] ? netif_receive_skb+0x115/0x790 [ 925.679934][T14283] netif_receive_skb+0x1cb/0x790 [ 925.679962][T14283] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 925.679987][T14283] ? __pfx_netif_receive_skb+0x10/0x10 [ 925.680024][T14283] ? tun_rx_batched+0x160/0x730 [ 925.680051][T14283] tun_rx_batched+0x1b9/0x730 [ 925.680073][T14283] ? __lock_acquire+0xab9/0xd20 [ 925.680118][T14283] ? __pfx_tun_rx_batched+0x10/0x10 [ 925.680145][T14283] ? tun_get_user+0x266c/0x3e20 [ 925.680184][T14283] tun_get_user+0x2aa2/0x3e20 [ 925.680216][T14283] ? tun_get_user+0x6f6/0x3e20 [ 925.680240][T14283] ? tun_get_user+0x266c/0x3e20 [ 925.680267][T14283] ? aa_file_perm+0x44d/0x1550 [ 925.680291][T14283] ? __pfx_tun_get_user+0x10/0x10 [ 925.680328][T14283] ? __lock_acquire+0xab9/0xd20 [ 925.680368][T14283] ? ref_tracker_alloc+0x318/0x460 [ 925.680399][T14283] ? __lock_acquire+0xab9/0xd20 [ 925.680434][T14283] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 925.680474][T14283] ? tun_get+0x1c/0x2f0 [ 925.680502][T14283] ? tun_get+0x1c/0x2f0 [ 925.680527][T14283] ? tun_get+0x1c/0x2f0 [ 925.680554][T14283] tun_chr_write_iter+0x113/0x200 [ 925.680580][T14283] vfs_write+0x5c9/0xb30 [ 925.680617][T14283] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 925.680640][T14283] ? __pfx_vfs_write+0x10/0x10 [ 925.680682][T14283] ? __fget_files+0x2a/0x420 [ 925.680727][T14283] ksys_write+0x145/0x250 [ 925.680760][T14283] ? __pfx_ksys_write+0x10/0x10 [ 925.680795][T14283] ? lockdep_hardirqs_on+0x9c/0x150 [ 925.680832][T14283] __do_fast_syscall_32+0xb6/0x2b0 [ 925.680867][T14283] ? lockdep_hardirqs_on+0x9c/0x150 [ 925.680904][T14283] do_fast_syscall_32+0x34/0x80 [ 925.680939][T14283] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 925.680967][T14283] RIP: 0023:0xf7f71539 [ 925.680986][T14283] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 925.681007][T14283] RSP: 002b:00000000f5496520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 925.681029][T14283] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000180 [ 925.681045][T14283] RDX: 000000000000003e RSI: 00000000f7404ff4 RDI: 0000000000000000 [ 925.681059][T14283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 925.681072][T14283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 925.681085][T14283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 925.681123][T14283] [ 926.521130][ T5925] usb 1-1: Cannot read MAC address [ 926.526544][ T5925] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 926.586360][ T5925] usb 1-1: USB disconnect, device number 70 [ 926.950483][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 926.950503][ T30] audit: type=1326 audit(1755998287.813:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 926.989386][ T30] audit: type=1326 audit(1755998287.843:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.058667][T14301] input: syz1 as /devices/virtual/input/input119 [ 927.087153][ T30] audit: type=1326 audit(1755998287.843:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.109285][ C0] vkms_vblank_simulate: vblank timer overrun [ 927.119681][ T5925] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 927.212775][ T30] audit: type=1326 audit(1755998287.843:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.250555][ T30] audit: type=1326 audit(1755998287.853:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.272702][ C0] vkms_vblank_simulate: vblank timer overrun [ 927.280394][T14303] FAULT_INJECTION: forcing a failure. [ 927.280394][T14303] name failslab, interval 1, probability 0, space 0, times 0 [ 927.293727][T14303] CPU: 0 UID: 0 PID: 14303 Comm: syz.1.2105 Not tainted syzkaller #0 PREEMPT(full) [ 927.293749][T14303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 927.293760][T14303] Call Trace: [ 927.293767][T14303] [ 927.293774][T14303] dump_stack_lvl+0x189/0x250 [ 927.293798][T14303] ? __pfx____ratelimit+0x10/0x10 [ 927.293822][T14303] ? __pfx_dump_stack_lvl+0x10/0x10 [ 927.293841][T14303] ? __pfx__printk+0x10/0x10 [ 927.293868][T14303] ? __pfx___might_resched+0x10/0x10 [ 927.293882][T14303] ? fs_reclaim_acquire+0x7d/0x100 [ 927.293910][T14303] should_fail_ex+0x414/0x560 [ 927.293943][T14303] should_failslab+0xa8/0x100 [ 927.293968][T14303] kmem_cache_alloc_noprof+0x73/0x3c0 [ 927.293989][T14303] ? __pmd_alloc+0xc6/0x3b0 [ 927.294013][T14303] __pmd_alloc+0xc6/0x3b0 [ 927.294037][T14303] __handle_mm_fault+0x9ad/0x5440 [ 927.294083][T14303] ? __pfx___handle_mm_fault+0x10/0x10 [ 927.294118][T14303] ? find_vma+0xe7/0x160 [ 927.294137][T14303] ? __pfx_find_vma+0x10/0x10 [ 927.294158][T14303] handle_mm_fault+0x40a/0x8e0 [ 927.294186][T14303] do_user_addr_fault+0x764/0x1390 [ 927.294222][T14303] exc_page_fault+0x76/0xf0 [ 927.294246][T14303] asm_exc_page_fault+0x26/0x30 [ 927.294260][T14303] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 927.294279][T14303] Code: 09 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 927.294293][T14303] RSP: 0018:ffffc9001a8e7758 EFLAGS: 00050206 [ 927.294307][T14303] RAX: ffffffff84c5c901 RBX: ffff8880270c0040 RCX: 00000000000000c2 [ 927.294318][T14303] RDX: 0000000000000001 RSI: 00000000800002c0 RDI: ffff8880270c0040 [ 927.294328][T14303] RBP: ffffc9001a8e78c8 R08: ffff8880270c0101 R09: 1ffff11004e18020 [ 927.294340][T14303] R10: dffffc0000000000 R11: ffffed1004e18021 R12: 1ffff9200351cfaf [ 927.294352][T14303] R13: 00000000800002c0 R14: ffffc9001a8e7d88 R15: 00000000000000c2 [ 927.294368][T14303] ? _copy_from_iter+0x1b1/0x1790 [ 927.294388][T14303] _copy_from_iter+0x24f/0x1790 [ 927.294405][T14303] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 927.294427][T14303] ? policy_nodemask+0x27c/0x720 [ 927.294448][T14303] ? __pfx__copy_from_iter+0x10/0x10 [ 927.294468][T14303] ? set_page_refcounted+0xa0/0x1e0 [ 927.294489][T14303] ? page_copy_sane+0x4e/0x280 [ 927.294505][T14303] copy_page_from_iter+0xdd/0x170 [ 927.294524][T14303] tun_get_user+0x1d7b/0x3e20 [ 927.294546][T14303] ? tun_get_user+0x6f6/0x3e20 [ 927.294567][T14303] ? aa_file_perm+0x44d/0x1550 [ 927.294582][T14303] ? __pfx_tun_get_user+0x10/0x10 [ 927.294596][T14303] ? _parse_integer_limit+0x1ae/0x1f0 [ 927.294625][T14303] ? __lock_acquire+0xab9/0xd20 [ 927.294652][T14303] ? ref_tracker_alloc+0x318/0x460 [ 927.294672][T14303] ? __lock_acquire+0xab9/0xd20 [ 927.294695][T14303] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 927.294721][T14303] ? tun_get+0x1c/0x2f0 [ 927.294740][T14303] ? tun_get+0x1c/0x2f0 [ 927.294753][T14303] ? tun_get+0x1c/0x2f0 [ 927.294771][T14303] tun_chr_write_iter+0x113/0x200 [ 927.294788][T14303] vfs_write+0x5c9/0xb30 [ 927.294812][T14303] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 927.294827][T14303] ? __pfx_vfs_write+0x10/0x10 [ 927.294855][T14303] ? __fget_files+0x2a/0x420 [ 927.294885][T14303] ksys_write+0x145/0x250 [ 927.294907][T14303] ? __pfx_ksys_write+0x10/0x10 [ 927.294930][T14303] ? lockdep_hardirqs_on+0x9c/0x150 [ 927.294959][T14303] __do_fast_syscall_32+0xb6/0x2b0 [ 927.294983][T14303] ? lockdep_hardirqs_on+0x9c/0x150 [ 927.295007][T14303] do_fast_syscall_32+0x34/0x80 [ 927.295049][T14303] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 927.295067][T14303] RIP: 0023:0xf709e539 [ 927.295081][T14303] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 927.295094][T14303] RSP: 002b:00000000f548e520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 927.295109][T14303] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800002c0 [ 927.295119][T14303] RDX: 00000000000000c2 RSI: 00000000f7404ff4 RDI: 0000000000000000 [ 927.295129][T14303] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 927.295138][T14303] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 927.295147][T14303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 927.295168][T14303] [ 927.296973][ T30] audit: type=1326 audit(1755998287.853:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.769740][ T30] audit: type=1326 audit(1755998287.853:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.793185][ T5925] usb 3-1: Using ep0 maxpacket: 32 [ 927.828309][ T5925] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 219 [ 927.902520][ T30] audit: type=1326 audit(1755998287.853:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 927.965211][ T5925] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 927.974406][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 927.982653][ T5925] usb 3-1: Product: syz [ 927.987060][ T5925] usb 3-1: Manufacturer: syz [ 927.992892][ T5925] usb 3-1: SerialNumber: syz [ 928.002736][ T5925] usb 3-1: config 0 descriptor?? [ 928.010503][ T30] audit: type=1326 audit(1755998287.923:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 928.011096][T14298] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 928.041088][ T30] audit: type=1326 audit(1755998287.923:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14293 comm="syz.3.2103" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 928.123886][ T44] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 928.295120][ T5925] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 928.635323][ T44] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 929.005764][ T44] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 929.015793][ T44] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 929.045223][ T44] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 929.055750][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.082132][ T44] usb 1-1: Product: syz [ 929.092551][ T44] usb 1-1: Manufacturer: syz [ 929.244355][ T5925] usb 3-1: USB disconnect, device number 90 [ 929.293267][ T44] usb 1-1: SerialNumber: syz [ 929.527023][ T6254] udevd[6254]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 929.587532][T14310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 929.598249][T14310] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 929.621263][ T44] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 71 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 930.153179][ T5925] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 930.313748][ T5976] usb 1-1: USB disconnect, device number 71 [ 930.357792][ T5976] usblp0: removed [ 930.599362][ T5925] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 930.643293][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 930.665345][ T5925] usb 3-1: config 0 descriptor?? [ 931.495125][T14343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2117'. [ 934.265813][T14361] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 934.315867][ T5976] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 934.341857][ T5925] usb 3-1: Cannot read MAC address [ 934.347754][ T5925] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 934.420737][ T5925] usb 3-1: USB disconnect, device number 91 [ 934.493649][ T5976] usb 2-1: Using ep0 maxpacket: 16 [ 934.504270][ T5976] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 934.522941][ T5976] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 934.570468][ T5976] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 934.602657][ T5976] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 934.612548][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 934.628368][ T5976] usb 2-1: Product: syz [ 934.637852][ T5976] usb 2-1: Manufacturer: syz [ 934.651046][ T5976] usb 2-1: SerialNumber: syz [ 934.848101][T14372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2123'. [ 935.078275][ T5976] usb 2-1: 0:2 : does not exist [ 935.087653][ T5976] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 935.172222][ T5976] usb 2-1: USB disconnect, device number 79 [ 935.251317][ T6509] udevd[6509]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 935.769372][T14382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2126'. [ 936.106360][T14385] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 936.393223][ T44] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 936.826865][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.835358][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.845677][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 936.906551][ T44] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 936.962069][ T44] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 937.703522][ T44] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 937.712595][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.787471][ T44] usb 5-1: Product: syz [ 937.838349][ T44] usb 5-1: Manufacturer: syz [ 937.886154][ T44] usb 5-1: SerialNumber: syz [ 938.176748][ T5932] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 938.196136][T14390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 938.216288][ T44] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 69 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 938.254064][T14390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 938.526962][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 938.550492][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 938.563640][ T5932] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 938.596463][ T5932] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 938.604662][ T5932] usb 4-1: can't read configurations, error -61 [ 938.743264][ T5932] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 938.813435][ T5976] usb 5-1: USB disconnect, device number 69 [ 938.872319][ T5976] usblp0: removed [ 938.943137][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 938.955294][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 938.963387][ T5932] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 938.999302][ T5932] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 939.010244][ T5932] usb 4-1: can't read configurations, error -61 [ 939.023338][ T5932] usb usb4-port1: attempt power cycle [ 939.423227][ T5932] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 939.456383][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 939.467607][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 939.478967][ T5932] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 939.490776][ T5932] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 939.509611][ T5932] usb 4-1: can't read configurations, error -61 [ 939.643200][ T5932] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 939.662163][T14417] sctp: [Deprecated]: syz.0.2133 (pid 14417) Use of struct sctp_assoc_value in delayed_ack socket option. [ 939.662163][T14417] Use struct sctp_sack_info instead [ 939.684465][ T5932] usb 4-1: Using ep0 maxpacket: 8 [ 939.696187][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 939.728878][ T5932] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 939.751199][ T5932] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 939.778241][ T5932] usb 4-1: can't read configurations, error -61 [ 939.786942][ T5932] usb usb4-port1: unable to enumerate USB device [ 940.360139][T14430] netlink: 'syz.2.2137': attribute type 32 has an invalid length. [ 940.383264][ T5932] usb 2-1: new low-speed USB device number 80 using dummy_hcd [ 940.513267][ T5932] usb 2-1: device descriptor read/64, error -71 [ 940.763330][ T5932] usb 2-1: new low-speed USB device number 81 using dummy_hcd [ 940.893503][ T5932] usb 2-1: device descriptor read/64, error -71 [ 941.006791][ T5932] usb usb2-port1: attempt power cycle [ 941.401236][ T5932] usb 2-1: new low-speed USB device number 82 using dummy_hcd [ 941.446654][ T5932] usb 2-1: device descriptor read/8, error -71 [ 941.583162][ T44] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 941.693138][ T5932] usb 2-1: new low-speed USB device number 83 using dummy_hcd [ 941.714580][ T5932] usb 2-1: device descriptor read/8, error -71 [ 941.740201][ T44] usb 3-1: config 0 has no interfaces? [ 941.758207][ T44] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 941.774254][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 941.793182][ T44] usb 3-1: Product: syz [ 941.800458][ T44] usb 3-1: Manufacturer: syz [ 941.805488][ T44] usb 3-1: SerialNumber: syz [ 941.831372][ T44] usb 3-1: config 0 descriptor?? [ 941.837025][ T5932] usb usb2-port1: unable to enumerate USB device [ 942.308991][T14442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2141'. [ 942.544034][T14447] tipc: Enabled bearer , priority 0 [ 942.582653][T14447] syzkaller0: entered promiscuous mode [ 942.608765][T14447] syzkaller0: entered allmulticast mode [ 942.723985][T14446] tipc: Resetting bearer [ 942.891306][T14446] tipc: Disabling bearer [ 943.056845][T14452] FAULT_INJECTION: forcing a failure. [ 943.056845][T14452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.077532][T14452] CPU: 0 UID: 0 PID: 14452 Comm: syz.1.2145 Not tainted syzkaller #0 PREEMPT(full) [ 943.077563][T14452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 943.077575][T14452] Call Trace: [ 943.077583][T14452] [ 943.077591][T14452] dump_stack_lvl+0x189/0x250 [ 943.077618][T14452] ? __pfx____ratelimit+0x10/0x10 [ 943.077644][T14452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 943.077665][T14452] ? __pfx__printk+0x10/0x10 [ 943.077692][T14452] ? __might_fault+0xb0/0x130 [ 943.077725][T14452] should_fail_ex+0x414/0x560 [ 943.077753][T14452] _copy_from_iter+0x1de/0x1790 [ 943.077777][T14452] ? rcu_is_watching+0x15/0xb0 [ 943.077796][T14452] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 943.077822][T14452] ? __pfx__copy_from_iter+0x10/0x10 [ 943.077841][T14452] ? __build_skb_around+0x257/0x3e0 [ 943.077872][T14452] ? netlink_sendmsg+0x642/0xb30 [ 943.077897][T14452] ? skb_put+0x11b/0x210 [ 943.077916][T14452] netlink_sendmsg+0x6b2/0xb30 [ 943.077951][T14452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.077980][T14452] ? __import_iovec+0x5d4/0x7f0 [ 943.077999][T14452] ? aa_sock_msg_perm+0xf1/0x1d0 [ 943.078017][T14452] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 943.078036][T14452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.078064][T14452] __sock_sendmsg+0x21c/0x270 [ 943.078090][T14452] ____sys_sendmsg+0x505/0x830 [ 943.078114][T14452] ? __pfx_____sys_sendmsg+0x10/0x10 [ 943.078146][T14452] ___sys_sendmsg+0x21f/0x2a0 [ 943.078166][T14452] ? __pfx____sys_sendmsg+0x10/0x10 [ 943.078229][T14452] ? __fget_files+0x2a/0x420 [ 943.078262][T14452] ? __fget_files+0x3a0/0x420 [ 943.078306][T14452] __sys_sendmsg+0x164/0x220 [ 943.078331][T14452] ? __pfx___sys_sendmsg+0x10/0x10 [ 943.078373][T14452] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.078408][T14452] __do_fast_syscall_32+0xb6/0x2b0 [ 943.078450][T14452] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.078486][T14452] do_fast_syscall_32+0x34/0x80 [ 943.078520][T14452] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 943.078547][T14452] RIP: 0023:0xf709e539 [ 943.078566][T14452] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 943.078586][T14452] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 943.078610][T14452] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800010c0 [ 943.078625][T14452] RDX: 0000000022000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 943.078639][T14452] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 943.078652][T14452] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 943.078665][T14452] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 943.078697][T14452] [ 943.349021][ C0] vkms_vblank_simulate: vblank timer overrun [ 943.479465][T14459] FAULT_INJECTION: forcing a failure. [ 943.479465][T14459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.479542][T14460] FAULT_INJECTION: forcing a failure. [ 943.479542][T14460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.503247][T14459] CPU: 0 UID: 0 PID: 14459 Comm: syz.3.2146 Not tainted syzkaller #0 PREEMPT(full) [ 943.503283][T14459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 943.503300][T14459] Call Trace: [ 943.503310][T14459] [ 943.503323][T14459] dump_stack_lvl+0x189/0x250 [ 943.503361][T14459] ? __pfx____ratelimit+0x10/0x10 [ 943.503397][T14459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 943.503427][T14459] ? __pfx__printk+0x10/0x10 [ 943.503463][T14459] ? __might_fault+0xb0/0x130 [ 943.503515][T14459] should_fail_ex+0x414/0x560 [ 943.503556][T14459] _copy_from_iter+0x1de/0x1790 [ 943.503592][T14459] ? rcu_is_watching+0x15/0xb0 [ 943.503620][T14459] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 943.503658][T14459] ? __pfx__copy_from_iter+0x10/0x10 [ 943.503694][T14459] ? __build_skb_around+0x257/0x3e0 [ 943.503738][T14459] ? netlink_sendmsg+0x642/0xb30 [ 943.503774][T14459] ? skb_put+0x11b/0x210 [ 943.503802][T14459] netlink_sendmsg+0x6b2/0xb30 [ 943.503851][T14459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.503892][T14459] ? __import_iovec+0x5d4/0x7f0 [ 943.503918][T14459] ? aa_sock_msg_perm+0xf1/0x1d0 [ 943.503944][T14459] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 943.503972][T14459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.504011][T14459] __sock_sendmsg+0x21c/0x270 [ 943.504049][T14459] ____sys_sendmsg+0x505/0x830 [ 943.504083][T14459] ? __pfx_____sys_sendmsg+0x10/0x10 [ 943.504129][T14459] ___sys_sendmsg+0x21f/0x2a0 [ 943.504160][T14459] ? __pfx____sys_sendmsg+0x10/0x10 [ 943.504233][T14459] ? __fget_files+0x2a/0x420 [ 943.504271][T14459] ? __fget_files+0x3a0/0x420 [ 943.504320][T14459] __sys_sendmsg+0x164/0x220 [ 943.504349][T14459] ? __pfx___sys_sendmsg+0x10/0x10 [ 943.504395][T14459] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.504434][T14459] __do_fast_syscall_32+0xb6/0x2b0 [ 943.504472][T14459] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.504511][T14459] do_fast_syscall_32+0x34/0x80 [ 943.504551][T14459] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 943.504581][T14459] RIP: 0023:0xf7f45539 [ 943.504602][T14459] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 943.504624][T14459] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 943.504650][T14459] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000ac0 [ 943.504667][T14459] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 943.504702][T14459] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 943.504718][T14459] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 943.504733][T14459] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 943.504765][T14459] [ 943.852241][T14460] CPU: 0 UID: 0 PID: 14460 Comm: syz.0.2148 Not tainted syzkaller #0 PREEMPT(full) [ 943.852265][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 943.852275][T14460] Call Trace: [ 943.852282][T14460] [ 943.852289][T14460] dump_stack_lvl+0x189/0x250 [ 943.852313][T14460] ? __pfx____ratelimit+0x10/0x10 [ 943.852336][T14460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 943.852356][T14460] ? __pfx__printk+0x10/0x10 [ 943.852378][T14460] ? __might_fault+0xb0/0x130 [ 943.852408][T14460] should_fail_ex+0x414/0x560 [ 943.852433][T14460] _copy_from_iter+0x1de/0x1790 [ 943.852454][T14460] ? rcu_is_watching+0x15/0xb0 [ 943.852472][T14460] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 943.852495][T14460] ? __pfx__copy_from_iter+0x10/0x10 [ 943.852512][T14460] ? __build_skb_around+0x257/0x3e0 [ 943.852539][T14460] ? netlink_sendmsg+0x642/0xb30 [ 943.852562][T14460] ? skb_put+0x11b/0x210 [ 943.852579][T14460] netlink_sendmsg+0x6b2/0xb30 [ 943.852610][T14460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.852637][T14460] ? __import_iovec+0x5d4/0x7f0 [ 943.852658][T14460] ? aa_sock_msg_perm+0xf1/0x1d0 [ 943.852674][T14460] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 943.852691][T14460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 943.852716][T14460] __sock_sendmsg+0x21c/0x270 [ 943.852740][T14460] ____sys_sendmsg+0x505/0x830 [ 943.852761][T14460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 943.852790][T14460] ___sys_sendmsg+0x21f/0x2a0 [ 943.852808][T14460] ? __pfx____sys_sendmsg+0x10/0x10 [ 943.852851][T14460] ? __fget_files+0x2a/0x420 [ 943.852875][T14460] ? __fget_files+0x3a0/0x420 [ 943.852906][T14460] __sys_sendmsg+0x164/0x220 [ 943.852924][T14460] ? __pfx___sys_sendmsg+0x10/0x10 [ 943.852952][T14460] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.852977][T14460] __do_fast_syscall_32+0xb6/0x2b0 [ 943.853012][T14460] ? lockdep_hardirqs_on+0x9c/0x150 [ 943.853046][T14460] do_fast_syscall_32+0x34/0x80 [ 943.853078][T14460] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 943.853105][T14460] RIP: 0023:0xf70ee539 [ 943.853124][T14460] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 943.853143][T14460] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 943.853167][T14460] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 943.853183][T14460] RDX: 0000000000004820 RSI: 0000000000000000 RDI: 0000000000000000 [ 943.853196][T14460] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 943.853210][T14460] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 943.853224][T14460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 943.853255][T14460] [ 944.118422][ C0] vkms_vblank_simulate: vblank timer overrun [ 944.527658][ T5932] usb 3-1: USB disconnect, device number 92 [ 944.555046][T14473] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 944.955113][ T5976] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 945.128490][ T5976] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 945.147360][ T5976] usb 5-1: config 0 has no interface number 0 [ 945.151173][T14482] FAULT_INJECTION: forcing a failure. [ 945.151173][T14482] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 945.263192][T14482] CPU: 1 UID: 0 PID: 14482 Comm: syz.3.2155 Not tainted syzkaller #0 PREEMPT(full) [ 945.263223][T14482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 945.263238][T14482] Call Trace: [ 945.263247][T14482] [ 945.263258][T14482] dump_stack_lvl+0x189/0x250 [ 945.263291][T14482] ? __pfx____ratelimit+0x10/0x10 [ 945.263322][T14482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 945.263348][T14482] ? __pfx__printk+0x10/0x10 [ 945.263381][T14482] ? fs_reclaim_acquire+0x7d/0x100 [ 945.263432][T14482] should_fail_ex+0x414/0x560 [ 945.263468][T14482] prepare_alloc_pages+0x213/0x610 [ 945.263499][T14482] __alloc_frozen_pages_noprof+0x123/0x370 [ 945.263527][T14482] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 945.263570][T14482] alloc_pages_mpol+0x232/0x4a0 [ 945.263610][T14482] alloc_pages_noprof+0xa9/0x190 [ 945.263646][T14482] get_free_pages_noprof+0xf/0x80 [ 945.263669][T14482] bm_entry_read+0x7e/0x6b0 [ 945.263703][T14482] ? rw_verify_area+0x2a6/0x4d0 [ 945.263738][T14482] vfs_readv+0x5aa/0x850 [ 945.263761][T14482] ? __pfx_bm_entry_read+0x10/0x10 [ 945.263798][T14482] ? __pfx_vfs_readv+0x10/0x10 [ 945.263837][T14482] ? __fget_files+0x2a/0x420 [ 945.263877][T14482] ? __fget_files+0x3a0/0x420 [ 945.263910][T14482] ? __fget_files+0x2a/0x420 [ 945.263954][T14482] __ia32_compat_sys_preadv2+0x227/0x320 [ 945.263993][T14482] ? __pfx___ia32_compat_sys_preadv2+0x10/0x10 [ 945.264035][T14482] ? lockdep_hardirqs_on+0x9c/0x150 [ 945.264070][T14482] __do_fast_syscall_32+0xb6/0x2b0 [ 945.264103][T14482] ? lockdep_hardirqs_on+0x9c/0x150 [ 945.264138][T14482] do_fast_syscall_32+0x34/0x80 [ 945.264173][T14482] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 945.264201][T14482] RIP: 0023:0xf7f45539 [ 945.264224][T14482] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 945.264243][T14482] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 000000000000017a [ 945.264267][T14482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540 [ 945.264283][T14482] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000000 [ 945.264297][T14482] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 945.264310][T14482] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 945.264324][T14482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 945.264356][T14482] [ 945.277159][ T5976] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 945.543191][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.553135][ T5976] usb 5-1: Product: syz [ 945.557450][ T5976] usb 5-1: Manufacturer: syz [ 945.562043][ T5976] usb 5-1: SerialNumber: syz [ 945.599140][ T5976] usb 5-1: config 0 descriptor?? [ 945.796738][T14492] IPVS: set_ctl: invalid protocol: 103 172.30.0.3:20003 [ 945.806226][T14492] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 945.841951][ T5976] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 945.888940][ T5976] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 946.000642][ T5976] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 946.080654][ T5976] usb 5-1: media controller created [ 946.173288][ T5932] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 946.197290][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 946.339858][ T5932] usb 3-1: Using ep0 maxpacket: 32 [ 946.362757][ T5932] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 946.371139][ T5932] usb 3-1: config 0 has no interface number 0 [ 946.383414][ T5932] usb 3-1: config 0 interface 20 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 946.412164][ T5932] usb 3-1: config 0 interface 20 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 946.463623][ T5976] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 946.522877][ T5976] usb 5-1: USB disconnect, device number 70 [ 946.579360][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 946.579382][ T30] audit: type=1326 audit(1755998307.433:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 946.624818][ T5932] usb 3-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00 [ 946.668102][ T30] audit: type=1326 audit(1755998307.433:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 946.752413][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 946.785416][ T30] audit: type=1326 audit(1755998307.483:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=316 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 946.829569][ T5932] usb 3-1: Product: syz [ 946.851558][ T5932] usb 3-1: Manufacturer: syz [ 946.856515][ T30] audit: type=1326 audit(1755998307.483:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 946.873632][ T5932] usb 3-1: SerialNumber: syz [ 946.968659][ T30] audit: type=1326 audit(1755998307.483:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 947.061936][ T5932] usb 3-1: config 0 descriptor?? [ 947.107555][ T30] audit: type=1326 audit(1755998307.513:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 947.153507][T14492] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 947.175659][T14492] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 947.186202][ T5932] ums-sddr09 3-1:0.20: USB Mass Storage device detected [ 947.472541][ T30] audit: type=1326 audit(1755998307.513:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 947.502896][ T5932] ums-sddr09 3-1:0.20: probe with driver ums-sddr09 failed with error -22 [ 947.602314][ T30] audit: type=1326 audit(1755998307.513:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 947.873719][ T30] audit: type=1326 audit(1755998307.513:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 947.953937][ T30] audit: type=1326 audit(1755998307.513:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.3.2158" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x7ffc0000 [ 949.204334][ T5976] usb 3-1: USB disconnect, device number 93 [ 952.018976][T14541] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2169'. [ 952.035620][T14541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2169'. [ 952.223267][ T44] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 952.375734][ T44] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 952.409906][ T44] usb 1-1: config 0 has no interface number 0 [ 952.497548][T14552] tipc: Enabled bearer , priority 10 [ 952.503244][ T5932] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 952.538360][ T44] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 952.566833][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 952.653093][ T44] usb 1-1: Product: syz [ 952.664369][ T44] usb 1-1: Manufacturer: syz [ 952.674708][ T44] usb 1-1: SerialNumber: syz [ 952.721071][ T5932] usb 5-1: device descriptor read/64, error -71 [ 952.746098][ T44] usb 1-1: config 0 descriptor?? [ 952.947465][T14562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2174'. [ 952.981690][ T5932] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 952.992022][ T44] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 953.027888][ T44] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 953.039727][ T44] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 953.214322][ T5932] usb 5-1: device descriptor read/64, error -71 [ 953.261497][ T44] usb 1-1: media controller created [ 953.315389][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 953.333898][ T5932] usb usb5-port1: attempt power cycle [ 953.494251][ T5976] tipc: Node number set to 1597220934 [ 953.686669][ T44] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 953.843170][ T5932] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 953.873742][ T5932] usb 5-1: device descriptor read/8, error -71 [ 953.896472][ T44] usb 1-1: USB disconnect, device number 72 [ 954.016502][T14575] input: syz0 as /devices/virtual/input/input122 [ 954.114185][ T5932] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 954.178401][ T5932] usb 5-1: device descriptor read/8, error -71 [ 954.294305][ T5932] usb usb5-port1: unable to enumerate USB device [ 956.374444][ T5863] Bluetooth: hci0: command 0x0406 tx timeout [ 956.380818][ T9855] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 956.421992][ T9855] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 956.625270][T14622] FAULT_INJECTION: forcing a failure. [ 956.625270][T14622] name failslab, interval 1, probability 0, space 0, times 0 [ 956.678645][T14622] CPU: 1 UID: 0 PID: 14622 Comm: syz.4.2190 Not tainted syzkaller #0 PREEMPT(full) [ 956.678678][T14622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 956.678692][T14622] Call Trace: [ 956.678702][T14622] [ 956.678712][T14622] dump_stack_lvl+0x189/0x250 [ 956.678744][T14622] ? __pfx____ratelimit+0x10/0x10 [ 956.678781][T14622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 956.678809][T14622] ? __pfx__printk+0x10/0x10 [ 956.678843][T14622] ? __lock_acquire+0xab9/0xd20 [ 956.678888][T14622] should_fail_ex+0x414/0x560 [ 956.678925][T14622] should_failslab+0xa8/0x100 [ 956.678961][T14622] kmem_cache_alloc_noprof+0x73/0x3c0 [ 956.678991][T14622] ? skb_clone+0x212/0x3a0 [ 956.679022][T14622] skb_clone+0x212/0x3a0 [ 956.679052][T14622] __netlink_deliver_tap+0x404/0x850 [ 956.679100][T14622] ? netlink_deliver_tap+0x2e/0x1b0 [ 956.679136][T14622] netlink_deliver_tap+0x19c/0x1b0 [ 956.679172][T14622] netlink_unicast+0x7fa/0x9e0 [ 956.679211][T14622] ? __pfx_netlink_unicast+0x10/0x10 [ 956.679244][T14622] ? netlink_sendmsg+0x642/0xb30 [ 956.679276][T14622] ? skb_put+0x11b/0x210 [ 956.679302][T14622] netlink_sendmsg+0x805/0xb30 [ 956.679347][T14622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 956.679395][T14622] ? __import_iovec+0x5d4/0x7f0 [ 956.679418][T14622] ? aa_sock_msg_perm+0xf1/0x1d0 [ 956.679442][T14622] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 956.679465][T14622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 956.679500][T14622] __sock_sendmsg+0x21c/0x270 [ 956.679531][T14622] ____sys_sendmsg+0x505/0x830 [ 956.679561][T14622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 956.679603][T14622] ___sys_sendmsg+0x21f/0x2a0 [ 956.679629][T14622] ? __pfx____sys_sendmsg+0x10/0x10 [ 956.679693][T14622] ? __fget_files+0x2a/0x420 [ 956.679727][T14622] ? __fget_files+0x3a0/0x420 [ 956.679772][T14622] __sys_sendmsg+0x164/0x220 [ 956.679799][T14622] ? __pfx___sys_sendmsg+0x10/0x10 [ 956.679840][T14622] ? lockdep_hardirqs_on+0x9c/0x150 [ 956.679877][T14622] __do_fast_syscall_32+0xb6/0x2b0 [ 956.679911][T14622] ? lockdep_hardirqs_on+0x9c/0x150 [ 956.679948][T14622] do_fast_syscall_32+0x34/0x80 [ 956.679982][T14622] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 956.680011][T14622] RIP: 0023:0xf7fd7539 [ 956.680030][T14622] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 956.680071][T14622] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 956.680095][T14622] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 956.680111][T14622] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 956.680125][T14622] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 956.680138][T14622] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 956.680151][T14622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 956.680185][T14622] [ 956.753196][ T5976] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 957.232932][T14634] FAULT_INJECTION: forcing a failure. [ 957.232932][T14634] name failslab, interval 1, probability 0, space 0, times 0 [ 957.253167][ T5976] usb 4-1: Using ep0 maxpacket: 32 [ 957.260318][T14634] CPU: 0 UID: 0 PID: 14634 Comm: syz.4.2193 Not tainted syzkaller #0 PREEMPT(full) [ 957.260341][T14634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 957.260352][T14634] Call Trace: [ 957.260358][T14634] [ 957.260365][T14634] dump_stack_lvl+0x189/0x250 [ 957.260389][T14634] ? __pfx____ratelimit+0x10/0x10 [ 957.260412][T14634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 957.260431][T14634] ? __pfx__printk+0x10/0x10 [ 957.260458][T14634] ? __pfx___might_resched+0x10/0x10 [ 957.260472][T14634] ? fs_reclaim_acquire+0x7d/0x100 [ 957.260500][T14634] should_fail_ex+0x414/0x560 [ 957.260530][T14634] should_failslab+0xa8/0x100 [ 957.260554][T14634] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 957.260576][T14634] ? __d_alloc+0x36/0x7a0 [ 957.260596][T14634] __d_alloc+0x36/0x7a0 [ 957.260616][T14634] d_alloc_pseudo+0x21/0xc0 [ 957.260634][T14634] alloc_file_pseudo+0xcc/0x210 [ 957.260653][T14634] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 957.260680][T14634] anon_inode_getfd+0xca/0x1b0 [ 957.260699][T14634] __se_sys_fsopen+0x21d/0x2b0 [ 957.260719][T14634] __do_fast_syscall_32+0xb6/0x2b0 [ 957.260744][T14634] ? lockdep_hardirqs_on+0x9c/0x150 [ 957.260770][T14634] do_fast_syscall_32+0x34/0x80 [ 957.260794][T14634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 957.260813][T14634] RIP: 0023:0xf7fd7539 [ 957.260827][T14634] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 957.260841][T14634] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 00000000000001ae [ 957.260858][T14634] RAX: ffffffffffffffda RBX: 0000000080001600 RCX: 0000000000000000 [ 957.260869][T14634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 957.260878][T14634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 957.260887][T14634] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 957.260896][T14634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 957.260917][T14634] [ 957.261228][ T5976] usb 4-1: config 2 has an invalid interface number: 1 but max is 0 [ 957.538158][ T5976] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 957.562949][ T5976] usb 4-1: config 2 has 2 interfaces, different from the descriptor's value: 1 [ 957.593149][ T5925] usb 3-1: new low-speed USB device number 94 using dummy_hcd [ 957.603649][ T5976] usb 4-1: New USB device found, idVendor=22b8, idProduct=2d97, bcdDevice=51.64 [ 957.613516][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 957.633920][ T5976] usb 4-1: Product: syz [ 957.638144][ T5976] usb 4-1: Manufacturer: syz [ 957.642766][ T5976] usb 4-1: SerialNumber: syz [ 957.773351][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 957.811379][ T5976] cdc_acm 4-1:2.1: probe with driver cdc_acm failed with error -22 [ 957.845245][ T5976] cdc_acm 4-1:2.0: probe with driver cdc_acm failed with error -22 [ 957.953369][ T5925] usb 3-1: new low-speed USB device number 95 using dummy_hcd [ 958.088094][ T9] usb 4-1: USB disconnect, device number 66 [ 958.143339][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 958.149215][ T5925] usb usb3-port1: attempt power cycle [ 958.389246][ T5976] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 958.400560][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2197'. [ 958.832826][ T9855] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 958.839217][ T9855] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 958.839339][ T5863] Bluetooth: hci2: command 0x0406 tx timeout [ 958.893535][ T5925] usb 3-1: new low-speed USB device number 96 using dummy_hcd [ 958.940936][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 959.393448][ T5976] usb 5-1: config 0 has no interfaces? [ 959.440115][ T5925] usb 3-1: new low-speed USB device number 97 using dummy_hcd [ 959.452442][ T5976] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 959.482888][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 959.493199][ T5976] usb 5-1: Product: syz [ 959.497438][ T5976] usb 5-1: Manufacturer: syz [ 959.510595][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 959.517174][ T5925] usb usb3-port1: unable to enumerate USB device [ 959.554224][ T5976] usb 5-1: SerialNumber: syz [ 959.580552][ T5976] usb 5-1: config 0 descriptor?? [ 960.267160][ T5976] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 960.813183][ T5976] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 960.923154][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 960.953859][T14578] usb 5-1: USB disconnect, device number 75 [ 960.973211][ T5976] usb 4-1: config 0 descriptor?? [ 961.431937][ T5863] Bluetooth: hci3: command 0x0406 tx timeout [ 961.439696][ T9855] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 961.483961][ T9855] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 963.657028][ T5976] usb 4-1: Cannot read MAC address [ 963.662910][ T5976] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 963.791460][ T5976] usb 4-1: USB disconnect, device number 67 [ 963.813527][ T5863] Bluetooth: hci4: command 0x0406 tx timeout [ 963.813836][ T9855] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 963.967379][ T9855] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 966.453179][ T5863] Bluetooth: hci1: command 0x0406 tx timeout [ 966.453333][ T9855] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 966.466294][ T9855] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 966.742199][T14775] syzkaller0: mtu greater than device maximum [ 966.763117][ T9855] usb 2-1: new full-speed USB device number 84 using dummy_hcd [ 966.944807][ T9855] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 966.979133][ T9855] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 966.999959][ T9855] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 967.009886][ T9855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.049985][ T9855] usb 2-1: config 0 descriptor?? [ 967.080463][T14786] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2218'. [ 967.084551][ T9855] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 967.114874][ T9855] dvb-usb: bulk message failed: -22 (3/0) [ 967.148869][ T9855] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 967.177551][ T9855] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 967.652723][ T9855] usb 2-1: media controller created [ 967.680034][ T9855] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 967.727848][ T9855] dvb-usb: bulk message failed: -22 (6/0) [ 967.758904][ T9855] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 967.883266][ T5976] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 967.911373][ T9855] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input123 [ 967.966378][ T9855] dvb-usb: schedule remote query interval to 150 msecs. [ 967.983273][ T9855] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 968.043166][ T9855] usb 2-1: USB disconnect, device number 84 [ 968.225152][T14801] fuse: Bad value for 'group_id' [ 968.245544][ T5976] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 968.261274][ T5976] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 968.263494][T14801] fuse: Bad value for 'group_id' [ 968.273231][ T5976] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 968.296014][ T5976] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 968.326688][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.517759][ T9855] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 968.654072][ T5925] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 968.681391][ T5976] usb 5-1: Product: syz [ 968.702154][ T5976] usb 5-1: Manufacturer: syz [ 968.707054][ T5976] usb 5-1: SerialNumber: syz [ 968.803203][ T5925] usb 4-1: device descriptor read/64, error -71 [ 968.989783][T14804] FAULT_INJECTION: forcing a failure. [ 968.989783][T14804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 969.023935][ T5976] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 76 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 969.074137][T14804] CPU: 0 UID: 0 PID: 14804 Comm: syz.0.2223 Not tainted syzkaller #0 PREEMPT(full) [ 969.074168][T14804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 969.074180][T14804] Call Trace: [ 969.074188][T14804] [ 969.074195][T14804] dump_stack_lvl+0x189/0x250 [ 969.074219][T14804] ? __pfx____ratelimit+0x10/0x10 [ 969.074243][T14804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 969.074263][T14804] ? __pfx__printk+0x10/0x10 [ 969.074294][T14804] should_fail_ex+0x414/0x560 [ 969.074320][T14804] _copy_to_user+0x31/0xb0 [ 969.074341][T14804] simple_read_from_buffer+0xe1/0x170 [ 969.074369][T14804] proc_fail_nth_read+0x1b3/0x220 [ 969.074389][T14804] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 969.074409][T14804] ? rw_verify_area+0x2a6/0x4d0 [ 969.074429][T14804] ? __lock_acquire+0xab9/0xd20 [ 969.074451][T14804] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 969.074470][T14804] vfs_read+0x200/0xa30 [ 969.074490][T14804] ? fdget_pos+0x247/0x320 [ 969.074507][T14804] ? __pfx___mutex_lock+0x10/0x10 [ 969.074531][T14804] ? __pfx_vfs_read+0x10/0x10 [ 969.074554][T14804] ? __fget_files+0x2a/0x420 [ 969.074581][T14804] ? __fget_files+0x3a0/0x420 [ 969.074604][T14804] ? __fget_files+0x2a/0x420 [ 969.074634][T14804] ksys_read+0x145/0x250 [ 969.074656][T14804] ? __pfx_ksys_read+0x10/0x10 [ 969.074680][T14804] ? lockdep_hardirqs_on+0x9c/0x150 [ 969.074706][T14804] __do_fast_syscall_32+0xb6/0x2b0 [ 969.074731][T14804] ? lockdep_hardirqs_on+0x9c/0x150 [ 969.074756][T14804] do_fast_syscall_32+0x34/0x80 [ 969.074781][T14804] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 969.074801][T14804] RIP: 0023:0xf70ee539 [ 969.074814][T14804] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 969.074829][T14804] RSP: 002b:00000000f54de590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 969.074846][T14804] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54de620 [ 969.074857][T14804] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000 [ 969.074867][T14804] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 969.074876][T14804] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 969.074885][T14804] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 969.074907][T14804] [ 969.312219][ T5925] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 969.453122][ T5925] usb 4-1: device descriptor read/64, error -71 [ 969.486513][ T9855] usb 5-1: USB disconnect, device number 76 [ 969.573562][ T5925] usb usb4-port1: attempt power cycle [ 969.579867][ T9855] usblp0: removed [ 970.249083][ T5925] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 970.310103][ T5925] usb 4-1: device descriptor read/8, error -71 [ 970.553281][ T5925] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 970.623933][ T5925] usb 4-1: device descriptor read/8, error -71 [ 970.753770][ T5925] usb usb4-port1: unable to enumerate USB device [ 970.913240][T14578] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 971.080358][T14578] usb 1-1: config 0 has no interfaces? [ 971.097654][T14578] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 971.128087][T14578] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 971.139908][T14578] usb 1-1: Product: syz [ 971.146284][T14578] usb 1-1: Manufacturer: syz [ 971.162636][T14578] usb 1-1: SerialNumber: syz [ 971.190407][T14578] usb 1-1: config 0 descriptor?? [ 971.553119][T14578] usb 5-1: new full-speed USB device number 77 using dummy_hcd [ 971.682878][T14845] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2235'. [ 971.725799][T14578] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 971.736291][T14578] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 971.746549][T14578] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 971.756311][T14578] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 971.772328][T14578] usb 5-1: config 0 descriptor?? [ 972.204036][T14578] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 972.417897][T14578] dvb-usb: bulk message failed: -22 (3/0) [ 972.440699][T14833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 972.465127][T14578] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 972.543692][T14833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 972.655803][T14578] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 972.713490][T14578] usb 5-1: media controller created [ 972.745571][T14578] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 972.768297][T14855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2238'. [ 972.840220][T14857] dibusb: i2c wr: len=61 is too big! [ 972.840220][T14857] [ 972.892967][T14578] dvb-usb: bulk message failed: -22 (6/0) [ 972.900392][T14578] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 972.964078][T14578] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input124 [ 973.025144][T14578] dvb-usb: schedule remote query interval to 150 msecs. [ 973.070729][T14578] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 973.205363][T14578] usb 5-1: USB disconnect, device number 77 [ 973.229944][ T9855] dvb-usb: bulk message failed: -22 (1/0) [ 973.236425][ T9855] dvb-usb: error while querying for an remote control event. [ 973.473840][T14578] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 973.729071][ T5976] usb 1-1: USB disconnect, device number 73 [ 974.010890][T14864] tipc: Enabled bearer , priority 0 [ 974.021508][T14864] syzkaller0: entered promiscuous mode [ 974.033656][T14864] syzkaller0: entered allmulticast mode [ 974.323316][ T5925] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 974.502505][ T5925] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 974.521295][ T5925] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 974.534307][ T5925] usb 1-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 974.660791][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.682945][T14864] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 974.696965][ T5925] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 974.971548][T14864] netlink: 'syz.0.2240': attribute type 1 has an invalid length. [ 975.123274][T14578] tipc: Node number set to 3070649810 [ 975.181931][T14883] tipc: Enabling of bearer rejected, failed to enable media [ 975.392392][T14864] tipc: Resetting bearer [ 975.716171][ T5976] usb 1-1: USB disconnect, device number 74 [ 975.742734][T14862] tipc: Resetting bearer [ 975.810742][T14887] binder: 14886:14887 ioctl c0306201 800003c0 returned -14 [ 975.832424][T14862] tipc: Disabling bearer [ 976.654098][T14904] random: crng reseeded on system resumption [ 976.932666][T14910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2255'. [ 977.636435][T14919] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2257'. [ 978.856137][T14935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2260'. [ 979.973415][T14578] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 980.401514][T14578] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 980.413209][T14578] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 980.426976][T14578] usb 3-1: config 0 descriptor?? [ 981.310208][T14957] FAULT_INJECTION: forcing a failure. [ 981.310208][T14957] name failslab, interval 1, probability 0, space 0, times 0 [ 981.377855][T14957] CPU: 1 UID: 0 PID: 14957 Comm: syz.3.2265 Not tainted syzkaller #0 PREEMPT(full) [ 981.377879][T14957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 981.377890][T14957] Call Trace: [ 981.377901][T14957] [ 981.377910][T14957] dump_stack_lvl+0x189/0x250 [ 981.377939][T14957] ? __pfx____ratelimit+0x10/0x10 [ 981.377973][T14957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 981.378001][T14957] ? __pfx__printk+0x10/0x10 [ 981.378039][T14957] ? __pfx___might_resched+0x10/0x10 [ 981.378059][T14957] ? fs_reclaim_acquire+0x7d/0x100 [ 981.378096][T14957] should_fail_ex+0x414/0x560 [ 981.378121][T14957] should_failslab+0xa8/0x100 [ 981.378146][T14957] __kmalloc_noprof+0xcb/0x4f0 [ 981.378167][T14957] ? kfree+0x4d/0x440 [ 981.378184][T14957] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 981.378205][T14957] tomoyo_realpath_from_path+0xe3/0x5d0 [ 981.378232][T14957] tomoyo_check_open_permission+0x1c1/0x3b0 [ 981.378255][T14957] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 981.378278][T14957] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 981.378299][T14957] ? seqcount_lockdep_reader_access+0x122/0x1c0 [ 981.378339][T14957] ? lockref_get+0x15/0x60 [ 981.378359][T14957] ? tomoyo_file_open+0x165/0x220 [ 981.378380][T14957] security_file_open+0xb1/0x270 [ 981.378402][T14957] do_dentry_open+0x384/0x13f0 [ 981.378424][T14957] ? vfs_open+0x31/0x340 [ 981.378443][T14957] vfs_open+0x3b/0x340 [ 981.378457][T14957] ? path_openat+0x2ecd/0x3830 [ 981.378478][T14957] path_openat+0x2ee5/0x3830 [ 981.378496][T14957] ? arch_stack_walk+0xfc/0x150 [ 981.378529][T14957] ? stack_depot_save_flags+0x40/0x860 [ 981.378560][T14957] ? __pfx_path_openat+0x10/0x10 [ 981.378578][T14957] ? do_fast_syscall_32+0x34/0x80 [ 981.378601][T14957] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 981.378635][T14957] do_filp_open+0x1fa/0x410 [ 981.378653][T14957] ? __lock_acquire+0xab9/0xd20 [ 981.378678][T14957] ? __pfx_do_filp_open+0x10/0x10 [ 981.378714][T14957] ? _raw_spin_unlock+0x28/0x50 [ 981.378741][T14957] ? alloc_fd+0x64c/0x6c0 [ 981.378773][T14957] do_sys_openat2+0x121/0x1c0 [ 981.378793][T14957] ? __pfx_do_sys_openat2+0x10/0x10 [ 981.378813][T14957] ? ksys_write+0x22a/0x250 [ 981.378849][T14957] __ia32_compat_sys_openat+0x131/0x160 [ 981.378882][T14957] __do_fast_syscall_32+0xb6/0x2b0 [ 981.378917][T14957] ? lockdep_hardirqs_on+0x9c/0x150 [ 981.378954][T14957] do_fast_syscall_32+0x34/0x80 [ 981.378990][T14957] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 981.379017][T14957] RIP: 0023:0xf7f45539 [ 981.379037][T14957] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 981.379057][T14957] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 981.379081][T14957] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000680 [ 981.379098][T14957] RDX: 0000000000040000 RSI: 0000000000000019 RDI: 0000000000000000 [ 981.379112][T14957] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 981.379124][T14957] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 981.379137][T14957] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 981.379169][T14957] [ 981.381575][T14957] ERROR: Out of memory at tomoyo_realpath_from_path. [ 982.392468][T14968] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2269'. [ 983.133141][ T9855] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 983.343169][ T9855] usb 1-1: Using ep0 maxpacket: 16 [ 983.402457][ T9855] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 983.539633][ T9855] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 983.548976][ T9855] usb 1-1: Product: syz [ 983.553837][T14578] usb 3-1: Cannot read MAC address [ 983.560372][T14578] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 983.572120][ T9855] usb 1-1: Manufacturer: syz [ 983.583432][ T9855] usb 1-1: SerialNumber: syz [ 983.612915][T14578] usb 3-1: USB disconnect, device number 98 [ 983.619441][ T9855] r8152-cfgselector 1-1: Unknown version 0x0000 [ 983.626090][ T9855] r8152-cfgselector 1-1: config 0 descriptor?? [ 983.888089][ T9855] r8152-cfgselector 1-1: Needed 1 retries to read version [ 983.913500][ T9855] r8152-cfgselector 1-1: Unknown version 0x2460 [ 983.924005][ T9855] r8152-cfgselector 1-1: bad CDC descriptors [ 984.123453][T14976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2273'. [ 984.389260][ T5976] r8152-cfgselector 1-1: USB disconnect, device number 75 [ 984.443307][ T9855] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 984.610596][ T9855] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 984.627236][ T9855] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 984.677756][ T9855] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 984.728024][ T9855] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 984.760746][ T9855] usb 5-1: Manufacturer: syz [ 984.778819][T15006] unsupported nla_type 61704 [ 984.783941][ T9855] usb 5-1: config 0 descriptor?? [ 984.973148][ T9855] rc_core: IR keymap rc-hauppauge not found [ 985.002787][ T9855] Registered IR keymap rc-empty [ 985.040564][ T9855] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 985.077970][ T9855] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input125 [ 985.116633][ C1] igorplugusb 5-1:0.0: Error: urb status = -32 [ 985.291263][ T5925] usb 5-1: USB disconnect, device number 78 [ 985.578488][ T5976] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 986.252526][ T5976] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 986.267070][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.047989][ T5976] usb 4-1: config 0 descriptor?? [ 989.028815][T15053] FAULT_INJECTION: forcing a failure. [ 989.028815][T15053] name failslab, interval 1, probability 0, space 0, times 0 [ 989.063215][T15053] CPU: 1 UID: 0 PID: 15053 Comm: syz.0.2294 Not tainted syzkaller #0 PREEMPT(full) [ 989.063251][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 989.063266][T15053] Call Trace: [ 989.063279][T15053] [ 989.063290][T15053] dump_stack_lvl+0x189/0x250 [ 989.063322][T15053] ? __pfx____ratelimit+0x10/0x10 [ 989.063346][T15053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 989.063365][T15053] ? __pfx__printk+0x10/0x10 [ 989.063399][T15053] ? __lock_acquire+0xab9/0xd20 [ 989.063442][T15053] should_fail_ex+0x414/0x560 [ 989.063477][T15053] should_failslab+0xa8/0x100 [ 989.063503][T15053] kmem_cache_alloc_noprof+0x73/0x3c0 [ 989.063524][T15053] ? skb_clone+0x212/0x3a0 [ 989.063557][T15053] skb_clone+0x212/0x3a0 [ 989.063587][T15053] __netlink_deliver_tap+0x404/0x850 [ 989.063632][T15053] ? netlink_deliver_tap+0x2e/0x1b0 [ 989.063657][T15053] netlink_deliver_tap+0x19c/0x1b0 [ 989.063684][T15053] netlink_unicast+0x7fa/0x9e0 [ 989.063727][T15053] ? __pfx_netlink_unicast+0x10/0x10 [ 989.063758][T15053] ? netlink_sendmsg+0x642/0xb30 [ 989.063787][T15053] ? skb_put+0x11b/0x210 [ 989.063806][T15053] netlink_sendmsg+0x805/0xb30 [ 989.063841][T15053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 989.063879][T15053] ? __import_iovec+0x5d4/0x7f0 [ 989.063902][T15053] ? aa_sock_msg_perm+0xf1/0x1d0 [ 989.063924][T15053] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 989.063972][T15053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 989.064005][T15053] __sock_sendmsg+0x21c/0x270 [ 989.064040][T15053] ____sys_sendmsg+0x505/0x830 [ 989.064069][T15053] ? __pfx_____sys_sendmsg+0x10/0x10 [ 989.064104][T15053] ___sys_sendmsg+0x21f/0x2a0 [ 989.064123][T15053] ? __pfx____sys_sendmsg+0x10/0x10 [ 989.064183][T15053] ? __fget_files+0x2a/0x420 [ 989.064215][T15053] ? __fget_files+0x3a0/0x420 [ 989.064253][T15053] __sys_sendmsg+0x164/0x220 [ 989.064272][T15053] ? __pfx___sys_sendmsg+0x10/0x10 [ 989.064309][T15053] ? lockdep_hardirqs_on+0x9c/0x150 [ 989.064345][T15053] __do_fast_syscall_32+0xb6/0x2b0 [ 989.064379][T15053] ? lockdep_hardirqs_on+0x9c/0x150 [ 989.064409][T15053] do_fast_syscall_32+0x34/0x80 [ 989.064434][T15053] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 989.064458][T15053] RIP: 0023:0xf70ee539 [ 989.064479][T15053] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 989.064498][T15053] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 989.064521][T15053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 989.064536][T15053] RDX: 0000000004000084 RSI: 0000000000000000 RDI: 0000000000000000 [ 989.064550][T15053] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 989.064559][T15053] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 989.064568][T15053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 989.064591][T15053] [ 989.356818][ C1] vkms_vblank_simulate: vblank timer overrun [ 989.387387][ T5976] usb 4-1: Cannot read MAC address [ 989.398311][ T5976] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 989.558209][ T5976] usb 4-1: USB disconnect, device number 72 [ 991.028655][T15079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2302'. [ 992.653343][ T5976] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 992.875263][ T5976] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 992.884435][ T5976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 992.977615][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 992.977635][ T30] audit: type=1326 audit(1755998353.843:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.094462][ T5925] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 993.252696][ T5976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 993.318034][ T5976] usb 1-1: config 1 has no interface number 0 [ 993.328711][ T5976] usb 1-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 993.333307][ T30] audit: type=1326 audit(1755998353.843:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.346042][ T5976] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 993.436683][ T30] audit: type=1326 audit(1755998353.993:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.446485][ T5976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 993.520894][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 993.537690][ T30] audit: type=1326 audit(1755998353.993:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.539571][ T5976] usb 1-1: Product: syz [ 993.574205][ T5976] usb 1-1: Manufacturer: syz [ 993.579060][ T5976] usb 1-1: SerialNumber: syz [ 993.600806][ T30] audit: type=1326 audit(1755998353.993:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=316 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.680975][ T5925] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 993.693689][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 993.713066][ T30] audit: type=1326 audit(1755998353.993:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.744764][ T5925] usb 4-1: config 0 descriptor?? [ 993.773211][ T9] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 993.803180][ T30] audit: type=1326 audit(1755998353.993:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.833895][ T30] audit: type=1326 audit(1755998353.993:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.863833][ T30] audit: type=1326 audit(1755998353.993:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.909185][ T30] audit: type=1326 audit(1755998353.993:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15100 comm="syz.4.2308" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd7539 code=0x7ffc0000 [ 993.995276][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 994.006836][ T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 994.017016][ T9] usb 2-1: config 179 has no interface number 0 [ 994.024028][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 994.053309][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 994.077862][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 994.125963][T15094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 994.135905][ T9] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 994.156163][T15094] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 994.173221][ T9] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 994.189166][ T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 994.199682][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 994.233313][T15109] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 994.509630][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input126 [ 994.541919][T15112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 994.558085][T15112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 994.680874][T15109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 994.705391][T15109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 995.050673][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 995.050688][ T9855] usb 2-1: USB disconnect, device number 85 [ 995.328074][T15114] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 995.698365][ T9855] usb 1-1: USB disconnect, device number 76 [ 995.895239][ T5925] usb 4-1: Cannot read MAC address [ 995.900680][ T5925] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 995.986558][ T5925] usb 4-1: USB disconnect, device number 73 [ 995.999760][T15124] trusted_key: encrypted_key: insufficient parameters specified [ 996.008871][T15124] trusted_key: encrypted_key: insufficient parameters specified [ 996.654612][ T9855] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 997.021050][ T9855] usb 3-1: Using ep0 maxpacket: 8 [ 997.048606][ T9855] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 997.089059][ T9855] usb 3-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 997.135835][ T9855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 997.179297][ T9855] usb 3-1: Product: syz [ 997.199260][ T9855] usb 3-1: Manufacturer: syz [ 997.222799][ T9855] usb 3-1: SerialNumber: syz [ 997.264635][ T9855] usb 3-1: config 0 descriptor?? [ 997.285990][ T9855] cdc_phonet 3-1:0.0: probe with driver cdc_phonet failed with error -22 [ 997.518844][T15130] input: syz0 as /devices/virtual/input/input127 [ 997.610137][ T9855] usb 3-1: USB disconnect, device number 99 [ 998.220809][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.227502][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.439463][T15147] FAULT_INJECTION: forcing a failure. [ 998.439463][T15147] name failslab, interval 1, probability 0, space 0, times 0 [ 998.485002][T15147] CPU: 0 UID: 0 PID: 15147 Comm: syz.0.2323 Not tainted syzkaller #0 PREEMPT(full) [ 998.485026][T15147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 998.485036][T15147] Call Trace: [ 998.485043][T15147] [ 998.485051][T15147] dump_stack_lvl+0x189/0x250 [ 998.485081][T15147] ? __pfx____ratelimit+0x10/0x10 [ 998.485104][T15147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 998.485123][T15147] ? __pfx__printk+0x10/0x10 [ 998.485147][T15147] ? __lock_acquire+0xab9/0xd20 [ 998.485178][T15147] should_fail_ex+0x414/0x560 [ 998.485203][T15147] should_failslab+0xa8/0x100 [ 998.485227][T15147] kmem_cache_alloc_noprof+0x73/0x3c0 [ 998.485249][T15147] ? skb_clone+0x212/0x3a0 [ 998.485270][T15147] skb_clone+0x212/0x3a0 [ 998.485291][T15147] __netlink_deliver_tap+0x404/0x850 [ 998.485327][T15147] ? netlink_deliver_tap+0x2e/0x1b0 [ 998.485353][T15147] netlink_deliver_tap+0x19c/0x1b0 [ 998.485378][T15147] netlink_unicast+0x7fa/0x9e0 [ 998.485406][T15147] ? __pfx_netlink_unicast+0x10/0x10 [ 998.485429][T15147] ? netlink_sendmsg+0x642/0xb30 [ 998.485452][T15147] ? skb_put+0x11b/0x210 [ 998.485470][T15147] netlink_sendmsg+0x805/0xb30 [ 998.485502][T15147] ? __pfx_netlink_sendmsg+0x10/0x10 [ 998.485528][T15147] ? __import_iovec+0x5d4/0x7f0 [ 998.485545][T15147] ? aa_sock_msg_perm+0xf1/0x1d0 [ 998.485561][T15147] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 998.485579][T15147] ? __pfx_netlink_sendmsg+0x10/0x10 [ 998.485604][T15147] __sock_sendmsg+0x21c/0x270 [ 998.485628][T15147] ____sys_sendmsg+0x505/0x830 [ 998.485649][T15147] ? __pfx_____sys_sendmsg+0x10/0x10 [ 998.485678][T15147] ___sys_sendmsg+0x21f/0x2a0 [ 998.485697][T15147] ? __pfx____sys_sendmsg+0x10/0x10 [ 998.485741][T15147] ? __fget_files+0x2a/0x420 [ 998.485764][T15147] ? __fget_files+0x3a0/0x420 [ 998.485796][T15147] __sys_sendmsg+0x164/0x220 [ 998.485814][T15147] ? __pfx___sys_sendmsg+0x10/0x10 [ 998.485843][T15147] ? lockdep_hardirqs_on+0x9c/0x150 [ 998.485868][T15147] __do_fast_syscall_32+0xb6/0x2b0 [ 998.485893][T15147] ? lockdep_hardirqs_on+0x9c/0x150 [ 998.485918][T15147] do_fast_syscall_32+0x34/0x80 [ 998.485953][T15147] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 998.485980][T15147] RIP: 0023:0xf70ee539 [ 998.486001][T15147] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 998.486015][T15147] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 998.486031][T15147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 998.486043][T15147] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000 [ 998.486052][T15147] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 998.486061][T15147] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 998.486070][T15147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 998.486098][T15147] [ 999.189192][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 999.189219][ T30] audit: type=1326 audit(1755998359.973:2170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 999.252848][T15158] debugfs: '!' already exists in 'ieee80211' [ 999.399604][ T30] audit: type=1326 audit(1755998359.973:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 999.523263][ T30] audit: type=1326 audit(1755998359.973:2172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 999.650061][ T30] audit: type=1326 audit(1755998359.973:2173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 999.836599][ T30] audit: type=1326 audit(1755998359.973:2174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 999.949943][ T30] audit: type=1326 audit(1755998359.973:2175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1000.032618][ T30] audit: type=1326 audit(1755998359.973:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1000.096092][ T30] audit: type=1326 audit(1755998360.173:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1000.170766][ T30] audit: type=1326 audit(1755998360.173:2178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15152 comm="syz.0.2325" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1000.682829][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2329'. [ 1001.433454][T15180] syzkaller1: entered promiscuous mode [ 1001.438986][T15180] syzkaller1: entered allmulticast mode [ 1002.693949][T15203] FAULT_INJECTION: forcing a failure. [ 1002.693949][T15203] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.712788][T15203] CPU: 0 UID: 0 PID: 15203 Comm: syz.0.2338 Not tainted syzkaller #0 PREEMPT(full) [ 1002.712820][T15203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1002.712834][T15203] Call Trace: [ 1002.712844][T15203] [ 1002.712854][T15203] dump_stack_lvl+0x189/0x250 [ 1002.712887][T15203] ? __pfx____ratelimit+0x10/0x10 [ 1002.712920][T15203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1002.712955][T15203] ? __pfx__printk+0x10/0x10 [ 1002.712990][T15203] ? __lock_acquire+0xab9/0xd20 [ 1002.713031][T15203] should_fail_ex+0x414/0x560 [ 1002.713066][T15203] should_failslab+0xa8/0x100 [ 1002.713100][T15203] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1002.713130][T15203] ? skb_clone+0x212/0x3a0 [ 1002.713161][T15203] skb_clone+0x212/0x3a0 [ 1002.713190][T15203] __netlink_deliver_tap+0x404/0x850 [ 1002.713239][T15203] ? netlink_deliver_tap+0x2e/0x1b0 [ 1002.713274][T15203] netlink_deliver_tap+0x19c/0x1b0 [ 1002.713309][T15203] netlink_unicast+0x7fa/0x9e0 [ 1002.713349][T15203] ? __pfx_netlink_unicast+0x10/0x10 [ 1002.713382][T15203] ? netlink_sendmsg+0x642/0xb30 [ 1002.713413][T15203] ? skb_put+0x11b/0x210 [ 1002.713439][T15203] netlink_sendmsg+0x805/0xb30 [ 1002.713484][T15203] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1002.713520][T15203] ? __import_iovec+0x5d4/0x7f0 [ 1002.713543][T15203] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1002.713567][T15203] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1002.713591][T15203] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1002.713626][T15203] __sock_sendmsg+0x21c/0x270 [ 1002.713660][T15203] ____sys_sendmsg+0x505/0x830 [ 1002.713690][T15203] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1002.713734][T15203] ___sys_sendmsg+0x21f/0x2a0 [ 1002.713761][T15203] ? __pfx____sys_sendmsg+0x10/0x10 [ 1002.713826][T15203] ? __fget_files+0x2a/0x420 [ 1002.713858][T15203] ? __fget_files+0x3a0/0x420 [ 1002.713903][T15203] __sys_sendmsg+0x164/0x220 [ 1002.713929][T15203] ? __pfx___sys_sendmsg+0x10/0x10 [ 1002.713978][T15203] ? lockdep_hardirqs_on+0x9c/0x150 [ 1002.714014][T15203] __do_fast_syscall_32+0xb6/0x2b0 [ 1002.714049][T15203] ? lockdep_hardirqs_on+0x9c/0x150 [ 1002.714085][T15203] do_fast_syscall_32+0x34/0x80 [ 1002.714119][T15203] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1002.714147][T15203] RIP: 0023:0xf70ee539 [ 1002.714166][T15203] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1002.714186][T15203] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1002.714210][T15203] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 1002.714225][T15203] RDX: 00000000200000d4 RSI: 0000000000000000 RDI: 0000000000000000 [ 1002.714239][T15203] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1002.714252][T15203] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1002.714265][T15203] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1002.714297][T15203] [ 1003.376994][T15208] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2340'. [ 1003.443560][T14578] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1003.744937][T14578] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1003.756579][T14578] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1003.788452][T14578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1003.797442][T14578] usb 2-1: SerialNumber: syz [ 1003.820653][T14578] usb 2-1: bad CDC descriptors [ 1004.064373][T15205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1004.073400][T15205] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1004.204712][ T30] audit: type=1326 audit(1755998364.943:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.226820][ C0] vkms_vblank_simulate: vblank timer overrun [ 1004.280884][ T5925] usb 2-1: USB disconnect, device number 86 [ 1004.323079][ T30] audit: type=1326 audit(1755998364.943:2180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.345881][ C0] vkms_vblank_simulate: vblank timer overrun [ 1004.422333][ T30] audit: type=1326 audit(1755998364.943:2181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.446982][ C0] vkms_vblank_simulate: vblank timer overrun [ 1004.489903][ T30] audit: type=1326 audit(1755998364.943:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.512047][ C0] vkms_vblank_simulate: vblank timer overrun [ 1004.687595][ T30] audit: type=1326 audit(1755998364.943:2183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=316 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.717296][ T30] audit: type=1326 audit(1755998364.943:2184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.744368][ T30] audit: type=1326 audit(1755998364.943:2185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.790615][ T30] audit: type=1326 audit(1755998364.943:2186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.824814][ T30] audit: type=1326 audit(1755998364.953:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1004.891094][ T30] audit: type=1326 audit(1755998364.953:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15209 comm="syz.0.2341" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 1005.934773][T15232] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 1006.368242][T15246] netlink: 'syz.0.2351': attribute type 10 has an invalid length. [ 1006.388703][T15246] team0: Port device dummy0 added [ 1007.103634][ T5925] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1007.173208][ T5976] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1007.253271][T15254] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1007.261050][ T5925] usb 5-1: device descriptor read/64, error -71 [ 1007.353182][ T5976] usb 3-1: Using ep0 maxpacket: 8 [ 1007.369657][ T5976] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1007.384102][ T5976] usb 3-1: config 4 has an invalid interface number: 30 but max is 0 [ 1007.392565][ T5976] usb 3-1: config 4 has no interface number 0 [ 1007.401061][ T5976] usb 3-1: config 4 interface 30 has no altsetting 0 [ 1007.412809][ T5976] usb 3-1: string descriptor 0 read error: -22 [ 1007.419916][ T5976] usb 3-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 1007.429174][T15254] usb 2-1: Using ep0 maxpacket: 16 [ 1007.435036][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.444924][T15254] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1007.457608][T15254] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1007.467314][T15254] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1007.479748][ T5976] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 1007.487860][ T5976] dw2102: su3000_power_ctrl: 1, initialized 0 [ 1007.494235][T15254] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1007.502347][ T5976] dvb-usb: bulk message failed: -22 (2/0) [ 1007.512955][T15254] usb 2-1: config 0 descriptor?? [ 1007.528552][ T5976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1007.538027][ T5925] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1007.554269][ T5976] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 1007.561988][ T5976] usb 3-1: media controller created [ 1007.567542][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.573453][ T5976] dw2102: i2c transfer failed. [ 1007.578286][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.584187][ T5976] dw2102: i2c transfer failed. [ 1007.589014][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.595469][ T5976] dw2102: i2c transfer failed. [ 1007.600405][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.607113][ T5976] dw2102: i2c transfer failed. [ 1007.612572][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.619749][ T5976] dw2102: i2c transfer failed. [ 1007.627758][ T5976] dvb-usb: bulk message failed: -22 (6/0) [ 1007.634513][ T5976] dw2102: i2c transfer failed. [ 1007.639402][ T5976] dvb-usb: MAC address: 02:02:02:02:02:02 [ 1007.673647][T15251] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 1007.683067][ T5925] usb 5-1: device descriptor read/64, error -71 [ 1007.685588][T15251] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 1007.685614][T15251] CPU: 1 UID: 0 PID: 15251 Comm: syz.2.2353 Not tainted syzkaller #0 PREEMPT(full) [ 1007.693596][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1007.700271][T15251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1007.700293][T15251] RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 [ 1007.734058][T15251] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 bd 9c 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42 [ 1007.753704][T15251] RSP: 0018:ffffc9001967f8e8 EFLAGS: 00010202 [ 1007.759805][T15251] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 1007.767808][T15251] RDX: ffffffff87e67ae5 RSI: ffffffff8f0d4190 RDI: 0000000000001900 [ 1007.775810][T15251] RBP: 0000000000000000 R08: ffff88802e23da00 R09: 0000000000000002 [ 1007.783616][ T5925] usb usb5-port1: attempt power cycle [ 1007.783807][T15251] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 1007.783828][T15251] R13: 1ffff1100ea7b2b4 R14: 0000000000000001 R15: ffff8880753d95a8 [ 1007.805170][T15251] FS: 0000000000000000(0000) GS:ffff888125d1b000(0063) knlGS:00000000f5496b40 [ 1007.814136][T15251] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1007.820750][T15251] CR2: 000000003321eff8 CR3: 000000004bd24000 CR4: 00000000003526f0 [ 1007.828756][T15251] Call Trace: [ 1007.832066][T15251] [ 1007.835035][T15251] __i2c_transfer+0x874/0x2170 [ 1007.839847][T15251] ? lockdep_hardirqs_on+0x9c/0x150 [ 1007.845093][T15251] ? __pfx___i2c_transfer+0x10/0x10 [ 1007.850361][T15251] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 1007.855780][T15251] ? i2c_transfer+0x11d/0x3a0 [ 1007.860494][T15251] i2c_transfer+0x25b/0x3a0 [ 1007.865028][T15251] ? __pfx_i2c_transfer+0x10/0x10 [ 1007.865195][T15261] hub 9-0:1.0: USB hub found [ 1007.870073][T15251] ? _copy_from_user+0x94/0xb0 [ 1007.879453][T15251] i2cdev_ioctl_rdwr+0x460/0x740 [ 1007.884437][T15251] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 1007.889588][T15251] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 1007.890032][T15261] hub 9-0:1.0: 1 port detected [ 1007.895256][T15251] ? __fget_files+0x3a0/0x420 [ 1007.895296][T15251] ? __fget_files+0x2a/0x420 [ 1007.895330][T15251] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 1007.895364][T15251] __ia32_compat_sys_ioctl+0x540/0x840 [ 1007.920421][T15251] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1007.926450][T15251] ? __se_sys_futex_time32+0x360/0x3e0 [ 1007.931961][T15251] ? lockdep_hardirqs_on+0x9c/0x150 [ 1007.937210][T15251] __do_fast_syscall_32+0xb6/0x2b0 [ 1007.942370][T15251] ? lockdep_hardirqs_on+0x9c/0x150 [ 1007.947662][T15251] do_fast_syscall_32+0x34/0x80 [ 1007.952563][T15251] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1007.958932][T15251] RIP: 0023:0xf7f71539 [ 1007.963024][T15251] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1007.982663][T15251] RSP: 002b:00000000f549655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1007.991116][T15251] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707 [ 1007.999119][T15251] RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1008.007126][T15251] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1008.015125][T15251] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1008.023124][T15251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1008.031132][T15251] [ 1008.034184][T15251] Modules linked in: [ 1008.038886][T15251] ---[ end trace 0000000000000000 ]--- [ 1008.078877][T15251] RIP: 0010:su3000_i2c_transfer+0x1ad/0x1040 [ 1008.089995][T15251] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 bd 9c 3c fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 5f 09 00 00 0f b6 1b 48 8b 44 24 38 42 [ 1008.127843][T15251] RSP: 0018:ffffc9001967f8e8 EFLAGS: 00010202 [ 1008.134742][T15251] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 1008.148327][T15251] RDX: ffffffff87e67ae5 RSI: ffffffff8f0d4190 RDI: 0000000000001900 [ 1008.157174][T15251] RBP: 0000000000000000 R08: ffff88802e23da00 R09: 0000000000000002 [ 1008.167435][T15251] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 1008.173160][ T5925] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1008.185582][T15251] R13: 1ffff1100ea7b2b4 R14: 0000000000000001 R15: ffff8880753d95a8 [ 1008.189866][T15254] nzxt-smart2 0003:1E71:2009.000C: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 1008.205612][ C0] usb 2-1: input irq status -75 received [ 1008.211454][T15251] FS: 0000000000000000(0000) GS:ffff888125d1b000(0063) knlGS:00000000f5496b40 [ 1008.211761][ T5925] usb 5-1: device descriptor read/8, error -71 [ 1008.236290][T15251] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1008.252814][T15251] CR2: 000000003321eff8 CR3: 000000004bd24000 CR4: 00000000003526f0 [ 1008.253104][ T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1008.277713][T15251] Kernel panic - not syncing: Fatal exception [ 1008.284170][T15251] Kernel Offset: disabled [ 1008.288509][T15251] Rebooting in 86400 seconds..