last executing test programs: 7.015640006s ago: executing program 4 (id=361): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = epoll_create1(0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x17, 0x6}}, 0x20) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r7, r6, 0x0, 0x20000023893) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x100, @loopback, 0x800}, {0xa, 0x4e22, 0x49a, @mcast2, 0x2}, r5, 0x4}}, 0x48) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x96fe82a0ca817180}) syz_clone(0x4400, 0x0, 0x0, 0x0, 0x0, 0x0) epoll_pwait(r4, &(0x7f00000000c0), 0x0, 0x6, 0x0, 0x0) 6.900403145s ago: executing program 1 (id=362): r0 = socket$kcm(0x10, 0x5, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 6.316852019s ago: executing program 1 (id=364): timer_create(0x0, &(0x7f0000000480)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/41, 0x29}], 0x20, 0x80, 0x8000, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x7fc) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111}}, 0x20) 5.886583536s ago: executing program 4 (id=366): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x47f, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x29}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000100)={0xffffffffae16e299, 0x8, 0x1, 0x6, 0x5, 0x6, 0xbd, 0x146}, &(0x7f0000000140)={0xfb, 0x6, 0x9, 0x8d, 0xa52, 0x3, 0x4, 0x3ff}, &(0x7f0000000180)={0x6, 0x1f4, 0x1, 0x6, 0x98, 0xfffffffffffffffd, 0xf52, 0x9}, &(0x7f0000000200)={0x77359400}, &(0x7f0000000280)={&(0x7f0000000240)={[0x38c, 0x10000]}, 0x8}) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) 4.72692481s ago: executing program 1 (id=368): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1], 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000002c0)={0x60, 0x0, 0x405, 0x70bd29, 0x25ffdc01, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000411}, 0x44084) (fail_nth: 3) 4.472887217s ago: executing program 0 (id=370): set_mempolicy(0x1, &(0x7f0000000000)=0x1, 0x4) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x44090}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='0\x00\x00\x00\b \x00\x00', @ANYRES32, @ANYRES32, @ANYBLOB="aa20207a717789d065bf747182e54d79308a56836489f565f08b4d88e2b9b4d9957711f3f83e288081cd71c3995cf289ecd2cc85056527187c478488997745d50a694992ad5e907c41cd0391a594fb4eebc509799ddb142ed79ef0a446000000000000e0b1cc5700", @ANYRES64=0x0], 0x20) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c0000040008e584f590424580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) set_mempolicy(0x1, &(0x7f0000000040)=0x9, 0x3ff) r4 = openat$vsock(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r4, 0xc0485510, &(0x7f0000000280)={0x10, 0x4, 0x9, 0x7, &(0x7f0000000180)=[{}, {}, {}, {}]}) 4.472551976s ago: executing program 1 (id=371): timer_create(0x0, &(0x7f0000000480)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/41, 0x29}], 0x14, 0x80, 0x8000, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, 0x0, 0x0) 4.2851081s ago: executing program 0 (id=372): syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0) socket$nl_route(0x10, 0x3, 0x0) memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fd/4\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00') fchdir(r0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x80000006) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x844}, 0x4040004) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xa6, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000030000703a00fc000000000000000000000000000000ff0200000000000000000000000000010402907800000000604aa19800003c0000000000000000000000ce232860faffff0000000000000000000000000000ffffac14"], 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r3, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r3, 0x0, 0x8, &(0x7f0000000300)=0x80000009, 0x4) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = memfd_create(&(0x7f0000000840)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2}\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:!\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b%\x00\x00\x00\xd1c\xe1$\xff\x97\x06\x00\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82\x04\x00\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQb\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80y\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14\xa0\xf4\xc2\x14\x82FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6j\xe3\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3\xdbr\xf7\x81u\x00\x8ao\t\x94LB\xb9:Gm>\xd8\x0enB\xe8?\x17:\xb4\x9e\xb4\xfc\x8d4x\xa3\x81_|\xbc\x83\xc3X\x18\x1aNy\x88\xd4\xaa\xb4F\x80`\xa1\xa5\xf87\x80\xcf\xe4\xfe\xd5\xb5l\xbeR;\xa0\t\x00\x00\x00\x9a\x00pX\xf2*\xb6[\x1dH\xaf\n\x98x\x04*\xd2VW\x81\x9a\v\x98 \xc0\x81\x10o\x97\xe3\x82\xf6E\xa2\xc1$\xf7\x95K\xdeo%\xfbb\x84\xcf2p\x15\xb5\x9d\x8a\n\xbb\xa3E+\xac\xe5\x99?Pf\x1d\xb9\x8a\x86Ip\xf0/\xf1@\x16x0\x1ep+\xa8R.=\x06\xbf\x88DzN\xc5Op:\xf9\x8c', 0x6) r5 = dup(r4) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$notify(r6, 0x402, 0x29) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00)={0x2020}, 0x2020) write$binfmt_elf64(r5, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4606ff78a3710000000000000002003e00cd000000d2000000000000004000000000000000ea02000000000000020001000500380001000600b10600040300000081000000ff000000000000000900000000000000070000000000000009000000000000005900"/376], 0x178) 3.993104116s ago: executing program 2 (id=373): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = dup(r0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x12, 0x1, 0x0, 0x5, 0x0}) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100050c100000000000224e0000", 0x58}], 0x1) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x60}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_FAIL_OVER_MAC={0x5}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x8}]}}}]}, 0x44}}, 0x0) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r1, 0x80045104, &(0x7f0000000180)) 3.888633964s ago: executing program 0 (id=374): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file4/file7/file6\x00', 0xe7) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x7, &(0x7f0000000040)=[{0x9, 0xf9, 0x0, 0x3}, {0x400, 0x16, 0xe0, 0x6}, {0x9, 0x6, 0x70, 0x4}, {0x8, 0x4, 0x2, 0x400}, {0x2, 0xf8, 0xf, 0x8ecf}, {0x3, 0x16, 0x5, 0x9}, {0x3, 0x4, 0x2, 0x1}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000180)) renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file1/file4/file7/file6\x00', 0x2) 3.831370874s ago: executing program 2 (id=375): ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000040)={0x1, 0x3c0, 0xc0, &(0x7f0000000340)=[0x5, 0x0, 0x9, 0x80, 0xe6b4, 0x0, 0xfffffffffffffffa, 0x1, 0xa, 0x2, 0x2, 0x700000000000000, 0x3, 0x2, 0xfffffffffffffffe, 0x5, 0x6fffffff, 0x2, 0x4, 0x9883, 0xb, 0x6, 0x8, 0x102, 0x4, 0x9, 0x2, 0x1fd, 0x18, 0x81, 0x1, 0x5, 0x5, 0x2, 0x101, 0x40, 0x1, 0x4, 0x9, 0x81, 0x0, 0x6, 0x6, 0x2e2, 0x101, 0x6, 0x8000000000000001, 0xfffffffffffffff9, 0x8, 0x401, 0x5, 0x9, 0x7fff, 0xec, 0x8000000000000000, 0x5, 0x94e, 0x7, 0x7fffffffffffffff, 0x6, 0xffffffffffffffff, 0xa, 0x11, 0xa, 0x5, 0xa8, 0x2, 0xffffffffffffffff, 0x5, 0x87f, 0x7, 0x7, 0xae8e, 0x1e30fa4c, 0xb, 0xfffffffffffffffd, 0x4, 0x49f, 0x3, 0x7, 0xfffffffffffffad7, 0x3, 0xba00, 0x3, 0xd, 0xad65, 0x1, 0x100, 0x7, 0xe, 0x3, 0x1000000003ff, 0x5, 0x21, 0x9, 0xfffffffffffffffe, 0x401, 0x8, 0x1e4b, 0x2, 0x7fffffff, 0xf, 0x10000, 0xe, 0x2, 0x6, 0x3, 0xfffffffffffffff9, 0x0, 0x4, 0xa, 0x1, 0x9, 0x2, 0x1000, 0x80, 0xb, 0xd, 0x4, 0x3, 0x2000020006, 0x8, 0x401, 0x7f, 0x1, 0x7, 0xea7, 0x1]}) syz_usb_connect(0x5, 0x4c, &(0x7f0000000580)=ANY=[@ANYBLOB="1201100335fe6510ca1a8eb232920102030109023a00010d019002090432a70201039e080929eebdc65cb9a2db082387ac33afe3410725010305f804090507020002040266072501"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e23}, 0x6e) setsockopt$inet_buf(r0, 0x0, 0x4, &(0x7f0000000080)="fcab9f9ce675ed919b95adeac68a861b5da8ef8e68313376a83074c096e0cf9138f4bf2625c714234ac3dbcf423a3a20c6a8f6ab78beea1566f0b6998c9dbd9e04ee39b9787b0a516451344a800681e024540f532f49", 0x56) 3.614231356s ago: executing program 3 (id=376): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1], 0x2c}}, 0x0) (fail_nth: 4) 3.524429071s ago: executing program 0 (id=377): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22, 0x0, @mcast1, 0x4}, 0x1c) connect$inet6(r1, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f00000001c0)='\\', 0x1) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f00000005c0)={0xc0, 0x0, 0x0, [{0x6, 0x3ae3c00000000, 0xc, 0xb, '\xf8$\xc8^%-L\\7^\'.'}, {0x4, 0x2, 0x1, 0xd1a, '!'}, {0x2, 0x80000001, 0xd, 0xffffffff, '---+.!-&@}-^]'}, {0x3, 0x59ee, 0x6, 0x7, '\x02\x02\x02\x02\x02\x02'}, {0x1, 0x40, 0x6, 0xf6b, '\x02\x02\x02\x02\x02\x02'}]}, 0xc0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r4, @ANYBLOB="0a003400024b555ffb020302020200000a00060008021100000000657f6b27c64800080035000000000008002600"], 0x44}}, 0x0) 3.523733817s ago: executing program 1 (id=378): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket(0xa, 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) r2 = openat$sw_sync(0xffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0xc0105702, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) socket(0x400000000010, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="1779", 0x2}], 0x1}, 0x4048841) recvmsg(r7, &(0x7f0000000700)={0x0, 0xffffffffffffffb2, 0x0}, 0x11123) socket$unix(0x1, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) r9 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x28, 0x140f, 0xa821769c5c00448b, 0x70bd2b, 0x25d7db7c, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x5, 0x45, 'cm\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000880}, 0xc044) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c000000100001042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="91800300000000001c2172650010000280060002002100000004001200"], 0x3c}}, 0x10) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil}) 3.129563408s ago: executing program 0 (id=379): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xc01, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x8050) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800) syz_open_procfs$namespace(0x0, &(0x7f0000001080)='ns/time\x00') sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x2, 0xb49, 0x9, 0x8, 0x0, 0x4}, 0x0) io_setup(0x8, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r4, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0xaaa7, 0x0, 'queue0\x00', 0x90000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8c", 0x1d, 0x20000000, 0x0, 0x0) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x48002) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r6, r5, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r7, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000002fc0)="a6", 0x5dc}], 0x1}}], 0x5, 0x4040000) 3.128906392s ago: executing program 3 (id=380): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) r0 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x85, &(0x7f0000000ac0), 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f00000001c0)={0x0, 0x40000094, 0x0, 0x0}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x400000f4, 0x0, 0x5}]}) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x1, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10}, 0x8) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000007000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, &(0x7f0000000040)) r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000340), 0x74, 0x101341) ioctl$USBDEVFS_IOCTL(r9, 0x8008551c, &(0x7f0000000040)=@usbdevfs_driver={0x942, 0xa1a6, 0x0}) timer_create(0x2, &(0x7f000049efa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x4, 0x2000000000001]}}) 2.968640706s ago: executing program 4 (id=381): writev(0xffffffffffffffff, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe) 2.696165645s ago: executing program 4 (id=382): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0x6, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x5, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0x9, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0xf9c6, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x9, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0xa45, 0x1df, 0xffff, 0x3, 0x2, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x200, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x8, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x4, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x66, 0xffff, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x3, 0x7, 0xd, 0x56be]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000a40)={'syz1\x00', {0x2f, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x0, 0x0, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x0, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x7aae62b1, 0x100000, 0x0, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x8000000, 0x8, 0x0, 0x0, 0x99, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10004, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) 2.1486688s ago: executing program 3 (id=383): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'netdevsim0\x00', 0x0}) r1 = dup(0xffffffffffffffff) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1703, 0xef}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r0}, @IFLA_MASTER={0x8, 0xa, r0}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) 2.09521181s ago: executing program 0 (id=384): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae3f, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f00000000c0)={0xffff1000, 0x301000, 0x8}) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f00000097c0)={0xffff1000, 0x11b000, 0x8}) 1.984931842s ago: executing program 4 (id=385): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000180)=0xa) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0) 1.983840408s ago: executing program 3 (id=386): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x90}}, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f0000000040)=""/151, 0x97}], 0x1) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@ipv6_deladdr={0x2c, 0x15, 0x119, 0x70bd2a, 0x25dfdbfd, {0xa, 0x10, 0x2}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x4) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x3800005, 0x2010, r5, 0x0) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000010c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r7, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000340)={'vcan0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffff9f6000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe8023c889fd4cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6eb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r10}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) setsockopt(r9, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r9, 0x84, 0x16, 0x0, &(0x7f0000000180)=0x600) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000580)=@mangle={'mangle\x00', 0x64, 0x6, 0x4d4, 0x258, 0x190, 0x258, 0xc8, 0x0, 0x40c, 0x40c, 0x40c, 0x40c, 0x40c, 0x6, 0x0, {[{{@ipv6={@private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0xffffffff], 'team_slave_0\x00', 'pimreg1\x00', {}, {}, 0x87}, 0x0, 0xa4, 0xc8, 0x0, {0x0, 0x3a010000}}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [], [0x0, 0x0, 0x0, 0xffffffff], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x1, 0x0, 0x44}, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@local, @private0={0xfc, 0x0, '\x00', 0x1}, [0xff000000, 0xff000000, 0xff000000], [0x0, 0x0, 0xffffffff, 0xff000000], 'dvmrp0\x00', 'ip6gretap0\x00', {}, {0xff}, 0x3c, 0x6, 0x7, 0x40}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}, {{@ipv6={@loopback, @private2, [0x0, 0xffffffff, 0xff000000], [0x0, 0x0, 0x0, 0xff], 'syzkaller1\x00', 'veth0_to_batadv\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0xa4, 0xec}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x530) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r8, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=r3, @ANYBLOB="0004a6008b2af636ffc0c3ff38d0731f1711a540972662ea2be2d419ca8c42c9394b97c0fd69bbdbbbf468068330029d045bcca41b0394e2e9adbfe8d21661c71c1546485587b35daac545d18655c3893e57ce1b661e2866b335f6023e426200e59e5e548ef608cb9f30b282cdc9c4a8f5da595c1b3257058dbeb1c1f4b73e0aa7c3c23d85125e08e5178eb6fcc57a64851ea9d0946685be2b2078b4230178afa38783b7606566377714acb4a7cf845fe04fe5bf984d6f16ee9e55cebede9daefdbb60feeef6f39a0ead2f2ff5922577144fef3a92ffc9a40d4fd7041e07d007a38cd466db3aa89779d3b6fcd32aaee8aaabad8a6d8901c4bf7697971ad996f6747ce3ecbc9e7343f4a0a215"], 0xae) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f00000001c0)={r11, 0x0, 0x2}, 0x8) 1.832099562s ago: executing program 4 (id=387): unshare(0x6a040000) r0 = socket(0x1e, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000000)=0x1) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000480)="c61073a4"}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000004a80)=""/4083, 0xff3}], 0x1}}], 0x1, 0x0, 0x0) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x0, 0x0, 0x0, 0x180, 0x0, 0x0, {0x1}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x1}) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000004980)=[{&(0x7f00000034c0)="58c0e8bae42c0fe8bdf795b00994db801593518c974db2203b74e695040d2c9f2c3496ab3aa08c45023c6c77fd6e9ccb4cf2c9885b536185f74d40ac385923d11990841b9596d9129f0a565ef205da3f7bbd5cb09b2210051ecdda6e20ea108eaea68ba58a53f446db1598ff59bf94bf4e1749edb4d065b82120033bcaf01889dd81381abe885032f2c2f15d73828d65d839652b4402312ba82d9df95c4966a81a6c0a24a3025a7feff0cec1e3b77e442304a4ca1fe6d516cde88d197fb26de0c5f24403db89870d65da4cb763ae49eaf38a155547e9aafcf04cb6dadc1e760e9c1da7acc9f6afbac76fb44750d5f607aa72a985be38d229b8a7f6f848c0fa91edc5243192d2ee40e65abe7caab40a5e2ba95a3e6a69eb1bd3769b54ee7aa5360430b7f5e51589106eba39e12861a1d0b8f13c154100d0fbb0ba760f41470cb6b1904cb85bd8c5e4394ac77ce0468cce003cda723f72aeda6c766ddf96fccdb018769e77c6c2c0786dc85dc9438a75ad96c9f87c8d9a6f0353ef8f43070e4232b955e3f9b182aa66ae59f06529c685efc18d0384f5d79174ba85959e434e7b833040dcbf739e17c083b4c67042ff783f9aae8522ebf118700400c80035f686057c9a95108316d7a37e2fb90691b44cbe0e77ec66d08f0cb6b86ca7e1530a5122cad2170154c68cee7611542774534e9ed151295e80ea9ede97e1a05845baccc45ae42fcd9171fb6517793507260e8273e0357feb85572d4d2b695ad16574568c4e17effb582c751bdbb172a7fcc5d2034b8469e95748158c27e68d2d226e57e0f8e37ed5714280a87a15422c1825a5a2f734ec1ea4a7a71ce13df577f904cae48ee8f6be9f4e5a6cd101267673727ce343690335c479e3fced545d62d66f2aa2e12c74321d1ae0713fbf678db1a4d98e2583de3e4c1207a1b3ef0528bf4c979e7f46a9981acee9307e11e487a41d8ef6408df077e184a4368d5e22e75b528d27e626541076df37f3869c0022c0c9b6d41cc6874ae1e9cef8c4816b84f7a93e2a404691abee20c1fe78a9c91b64e06f2a5b2ffe5c0386f1341b130bb071dafb680bdb76cc61da6a8dcf65a38410c4fff0c8feae4eb36688c84ea493b4b993ee476625385a750c6592287721be80af5e4917646d37e503296667918b4fc572d36f20f23032df0703dcfcdb2edd0318750252a2693c0e446b394f710d8aec13b792681b667ef092e78d779fbaa02c0462f58ee92761278a6a2de26d5514f118a88013fb5ee84a4e8951b7273686c47840e2941d41b632ed15912cb6cea9d4bd5b8b1f713c391612f641eb7b6ce66f4b1a97da59b8e90ac9a855a7ebf07a8372cda66ddf04b73aa2fc11ffeb276572d1ff23f0dea2e1abe5e38ae315df083103fc702a00bf38cd8b4f7d52b4e7944a7c99ffb743cb878280957c840d480d6adf64a06a37ef71fa1b4674e8e2844dafe919961791fe61be794b6e8e9866d97b96c97b8a5e0f32658b0a07f707aa24690652fdbf538c08e982c21dfed05975c8d1d1281c2f65c1fd71f19f78bbb800a21311a5c14a50b11c7de69abe9c347398cfdccfe6816ffaae09a982b3847833996e8798c7e807ebd61ee013f7d1711f148291b10d7ee47f8d9ca645df551451d9c41cf4057ce4b63060dab137445458f41b5839c612f3b3f8b39690a66ee2e7cf796052bf0b90e0e1be2fd87ee1f265ea3930a980d117573765357a57cd6263ecff5511107114c8311d9fe9665d4dfed59c74e04f6410bffb8c57224a4ba391ac0b9121f3083e0c4ad52c036d57dda6e1e21b184561dce5556cb1148d6894ec2bf9d6a52d5bafd1f59e52d4d30acadf9f3c11ffbc6ba17441f66dd10b8ebb27a2316be64111a8f11b3384ce89628ba1cea730934451ff7b29ab813bc6c8ecbd5538fc2d581a8b6848eea60db2836b29da9e7c1c813717b18b860bb5ff6120453797bfa5ce95d0236137d1f726463932c788b6eebe00437df73bb1088b198ff1ce72cba8157ab5ca82b7030dd76ba5dac3ac333de636aec4be333dd68d652257706a1eabdb304f01f763ece502b4f9cefb870cc96e258a8073c94ca67738811e6a4d2ebe92a7323fe2a29218e8ace1547c9580680c6f595f17ba6e56109ce31176157f08fe911b43ad111d84d919f4774e0896b0933041551e4116187ed93e4cf2fc7af572fe4ae6affec258007de3175ef99f44843213ea73f2b051bffb703cb19f6001dd5f4c4d5a248150e7ea96ec2a9fa196e60149767c6bb0d78370f7d61e67a6e8d60fd881fcbf2705480fd5579dbad96665488c85848f638ef036d01b13f43593ae7f99d52bd7f5994d663a9cdc01134a03dec835af6b3ec9ffd16ba2381a8575414b092cffba58b0d9e58e58c3a09be7d77a3cb23b74567bc8906b47edd552f48736e7cb41a4cefc73c1d9ba274d39042d4a2afe0aa0e6a06a7ae7933d8320d4b17511609f53dc4478e95895a1fbfe3b3c7727c0dc88e8726dfdfeba18998985e4f1268ac0f26ca69a65f4d82dcf4e451af14413f643a2c3f3bb00c3f1af5a56bc231023144d1995f9713f288622a5fac78a55824ce5791a2562e1d017b30ab0b599fa440812db16af0cf945d9257faf66ee1f48d9b247cb9b8b7c43f8bbc1959e250d944ba96f1d2f6017d8b83980ec4ab3f52eeeadd3b46eddfc0150745f06c215198124d6643799ba166f5825f3f2fe4ff4dbcc98a90027088dddcd47e8555baccfe469333ac72c8b733a4969adc9c640c633d880f51f78c5a3e491bfcdf40263e384a1e18109fe34ba45e66af1d32c9ee873524c5acd5d94061152e7f3089afe6e8c35dc980de6a3adaf1bf371ded4f4f3099c505c685d08db26086ca314b5f142a977df96bfdd12d7c2674cd66fbc93b5e4befec9f90cbdbd65424b7a2a756af23c77e329a477ed8afc4bfd78c97c47a484ec60f391ce7a8fa976b4e138a2faca3825dffd62c706b75d66971b17200ff912ff7768ebb3921e705b582d7e418131cd5af63620e48f02cb4b8f6c55c5e07b2cd561c1edf76dac09d4322ff3ea949aa42db106d33252f45afaf0b9e339d5ff8c73d52823320af6c70eb826d1514b9d4f004ee890ebbef5b77d6fdecf56a5234c501a0abd38246191a1ef5184d89fc2c2f2ff863e2e4e1c409e6a26323c8ee968140570723fcf50ce391bfd9f52c674134a48e6a7349830e2136531f7e762341df774a698de5145e5c9a168b329dd21f2c3f400364eeb609ec6a3547b8ef1a47d1dce5b5e50485ac497b9415ea6a35ff7898cfa3cbae678e4b37c50a775a069fddd5d84931f5f80c77f6bd12a3f8da843d7c8a46c7a260f31a574f01eb0c9bba6c10d516a5fc5c1cff6ef1d0009469ab9046b1e0351a86b4b3faa9e486f86952810fcba2adce553f47aa6e52978d6038f79eff7bb5e3796322c7a2df67e4016e689a6cb2c3613220c0e04a06f7d331a089f4febd7302b50cfed8e688dbf709476014819841c6702ed733e047cf464396ef5bf38391d4ffc1aca22db9b37cdcdb170c5b4f51b2a4f6cb5fd71e84755100d3e783c0a2c563ea8f32d0dfcef47a241abf3480eb0c176fe2afbba8da4b6479d51323cd224528b8e4f766a2ff4f011f973b91479fbf1d0f15e939756de7276465f9fd759930a8d402e898c6dfd8f17b244e35a58d1c1f7cacca684eaa5e32c9eda766a6a36cc0f9cbaf149a61f3296449434310274564c189e4888a610f273328557cd2e7c3688281bcd5fda93be2a58b8cd642ac10e0ead96b9d414b362c20c0c39a1321766e29ef1f36f61701d5aefef6d80c535eee00ce70db2d0f148783bc586089233ed7188a42a1cc07f7645197f083b9f6a4e9cab281b0daa0ff13dee6d3868fe131e324d7cdf94ca5d6f900fd0b6ad2fa7ca58d14cf916c530d172fa627799e6471085495c6fe1aabd47e283e2679b6e14231e4d611afe5f488d96a28f948433cca579f36e08ca1132c70297b75cef74f685e32d7da1fb43ceb6b303f9faf742c818326e5c84c6d4e5c7da8a4bd0111728e3d8c75c2c29df3472a261fa2a8a8ef102a40a30fe9e6b4dd9012413800e49bb7bb2d83d23a4738441255a39946a7feed4f413bcf2c41798b46f9001e0b61d76d7fb20e25c2b067df3b6b3e4b30a1f1139f3c129e6614ab41c609f6a90cdc191982e6109c31eaeee196132b894d9fbeb45208580d82b6299acee3a4916f16858f4bd6778c22a250619304a849d0c8c47d59adb55c6637c30a41a4eeb276245e46713adf362090ca060ff0afec7710b673dfd844c7af0940547b8fba12ea3cff96a1c934efdde5eded84f82d2ce3fcb9a64f30bdcc9a8bed0dc0397eaa918a09bce93ec327385be756c35f856f0960dc3f3a0ae50593d32119b6823c9adef126d1885e76ccd6c0e29f5d5190287da3e6d678ccbf46a291926d7b34e5543383b506701cf06eb8b4222947752564f53329b4709024fa8529863953b98134d0e6670bec652a75449a28a0ffbcf30d83a492704182aa96fca299595a5fa963e0bdce00904bf68aed1072de1bb3a16d5fb038da134e95353693de0855df566ea974d51385dbece097f3b540ddf749116446e9ee11dd835d89cbee43171e817e9c8cd9a558330952ada17dff3b127888c5979acc60604a162c3792afa50ef777f8da7fa4749e592fe4ae1dd7e837d82aac1d6bc6af3c0bd6bbd5dd424f1cf8a0e6da91a36101b26e974b7b00eca70cf53a82cbfcd1c10ccc63de22e067b05ae031f3dd71cc5eca8661f6d048396cb9b62943722f362e2574e772a550b79b7819ef6ef628cb5ede6f3c971a6bc7a42e2da7705e1c95a6fd8d0fcbe09252c2fae46c349b87f7487a34aec214f169934930a90d67fa22d22d66d282f6a659a469f41ef632d00cb7456d34eff9b38f6a02421cdfcde851334bd061a1fe12f05cebb241eb67f4079720cf7c7ed7e05df968ad1698522464c1ab1922117f0c49de0554834bb459901ff3561df19b19ae5569c2208da078d17ad17f7748f333f931bb8554deb11da2810c8bf11b2928b2c0883517a78ec1bcdcabdbe61e48dccb8cc9373121acb79d26c83e890c476056e766d979ab57fb41265e28a66a45ccb5cb59831998c93d27b0f72d5d3de432d107acd200f867bd4a0116799fb25b5bc7f37f93e328da23f86b0df35ac5502a58d4c86c06a9153559792b78eb2994eaa5465ecfa7a12d474b58de25d8f722a3e1d821f4453873d582dc5e1e07dfdbdb73a62e2821dfeef048a99ef437c51243f7f9dce7a805dcbb9ccc0de7fec75d64e864ce35d5d1d64e0541a1f49493cb458815c1e0e57bafe8942c81a5f902a83b99ef3e49837da43e998f36efa35ab27eb93ceb890915cbf5dc3aa6f008a74af57947c94a7fee8e30b4d7f5be9fea270ee7aa9f0", 0xef5}], 0x1}}], 0x1, 0x9200000000000004) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$KVM_CAP_HYPERV_VP_INDEX(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000200)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x4, &(0x7f0000000000/0x400000)=nil) preadv2(r6, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$media(0x0, 0x9, 0x402) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) 1.729031228s ago: executing program 3 (id=388): ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x2, 0xffffffffffffffff}) sendto$inet6(r0, &(0x7f00000002c0)="95f99db3ef7b570fd9c78020b511f77a8c05d51ce809ab060d90dc25fce9b69e5701ab05ccf33effecfa119d34923908acc55bbf74c94b3516e3e120ba6a2704868b065542be0cb022225c8d0a7589e190b7903a012e715a1f723a4665c7457eb04477c090ad57d09e02e8fce5ae0c1b871c8ae2f3e141bff540c07a170268855af9279402787637d9ba20f6b737d86b5b3bfee97789f743028310789c724c327e0a6edcf697531afc598e7e655e0407ad2b33620b8f68", 0xb7, 0x4000000, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=@newlink={0x3c, 0x10, 0x1, 0x60bd28, 0x7, {0x0, 0x0, 0x0, r4, 0x20001}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000200c}, 0x20004010) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="04000000fcffffff71105b00000000009500000000000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x72, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5}, 0x94) r6 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r6, &(0x7f00000011c0)=[{{&(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000140)='0', 0x1}], 0x1, 0x0, 0x32}}], 0x1, 0x0) eventfd(0x1) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r9 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) fcntl$setlease(r9, 0x400, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES64=r9, @ANYRES16=r9, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x884}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x120, r8, 0x320, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x67}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8}, @NL80211_ATTR_SSID={0x16, 0x34, @random="dd7f1f5ce61d639b1db625fc02a55a9ef193"}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x5}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0xb3, 0x2a, [@tim={0x5, 0xad, {0x7, 0x96, 0x40, "f408354e04ebe6aba44ce68c18cfa8e0bcf6d611d271979f78262c37030748648c93e83d25a48e89998219c72c34690edf2959de501a1a0b32cc193d61712933debbb4e18e521937d64925d616340db9a7163c126d0d624bcf20fa815894a4cc8aa1f2fefb08c38f7fd65111f914800c1447a1452bac182e25fe4f66e88c564058793242855c044ac63f36363c1d71da479edd9ce844cb31cb0094362c696699c751be15284de3cebbc3"}}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x4004100}, 0x80) 1.719696403s ago: executing program 2 (id=389): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0x6, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x5, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0x9, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0xf9c6, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x9, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0xa45, 0x1df, 0xffff, 0x3, 0x2, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x200, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x8, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x4, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x66, 0xffff, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x3, 0x7, 0xd, 0x56be]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000a40)={'syz1\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x0, 0x0, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x0, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x7aae62b1, 0x100000, 0x0, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x8000000, 0x8, 0x0, 0x0, 0x99, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10004, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (fail_nth: 5) 1.46702397s ago: executing program 3 (id=390): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000140)={[{0x5, 0x1009, 0x6, 0x3, 0x41, 0x2, 0x2, 0x5, 0x1, 0x4, 0x2, 0x9, 0x200}, {0xfffffffe, 0x0, 0x9, 0x0, 0x1, 0x7, 0x9, 0xfd, 0x5, 0x80, 0x9, 0xf, 0x3}, {0x200002, 0x1, 0x5, 0xfc, 0x8, 0x7, 0x0, 0xd, 0xb, 0x5, 0x1, 0x3}], 0x6}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r5 = inotify_init1(0x0) inotify_add_watch(r5, &(0x7f0000000700)='./file1\x00', 0x2000775) write$binfmt_elf64(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c4610040000000000000000000003000600ebffffff7c000000000000004000000000000000010000000000000007000000890238000100feff0200040003000000970f00000b000000000000000d000000000000000000000000000000e500000000000000ffffffffffffffff0b00000000f70f7dd1439106650000007ce660c7005ec4f168a16997bd57360d3fa80840de580293019a13778b16bfa7f6581ba0d8410e8224b3ae9a3f4fbf6fac1c3fb2e24e53e9013497d45950627bcd6659230a2ddc51023c1509d2d290c6432fb2755f47e41cb70302f331d2cbd6848b3a93534384c8d502e27b34b05815dddba92b0885897c05721670a8e0c71c072820568fdf67b5fa426e205a36e69708a3d71b0b31c7bcd3f8a44880798d593007ccda442998c7e602976fa5dd47a9f353c9"], 0x78) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000034276d20402003c68e010000000109021200010000000009040001"], 0x0) close(r4) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r6 = socket$pppoe(0x18, 0x1, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) ioctl$PPPIOCGMRU(r6, 0x80047453, &(0x7f0000000000)) 1.159969776s ago: executing program 1 (id=391): execve(0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000fd8f711031000000000046050000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000140)={0x1, 0x1, 0x10800000}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a70000000060a0b040000000000000000000000003c000480380001800a0001006c696d698f09a9562c14cb8f3398a0c574000000280006800c00014000000000000000080800034000000000080005400000000108000340000000040900010073797a30000000000900020073797a000000140000001100010000000000000000000000b6e50b5a18c5d3a9db1e74e0cad16be7b9bd6362248181"], 0x98}, 0x1, 0x0, 0x0, 0x40050}, 0x0) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="e00000001300010026010000000000000068613235360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c18d0000000000000000000000000000000000000000000000000000000000000000000060040000412000"/226], 0xe0}, 0x1, 0x0, 0x0, 0x4001}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000040)={0x6, @raw_data="ea085714fd6486c664bb2dd910e83b6feaeb92013329491adc92ebab4976b081bd49e0560bb8aa37495f0035b549152d4692fd35f3811206a39e2a2af1b2ef32ee71bfbc1876517dd9e0f1f29613733c179d239b84e2a8ad52dc9f2853d60d209e2abd835672a2e2428b4305733721b55926e11efb6e32bc90e294fd39943cd449cb5345680c6b58cdf9cff8a1477c6ac451b99e1b620934f0bc77c4e815c80859148278dddb591569a47bc5c913a564bee744cd8215b35ac0feed1415fc98943dabc8b35dd3694a"}) pipe(&(0x7f0000000340)={0xffffffffffffffff}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x32, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/reserved_size', 0x232c0, 0xf0) syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x29, 0x6f, 0xb6, 0x8, 0x9022, 0xd484, 0xff88, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x0, 0x81, [{{0x9, 0x4, 0x1e, 0x80, 0x0, 0x56, 0xa7, 0xf6, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16}) r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000080)={&(0x7f00000001c0)=[{0x1, 0xb210, 0x0, 0x0}, {0x9, 0xb801, 0x0, 0x0}], 0x2}) r4 = socket$pppoe(0x18, 0x1, 0x0) ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x8f) connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'macvlan1\x00'}}, 0x1e) sendmmsg(r4, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) 996.917938ms ago: executing program 2 (id=392): r0 = syz_open_dev$vcsa(0x0, 0x1, 0x48042) writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe) 921.735305ms ago: executing program 2 (id=393): syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'gre0\x00', &(0x7f00000000c0)={'ip_vti0\x00', 0x0, 0x1, 0x40, 0x1000, 0x9, {{0x18, 0x4, 0x1, 0x6, 0x60, 0x64, 0x0, 0x9, 0x4, 0x0, @local, @private=0xa010100, {[@timestamp_prespec={0x44, 0x1c, 0x15, 0x3, 0x9, [{@private=0xa010100, 0x80000000}, {@broadcast, 0x80000001}, {@rand_addr=0x64010102, 0x7}]}, @cipso={0x86, 0x24, 0xfffffffffffffffe, [{0x0, 0x9, "88a08b57809252"}, {0x7, 0x5, "24ae23"}, {0x6, 0x5, "7097a3"}, {0x7, 0x9, "767529ddbbf84c"}, {0x6, 0x2}]}, @ssrr={0x89, 0x7, 0x5e, [@dev={0xac, 0x14, 0x14, 0xf}]}, @generic={0x82, 0x2}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x0, 0x8, 0x6, 0x0, {{0x18, 0x4, 0x0, 0x3, 0x60, 0x68, 0x0, 0x5, 0x4, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x2e}, {[@cipso={0x86, 0x2e, 0x3, [{0x7, 0xc, "ef8173f6c5bb93b57e1a"}, {0x7, 0x5, "aea3e9"}, {0x0, 0xd, "ed950782f5f5de88e3598f"}, {0x5, 0xa, "4526a54d4d75d34d"}]}, @end, @noop, @generic={0x89, 0x9, "c089dc594f2256"}, @noop, @ssrr={0x89, 0xf, 0xc5, [@loopback, @local, @rand_addr=0x64010100]}]}}}}}) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x6c, r0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x5}]}, 0x6c}}, 0x2004080) r3 = accept4$unix(0xffffffffffffffff, &(0x7f0000000340)=@abs, &(0x7f00000003c0)=0x6e, 0x40000) connect$unix(r3, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e22}, 0x6e) r4 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r4, &(0x7f0000001c40)="e782a8f16f48f47bd2d2cf4a69f5337abb5541adf0009d723d3d1e6ae17913ec6e02bed6af255ecfaa8f723d51e83cc69660569bd2df14fe760419742d997c4082f9d28f1f8438ed931c821181d479fd78eeb1", 0x53, 0x4044001, &(0x7f0000001cc0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) 0s ago: executing program 2 (id=394): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xc01, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x8050) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800) syz_open_procfs$namespace(0x0, &(0x7f0000001080)='ns/time\x00') sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x2, 0xb49, 0x9, 0x8, 0x0, 0x4}, 0x0) io_setup(0x8, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r4, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0xaaa7, 0x0, 'queue0\x00', 0x90000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8c", 0x1d, 0x20000000, 0x0, 0x0) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x48002) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r6, r5, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r7, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000002fc0)="a6", 0x5dc}], 0x1}}], 0x5, 0x4040000) kernel console output (not intermixed with test programs): 10f/0x660 [ 110.931668][ T6358] do_fast_syscall_32+0x34/0x80 [ 110.931688][ T6358] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 110.931707][ T6358] RIP: 0023:0xf7f51539 [ 110.931721][ T6358] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 110.931735][ T6358] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 110.931754][ T6358] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080004bc0 [ 110.931767][ T6358] RDX: 0000000000044084 RSI: 0000000000000000 RDI: 0000000000000000 [ 110.931777][ T6358] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 110.931787][ T6358] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 110.931798][ T6358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 110.931826][ T6358] [ 111.624888][ T5901] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 111.647779][ T5901] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 111.670295][ T5901] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 111.856136][ T5901] usb 5-1: USB disconnect, device number 5 [ 112.118467][ T6367] netlink: 4 bytes leftover after parsing attributes in process `syz.0.99'. [ 112.939948][ T6381] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 113.005261][ T6381] warning: `syz.0.103' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 113.329476][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.105'. [ 113.696262][ T5916] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 113.769868][ T6396] FAULT_INJECTION: forcing a failure. [ 113.769868][ T6396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.789578][ T6396] CPU: 1 UID: 0 PID: 6396 Comm: syz.3.107 Not tainted syzkaller #0 PREEMPT(full) [ 113.789602][ T6396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 113.789612][ T6396] Call Trace: [ 113.789619][ T6396] [ 113.789626][ T6396] dump_stack_lvl+0x189/0x250 [ 113.789652][ T6396] ? __pfx____ratelimit+0x10/0x10 [ 113.789673][ T6396] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.789692][ T6396] ? __pfx__printk+0x10/0x10 [ 113.789715][ T6396] ? __might_fault+0xb0/0x130 [ 113.789759][ T6396] should_fail_ex+0x414/0x560 [ 113.789784][ T6396] _copy_from_iter+0x1cd/0x1630 [ 113.789811][ T6396] ? __build_skb_around+0x22d/0x3c0 [ 113.789836][ T6396] ? __pfx__copy_from_iter+0x10/0x10 [ 113.789856][ T6396] ? __alloc_skb+0x2f1/0x430 [ 113.789879][ T6396] ? __pfx___alloc_skb+0x10/0x10 [ 113.789902][ T6396] ? netlink_sendmsg+0x642/0xb30 [ 113.789917][ T6396] ? skb_put+0x11b/0x210 [ 113.789942][ T6396] netlink_sendmsg+0x6b2/0xb30 [ 113.789968][ T6396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.789986][ T6396] ? __import_iovec+0x5d4/0x7f0 [ 113.790007][ T6396] ? aa_sock_msg_perm+0xf1/0x1b0 [ 113.790026][ T6396] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 113.790043][ T6396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.790061][ T6396] __sock_sendmsg+0x21c/0x270 [ 113.790084][ T6396] ____sys_sendmsg+0x505/0x820 [ 113.790113][ T6396] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.790141][ T6396] ? kstrtouint+0x6e/0xe0 [ 113.790168][ T6396] ___sys_sendmsg+0x21f/0x2a0 [ 113.790194][ T6396] ? __pfx____sys_sendmsg+0x10/0x10 [ 113.790224][ T6396] ? rcu_read_lock_any_held+0xb3/0x120 [ 113.790271][ T6396] ? __fget_files+0x2a/0x420 [ 113.790291][ T6396] ? __fget_files+0x3a0/0x420 [ 113.790321][ T6396] __sys_sendmsg+0x164/0x220 [ 113.790347][ T6396] ? __pfx___sys_sendmsg+0x10/0x10 [ 113.790379][ T6396] ? __pfx_ksys_write+0x10/0x10 [ 113.790400][ T6396] ? __do_fast_syscall_32+0xbe/0x570 [ 113.790427][ T6396] __do_fast_syscall_32+0x1f7/0x570 [ 113.790450][ T6396] ? rcu_is_watching+0x15/0xb0 [ 113.790468][ T6396] ? do_fast_syscall_32+0x34/0x80 [ 113.790495][ T6396] do_fast_syscall_32+0x34/0x80 [ 113.790517][ T6396] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 113.790537][ T6396] RIP: 0023:0xf706d539 [ 113.790553][ T6396] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 113.790567][ T6396] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 113.790586][ T6396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 113.790598][ T6396] RDX: 0000000004004004 RSI: 0000000000000000 RDI: 0000000000000000 [ 113.790608][ T6396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 113.790618][ T6396] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 113.790628][ T6396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 113.790655][ T6396] [ 114.292388][ T911] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 114.333126][ T5916] usb 5-1: config 0 has no interfaces? [ 114.338707][ T5916] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 114.347789][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.357509][ T5916] usb 5-1: config 0 descriptor?? [ 114.426258][ T911] usb 2-1: device descriptor read/64, error -71 [ 114.452908][ T6406] netlink: 'syz.3.111': attribute type 3 has an invalid length. [ 114.460951][ T6406] netlink: 666 bytes leftover after parsing attributes in process `syz.3.111'. [ 114.466971][ T6404] netlink: 116 bytes leftover after parsing attributes in process `syz.2.110'. [ 114.472132][ T6406] netlink: 32 bytes leftover after parsing attributes in process `syz.3.111'. [ 114.585221][ T6362] usb 5-1: USB disconnect, device number 6 [ 114.621291][ T6411] random: crng reseeded on system resumption [ 114.814677][ T911] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 114.854870][ T6414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.112'. [ 115.006575][ T911] usb 2-1: device descriptor read/64, error -71 [ 115.116547][ T911] usb usb2-port1: attempt power cycle [ 115.476461][ T911] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 115.496910][ T911] usb 2-1: device descriptor read/8, error -71 [ 115.760207][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 115.760225][ T30] audit: type=1326 audit(1765191051.856:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6426 comm="syz.2.117" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d539 code=0x0 [ 115.813946][ T911] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 115.862923][ T6428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.117'. [ 115.872597][ T911] usb 2-1: device descriptor read/8, error -71 [ 115.992504][ T911] usb usb2-port1: unable to enumerate USB device [ 116.071658][ T6431] FAULT_INJECTION: forcing a failure. [ 116.071658][ T6431] name failslab, interval 1, probability 0, space 0, times 0 [ 116.116165][ T6431] CPU: 1 UID: 0 PID: 6431 Comm: syz.4.118 Not tainted syzkaller #0 PREEMPT(full) [ 116.116188][ T6431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.116198][ T6431] Call Trace: [ 116.116206][ T6431] [ 116.116214][ T6431] dump_stack_lvl+0x189/0x250 [ 116.116238][ T6431] ? __pfx____ratelimit+0x10/0x10 [ 116.116258][ T6431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.116269][ T6431] ? __pfx__printk+0x10/0x10 [ 116.116284][ T6431] ? __pfx___might_resched+0x10/0x10 [ 116.116295][ T6431] ? fs_reclaim_acquire+0x7d/0x100 [ 116.116309][ T6431] should_fail_ex+0x414/0x560 [ 116.116324][ T6431] should_failslab+0xa8/0x100 [ 116.116337][ T6431] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 116.116352][ T6431] ? __alloc_skb+0x255/0x430 [ 116.116368][ T6431] __alloc_skb+0x255/0x430 [ 116.116382][ T6431] ? __pfx___alloc_skb+0x10/0x10 [ 116.116411][ T6431] tcp_stream_alloc_skb+0x3d/0x350 [ 116.116439][ T6431] tcp_sendmsg_locked+0x1ab8/0x5520 [ 116.116471][ T6431] ? __lock_acquire+0x6b6/0x2cf0 [ 116.116518][ T6431] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 116.116528][ T6431] ? __local_bh_enable_ip+0x12d/0x1c0 [ 116.116540][ T6431] ? __local_bh_enable_ip+0x12d/0x1c0 [ 116.116566][ T6431] tcp_sendmsg+0x2f/0x50 [ 116.116576][ T6431] __sock_sendmsg+0xe5/0x270 [ 116.116589][ T6431] __sys_sendto+0x3bd/0x520 [ 116.116603][ T6431] ? __pfx___sys_sendto+0x10/0x10 [ 116.116622][ T6431] ? __might_fault+0xb0/0x130 [ 116.116648][ T6431] __ia32_compat_sys_socketcall+0x71c/0x9d0 [ 116.116660][ T6431] ? __fget_files+0x3a0/0x420 [ 116.116673][ T6431] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 116.116684][ T6431] ? fput+0xa0/0xd0 [ 116.116696][ T6431] ? ksys_write+0x22a/0x250 [ 116.116705][ T6431] ? exc_page_fault+0x82/0x100 [ 116.116717][ T6431] ? __pfx_ksys_write+0x10/0x10 [ 116.116728][ T6431] ? __do_fast_syscall_32+0xbe/0x570 [ 116.116743][ T6431] __do_fast_syscall_32+0x1f7/0x570 [ 116.116756][ T6431] ? rcu_is_watching+0x15/0xb0 [ 116.116767][ T6431] ? do_fast_syscall_32+0x34/0x80 [ 116.116782][ T6431] do_fast_syscall_32+0x34/0x80 [ 116.116797][ T6431] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.116808][ T6431] RIP: 0023:0xf7fc2539 [ 116.116818][ T6431] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 116.116826][ T6431] RSP: 002b:00000000f54b5430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 116.116837][ T6431] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f54b5444 [ 116.116844][ T6431] RDX: 0000000000000000 RSI: 00000000f54b5560 RDI: 00000000f7456ff4 [ 116.116850][ T6431] RBP: 00000000f54b5560 R08: 0000000000000000 R09: 0000000000000000 [ 116.116855][ T6431] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 116.116861][ T6431] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 116.116875][ T6431] [ 116.718368][ T6436] FAULT_INJECTION: forcing a failure. [ 116.718368][ T6436] name failslab, interval 1, probability 0, space 0, times 0 [ 116.731053][ T6436] CPU: 1 UID: 0 PID: 6436 Comm: syz.3.119 Not tainted syzkaller #0 PREEMPT(full) [ 116.731075][ T6436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.731085][ T6436] Call Trace: [ 116.731092][ T6436] [ 116.731098][ T6436] dump_stack_lvl+0x189/0x250 [ 116.731121][ T6436] ? __pfx____ratelimit+0x10/0x10 [ 116.731141][ T6436] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.731160][ T6436] ? __pfx__printk+0x10/0x10 [ 116.731187][ T6436] ? __pfx___might_resched+0x10/0x10 [ 116.731205][ T6436] ? fs_reclaim_acquire+0x7d/0x100 [ 116.731228][ T6436] should_fail_ex+0x414/0x560 [ 116.731253][ T6436] should_failslab+0xa8/0x100 [ 116.731275][ T6436] kmem_cache_alloc_noprof+0x88/0x710 [ 116.731299][ T6436] ? security_inode_alloc+0x39/0x330 [ 116.731322][ T6436] security_inode_alloc+0x39/0x330 [ 116.731341][ T6436] inode_init_always_gfp+0x9ed/0xdc0 [ 116.731367][ T6436] ? __pfx_sock_alloc_inode+0x10/0x10 [ 116.731386][ T6436] alloc_inode+0x82/0x1b0 [ 116.731406][ T6436] __sock_create+0x12d/0x9d0 [ 116.731435][ T6436] __sys_socket+0xd7/0x1b0 [ 116.731459][ T6436] __ia32_compat_sys_socketcall+0x6df/0x9d0 [ 116.731478][ T6436] ? __fget_files+0x3a0/0x420 [ 116.731502][ T6436] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 116.731530][ T6436] ? fput+0xa0/0xd0 [ 116.731552][ T6436] ? ksys_write+0x22a/0x250 [ 116.731571][ T6436] ? __pfx_ksys_write+0x10/0x10 [ 116.731591][ T6436] ? __do_fast_syscall_32+0xbe/0x570 [ 116.731618][ T6436] __do_fast_syscall_32+0x1f7/0x570 [ 116.731640][ T6436] ? rcu_is_watching+0x15/0xb0 [ 116.731659][ T6436] ? do_fast_syscall_32+0x34/0x80 [ 116.731686][ T6436] do_fast_syscall_32+0x34/0x80 [ 116.731708][ T6436] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 116.731727][ T6436] RIP: 0023:0xf706d539 [ 116.731742][ T6436] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 116.731756][ T6436] RSP: 002b:00000000f541a4f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 116.731773][ T6436] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f541a500 [ 116.731785][ T6436] RDX: 00000000f7406ff4 RSI: 0000000000000000 RDI: 00000000f7406ff4 [ 116.731796][ T6436] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 116.731806][ T6436] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 116.731816][ T6436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 116.731843][ T6436] [ 116.731869][ T6436] socket: no more sockets [ 117.075470][ T6441] FAULT_INJECTION: forcing a failure. [ 117.075470][ T6441] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.096300][ T6441] CPU: 0 UID: 0 PID: 6441 Comm: syz.2.122 Not tainted syzkaller #0 PREEMPT(full) [ 117.096325][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 117.096335][ T6441] Call Trace: [ 117.096342][ T6441] [ 117.096350][ T6441] dump_stack_lvl+0x189/0x250 [ 117.096375][ T6441] ? __pfx____ratelimit+0x10/0x10 [ 117.096397][ T6441] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.096416][ T6441] ? __pfx__printk+0x10/0x10 [ 117.096447][ T6441] ? __might_fault+0xb0/0x130 [ 117.096481][ T6441] should_fail_ex+0x414/0x560 [ 117.096507][ T6441] _copy_from_iter+0x1cd/0x1630 [ 117.096533][ T6441] ? __build_skb_around+0x22d/0x3c0 [ 117.096561][ T6441] ? __pfx__copy_from_iter+0x10/0x10 [ 117.096580][ T6441] ? __alloc_skb+0x2f1/0x430 [ 117.096603][ T6441] ? __pfx___alloc_skb+0x10/0x10 [ 117.096626][ T6441] ? netlink_sendmsg+0x642/0xb30 [ 117.096641][ T6441] ? skb_put+0x11b/0x210 [ 117.096666][ T6441] netlink_sendmsg+0x6b2/0xb30 [ 117.096691][ T6441] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.096711][ T6441] ? __import_iovec+0x5d4/0x7f0 [ 117.096732][ T6441] ? aa_sock_msg_perm+0xf1/0x1b0 [ 117.096750][ T6441] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 117.096766][ T6441] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.096785][ T6441] __sock_sendmsg+0x21c/0x270 [ 117.096807][ T6441] ____sys_sendmsg+0x505/0x820 [ 117.096837][ T6441] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.096865][ T6441] ? kstrtouint+0x6e/0xe0 [ 117.096891][ T6441] ___sys_sendmsg+0x21f/0x2a0 [ 117.096917][ T6441] ? __pfx____sys_sendmsg+0x10/0x10 [ 117.096946][ T6441] ? rcu_read_lock_any_held+0xb3/0x120 [ 117.096993][ T6441] ? __fget_files+0x2a/0x420 [ 117.097012][ T6441] ? __fget_files+0x3a0/0x420 [ 117.097047][ T6441] __sys_sendmsg+0x164/0x220 [ 117.097073][ T6441] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.097111][ T6441] ? __pfx_ksys_write+0x10/0x10 [ 117.097132][ T6441] ? __do_fast_syscall_32+0xbe/0x570 [ 117.097159][ T6441] __do_fast_syscall_32+0x1f7/0x570 [ 117.097182][ T6441] ? rcu_is_watching+0x15/0xb0 [ 117.097200][ T6441] ? do_fast_syscall_32+0x34/0x80 [ 117.097226][ T6441] do_fast_syscall_32+0x34/0x80 [ 117.097249][ T6441] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.097268][ T6441] RIP: 0023:0xf709d539 [ 117.097283][ T6441] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 117.097297][ T6441] RSP: 002b:00000000f548d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 117.097314][ T6441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 117.097326][ T6441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.097336][ T6441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 117.097345][ T6441] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 117.097355][ T6441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 117.097382][ T6441] [ 117.426432][ T6437] FAULT_INJECTION: forcing a failure. [ 117.426432][ T6437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.458217][ T6446] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size. [ 117.516352][ T6437] CPU: 1 UID: 0 PID: 6437 Comm: syz.1.120 Not tainted syzkaller #0 PREEMPT(full) [ 117.516368][ T6437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 117.516375][ T6437] Call Trace: [ 117.516379][ T6437] [ 117.516385][ T6437] dump_stack_lvl+0x189/0x250 [ 117.516402][ T6437] ? __pfx____ratelimit+0x10/0x10 [ 117.516415][ T6437] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.516426][ T6437] ? __pfx__printk+0x10/0x10 [ 117.516452][ T6437] should_fail_ex+0x414/0x560 [ 117.516467][ T6437] _copy_to_user+0x31/0xb0 [ 117.516478][ T6437] simple_read_from_buffer+0xe1/0x170 [ 117.516493][ T6437] proc_fail_nth_read+0x1b3/0x220 [ 117.516506][ T6437] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 117.516517][ T6437] ? rw_verify_area+0x2a6/0x4d0 [ 117.516526][ T6437] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 117.516537][ T6437] vfs_read+0x200/0xa30 [ 117.516546][ T6437] ? fdget_pos+0x247/0x320 [ 117.516560][ T6437] ? __pfx___mutex_lock+0x10/0x10 [ 117.516573][ T6437] ? __pfx_vfs_read+0x10/0x10 [ 117.516583][ T6437] ? __fget_files+0x2a/0x420 [ 117.516597][ T6437] ? __fget_files+0x3a0/0x420 [ 117.516607][ T6437] ? __fget_files+0x2a/0x420 [ 117.516623][ T6437] ksys_read+0x145/0x250 [ 117.516633][ T6437] ? __pfx_ksys_read+0x10/0x10 [ 117.516644][ T6437] ? __do_fast_syscall_32+0xbe/0x570 [ 117.516660][ T6437] __do_fast_syscall_32+0x1f7/0x570 [ 117.516674][ T6437] ? rcu_is_watching+0x15/0xb0 [ 117.516684][ T6437] ? do_fast_syscall_32+0x34/0x80 [ 117.516702][ T6437] do_fast_syscall_32+0x34/0x80 [ 117.516715][ T6437] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 117.516727][ T6437] RIP: 0023:0xf7f51539 [ 117.516736][ T6437] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 117.516744][ T6437] RSP: 002b:00000000f5446590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 117.516755][ T6437] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5446620 [ 117.516761][ T6437] RDX: 000000000000000f RSI: 00000000f73e6ff4 RDI: 0000000000000000 [ 117.516767][ T6437] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 117.516772][ T6437] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 117.516777][ T6437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 117.516792][ T6437] [ 117.799069][ T6448] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 117.854925][ T6450] syz.2.125 (6450) used obsolete PPPIOCDETACH ioctl [ 118.001251][ T6455] bridge0: port 3(batadv0) entered disabled state [ 118.014420][ T6455] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.040355][ T6456] netlink: 'syz.1.126': attribute type 16 has an invalid length. [ 118.096835][ T6456] netlink: 'syz.1.126': attribute type 17 has an invalid length. [ 118.105507][ T6455] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.146478][ T5918] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 118.198326][ T6456] 8021q: adding VLAN 0 to HW filter on device .` [ 118.230880][ T6456] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 118.306351][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 118.311600][ T5915] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 118.329221][ T5833] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 118.338886][ T5833] Bluetooth: hci4: Injecting HCI hardware error event [ 118.347265][ T5833] Bluetooth: hci4: hardware error 0x00 [ 118.368013][ T5918] usb 5-1: too many configurations: 185, using maximum allowed: 8 [ 118.426255][ T5918] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 118.434104][ T5918] usb 5-1: can't read configurations, error -61 [ 118.470037][ T5915] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 118.486522][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.506767][ T5915] usb 4-1: Product: syz [ 118.510976][ T5915] usb 4-1: Manufacturer: syz [ 118.521792][ T5915] usb 4-1: SerialNumber: syz [ 118.576969][ T5918] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 118.766341][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 118.775617][ T6474] netlink: 115 bytes leftover after parsing attributes in process `syz.0.131'. [ 118.811037][ T5918] usb 5-1: too many configurations: 185, using maximum allowed: 8 [ 118.837735][ T5918] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 118.847079][ T5918] usb 5-1: can't read configurations, error -61 [ 118.855287][ T5918] usb usb5-port1: attempt power cycle [ 118.950718][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 118.963482][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 118.988070][ T6477] FAULT_INJECTION: forcing a failure. [ 118.988070][ T6477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.008080][ T6477] CPU: 0 UID: 0 PID: 6477 Comm: syz.1.133 Not tainted syzkaller #0 PREEMPT(full) [ 119.008106][ T6477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 119.008121][ T6477] Call Trace: [ 119.008129][ T6477] [ 119.008137][ T6477] dump_stack_lvl+0x189/0x250 [ 119.008182][ T6477] ? __pfx____ratelimit+0x10/0x10 [ 119.008203][ T6477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.008223][ T6477] ? __pfx__printk+0x10/0x10 [ 119.008259][ T6477] should_fail_ex+0x414/0x560 [ 119.008285][ T6477] _copy_to_user+0x31/0xb0 [ 119.008303][ T6477] video_usercopy+0xd93/0x13f0 [ 119.008334][ T6477] ? __pfx___video_do_ioctl+0x10/0x10 [ 119.008360][ T6477] ? __pfx_video_usercopy+0x10/0x10 [ 119.008396][ T6477] ? __fget_files+0x2a/0x420 [ 119.008422][ T6477] v4l2_ioctl+0x18d/0x1e0 [ 119.008447][ T6477] v4l2_compat_ioctl32+0x1d7/0x290 [ 119.008476][ T6477] __ia32_compat_sys_ioctl+0x543/0x840 [ 119.008498][ T6477] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 119.008515][ T6477] ? __fget_files+0x3a0/0x420 [ 119.008542][ T6477] ? fput+0xa0/0xd0 [ 119.008563][ T6477] ? ksys_write+0x22a/0x250 [ 119.008578][ T6477] ? exc_page_fault+0x82/0x100 [ 119.008600][ T6477] ? __pfx_ksys_write+0x10/0x10 [ 119.008621][ T6477] ? __do_fast_syscall_32+0xbe/0x570 [ 119.008653][ T6477] __do_fast_syscall_32+0x1f7/0x570 [ 119.008677][ T6477] ? rcu_is_watching+0x15/0xb0 [ 119.008696][ T6477] ? do_fast_syscall_32+0x34/0x80 [ 119.008723][ T6477] do_fast_syscall_32+0x34/0x80 [ 119.008745][ T6477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 119.008766][ T6477] RIP: 0023:0xf7f51539 [ 119.008789][ T6477] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 119.008803][ T6477] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 119.008825][ T6477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0205649 [ 119.008844][ T6477] RDX: 00000000800028c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.008855][ T6477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 119.008864][ T6477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 119.008874][ T6477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.008902][ T6477] [ 119.296316][ T5918] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 119.326958][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 119.332819][ T5918] usb 5-1: too many configurations: 185, using maximum allowed: 8 [ 119.342690][ T5918] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 119.350408][ T5918] usb 5-1: can't read configurations, error -61 [ 119.576810][ T5918] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 119.607265][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 119.615480][ T5918] usb 5-1: too many configurations: 185, using maximum allowed: 8 [ 119.650138][ T6484] fuse: Unexpected value for 'allow_other' [ 119.709047][ T5918] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 119.747202][ T5918] usb 5-1: can't read configurations, error -61 [ 119.767246][ T5918] usb usb5-port1: unable to enumerate USB device [ 120.426337][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 120.452884][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 120.547463][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE [ 121.246286][ T911] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 121.420052][ T911] usb 5-1: Using ep0 maxpacket: 16 [ 121.449480][ T911] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 121.471029][ T911] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.487585][ T911] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 121.501428][ T911] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 121.512524][ T911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.520850][ T911] usb 5-1: Product: syz [ 121.525094][ T911] usb 5-1: Manufacturer: syz [ 121.529979][ T911] usb 5-1: SerialNumber: syz [ 121.581153][ T6509] vlan2: entered promiscuous mode [ 121.587816][ T6509] vlan2: entered allmulticast mode [ 121.593085][ T6509] hsr_slave_1: entered allmulticast mode [ 121.610799][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000118. ret = -EPROTO [ 121.663709][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 121.687788][ T5915] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 121.723350][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.143'. [ 121.738368][ T5915] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 121.787103][ T5915] usb 4-1: USB disconnect, device number 2 [ 121.955731][ T911] usb 5-1: 0:2 : does not exist [ 122.251860][ T6519] FAULT_INJECTION: forcing a failure. [ 122.251860][ T6519] name failslab, interval 1, probability 0, space 0, times 0 [ 122.288219][ T6519] CPU: 0 UID: 0 PID: 6519 Comm: syz.1.146 Not tainted syzkaller #0 PREEMPT(full) [ 122.288237][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 122.288243][ T6519] Call Trace: [ 122.288248][ T6519] [ 122.288253][ T6519] dump_stack_lvl+0x189/0x250 [ 122.288277][ T6519] ? __pfx____ratelimit+0x10/0x10 [ 122.288299][ T6519] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.288319][ T6519] ? __pfx__printk+0x10/0x10 [ 122.288343][ T6519] ? __pfx___might_resched+0x10/0x10 [ 122.288359][ T6519] ? fs_reclaim_acquire+0x7d/0x100 [ 122.288373][ T6519] should_fail_ex+0x414/0x560 [ 122.288388][ T6519] should_failslab+0xa8/0x100 [ 122.288403][ T6519] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 122.288422][ T6519] ? __alloc_skb+0x255/0x430 [ 122.288442][ T6519] ? napi_skb_cache_get+0x4a5/0x780 [ 122.288462][ T6519] ? napi_skb_cache_get+0x151/0x780 [ 122.288486][ T6519] __alloc_skb+0x255/0x430 [ 122.288507][ T6519] ? __pfx___alloc_skb+0x10/0x10 [ 122.288521][ T6519] ? netlink_autobind+0xdb/0x300 [ 122.288530][ T6519] ? netlink_autobind+0x2c2/0x300 [ 122.288542][ T6519] netlink_sendmsg+0x5c6/0xb30 [ 122.288556][ T6519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.288570][ T6519] ? aa_sock_msg_perm+0xf1/0x1b0 [ 122.288589][ T6519] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 122.288606][ T6519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.288624][ T6519] __sock_sendmsg+0x21c/0x270 [ 122.288646][ T6519] ____sys_sendmsg+0x505/0x820 [ 122.288664][ T6519] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.288680][ T6519] ? kstrtouint+0x6e/0xe0 [ 122.288698][ T6519] ___sys_sendmsg+0x21f/0x2a0 [ 122.288724][ T6519] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.288754][ T6519] ? rcu_read_lock_any_held+0xb3/0x120 [ 122.288802][ T6519] ? __fget_files+0x2a/0x420 [ 122.288822][ T6519] ? __fget_files+0x3a0/0x420 [ 122.288850][ T6519] __sys_sendmsg+0x164/0x220 [ 122.288873][ T6519] ? __pfx___sys_sendmsg+0x10/0x10 [ 122.288906][ T6519] ? __pfx_ksys_write+0x10/0x10 [ 122.288927][ T6519] ? __do_fast_syscall_32+0xbe/0x570 [ 122.288950][ T6519] __do_fast_syscall_32+0x1f7/0x570 [ 122.288963][ T6519] ? rcu_is_watching+0x15/0xb0 [ 122.288973][ T6519] ? do_fast_syscall_32+0x34/0x80 [ 122.288988][ T6519] do_fast_syscall_32+0x34/0x80 [ 122.289001][ T6519] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 122.289020][ T6519] RIP: 0023:0xf7f51539 [ 122.289036][ T6519] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 122.289050][ T6519] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 122.289068][ T6519] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080004bc0 [ 122.289081][ T6519] RDX: 0000000000044084 RSI: 0000000000000000 RDI: 0000000000000000 [ 122.289090][ T6519] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 122.289097][ T6519] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 122.289103][ T6519] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 122.289117][ T6519] [ 123.417798][ T911] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 123.490837][ T911] usb 5-1: USB disconnect, device number 11 [ 123.596397][ T5918] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 123.756343][ T5918] usb 3-1: Using ep0 maxpacket: 8 [ 123.769291][ T5918] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.819511][ T5918] usb 3-1: config 0 has no interfaces? [ 123.825598][ T5918] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 123.845632][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.869884][ T5918] usb 3-1: config 0 descriptor?? [ 124.166311][ T5918] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 124.406287][ T5918] usb 1-1: Using ep0 maxpacket: 8 [ 124.414217][ T5918] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 124.429646][ T5918] usb 1-1: config 0 has no interface number 0 [ 124.444703][ T5964] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 124.467512][ T5918] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 124.492991][ T5964] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 124.524506][ T5918] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 124.590858][ T5918] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 124.634887][ T5918] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 124.691307][ T5918] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 124.711872][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.740161][ T5918] usb 1-1: config 0 descriptor?? [ 124.807241][ T5918] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 124.869005][ T6547] FAULT_INJECTION: forcing a failure. [ 124.869005][ T6547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.918671][ T6547] CPU: 1 UID: 0 PID: 6547 Comm: syz.1.155 Not tainted syzkaller #0 PREEMPT(full) [ 124.918687][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 124.918694][ T6547] Call Trace: [ 124.918698][ T6547] [ 124.918703][ T6547] dump_stack_lvl+0x189/0x250 [ 124.918719][ T6547] ? __pfx____ratelimit+0x10/0x10 [ 124.918732][ T6547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.918743][ T6547] ? __pfx__printk+0x10/0x10 [ 124.918756][ T6547] ? __might_fault+0xb0/0x130 [ 124.918776][ T6547] should_fail_ex+0x414/0x560 [ 124.918791][ T6547] _copy_from_iter+0x1cd/0x1630 [ 124.918804][ T6547] ? __build_skb_around+0x22d/0x3c0 [ 124.918821][ T6547] ? __alloc_skb+0x339/0x430 [ 124.918832][ T6547] ? __pfx__copy_from_iter+0x10/0x10 [ 124.918844][ T6547] ? __pfx___alloc_skb+0x10/0x10 [ 124.918858][ T6547] ? skb_put+0x11b/0x210 [ 124.918870][ T6547] ? tipc_msg_build+0x6b6/0xcf0 [ 124.918884][ T6547] tipc_msg_build+0x72b/0xcf0 [ 124.918900][ T6547] ? __pfx_tipc_msg_build+0x10/0x10 [ 124.918914][ T6547] ? net_generic+0x1e/0x240 [ 124.918923][ T6547] ? net_generic+0x1e/0x240 [ 124.918938][ T6547] ? tipc_group_bc_cong+0x15f/0x210 [ 124.918953][ T6547] tipc_send_group_bcast+0x76c/0xa70 [ 124.918974][ T6547] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 124.918990][ T6547] ? stack_trace_save+0x9c/0xe0 [ 124.919005][ T6547] ? __pfx_woken_wake_function+0x10/0x10 [ 124.919021][ T6547] ? __lock_acquire+0x6b6/0x2cf0 [ 124.919035][ T6547] __tipc_sendmsg+0x2d7/0x2940 [ 124.919047][ T6547] ? __update_page_owner_handle+0x5a/0x570 [ 124.919065][ T6547] ? __pfx___tipc_sendmsg+0x10/0x10 [ 124.919077][ T6547] ? aa_label_sk_perm+0x4c4/0x610 [ 124.919091][ T6547] ? __page_table_check_zero+0x6a/0x3e0 [ 124.919103][ T6547] ? __page_table_check_zero+0x397/0x3e0 [ 124.919112][ T6547] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 124.919133][ T6547] ? __lock_acquire+0x6b6/0x2cf0 [ 124.919159][ T6547] ? __local_bh_enable_ip+0x12d/0x1c0 [ 124.919169][ T6547] ? lockdep_hardirqs_on+0x98/0x140 [ 124.919182][ T6547] ? __local_bh_enable_ip+0x12d/0x1c0 [ 124.919192][ T6547] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 124.919207][ T6547] tipc_sendmsg+0x55/0x70 [ 124.919217][ T6547] ? __pfx_tipc_sendmsg+0x10/0x10 [ 124.919227][ T6547] __sock_sendmsg+0x21c/0x270 [ 124.919241][ T6547] ____sys_sendmsg+0x52d/0x820 [ 124.919257][ T6547] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.919279][ T6547] ___sys_sendmsg+0x21f/0x2a0 [ 124.919293][ T6547] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.919308][ T6547] ? kstrtoull+0x12f/0x1d0 [ 124.919335][ T6547] ? __fget_files+0x2a/0x420 [ 124.919346][ T6547] ? __fget_files+0x3a0/0x420 [ 124.919363][ T6547] __sys_sendmmsg+0x28e/0x430 [ 124.919379][ T6547] ? __pfx___sys_sendmmsg+0x10/0x10 [ 124.919397][ T6547] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 124.919420][ T6547] ? ksys_write+0x22a/0x250 [ 124.919428][ T6547] ? exc_page_fault+0x82/0x100 [ 124.919440][ T6547] ? __pfx_ksys_write+0x10/0x10 [ 124.919458][ T6547] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 124.919470][ T6547] __do_fast_syscall_32+0x1f7/0x570 [ 124.919483][ T6547] ? rcu_is_watching+0x15/0xb0 [ 124.919494][ T6547] ? do_fast_syscall_32+0x34/0x80 [ 124.919509][ T6547] do_fast_syscall_32+0x34/0x80 [ 124.919522][ T6547] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.919534][ T6547] RIP: 0023:0xf7f51539 [ 124.919544][ T6547] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 124.919552][ T6547] RSP: 002b:00000000f542555c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 124.919563][ T6547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800030c0 [ 124.919570][ T6547] RDX: 0000000000000181 RSI: 0000000000000000 RDI: 0000000000000000 [ 124.919575][ T6547] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 124.919580][ T6547] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 124.919586][ T6547] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.919600][ T6547] [ 125.449083][ T6550] netlink: 8 bytes leftover after parsing attributes in process `syz.3.156'. [ 126.016281][ T5945] usb 1-1: USB disconnect, device number 5 [ 126.034864][ T5945] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 126.114294][ T5919] usb 3-1: USB disconnect, device number 4 [ 126.380775][ T6565] FAULT_INJECTION: forcing a failure. [ 126.380775][ T6565] name failslab, interval 1, probability 0, space 0, times 0 [ 126.393924][ T6565] CPU: 0 UID: 0 PID: 6565 Comm: syz.4.161 Not tainted syzkaller #0 PREEMPT(full) [ 126.393948][ T6565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 126.393958][ T6565] Call Trace: [ 126.393964][ T6565] [ 126.393972][ T6565] dump_stack_lvl+0x189/0x250 [ 126.393995][ T6565] ? __pfx____ratelimit+0x10/0x10 [ 126.394016][ T6565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.394036][ T6565] ? __pfx__printk+0x10/0x10 [ 126.394082][ T6565] should_fail_ex+0x414/0x560 [ 126.394108][ T6565] should_failslab+0xa8/0x100 [ 126.394131][ T6565] kmem_cache_alloc_noprof+0x88/0x710 [ 126.394153][ T6565] ? __netlink_lookup+0xbd/0x8a0 [ 126.394172][ T6565] ? skb_clone+0x212/0x3a0 [ 126.394193][ T6565] skb_clone+0x212/0x3a0 [ 126.394213][ T6565] __netlink_deliver_tap+0x404/0x850 [ 126.394244][ T6565] ? netlink_deliver_tap+0x2e/0x1b0 [ 126.394262][ T6565] netlink_deliver_tap+0x19c/0x1b0 [ 126.394279][ T6565] netlink_unicast+0x7fa/0x9e0 [ 126.394309][ T6565] ? __pfx_netlink_unicast+0x10/0x10 [ 126.394334][ T6565] ? netlink_sendmsg+0x642/0xb30 [ 126.394348][ T6565] ? skb_put+0x11b/0x210 [ 126.394375][ T6565] netlink_sendmsg+0x805/0xb30 [ 126.394402][ T6565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.394423][ T6565] ? aa_sock_msg_perm+0xf1/0x1b0 [ 126.394442][ T6565] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.394459][ T6565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.394477][ T6565] __sock_sendmsg+0x21c/0x270 [ 126.394500][ T6565] sock_sendmsg+0x158/0x230 [ 126.394522][ T6565] ? __pfx_sock_sendmsg+0x10/0x10 [ 126.394555][ T6565] ? __asan_memset+0x22/0x50 [ 126.394578][ T6565] ? iov_iter_bvec+0xb8/0x180 [ 126.394604][ T6565] splice_to_socket+0x8f5/0xf00 [ 126.394649][ T6565] ? __pfx_splice_to_socket+0x10/0x10 [ 126.394695][ T6565] ? get_pid_task+0x20/0x1f0 [ 126.394732][ T6565] ? bpf_lsm_file_permission+0x9/0x20 [ 126.394750][ T6565] ? security_file_permission+0x75/0x290 [ 126.394772][ T6565] ? rw_verify_area+0x255/0x4d0 [ 126.394791][ T6565] ? __pfx_splice_to_socket+0x10/0x10 [ 126.394811][ T6565] do_splice+0xc79/0x1660 [ 126.394856][ T6565] ? __pfx_do_splice+0x10/0x10 [ 126.394888][ T6565] __se_sys_splice+0x2e1/0x460 [ 126.394915][ T6565] ? __pfx___se_sys_splice+0x10/0x10 [ 126.394942][ T6565] ? __ia32_sys_splice+0x21/0xf0 [ 126.394966][ T6565] __do_fast_syscall_32+0x1f7/0x570 [ 126.394990][ T6565] ? rcu_is_watching+0x15/0xb0 [ 126.395008][ T6565] ? do_fast_syscall_32+0x34/0x80 [ 126.395035][ T6565] do_fast_syscall_32+0x34/0x80 [ 126.395057][ T6565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.395083][ T6565] RIP: 0023:0xf7fc2539 [ 126.395098][ T6565] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 126.395112][ T6565] RSP: 002b:00000000f549555c EFLAGS: 00000206 ORIG_RAX: 0000000000000139 [ 126.395131][ T6565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 126.395143][ T6565] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 000000000004ffe6 [ 126.395153][ T6565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.395162][ T6565] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 126.395173][ T6565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.395202][ T6565] [ 126.395242][ T6565] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.161'. [ 126.780722][ T6565] netlink: 20 bytes leftover after parsing attributes in process `syz.4.161'. [ 126.800016][ T6571] FAULT_INJECTION: forcing a failure. [ 126.800016][ T6571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.846386][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.0.163 Not tainted syzkaller #0 PREEMPT(full) [ 126.846411][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 126.846422][ T6571] Call Trace: [ 126.846429][ T6571] [ 126.846437][ T6571] dump_stack_lvl+0x189/0x250 [ 126.846462][ T6571] ? __pfx____ratelimit+0x10/0x10 [ 126.846483][ T6571] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.846502][ T6571] ? __pfx__printk+0x10/0x10 [ 126.846525][ T6571] ? __might_fault+0xb0/0x130 [ 126.846560][ T6571] should_fail_ex+0x414/0x560 [ 126.846586][ T6571] _copy_from_iter+0x1cd/0x1630 [ 126.846614][ T6571] ? __build_skb_around+0x22d/0x3c0 [ 126.846640][ T6571] ? __pfx__copy_from_iter+0x10/0x10 [ 126.846660][ T6571] ? __alloc_skb+0x2f1/0x430 [ 126.846683][ T6571] ? __pfx___alloc_skb+0x10/0x10 [ 126.846707][ T6571] ? netlink_sendmsg+0x642/0xb30 [ 126.846723][ T6571] ? skb_put+0x11b/0x210 [ 126.846747][ T6571] netlink_sendmsg+0x6b2/0xb30 [ 126.846774][ T6571] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.846793][ T6571] ? __import_iovec+0x5d4/0x7f0 [ 126.846822][ T6571] ? aa_sock_msg_perm+0xf1/0x1b0 [ 126.846840][ T6571] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.846856][ T6571] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.846875][ T6571] __sock_sendmsg+0x21c/0x270 [ 126.846897][ T6571] ____sys_sendmsg+0x505/0x820 [ 126.846925][ T6571] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.846954][ T6571] ? kstrtouint+0x6e/0xe0 [ 126.846980][ T6571] ___sys_sendmsg+0x21f/0x2a0 [ 126.847005][ T6571] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.847036][ T6571] ? rcu_read_lock_any_held+0xb3/0x120 [ 126.847081][ T6571] ? __fget_files+0x2a/0x420 [ 126.847100][ T6571] ? __fget_files+0x3a0/0x420 [ 126.847130][ T6571] __sys_sendmsg+0x164/0x220 [ 126.847156][ T6571] ? __pfx___sys_sendmsg+0x10/0x10 [ 126.847189][ T6571] ? __pfx_ksys_write+0x10/0x10 [ 126.847210][ T6571] ? __do_fast_syscall_32+0xbe/0x570 [ 126.847236][ T6571] __do_fast_syscall_32+0x1f7/0x570 [ 126.847257][ T6571] ? lockdep_hardirqs_on+0x98/0x140 [ 126.847276][ T6571] ? do_fast_syscall_32+0x34/0x80 [ 126.847296][ T6571] ? irqentry_exit+0x10f/0x660 [ 126.847319][ T6571] do_fast_syscall_32+0x34/0x80 [ 126.847341][ T6571] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 126.847361][ T6571] RIP: 0023:0xf70ad539 [ 126.847377][ T6571] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 126.847391][ T6571] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 126.847414][ T6571] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 126.847425][ T6571] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 126.847435][ T6571] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 126.847444][ T6571] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 126.847453][ T6571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 126.847477][ T6571] [ 127.398996][ T6589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'. [ 127.427832][ T6578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.164'. [ 128.167200][ T6578] Invalid option length (8088) for dns_resolver key [ 128.285291][ T6602] netlink: 'syz.4.170': attribute type 9 has an invalid length. [ 128.336790][ T6602] netlink: 'syz.4.170': attribute type 6 has an invalid length. [ 128.346077][ T5915] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 128.506270][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 128.511388][ T30] audit: type=1326 audit(1765191064.616:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6607 comm="syz.4.173" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc2539 code=0x0 [ 128.534005][ T5915] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 128.556364][ T5915] usb 3-1: config 0 has no interface number 0 [ 128.586690][ T5915] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 128.644906][ T5915] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 128.663046][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.679209][ T6618] netlink: 28 bytes leftover after parsing attributes in process `syz.4.173'. [ 128.689517][ T5915] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 128.708525][ T5915] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 128.725353][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.753200][ T5915] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 128.764726][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.772542][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.788743][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.811885][ T6614] bridge0: port 3(batadv0) entered disabled state [ 128.836598][ T6624] netlink: 'syz.0.175': attribute type 16 has an invalid length. [ 128.844361][ T6624] netlink: 'syz.0.175': attribute type 17 has an invalid length. [ 128.851101][ T5915] usb 3-1: config 0 descriptor?? [ 128.867641][ T5915] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 128.943975][ T6623] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.952559][ T6623] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.014035][ T6624] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.302434][ T5919] usb 3-1: USB disconnect, device number 5 [ 129.320260][ T5919] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 129.681731][ T6628] CIFS: VFS: Malformed UNC in devname [ 131.242144][ T6646] netlink: 136 bytes leftover after parsing attributes in process `syz.4.182'. [ 131.276885][ T6646] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 131.365351][ T6650] netlink: 'syz.0.184': attribute type 9 has an invalid length. [ 131.386389][ T6650] netlink: 'syz.0.184': attribute type 6 has an invalid length. [ 131.544270][ T6658] FAULT_INJECTION: forcing a failure. [ 131.544270][ T6658] name failslab, interval 1, probability 0, space 0, times 0 [ 131.577657][ T6658] CPU: 0 UID: 0 PID: 6658 Comm: syz.0.187 Not tainted syzkaller #0 PREEMPT(full) [ 131.577684][ T6658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 131.577694][ T6658] Call Trace: [ 131.577702][ T6658] [ 131.577710][ T6658] dump_stack_lvl+0x189/0x250 [ 131.577734][ T6658] ? __pfx____ratelimit+0x10/0x10 [ 131.577754][ T6658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.577781][ T6658] ? __pfx__printk+0x10/0x10 [ 131.577803][ T6658] ? __lock_acquire+0x6b6/0x2cf0 [ 131.577829][ T6658] should_fail_ex+0x414/0x560 [ 131.577852][ T6658] should_failslab+0xa8/0x100 [ 131.577874][ T6658] kmem_cache_alloc_noprof+0x88/0x710 [ 131.577895][ T6658] ? __netlink_lookup+0xbd/0x8a0 [ 131.577910][ T6658] ? skb_clone+0x212/0x3a0 [ 131.577930][ T6658] skb_clone+0x212/0x3a0 [ 131.577947][ T6658] __netlink_deliver_tap+0x404/0x850 [ 131.577973][ T6658] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.577990][ T6658] netlink_deliver_tap+0x19c/0x1b0 [ 131.578006][ T6658] netlink_unicast+0x7fa/0x9e0 [ 131.578035][ T6658] ? __pfx_netlink_unicast+0x10/0x10 [ 131.578058][ T6658] ? netlink_sendmsg+0x642/0xb30 [ 131.578072][ T6658] ? skb_put+0x11b/0x210 [ 131.578096][ T6658] netlink_sendmsg+0x805/0xb30 [ 131.578120][ T6658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.578139][ T6658] ? __import_iovec+0x5d4/0x7f0 [ 131.578158][ T6658] ? aa_sock_msg_perm+0xf1/0x1b0 [ 131.578174][ T6658] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.578189][ T6658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.578206][ T6658] __sock_sendmsg+0x21c/0x270 [ 131.578228][ T6658] ____sys_sendmsg+0x505/0x820 [ 131.578254][ T6658] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.578280][ T6658] ? kstrtouint+0x6e/0xe0 [ 131.578304][ T6658] ___sys_sendmsg+0x21f/0x2a0 [ 131.578327][ T6658] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.578367][ T6658] ? rcu_read_lock_any_held+0xb3/0x120 [ 131.578405][ T6658] ? __fget_files+0x2a/0x420 [ 131.578423][ T6658] ? __fget_files+0x3a0/0x420 [ 131.578451][ T6658] __sys_sendmsg+0x164/0x220 [ 131.578474][ T6658] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.578507][ T6658] ? __pfx_ksys_write+0x10/0x10 [ 131.578528][ T6658] ? __do_fast_syscall_32+0xbe/0x570 [ 131.578552][ T6658] __do_fast_syscall_32+0x1f7/0x570 [ 131.578574][ T6658] ? rcu_is_watching+0x15/0xb0 [ 131.578592][ T6658] ? do_fast_syscall_32+0x34/0x80 [ 131.578617][ T6658] do_fast_syscall_32+0x34/0x80 [ 131.578639][ T6658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 131.578657][ T6658] RIP: 0023:0xf70ad539 [ 131.578672][ T6658] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 131.578686][ T6658] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 131.578706][ T6658] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 131.578728][ T6658] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 131.578737][ T6658] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 131.578747][ T6658] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 131.578756][ T6658] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 131.578789][ T6658] [ 132.276706][ T5918] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 132.536300][ T5918] usb 1-1: Using ep0 maxpacket: 16 [ 132.558246][ T5918] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 132.580351][ T5918] usb 1-1: config 0 has no interface number 0 [ 132.594820][ T5918] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 132.614123][ T5918] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 132.627582][ T6670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.190'. [ 132.676268][ T5918] usb 1-1: config 0 interface 41 has no altsetting 0 [ 132.701126][ T5918] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 132.718376][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.736924][ T5918] usb 1-1: Product: syz [ 132.749295][ T5918] usb 1-1: Manufacturer: syz [ 132.759616][ T5918] usb 1-1: SerialNumber: syz [ 132.775813][ T5918] usb 1-1: config 0 descriptor?? [ 132.978866][ T6665] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 132.986138][ T6665] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.004865][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.011776][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.086962][ T6673] fuse: Bad value for 'fd' [ 133.301216][ T6665] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.313198][ T6665] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.346338][ T5919] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 133.496224][ T5919] usb 2-1: Using ep0 maxpacket: 16 [ 133.506738][ T5919] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 133.516212][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.524262][ T5919] usb 2-1: Product: syz [ 133.528777][ T5919] usb 2-1: Manufacturer: syz [ 133.533398][ T5919] usb 2-1: SerialNumber: syz [ 133.542147][ T5919] r8152-cfgselector 2-1: Unknown version 0x0000 [ 133.551099][ T5919] r8152-cfgselector 2-1: config 0 descriptor?? [ 133.892310][ T6686] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.195'. [ 133.938815][ T5918] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 133.978982][ T5919] r8152-cfgselector 2-1: USB disconnect, device number 8 [ 134.560252][ T6694] capability: warning: `syz.1.197' uses deprecated v2 capabilities in a way that may be insecure [ 134.817262][ T5915] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 135.028824][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 951, setting to 64 [ 135.056618][ T5915] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.066022][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.079189][ T5915] usb 2-1: Product: с [ 135.088984][ T5915] usb 2-1: Manufacturer: 珹趎뀲㷋迧ꉕ鄶롈䮝뤩뎐䯈揹吧ꃿ䟊䋝琔扈빱꬏ꄊ잙䀟彘壽㧙靴뉍軅穊縉궗䡀Ʂね蝂⪼롣껻졜崃琖៣葊돳畸耀ꠜ웗ꆪဂ뽐貤ۜ帪宛 [ 135.148818][ T5915] usb 2-1: rejected 1 configuration due to insufficient available bus power [ 135.163012][ T5915] usb 2-1: no configuration chosen from 1 choice [ 135.513841][ T5918] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 135.537221][ T5918] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 135.588026][ T5918] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 135.766701][ T5918] usb 1-1: USB disconnect, device number 6 [ 135.782144][ T6705] binder: 6702:6705 ioctl c0306201 80000640 returned -22 [ 135.999180][ T6709] netlink: 112 bytes leftover after parsing attributes in process `syz.2.202'. [ 136.033332][ T6707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.056282][ T5945] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 136.067155][ T6707] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.099125][ T6707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.124610][ T6707] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.226805][ T5945] usb 5-1: Using ep0 maxpacket: 8 [ 136.233852][ T5945] usb 5-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 136.243296][ T5945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.328492][ T5945] usb 5-1: config 0 descriptor?? [ 136.364213][ T5919] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 136.526283][ T5919] usb 3-1: Using ep0 maxpacket: 8 [ 136.533147][ T5919] usb 3-1: unable to get BOS descriptor or descriptor too short [ 136.545629][ T5919] usb 3-1: config 4 interface 0 has no altsetting 0 [ 136.555331][ T5919] usb 3-1: string descriptor 0 read error: -22 [ 136.564052][ T5919] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 136.573281][ T5919] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 136.598927][ T5919] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 136.620122][ T5919] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 136.639222][ T5919] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 136.658476][ T5919] usb 3-1: media controller created [ 136.679940][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 137.571952][ T5918] usb 2-1: USB disconnect, device number 9 [ 137.664360][ T30] audit: type=1326 audit(1765191073.766:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6719 comm="syz.1.206" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f51539 code=0x0 [ 137.767508][ T5919] zl10353_read_register: readreg error (reg=127, ret==0) [ 137.768187][ T6713] usb 3-1: dvb_usb_au6610: wlen=245, aborting [ 138.183232][ T5919] usb 3-1: USB disconnect, device number 6 [ 138.652611][ T5919] usb 5-1: USB disconnect, device number 12 [ 138.731280][ T6727] ipip0: entered promiscuous mode [ 138.768537][ T6727] ipip0: entered allmulticast mode [ 138.822193][ T6733] fuse: Bad value for 'fd' [ 138.870732][ T30] audit: type=1326 audit(1765191074.976:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6731 comm="syz.4.210" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc2539 code=0x0 [ 138.955434][ T6737] netlink: 28 bytes leftover after parsing attributes in process `syz.4.210'. [ 138.996921][ T5919] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 139.178338][ T5919] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.222173][ T5919] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 1.41 [ 139.232700][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=246, SerialNumber=2 [ 139.243050][ T5919] usb 3-1: Product: syz [ 139.248434][ T5919] usb 3-1: SerialNumber: syz [ 139.259439][ T5919] usb 3-1: config 0 descriptor?? [ 139.268409][ T5919] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 139.280800][ T5919] usb 3-1: Detected SIO [ 139.294693][ T5919] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 139.476936][ T5915] usb 3-1: USB disconnect, device number 7 [ 139.496839][ T5915] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 139.518473][ T5915] ftdi_sio 3-1:0.0: device disconnected [ 139.815634][ T6748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.215'. [ 139.862210][ T6750] FAULT_INJECTION: forcing a failure. [ 139.862210][ T6750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.875941][ T6750] CPU: 1 UID: 0 PID: 6750 Comm: syz.4.216 Not tainted syzkaller #0 PREEMPT(full) [ 139.875973][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 139.875984][ T6750] Call Trace: [ 139.875991][ T6750] [ 139.875999][ T6750] dump_stack_lvl+0x189/0x250 [ 139.876025][ T6750] ? __pfx____ratelimit+0x10/0x10 [ 139.876047][ T6750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.876067][ T6750] ? __pfx__printk+0x10/0x10 [ 139.876103][ T6750] should_fail_ex+0x414/0x560 [ 139.876129][ T6750] _copy_to_user+0x31/0xb0 [ 139.876147][ T6750] simple_read_from_buffer+0xe1/0x170 [ 139.876174][ T6750] proc_fail_nth_read+0x1b3/0x220 [ 139.876194][ T6750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 139.876213][ T6750] ? rw_verify_area+0x2a6/0x4d0 [ 139.876228][ T6750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 139.876245][ T6750] vfs_read+0x200/0xa30 [ 139.876259][ T6750] ? fdget_pos+0x247/0x320 [ 139.876282][ T6750] ? __pfx___mutex_lock+0x10/0x10 [ 139.876304][ T6750] ? __pfx_vfs_read+0x10/0x10 [ 139.876322][ T6750] ? __fget_files+0x2a/0x420 [ 139.876346][ T6750] ? __fget_files+0x3a0/0x420 [ 139.876365][ T6750] ? __fget_files+0x2a/0x420 [ 139.876394][ T6750] ksys_read+0x145/0x250 [ 139.876409][ T6750] ? exc_page_fault+0x82/0x100 [ 139.876429][ T6750] ? __pfx_ksys_read+0x10/0x10 [ 139.876448][ T6750] ? __do_fast_syscall_32+0xbe/0x570 [ 139.876473][ T6750] __do_fast_syscall_32+0x1f7/0x570 [ 139.876494][ T6750] ? rcu_is_watching+0x15/0xb0 [ 139.876513][ T6750] ? do_fast_syscall_32+0x34/0x80 [ 139.876538][ T6750] do_fast_syscall_32+0x34/0x80 [ 139.876560][ T6750] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 139.876579][ T6750] RIP: 0023:0xf7fc2539 [ 139.876594][ T6750] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 139.876608][ T6750] RSP: 002b:00000000f54b6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 139.876626][ T6750] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f54b6620 [ 139.876638][ T6750] RDX: 000000000000000f RSI: 00000000f7456ff4 RDI: 0000000000000000 [ 139.876648][ T6750] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 139.876658][ T6750] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 139.876668][ T6750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 139.876694][ T6750] [ 140.328997][ T6759] FAULT_INJECTION: forcing a failure. [ 140.328997][ T6759] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.342262][ T6759] CPU: 1 UID: 0 PID: 6759 Comm: syz.0.219 Not tainted syzkaller #0 PREEMPT(full) [ 140.342286][ T6759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 140.342296][ T6759] Call Trace: [ 140.342305][ T6759] [ 140.342314][ T6759] dump_stack_lvl+0x189/0x250 [ 140.342340][ T6759] ? __pfx____ratelimit+0x10/0x10 [ 140.342361][ T6759] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.342381][ T6759] ? __pfx__printk+0x10/0x10 [ 140.342401][ T6759] ? __might_fault+0xb0/0x130 [ 140.342440][ T6759] should_fail_ex+0x414/0x560 [ 140.342466][ T6759] _copy_from_iter+0x1cd/0x1630 [ 140.342491][ T6759] ? __build_skb_around+0x22d/0x3c0 [ 140.342516][ T6759] ? __pfx__copy_from_iter+0x10/0x10 [ 140.342535][ T6759] ? __alloc_skb+0x2f1/0x430 [ 140.342558][ T6759] ? __pfx___alloc_skb+0x10/0x10 [ 140.342581][ T6759] ? netlink_sendmsg+0x642/0xb30 [ 140.342596][ T6759] ? skb_put+0x11b/0x210 [ 140.342619][ T6759] netlink_sendmsg+0x6b2/0xb30 [ 140.342641][ T6759] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.342660][ T6759] ? __import_iovec+0x5d4/0x7f0 [ 140.342680][ T6759] ? aa_sock_msg_perm+0xf1/0x1b0 [ 140.342699][ T6759] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 140.342715][ T6759] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.342733][ T6759] __sock_sendmsg+0x21c/0x270 [ 140.342756][ T6759] ____sys_sendmsg+0x505/0x820 [ 140.342785][ T6759] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.342822][ T6759] ? kstrtouint+0x6e/0xe0 [ 140.342850][ T6759] ___sys_sendmsg+0x21f/0x2a0 [ 140.342875][ T6759] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.342905][ T6759] ? rcu_read_lock_any_held+0xb3/0x120 [ 140.342961][ T6759] ? __fget_files+0x2a/0x420 [ 140.342980][ T6759] ? __fget_files+0x3a0/0x420 [ 140.343010][ T6759] __sys_sendmsg+0x164/0x220 [ 140.343036][ T6759] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.343066][ T6759] ? __pfx_ksys_write+0x10/0x10 [ 140.343087][ T6759] ? __do_fast_syscall_32+0xbe/0x570 [ 140.343111][ T6759] __do_fast_syscall_32+0x1f7/0x570 [ 140.343133][ T6759] ? rcu_is_watching+0x15/0xb0 [ 140.343151][ T6759] ? do_fast_syscall_32+0x34/0x80 [ 140.343177][ T6759] do_fast_syscall_32+0x34/0x80 [ 140.343198][ T6759] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 140.343218][ T6759] RIP: 0023:0xf70ad539 [ 140.343233][ T6759] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 140.343252][ T6759] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 140.343270][ T6759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 140.343282][ T6759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.343291][ T6759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 140.343301][ T6759] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 140.343310][ T6759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 140.343338][ T6759] [ 140.756359][ T5915] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 140.760527][ T6761] binder: 6760:6761 ioctl c0306201 80000640 returned -22 [ 140.927955][ T5915] usb 5-1: not running at top speed; connect to a high speed hub [ 140.949234][ T5915] usb 5-1: config 4 has an invalid interface number: 27 but max is 0 [ 140.955282][ T6767] misc userio: The device must be registered before sending interrupts [ 140.966317][ T5915] usb 5-1: config 4 has no interface number 0 [ 140.966358][ T5915] usb 5-1: config 4 interface 27 has no altsetting 0 [ 140.968793][ T5915] usb 5-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a [ 140.997917][ T6767] batadv_slave_0: entered promiscuous mode [ 140.998919][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.008058][ T6766] batadv_slave_0: left promiscuous mode [ 141.019528][ T5915] usb 5-1: Product: syz [ 141.023809][ T5915] usb 5-1: Manufacturer: syz [ 141.028713][ T5915] usb 5-1: SerialNumber: syz [ 141.046398][ T5918] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 141.076460][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 141.085031][ T6772] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.093772][ T6772] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.207468][ T5918] usb 4-1: Using ep0 maxpacket: 8 [ 141.211464][ T30] audit: type=1326 audit(1765191077.316:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6775 comm="syz.1.226" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f51539 code=0x0 [ 141.218749][ T5918] usb 4-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 141.243990][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 141.257637][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.277439][ T10] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 141.286727][ T10] usb 1-1: config 0 has no interface number 0 [ 141.293046][ T5915] usb 5-1: USB disconnect, device number 13 [ 141.309465][ T10] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 141.322903][ T6779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.226'. [ 141.324178][ T5918] usb 4-1: config 0 descriptor?? [ 141.345324][ T10] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 141.357899][ T10] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 141.381861][ T10] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 141.399479][ T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 141.444167][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.454243][ T10] usb 1-1: config 0 descriptor?? [ 141.462962][ T10] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 141.719072][ T5915] usb 1-1: USB disconnect, device number 7 [ 141.728179][ T5915] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 142.693017][ T6806] FAULT_INJECTION: forcing a failure. [ 142.693017][ T6806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.741081][ T6806] CPU: 0 UID: 0 PID: 6806 Comm: syz.2.232 Not tainted syzkaller #0 PREEMPT(full) [ 142.741098][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 142.741104][ T6806] Call Trace: [ 142.741110][ T6806] [ 142.741116][ T6806] dump_stack_lvl+0x189/0x250 [ 142.741133][ T6806] ? __pfx____ratelimit+0x10/0x10 [ 142.741154][ T6806] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.741165][ T6806] ? __pfx__printk+0x10/0x10 [ 142.741179][ T6806] ? __might_fault+0xb0/0x130 [ 142.741199][ T6806] should_fail_ex+0x414/0x560 [ 142.741215][ T6806] _copy_from_user+0x2d/0xb0 [ 142.741238][ T6806] __sys_connect+0x123/0x440 [ 142.741260][ T6806] ? __fget_files+0x3a0/0x420 [ 142.741288][ T6806] ? __pfx___sys_connect+0x10/0x10 [ 142.741318][ T6806] ? __pfx_ksys_write+0x10/0x10 [ 142.741332][ T6806] __ia32_sys_connect+0x7a/0x90 [ 142.741345][ T6806] __do_fast_syscall_32+0x1f7/0x570 [ 142.741359][ T6806] ? rcu_is_watching+0x15/0xb0 [ 142.741370][ T6806] ? do_fast_syscall_32+0x34/0x80 [ 142.741385][ T6806] do_fast_syscall_32+0x34/0x80 [ 142.741401][ T6806] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.741414][ T6806] RIP: 0023:0xf709d539 [ 142.741428][ T6806] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 142.741442][ T6806] RSP: 002b:00000000f546c55c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 142.741461][ T6806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 142.741473][ T6806] RDX: 000000000000001b RSI: 0000000000000000 RDI: 0000000000000000 [ 142.741482][ T6806] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 142.741492][ T6806] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 142.741502][ T6806] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.741520][ T6806] [ 143.162581][ T6808] misc userio: The device must be registered before sending interrupts [ 143.214508][ T6808] batadv_slave_0: entered promiscuous mode [ 143.222639][ T6807] batadv_slave_0: left promiscuous mode [ 143.554562][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.236'. [ 143.861107][ T6817] FAULT_INJECTION: forcing a failure. [ 143.861107][ T6817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.910702][ T6817] CPU: 1 UID: 0 PID: 6817 Comm: syz.0.238 Not tainted syzkaller #0 PREEMPT(full) [ 143.910729][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 143.910740][ T6817] Call Trace: [ 143.910747][ T6817] [ 143.910755][ T6817] dump_stack_lvl+0x189/0x250 [ 143.910780][ T6817] ? __pfx____ratelimit+0x10/0x10 [ 143.910803][ T6817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.910822][ T6817] ? __pfx__printk+0x10/0x10 [ 143.910852][ T6817] ? __might_fault+0xb0/0x130 [ 143.910886][ T6817] should_fail_ex+0x414/0x560 [ 143.910911][ T6817] _copy_from_user+0x2d/0xb0 [ 143.910936][ T6817] video_usercopy+0x349/0x13f0 [ 143.910968][ T6817] ? __pfx___video_do_ioctl+0x10/0x10 [ 143.910989][ T6817] ? __pfx_video_usercopy+0x10/0x10 [ 143.911026][ T6817] ? __fget_files+0x2a/0x420 [ 143.911050][ T6817] v4l2_ioctl+0x18d/0x1e0 [ 143.911072][ T6817] v4l2_compat_ioctl32+0x1d7/0x290 [ 143.911102][ T6817] __ia32_compat_sys_ioctl+0x543/0x840 [ 143.911122][ T6817] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 143.911140][ T6817] ? __fget_files+0x3a0/0x420 [ 143.911165][ T6817] ? fput+0xa0/0xd0 [ 143.911185][ T6817] ? ksys_write+0x22a/0x250 [ 143.911199][ T6817] ? exc_page_fault+0x82/0x100 [ 143.911222][ T6817] ? __pfx_ksys_write+0x10/0x10 [ 143.911242][ T6817] ? __do_fast_syscall_32+0xbe/0x570 [ 143.911268][ T6817] __do_fast_syscall_32+0x1f7/0x570 [ 143.911291][ T6817] ? rcu_is_watching+0x15/0xb0 [ 143.911311][ T6817] ? do_fast_syscall_32+0x34/0x80 [ 143.911337][ T6817] do_fast_syscall_32+0x34/0x80 [ 143.911358][ T6817] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 143.911379][ T6817] RIP: 0023:0xf70ad539 [ 143.911394][ T6817] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 143.911409][ T6817] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 143.911428][ T6817] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0d05605 [ 143.911440][ T6817] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 143.911451][ T6817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 143.911461][ T6817] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 143.911471][ T6817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 143.911498][ T6817] [ 144.257802][ T5919] usb 4-1: USB disconnect, device number 3 [ 144.454746][ T6830] netlink: 'syz.4.243': attribute type 16 has an invalid length. [ 144.463341][ T6830] netlink: 'syz.4.243': attribute type 17 has an invalid length. [ 144.513378][ T6830] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.516299][ T5915] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 144.713557][ T6834] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 144.808642][ T5915] usb 2-1: Using ep0 maxpacket: 32 [ 144.824293][ T5915] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 144.845999][ T5915] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 144.874038][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 144.882687][ T5915] usb 2-1: Product: syz [ 144.887286][ T5915] usb 2-1: Manufacturer: syz [ 144.895712][ T5915] usb 2-1: SerialNumber: syz [ 144.957746][ T5915] usb 2-1: config 0 descriptor?? [ 144.981516][ T6823] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 144.994351][ T5915] hub 2-1:0.0: bad descriptor, ignoring hub [ 145.002168][ T5915] hub 2-1:0.0: probe with driver hub failed with error -5 [ 145.399276][ T5901] usb 2-1: USB disconnect, device number 10 [ 145.487071][ T5915] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 145.530317][ T6847] misc userio: The device must be registered before sending interrupts [ 145.589081][ T6847] batadv_slave_0: entered promiscuous mode [ 145.617611][ T6846] batadv_slave_0: left promiscuous mode [ 145.656273][ T5915] usb 3-1: Using ep0 maxpacket: 16 [ 145.664556][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.682522][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.754649][ T5915] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 145.973895][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.167402][ T6854] FAULT_INJECTION: forcing a failure. [ 146.167402][ T6854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.193282][ T5915] usb 3-1: config 0 descriptor?? [ 146.216515][ T6854] CPU: 1 UID: 0 PID: 6854 Comm: syz.4.249 Not tainted syzkaller #0 PREEMPT(full) [ 146.216540][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 146.216550][ T6854] Call Trace: [ 146.216557][ T6854] [ 146.216565][ T6854] dump_stack_lvl+0x189/0x250 [ 146.216591][ T6854] ? __pfx____ratelimit+0x10/0x10 [ 146.216612][ T6854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.216632][ T6854] ? __pfx__printk+0x10/0x10 [ 146.216656][ T6854] ? __might_fault+0xb0/0x130 [ 146.216691][ T6854] should_fail_ex+0x414/0x560 [ 146.216716][ T6854] _copy_from_user+0x2d/0xb0 [ 146.216742][ T6854] get_compat_msghdr+0xad/0x4a0 [ 146.216766][ T6854] ? __pfx_get_compat_msghdr+0x10/0x10 [ 146.216784][ T6854] ? kstrtouint+0x6e/0xe0 [ 146.216810][ T6854] ___sys_sendmsg+0x193/0x2a0 [ 146.216838][ T6854] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.216866][ T6854] ? rcu_read_lock_any_held+0xb3/0x120 [ 146.216913][ T6854] ? __fget_files+0x2a/0x420 [ 146.216933][ T6854] ? __fget_files+0x3a0/0x420 [ 146.216962][ T6854] __sys_sendmsg+0x164/0x220 [ 146.216988][ T6854] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.217019][ T6854] ? __pfx_ksys_write+0x10/0x10 [ 146.217039][ T6854] ? __do_fast_syscall_32+0xbe/0x570 [ 146.217066][ T6854] __do_fast_syscall_32+0x1f7/0x570 [ 146.217087][ T6854] ? rcu_is_watching+0x15/0xb0 [ 146.217105][ T6854] ? do_fast_syscall_32+0x34/0x80 [ 146.217132][ T6854] do_fast_syscall_32+0x34/0x80 [ 146.217153][ T6854] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 146.217173][ T6854] RIP: 0023:0xf7fc2539 [ 146.217188][ T6854] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 146.217202][ T6854] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 146.217222][ T6854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001640 [ 146.217234][ T6854] RDX: 0000000000040040 RSI: 0000000000000000 RDI: 0000000000000000 [ 146.217245][ T6854] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 146.217255][ T6854] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 146.217265][ T6854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 146.217291][ T6854] [ 146.506395][ T10] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 146.581705][ T5915] usbhid 3-1:0.0: can't add hid device: -71 [ 146.656348][ T10] usb 1-1: device descriptor read/64, error -71 [ 146.676723][ T5915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 146.691297][ T6858] netlink: 'syz.3.251': attribute type 12 has an invalid length. [ 146.721639][ T5915] usb 3-1: USB disconnect, device number 8 [ 146.801644][ T6861] binder: 6860:6861 ioctl c0306201 80000640 returned -22 [ 146.897289][ T10] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 147.000582][ T6868] loop2: detected capacity change from 0 to 7 [ 147.010561][ T6868] loop2: [ 147.013550][ T6868] loop2: partition table partially beyond EOD, truncated [ 147.026292][ T10] usb 1-1: device descriptor read/64, error -71 [ 147.056321][ T5915] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 147.137416][ T10] usb usb1-port1: attempt power cycle [ 147.207542][ T5915] usb 5-1: Using ep0 maxpacket: 8 [ 147.214920][ T5915] usb 5-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 147.224554][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.236104][ T5915] usb 5-1: config 0 descriptor?? [ 147.486720][ T10] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 147.526764][ T10] usb 1-1: device descriptor read/8, error -71 [ 147.603931][ T6880] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 147.776496][ T10] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 147.806763][ T10] usb 1-1: device descriptor read/8, error -71 [ 147.944671][ T10] usb usb1-port1: unable to enumerate USB device [ 148.453272][ T911] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 148.626265][ T911] usb 4-1: Using ep0 maxpacket: 32 [ 148.643845][ T911] usb 4-1: config index 0 descriptor too short (expected 44, got 36) [ 148.654493][ T911] usb 4-1: config 0 has an invalid interface number: 126 but max is 0 [ 148.674930][ T911] usb 4-1: config 0 has no interface number 0 [ 148.707681][ T911] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 148.728794][ T911] usb 4-1: config 0 interface 126 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0 [ 148.740215][ T911] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0 [ 148.750501][ T911] usb 4-1: config 0 interface 126 has no altsetting 0 [ 148.858917][ T911] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 148.864412][ T6887] misc userio: The device must be registered before sending interrupts [ 148.868101][ T911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.868124][ T911] usb 4-1: Product: syz [ 148.868138][ T911] usb 4-1: Manufacturer: syz [ 148.908459][ T911] usb 4-1: SerialNumber: syz [ 148.923462][ T6887] batadv_slave_0: entered promiscuous mode [ 148.925938][ T911] usb 4-1: config 0 descriptor?? [ 148.945935][ T6885] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 148.961221][ T6886] batadv_slave_0: left promiscuous mode [ 149.342913][ T6894] FAULT_INJECTION: forcing a failure. [ 149.342913][ T6894] name failslab, interval 1, probability 0, space 0, times 0 [ 149.376277][ T6894] CPU: 0 UID: 0 PID: 6894 Comm: syz.0.263 Not tainted syzkaller #0 PREEMPT(full) [ 149.376302][ T6894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 149.376312][ T6894] Call Trace: [ 149.376319][ T6894] [ 149.376328][ T6894] dump_stack_lvl+0x189/0x250 [ 149.376353][ T6894] ? __pfx____ratelimit+0x10/0x10 [ 149.376375][ T6894] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.376395][ T6894] ? __pfx__printk+0x10/0x10 [ 149.376418][ T6894] ? __lock_acquire+0x6b6/0x2cf0 [ 149.376444][ T6894] should_fail_ex+0x414/0x560 [ 149.376470][ T6894] should_failslab+0xa8/0x100 [ 149.376493][ T6894] kmem_cache_alloc_noprof+0x88/0x710 [ 149.376515][ T6894] ? __netlink_lookup+0xbd/0x8a0 [ 149.376530][ T6894] ? skb_clone+0x212/0x3a0 [ 149.376542][ T6894] skb_clone+0x212/0x3a0 [ 149.376553][ T6894] __netlink_deliver_tap+0x404/0x850 [ 149.376569][ T6894] ? netlink_deliver_tap+0x2e/0x1b0 [ 149.376585][ T6894] netlink_deliver_tap+0x19c/0x1b0 [ 149.376603][ T6894] netlink_unicast+0x7fa/0x9e0 [ 149.376636][ T6894] ? __pfx_netlink_unicast+0x10/0x10 [ 149.376661][ T6894] ? netlink_sendmsg+0x642/0xb30 [ 149.376673][ T6894] ? skb_put+0x11b/0x210 [ 149.376689][ T6894] netlink_sendmsg+0x805/0xb30 [ 149.376703][ T6894] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.376714][ T6894] ? __import_iovec+0x5d4/0x7f0 [ 149.376728][ T6894] ? aa_sock_msg_perm+0xf1/0x1b0 [ 149.376747][ T6894] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 149.376764][ T6894] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.376782][ T6894] __sock_sendmsg+0x21c/0x270 [ 149.376806][ T6894] ____sys_sendmsg+0x505/0x820 [ 149.376829][ T6894] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.376846][ T6894] ? kstrtouint+0x6e/0xe0 [ 149.376861][ T6894] ___sys_sendmsg+0x21f/0x2a0 [ 149.376875][ T6894] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.376904][ T6894] ? rcu_read_lock_any_held+0xb3/0x120 [ 149.376947][ T6894] ? __fget_files+0x2a/0x420 [ 149.376967][ T6894] ? __fget_files+0x3a0/0x420 [ 149.376997][ T6894] __sys_sendmsg+0x164/0x220 [ 149.377022][ T6894] ? __pfx___sys_sendmsg+0x10/0x10 [ 149.377045][ T6894] ? __pfx_ksys_write+0x10/0x10 [ 149.377064][ T6894] ? __do_fast_syscall_32+0xbe/0x570 [ 149.377091][ T6894] __do_fast_syscall_32+0x1f7/0x570 [ 149.377114][ T6894] ? rcu_is_watching+0x15/0xb0 [ 149.377132][ T6894] ? do_fast_syscall_32+0x34/0x80 [ 149.377155][ T6894] do_fast_syscall_32+0x34/0x80 [ 149.377168][ T6894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 149.377180][ T6894] RIP: 0023:0xf70ad539 [ 149.377190][ T6894] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 149.377201][ T6894] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 149.377219][ T6894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 149.377232][ T6894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 149.377242][ T6894] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 149.377251][ T6894] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 149.377262][ T6894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 149.377300][ T6894] [ 149.379693][ T6894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 149.466349][ T5919] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 149.866326][ T5919] usb 3-1: Using ep0 maxpacket: 16 [ 149.878417][ T5945] usb 5-1: USB disconnect, device number 14 [ 149.895620][ T5919] usb 3-1: config 0 has no interfaces? [ 149.905311][ T5919] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 149.918277][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.934536][ T5919] usb 3-1: config 0 descriptor?? [ 150.566464][ T5945] usb 3-1: USB disconnect, device number 9 [ 150.825200][ T6906] FAULT_INJECTION: forcing a failure. [ 150.825200][ T6906] name failslab, interval 1, probability 0, space 0, times 0 [ 150.876240][ T911] ir_usb 4-1:0.126: IR Dongle converter detected [ 150.906804][ T911] usb 4-1: IRDA class descriptor not found, device not bound [ 150.926008][ T6906] CPU: 1 UID: 0 PID: 6906 Comm: syz.4.267 Not tainted syzkaller #0 PREEMPT(full) [ 150.926033][ T6906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 150.926043][ T6906] Call Trace: [ 150.926051][ T6906] [ 150.926059][ T6906] dump_stack_lvl+0x189/0x250 [ 150.926083][ T6906] ? __pfx____ratelimit+0x10/0x10 [ 150.926106][ T6906] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.926125][ T6906] ? __pfx__printk+0x10/0x10 [ 150.926162][ T6906] ? __pfx___might_resched+0x10/0x10 [ 150.926179][ T6906] ? fs_reclaim_acquire+0x7d/0x100 [ 150.926200][ T6906] should_fail_ex+0x414/0x560 [ 150.926224][ T6906] should_failslab+0xa8/0x100 [ 150.926244][ T6906] __kmalloc_cache_noprof+0x84/0x700 [ 150.926262][ T6906] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 150.926277][ T6906] ? __lock_acquire+0x6b6/0x2cf0 [ 150.926297][ T6906] tcp_sendmsg_fastopen+0x1de/0x5e0 [ 150.926318][ T6906] tcp_sendmsg_locked+0x4c9d/0x5520 [ 150.926348][ T6906] ? __lock_acquire+0x6b6/0x2cf0 [ 150.926389][ T6906] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 150.926402][ T6906] ? __local_bh_enable_ip+0x12d/0x1c0 [ 150.926423][ T6906] ? __local_bh_enable_ip+0x12d/0x1c0 [ 150.926458][ T6906] tcp_sendmsg+0x2f/0x50 [ 150.926475][ T6906] __sock_sendmsg+0xe5/0x270 [ 150.926496][ T6906] __sys_sendto+0x3bd/0x520 [ 150.926520][ T6906] ? __pfx___sys_sendto+0x10/0x10 [ 150.926538][ T6906] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 150.926572][ T6906] ? __fget_files+0x3a0/0x420 [ 150.926603][ T6906] ? ksys_write+0x22a/0x250 [ 150.926616][ T6906] ? exc_page_fault+0x82/0x100 [ 150.926636][ T6906] ? __pfx_ksys_write+0x10/0x10 [ 150.926655][ T6906] __ia32_sys_sendto+0xdd/0x100 [ 150.926680][ T6906] __do_fast_syscall_32+0x1f7/0x570 [ 150.926703][ T6906] ? rcu_is_watching+0x15/0xb0 [ 150.926720][ T6906] ? do_fast_syscall_32+0x34/0x80 [ 150.926747][ T6906] do_fast_syscall_32+0x34/0x80 [ 150.926770][ T6906] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 150.926788][ T6906] RIP: 0023:0xf7fc2539 [ 150.926802][ T6906] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 150.926816][ T6906] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171 [ 150.926835][ T6906] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 150.926846][ T6906] RDX: 0000000000000000 RSI: 0000000020000045 RDI: 00000000800001c0 [ 150.926858][ T6906] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 150.926869][ T6906] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 150.926879][ T6906] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 150.926906][ T6906] [ 151.197672][ T911] usb 4-1: USB disconnect, device number 4 [ 151.893264][ T6922] misc userio: The device must be registered before sending interrupts [ 151.938821][ T6922] batadv_slave_0: entered promiscuous mode [ 151.975464][ T6920] batadv_slave_0: left promiscuous mode [ 151.985122][ T6924] FAULT_INJECTION: forcing a failure. [ 151.985122][ T6924] name failslab, interval 1, probability 0, space 0, times 0 [ 152.036422][ T6924] CPU: 1 UID: 0 PID: 6924 Comm: syz.0.273 Not tainted syzkaller #0 PREEMPT(full) [ 152.036448][ T6924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.036459][ T6924] Call Trace: [ 152.036467][ T6924] [ 152.036475][ T6924] dump_stack_lvl+0x189/0x250 [ 152.036501][ T6924] ? __pfx____ratelimit+0x10/0x10 [ 152.036523][ T6924] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.036543][ T6924] ? __pfx__printk+0x10/0x10 [ 152.036569][ T6924] ? __pfx___might_resched+0x10/0x10 [ 152.036588][ T6924] ? fs_reclaim_acquire+0x7d/0x100 [ 152.036612][ T6924] should_fail_ex+0x414/0x560 [ 152.036637][ T6924] should_failslab+0xa8/0x100 [ 152.036658][ T6924] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 152.036684][ T6924] ? __alloc_skb+0x255/0x430 [ 152.036704][ T6924] ? napi_skb_cache_get+0x4a5/0x780 [ 152.036728][ T6924] ? napi_skb_cache_get+0x151/0x780 [ 152.036753][ T6924] __alloc_skb+0x255/0x430 [ 152.036777][ T6924] ? __pfx___alloc_skb+0x10/0x10 [ 152.036803][ T6924] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 152.036825][ T6924] netlink_sendmsg+0x5c6/0xb30 [ 152.036852][ T6924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.036869][ T6924] ? __import_iovec+0x5d4/0x7f0 [ 152.036891][ T6924] ? aa_sock_msg_perm+0xf1/0x1b0 [ 152.036910][ T6924] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 152.036926][ T6924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.036944][ T6924] __sock_sendmsg+0x21c/0x270 [ 152.036968][ T6924] ____sys_sendmsg+0x505/0x820 [ 152.036995][ T6924] ? __pfx_____sys_sendmsg+0x10/0x10 [ 152.037023][ T6924] ? kstrtouint+0x6e/0xe0 [ 152.037059][ T6924] ___sys_sendmsg+0x21f/0x2a0 [ 152.037086][ T6924] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.037116][ T6924] ? rcu_read_lock_any_held+0xb3/0x120 [ 152.037163][ T6924] ? __fget_files+0x2a/0x420 [ 152.037184][ T6924] ? __fget_files+0x3a0/0x420 [ 152.037213][ T6924] __sys_sendmsg+0x164/0x220 [ 152.037240][ T6924] ? __pfx___sys_sendmsg+0x10/0x10 [ 152.037272][ T6924] ? __pfx_ksys_write+0x10/0x10 [ 152.037293][ T6924] ? __do_fast_syscall_32+0xbe/0x570 [ 152.037320][ T6924] __do_fast_syscall_32+0x1f7/0x570 [ 152.037343][ T6924] ? rcu_is_watching+0x15/0xb0 [ 152.037362][ T6924] ? do_fast_syscall_32+0x34/0x80 [ 152.037389][ T6924] do_fast_syscall_32+0x34/0x80 [ 152.037412][ T6924] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 152.037433][ T6924] RIP: 0023:0xf70ad539 [ 152.037448][ T6924] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 152.037463][ T6924] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 152.037482][ T6924] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 152.037494][ T6924] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 152.037504][ T6924] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 152.037514][ T6924] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 152.037522][ T6924] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 152.037548][ T6924] [ 152.551665][ T6926] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 152.593161][ T6926] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 152.624250][ T6932] binder: 6928:6932 ioctl c0306201 80000640 returned -22 [ 152.698085][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.274'. [ 152.863561][ T6943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'. [ 152.896431][ T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 152.914880][ T5915] IPVS: starting estimator thread 0... [ 153.008047][ T6949] IPVS: using max 37 ests per chain, 88800 per kthread [ 153.056281][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 153.079126][ T10] usb 5-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 153.098478][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.127914][ T10] usb 5-1: config 0 descriptor?? [ 153.188095][ T6959] netlink: 132 bytes leftover after parsing attributes in process `syz.2.283'. [ 154.116980][ T6971] misc userio: The device must be registered before sending interrupts [ 154.129610][ T6971] batadv_slave_0: entered promiscuous mode [ 154.138099][ T6970] batadv_slave_0: left promiscuous mode [ 154.528750][ T6979] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 154.535877][ T6979] netlink: 12 bytes leftover after parsing attributes in process `syz.1.287'. [ 154.544851][ T6979] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 155.774731][ T5916] usb 5-1: USB disconnect, device number 15 [ 155.899635][ T7008] bond0: entered promiscuous mode [ 155.909687][ T7008] bond_slave_0: entered promiscuous mode [ 155.936479][ T7008] bond_slave_1: entered promiscuous mode [ 155.945761][ T7008] bond0: entered allmulticast mode [ 155.959237][ T7008] bond_slave_0: entered allmulticast mode [ 155.971518][ T7010] misc userio: The device must be registered before sending interrupts [ 156.059651][ T7008] bond_slave_1: entered allmulticast mode [ 156.066100][ T7015] batadv_slave_0: entered promiscuous mode [ 156.216863][ T7009] batadv_slave_0: left promiscuous mode [ 156.526318][ T911] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 156.535150][ T7023] netlink: 32 bytes leftover after parsing attributes in process `syz.1.301'. [ 156.638261][ T7027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.303'. [ 156.676422][ T911] usb 5-1: Using ep0 maxpacket: 8 [ 156.686528][ T911] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 156.724151][ T911] usb 5-1: config 0 has no interface number 0 [ 156.752826][ T7029] FAULT_INJECTION: forcing a failure. [ 156.752826][ T7029] name failslab, interval 1, probability 0, space 0, times 0 [ 156.756283][ T911] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 156.765875][ T7029] CPU: 0 UID: 0 PID: 7029 Comm: syz.0.305 Not tainted syzkaller #0 PREEMPT(full) [ 156.765898][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 156.765909][ T7029] Call Trace: [ 156.765918][ T7029] [ 156.765927][ T7029] dump_stack_lvl+0x189/0x250 [ 156.765952][ T7029] ? __pfx____ratelimit+0x10/0x10 [ 156.765973][ T7029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.765993][ T7029] ? __pfx__printk+0x10/0x10 [ 156.766016][ T7029] ? __lock_acquire+0x6b6/0x2cf0 [ 156.766042][ T7029] should_fail_ex+0x414/0x560 [ 156.766068][ T7029] should_failslab+0xa8/0x100 [ 156.766090][ T7029] kmem_cache_alloc_noprof+0x88/0x710 [ 156.766114][ T7029] ? __netlink_lookup+0xbd/0x8a0 [ 156.766130][ T7029] ? skb_clone+0x212/0x3a0 [ 156.766151][ T7029] skb_clone+0x212/0x3a0 [ 156.766175][ T7029] __netlink_deliver_tap+0x404/0x850 [ 156.766204][ T7029] ? netlink_deliver_tap+0x2e/0x1b0 [ 156.766222][ T7029] netlink_deliver_tap+0x19c/0x1b0 [ 156.766239][ T7029] netlink_unicast+0x7fa/0x9e0 [ 156.766270][ T7029] ? __pfx_netlink_unicast+0x10/0x10 [ 156.766295][ T7029] ? netlink_sendmsg+0x642/0xb30 [ 156.766309][ T7029] ? skb_put+0x11b/0x210 [ 156.766334][ T7029] netlink_sendmsg+0x805/0xb30 [ 156.766360][ T7029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.766379][ T7029] ? __import_iovec+0x5d4/0x7f0 [ 156.766400][ T7029] ? aa_sock_msg_perm+0xf1/0x1b0 [ 156.766419][ T7029] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 156.766435][ T7029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.766453][ T7029] __sock_sendmsg+0x21c/0x270 [ 156.766475][ T7029] ____sys_sendmsg+0x505/0x820 [ 156.766504][ T7029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.766531][ T7029] ? kstrtouint+0x6e/0xe0 [ 156.766558][ T7029] ___sys_sendmsg+0x21f/0x2a0 [ 156.766583][ T7029] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.766613][ T7029] ? rcu_read_lock_any_held+0xb3/0x120 [ 156.766659][ T7029] ? __fget_files+0x2a/0x420 [ 156.766678][ T7029] ? __fget_files+0x3a0/0x420 [ 156.766708][ T7029] __sys_sendmsg+0x164/0x220 [ 156.766732][ T7029] ? __pfx___sys_sendmsg+0x10/0x10 [ 156.766770][ T7029] ? __pfx_ksys_write+0x10/0x10 [ 156.766791][ T7029] ? __do_fast_syscall_32+0xbe/0x570 [ 156.766817][ T7029] __do_fast_syscall_32+0x1f7/0x570 [ 156.766840][ T7029] ? rcu_is_watching+0x15/0xb0 [ 156.766857][ T7029] ? do_fast_syscall_32+0x34/0x80 [ 156.766884][ T7029] do_fast_syscall_32+0x34/0x80 [ 156.766906][ T7029] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 156.766926][ T7029] RIP: 0023:0xf70ad539 [ 156.766942][ T7029] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 156.766957][ T7029] RSP: 002b:00000000f549d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 156.766975][ T7029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 156.766986][ T7029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 156.766997][ T7029] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 156.767006][ T7029] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 156.767016][ T7029] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 156.767043][ T7029] [ 157.096805][ T911] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 157.108622][ T911] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 157.120494][ T911] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 157.139114][ T911] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 157.165933][ T7021] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 157.165933][ T7021] program syz.3.302 not setting count and/or reply_len properly [ 157.171254][ T911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.195375][ T911] usb 5-1: config 0 descriptor?? [ 157.262297][ T911] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 157.617947][ T5915] usb 5-1: USB disconnect, device number 16 [ 157.633178][ T5915] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 158.098511][ T7058] misc userio: The device must be registered before sending interrupts [ 158.121828][ T7058] batadv_slave_0: entered promiscuous mode [ 158.134340][ T7056] batadv_slave_0: left promiscuous mode [ 159.449603][ T7078] FAULT_INJECTION: forcing a failure. [ 159.449603][ T7078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.528910][ T7078] CPU: 0 UID: 0 PID: 7078 Comm: syz.2.318 Not tainted syzkaller #0 PREEMPT(full) [ 159.528934][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.528945][ T7078] Call Trace: [ 159.528953][ T7078] [ 159.528960][ T7078] dump_stack_lvl+0x189/0x250 [ 159.528985][ T7078] ? __pfx____ratelimit+0x10/0x10 [ 159.529007][ T7078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.529027][ T7078] ? __pfx__printk+0x10/0x10 [ 159.529050][ T7078] ? __might_fault+0xb0/0x130 [ 159.529084][ T7078] should_fail_ex+0x414/0x560 [ 159.529110][ T7078] _copy_from_iter+0x1cd/0x1630 [ 159.529136][ T7078] ? __build_skb_around+0x22d/0x3c0 [ 159.529164][ T7078] ? __pfx__copy_from_iter+0x10/0x10 [ 159.529183][ T7078] ? __alloc_skb+0x2f1/0x430 [ 159.529205][ T7078] ? __pfx___alloc_skb+0x10/0x10 [ 159.529229][ T7078] ? netlink_sendmsg+0x642/0xb30 [ 159.529245][ T7078] ? skb_put+0x11b/0x210 [ 159.529268][ T7078] netlink_sendmsg+0x6b2/0xb30 [ 159.529294][ T7078] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.529314][ T7078] ? __import_iovec+0x5d4/0x7f0 [ 159.529335][ T7078] ? aa_sock_msg_perm+0xf1/0x1b0 [ 159.529354][ T7078] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 159.529370][ T7078] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.529388][ T7078] __sock_sendmsg+0x21c/0x270 [ 159.529411][ T7078] ____sys_sendmsg+0x505/0x820 [ 159.529441][ T7078] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.529470][ T7078] ? kstrtouint+0x6e/0xe0 [ 159.529495][ T7078] ___sys_sendmsg+0x21f/0x2a0 [ 159.529521][ T7078] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.529551][ T7078] ? rcu_read_lock_any_held+0xb3/0x120 [ 159.529595][ T7078] ? __fget_files+0x2a/0x420 [ 159.529615][ T7078] ? __fget_files+0x3a0/0x420 [ 159.529642][ T7078] __sys_sendmsg+0x164/0x220 [ 159.529668][ T7078] ? __pfx___sys_sendmsg+0x10/0x10 [ 159.529698][ T7078] ? __pfx_ksys_write+0x10/0x10 [ 159.529719][ T7078] ? __do_fast_syscall_32+0xbe/0x570 [ 159.529746][ T7078] __do_fast_syscall_32+0x1f7/0x570 [ 159.529768][ T7078] ? rcu_is_watching+0x15/0xb0 [ 159.529785][ T7078] ? do_fast_syscall_32+0x34/0x80 [ 159.529810][ T7078] do_fast_syscall_32+0x34/0x80 [ 159.529831][ T7078] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 159.529858][ T7078] RIP: 0023:0xf709d539 [ 159.529873][ T7078] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 159.529888][ T7078] RSP: 002b:00000000f548d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 159.529907][ T7078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 159.529920][ T7078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 159.529930][ T7078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 159.529940][ T7078] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 159.529951][ T7078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 159.529978][ T7078] [ 159.839570][ T7080] netlink: 'syz.4.320': attribute type 1 has an invalid length. [ 161.279599][ T7112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'. [ 162.181903][ T7124] netlink: 'syz.4.330': attribute type 10 has an invalid length. [ 162.215896][ T7124] netlink: 40 bytes leftover after parsing attributes in process `syz.4.330'. [ 162.228844][ T7124] batadv0: entered promiscuous mode [ 162.234119][ T7124] batadv0: entered allmulticast mode [ 162.240200][ T7124] bridge0: port 3(batadv0) entered blocking state [ 162.247263][ T7124] bridge0: port 3(batadv0) entered disabled state [ 162.396449][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 162.512652][ T7132] netlink: 28 bytes leftover after parsing attributes in process `syz.4.332'. [ 162.560614][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 162.570267][ T10] usb 3-1: config 13 has an invalid interface number: 50 but max is 3 [ 162.580630][ T10] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 162.606652][ T6006] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 162.615915][ T6006] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 163.102520][ T10] usb 3-1: config 13 has 1 interface, different from the descriptor's value: 4 [ 163.121992][ T10] usb 3-1: config 13 has no interface number 0 [ 163.136326][ T10] usb 3-1: config 13 interface 50 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 163.196327][ T10] usb 3-1: config 13 interface 50 has no altsetting 0 [ 163.406399][ T10] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8 [ 163.420648][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.448010][ T10] usb 3-1: Product: syz [ 163.475050][ T10] usb 3-1: Manufacturer: syz [ 163.492955][ T10] usb 3-1: SerialNumber: syz [ 163.946316][ T7145] loop2: detected capacity change from 0 to 7 [ 163.970858][ T7145] Dev loop2: unable to read RDB block 7 [ 164.245794][ T7145] loop2: AHDI p1 p2 p3 [ 164.264274][ T7145] loop2: partition table partially beyond EOD, truncated [ 164.296752][ T7145] loop2: p1 start 1601398130 is beyond EOD, truncated [ 164.354472][ T7145] loop2: p2 start 1702059890 is beyond EOD, truncated [ 164.476481][ T5916] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 164.646428][ T5916] usb 1-1: Using ep0 maxpacket: 16 [ 164.658902][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.694151][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.704304][ T5916] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 164.713625][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.748922][ T5916] usb 1-1: config 0 descriptor?? [ 165.198953][ T5916] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 165.513361][ T5915] usb 1-1: USB disconnect, device number 12 [ 165.918688][ T7168] netlink: 28 bytes leftover after parsing attributes in process `syz.3.343'. [ 166.035930][ T7163] fido_id[7163]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 166.066306][ T183] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 166.237259][ T7171] FAULT_INJECTION: forcing a failure. [ 166.237259][ T7171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.251663][ T7171] CPU: 0 UID: 0 PID: 7171 Comm: syz.3.344 Not tainted syzkaller #0 PREEMPT(full) [ 166.251688][ T7171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 166.251699][ T7171] Call Trace: [ 166.251706][ T7171] [ 166.251714][ T7171] dump_stack_lvl+0x189/0x250 [ 166.251742][ T7171] ? __pfx____ratelimit+0x10/0x10 [ 166.251764][ T7171] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.251784][ T7171] ? __pfx__printk+0x10/0x10 [ 166.251807][ T7171] ? __might_fault+0xb0/0x130 [ 166.251841][ T7171] should_fail_ex+0x414/0x560 [ 166.251867][ T7171] _copy_from_user+0x2d/0xb0 [ 166.251892][ T7171] video_usercopy+0x349/0x13f0 [ 166.251922][ T7171] ? __pfx___video_do_ioctl+0x10/0x10 [ 166.251942][ T7171] ? __pfx_video_usercopy+0x10/0x10 [ 166.251981][ T7171] ? __fget_files+0x2a/0x420 [ 166.252006][ T7171] v4l2_ioctl+0x18d/0x1e0 [ 166.252031][ T7171] v4l2_compat_ioctl32+0x1d7/0x290 [ 166.252060][ T7171] __ia32_compat_sys_ioctl+0x543/0x840 [ 166.252081][ T7171] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 166.252099][ T7171] ? __fget_files+0x3a0/0x420 [ 166.252126][ T7171] ? fput+0xa0/0xd0 [ 166.252147][ T7171] ? ksys_write+0x22a/0x250 [ 166.252163][ T7171] ? exc_page_fault+0x82/0x100 [ 166.252185][ T7171] ? __pfx_ksys_write+0x10/0x10 [ 166.252206][ T7171] ? __do_fast_syscall_32+0xbe/0x570 [ 166.252232][ T7171] __do_fast_syscall_32+0x1f7/0x570 [ 166.252256][ T7171] ? rcu_is_watching+0x15/0xb0 [ 166.252274][ T7171] ? do_fast_syscall_32+0x34/0x80 [ 166.252302][ T7171] do_fast_syscall_32+0x34/0x80 [ 166.252324][ T7171] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 166.252345][ T7171] RIP: 0023:0xf706d539 [ 166.252367][ T7171] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 166.252382][ T7171] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 166.252401][ T7171] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c040565f [ 166.252414][ T7171] RDX: 0000000080000940 RSI: 0000000000000000 RDI: 0000000000000000 [ 166.252424][ T7171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 166.252435][ T7171] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 166.252445][ T7171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.252471][ T7171] [ 166.813710][ T183] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 166.825191][ T183] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.856317][ T183] usb 5-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00 [ 166.883673][ T183] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.977337][ T183] usb 5-1: config 0 descriptor?? [ 167.411904][ T7180] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 167.419924][ T7180] netlink: 12 bytes leftover after parsing attributes in process `syz.0.346'. [ 167.438210][ T7180] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 167.541854][ T183] chicony 0003:04F2:0418.0006: reserved main item tag 0xe [ 167.602728][ T183] chicony 0003:04F2:0418.0006: hidraw0: USB HID v0.01 Device [HID 04f2:0418] on usb-dummy_hcd.4-1/input0 [ 168.590831][ T10] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 168.607638][ T3520] usb 3-1: Failed to submit usb control message: -71 [ 168.614864][ T3520] usb 3-1: unable to send the bmi data to the device: -71 [ 168.665070][ T10] usb 3-1: USB disconnect, device number 10 [ 168.672171][ T3520] usb 3-1: unable to get target info from device [ 168.700233][ T7195] sctp: [Deprecated]: syz.2.350 (pid 7195) Use of int in max_burst socket option. [ 168.700233][ T7195] Use struct sctp_assoc_value instead [ 168.735774][ T3520] usb 3-1: could not get target info (-71) [ 168.764091][ T3520] usb 3-1: could not probe fw (-71) [ 168.855184][ T7198] netlink: 40 bytes leftover after parsing attributes in process `syz.1.351'. [ 168.908991][ T7198] netlink: 32 bytes leftover after parsing attributes in process `syz.1.351'. [ 169.186284][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 169.784255][ T183] usb 5-1: USB disconnect, device number 17 [ 169.816304][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 169.844362][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 169.889659][ T10] usb 2-1: config 4 has an invalid interface number: 30 but max is 0 [ 169.947802][ T10] usb 2-1: config 4 has no interface number 0 [ 169.989449][ T10] usb 2-1: config 4 interface 30 has no altsetting 0 [ 170.034294][ T10] usb 2-1: string descriptor 0 read error: -22 [ 170.040916][ T10] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 170.050311][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.079253][ T7220] IPVS: set_ctl: invalid protocol: 135 100.1.1.2:20004 [ 170.111104][ T10] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 170.124464][ T7222] IPVS: set_ctl: invalid protocol: 135 100.1.1.2:20004 [ 170.136427][ T10] dw2102: su3000_power_ctrl: 1, initialized 0 [ 170.152994][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 170.177852][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 170.267797][ T10] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 170.275329][ T10] usb 2-1: media controller created [ 170.315186][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.323602][ T10] dw2102: i2c transfer failed. [ 170.329368][ T7198] dvb-usb: bulk message failed: -22 (3/0) [ 170.343945][ T7198] dw2102: i2c transfer failed. [ 170.350108][ T7198] dvb-usb: bulk message failed: -22 (4/0) [ 170.414395][ T7198] dw2102: i2c transfer failed. [ 170.434805][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.471499][ T10] dw2102: i2c transfer failed. [ 170.486901][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.565497][ T10] dw2102: i2c transfer failed. [ 170.582772][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.620918][ T10] dw2102: i2c transfer failed. [ 170.625724][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.648762][ T7229] netlink: 'syz.3.359': attribute type 16 has an invalid length. [ 170.657042][ T10] dw2102: i2c transfer failed. [ 170.661824][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 170.675975][ T10] dw2102: i2c transfer failed. [ 170.676038][ T7229] netlink: 'syz.3.359': attribute type 17 has an invalid length. [ 170.688944][ T10] dvb-usb: MAC address: 02:02:02:02:02:02 [ 170.991068][ T7229] bond0: left promiscuous mode [ 170.993165][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 171.019659][ T7229] bond_slave_0: left promiscuous mode [ 171.052623][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 171.060871][ T10] dw2102: command 0x0e transfer failed. [ 171.086323][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 171.097258][ T7229] bond_slave_1: left promiscuous mode [ 171.106213][ T10] dw2102: command 0x0e transfer failed. [ 171.115605][ T7229] bond0: left allmulticast mode [ 171.136301][ T7229] bond_slave_0: left allmulticast mode [ 171.146132][ T7229] bond_slave_1: left allmulticast mode [ 171.160342][ T7229] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 171.410981][ T7238] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 171.670955][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 171.686344][ T10] dw2102: command 0x0e transfer failed. [ 171.713573][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 171.739785][ T10] dw2102: command 0x0e transfer failed. [ 171.755576][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 171.781319][ T10] dw2102: command 0x51 transfer failed. [ 171.814100][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 171.831409][ T10] dw2102: i2c probe for address 0x68 failed. [ 171.844851][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 171.851764][ T10] dw2102: i2c probe for address 0x69 failed. [ 171.857966][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 171.863812][ T10] dw2102: i2c probe for address 0x6a failed. [ 171.871037][ T10] dw2102: probing for demodulator failed. Is the external power switched on? [ 171.915597][ T10] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 172.186345][ T10] rc_core: IR keymap rc-tt-1500 not found [ 172.212593][ T10] Registered IR keymap rc-empty [ 172.471828][ T10] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 172.532671][ T10] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input5 [ 172.698020][ T10] dvb-usb: schedule remote query interval to 250 msecs. [ 172.736710][ T10] dw2102: su3000_power_ctrl: 0, initialized 1 [ 172.742909][ T10] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 172.766361][ T5915] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 172.812662][ T10] usb 2-1: USB disconnect, device number 11 [ 173.034662][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.198058][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.227844][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 173.266316][ T5915] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 173.366791][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.388491][ T10] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 173.402397][ T5915] usb 5-1: config 0 descriptor?? [ 173.468113][ C1] sd 0:0:1:0: [sda] tag#9321 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 173.478581][ C1] sd 0:0:1:0: [sda] tag#9321 CDB: Write(6) 0a 00 4e 20 00 00 00 09 00 00 00 00 [ 173.536834][ T7266] netlink: 16 bytes leftover after parsing attributes in process `syz.1.368'. [ 173.636674][ T7270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.370'. [ 173.727700][ T7274] netlink: 17780 bytes leftover after parsing attributes in process `syz.0.370'. [ 173.855311][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.867004][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.874920][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.884667][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.895054][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.903764][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.928887][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.946516][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.958041][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 173.965943][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 174.112157][ T5915] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 174.478033][ T5915] usb 5-1: USB disconnect, device number 18 [ 174.535481][ T7279] fido_id[7279]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 174.569667][ T7287] FAULT_INJECTION: forcing a failure. [ 174.569667][ T7287] name failslab, interval 1, probability 0, space 0, times 0 [ 174.589572][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 174.596527][ T7287] CPU: 0 UID: 0 PID: 7287 Comm: syz.3.376 Not tainted syzkaller #0 PREEMPT(full) [ 174.596553][ T7287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 174.596564][ T7287] Call Trace: [ 174.596571][ T7287] [ 174.596580][ T7287] dump_stack_lvl+0x189/0x250 [ 174.596605][ T7287] ? __pfx____ratelimit+0x10/0x10 [ 174.596627][ T7287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.596647][ T7287] ? __pfx__printk+0x10/0x10 [ 174.596670][ T7287] ? __lock_acquire+0x6b6/0x2cf0 [ 174.596704][ T7287] should_fail_ex+0x414/0x560 [ 174.596730][ T7287] should_failslab+0xa8/0x100 [ 174.596751][ T7287] kmem_cache_alloc_noprof+0x88/0x710 [ 174.596774][ T7287] ? __netlink_lookup+0xbd/0x8a0 [ 174.596792][ T7287] ? skb_clone+0x212/0x3a0 [ 174.596812][ T7287] skb_clone+0x212/0x3a0 [ 174.596832][ T7287] __netlink_deliver_tap+0x404/0x850 [ 174.596862][ T7287] ? netlink_deliver_tap+0x2e/0x1b0 [ 174.596880][ T7287] netlink_deliver_tap+0x19c/0x1b0 [ 174.596896][ T7287] netlink_unicast+0x7fa/0x9e0 [ 174.596927][ T7287] ? __pfx_netlink_unicast+0x10/0x10 [ 174.596952][ T7287] ? netlink_sendmsg+0x642/0xb30 [ 174.596966][ T7287] ? skb_put+0x11b/0x210 [ 174.596991][ T7287] netlink_sendmsg+0x805/0xb30 [ 174.597017][ T7287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.597037][ T7287] ? __import_iovec+0x5d4/0x7f0 [ 174.597058][ T7287] ? aa_sock_msg_perm+0xf1/0x1b0 [ 174.597077][ T7287] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 174.597093][ T7287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 174.597111][ T7287] __sock_sendmsg+0x21c/0x270 [ 174.597133][ T7287] ____sys_sendmsg+0x505/0x820 [ 174.597159][ T7287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 174.597185][ T7287] ? kstrtouint+0x6e/0xe0 [ 174.597210][ T7287] ___sys_sendmsg+0x21f/0x2a0 [ 174.597234][ T7287] ? __pfx____sys_sendmsg+0x10/0x10 [ 174.597264][ T7287] ? rcu_read_lock_any_held+0xb3/0x120 [ 174.597309][ T7287] ? __fget_files+0x2a/0x420 [ 174.597330][ T7287] ? __fget_files+0x3a0/0x420 [ 174.597360][ T7287] __sys_sendmsg+0x164/0x220 [ 174.597384][ T7287] ? __pfx___sys_sendmsg+0x10/0x10 [ 174.597416][ T7287] ? __pfx_ksys_write+0x10/0x10 [ 174.597437][ T7287] ? __do_fast_syscall_32+0xbe/0x570 [ 174.597464][ T7287] __do_fast_syscall_32+0x1f7/0x570 [ 174.597486][ T7287] ? rcu_is_watching+0x15/0xb0 [ 174.597505][ T7287] ? do_fast_syscall_32+0x34/0x80 [ 174.597531][ T7287] do_fast_syscall_32+0x34/0x80 [ 174.597554][ T7287] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 174.597574][ T7287] RIP: 0023:0xf706d539 [ 174.597589][ T7287] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 174.597604][ T7287] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 174.597622][ T7287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 174.597634][ T7287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.597644][ T7287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 174.597654][ T7287] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 174.597664][ T7287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 174.597697][ T7287] [ 174.597744][ T7287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.376'. [ 174.786294][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 174.823279][ T7289] netlink: 28 bytes leftover after parsing attributes in process `syz.0.377'. [ 174.882815][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 174.998481][ T24] usb 3-1: config 13 has an invalid interface number: 50 but max is 0 [ 175.008209][ T24] usb 3-1: config 13 has no interface number 0 [ 175.014451][ T24] usb 3-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 175.028011][ T24] usb 3-1: config 13 interface 50 has no altsetting 0 [ 175.038616][ T24] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 175.164904][ T7291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.378'. [ 175.255918][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.274723][ T24] usb 3-1: Product: syz [ 175.284836][ T24] usb 3-1: Manufacturer: syz [ 175.306683][ T24] usb 3-1: SerialNumber: syz [ 175.528992][ T7305] input: syz1 as /devices/virtual/input/input6 [ 175.605060][ T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 175.632458][ T24] usb 3-1: MIDIStreaming interface descriptor not found [ 175.796987][ T24] usb 3-1: USB disconnect, device number 11 [ 176.495255][ T5944] bond0: (slave bond_slave_0): interface is now down [ 176.512668][ T7326] input: syz1 as /devices/virtual/input/input7 [ 176.514106][ T5944] bond0: (slave bond_slave_1): interface is now down [ 176.539791][ T7326] FAULT_INJECTION: forcing a failure. [ 176.539791][ T7326] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.600742][ T5944] bond0: (slave bond_slave_0): interface is now down [ 176.603929][ T7326] CPU: 0 UID: 0 PID: 7326 Comm: syz.2.389 Not tainted syzkaller #0 PREEMPT(full) [ 176.603957][ T7326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 176.603968][ T7326] Call Trace: [ 176.603976][ T7326] [ 176.603984][ T7326] dump_stack_lvl+0x189/0x250 [ 176.604008][ T7326] ? __pfx____ratelimit+0x10/0x10 [ 176.604031][ T7326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.604050][ T7326] ? __pfx__printk+0x10/0x10 [ 176.604073][ T7326] ? __might_fault+0xb0/0x130 [ 176.604107][ T7326] should_fail_ex+0x414/0x560 [ 176.604132][ T7326] _copy_from_user+0x2d/0xb0 [ 176.604157][ T7326] input_event_from_user+0xf9/0x280 [ 176.604197][ T7326] ? __pfx_input_event_from_user+0x10/0x10 [ 176.604224][ T7326] ? input_event+0xc7/0xe0 [ 176.604243][ T7326] uinput_write+0x279/0xfc0 [ 176.604275][ T7326] ? __pfx_uinput_write+0x10/0x10 [ 176.604300][ T7326] ? bpf_lsm_file_permission+0x9/0x20 [ 176.604318][ T7326] ? security_file_permission+0x75/0x290 [ 176.604347][ T7326] ? rw_verify_area+0x255/0x4d0 [ 176.604363][ T7326] ? __pfx_uinput_write+0x10/0x10 [ 176.604388][ T7326] vfs_write+0x27e/0xb30 [ 176.604413][ T7326] ? __pfx_vfs_write+0x10/0x10 [ 176.604431][ T7326] ? __fget_files+0x2a/0x420 [ 176.604454][ T7326] ? __fget_files+0x2a/0x420 [ 176.604473][ T7326] ? __fget_files+0x3a0/0x420 [ 176.604492][ T7326] ? __fget_files+0x2a/0x420 [ 176.604520][ T7326] ksys_write+0x145/0x250 [ 176.604539][ T7326] ? __pfx_ksys_write+0x10/0x10 [ 176.604559][ T7326] ? __do_fast_syscall_32+0xbe/0x570 [ 176.604586][ T7326] __do_fast_syscall_32+0x1f7/0x570 [ 176.604608][ T7326] ? rcu_is_watching+0x15/0xb0 [ 176.604627][ T7326] ? do_fast_syscall_32+0x34/0x80 [ 176.604653][ T7326] do_fast_syscall_32+0x34/0x80 [ 176.604675][ T7326] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.604695][ T7326] RIP: 0023:0xf709d539 [ 176.604710][ T7326] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 176.604725][ T7326] RSP: 002b:00000000f548d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 176.604742][ T7326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a40 [ 176.604754][ T7326] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000 [ 176.604765][ T7326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 176.604774][ T7326] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 176.604785][ T7326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.604812][ T7326] [ 176.946310][ T5944] bond0: (slave bond_slave_1): interface is now down [ 177.016341][ T5944] bond0: (slave bond_slave_0): interface is now down [ 177.054705][ T5944] bond0: (slave bond_slave_1): interface is now down [ 177.076611][ T7332] netlink: 40 bytes leftover after parsing attributes in process `syz.1.391'. [ 177.121659][ T7332] netlink: 32 bytes leftover after parsing attributes in process `syz.1.391'. [ 177.136423][ T5944] bond0: (slave bond_slave_0): interface is now down [ 177.143206][ T5944] bond0: (slave bond_slave_1): interface is now down [ 177.234295][ T1089] bond0: (slave bond_slave_0): interface is now down [ 177.258409][ T1089] bond0: (slave bond_slave_1): interface is now down [ 177.285834][ T1089] bond0: now running without any active interface! [ 177.406303][ T5919] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 177.414110][ T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 177.616686][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 177.624056][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 177.641975][ T24] usb 2-1: config 4 has an invalid interface number: 30 but max is 0 [ 177.650209][ T5919] usb 4-1: Using ep0 maxpacket: 32 [ 177.656306][ T24] usb 2-1: config 4 has no interface number 0 [ 177.896963][ T5919] usb 4-1: config 0 interface 0 has no altsetting 0 [ 177.906376][ T24] usb 2-1: config 4 interface 30 has no altsetting 0 [ 177.913231][ T5919] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 177.987916][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.999004][ T24] usb 2-1: string descriptor 0 read error: -22 [ 178.005241][ T24] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 178.016427][ T5919] usb 4-1: config 0 descriptor?? [ 178.032456][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.048833][ T5919] usb 4-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 178.120408][ T24] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 178.140467][ T24] dw2102: su3000_power_ctrl: 1, initialized 0 [ 178.146789][ T24] dvb-usb: bulk message failed: -22 (2/0) [ 178.155624][ T5919] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 178.168118][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 178.177933][ T5919] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 178.192134][ T5919] usb 4-1: media controller created [ 178.200538][ T24] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 178.218359][ T24] usb 2-1: media controller created [ 178.224849][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 178.234568][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.245378][ T24] dw2102: i2c transfer failed. [ 178.285493][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.294696][ T7332] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] SMP KASAN PTI [ 178.306689][ T7332] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 178.315349][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz.1.391 Not tainted syzkaller #0 PREEMPT(full) [ 178.324619][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.334666][ T7332] RIP: 0010:__mutex_lock+0x13b/0x1350 [ 178.340034][ T7332] Code: 20 04 89 99 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 25 10 00 00 83 3d b3 cd 2c 0e 00 75 23 49 8d 7c 24 60 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 05 e8 29 cc cb f6 4d 39 64 24 60 0f 85 51 0f 00 [ 178.359633][ T7332] RSP: 0018:ffffc9001af5f140 EFLAGS: 00010202 [ 178.365685][ T7332] RAX: 0000000000000019 RBX: ffffc9001af5f220 RCX: ffffffff99890403 [ 178.373743][ T7332] RDX: ffff88802f0cdb80 RSI: ffffffff8d96d2fb RDI: 00000000000000c8 [ 178.381721][ T7332] RBP: ffffc9001af5f2f8 R08: ffffc9001af5f267 R09: 0000000000000000 [ 178.389683][ T7332] R10: ffffc9001af5f240 R11: fffff520035ebe4d R12: 0000000000000068 [ 178.397641][ T7332] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.405620][ T7332] FS: 0000000000000000(0000) GS:ffff888125e44000(0063) knlGS:00000000f5446b40 [ 178.414549][ T7332] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 178.421115][ T7332] CR2: 000000000c32e698 CR3: 0000000073486000 CR4: 00000000003526f0 [ 178.429078][ T7332] Call Trace: [ 178.432344][ T7332] [ 178.435258][ T7332] ? __mutex_lock+0x335/0x1350 [ 178.440009][ T7332] ? dvb_usbv2_generic_write+0x26/0x60 [ 178.445447][ T7332] ? __mutex_trylock_common+0x153/0x260 [ 178.450976][ T7332] ? mxl111sf_ctrl_msg+0xb0/0x2f0 [ 178.455982][ T7332] ? __pfx___mutex_lock+0x10/0x10 [ 178.461026][ T7332] ? __pfx___mutex_lock+0x10/0x10 [ 178.466051][ T7332] ? __mutex_lock+0x335/0x1350 [ 178.470831][ T7332] ? __lock_acquire+0x6b6/0x2cf0 [ 178.475766][ T7332] dvb_usbv2_generic_write+0x26/0x60 [ 178.481046][ T7332] mxl111sf_ctrl_msg+0x160/0x2f0 [ 178.485978][ T7332] mxl111sf_write_reg+0xa6/0x1c0 [ 178.490990][ T7332] ? __pfx_mxl111sf_write_reg+0x10/0x10 [ 178.496519][ T7332] ? down_write_nested+0x5a/0x200 [ 178.501530][ T7332] mxl111sf_i2c_xfer+0x461/0x4f00 [ 178.506539][ T7332] ? __lock_acquire+0x6b6/0x2cf0 [ 178.511455][ T7332] ? __lock_acquire+0x6b6/0x2cf0 [ 178.516371][ T7332] ? __pfx_mxl111sf_i2c_xfer+0x10/0x10 [ 178.521814][ T7332] ? is_bpf_text_address+0x26/0x2b0 [ 178.526988][ T7332] ? is_bpf_text_address+0x292/0x2b0 [ 178.532256][ T7332] ? is_bpf_text_address+0x26/0x2b0 [ 178.537442][ T7332] ? kernel_text_address+0xa5/0xe0 [ 178.542598][ T7332] ? __kernel_text_address+0xd/0x40 [ 178.547788][ T7332] ? unwind_get_return_address+0x4d/0x90 [ 178.553405][ T7332] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 178.559544][ T7332] ? arch_stack_walk+0xfc/0x150 [ 178.564384][ T7332] ? look_up_lock_class+0x74/0x150 [ 178.569481][ T7332] ? register_lock_class+0x51/0x320 [ 178.574660][ T7332] ? __lock_acquire+0x6b6/0x2cf0 [ 178.579664][ T7332] ? register_lock_class+0x51/0x320 [ 178.584859][ T7332] ? __lock_acquire+0x6b6/0x2cf0 [ 178.589783][ T7332] ? do_raw_spin_lock+0x121/0x290 [ 178.594809][ T7332] __i2c_transfer+0x871/0x2110 [ 178.599571][ T7332] ? lockdep_hardirqs_on+0x98/0x140 [ 178.604881][ T7332] ? __pfx___i2c_transfer+0x10/0x10 [ 178.610158][ T7332] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 178.615516][ T7332] ? i2c_transfer+0x120/0x3a0 [ 178.620198][ T7332] i2c_transfer+0x25b/0x3a0 [ 178.624695][ T7332] ? __pfx_i2c_transfer+0x10/0x10 [ 178.629708][ T7332] ? _copy_from_user+0x94/0xb0 [ 178.634456][ T7332] i2cdev_ioctl_rdwr+0x460/0x740 [ 178.639380][ T7332] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 178.644476][ T7332] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 178.650098][ T7332] ? kasan_quarantine_put+0xdd/0x220 [ 178.655366][ T7332] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 178.660896][ T7332] __ia32_compat_sys_ioctl+0x543/0x840 [ 178.666335][ T7332] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 178.672296][ T7332] ? __se_sys_futex_time32+0x360/0x3e0 [ 178.677741][ T7332] ? rcu_is_watching+0x15/0xb0 [ 178.682486][ T7332] ? __do_fast_syscall_32+0xbe/0x570 [ 178.687759][ T7332] __do_fast_syscall_32+0x1f7/0x570 [ 178.692946][ T7332] ? rcu_is_watching+0x15/0xb0 [ 178.697696][ T7332] ? do_fast_syscall_32+0x34/0x80 [ 178.702705][ T7332] do_fast_syscall_32+0x34/0x80 [ 178.707549][ T7332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 178.713968][ T7332] RIP: 0023:0xf7f51539 [ 178.718023][ T7332] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 178.737619][ T7332] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 178.746017][ T7332] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000707 [ 178.753973][ T7332] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 178.761923][ T7332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 178.769873][ T7332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 178.777827][ T7332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 178.785792][ T7332] [ 178.788814][ T7332] Modules linked in: [ 178.794439][ T7332] ---[ end trace 0000000000000000 ]--- [ 178.814497][ T7332] RIP: 0010:__mutex_lock+0x13b/0x1350 [ 178.819995][ T7332] Code: 20 04 89 99 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 25 10 00 00 83 3d b3 cd 2c 0e 00 75 23 49 8d 7c 24 60 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 05 e8 29 cc cb f6 4d 39 64 24 60 0f 85 51 0f 00 [ 178.840717][ T7332] RSP: 0018:ffffc9001af5f140 EFLAGS: 00010202 [ 178.890200][ T5919] set interface failed [ 178.891149][ T7332] RAX: 0000000000000019 RBX: ffffc9001af5f220 RCX: ffffffff99890403 [ 178.903738][ T24] dw2102: i2c transfer failed. [ 178.916368][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.922246][ T24] dw2102: i2c transfer failed. [ 178.922450][ T7332] RDX: ffff88802f0cdb80 RSI: ffffffff8d96d2fb RDI: 00000000000000c8 [ 178.935288][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.941235][ T24] dw2102: i2c transfer failed. [ 178.943149][ T7332] RBP: ffffc9001af5f2f8 R08: ffffc9001af5f267 R09: 0000000000000000 [ 178.954465][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.960592][ T24] dw2102: i2c transfer failed. [ 178.965493][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 178.965904][ T7332] R10: ffffc9001af5f240 R11: fffff520035ebe4d R12: 0000000000000068 [ 179.078219][ T7332] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.091841][ T24] dw2102: i2c transfer failed. [ 179.097211][ T24] dvb-usb: MAC address: 02:02:02:02:02:02 [ 179.103113][ T7332] FS: 0000000000000000(0000) GS:ffff888125f44000(0063) knlGS:00000000f5446b40 [ 179.127483][ T7332] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 179.150931][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 179.159724][ T7332] CR2: 0000000030e21ff6 CR3: 0000000073486000 CR4: 00000000003526f0 [ 179.170191][ T7332] Kernel panic - not syncing: Fatal exception [ 179.177205][ T7332] Kernel Offset: disabled [ 179.181518][ T7332] Rebooting in 86400 seconds..