last executing test programs: 7.136411645s ago: executing program 3 (id=2454): socket(0x5, 0x2, 0x2) 6.809712642s ago: executing program 3 (id=2455): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2) connect$inet(r0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x4, 0x0, 0x40, 0x4}, 0x1b, [0x365, 0x9, 0x2, 0x3, 0xc, 0x6, 0xfffffffb, 0x5, 0x8, 0x6, 0x7ff, 0x8, 0x30000, 0x9, 0xc5, 0x5, 0x0, 0x48, 0x0, 0x1, 0x10001, 0x946, 0x3c68e6ba, 0x0, 0x4, 0x3, 0x80000000, 0x4, 0x2, 0x8, 0xff, 0x0, 0x6, 0x5, 0x80000000, 0x9e, 0x4, 0x0, 0x40, 0x92, 0x1, 0x40, 0x8, 0x5, 0x8000, 0x3, 0x4, 0x5, 0x1, 0xb, 0x3, 0x0, 0x4, 0xafa9, 0xfffffff3, 0x9, 0x3, 0x0, 0x1000, 0x6, 0x3432, 0x80, 0x2], [0x1000, 0x80000000, 0x0, 0x8, 0x100, 0x1, 0x8000, 0xa8a, 0x2, 0x1, 0x3, 0x6, 0x0, 0x9, 0xa, 0xa3a, 0x5, 0x2, 0x3, 0x8, 0x8, 0x4, 0x200, 0x0, 0xdc9, 0x8, 0x101, 0xfffffffc, 0x2, 0x4, 0x6f5a, 0x5, 0x1, 0x4, 0x6, 0x1, 0x760, 0x8, 0x7, 0xfffffffa, 0x0, 0x1, 0x1ff, 0x100, 0x51, 0x8000, 0xfffffffd, 0x8, 0x0, 0x7, 0x5, 0x200, 0x6, 0x7f00, 0x2, 0x7, 0x4d, 0x9, 0x8, 0x9, 0x2, 0x34, 0x5, 0x8], [0x7, 0x7f, 0x5, 0x2, 0x8, 0x5, 0xfffffff9, 0x3, 0x6, 0x7f, 0x0, 0xb, 0xe9, 0x2, 0x401, 0x3, 0x35400000, 0x4, 0x7, 0xffff0000, 0x80, 0x4, 0x3, 0x0, 0x6, 0x1, 0x2, 0x9, 0xef2f, 0x5, 0x6, 0xffffffff, 0x80, 0x6c42, 0x8000, 0x800, 0x200000, 0x1, 0xd, 0x6, 0x0, 0x2, 0x6, 0x3, 0x5, 0x9, 0x9, 0xfffffff0, 0x3, 0x2, 0x2, 0x5, 0x7, 0x8, 0x0, 0xa, 0x1, 0x7, 0x401, 0x9, 0x5, 0xff, 0x10000], [0x0, 0x8000, 0x1fc00000, 0x9, 0x7, 0x0, 0x5, 0x7, 0x2, 0x7, 0x5081, 0x9, 0x6, 0x7, 0x4, 0x8, 0x0, 0x5, 0x6, 0x7, 0x8, 0x9, 0x0, 0x6, 0x9, 0x7, 0x656, 0x3, 0x10001, 0x7fff, 0xb346, 0x5, 0x0, 0x1, 0x40, 0x8, 0x306, 0x8c4e, 0x9, 0xffffffff, 0xb, 0x1, 0x5, 0x9, 0x0, 0x11ac, 0x6, 0x10, 0x9, 0x4, 0x6, 0x0, 0x9623, 0x7, 0xc, 0x9, 0x4, 0x8, 0xfffffff7, 0x200, 0x7, 0xd1bb, 0xdb57, 0x20000000]}, 0x45c) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd000000", 0x24) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, 0x15, 0x1, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x48000) 5.394333721s ago: executing program 1 (id=2462): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)="89e7ee2c78dad9b4b473fec988cae2c6", 0xffbf}], 0x1) 3.524073321s ago: executing program 3 (id=2467): r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c4000, 0x0) mmap$qrtrtun(&(0x7f00006c1000/0x1000)=nil, 0x1000, 0x5, 0x80010, r0, 0x7ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x3554000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sched\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000001a00)={'batadv_slave_0\x00', 0x0}) sendmsg$inet6(r0, &(0x7f0000001b00)={&(0x7f0000001540)={0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x100}, 0x1c, &(0x7f0000001980)=[{&(0x7f0000001580)="21a65733dec1f2b5af08cb8837661bdfe6938f21784271c3e76fb8705cd6d905975d8d5349ea7f5e82b971f4bba47372149d99f4baa052511462eadc7df9f91204935b0df91287c595", 0x49}, {&(0x7f0000001600)="08cce2f42fc1503a30af033f8246d68a7483d60d5a4f688b586085d06e41e51b7cc0d84fc08401f288b453c8b92fff85c60495ff8daf15e4a4b7cfca9e05caaf930a9ccdeba2ac239427a2c9eb947b92bcfbc6013e14432def03786cbb89096a0014aab6415bef485a37ddcd08fffa4992f60ab53d398edf6048ee214b936a52b398929a063d24", 0x87}, {&(0x7f00000016c0)="ec983989328d1bc9052b994b367c6dc1be1fed2302c540bc67b62a6c5a93fa3be0bb75a4312ecdd599e4d138c9a4db50c9ee9716a3c0ba165ba5b103ebd8134ec0e6bd79bc14eaa69c297863e3", 0x4d}, {&(0x7f0000001740)="43d0fe55069086932381362f3213cb1b3e03d9b88d8b956d4be4619f7a25b81bc8ae78cf7e41658324ff98f9d2aa5eedb343d99cfb78d7861d3e1c58e7d1e9a1d336e30ca5abe62679fd9fea4d43630f7b6b35edce6a153903e4ef9b7de0b1ee0153fae5598c24939d07d9132421ee86b4a479379a440759b3c9e31a00635ab372e55ea320edd4cc9c988b09ebb0cceeca7f6a06481b7191570f3059a254f771ecbca227e2b731e62185d99dd7f24dddcc6f7790853c20271bab618f5f4cec3b40d5fb8e58b4e1b288a918219912242c4e0aad7b644cbb865838d339c13b6029157dd8", 0xe3}, {&(0x7f0000001840)="fdb580ecdf638dc581e15e427de6c2d060ddab2b0728a93a37fd711493666f0958c3c1b826ea5257f069cd6e98b8d862fe543920da38cdde15c3b5c755834643e64e944fb609efe1291c1f121338c1ac81d0cd46a6ef2db06c51a2634ca52533def36604d2ab7a60135a65bba69c7d0281bf2b115b2d3d972de26efe25a6e1890e89ab1781898f3780043f16b5e4c1d6861ea5a19a34211e33754c4a42b5bea310e94ee28b345531135ef3f42b342e9571abd9f6e8f394431051bf38c14f21c4db4ae01793324b2a084a39a6eba1ada8bbc7e6ae35ef827caa1ca76b7542401846bdf4074d0eb3f4738f042c69762114afa8b4c7be5c", 0xf6}, {&(0x7f0000001940)="9c980a94b6e66461653d9a94c2821b733df71e7dd3", 0x15}], 0x6, &(0x7f0000001a40)=[@tclass={{0x14, 0x29, 0x43, 0x55}}, @rthdr={{0x68, 0x29, 0x39, {0x2e, 0xa, 0x0, 0x77, 0x0, [@loopback, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', @loopback]}}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1, r5}}}], 0xa8}, 0x40060) write$uinput_user_dev(r4, 0x0, 0x0) pwritev(r1, &(0x7f0000001500)=[{&(0x7f0000001300)="e49b7300a9c7f9aa183ded79726b7e7056a5a227d0ad2e3d7bddbfcab570a48ad23905570f9e2e63dd07f1313bcd92e6934d0b4c111b3d1adb02076bf277726dc27d94fe8dae153585e4257bc1527d2e39097f4d6ad704f83a0bbd5ff9e9846f02915c90ddc3da1be0843f1f3e2aaa34f7fb8beac48a93cc3e00c8e81b3a68e14481df6ffef407c9", 0x88}, {&(0x7f00000013c0)}, {&(0x7f0000001440)="dbf8debf654d00322b2a8d9ecc9971d985740b09e1fcd4af98957957c6a82c162f5eb7361e4a4294b88c724110a0d289cbd66d9efec707fe4abe120690426479174664ae17b4dfd41ee2bce8542a7b24609e636e7d84805645f1d2ce738319c7882127f801f2e96255ce815496bfa4ed884ddba7be8d4c8d8d4049f5469cd01c0f54e0cd2ed99c1d42a1c4cee7aa52fb9155fcdc050d798e4fac2ca02294d062", 0xa0}], 0x3, 0x2, 0x2) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_PIT(r6, 0xc048ae65, &(0x7f00000001c0)) syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 3.030365848s ago: executing program 1 (id=2468): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70c", 0xd8}, {&(0x7f0000000a00)="145a977ce90bcec36cee68138cdb7c53108f9e6776eb08ce8c386c", 0x1b}], 0x2}}], 0x1, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000f00)="8995b3c271bab84f6e841cd28301f2e02519276836b2ab14ba300f39a71758d74d011771db342aa6df71dc54faabe6ccc2dae1fdf17d4c74618af0933c8c800ec3ce49bd4af9b8cf0b15e8ad756f12238f6649d204a1065dad7cffef082a59ee2b21eb73656d3dc03547888735d83669614e4eb5b9be7e4e76b2bb0c2e504c0f86b616d14acae75b2855f9964778238b006b976edd5e4bbda0c7cb669c25fabc598f5bd5a6ec98a63d59dac5436c04687dad36064d69599f981550ae4beb469332d52226990d21a6f7178ba83cff18b65d698afdf08e245a1868ff7a9117d11ed243932580e8d1f8e4ef583656940b7b2178789b452f611555a8d908cfc703bb8de9e802c65149895c4fe2bc9ecc9bc85eb8815f5f5ca0c2a54a284658de7de7c9ef6b65b2961317534eeeb8b67ab6a5718b94deeb9ef60c21478b343c529aff4079cfbd4e50b006165c839937f0cb2c35a7c7800a523970493819d0a300b581cf0c373dda2e7acd8e91a897e1729e97a5a14480ecf4aeee7792e8b1f21b43cb5552d4b005e933919323e55658bc9de3ec99b69bae43e46a6e2f7064b75e36d4f83b86e1097c83fa6d1296a4c5b62b2d68ad2d8405f686362e5833103905130ef9a8d8df2a3b74ac7b83c2c6506f03191ab4b45688b2389e51258133b3687dafba95f4b835e1730bb03ffb45719ca37786b7e836f4c004bbdc8564e26f994a34e5db06837df0be0322070c47ba3514e0d01ae3422e5e7fb7ce909621d1d223e9164a0cfc270eee5b6581b2c5609a5fef06687717d94242124cf3ef7345020a026173de848dc5aa928d35c3ab936bc840045ada45f7e6fd66b0e3f5aff84b4855c1e86a393ac2a1a8f5660b9cd295e0db9bf7746ef0864334fe9dcb50af3a49eb99bd1320b4169a8d5f54e7e35dd8e705a6364fc62e525d951c83b721e2d9ca60b1365701956712f07f56dce6d4c982c63a420d8b820fd931776d019ecf1ea5564e542093f243b6bb7db6df69e8706e745c485e919da989ea5e3690f1169d7e8ad03185ff21700d61f44abcc8abd6f47d1b5104d217809f13d37ba6986a6c58fd07e18d8e228c664114b64aa84f7302c7e21be253edd78f561872b6573301c947b5f3407c4f4f0576ce5939d220ea898052a048fc8b4c6906c465fc43dd32b83132998ef8ffab3b2601a42a4508507d2b7ada0e23b4efdbff3a673d937397265529ed5ca097406f59b5939f937b9414a60d4347c996db8547f21dac637b4f7da9ca065c2704039d9783ec5582ca65dfbb762d9cffbeab23bcd5eb882335f7d8287e75f49d16de5873f19f1def11ae05ff0879b66154ced85c2999277fe6894b51d3727fe7bafcdd67c31f05e3116db64af893d40c88a1312e4e6668d2842b3bc3c730f9637bd13b1c0e448de9adb3806b2487cc344306da7b9064af7327e1aaedb8a1320d4e9b7b0c2669206b4e9599c1aa35669385a9c3959a48c683ad6281fc70bafa0d8e61830bdadb3907c7371be3fb6a49c82e88ee569c4f8dec3b9d99431647597ddefe581946bfaa6de081aa3ee91bcf82b8046717ac66879adf53856207815d8c1472f2fd0747aff8c98777f76f0c2f8bff16f83ee94cb471669f7e2af11a406fd88537eac8a5e30dfddb3e8311421e366a4715ea8b72609a85d568412e55b22ac5693eb1f199971c8ffd38dd8258bbeb8313440956e74f163b5a04c7e872b3f124f577cdc23435fa15c664e64848e0706dfd31dc048e70b41d5b5850080cb38923232e9182364ac5ab6c31e1fa16f627b5d96657a0c66570c2771432a17b89619b55f65ad26d4b833ca9a8e52fc52db51d27ccf3792708ef8af3ece815cbc959d63b65414c79b1aff41bd7de44ce4c97b6184ce2426bcd50a445c1ec15816a6b393ceae2a1581838c2301bb5951a1970fe7d122c95ec5715d9397eb22076a9f20f1f457ccef60ed60de11b677de9d44b63a4c90a70be9ee2fa92ce2debaf897fdb058dc697221fd55bf01fd1cb3916cbbb418cfb50c4e9c140b60d711c9f3a1ee2a56e178fb5b868eb0201e21b3d786619a06979192f2c0ab3b65261cadff9532cf36cfa9cf67bcbab4f00110a2f3c4acca93c69eb6f97b149936f2feda56fe5730b95b4c85a113b19fd16cf7da40c723447df047d0b5a7fbd8494af57eeb30d060e4c58f6beb5771ec7771cab58dddd3073b21ff3faec310d87fa7b57afade7b1fb8e8f137f0b1a5c403ee57ce9d751fa0769b3a7b44c36db30df9e0f3d32c769f1355b26cf547a0424b1e573e1b5ad7113b77a4750cb3f1a6d1ed457c828680b7a8a3896b557a6aa73fa29e7870a2f9bd2b4dfc4957abb388fdd8b2178f663ade6afa3e6a9c665191576ca973578b808c95c2916250f5a73f533361824b6f5ca145bd2bafa32c942eaf5f68cec22f22249bd1a7d164f97bb7065086379c98dd90b9d71c0c827f5922aadc26efa6bf969243156475167e16a2979f22b4b9e14cf0394050fce7d958c881681720cdbda2d89f5202729f49610813f442530ced1dc72f8d19d1427e97df561170813da37204a17a34046d4f1d1238f5f8f5f4901d2a741755329f402f8726e43c3381f1be5e2d7931e83332975b59047f23072fa752999ebe9f179f7a20c11dab40565e8a0cf48d6218c3f16f218565361fc435103676e8ae792d408e8c2524d9a847d458fd76d04609fa5e19a975c0ff4b1e0e06a0013005976446ed7106d215a6d0fad7bf9c9f20eb3f96aabdb018b4c01a0b1f4f2abfd812e5dd18b8eaac8503295b573dc40f0be120f0c02c09c166d35de311268c58b108cec5d78d6d8e3f238c42c31a2160e2f5fab218861579871f87a46fff7eac9796626c3d289fb452b42165a565bffe4c9f88fbd4c99f93321ac2abd809ca085d5e091df9911645b819e97e77245eb1100ca1fda9fd0572cf60266062b8c45b49abb118040d235998ecba916ab0f112ce5ebdb3e9568a15ce8331d93267a97a0ed2fbe4d278b850eebffa2a742542d16f64371377b36bc69c968136bf6ed283f94d7045ede693502ab3ed974c5b5876184d4c4e18fe23daafd486b2e401e6781836bb90222d97dd8f9cc02dbe8d4b4bbb4a5ac209eb6ae7c5f8c35799eb155f0c1632efd8e5cc0756d02ae11c5ac6cf24e4d6d773fa9630191789ba030fd15d7a615b9ba7ffdea849d77657a03c6478a208b4825ed5662fa5be99b7113e146fcb7f5c4c537fe2cefcdeab1820f5b2001ee88c199b805c01369e238e16fb22ebadffbc1d2a84190851f439f4c073db61e9b25784d50ff19c8d44b2b70f20fb6abda28c0b2054d", 0x92e, 0x4c840, 0x0, 0x0) (fail_nth: 5) 3.016969916s ago: executing program 2 (id=2469): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4}}}]}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x884) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) openat$cgroup(r2, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x503000) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) 2.993654048s ago: executing program 3 (id=2470): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000200)=[0x0], 0x0, 0x0, 0x0, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) r4 = accept4(0xffffffffffffffff, &(0x7f0000000800)=@generic, &(0x7f0000000880)=0x80, 0x0) getsockopt$sock_buf(r4, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r6 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r6, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2f, 0x4e20, @broadcast}}, 0x24) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="fc01000013000100000000000000000000000000000000000000000000000001fc0200000000000000000000000000014e24000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d6320000000a000000ac1414aa000000000000000000000000053500000303030009000000b4000000070000007f000001000000000000000000000000000004d36c00000000000000fc0100000000000006000000000000000000000000000900010000000080000008000000ac1414aa000000000000000000000000000004d233"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0) ioctl$sock_ifreq(r5, 0x89b0, &(0x7f0000000000)={'bond0\x00', @ifru_names='ip6tnl0\x00'}) pipe2$watch_queue(&(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$SNDCTL_TMR_CONTINUE(r8, 0x5404) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0xe, 0x8, 0x4, 0x4004, 0x1000, 0x4000ee, 0x0, 0x7fffffffffffb, 0x5, 0x10000000000000, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x347255}) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r9, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x2}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r9, 0x6, 0x1, 0x0, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000040)={0x1, 0x180, 0xc0, &(0x7f0000000340)=[0x5, 0x0, 0xe, 0x80, 0xe6b4, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0x8, 0x2, 0x2, 0x700000000000000, 0x9, 0xffff, 0xfffffffffffffffe, 0x7, 0x7fffffff, 0x5, 0x26, 0x9880, 0x5, 0x3, 0x8, 0x2, 0x4, 0x20000000009, 0x2, 0x1fd, 0x8, 0x0, 0xf7, 0x5, 0x5, 0x2, 0x501, 0x40, 0xfffffffffffffff5, 0x4, 0x7fffffff, 0x7d, 0x0, 0x3, 0x20008, 0x2e2, 0x101, 0x100, 0x8000000000000001, 0xfffffffffffffff9, 0x3, 0xfffffffffffffffd, 0x8, 0x9, 0x7fff, 0x6, 0x8000000000000000, 0x4, 0x94f, 0x7, 0x7fffffffffffffff, 0x6, 0xfffffffffffffffb, 0xd, 0x11, 0xa, 0x5, 0xa8, 0x1, 0x2000000000000807, 0x7fffffffffffffff, 0x38c, 0x7, 0x7, 0xae8d, 0x100001e30fa4c, 0xa, 0x0, 0x4000008, 0xdac, 0xe94, 0x7, 0xfffffffffffffffc, 0xa7, 0xba02, 0x4, 0x9, 0x0, 0x9, 0x100, 0x4, 0xe, 0xfffffffffffffff9, 0x2, 0x5, 0x21, 0x5bf, 0xfffffffffffffffd, 0x401, 0x3, 0x1e4e, 0x2, 0x79, 0x3, 0x6, 0xe, 0x5, 0x3, 0x3, 0xffffffffffffffd9, 0x9, 0x4, 0xa, 0x40000001, 0x9, 0x2, 0xfff, 0x80, 0x3, 0xd, 0x4, 0x9, 0xffff, 0x1, 0x401, 0x1, 0x100, 0x7, 0x100000000, 0x1]}) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x408d6}, 0x24000010) syz_usb_connect$uac1(0x1, 0xda, &(0x7f0000000180)=ANY=[@ANYBLOB="12010102000000086b1d01014000010203010902c80003010100030904000000010100000a240105000302010209240403bfba59c22e0724040404a2020c24020300020403010008ff09240806ff000237ea0904010000010200000904010101010200000724010e090500112402010304ff09be28a7330ac6846c0409050109000008060507250100fa090009040200000102"], &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) ppoll(&(0x7f0000000280)=[{0xffffffffffffffff, 0xa005}, {r10, 0x400}], 0x2, &(0x7f0000000300)={r11, r12+60000000}, &(0x7f0000000740)={[0x3]}, 0x8) 2.904331022s ago: executing program 1 (id=2472): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x80000, 0x0, 0x0, 0x1, 0x11}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 2.777854283s ago: executing program 1 (id=2474): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) (async) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={@mcast1, 0x6f}) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000002c0)={0x18, r3, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x880}, 0x4000004) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x2f, 0x3, 0x7, 0x5, 0x4, @dev={0xfe, 0x80, '\x00', 0x10}, @mcast2, 0x7, 0x700, 0x37e, 0x80}}) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'sit0\x00', &(0x7f00000004c0)={'ip_vti0\x00', 0x0, 0x40, 0x7, 0x7f, 0x1ff, {{0x12, 0x4, 0x1, 0x6, 0x48, 0x67, 0x0, 0xff, 0x4, 0x0, @multicast2, @private=0x5, {[@generic={0x86, 0x7, "476991f869"}, @rr={0x7, 0x1b, 0x72, [@local, @multicast2, @dev={0xac, 0x14, 0x14, 0x42}, @broadcast, @broadcast, @local]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4}]}}}}}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)={0xa8, r3, 0x110, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4040000}, 0x4080) 2.769212143s ago: executing program 0 (id=2475): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000089c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000100000001000000f85e"], 0x18, 0x24000011}}], 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2282, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="1400000010000ec000000000000000000000000a20000000000a03000000000000000004010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000003640000000c0a01020000000000000000010000000900020073797a32000000003800038034000080080003400000000028000b800c0007800800010064757000180001800e000200636f6eb7d8226e6c696d69a2a50000040002800900010073797a3000000000140000001000010000000000000000000000000ac156b051e2f4ed7fa669c16613d4d307b8e497724556b133bc64db3aed5287cf1b0c760b5a02bb8023f1c0f9b99afe1524a106c236aa7b80f47e34cc3c10d4f62ecaef7267d40205e51bb71525c5ca6c6ba519afa8ff53ac1beff11bf5792b0a03115648433fd2709ea78138d7ceced7c272ca0c0fdc786175"], 0xe8}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0xa0380, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f00000069c0)={0x0, 0x0, &(0x7f0000006980)={&(0x7f0000006900)=ANY=[@ANYBLOB="480000000007070100000000000000000000000a0900010073797a31000000000c00064000000000000000060c00064000000000000000a7"], 0x48}, 0x1, 0x0, 0x0, 0x40840}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fanotify_init(0x200, 0x0) r8 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1) r9 = dup(r8) fanotify_mark(r7, 0x1, 0x8000046, r9, 0x0) r10 = memfd_create(&(0x7f00000001c0)='/duv/udmabuf\x00', 0x0) fsetxattr$trusted_overlay_origin(r10, &(0x7f0000000080), 0x0, 0x0, 0x0) fremovexattr(r10, &(0x7f0000000000)=@known='trusted.overlay.origin\x00') r11 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r11, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r12 = dup2(r11, r11) shutdown(r11, 0x1) write$tun(r12, 0x0, 0x46) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) shutdown(r5, 0x0) socket$kcm(0x29, 0x2, 0x0) setsockopt(r6, 0xe, 0x3, &(0x7f0000000100)="c12c52f7c6b33e13620bc7f88eb42d6823c1719ac1f4315c7359f731714fd24c84ce2bfdd0fe256aa4c137a915ffcb514c5c751911aa3e49277a54bdf42cd742ff38fa9e6554a4c309e10f0d09a88ac5aadf8f711801f1f5f0ec6e0107b0f566f0c473db40324699456bfe207de7f43e02f0689ba346dd7c01d6b3bfba63829eae", 0x81) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) tee(r6, r3, 0x9, 0x0) 2.640736928s ago: executing program 1 (id=2476): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x200, 0x1e0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)={0x14, r2, 0x4c1dad3e3d6a7499, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f00000005c0)={0x1c4, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7bdf}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6c7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9a2}]}, @TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x761}]}]}, @TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x77}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x78}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}]}, 0x1c4}}, 0x1d4043c2dd814fdd) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401000000000000000000090002002f797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) mknod(0x0, 0x8001420, 0x0) open$dir(0x0, 0x149800, 0x0) io_setup(0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.533474668s ago: executing program 0 (id=2477): r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x84, r0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:modules_conf_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @empty}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}]}, 0x84}, 0x1, 0x0, 0x0, 0x80}, 0x68ce59302337934f) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x14, 0x14, 0x301, 0xffffffff, 0x0, {0x1e}}, 0x14}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r4, &(0x7f0000000580)=[{&(0x7f0000000480)="1c", 0x1}], 0x1, 0xf, 0x8) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x20000000) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)={0x14, r2, 0x200, 0x60bd29, 0x25dfdbff}, 0x14}}, 0x50) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket(0x1e, 0x4, 0x0) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0xfffffffa}, 0x10) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000280)=@req={0x3fc, 0xfffff8c2, 0x2}, 0x10) r8 = dup3(r7, r6, 0x0) read$FUSE(r8, &(0x7f0000004cc0)={0x2020}, 0x2020) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, 0x0, 0x0) r9 = syz_open_dev$loop(&(0x7f0000000100), 0xdf6, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd) quotactl_fd$Q_GETNEXTQUOTA(r10, 0xffffffff80000901, 0xee00, 0x0) getsockname$packet(r10, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000500)=0x14) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r11, &(0x7f0000000040), 0xe09) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x3, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x0, 0x2c}}}}}]}}]}}, 0x0) r12 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_DAEMON(r13, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB="01000000", @ANYRES16=r2, @ANYBLOB="000228bd7000fcdbdf250a000000080004000200000034000380080001000200000014000200626f6e645f736c6176655f30000000001400020074756e6c30000000000000000000000008000400f6840000180003801400020070696d36726567310000000000000000080004000010000008000400000000004000028008000700070000000800040001fcffff0800070002000000080009000500000008000300030000001400010000000000000000000000ffff00000000"], 0xc0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000801) fsconfig$FSCONFIG_SET_STRING(r12, 0x1, &(0x7f0000000280)='auto_da_alloc', &(0x7f00000002c0)='8\x00', 0x0) ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f00000002c0)={r11, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x0, 0x2000000000001]}}) 2.080317034s ago: executing program 2 (id=2478): syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b"], 0x0) 1.375404104s ago: executing program 3 (id=2479): r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c4000, 0x0) mmap$qrtrtun(&(0x7f00006c1000/0x1000)=nil, 0x1000, 0x5, 0x80010, r0, 0x7ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x3554000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sched\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000001a00)={'batadv_slave_0\x00', 0x0}) sendmsg$inet6(r0, &(0x7f0000001b00)={&(0x7f0000001540)={0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x100}, 0x1c, &(0x7f0000001980)=[{&(0x7f0000001580)="21a65733dec1f2b5af08cb8837661bdfe6938f21784271c3e76fb8705cd6d905975d8d5349ea7f5e82b971f4bba47372149d99f4baa052511462eadc7df9f91204935b0df91287c595", 0x49}, {&(0x7f0000001600)="08cce2f42fc1503a30af033f8246d68a7483d60d5a4f688b586085d06e41e51b7cc0d84fc08401f288b453c8b92fff85c60495ff8daf15e4a4b7cfca9e05caaf930a9ccdeba2ac239427a2c9eb947b92bcfbc6013e14432def03786cbb89096a0014aab6415bef485a37ddcd08fffa4992f60ab53d398edf6048ee214b936a52b398929a063d24", 0x87}, {&(0x7f00000016c0)="ec983989328d1bc9052b994b367c6dc1be1fed2302c540bc67b62a6c5a93fa3be0bb75a4312ecdd599e4d138c9a4db50c9ee9716a3c0ba165ba5b103ebd8134ec0e6bd79bc14eaa69c297863e3", 0x4d}, {&(0x7f0000001740)="43d0fe55069086932381362f3213cb1b3e03d9b88d8b956d4be4619f7a25b81bc8ae78cf7e41658324ff98f9d2aa5eedb343d99cfb78d7861d3e1c58e7d1e9a1d336e30ca5abe62679fd9fea4d43630f7b6b35edce6a153903e4ef9b7de0b1ee0153fae5598c24939d07d9132421ee86b4a479379a440759b3c9e31a00635ab372e55ea320edd4cc9c988b09ebb0cceeca7f6a06481b7191570f3059a254f771ecbca227e2b731e62185d99dd7f24dddcc6f7790853c20271bab618f5f4cec3b40d5fb8e58b4e1b288a918219912242c4e0aad7b644cbb865838d339c13b6029157dd8", 0xe3}, {&(0x7f0000001840)="fdb580ecdf638dc581e15e427de6c2d060ddab2b0728a93a37fd711493666f0958c3c1b826ea5257f069cd6e98b8d862fe543920da38cdde15c3b5c755834643e64e944fb609efe1291c1f121338c1ac81d0cd46a6ef2db06c51a2634ca52533def36604d2ab7a60135a65bba69c7d0281bf2b115b2d3d972de26efe25a6e1890e89ab1781898f3780043f16b5e4c1d6861ea5a19a34211e33754c4a42b5bea310e94ee28b345531135ef3f42b342e9571abd9f6e8f394431051bf38c14f21c4db4ae01793324b2a084a39a6eba1ada8bbc7e6ae35ef827caa1ca76b7542401846bdf4074d0eb3f4738f042c69762114afa8b4c7be5c", 0xf6}, {&(0x7f0000001940)="9c980a94b6e66461653d9a94c2821b733df71e7dd3", 0x15}], 0x6, &(0x7f0000001a40)=[@tclass={{0x14, 0x29, 0x43, 0x55}}, @rthdr={{0x68, 0x29, 0x39, {0x2e, 0xa, 0x0, 0x77, 0x0, [@loopback, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', @loopback]}}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1, r5}}}], 0xa8}, 0x40060) write$uinput_user_dev(r4, 0x0, 0x0) pwritev(r1, &(0x7f0000001500)=[{&(0x7f0000001300)="e49b7300a9c7f9aa183ded79726b7e7056a5a227d0ad2e3d7bddbfcab570a48ad23905570f9e2e63dd07f1313bcd92e6934d0b4c111b3d1adb02076bf277726dc27d94fe8dae153585e4257bc1527d2e39097f4d6ad704f83a0bbd5ff9e9846f02915c90ddc3da1be0843f1f3e2aaa34f7fb8beac48a93cc3e00c8e81b3a68e14481df6ffef407c9", 0x88}, {&(0x7f00000013c0)="6f360d987d4f0dff6b015e3a6d96d715364da83197d48578d154847b36d31aa0b2a770ee8bdd8cc461285c27bb1b578906", 0x31}, {&(0x7f0000001440)="dbf8debf654d00322b2a8d9ecc9971d985740b09e1fcd4af98957957c6a82c162f5eb7361e4a4294b88c724110a0d289cbd66d9efec707fe4abe120690426479174664ae17b4dfd41ee2bce8542a7b24609e636e7d84805645f1d2ce738319c7882127f801f2e96255ce815496bfa4ed884ddba7be8d4c8d8d4049f5469cd01c0f54e0cd2ed99c1d42a1c4cee7aa52fb9155fcdc050d798e4fac2ca02294d062", 0xa0}], 0x3, 0x2, 0x2) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_PIT(r6, 0xc048ae65, &(0x7f00000001c0)) syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 1.058566469s ago: executing program 0 (id=2480): r0 = socket(0x9, 0x1, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) sendmsg$kcm(r0, &(0x7f0000000680)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x7fff, 0x3}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000100)="a55a451b", 0x4}, {&(0x7f0000000700)="385290fe06b8fcaa9025941d0f3903a3779e4ce02163e46352e6679f743558b23d448588e608cae738ee97da66368289980bfe7d8035a0babb72afc3117770ed53f4ee8453077bec31e40f6c1f235e3cc2c26c240ee5313aefdccec47a7954c44b3c738fddefbfd2333c78983d9b33654cca86a9cbd99a4756e9bc52970054b76afc2a97d18aa67ad127dbf78eae71602c899da6034f48b7845f6967ed816ad1968ef7ee51575a6f4135de71202663c52bc243e30e0ee0caf7fb9bc163e0c4a777000672c68ea5732c91a2dc7a28627d3af1a8378c0d205a0afa0c07f382567b8cbbeafeee76559b07ff5bfa379f8d70560f395d1541f4b74968edfa45b4cd971213c31258ff1fb224afd7873aaa9a15035f17fe15c5389192caf8742aaed00a42017b4844c8396824afe005bd563182b97b439c16a5ce885ee8321395738041666444aeed48a86e9bb69eb9a06dfd6b8525ec53f57a6303fd330d6ffc184e77c1f987f73265e74cd98c87d7d3ae788d81fa633a4605726a52b3e1a36c7eec376ea87c5c7547b278f97316a8a2fb651aa6b1b38c96b669a93df65adb05f968db6c9111d0a1ba3a555ed24f968aee157e2cd9f3571508f3763a1b489a1e45f386ecb3f990996b04a816e297ac5dacda4552a8a64c34fd78b56ef9abe21597ca0d0229bdcc52cc0c01973c1f37273044e390093f85233347a5abdadfaab341f2fa9d095e891d4426c155b2fdb9c85e261f4d1c40d5207ea86c7ded552dc2ddee835c1370c3e025d2896ee624c30cb81fd3f95cce33e9da137d882f648590409bbceb30f0f56e18c69d3a4c1358763644229d8716126b8201ac13f6fbb96d8a0436be1623f30cf224f42992501da900bcc6150ed9a85b17c93a33412bfc0d2c60b5d207834a4210edab59ea8d47d9ee0885426c25fc9115016deaa937272012e9b90e9435069411a29a8e4c627aff64352a9dd8b620b5d2f429322d96c90fdeb260bb9f68d046d5db26b2b3b3853551aa3f50725cc46933b35b91d3342fadb16344427d4078d7da7749dd49f03a9086f8f6969fcfc11c9b84906001a40cb99201db7288f790dd7da388db894b00d117071ebce1ec6c98fe0e1dbdf073619a8d059e1f548e0763c6f2d4fe1fc9cf56255b2875044bfcd00080dd847aed18466234ac8fe35abda93e751a7ce32a9b251db1f1cc248d063762d010062847590d44cd563560996e128a34255bea7d3664089f0796d61538b84483b6be21067bcc790bfec891561d71957fedea1446e9533eaf1a3116a49af011984c948bfd23ba5a306ee9871b134539839d248862d8951e7e6edefbe82b80f715a0ce9bbc5f934edcf72325d0e8859d1eceb5ba056977886b335b1fd9aed6b8402dda93561f04228918e7cdcfd20c1cabadcfa87bd62a12cc09f6f509d62f4184b53f3825f633f8616488a870707b56f1e362af982eface102db465df0d98d0f4dda423236945c49df3d1b67185d89da624ff549dd00d75d35847c6a0c305db7b60ceaa01df6720325d5133d19ec9dc011819a3b215488a46c4b5cf697ef1f1e421f45c8ddddd17174ffa2aaeab4a5d2325c203e20fb733641a737635baedbaf7b113b0184013528cfc1b0699f55e8bcdf29ce3e51234eb4d045a96c540f88412071c4e99d729eefa9a4a210b12b2b6aed398a7e47459ff7ccdf6ff9a869546e596932042d06299543d8501eef41da4ec3f321fb865604f14f205fdcd2bff4ed8510fe1b61296d83e3e3bde6a1cbfc464991868db300e0ca7cc850dca60e70d8a955606cf9ce913ccdb9e2cfc9ee8d2db1202a2b2245a6822ff3d3ec8264370802311f879a70cad2fcccd1c3626e273f7a79057a959bbef04ee662d7bdbb98bf938f734844b8271ba16d5873e789e7d2559aabee491655f17c9fd21f4ed394e6d6219bdaf6ca74966b84dac5f46fc9479bfab405c5ef4e536d430e79746aa597ae01636657c9dbdd2836f017d9881df8ff5d1dd806f656f7b0201670369f6df68516c8afb2b756897dde8b5546e7f6e9f8fea47eabff5dae0c6bed828427583c6b4fbdf01f1b92756b22e906eac11ca6c41811156a6d902a1ea139b3aa638a05bab61389a84df6b4edd835c1b3fc17e3cc26556ca095045f26f54df785a2d5811f825168b968a3e7b9054a0200f9a6babae1eb9de64bb6782aad786577d96fe72aaadbe024672376046240d274ec4613e36dd1662f03078e08beba7cb0ddf22a1d13ae677ad7b4508ecbb360087f76538c8e0730aae5e4f7bb10bdf5e6eb922336491cfb41789c7c39f716e9170442a31d012b1ebaa3bb8771a1e2dbaf817f0711de3ceaaa22391d8078ba26d6fe3507e7a35b40772f270151a4a0fc48374fd405d9fd2bce78f97cdcd35d305cd46f8f782f51f9f44b6bb2d4cac5233455f638f94eb7824c7d70d2adaf16d8472a099a989b8ddefb8251d42c928634a5b67087c7ff29a516af966ffbdf1ad9199320692f78e464acf6f2c70a873489c13c3d4865810ff2ef4f74be03d915ff12b10dc2ba99f098ae495060c7190ee27b55680023fcf608941fe0fa408acc57a7521823ea5c96624629587296643f239269c9cb34e179329f9c96eb61c6955c48ad243bcba39161685ba22128df98696e89581fb8ecfb010f3c22a2a19de087e47409535350744f40f80acc701dd3a94d4e0c54d43c98b59f8576a85453755539d6c0e9701758c286691287f3f35067d27fadc8976aeb9ff89e3ac86eba1898862009956ea1c83632246a660cbee2ac13e1bb45b1040a58b478e1c737af90b9930d9d9233ad548d719ac0de25ac288b32ecc1b7abfbf1d5a8c76f7a1b1cba6fccc3bf6fe4d5d7209b6da75680124f41687789a58ff828a71c0370709595ec7b71c816363719ffbbf23cfd7119f15b9a267afd7912689a0fa440cebb93a01fe9a397fc2c1845025076344a0fab7a3e66cb3157d2d9fdd63ea03cee364acc25f31faa5d85e19a4e29d793ebbde0afbe2b0f1e2e43be1d0c5aca1c435b3662d1995315340301948ad15cb5b45d4019f36851445b23fe3f40a8a6747e0f2ec0e048959361efb2b592b7c897038f670ed026333c00ee0d2e8ec39a4ac99143b75358e758c33a56aeab9685dd85e5d92cb00f7418533fee8bad09bedea0a45d239809a06694d846dc22c4fc600063791a7b304b0204af706097feafbaa85146dfd30f7977e4a95b074c6904cfd8c12ebc18f2a70c97b549d201a59994ea7429ed42ac15d80701c4d1e21ce287b6453b5ab920c167f11f74fe9c4c39730f9b2030c992c420058604903795920614eb5e19d4c5a0141fc42b41fa29001c9445deb6434809eb9a875bce5283259303e8cd8f55f72f5cf2b316f19d2d794c51ef86f6aec0ec0ce0e8edbea5baa42a7d0a6435555cfebb15680ff7ad1ef14dbff4d80c71aaba79783570849186c20ee704636de482b26f5ea6c13bf832545f8265460c6b18d35767cc81ae9ff72f3c7bf270ec10c1d23f687c2741afaac2b8803783c9b494737d7bb69062caee01c99b10b230dce547acbb7904ef91b24a731854b6ee6fb5071bfb84c6d9231e67b232ac54a747a57f27408c14469735073f88478b47449f22b0a1f667021843ca040af7230c99668dd12db815cf2a9695d44efdf4dc144c2e6f0a24bcc97c1dd70a51354758bbfc7f85e7a181f675d06d01703ff80889a1895f83f499f2628586a76314582e07bbcf93912a7f74657e86a613997eaa0ac7bf458339dd16ad9f6a66cd7bd0e290c54bd975f34177ce59fb62e600aa742f08e4fae73dad025813433b4d6b7f06734cec024c422356c331c3a03531d09951043d1fe530311f55cfc6301d631504276a3701ab25d98df95a036287a265527573d716426a10a2230c608705c041772205d8dea169e5d10b71527fd8c9e1a2897278b99c6e2ea7a75a494e027f63871492e10809f8b3459cbd6931537663a7f02efe3251972abfdd2d129d2561743b46c8b785e08082041bd7127ab8681acb0639cd22a9749438842706a637b808701c6f5e330e8a8544c81bc88f6b98051a583574643f32b8ce6f7aa035c2aefc010b20be1114cdd69b980c2a612b9d01aaca2d93c69565fc619157f64cfb4ef437cadc3fb05508287962d7027a01edacaa7554f5415f8a93890d5050104e342a8f39cf2d04bf027fa72b583fd7712c11c25e8d388699980085d9f8d4d798f2c1269080612fd30c31de4cdf1c282fa469b3d5137717ea88d48f489d84807cfbe7baaf743efc8e4251bdb1144a107beddcc321dc7f410411fe8767dd7049844c37d6253bd1d7506d9a26d9fbb9cbb3588bdeafe7fa58d48b97434ccbf9d523d4528479d25e66be78e8ca6aafe592c4a92b28cfba36233c80e35ce22d90bd9b6a98f7b05de6789bae5425eade9a1f0afea67825238b49b7c553b8633fddfb3bb04f5ccfc75cb4e05379400366ba388d5de640a02dd150177bcffedf621025584ea99b0157fec18eab3516f8272c353ae02b1873e93b49e511d1a48739e153af494668a6f4eadcf2d17109696a61d040364cb430c32ea10958f4e22cb20f92fbd95a298e1e10c9a1090c75f4609ee87107accbfe5fd5e459a022df6da735d9940086fa8910ecfd1b3bf092e933f06a91176016b3847f262a3b54a9d1045f977beaf450001ddecb933778c1c93b8db58b54e598da525bb707917cffe6a03bd73ec85cb348d6e9957ebe19809d502e81878926d80850e8a0c0cf1b0bd6db26fb6316204d3ea898d79d2251eece44ad79877d1d226a391782e6ba55fb80341cac9e6e75bb1b163b85326b1af075cc613171af683f7bce09be5c0b13467d15f3ef9a01892d0957a3c1d0997febd5f1dcc88d7319bfd4de7aa83612e3c93e0edd63fd43504777d21c39c47a56a9c04fc94cfbb4639e9e1b591a1fabafe08409a0347f4c4747d4eed4336edff49cee47232b300d74144711d4b62f9d7a9dddeabd8a37654f67983e003afc821985b6701147c730ab0c4f8e623c77aeb50df349544eaecba6a9e5d0893e2899d2800200ebd0c39dbd42dd38947853a3cd42baae0316a84c8b76293b722ec3396fc9cef2c85b7b988c21c6bffed41e534d522e21d0ab7d7f33c65c474d76e3227cdc2010fb92d94fd95229bdf9acf98ba9c9bc4e9e21b5cf43326e4c0067e080e12fe74a0fdff51a4d25a3057f0010d9ae67bc6fa18505d433d201da24b82744d57df662b8c888c53a48e73f8ae042c3e6620966bf6833267aca1dcb4716569a38de97d81dd852a3cb856af31bd40f2822c9d9ae4b04fd3b012365fad0497d88fba3573e323d82658ce775b63eebaf3edec3fefe7c7b79d998857c45e3536164b472c50a2fe87a628db350c377e54cce26a0cfa7c3c0810d9941f13a5b551df8a81e785519a474eb7fd76d048182872d7c0f4201a3e7aa1dc73b50fe0245816029b1b35996742e550889c60f2fdbcee618dd6104dc5c6c02830532a3ad0a001ee626962e9c71c2ed85f75acb6d67a247dc4de07fb8678dcd9fd96008798ce4624d62f539f419869b582d94ba0318096d80c7c013113e9851cd85fc9caaedce2a6a4bb7eae1391e3cac3c22fa7ae5874240bc591d5e2bdeb91268f170071802a4a2b4a6a6e036e54048e4f3254e3dd0ac95c902b474bc36d85ed6ab96885e4f2a1898964adfbca4657a8ce16fa93c5480df78c94b1ddc3f0b82863f29781f852f2aa4c5cbb6f9fe83897d53f6fe1976452de271a26e2d3bcaa9f5957d0d4c5fa377e6e098e4cf74f4ac3", 0x1000}, {&(0x7f0000000140)="46b00bdd93c28188998e0cc3354c64137f0627bba6a56652cd3e52e321e5d35a421e2fc0df7ac60e3dde96dbc90b7d63a2c5de87bdf4d824c938d170ed28394e014a8c52ce96ffa6d3b3d69876bd7e3f9860174c7de5ecc407c053b006d120470dd30a1b508110850ac560211815906d8c64169374fca887e9cd724739435fb60c9310b8c887d88865ea841f3087370716e17f42e60cd44b0276ba80b3c26eb2d00a3ac7e6", 0xa5}, {&(0x7f0000000200)="895f62872a720f38d3ebeb1dc8d03128479d673fdf1ec1aa69927fd81c50847cfe590d8477c570627c0713a0ec5db7203a6a1695479b5ba09cad36b81241b7533fa20795d9738ab0d44b3bf1", 0x4c}, {&(0x7f0000000280)="f7ab0c0f75004f8a1510c64826d41853b9de1fa861802223d93c1f40c61206a5a561bfe6da3a90af53ce73f414fa968c2e096ad8da3ae5430890586976ed2f1dc595e3067211d643fbb86fa84894b770142dda12669000ceefa0e1d50e3953e899ee226ad40f470597680b38d7409dff2a3fa89cc76515b1449f23d5a637851a78c7ef16e8bd78088e297bc6a46985496e4ea9f5a39b637e2f570e8272222a709fa493c3e495dc3d0d", 0xa9}, {&(0x7f0000000340)="4420ee085bc3de4fb817b4490780162f11f73a8f75e4f315e460761240b86ac3f799ca014512cdba409fa8e870864c3823939afe970de123d147a76d1fbaf12b1e657e329ade26fc3d245f9ccd20c7f862037dafbbc193a695e50cc86d8d", 0x5e}, {&(0x7f0000000480)="8266a4f4bb1992fcdfbab710f90267d1b038c64f8324765130971cb79e842d3752a7b8836851780e3e2c28304b20659e615752fccdf2a36faf795525a0f5aa489d0755ff98528ea6cb69a617c1b2a627b79d45bc0c7c24d5dc65a615a0acbe68d0bbdc8227fae59f20745a849e90c6de7ca7f0cc69918bbeac3870f462cee3b420fd9457565ecbe0f43bdcaa540802839842a913a71f1a", 0x97}, {&(0x7f0000000540)="b27f79e360500921d143537b2c39a1131cd66d9987dc290db30f1b178f568a37fb56da8a327f9207c09a3b45142efaf1e39fa5cffd38f44251ea128415f383fe5ff504970501ab6c226482920154587eaf83013a34122a39c9341098a6b0ff93116dd75b8edf5237c9391b241bd108f5449b5978fcdc67b38feb912358711ba16521a378da832134b5c5a891a9ee16a1f999beb2241a950ac8f3ed7fe7c0aa9acdc4de82d877e018ab919ed5887de33a2a2a70dbe6e6a446fe010ca8c88ef5567eb7dd09d97a400a5624dcb5dea5f7003fe235e072", 0xd5}, {&(0x7f00000003c0)="603d420dd4202fd0c729f892a4c17509d5fa37416bc6a4ef41014dcc44d0e33dc3293a5cd0ddb637379419fd50963b0957d7eeb985aae49ac552604ff199a4f2babf66bd4f3c80a7aa85e1a671c8792938f2b8b8def46c3b7c9a7aaf306905ad7f888a512ed2a603800d1a6c7367be3eb19f940827b0", 0x76}, {&(0x7f0000000640)="b6038609272c1b0bc7f845779631968c30be5f7f540133948d136051be64499a9184066d851ae2adae2c30097b47", 0x2e}], 0xa, &(0x7f0000001bc0)=[{0x60, 0x112, 0x3, "63f81a0411ec6ddc9c6e1e20cbc3a7cc62f09684c0b48aead08998c7a4a619e9bd0b204767ed8bd6e5dcf58fd36c24456a6d89aba7b8098472684d483bb91a9ea5a749ad6677b945db89b3"}, {0xc8, 0xff, 0x2, "de666217c47927fac88fbb1c134c580112495d310619c705a3eddbb11b40f914e2f6f814e2d7393d5b7cc8039c465d4ef846bf24073481c66453138f61108aaf65fe1fb7c2548074e2b94b5d70b0db2c4815a885ee6f6af5a18344768a2ddd2fdf695d6450669904d5e65532220d82add4151df00ca9675158bfaeebf3860881a89a63d71349fd5e5f42247f19a94e6cf9ca453ca962b442b0a4a2b7dbf55fa0741cb686008dda7ce8f4405f046d2bbadbcd045565d9f8"}, {0x88, 0x102, 0x2, "dd47da41854d56a820ba6f4507c2efbefcfbc362fcb53fc09abc9e31b53f491ab53713bec8ee913f177262ce4700310661da1cdc34cddc7310c049afce0af094c9fcbe68cc026bf2411daf36ad75908b7dadcf421ae748767bc7ad191cdf9522d5111ec459a478755894556a2385bddcdeb9"}, {0x40, 0x102, 0x101, "02203a64118aa5a21931b88761506ce44570f12639b4beb7f08e6b8d40770524daba69faf745652de2ef0a1b"}, {0x48, 0x113, 0x67f, "b733e95a4417c7d165b42b15013f40124459d08d4b5be2f78cfc7b0604bdc51c916100c054d34ea03b0eb6d29aa6fa698397"}, {0x78, 0x10c, 0xc, "063a22120507ee39d448416b13a38a98e7144e7e95e82530fc9c8d9a0a62e6087d92cd3f5151fb76c6226e13fe2e57ef1015917efe0639c33946b7a0cf19c06df51f9abb5e8d98cc4e1da19c0843157eed183f6c2ac45a9c3ce68c03e81d892c74cf"}, {0x88, 0x88, 0xffff, "73e834d105829b0f1507a8b57afecaa1f2317ee9e3e2e240fd222d0930452b01648f55e7a9eca1a6593dce72ddaaed6c6c64eef51f40f49b192fd3475d356a4d337d4e720da1b8e5428a4e820cc083c2fde85208940b4a148e51d474c08f0681cc853f0835537a46a93d5e87f66de8acdc659353"}, {0x110, 0x102, 0x100, "7ae67610790211dced9ce9f625297d20c73c2a3ee00ec50046516378889d8626b1e2495c6c452088b4c24ff2384e157bf5e25796ff42059e69cdcb6074a1e308c1454ba212e6e99fbef5400b5e1876b2700893b3cd6d745da6addfefcdb72da996a962357e9e298a48749a52730675009621a5bb572663a5bd701faec3d4dd29a2d7821def88521da932daf75c5bd878712928f46cc221cdc45451c36bb112896ae0c3bd005645b088fe54336b0a620836316cc9f869355175632d633bda6856396fcfe1373def2a498ebf5ec40a05ac681bc5c5eed54ed102211f71571edf481ba160c7612861b538130eb15379b8dcbc168983602e463f5bd63f7e"}, {0x38, 0x102, 0x1, "08bbc721f5caf3d48806bb32d6047c074388e11277a4601f21c285f51f1a49fb8834dfc3fd10a6d0"}, {0xb0, 0x641ecdb0970ff9ef, 0x3, "649f7c94b5a6646416ba35f49cf0d0cf50fa4cc4575defa7e7c58661dd0312a73d730c957c1914ea10596b71174bf084e658c1d22c0f59653a0c9de4854884a517c31dbcdbbd86aa00987e35f339ed0e88d5ba0dad48ce37c3321f6a4f5c41d94d946f54490b5a8a3067823fba726ac85a91fd9a08633acbd3f75f005d795fe3dd7dd61bf5cf734d7887234aac35222d90edb149ba6623f7f282ad3e9dc40f"}], 0x530}, 0x20004000) ioctl$FS_IOC_SETFLAGS(r1, 0x40046f41, &(0x7f0000000440)=0x1f) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0xe43986f95b0e4309}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, 0x0, 0xff0a) write(r0, &(0x7f0000001b40)="66000000220047000500fc0f8980e8ff06006d20002b1ffec0906849199f90e90101c7bb0000d3e7ff0b317cfdc617ab685b77fa89b5843e9fb69ea04aab8950a19d1cb58605cc23e7c515927d846ba9769d3cd91cfc183ce736f56a28e5145ba2f94812237d", 0x66) 814.995366ms ago: executing program 0 (id=2481): r0 = socket(0x10, 0x803, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046f41, &(0x7f0000000440)=0x1f) (fail_nth: 2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0xe43986f95b0e4309}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, 0x0) write(r0, &(0x7f0000001b40)="66000000220047000500fc0f8980e8ff06006d20002b1ffec0906849199f90e90101c7bb0000d3e7ff0b317cfdc617ab685b77fa89b5843e9fb69ea04aab8950a19d1cb58605cc23e7c515927d846ba9769d3cd91cfc183ce736f56a28e5145ba2f94812237d", 0x66) 761.179168ms ago: executing program 3 (id=2482): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="010000006b0100000100000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000000100"], 0x48}}, 0x20000000) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 431.6087ms ago: executing program 2 (id=2483): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x80000, 0x0, 0x0, 0x1, 0x11}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 308.831069ms ago: executing program 0 (id=2484): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f0000000240)=@xdp={0x2c, 0x300, r1, 0x2}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000340)='Y', 0x1}], 0x1}}], 0x1, 0x240400c5) 304.798013ms ago: executing program 2 (id=2485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa81003a0086dd626e820f01e6320100000000890000000000000000000001fe8800000000000000000000000000010110040802080800fc000000000000000000000000000001ff01000000000000000000000000000100000000000000000000000000000001fc020000000000000000000000000001fc000000000000000000000000000000fc020000000000000000000000000000fc02000000000000000000000000000020010000000000000000000000000001110b000000000000c910fc0100000000000000000000000000000401070925795ccff0d02bd2396d4b9111f47b0481f6db14a9d51f2ecda57fbd5966236712ac0ff530d80102000005020001000100010600000000000000010001060000000000000502fffd00002a06020400000000fe8000000000000000000000000000aafc020000000000000000000000000000fe8000000000000000000000000000bb0006040339000400fe880000000000000000000000000101fc020000000000000000000000000001ff02000000000000000000000000000197c322bcf7945dd047a6686431aea3ccc1e1d183eec3b26bcce994a554c402a93bf05d7f86f78466fe57a9bf0a12b2ffc7b452273382dc6c80854ad84308dc76c152b3010a5e9bbfdac42021a50beaf03cff6c6e476f6a5175959cc0460baead83280e8791314aa32a1f881d6ad8f8446be5ba647ca6f3487b22768eca74b2ede5fb70b19e7a"], 0x220) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz1\x00', {0xfffc, 0x3ff, 0x8, 0x9}, 0x5, [0x3, 0x800, 0x200, 0x100, 0x2, 0x1e52, 0xa3, 0xb, 0x3, 0xfb8e, 0x9, 0x0, 0x3, 0x40, 0x8, 0x2, 0x1ff, 0x2, 0x6ed, 0x7b8, 0x8, 0x6, 0xffffffff, 0x1, 0x2, 0x1ff, 0x1938, 0x5ea5, 0x2, 0xff, 0x1, 0x7, 0x4, 0x0, 0x6, 0x1, 0x400, 0x4, 0xbf, 0x2, 0x80000000, 0x1, 0xfffffffc, 0x2, 0x80000000, 0x0, 0xfffffff7, 0x5, 0x7ed, 0x8, 0xfffffffb, 0x8, 0x7, 0xfffffff7, 0x2, 0x279, 0x7f, 0x80000000, 0x8, 0x2, 0x3, 0x4, 0x5, 0x8], [0x7, 0x9, 0x9, 0x36, 0x981d, 0x75, 0x9f, 0x0, 0x9, 0x4dc, 0x1, 0x4, 0x1, 0x9, 0xb, 0x1, 0x0, 0x4, 0x1, 0x0, 0x3, 0x1, 0xfffffffd, 0x0, 0x9, 0xfffffffb, 0x3, 0xfffff000, 0x2, 0x0, 0x3, 0x3, 0x3, 0x4, 0xff, 0x4, 0xb2c3, 0x15f9, 0xa, 0x4, 0x10001, 0x6, 0x9, 0xff, 0x7, 0x6, 0x9, 0x81, 0xfffffff3, 0x8001, 0x4, 0x9, 0x9, 0x6, 0x3, 0x7, 0xc86d, 0x200, 0x7, 0x7, 0x4, 0xffff3165, 0x9, 0x4], [0x1, 0x2, 0x2, 0xfffffffa, 0x0, 0x9, 0x200, 0x7f, 0x6, 0x2, 0xfffffff7, 0x6, 0x7, 0xca75, 0x6, 0x9, 0x81, 0x7, 0x81, 0x8, 0x1, 0xa, 0x100, 0xf2, 0x6, 0x7, 0x8c, 0x7, 0x10000000, 0x80, 0x81, 0x7, 0x5, 0x8, 0x1, 0x962, 0xf91d, 0x2, 0xae, 0x5, 0x1, 0x8, 0x5, 0x7, 0x0, 0x83b, 0xfff, 0x0, 0x2, 0x4, 0x27d0, 0x9, 0x5, 0x3, 0x4e6, 0x1947, 0x6, 0x6, 0x6, 0x5, 0x8, 0x9, 0x7, 0x10001], [0x20f7, 0x0, 0x101, 0x79e, 0x3, 0x82a, 0x10001, 0xe5, 0x2, 0x2a, 0x0, 0xa0c, 0x6, 0x8, 0x3, 0x1, 0x7ff, 0x5, 0x4, 0x58, 0x5, 0x2, 0x3, 0x81, 0x10000, 0x7f, 0x2, 0x10000, 0x7, 0x40000000, 0x200, 0x9, 0x1, 0x7, 0xfffffe00, 0x9, 0x100, 0x9, 0x2, 0x7, 0xde, 0x200, 0x1, 0xf9, 0x0, 0x53265f23, 0x7, 0x3, 0xe, 0xfffffffa, 0x0, 0x1ff, 0x3, 0x800, 0x931, 0x3, 0x5, 0x8000, 0x0, 0xe, 0x2, 0x1, 0x5]}, 0x45c) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1, 0x0, 0x0, 0x4000002}, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x1) write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000141200006c07010033d43afffb800000000000000000000000000010ff02000000000000000000000000000184"], 0x340a) 224.603858ms ago: executing program 0 (id=2486): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4}}}]}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x884) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) openat$cgroup(r2, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x503000) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) 208.961404ms ago: executing program 1 (id=2487): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)={0x18, 0x14, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x8, 0x2, 0x0, 0x1, [@generic="ecc032c4"]}]}, 0x18}], 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x58, r3, 0x1488f346e7c00843, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_hsr\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = dup(r0) write$UHID_INPUT(r4, &(0x7f00000030c0)={0xc, {"a2e3ad21ed0d52f91b5d390987f70e06d038e7ff7fc6e5539b3247298b089b070d356e090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c51b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 120.213741ms ago: executing program 2 (id=2488): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0xda9917f2, &(0x7f0000000480)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\x05!\x9a\x8b\xeb\xceJP\x1e\xf2\x8a\xd4\xaa\x15@>\xdb\xab\x06\x1b\xe2w\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\xab\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95W+N$\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\xf4\x84\v\x1e\xe6R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\x04\xe6,N\x00\x9a\x9d\xf8\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x90Tk\xa4\xb3\xc4\xa4*\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd8\xc7B\x1cP\x02\xcfH\x89\x82G\xcf\x1921\x9e\v4Q\xc6\x9c\xc3\xfd\xf3Z1\xef7cK\xd5\xdc\xbf\x00\xe0{\xa0\xf7\xcd\x82\xf6\x99\xcb\x1a\x17\x02\xd1\x9d(\xa2 \x85\x8e 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000600)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\xdb\xc9:t\vt,)\x05!\x9a\x8b\xeb\xceJP\x1e\xf2\x8a\xd6\f\xfe\xd4\xaa\x15@>\xdb\xab\x06\x1b\xe2w\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\xab\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95\t\x00\x00\x00\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8b\xc2}N\\R\x1e\xb1\xf0\xcd)\xa2\"`m\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\x02\xe8rP>R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x90Tk\xa4\xb3\xc4\xa4*\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd8\xc7B\x1cP\xed\xe7G\xeeD\xb0\xa3\xec\xe27\x8f\\\x19\xf3\xe7\xbbR\xceH\x891\x9e\v4Q\xee]\x96W\xb9(<\xd1\xbb\x94\xc8\xc6\x9c\xc3\xfd\xf3Z1\xef7cK\xd5\xdc\xbf\x00\xe0{\xa0\xf7\xcd\x82\xf6\x99\xcb\x1a\x17\x02\xd1\x9d(\xa2 \x85\x8e 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xe8\'\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00d\xeex\xb3\xc3J\xc7\x1f\xe33\x14\x16T\x1bb\xc0\x9c\x12\x00'/407) shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffc000/0x4000)=nil) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b90402000000000000000000000510000c0003", 0x21}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) 0s ago: executing program 2 (id=2489): r0 = socket$kcm(0x2, 0x3, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000300)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x0) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x34, r2, 0x1, 0x70bd27, 0x25dfd3fb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_vlan\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c084}, 0x0) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000002800)=[{&(0x7f0000000c00)="b107c09a5026de51ce3e8640af1a8b2d1e67f16405c3458fe41dc04ef234718d683aa3a998fa99431a9c7c6d7505b0cec633f763303666604cbb6aa4c0f995a9454dc81b079dc93b0162ac3d1a8a1b72ce18d493594b3b24bad58801007a7b1d8ab9b50c5dbef8311b2502a124913259abadf354fea31d1ce0fed5c7ac577690164d1a72748723d3eb92e3e73e3a2b7cdfaa442f9e9f8e1a711d5b988215f0f80a2eeade5a078256a41973b0b029278c20a2818628dc256a0742896c3def6e825fdf64fd33d5f584ca908c272dc04d0693decdad028feec7f76221378c185027e8695c9b07506ed46d4f8bb90883c08e85e058ece62cd797d2c01e6285c77430eec435ac9df6256e121859d8aea507ff8a9dd0694681649d44fbb937398edecbe06096df2e443af0c3f0950301e1128727ba88a063e88f90206dd5f099a1c333114b97e0e1b55106a9755e208651a8f281173d1ed31e62433a766a28c8496f00ad108672a1f6079c10588a7ffb658dd61a6efa4bfa379945659c0ebbeca3f56215413802975d89f0c0131c71169084851cddd8b367738f069955b2d3fcdeba878b6bec8240227ddb9fac4706eb62bc6540a91014cce6987ee604c5f398ae4fef3f501ebad02ba122d7769b603eaddb5f9b101f1b42a931ac50c27feb4b0c703d1b3f9e88eb569db5082957fe", 0x1ec}, {&(0x7f0000000740)="fae0835ee82c20abb86f7c287ffb04a52a0b2339a4efc8216bada6fb7f4385ead471969bdf9b82994c10898db8b0fd9a6068b87f4547eff53d6cb7b37534e44d27c79042f5c405c0ff3eaf643001000000000000008263d71ee0e5b2cb31215ded6df9c76d150aa52a4eecb94fe48e79205c96a0aab13eaa4681860576d2e32f6873b200d669e65d56bd8a4703cbea6b8c610ec158fe5f8683f737eea59d4fa640cf2b684c8dd293961047", 0xab}, {&(0x7f00000015c0)="6b75b597d05d969a191023", 0xb}, {&(0x7f0000000e00)="3f013c9ef434ca4df0854ba1c14f7db8ccda5e87715ffd1ead9c4d9a2306168b07d3c6763a3ceabf6dfae235f3d783ddc8a7bbd796b345df843b5f0a623ab36b3123dfcd05bf4a6e3f35d859ffc0b699be4052995533be91880029387cc3e15b2d9bf3513e617572d965ba8f665eedcbdaad53d04cddeed78a3904956c5dc95f47132090648f98558d14a4850ac4b92e1b41a06dee6198c74c72607a032c3c7ef5abd0ba4a7f9f5dfebd75457b2ec358e951ade237c7498b025ad6524eb4263d6ef72e05901da983aac2b31a5e2631e39301a6dd04c128aabcea9134ec99685df1068506541f1265c77c85300497abfebce6ed768d9922ba3699dc6cc1863c0aa9321170b9e63a74986c1996d0fa1a5886e7023836ddbe64bea33edfe6fc1cb64784da18c2d4930eb481930b9298b57c7939189df401aed6a586f0103fccf70f92a53666d5afd3dd0b12273e5c1f2ddee89ed9a280c10df8e55ed24dcf9d631b693cd38006da4629a6b4a599de94a5b8ba6bccffdaa9d3fe0970623c118ba7e811d534915e4c63fa40df1e5a37ad9e5827ff65b2e4d8480a3f66576a3a52c0c80606098c0cb0b203f20d4f7b614652e4d8eb595d29ad1a4ce2c97aa30328c9987e1f1d8b7954ff54ddb69d5c3d2225bdd84e93b19edc2d33116373b0b5be8eea62d84896d2412edf5d321f75811360f89fe6ca8ac6545ec1c9f86ab285d1b5ba00c269514dab7a076c01cbfecaaff336d116481b16e434262de851a70ff056b1f9319840e27d5f446a3476210f4e70ceb71eeec17619911d56b74d7e761ff9c43dd237772377f888bfad215f3ee19eeeb87564f77241258874dd70bdd976305092426d18a3bc60022cb0acc2d21b3e246ae7f49f5b6461b888a3d353362c2ec9bed1f7d4d3a0200e3af42fcf36f4c09bc095b3fd391a23faad86bfa29696b80093da6a97d6c4a54eca89d4979f12acbf89bca0c8cc5f490737b09fd77b8b7fcfa7b94787f81cff59ae583b5309bdb82ff76ceaf739cd254b32cc8e2895", 0x2dd}], 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="521c00000000dd0f000000000000000008", @ANYRES32=0x0, @ANYBLOB="ac141410ac1414aa00000000340000000000000000000000070000000094040000441c6e9000006240000008008000000000010000000010000000001000000000000000"], 0x58}, 0x0) kernel console output (not intermixed with test programs): acturer: syz [ 513.737305][ T5964] usb 3-1: config 0 descriptor?? [ 513.768136][ T5920] usb 1-1: unable to get BOS descriptor or descriptor too short [ 513.778064][ T5920] usb 1-1: config 14 has an invalid interface number: 21 but max is 0 [ 513.786623][ T5920] usb 1-1: config 14 contains an unexpected descriptor of type 0x2, skipping [ 513.795504][ T5920] usb 1-1: config 14 descriptor has 1 excess byte, ignoring [ 513.803246][ T5920] usb 1-1: config 14 has no interface number 0 [ 513.809611][ T5964] rc_core: IR keymap rc-hauppauge not found [ 513.821197][ T5920] usb 1-1: config 14 interface 21 altsetting 251 bulk endpoint 0xA has invalid maxpacket 32 [ 513.831379][ T5964] Registered IR keymap rc-empty [ 513.836347][ T5920] usb 1-1: config 14 interface 21 has no altsetting 0 [ 513.844447][ T5964] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 513.858506][ T5920] usb 1-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc [ 513.868293][ T5964] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input86 [ 513.879134][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.888333][ T5920] usb 1-1: Product: syz [ 513.892991][ T5920] usb 1-1: Manufacturer: syz [ 513.900798][ T5920] usb 1-1: SerialNumber: syz [ 513.917731][T11497] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 513.946067][ T5879] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 513.962994][ T5910] usb 3-1: USB disconnect, device number 58 [ 514.106250][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 514.112228][ T5879] usb 4-1: no configurations [ 514.117130][ T5879] usb 4-1: can't read configurations, error -22 [ 514.133700][T11497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.143104][T11497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.161979][ T5920] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 514.169722][ T5920] usb 1-1: MIDIStreaming interface descriptor not found [ 514.214475][ T5920] usb 1-1: USB disconnect, device number 16 [ 514.246052][ T5879] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 514.258443][ T5944] udevd[5944]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:14.21/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 514.426044][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 514.432136][ T5879] usb 4-1: no configurations [ 514.437195][ T5879] usb 4-1: can't read configurations, error -22 [ 514.443849][ T5879] usb usb4-port1: attempt power cycle [ 514.746058][ T5920] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 514.786238][ T5879] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 514.806743][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 514.812523][ T5879] usb 4-1: no configurations [ 514.817756][ T5879] usb 4-1: can't read configurations, error -22 [ 514.886027][ T5920] usb 3-1: device descriptor read/64, error -71 [ 514.926161][ T5910] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 514.946036][ T5879] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 514.966812][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 514.972912][ T5879] usb 4-1: no configurations [ 514.977704][ T5879] usb 4-1: can't read configurations, error -22 [ 514.985106][ T5879] usb usb4-port1: unable to enumerate USB device [ 515.076032][ T5910] usb 1-1: Using ep0 maxpacket: 16 [ 515.086508][ T24] usb 2-1: USB disconnect, device number 14 [ 515.102585][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.114096][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.126097][ T5920] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 515.136179][ T5910] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 515.147370][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.159669][ T5910] usb 1-1: config 0 descriptor?? [ 515.184270][T11509] kvm: user requested TSC rate below hardware speed [ 515.193055][T11509] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 515.266025][ T5920] usb 3-1: device descriptor read/64, error -71 [ 515.376388][ T5920] usb usb3-port1: attempt power cycle [ 515.575624][ T5910] apple 0003:05AC:024B.003E: unknown global tag 0xe [ 515.588654][ T5910] apple 0003:05AC:024B.003E: item 0 1 1 14 parsing failed [ 515.600392][ T5910] apple 0003:05AC:024B.003E: parse failed [ 515.606919][ T5910] apple 0003:05AC:024B.003E: probe with driver apple failed with error -22 [ 515.716083][ T5920] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 515.736814][ T5920] usb 3-1: device descriptor read/8, error -71 [ 515.775857][ T10] usb 1-1: USB disconnect, device number 17 [ 515.976364][ T5920] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 515.996676][ T5920] usb 3-1: device descriptor read/8, error -71 [ 516.106430][ T5920] usb usb3-port1: unable to enumerate USB device [ 516.736090][ T5920] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 516.886906][ T24] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 516.897749][ T5920] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 516.907050][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 516.919118][ T5920] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 516.928298][ T5920] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 516.936766][ T10] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 516.944570][ T5920] usb 2-1: Manufacturer: syz [ 516.952825][ T5920] usb 2-1: config 0 descriptor?? [ 517.006539][ T5920] rc_core: IR keymap rc-hauppauge not found [ 517.016876][ T5920] Registered IR keymap rc-empty [ 517.023178][ T5920] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 517.035690][ T5920] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input87 [ 517.037915][ T24] usb 1-1: config 0 has an invalid interface number: 96 but max is 0 [ 517.055877][ T24] usb 1-1: config 0 has no interface number 0 [ 517.066250][ T24] usb 1-1: config 0 interface 96 has no altsetting 0 [ 517.075305][ T24] usb 1-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 517.085565][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.095807][ T24] usb 1-1: Product: syz [ 517.100358][ T24] usb 1-1: Manufacturer: syz [ 517.105094][ T24] usb 1-1: SerialNumber: syz [ 517.116288][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 517.121587][ T24] usb 1-1: config 0 descriptor?? [ 517.134030][ T10] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 517.134687][ T24] usbhid 1-1:0.96: couldn't find an input interrupt endpoint [ 517.156250][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 517.170290][ T24] usb 2-1: USB disconnect, device number 15 [ 517.190401][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 517.222081][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 517.246323][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 517.276001][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 517.285288][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.986059][ T24] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 518.144465][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.159059][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 518.169125][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 518.182364][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 518.191750][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.202145][ T24] usb 3-1: config 0 descriptor?? [ 518.440520][ T5910] usb 1-1: USB disconnect, device number 18 [ 518.618548][ T24] plantronics 0003:047F:FFFF.003F: reserved main item tag 0xd [ 518.635237][ T24] plantronics 0003:047F:FFFF.003F: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 518.818229][T11545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 518.827401][T11545] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 518.838027][ T5920] usb 3-1: USB disconnect, device number 63 [ 519.628949][ T24] usb 4-1: USB disconnect, device number 65 [ 520.006009][ T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 520.158184][ T24] usb 3-1: config 0 has an invalid interface number: 207 but max is 0 [ 520.167010][ T29] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 520.179621][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.606625][ T24] usb 3-1: config 0 has no interface number 0 [ 520.616793][ T24] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 520.636004][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.648620][ T29] usb 1-1: device descriptor read/64, error -71 [ 520.655549][ T24] usb 3-1: Product: syz [ 520.665964][ T24] usb 3-1: Manufacturer: syz [ 520.671139][ T24] usb 3-1: SerialNumber: syz [ 520.689056][ T24] usb 3-1: config 0 descriptor?? [ 520.703889][ T24] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22 [ 520.886041][ T29] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 520.918049][ T24] usb 3-1: USB disconnect, device number 64 [ 520.980601][T11589] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 521.010840][T11589] capability: warning: `syz.3.2246' uses 32-bit capabilities (legacy support in use) [ 521.046069][ T29] usb 1-1: device descriptor read/64, error -71 [ 521.156457][ T29] usb usb1-port1: attempt power cycle [ 521.496207][ T29] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 521.576053][ T29] usb 1-1: device descriptor read/8, error -71 [ 521.816023][ T29] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 521.836891][ T29] usb 1-1: device descriptor read/8, error -71 [ 521.936044][ T5920] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 521.946463][ T29] usb usb1-port1: unable to enumerate USB device [ 522.096005][ T5920] usb 2-1: Using ep0 maxpacket: 8 [ 522.103629][ T5920] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 522.114649][ T5920] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 522.125183][ T5920] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 522.140819][ T5920] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 522.150990][ T10] usb 4-1: new full-speed USB device number 66 using dummy_hcd [ 522.166400][ T5920] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 522.197110][ T5920] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 522.206621][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.239083][T11602] FAULT_INJECTION: forcing a failure. [ 522.239083][T11602] name failslab, interval 1, probability 0, space 0, times 0 [ 522.258612][T11602] CPU: 0 UID: 0 PID: 11602 Comm: syz.2.2251 Not tainted syzkaller #0 PREEMPT(full) [ 522.258642][T11602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 522.258655][T11602] Call Trace: [ 522.258669][T11602] [ 522.258678][T11602] dump_stack_lvl+0xe8/0x150 [ 522.258712][T11602] should_fail_ex+0x412/0x560 [ 522.258742][T11602] should_failslab+0xa8/0x100 [ 522.258767][T11602] __kmalloc_cache_noprof+0x88/0x660 [ 522.258795][T11602] ? nfnetlink_rcv+0xfe1/0x27b0 [ 522.258829][T11602] nfnetlink_rcv+0xfe1/0x27b0 [ 522.258890][T11602] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 522.258930][T11602] ? __pfx_save_netdev_trace_buffer+0x10/0x10 [ 522.258957][T11602] ? ref_tracker_free+0x693/0x840 [ 522.258992][T11602] ? netlink_unicast+0x7e3/0x9b0 [ 522.259017][T11602] ? netlink_sendmsg+0x813/0xb40 [ 522.259076][T11602] ? __netlink_deliver_tap+0x866/0x8b0 [ 522.259106][T11602] ? netlink_deliver_tap+0x2e/0x1b0 [ 522.259154][T11602] netlink_unicast+0x80f/0x9b0 [ 522.259191][T11602] ? __pfx_netlink_unicast+0x10/0x10 [ 522.259220][T11602] ? netlink_sendmsg+0x650/0xb40 [ 522.259247][T11602] ? skb_put+0x11b/0x210 [ 522.259273][T11602] netlink_sendmsg+0x813/0xb40 [ 522.259312][T11602] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.259344][T11602] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 522.259377][T11602] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.259405][T11602] sock_sendmsg_nosec+0x18f/0x1d0 [ 522.259460][T11602] ____sys_sendmsg+0x589/0x8c0 [ 522.259482][T11602] ? __might_fault+0xaf/0x130 [ 522.259515][T11602] ? __pfx_____sys_sendmsg+0x10/0x10 [ 522.259548][T11602] ? import_iovec+0x73/0xa0 [ 522.259583][T11602] ___sys_sendmsg+0x2a5/0x360 [ 522.259604][T11602] ? __lock_acquire+0x6b5/0x2cf0 [ 522.259632][T11602] ? __pfx____sys_sendmsg+0x10/0x10 [ 522.259695][T11602] ? __fget_files+0x2a/0x420 [ 522.259717][T11602] ? __fget_files+0x3a0/0x420 [ 522.259751][T11602] __x64_sys_sendmsg+0x1bd/0x2a0 [ 522.259777][T11602] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 522.259811][T11602] ? __pfx_ksys_write+0x10/0x10 [ 522.259851][T11602] do_syscall_64+0xe2/0xf80 [ 522.259881][T11602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.259901][T11602] ? trace_irq_disable+0x37/0x100 [ 522.259926][T11602] ? clear_bhb_loop+0x40/0x90 [ 522.259951][T11602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.259972][T11602] RIP: 0033:0x7f0f5d19acb9 [ 522.260001][T11602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 522.260018][T11602] RSP: 002b:00007f0f5df72028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 522.260041][T11602] RAX: ffffffffffffffda RBX: 00007f0f5d415fa0 RCX: 00007f0f5d19acb9 [ 522.260056][T11602] RDX: 0000000000000840 RSI: 0000200000000100 RDI: 0000000000000003 [ 522.260070][T11602] RBP: 00007f0f5df72090 R08: 0000000000000000 R09: 0000000000000000 [ 522.260082][T11602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.260094][T11602] R13: 00007f0f5d416038 R14: 00007f0f5d415fa0 R15: 00007ffd17383a38 [ 522.260129][T11602] [ 522.604059][ T10] usb 4-1: config 0 has an invalid interface number: 96 but max is 0 [ 522.612611][ T10] usb 4-1: config 0 has no interface number 0 [ 522.618955][ T10] usb 4-1: config 0 interface 96 has no altsetting 0 [ 522.642151][ T10] usb 4-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 522.651913][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.659959][ T10] usb 4-1: Product: syz [ 522.664280][ T10] usb 4-1: Manufacturer: syz [ 522.669027][ T10] usb 4-1: SerialNumber: syz [ 522.678097][ T10] usb 4-1: config 0 descriptor?? [ 522.698237][ T10] usbhid 4-1:0.96: couldn't find an input interrupt endpoint [ 522.908996][ T10] usb 4-1: USB disconnect, device number 66 [ 522.986052][ T29] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 523.137319][ T29] usb 3-1: Using ep0 maxpacket: 32 [ 523.144708][ T29] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 523.153210][ T29] usb 3-1: config 0 has no interface number 0 [ 523.160716][ T29] usb 3-1: config 0 interface 12 has no altsetting 0 [ 523.169463][ T29] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 523.179137][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.187172][ T29] usb 3-1: Product: syz [ 523.191399][ T29] usb 3-1: Manufacturer: syz [ 523.196076][ T29] usb 3-1: SerialNumber: syz [ 523.202836][ T29] usb 3-1: config 0 descriptor?? [ 523.451429][T11604] syz.2.2252 uses obsolete (PF_INET,SOCK_PACKET) [ 523.470406][ T29] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 523.485506][ T29] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 523.494190][ T29] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 523.506534][ T29] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 523.532874][ T29] usb 3-1: USB disconnect, device number 65 [ 523.546226][ T5828] udevd[5828]: setting mode of /dev/bus/usb/003/065 to 020664 failed: No such file or directory [ 523.558320][ T5828] udevd[5828]: setting owner of /dev/bus/usb/003/065 to uid=0, gid=0 failed: No such file or directory [ 523.739725][T11613] kvm: user requested TSC rate below hardware speed [ 523.747439][T11614] openvswitch: netlink: VXLAN extension 307 out of range max 1 [ 523.748712][T11613] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 523.890289][T11617] warning: `syz.0.2256' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 524.306024][ T10] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 524.466011][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 524.475655][ T10] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 524.485206][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.493458][ T10] usb 3-1: Product: syz [ 524.498315][ T10] usb 3-1: Manufacturer: syz [ 524.502962][ T10] usb 3-1: SerialNumber: syz [ 524.718980][ T5910] usb 2-1: USB disconnect, device number 16 [ 524.734706][ T10] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 524.760826][ T10] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 524.782078][ T10] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 524.791560][ T10] usb 3-1: media controller created [ 524.822505][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 524.850462][ T10] zl10353_read_register: readreg error (reg=127, ret==-71) [ 524.903202][ T10] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 524.923569][ T10] usb 3-1: USB disconnect, device number 66 [ 525.044468][T11628] ubi: mtd0 is already attached to ubi31 [ 525.376077][ T5910] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 525.506008][ T5910] usb 1-1: device descriptor read/64, error -71 [ 525.516036][ T10] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 525.666031][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 525.672746][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 525.684108][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 525.695561][ T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 525.705385][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 525.722831][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 525.732885][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.743214][ T10] usb 3-1: config 0 descriptor?? [ 525.756129][ T5910] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 525.886050][ T5910] usb 1-1: device descriptor read/64, error -71 [ 525.955300][ T29] usb 3-1: USB disconnect, device number 67 [ 526.006649][ T5910] usb usb1-port1: attempt power cycle [ 526.280062][T11641] kvm: user requested TSC rate below hardware speed [ 526.288698][T11641] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 526.346077][ T5910] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 526.366885][ T5910] usb 1-1: device descriptor read/8, error -71 [ 526.606009][ T5910] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 526.636691][ T5910] usb 1-1: device descriptor read/8, error -71 [ 526.687387][ T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 526.748725][ T5910] usb usb1-port1: unable to enumerate USB device [ 526.856833][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 526.864038][ T24] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 526.873877][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 526.884376][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 526.894938][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 526.905643][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 526.920759][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 526.930525][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.076188][ T5910] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 527.206183][ T5910] usb 4-1: device descriptor read/64, error -71 [ 527.365108][T11663] sctp: [Deprecated]: syz.2.2273 (pid 11663) Use of struct sctp_assoc_value in delayed_ack socket option. [ 527.365108][T11663] Use struct sctp_sack_info instead [ 527.446062][ T5910] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 527.488426][T11663] misc userio: The device must be registered before sending interrupts [ 527.576758][ T5910] usb 4-1: device descriptor read/64, error -71 [ 527.696477][ T5910] usb usb4-port1: attempt power cycle [ 528.036100][ T5910] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 528.056625][ T5910] usb 4-1: device descriptor read/8, error -71 [ 528.208858][T11667] overlayfs: failed to resolve './file0': -2 [ 528.295304][T11671] kvm: user requested TSC rate below hardware speed [ 528.302541][ T5910] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 528.326511][ T5910] usb 4-1: device descriptor read/8, error -71 [ 528.436483][ T5910] usb usb4-port1: unable to enumerate USB device [ 528.596304][T11682] netlink: 'syz.0.2281': attribute type 46 has an invalid length. [ 528.604537][T11682] netlink: 'syz.0.2281': attribute type 28 has an invalid length. [ 528.826510][ T10] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 528.876037][ T5920] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 528.956012][ T10] usb 3-1: device descriptor read/64, error -71 [ 529.006098][ T5920] usb 1-1: device descriptor read/64, error -71 [ 529.196004][ T10] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 529.246040][ T5920] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 529.325979][ T10] usb 3-1: device descriptor read/64, error -71 [ 529.376101][ T5920] usb 1-1: device descriptor read/64, error -71 [ 529.436294][ T10] usb usb3-port1: attempt power cycle [ 529.456553][ T5910] usb 2-1: USB disconnect, device number 17 [ 529.497942][ T5920] usb usb1-port1: attempt power cycle [ 529.786005][ T10] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 529.806637][ T10] usb 3-1: device descriptor read/8, error -71 [ 529.836021][ T5920] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 529.856729][ T5920] usb 1-1: device descriptor read/8, error -71 [ 530.046034][ T10] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 530.066688][ T10] usb 3-1: device descriptor read/8, error -71 [ 530.106059][ T5920] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 530.136776][ T5920] usb 1-1: device descriptor read/8, error -71 [ 530.176667][ T10] usb usb3-port1: unable to enumerate USB device [ 530.257443][ T5920] usb usb1-port1: unable to enumerate USB device [ 530.636133][ T5920] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 530.695420][T11706] kvm: user requested TSC rate below hardware speed [ 530.795979][ T5920] usb 2-1: Using ep0 maxpacket: 8 [ 530.805875][ T5920] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 530.825976][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.834150][ T5920] usb 2-1: Product: syz [ 530.838747][ T5920] usb 2-1: Manufacturer: syz [ 530.843552][ T5920] usb 2-1: SerialNumber: syz [ 530.859194][ T5920] usb 2-1: config 0 descriptor?? [ 530.907064][T11708] netlink: 763 bytes leftover after parsing attributes in process `syz.3.2290'. [ 531.071662][ T5920] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 531.488858][ T5920] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 531.514538][ T5920] usb 2-1: USB disconnect, device number 18 [ 531.797687][T11717] FAULT_INJECTION: forcing a failure. [ 531.797687][T11717] name failslab, interval 1, probability 0, space 0, times 0 [ 531.811258][T11717] CPU: 0 UID: 0 PID: 11717 Comm: syz.3.2294 Not tainted syzkaller #0 PREEMPT(full) [ 531.811277][T11717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 531.811284][T11717] Call Trace: [ 531.811290][T11717] [ 531.811295][T11717] dump_stack_lvl+0xe8/0x150 [ 531.811317][T11717] should_fail_ex+0x412/0x560 [ 531.811336][T11717] should_failslab+0xa8/0x100 [ 531.811355][T11717] __kmalloc_cache_noprof+0x88/0x660 [ 531.811372][T11717] ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 531.811389][T11717] ? __genradix_ptr+0x1e1/0x220 [ 531.811403][T11717] sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 531.811425][T11717] sctp_association_new+0x15d3/0x25e0 [ 531.811448][T11717] sctp_connect_new_asoc+0x2e4/0x6b0 [ 531.811463][T11717] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 531.811480][T11717] ? __local_bh_enable_ip+0xd0/0x130 [ 531.811493][T11717] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 531.811510][T11717] ? security_sctp_bind_connect+0x7e/0x2c0 [ 531.811546][T11717] sctp_sendmsg+0x1528/0x2c10 [ 531.811567][T11717] ? __pfx_sctp_sendmsg+0x10/0x10 [ 531.811582][T11717] ? aa_sk_perm+0x15a/0x960 [ 531.811607][T11717] ? aa_sk_perm+0x82d/0x960 [ 531.811628][T11717] ? __pfx_aa_sk_perm+0x10/0x10 [ 531.811642][T11717] ? sock_rps_record_flow+0x19/0x400 [ 531.811658][T11717] ? inet_sendmsg+0x2f4/0x370 [ 531.811673][T11717] sock_sendmsg_nosec+0x128/0x1d0 [ 531.811691][T11717] __sys_sendto+0x3ff/0x590 [ 531.811710][T11717] ? __pfx___sys_sendto+0x10/0x10 [ 531.811726][T11717] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 531.811744][T11717] ? __fget_files+0x3a0/0x420 [ 531.811764][T11717] ? ksys_write+0x242/0x270 [ 531.811781][T11717] ? __pfx_ksys_write+0x10/0x10 [ 531.811799][T11717] __x64_sys_sendto+0xde/0x100 [ 531.811813][T11717] do_syscall_64+0xe2/0xf80 [ 531.811829][T11717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.811841][T11717] ? trace_irq_disable+0x37/0x100 [ 531.811855][T11717] ? clear_bhb_loop+0x40/0x90 [ 531.811870][T11717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.811881][T11717] RIP: 0033:0x7f0fb739acb9 [ 531.811895][T11717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 531.811905][T11717] RSP: 002b:00007f0fb55f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 531.811920][T11717] RAX: ffffffffffffffda RBX: 00007f0fb7615fa0 RCX: 00007f0fb739acb9 [ 531.811929][T11717] RDX: 000000000000ff04 RSI: 00002000000002c0 RDI: 0000000000000003 [ 531.811937][T11717] RBP: 00007f0fb55f6090 R08: 00002000000000c0 R09: 0000000000000010 [ 531.811945][T11717] R10: 000000002000c8d4 R11: 0000000000000246 R12: 0000000000000001 [ 531.811952][T11717] R13: 00007f0fb7616038 R14: 00007f0fb7615fa0 R15: 00007ffd91fb0708 [ 531.811971][T11717] [ 532.200751][T11723] netlink: 'syz.3.2297': attribute type 1 has an invalid length. [ 532.209972][T11723] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2297'. [ 532.219284][ T5910] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 532.237145][ T5920] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 532.376526][ T5920] usb 1-1: device descriptor read/64, error -71 [ 532.377038][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 532.389927][ T5910] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 532.398270][ T5910] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 532.408704][ T5910] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 532.419445][ T5910] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 532.430883][ T5910] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 532.448673][ T5910] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 532.458343][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.506019][ T29] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 532.576019][ T5964] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 532.616007][ T5920] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 532.656734][ T29] usb 2-1: no configurations [ 532.661910][ T29] usb 2-1: can't read configurations, error -22 [ 532.706069][ T5964] usb 4-1: device descriptor read/64, error -71 [ 532.746473][ T5920] usb 1-1: device descriptor read/64, error -71 [ 532.796089][ T29] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 532.856940][ T5920] usb usb1-port1: attempt power cycle [ 532.946769][ T29] usb 2-1: no configurations [ 532.951409][ T29] usb 2-1: can't read configurations, error -22 [ 532.956012][ T5964] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 532.958633][ T29] usb usb2-port1: attempt power cycle [ 533.096057][ T5964] usb 4-1: device descriptor read/64, error -71 [ 533.207300][ T5964] usb usb4-port1: attempt power cycle [ 533.212895][ T5920] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 533.236918][ T5920] usb 1-1: device descriptor read/8, error -71 [ 533.316147][ T29] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 533.337359][ T29] usb 2-1: no configurations [ 533.342193][ T29] usb 2-1: can't read configurations, error -22 [ 533.476096][ T5920] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 533.486053][ T29] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 533.496635][ T5920] usb 1-1: device descriptor read/8, error -71 [ 533.516987][ T29] usb 2-1: no configurations [ 533.521644][ T29] usb 2-1: can't read configurations, error -22 [ 533.528628][ T29] usb usb2-port1: unable to enumerate USB device [ 533.565998][ T5964] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 533.586686][ T5964] usb 4-1: device descriptor read/8, error -71 [ 533.606360][ T5920] usb usb1-port1: unable to enumerate USB device [ 533.836047][ T5964] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 533.857015][ T5964] usb 4-1: device descriptor read/8, error -71 [ 533.966345][ T5964] usb usb4-port1: unable to enumerate USB device [ 534.704938][ T29] usb 3-1: USB disconnect, device number 72 [ 535.067238][T11741] FAULT_INJECTION: forcing a failure. [ 535.067238][T11741] name failslab, interval 1, probability 0, space 0, times 0 [ 535.081358][T11741] CPU: 0 UID: 0 PID: 11741 Comm: syz.0.2305 Not tainted syzkaller #0 PREEMPT(full) [ 535.081377][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 535.081385][T11741] Call Trace: [ 535.081391][T11741] [ 535.081396][T11741] dump_stack_lvl+0xe8/0x150 [ 535.081417][T11741] should_fail_ex+0x412/0x560 [ 535.081435][T11741] should_failslab+0xa8/0x100 [ 535.081454][T11741] __kmalloc_noprof+0xe8/0x760 [ 535.081471][T11741] ? tomoyo_encode+0x28b/0x550 [ 535.081486][T11741] tomoyo_encode+0x28b/0x550 [ 535.081501][T11741] tomoyo_realpath_from_path+0x58d/0x5d0 [ 535.081520][T11741] ? tomoyo_path_number_perm+0x219/0x630 [ 535.081536][T11741] tomoyo_path_number_perm+0x246/0x630 [ 535.081554][T11741] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 535.081569][T11741] ? __lock_acquire+0x6b5/0x2cf0 [ 535.081592][T11741] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 535.081615][T11741] ? __fget_files+0x2a/0x420 [ 535.081630][T11741] ? __fget_files+0x2a/0x420 [ 535.081643][T11741] ? __fget_files+0x3a0/0x420 [ 535.081655][T11741] ? __fget_files+0x2a/0x420 [ 535.081670][T11741] security_file_ioctl+0xc3/0x2a0 [ 535.081686][T11741] __se_sys_ioctl+0x47/0x170 [ 535.081705][T11741] do_syscall_64+0xe2/0xf80 [ 535.081721][T11741] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.081733][T11741] ? trace_irq_disable+0x37/0x100 [ 535.081747][T11741] ? clear_bhb_loop+0x40/0x90 [ 535.081761][T11741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.081773][T11741] RIP: 0033:0x7f3bfdb9acb9 [ 535.081786][T11741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 535.081797][T11741] RSP: 002b:00007f3bfeac1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.081811][T11741] RAX: ffffffffffffffda RBX: 00007f3bfde15fa0 RCX: 00007f3bfdb9acb9 [ 535.081820][T11741] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003 [ 535.081828][T11741] RBP: 00007f3bfeac1090 R08: 0000000000000000 R09: 0000000000000000 [ 535.081835][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 535.081842][T11741] R13: 00007f3bfde16038 R14: 00007f3bfde15fa0 R15: 00007ffda58c7e28 [ 535.081868][T11741] [ 535.082071][T11741] ERROR: Out of memory at tomoyo_realpath_from_path. [ 535.254317][ T29] usb 3-1: new full-speed USB device number 73 using dummy_hcd [ 535.499119][ T29] usb 3-1: config 0 has an invalid interface number: 96 but max is 0 [ 535.507714][ T29] usb 3-1: config 0 has no interface number 0 [ 535.514056][ T29] usb 3-1: config 0 interface 96 has no altsetting 0 [ 535.527345][ T29] usb 3-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 535.537211][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.545370][ T29] usb 3-1: Product: syz [ 535.550422][ T29] usb 3-1: Manufacturer: syz [ 535.555055][ T29] usb 3-1: SerialNumber: syz [ 535.571545][ T29] usb 3-1: config 0 descriptor?? [ 535.588306][ T29] usbhid 3-1:0.96: couldn't find an input interrupt endpoint [ 535.716132][ T5910] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 535.806007][ T5964] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 535.826042][ T5920] usb 3-1: USB disconnect, device number 73 [ 535.866187][ T5910] usb 1-1: Using ep0 maxpacket: 8 [ 535.873387][ T5910] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 535.886083][ T5910] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.897196][ T5910] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.907701][ T5910] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.918184][ T5910] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.935988][ T5910] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 535.945196][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.976047][ T5964] usb 4-1: Using ep0 maxpacket: 8 [ 535.999047][ T5964] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 536.018717][ T5964] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 536.029429][ T5964] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 536.042221][ T5964] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 536.053004][ T5964] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 536.070086][ T5964] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 536.081408][ T5964] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.173827][ T5910] usb 1-1: usb_control_msg returned -32 [ 536.186004][ T5910] usbtmc 1-1:16.0: can't read capabilities [ 536.215973][ T5910] usb 1-1: USB disconnect, device number 35 [ 536.229573][ T5150] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 536.240741][ T5150] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 536.249334][ T5150] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 536.272066][ T5150] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 536.284138][ T5150] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 536.674740][T11756] chnl_net:caif_netlink_parms(): no params data found [ 536.718613][T11760] could not allocate digest TFM handle hmac(sha1-avx2) [ 536.768741][T11770] FAULT_INJECTION: forcing a failure. [ 536.768741][T11770] name failslab, interval 1, probability 0, space 0, times 0 [ 536.788542][T11770] CPU: 1 UID: 0 PID: 11770 Comm: syz.0.2313 Not tainted syzkaller #0 PREEMPT(full) [ 536.788571][T11770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 536.788583][T11770] Call Trace: [ 536.788592][T11770] [ 536.788602][T11770] dump_stack_lvl+0xe8/0x150 [ 536.788636][T11770] should_fail_ex+0x412/0x560 [ 536.788668][T11770] should_failslab+0xa8/0x100 [ 536.788700][T11770] __kmalloc_noprof+0xe8/0x760 [ 536.788727][T11770] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 536.788755][T11770] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 536.788786][T11770] genl_family_rcv_msg_doit+0xd9/0x330 [ 536.788814][T11770] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 536.788845][T11770] ? apparmor_capable+0x137/0x1a0 [ 536.788871][T11770] ? bpf_lsm_capable+0x9/0x20 [ 536.788891][T11770] ? security_capable+0x7e/0x2c0 [ 536.788924][T11770] genl_rcv_msg+0x61c/0x7a0 [ 536.788955][T11770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 536.788973][T11770] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 536.788995][T11770] ? __pfx_nl80211_set_station+0x10/0x10 [ 536.789018][T11770] ? __pfx_nl80211_post_doit+0x10/0x10 [ 536.789043][T11770] ? __x64_sys_sendmsg+0x1bd/0x2a0 [ 536.789063][T11770] ? do_syscall_64+0xe2/0xf80 [ 536.789090][T11770] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.789119][T11770] netlink_rcv_skb+0x232/0x4b0 [ 536.789147][T11770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 536.789179][T11770] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.789203][T11770] ? genl_rcv+0x19/0x40 [ 536.789243][T11770] ? down_read+0x272/0x2e0 [ 536.789261][T11770] ? genl_rcv+0xd/0x40 [ 536.789285][T11770] genl_rcv+0x28/0x40 [ 536.789305][T11770] netlink_unicast+0x80f/0x9b0 [ 536.789351][T11770] ? __pfx_netlink_unicast+0x10/0x10 [ 536.789379][T11770] ? netlink_sendmsg+0x650/0xb40 [ 536.789405][T11770] ? skb_put+0x11b/0x210 [ 536.789429][T11770] netlink_sendmsg+0x813/0xb40 [ 536.789474][T11770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.789513][T11770] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 536.789545][T11770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.789571][T11770] sock_sendmsg_nosec+0x18f/0x1d0 [ 536.789602][T11770] ____sys_sendmsg+0x589/0x8c0 [ 536.789624][T11770] ? __might_fault+0xaf/0x130 [ 536.789655][T11770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 536.789687][T11770] ? import_iovec+0x73/0xa0 [ 536.789722][T11770] ___sys_sendmsg+0x2a5/0x360 [ 536.789741][T11770] ? __lock_acquire+0x6b5/0x2cf0 [ 536.789768][T11770] ? __pfx____sys_sendmsg+0x10/0x10 [ 536.789830][T11770] ? __fget_files+0x2a/0x420 [ 536.789851][T11770] ? __fget_files+0x3a0/0x420 [ 536.789885][T11770] __x64_sys_sendmsg+0x1bd/0x2a0 [ 536.789910][T11770] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 536.789944][T11770] ? __pfx_ksys_write+0x10/0x10 [ 536.789984][T11770] do_syscall_64+0xe2/0xf80 [ 536.790012][T11770] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.790031][T11770] ? trace_irq_disable+0x37/0x100 [ 536.790055][T11770] ? clear_bhb_loop+0x40/0x90 [ 536.790090][T11770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.790110][T11770] RIP: 0033:0x7f3bfdb9acb9 [ 536.790131][T11770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.790149][T11770] RSP: 002b:00007f3bfeac1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 536.790171][T11770] RAX: ffffffffffffffda RBX: 00007f3bfde15fa0 RCX: 00007f3bfdb9acb9 [ 536.790186][T11770] RDX: 000000000000800c RSI: 0000200000000000 RDI: 0000000000000003 [ 536.790199][T11770] RBP: 00007f3bfeac1090 R08: 0000000000000000 R09: 0000000000000000 [ 536.790211][T11770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.790224][T11770] R13: 00007f3bfde16038 R14: 00007f3bfde15fa0 R15: 00007ffda58c7e28 [ 536.790258][T11770] [ 537.175349][T11772] usbtmc 4-1:16.0: simple usb_control_msg returned 0 [ 537.306275][T11756] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.313602][T11756] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.321398][T11756] bridge_slave_0: entered allmulticast mode [ 537.329839][T11756] bridge_slave_0: entered promiscuous mode [ 537.340026][T11756] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.347418][T11756] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.354696][T11756] bridge_slave_1: entered allmulticast mode [ 537.363016][T11756] bridge_slave_1: entered promiscuous mode [ 537.394098][ T5879] usb 4-1: USB disconnect, device number 75 [ 537.501782][T11756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 537.511047][ T5910] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 537.523750][T11756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.553606][T11756] team0: Port device team_slave_0 added [ 537.563275][T11756] team0: Port device team_slave_1 added [ 537.612377][T11756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.619618][T11756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.649164][T11756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.661537][T11756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.668862][T11756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.676065][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 537.696231][T11756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.702041][ T5910] usb 3-1: no configurations [ 537.710931][ T5920] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 537.716024][ T5910] usb 3-1: can't read configurations, error -22 [ 537.761759][T11756] hsr_slave_0: entered promiscuous mode [ 537.768454][T11756] hsr_slave_1: entered promiscuous mode [ 537.776651][T11756] debugfs: 'hsr0' already exists in 'hsr' [ 537.782784][T11756] Cannot create hsr debugfs directory [ 537.856158][ T5910] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 537.876360][ T5920] usb 1-1: Using ep0 maxpacket: 16 [ 537.887461][ T5920] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 537.900026][ T5920] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 537.926028][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.935728][ T5920] usb 1-1: Product: syz [ 537.940018][ T5920] usb 1-1: Manufacturer: syz [ 537.944712][ T5920] usb 1-1: SerialNumber: syz [ 537.958171][T11756] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.971480][ T5920] usb 1-1: config 0 descriptor?? [ 537.996829][ T5920] sr9700 1-1:0.0: probe with driver sr9700 failed with error -22 [ 538.007581][T11788] netlink: 'syz.3.2318': attribute type 6 has an invalid length. [ 538.016309][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 538.034371][ T5910] usb 3-1: no configurations [ 538.043679][ T5910] usb 3-1: can't read configurations, error -22 [ 538.054694][ T5910] usb usb3-port1: attempt power cycle [ 538.085768][T11756] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.212344][T11756] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.230797][T11785] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2317'. [ 538.257302][ T5920] usb 1-1: USB disconnect, device number 36 [ 538.369437][ T5150] Bluetooth: hci4: command tx timeout [ 538.426122][ T5910] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 538.457405][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 538.463514][ T5910] usb 3-1: no configurations [ 538.473226][ T5910] usb 3-1: can't read configurations, error -22 [ 538.526012][ T5879] usb 4-1: new full-speed USB device number 76 using dummy_hcd [ 538.627716][ T5910] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 538.673925][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 538.680367][ T5910] usb 3-1: no configurations [ 538.685258][ T5910] usb 3-1: can't read configurations, error -22 [ 538.692399][ T5910] usb usb3-port1: unable to enumerate USB device [ 538.702915][ T5879] usb 4-1: config 0 has an invalid interface number: 96 but max is 0 [ 538.712887][ T5879] usb 4-1: config 0 has no interface number 0 [ 538.719249][ T5879] usb 4-1: config 0 interface 96 has no altsetting 0 [ 538.728364][ T5879] usb 4-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 538.738530][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.746788][ T5879] usb 4-1: Product: syz [ 538.751119][ T5879] usb 4-1: Manufacturer: syz [ 538.756308][ T5879] usb 4-1: SerialNumber: syz [ 538.770937][ T5879] usb 4-1: config 0 descriptor?? [ 538.781526][ T5879] usbhid 4-1:0.96: couldn't find an input interrupt endpoint [ 539.007154][ T5879] usb 4-1: USB disconnect, device number 76 [ 539.838187][T11756] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.936505][ T5920] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 539.975974][T11756] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 539.986666][T11756] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 539.997917][T11756] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 540.008826][T11756] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 540.082122][T11756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 540.096276][ T5920] usb 4-1: Using ep0 maxpacket: 8 [ 540.104176][ T5920] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 540.108838][T11756] 8021q: adding VLAN 0 to HW filter on device team0 [ 540.115750][ T5920] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 540.134492][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.137297][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 540.141922][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 540.152080][ T5920] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 540.162055][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.176435][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.184050][ T5920] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.198344][ T5920] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 540.207744][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.440666][ T5150] Bluetooth: hci4: command tx timeout [ 540.451240][ T5920] usb 4-1: usb_control_msg returned -32 [ 540.473583][ T5920] usbtmc 4-1:16.0: can't read capabilities [ 540.490715][T11807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2322'. [ 540.525581][ T5920] usb 4-1: USB disconnect, device number 77 [ 540.528762][T11756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.640508][T11756] veth0_vlan: entered promiscuous mode [ 540.662870][T11756] veth1_vlan: entered promiscuous mode [ 540.718111][T11756] veth0_macvtap: entered promiscuous mode [ 540.729124][T11756] veth1_macvtap: entered promiscuous mode [ 540.752143][T11756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.770479][T11756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 540.785160][ T3438] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.796842][ T3438] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.809900][ T3438] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.819098][ T3438] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.899885][ T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.911206][ T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.926921][ T5910] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 540.946615][ T5879] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 540.953907][ T3018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.966513][ T3018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.045846][T11819] netlink: 'syz.1.2311': attribute type 4 has an invalid length. [ 541.109981][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 541.115315][ T5879] usb 3-1: Using ep0 maxpacket: 8 [ 541.128393][ T5910] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 541.138128][ T5879] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 541.154974][ T5910] usb 1-1: config 0 has no interface number 0 [ 541.161847][ T5879] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 541.174549][ T5879] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 541.187170][ T5910] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 541.197438][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.205566][ T5910] usb 1-1: Product: syz [ 541.210584][ T5879] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 541.220998][ T5910] usb 1-1: Manufacturer: syz [ 541.225632][ T5910] usb 1-1: SerialNumber: syz [ 541.230798][ T5879] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 541.248850][ T5910] usb 1-1: config 0 descriptor?? [ 541.264215][ T5910] smsc95xx v2.0.0 [ 541.270796][ T5879] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 541.291670][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.663338][ T5910] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 541.675005][ T5910] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 541.756065][ T5964] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 541.886841][ T5879] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 541.907911][ T5964] usb 2-1: config 0 has an invalid interface number: 96 but max is 0 [ 541.917787][ T5964] usb 2-1: config 0 has no interface number 0 [ 541.924020][ T5964] usb 2-1: config 0 interface 96 has no altsetting 0 [ 541.933859][ T5964] usb 2-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 541.943978][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.952076][ T5964] usb 2-1: Product: syz [ 541.956652][ T5964] usb 2-1: Manufacturer: syz [ 541.961275][ T5964] usb 2-1: SerialNumber: syz [ 541.972259][ T5964] usb 2-1: config 0 descriptor?? [ 541.983406][ T5964] usbhid 2-1:0.96: couldn't find an input interrupt endpoint [ 542.056047][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 542.061988][ T5879] usb 4-1: no configurations [ 542.066744][ T5879] usb 4-1: can't read configurations, error -22 [ 542.088394][T11829] usbtmc 3-1:16.0: simple usb_control_msg returned 0 [ 542.185365][ T5964] usb 2-1: USB disconnect, device number 23 [ 542.196098][ T5879] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 542.293205][ T5910] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 542.295170][ T5920] usb 3-1: USB disconnect, device number 78 [ 542.306039][ T5910] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 542.328817][ T5910] usb 1-1: USB disconnect, device number 37 [ 542.366160][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 542.373314][ T5879] usb 4-1: no configurations [ 542.378899][ T5879] usb 4-1: can't read configurations, error -22 [ 542.389004][ T5879] usb usb4-port1: attempt power cycle [ 542.516131][ T5150] Bluetooth: hci4: command tx timeout [ 542.736054][ T5879] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 542.763257][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 542.770410][ T5879] usb 4-1: no configurations [ 542.775067][ T5879] usb 4-1: can't read configurations, error -22 [ 542.851271][T11834] FAULT_INJECTION: forcing a failure. [ 542.851271][T11834] name failslab, interval 1, probability 0, space 0, times 0 [ 542.868829][T11834] CPU: 0 UID: 0 PID: 11834 Comm: syz.2.2330 Not tainted syzkaller #0 PREEMPT(full) [ 542.868859][T11834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 542.868871][T11834] Call Trace: [ 542.868880][T11834] [ 542.868890][T11834] dump_stack_lvl+0xe8/0x150 [ 542.868923][T11834] should_fail_ex+0x412/0x560 [ 542.868954][T11834] should_failslab+0xa8/0x100 [ 542.868988][T11834] __kmalloc_cache_noprof+0x88/0x660 [ 542.869017][T11834] ? sctp_add_bind_addr+0x8c/0x370 [ 542.869043][T11834] ? __pfx_sctp_get_port_local+0x10/0x10 [ 542.869071][T11834] sctp_add_bind_addr+0x8c/0x370 [ 542.869098][T11834] ? sctp_auto_asconf_init+0x15c/0x1e0 [ 542.869124][T11834] sctp_do_bind+0x5b2/0x9d0 [ 542.869156][T11834] sctp_connect_new_asoc+0x270/0x6b0 [ 542.869181][T11834] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 542.869205][T11834] ? __ipv6_addr_type+0x14d/0x2f0 [ 542.869231][T11834] ? sctp_inet6_send_verify+0x6e/0x300 [ 542.869256][T11834] ? sctp_endpoint_lookup_assoc+0xd1/0x260 [ 542.869283][T11834] __sctp_connect+0x5cb/0xdc0 [ 542.869315][T11834] ? __pfx___sctp_connect+0x10/0x10 [ 542.869337][T11834] ? security_sctp_bind_connect+0x7e/0x2c0 [ 542.869369][T11834] ? __sctp_setsockopt_connectx+0xc7/0x190 [ 542.869398][T11834] sctp_getsockopt_connectx3+0x227/0x360 [ 542.869425][T11834] ? lock_sock_nested+0x6a/0x100 [ 542.869451][T11834] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 542.869490][T11834] ? __local_bh_enable_ip+0xd0/0x130 [ 542.869517][T11834] sctp_getsockopt+0x984/0xb90 [ 542.869538][T11834] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 542.869567][T11834] do_sock_getsockopt+0x2d3/0x3f0 [ 542.869592][T11834] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 542.869616][T11834] ? __fget_files+0x3a0/0x420 [ 542.869638][T11834] ? __fget_files+0x2a/0x420 [ 542.869667][T11834] __x64_sys_getsockopt+0x1a4/0x240 [ 542.869698][T11834] do_syscall_64+0xe2/0xf80 [ 542.869728][T11834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.869748][T11834] ? trace_irq_disable+0x37/0x100 [ 542.869781][T11834] ? clear_bhb_loop+0x40/0x90 [ 542.869805][T11834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.869825][T11834] RIP: 0033:0x7f0f5d19acb9 [ 542.869845][T11834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.869863][T11834] RSP: 002b:00007f0f5df72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 542.869886][T11834] RAX: ffffffffffffffda RBX: 00007f0f5d415fa0 RCX: 00007f0f5d19acb9 [ 542.869901][T11834] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 542.869913][T11834] RBP: 00007f0f5df72090 R08: 0000200000000080 R09: 0000000000000000 [ 542.869926][T11834] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 542.869939][T11834] R13: 00007f0f5d416038 R14: 00007f0f5d415fa0 R15: 00007ffd17383a38 [ 542.869971][T11834] [ 543.158065][ T5879] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 543.198808][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 543.219620][ T5879] usb 4-1: no configurations [ 543.225971][ T5879] usb 4-1: can't read configurations, error -22 [ 543.238123][T11840] FAULT_INJECTION: forcing a failure. [ 543.238123][T11840] name failslab, interval 1, probability 0, space 0, times 0 [ 543.253690][ T5879] usb usb4-port1: unable to enumerate USB device [ 543.266152][T11840] CPU: 1 UID: 0 PID: 11840 Comm: syz.2.2332 Not tainted syzkaller #0 PREEMPT(full) [ 543.266182][T11840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 543.266194][T11840] Call Trace: [ 543.266204][T11840] [ 543.266213][T11840] dump_stack_lvl+0xe8/0x150 [ 543.266248][T11840] should_fail_ex+0x412/0x560 [ 543.266279][T11840] should_failslab+0xa8/0x100 [ 543.266311][T11840] __kmalloc_noprof+0xe8/0x760 [ 543.266339][T11840] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 543.266370][T11840] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 543.266401][T11840] genl_family_rcv_msg_doit+0xd9/0x330 [ 543.266432][T11840] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 543.266465][T11840] ? apparmor_capable+0x137/0x1a0 [ 543.266491][T11840] ? bpf_lsm_capable+0x9/0x20 [ 543.266523][T11840] ? security_capable+0x7e/0x2c0 [ 543.266560][T11840] genl_rcv_msg+0x61c/0x7a0 [ 543.266590][T11840] ? __pfx_genl_rcv_msg+0x10/0x10 [ 543.266611][T11840] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 543.266634][T11840] ? __pfx_nl80211_authenticate+0x10/0x10 [ 543.266661][T11840] ? __pfx_nl80211_post_doit+0x10/0x10 [ 543.266686][T11840] ? __x64_sys_sendmsg+0x1bd/0x2a0 [ 543.266707][T11840] ? do_syscall_64+0xe2/0xf80 [ 543.266733][T11840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.266763][T11840] netlink_rcv_skb+0x232/0x4b0 [ 543.266793][T11840] ? __pfx_genl_rcv_msg+0x10/0x10 [ 543.266817][T11840] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 543.266850][T11840] ? genl_rcv+0x19/0x40 [ 543.266890][T11840] ? down_read+0x272/0x2e0 [ 543.266908][T11840] ? genl_rcv+0xd/0x40 [ 543.266932][T11840] genl_rcv+0x28/0x40 [ 543.266952][T11840] netlink_unicast+0x80f/0x9b0 [ 543.266988][T11840] ? __pfx_netlink_unicast+0x10/0x10 [ 543.267017][T11840] ? netlink_sendmsg+0x650/0xb40 [ 543.267043][T11840] ? skb_put+0x11b/0x210 [ 543.267067][T11840] netlink_sendmsg+0x813/0xb40 [ 543.267106][T11840] ? __pfx_netlink_sendmsg+0x10/0x10 [ 543.267137][T11840] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 543.267169][T11840] ? __pfx_netlink_sendmsg+0x10/0x10 [ 543.267196][T11840] sock_sendmsg_nosec+0x18f/0x1d0 [ 543.267226][T11840] ____sys_sendmsg+0x589/0x8c0 [ 543.267248][T11840] ? __might_fault+0xaf/0x130 [ 543.267280][T11840] ? __pfx_____sys_sendmsg+0x10/0x10 [ 543.267312][T11840] ? import_iovec+0x73/0xa0 [ 543.267347][T11840] ___sys_sendmsg+0x2a5/0x360 [ 543.267368][T11840] ? __lock_acquire+0x6b5/0x2cf0 [ 543.267396][T11840] ? __pfx____sys_sendmsg+0x10/0x10 [ 543.267458][T11840] ? __fget_files+0x2a/0x420 [ 543.267481][T11840] ? __fget_files+0x3a0/0x420 [ 543.267524][T11840] __x64_sys_sendmsg+0x1bd/0x2a0 [ 543.267550][T11840] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 543.267584][T11840] ? __pfx_ksys_write+0x10/0x10 [ 543.267623][T11840] do_syscall_64+0xe2/0xf80 [ 543.267652][T11840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.267672][T11840] ? trace_irq_disable+0x37/0x100 [ 543.267696][T11840] ? clear_bhb_loop+0x40/0x90 [ 543.267721][T11840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.267741][T11840] RIP: 0033:0x7f0f5d19acb9 [ 543.267761][T11840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 543.267779][T11840] RSP: 002b:00007f0f5df72028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 543.267810][T11840] RAX: ffffffffffffffda RBX: 00007f0f5d415fa0 RCX: 00007f0f5d19acb9 [ 543.267826][T11840] RDX: 0000000006008040 RSI: 0000200000000480 RDI: 0000000000000003 [ 543.267840][T11840] RBP: 00007f0f5df72090 R08: 0000000000000000 R09: 0000000000000000 [ 543.267852][T11840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.267865][T11840] R13: 00007f0f5d416038 R14: 00007f0f5d415fa0 R15: 00007ffd17383a38 [ 543.267899][T11840] [ 543.745175][T11845] netlink: 'syz.2.2334': attribute type 1 has an invalid length. [ 543.754734][T11845] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2334'. [ 543.840829][T11850] kvm: user requested TSC rate below hardware speed [ 544.232733][T11856] FAULT_INJECTION: forcing a failure. [ 544.232733][T11856] name failslab, interval 1, probability 0, space 0, times 0 [ 544.246694][T11856] CPU: 0 UID: 0 PID: 11856 Comm: syz.0.2339 Not tainted syzkaller #0 PREEMPT(full) [ 544.246722][T11856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 544.246735][T11856] Call Trace: [ 544.246743][T11856] [ 544.246753][T11856] dump_stack_lvl+0xe8/0x150 [ 544.246786][T11856] should_fail_ex+0x412/0x560 [ 544.246817][T11856] should_failslab+0xa8/0x100 [ 544.246850][T11856] __kmalloc_noprof+0xe8/0x760 [ 544.246879][T11856] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 544.246911][T11856] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 544.246943][T11856] genl_family_rcv_msg_doit+0xd9/0x330 [ 544.246974][T11856] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 544.247006][T11856] ? apparmor_capable+0x137/0x1a0 [ 544.247033][T11856] ? bpf_lsm_capable+0x9/0x20 [ 544.247054][T11856] ? security_capable+0x7e/0x2c0 [ 544.247091][T11856] genl_rcv_msg+0x61c/0x7a0 [ 544.247122][T11856] ? __pfx_genl_rcv_msg+0x10/0x10 [ 544.247142][T11856] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 544.247164][T11856] ? __pfx_nl80211_remove_link+0x10/0x10 [ 544.247187][T11856] ? __pfx_nl80211_post_doit+0x10/0x10 [ 544.247212][T11856] ? __x64_sys_sendmsg+0x1bd/0x2a0 [ 544.247233][T11856] ? do_syscall_64+0xe2/0xf80 [ 544.247260][T11856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.247291][T11856] netlink_rcv_skb+0x232/0x4b0 [ 544.247321][T11856] ? __pfx_genl_rcv_msg+0x10/0x10 [ 544.247345][T11856] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 544.247371][T11856] ? genl_rcv+0x19/0x40 [ 544.247409][T11856] ? down_read+0x272/0x2e0 [ 544.247429][T11856] ? genl_rcv+0xd/0x40 [ 544.247453][T11856] genl_rcv+0x28/0x40 [ 544.247474][T11856] netlink_unicast+0x80f/0x9b0 [ 544.247510][T11856] ? __pfx_netlink_unicast+0x10/0x10 [ 544.247539][T11856] ? netlink_sendmsg+0x650/0xb40 [ 544.247567][T11856] ? skb_put+0x11b/0x210 [ 544.247591][T11856] netlink_sendmsg+0x813/0xb40 [ 544.247631][T11856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.247671][T11856] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 544.247704][T11856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.247731][T11856] sock_sendmsg_nosec+0x18f/0x1d0 [ 544.247761][T11856] ____sys_sendmsg+0x589/0x8c0 [ 544.247782][T11856] ? __might_fault+0xaf/0x130 [ 544.247815][T11856] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.247847][T11856] ? import_iovec+0x73/0xa0 [ 544.247881][T11856] ___sys_sendmsg+0x2a5/0x360 [ 544.247901][T11856] ? __lock_acquire+0x6b5/0x2cf0 [ 544.247929][T11856] ? __pfx____sys_sendmsg+0x10/0x10 [ 544.247990][T11856] ? __fget_files+0x2a/0x420 [ 544.248011][T11856] ? __fget_files+0x3a0/0x420 [ 544.248043][T11856] __x64_sys_sendmsg+0x1bd/0x2a0 [ 544.248067][T11856] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 544.248100][T11856] ? __pfx_ksys_write+0x10/0x10 [ 544.248138][T11856] do_syscall_64+0xe2/0xf80 [ 544.248164][T11856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.248183][T11856] ? trace_irq_disable+0x37/0x100 [ 544.248208][T11856] ? clear_bhb_loop+0x40/0x90 [ 544.248230][T11856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.248248][T11856] RIP: 0033:0x7f3bfdb9acb9 [ 544.248267][T11856] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 544.248283][T11856] RSP: 002b:00007f3bfeac1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 544.248303][T11856] RAX: ffffffffffffffda RBX: 00007f3bfde15fa0 RCX: 00007f3bfdb9acb9 [ 544.248316][T11856] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 544.248329][T11856] RBP: 00007f3bfeac1090 R08: 0000000000000000 R09: 0000000000000000 [ 544.248341][T11856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.248353][T11856] R13: 00007f3bfde16038 R14: 00007f3bfde15fa0 R15: 00007ffda58c7e28 [ 544.248387][T11856] [ 544.622637][ T5150] Bluetooth: hci4: command tx timeout [ 544.787824][T11866] ubi: mtd0 is already attached to ubi31 [ 544.876062][ T5879] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 545.027970][ T5879] usb 2-1: config 0 has an invalid interface number: 96 but max is 0 [ 545.037004][ T5879] usb 2-1: config 0 has no interface number 0 [ 545.043136][ T5879] usb 2-1: config 0 interface 96 has no altsetting 0 [ 545.068254][ T5879] usb 2-1: New USB device found, idVendor=0b57, idProduct=2a8d, bcdDevice=33.74 [ 545.095992][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.114546][ T5879] usb 2-1: Product: syz [ 545.122131][ T5879] usb 2-1: Manufacturer: syz [ 545.135996][ T5879] usb 2-1: SerialNumber: syz [ 545.146018][ T5832] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 545.157753][ T5879] usb 2-1: config 0 descriptor?? [ 545.173860][ T5879] usbhid 2-1:0.96: couldn't find an input interrupt endpoint [ 545.185432][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 545.211062][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 545.219785][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 545.229518][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 545.242442][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 545.286231][ T5832] usb 1-1: device descriptor read/64, error -71 [ 545.379350][ T9] usb 2-1: USB disconnect, device number 24 [ 545.474432][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.500167][T11873] chnl_net:caif_netlink_parms(): no params data found [ 545.526316][ T5832] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 545.549846][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.625770][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.653937][T11873] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.662318][T11873] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.667299][ T5832] usb 1-1: device descriptor read/64, error -71 [ 545.669815][T11873] bridge_slave_0: entered allmulticast mode [ 545.683189][T11873] bridge_slave_0: entered promiscuous mode [ 545.701783][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.718853][T11873] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.726490][T11873] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.733779][T11873] bridge_slave_1: entered allmulticast mode [ 545.742366][T11873] bridge_slave_1: entered promiscuous mode [ 545.780097][T11873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 545.794964][T11873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 545.805235][ T5832] usb usb1-port1: attempt power cycle [ 545.851532][T11873] team0: Port device team_slave_0 added [ 545.861164][T11873] team0: Port device team_slave_1 added [ 545.947074][T11873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 545.966362][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 545.994191][T11873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 546.031489][T11873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 546.041580][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 546.068481][T11873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 546.084324][ T13] bridge_slave_1: left allmulticast mode [ 546.091576][ T13] bridge_slave_1: left promiscuous mode [ 546.098653][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.109590][ T13] bridge_slave_0: left allmulticast mode [ 546.115264][ T13] bridge_slave_0: left promiscuous mode [ 546.122001][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.146480][ T5832] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 546.167190][ T5832] usb 1-1: device descriptor read/8, error -71 [ 546.382355][ T13] ***** Releasing 0 refcount on 0000000000000000 [ 546.390718][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 546.402059][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 546.412699][ T5832] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 546.413876][ T13] bond0 (unregistering): Released all slaves [ 546.437678][ T5832] usb 1-1: device descriptor read/8, error -71 [ 546.543391][T11873] hsr_slave_0: entered promiscuous mode [ 546.556850][ T5832] usb usb1-port1: unable to enumerate USB device [ 546.559143][T11873] hsr_slave_1: entered promiscuous mode [ 546.580547][T11873] debugfs: 'hsr0' already exists in 'hsr' [ 546.600863][T11873] Cannot create hsr debugfs directory [ 547.316633][ T5150] Bluetooth: hci0: command tx timeout [ 547.626768][ T13] hsr_slave_0: left promiscuous mode [ 547.650765][ T13] hsr_slave_1: left promiscuous mode [ 547.699330][ T13] veth1_macvtap: left promiscuous mode [ 547.722712][ T13] veth0_macvtap: left promiscuous mode [ 547.735477][ T13] veth1_vlan: left promiscuous mode [ 547.750013][ T13] veth0_vlan: left promiscuous mode [ 547.953780][T11918] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 548.067047][ T5150] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 548.077563][ T5150] CPU: 1 UID: 0 PID: 5150 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 548.077592][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 548.077607][ T5150] Workqueue: hci3 hci_rx_work [ 548.077637][ T5150] Call Trace: [ 548.077646][ T5150] [ 548.077656][ T5150] dump_stack_lvl+0xe8/0x150 [ 548.077687][ T5150] sysfs_create_dir_ns+0x271/0x2a0 [ 548.077722][ T5150] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 548.077756][ T5150] ? do_raw_spin_unlock+0xf5/0x210 [ 548.077799][ T5150] kobject_add_internal+0x62b/0xd00 [ 548.077833][ T5150] kobject_add+0x163/0x240 [ 548.077862][ T5150] ? __pfx_kobject_add+0x10/0x10 [ 548.077886][ T5150] ? _raw_spin_unlock+0x28/0x50 [ 548.077917][ T5150] ? get_device_parent+0x366/0x3a0 [ 548.077945][ T5150] device_add+0x408/0xb70 [ 548.077972][ T5150] hci_conn_add_sysfs+0xd5/0x210 [ 548.077999][ T5150] le_conn_complete_evt+0xf1d/0x1430 [ 548.078041][ T5150] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 548.078065][ T5150] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 548.078087][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 548.078106][ T5150] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 548.078124][ T5150] ? skb_pull_data+0xfb/0x200 [ 548.078153][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 548.078190][ T5150] hci_event_packet+0x7af/0x12c0 [ 548.078219][ T5150] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 548.078247][ T5150] ? __pfx_hci_event_packet+0x10/0x10 [ 548.078273][ T5150] ? kcov_remote_start+0x49a/0x7a0 [ 548.078300][ T5150] ? hci_send_to_monitor+0xe2/0x590 [ 548.078332][ T5150] hci_rx_work+0x3ee/0x1030 [ 548.078368][ T5150] ? process_one_work+0x87c/0x15a0 [ 548.078404][ T5150] process_one_work+0x949/0x15a0 [ 548.078451][ T5150] ? __pfx_process_one_work+0x10/0x10 [ 548.078471][ T5150] ? do_raw_spin_lock+0x12b/0x2f0 [ 548.078520][ T5150] worker_thread+0xb46/0x1140 [ 548.078554][ T5150] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 548.078597][ T5150] kthread+0x388/0x470 [ 548.078626][ T5150] ? __pfx_worker_thread+0x10/0x10 [ 548.078645][ T5150] ? __pfx_kthread+0x10/0x10 [ 548.078673][ T5150] ret_from_fork+0x51b/0xa40 [ 548.078700][ T5150] ? __pfx_ret_from_fork+0x10/0x10 [ 548.078720][ T5150] ? __switch_to+0xc7d/0x1400 [ 548.078756][ T5150] ? __pfx_kthread+0x10/0x10 [ 548.078787][ T5150] ret_from_fork_asm+0x1a/0x30 [ 548.078833][ T5150] [ 548.078865][ T5150] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 548.326771][ T5150] Bluetooth: hci3: failed to register connection device [ 549.094650][ T5150] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 549.109857][ T5150] CPU: 1 UID: 0 PID: 5150 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 549.109887][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 549.109902][ T5150] Workqueue: hci1 hci_rx_work [ 549.109931][ T5150] Call Trace: [ 549.109939][ T5150] [ 549.109945][ T5150] dump_stack_lvl+0xe8/0x150 [ 549.109964][ T5150] sysfs_create_dir_ns+0x271/0x2a0 [ 549.109983][ T5150] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 549.110001][ T5150] ? do_raw_spin_unlock+0xf5/0x210 [ 549.110022][ T5150] kobject_add_internal+0x62b/0xd00 [ 549.110041][ T5150] kobject_add+0x163/0x240 [ 549.110057][ T5150] ? __pfx_kobject_add+0x10/0x10 [ 549.110070][ T5150] ? _raw_spin_unlock+0x28/0x50 [ 549.110088][ T5150] ? get_device_parent+0x366/0x3a0 [ 549.110103][ T5150] device_add+0x408/0xb70 [ 549.110118][ T5150] hci_conn_add_sysfs+0xd5/0x210 [ 549.110134][ T5150] le_conn_complete_evt+0xf1d/0x1430 [ 549.110157][ T5150] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 549.110171][ T5150] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 549.110185][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 549.110197][ T5150] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 549.110207][ T5150] ? skb_pull_data+0xfb/0x200 [ 549.110240][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 549.110261][ T5150] hci_event_packet+0x7af/0x12c0 [ 549.110279][ T5150] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 549.110295][ T5150] ? __pfx_hci_event_packet+0x10/0x10 [ 549.110312][ T5150] ? kcov_remote_start+0x49a/0x7a0 [ 549.110329][ T5150] ? hci_send_to_monitor+0xe2/0x590 [ 549.110348][ T5150] hci_rx_work+0x3ee/0x1030 [ 549.110379][ T5150] ? process_one_work+0x87c/0x15a0 [ 549.110392][ T5150] process_one_work+0x949/0x15a0 [ 549.110418][ T5150] ? __pfx_process_one_work+0x10/0x10 [ 549.110430][ T5150] ? do_raw_spin_lock+0x12b/0x2f0 [ 549.110456][ T5150] worker_thread+0xb46/0x1140 [ 549.110475][ T5150] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 549.110500][ T5150] kthread+0x388/0x470 [ 549.110517][ T5150] ? __pfx_worker_thread+0x10/0x10 [ 549.110529][ T5150] ? __pfx_kthread+0x10/0x10 [ 549.110546][ T5150] ret_from_fork+0x51b/0xa40 [ 549.110562][ T5150] ? __pfx_ret_from_fork+0x10/0x10 [ 549.110574][ T5150] ? __switch_to+0xc7d/0x1400 [ 549.110595][ T5150] ? __pfx_kthread+0x10/0x10 [ 549.110614][ T5150] ret_from_fork_asm+0x1a/0x30 [ 549.110640][ T5150] [ 549.110663][ T5150] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 549.300469][T11872] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 549.306820][ T5150] Bluetooth: hci1: failed to register connection device [ 549.396372][ T51] Bluetooth: hci0: command tx timeout [ 549.446582][T11872] usb 3-1: device descriptor read/64, error -71 [ 549.686084][T11872] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 549.826130][T11872] usb 3-1: device descriptor read/64, error -71 [ 549.936443][T11872] usb usb3-port1: attempt power cycle [ 550.161809][T11963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2369'. [ 550.301898][T11872] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 550.349853][T11967] netlink: 'syz.1.2370': attribute type 2 has an invalid length. [ 550.357488][T11872] usb 3-1: device descriptor read/8, error -71 [ 550.507384][T11972] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2372'. [ 550.596238][T11872] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 550.633588][T11873] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 550.642292][T11872] usb 3-1: device descriptor read/8, error -71 [ 550.670291][T11873] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 550.717597][T11873] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 550.748774][T11873] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 550.759913][T11872] usb usb3-port1: unable to enumerate USB device [ 551.000559][T11873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 551.056603][ T29] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 551.059214][T11873] 8021q: adding VLAN 0 to HW filter on device team0 [ 551.089963][ T5999] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.097265][ T5999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 551.131708][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.139094][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 551.246650][ T29] usb 1-1: Using ep0 maxpacket: 32 [ 551.254583][ T29] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 551.283324][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 8196, setting to 1024 [ 551.303142][ T29] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 1024 [ 551.316090][ T29] usb 1-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 551.335529][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.358936][ T29] usb 1-1: config 0 descriptor?? [ 551.365142][T11992] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 551.486395][ T51] Bluetooth: hci0: command tx timeout [ 551.608485][ T29] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 551.641729][ T29] usb 1-1: USB disconnect, device number 42 [ 551.720678][T11873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 551.756398][T12013] comedi comedi0: Minor 3 could not be opened [ 551.852955][T11873] veth0_vlan: entered promiscuous mode [ 551.882571][T11873] veth1_vlan: entered promiscuous mode [ 551.985200][T11873] veth0_macvtap: entered promiscuous mode [ 552.085581][T11873] veth1_macvtap: entered promiscuous mode [ 552.243669][T11873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 552.272801][T11873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 552.343799][ T3018] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.377466][ T3018] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.388204][ T3018] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.419691][ T3018] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.440871][T12034] N$: renamed from veth0_macvtap (while UP) [ 552.677132][ T3467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 552.707552][ T3467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 552.749463][T12041] FAULT_INJECTION: forcing a failure. [ 552.749463][T12041] name failslab, interval 1, probability 0, space 0, times 0 [ 552.758112][ T3467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 552.773417][ T3467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 552.786048][T12041] CPU: 1 UID: 0 PID: 12041 Comm: syz.1.2387 Not tainted syzkaller #0 PREEMPT(full) [ 552.786077][T12041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 552.786089][T12041] Call Trace: [ 552.786098][T12041] [ 552.786108][T12041] dump_stack_lvl+0xe8/0x150 [ 552.786141][T12041] should_fail_ex+0x412/0x560 [ 552.786172][T12041] should_failslab+0xa8/0x100 [ 552.786204][T12041] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 552.786234][T12041] ? __alloc_skb+0x1d0/0x7d0 [ 552.786262][T12041] ? __local_bh_enable_ip+0xd0/0x130 [ 552.786290][T12041] __alloc_skb+0x1d0/0x7d0 [ 552.786318][T12041] ? netlink_ack_tlv_len+0x6c/0x210 [ 552.786351][T12041] netlink_ack+0x146/0xa50 [ 552.786375][T12041] ? __pfx_genl_rcv_msg+0x10/0x10 [ 552.786456][T12041] netlink_rcv_skb+0x2b6/0x4b0 [ 552.786486][T12041] ? __pfx_genl_rcv_msg+0x10/0x10 [ 552.786509][T12041] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 552.786534][T12041] ? genl_rcv+0x19/0x40 [ 552.786574][T12041] ? down_read+0x272/0x2e0 [ 552.786593][T12041] ? genl_rcv+0xd/0x40 [ 552.786615][T12041] genl_rcv+0x28/0x40 [ 552.786635][T12041] netlink_unicast+0x80f/0x9b0 [ 552.786670][T12041] ? __pfx_netlink_unicast+0x10/0x10 [ 552.786698][T12041] ? netlink_sendmsg+0x650/0xb40 [ 552.786724][T12041] ? skb_put+0x11b/0x210 [ 552.786748][T12041] netlink_sendmsg+0x813/0xb40 [ 552.786788][T12041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.786818][T12041] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 552.786849][T12041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.786875][T12041] sock_sendmsg_nosec+0x18f/0x1d0 [ 552.786906][T12041] ____sys_sendmsg+0x589/0x8c0 [ 552.786928][T12041] ? __might_fault+0xaf/0x130 [ 552.786960][T12041] ? __pfx_____sys_sendmsg+0x10/0x10 [ 552.786991][T12041] ? import_iovec+0x73/0xa0 [ 552.787022][T12041] ___sys_sendmsg+0x2a5/0x360 [ 552.787043][T12041] ? __lock_acquire+0x6b5/0x2cf0 [ 552.787074][T12041] ? __pfx____sys_sendmsg+0x10/0x10 [ 552.787132][T12041] ? __fget_files+0x2a/0x420 [ 552.787153][T12041] ? __fget_files+0x3a0/0x420 [ 552.787185][T12041] __x64_sys_sendmsg+0x1bd/0x2a0 [ 552.787210][T12041] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 552.787239][T12041] ? __pfx_ksys_write+0x10/0x10 [ 552.787275][T12041] do_syscall_64+0xe2/0xf80 [ 552.787302][T12041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.787322][T12041] ? trace_irq_disable+0x37/0x100 [ 552.787346][T12041] ? clear_bhb_loop+0x40/0x90 [ 552.787371][T12041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.787392][T12041] RIP: 0033:0x7f58cc79acb9 [ 552.787424][T12041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 552.787441][T12041] RSP: 002b:00007f58cd684028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 552.787464][T12041] RAX: ffffffffffffffda RBX: 00007f58cca15fa0 RCX: 00007f58cc79acb9 [ 552.787479][T12041] RDX: 0000000000000080 RSI: 00002000000010c0 RDI: 0000000000000004 [ 552.787492][T12041] RBP: 00007f58cd684090 R08: 0000000000000000 R09: 0000000000000000 [ 552.787505][T12041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.787517][T12041] R13: 00007f58cca16038 R14: 00007f58cca15fa0 R15: 00007ffea9e43678 [ 552.787551][T12041] [ 553.261119][T12045] netlink: 'syz.3.2345': attribute type 1 has an invalid length. [ 553.271781][T12045] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2345'. [ 553.405995][ T5964] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 553.454986][T12055] FAULT_INJECTION: forcing a failure. [ 553.454986][T12055] name failslab, interval 1, probability 0, space 0, times 0 [ 553.472517][T12055] CPU: 0 UID: 0 PID: 12055 Comm: syz.3.2393 Not tainted syzkaller #0 PREEMPT(full) [ 553.472557][T12055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 553.472569][T12055] Call Trace: [ 553.472578][T12055] [ 553.472587][T12055] dump_stack_lvl+0xe8/0x150 [ 553.472621][T12055] should_fail_ex+0x412/0x560 [ 553.472654][T12055] should_failslab+0xa8/0x100 [ 553.472687][T12055] __kmalloc_noprof+0xe8/0x760 [ 553.472715][T12055] ? __raw_spin_lock_init+0x45/0x100 [ 553.472743][T12055] ? comedi_alloc_subdev_readback+0x6b/0x150 [ 553.472776][T12055] comedi_alloc_subdev_readback+0x6b/0x150 [ 553.472806][T12055] multiq3_attach+0x291/0xa00 [ 553.472839][T12055] comedi_device_attach+0x51f/0x720 [ 553.472877][T12055] comedi_unlocked_ioctl+0x8ef/0x1af0 [ 553.472920][T12055] ? kasan_quarantine_put+0xbb/0x1f0 [ 553.472946][T12055] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 553.472989][T12055] ? do_vfs_ioctl+0x1166/0x1530 [ 553.473021][T12055] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 553.473065][T12055] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 553.473109][T12055] ? __fget_files+0x2a/0x420 [ 553.473135][T12055] ? __fget_files+0x2a/0x420 [ 553.473156][T12055] ? __fget_files+0x3a0/0x420 [ 553.473178][T12055] ? __fget_files+0x2a/0x420 [ 553.473205][T12055] ? bpf_lsm_file_ioctl+0x9/0x20 [ 553.473225][T12055] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 553.473250][T12055] __se_sys_ioctl+0xfc/0x170 [ 553.473281][T12055] do_syscall_64+0xe2/0xf80 [ 553.473309][T12055] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.473329][T12055] ? trace_irq_disable+0x37/0x100 [ 553.473352][T12055] ? clear_bhb_loop+0x40/0x90 [ 553.473378][T12055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.473398][T12055] RIP: 0033:0x7f08e3b9acb9 [ 553.473418][T12055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 553.473435][T12055] RSP: 002b:00007f08e4a78028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 553.473458][T12055] RAX: ffffffffffffffda RBX: 00007f08e3e15fa0 RCX: 00007f08e3b9acb9 [ 553.473473][T12055] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 553.473486][T12055] RBP: 00007f08e4a78090 R08: 0000000000000000 R09: 0000000000000000 [ 553.473499][T12055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.473511][T12055] R13: 00007f08e3e16038 R14: 00007f08e3e15fa0 R15: 00007ffef52b64a8 [ 553.473554][T12055] [ 553.586309][ T51] Bluetooth: hci0: command tx timeout [ 553.646104][T12038] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 553.760123][T12060] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2395'. [ 553.760789][ T5964] usb 2-1: config 0 has no interfaces? [ 553.774897][T12060] comedi comedi1: c6xdigio: I/O port conflict (0x2,3) [ 553.787823][ T5964] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 553.798524][ T5964] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 553.810374][ T5964] usb 2-1: Manufacturer: syz [ 553.841333][ T5964] usb 2-1: config 0 descriptor?? [ 553.888086][T12038] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.898600][T12038] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 553.916551][T12038] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 553.937668][T12038] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.958781][T12038] usb 3-1: config 0 descriptor?? [ 553.979451][T12066] netlink: 'syz.0.2398': attribute type 1 has an invalid length. [ 553.996386][T12066] netlink: 'syz.0.2398': attribute type 2 has an invalid length. [ 554.004646][T12066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2398'. [ 554.066200][T12038] usb 2-1: USB disconnect, device number 25 [ 554.436072][T12038] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 554.436270][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 554.606382][T12038] usb 1-1: Using ep0 maxpacket: 16 [ 554.613962][T12038] usb 1-1: config index 0 descriptor too short (expected 65315, got 36) [ 554.637033][T12038] usb 1-1: config 0 has too many interfaces: 239, using maximum allowed: 32 [ 554.648703][T12038] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 239 [ 554.664536][T12038] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 554.687547][T12038] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 554.697557][T12038] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 554.707124][T12038] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.718791][T12038] usb 1-1: config 0 descriptor?? [ 554.741222][T12086] netlink: 'syz.1.2405': attribute type 10 has an invalid length. [ 554.752972][T12086] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2405'. [ 554.811916][T12088] tmpfs: Bad value for 'mpol' [ 555.039528][T12093] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2408'. [ 555.096054][ T29] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 555.132996][T12038] hid_parser_main: 150 callbacks suppressed [ 555.133024][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.152567][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.164782][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.172099][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.179652][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.189924][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.197599][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.205190][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.212677][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.220183][T12038] logitech 0003:046D:C29C.0040: unknown main item tag 0x0 [ 555.226880][ T29] usb 2-1: device descriptor read/64, error -71 [ 555.251469][T12038] logitech 0003:046D:C29C.0040: hidraw0: USB HID v0.01 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0 [ 555.352880][T12038] logitech 0003:046D:C29C.0040: no inputs found [ 555.399345][T12038] usb 1-1: USB disconnect, device number 43 [ 555.486005][ T29] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 555.622511][T12101] comedi comedi0: Minor 47 could not be opened [ 555.628999][ T29] usb 2-1: device descriptor read/64, error -71 [ 555.736357][ T29] usb usb2-port1: attempt power cycle [ 555.906046][ T5964] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 556.048217][T12110] tipc: Enabling of bearer rejected, failed to enable media [ 556.071928][ T5964] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 556.081884][ T5964] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.086045][ T29] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 556.090365][ T5964] usb 4-1: Product: syz [ 556.103075][ T5964] usb 4-1: Manufacturer: syz [ 556.109242][ T5964] usb 4-1: SerialNumber: syz [ 556.116847][ T29] usb 2-1: device descriptor read/8, error -71 [ 556.127169][ T5964] usb 4-1: config 0 descriptor?? [ 556.328063][ T5832] usb 3-1: USB disconnect, device number 83 [ 556.358203][ T29] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 556.378091][T12038] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 556.396732][ T29] usb 2-1: device descriptor read/8, error -71 [ 556.455020][ T5964] usb-storage 4-1:0.0: USB Mass Storage device detected [ 556.508009][ T29] usb usb2-port1: unable to enumerate USB device [ 556.529501][ T5964] usb 4-1: USB disconnect, device number 82 [ 556.542982][T12038] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.558720][T12038] usb 1-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 556.576329][T12038] usb 1-1: config 0 interface 0 has no altsetting 0 [ 556.583512][T12038] usb 1-1: New USB device found, idVendor=057e, idProduct=2017, bcdDevice= 0.00 [ 556.594338][T12038] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.621551][T12038] usb 1-1: config 0 descriptor?? [ 556.833094][T12110] : renamed from bridge_slave_1 (while UP) [ 557.075129][T12038] nintendo 0003:057E:2017.0041: hidraw0: USB HID v80.00 Device [HID 057e:2017] on usb-dummy_hcd.0-1/input0 [ 557.162055][T12038] nintendo 0003:057E:2017.0041: Failed to get joycon info; ret=-38 [ 557.186130][T12038] nintendo 0003:057E:2017.0041: Failed to retrieve controller info; ret=-38 [ 557.195194][T12038] nintendo 0003:057E:2017.0041: Failed to initialize controller; ret=-38 [ 557.221020][T12038] nintendo 0003:057E:2017.0041: probe - fail = -38 [ 557.228657][T12038] nintendo 0003:057E:2017.0041: probe with driver nintendo failed with error -38 [ 557.268382][ T5879] usb 1-1: USB disconnect, device number 44 [ 557.556813][ T5832] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 557.726200][ T5832] usb 4-1: Using ep0 maxpacket: 32 [ 557.726778][T12038] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 557.735023][ T5832] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 557.749923][ T5832] usb 4-1: config 0 has no interface number 0 [ 557.756360][ T5832] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 557.768608][ T5832] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 557.778035][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.786453][ T5832] usb 4-1: Product: syz [ 557.790648][ T5832] usb 4-1: Manufacturer: syz [ 557.795272][ T5832] usb 4-1: SerialNumber: syz [ 557.803962][ T5832] usb 4-1: config 0 descriptor?? [ 557.817894][T12138] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 557.909932][T12038] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 557.937289][T12038] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 557.956689][T12038] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 557.978494][T12038] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.994043][T12038] usb 3-1: config 0 descriptor?? [ 558.062836][T12138] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 558.173978][ T3467] bridge_slave_1: left allmulticast mode [ 558.194256][ T3467] bridge_slave_1: left promiscuous mode [ 558.195160][ T5150] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 558.211183][ T3467] bridge0: port 2(bridge_slave_1) entered disabled state [ 558.224951][ T3467] bridge_slave_0: left allmulticast mode [ 558.229561][ T5150] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 558.236189][ T3467] bridge_slave_0: left promiscuous mode [ 558.240329][ T5150] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 558.252758][ T5150] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 558.263857][ T5150] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 558.285791][ T3467] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.299924][ T5832] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 558.311521][ T5832] asix 4-1:0.188: probe with driver asix failed with error -61 [ 559.021184][T12158] FAULT_INJECTION: forcing a failure. [ 559.021184][T12158] name failslab, interval 1, probability 0, space 0, times 0 [ 559.036473][T12158] CPU: 1 UID: 0 PID: 12158 Comm: syz.1.2430 Not tainted syzkaller #0 PREEMPT(full) [ 559.036512][T12158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 559.036523][T12158] Call Trace: [ 559.036531][T12158] [ 559.036540][T12158] dump_stack_lvl+0xe8/0x150 [ 559.036570][T12158] should_fail_ex+0x412/0x560 [ 559.036601][T12158] should_failslab+0xa8/0x100 [ 559.036630][T12158] __kmalloc_noprof+0xe8/0x760 [ 559.036658][T12158] ? alloc_pipe_info+0x1fc/0x4d0 [ 559.036683][T12158] ? __kmalloc_cache_noprof+0x15b/0x660 [ 559.036713][T12158] alloc_pipe_info+0x1fc/0x4d0 [ 559.036742][T12158] splice_direct_to_actor+0xa08/0xc70 [ 559.036772][T12158] ? kstrtouint+0x6e/0xe0 [ 559.036799][T12158] ? __pfx_direct_splice_actor+0x10/0x10 [ 559.036822][T12158] ? __pfx_aa_file_perm+0x10/0x10 [ 559.036845][T12158] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 559.036876][T12158] do_splice_direct+0x195/0x290 [ 559.036901][T12158] ? __pfx_do_splice_direct+0x10/0x10 [ 559.036924][T12158] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 559.036951][T12158] ? rw_verify_area+0x255/0x4d0 [ 559.036979][T12158] do_sendfile+0x535/0x7d0 [ 559.037007][T12158] ? __pfx_do_sendfile+0x10/0x10 [ 559.037039][T12158] __se_sys_sendfile64+0xdf/0x1a0 [ 559.037061][T12158] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 559.037092][T12158] do_syscall_64+0xe2/0xf80 [ 559.037120][T12158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.037140][T12158] ? clear_bhb_loop+0x40/0x90 [ 559.037164][T12158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.037183][T12158] RIP: 0033:0x7f58cc79acb9 [ 559.037202][T12158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.037218][T12158] RSP: 002b:00007f58cd684028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 559.037238][T12158] RAX: ffffffffffffffda RBX: 00007f58cca15fa0 RCX: 00007f58cc79acb9 [ 559.037252][T12158] RDX: 00002000000000c0 RSI: 0000000000000004 RDI: 0000000000000005 [ 559.037263][T12158] RBP: 00007f58cd684090 R08: 0000000000000000 R09: 0000000000000000 [ 559.037275][T12158] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 559.037286][T12158] R13: 00007f58cca16038 R14: 00007f58cca15fa0 R15: 00007ffea9e43678 [ 559.037315][T12158] [ 559.148243][T12145] chnl_net:caif_netlink_parms(): no params data found [ 559.459641][T12145] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.468493][T12145] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.475718][T12145] bridge_slave_0: entered allmulticast mode [ 559.486486][T12145] bridge_slave_0: entered promiscuous mode [ 559.500038][T12145] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.507770][T12145] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.515310][T12145] bridge_slave_1: entered allmulticast mode [ 559.523605][T12145] bridge_slave_1: entered promiscuous mode [ 559.576534][T12145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.590944][T12145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 559.616230][ T5964] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 559.642782][ T3467] hsr_slave_0: left promiscuous mode [ 559.648938][ T3467] hsr_slave_1: left promiscuous mode [ 559.664642][ T3467] veth1_macvtap: left promiscuous mode [ 559.670401][ T3467] veth0_macvtap: left promiscuous mode [ 559.677205][ T3467] veth1_vlan: left promiscuous mode [ 559.682605][ T3467] veth0_vlan: left promiscuous mode [ 559.792655][ T5964] usb 2-1: config 0 has no interfaces? [ 559.803415][ T5964] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 559.814004][ T5964] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 559.831663][ T5964] usb 2-1: Manufacturer: syz [ 559.862036][ T5964] usb 2-1: config 0 descriptor?? [ 560.086720][ T5832] usb 2-1: USB disconnect, device number 30 [ 560.214965][ T3467] team0 (unregistering): Port device team_slave_1 removed [ 560.255194][ T3467] team0 (unregistering): Port device team_slave_0 removed [ 560.343695][ T5832] usb 4-1: USB disconnect, device number 83 [ 560.356633][ T51] Bluetooth: hci2: command tx timeout [ 560.513278][ T5879] usb 3-1: USB disconnect, device number 84 [ 560.875065][T12145] team0: Port device team_slave_0 added [ 560.875808][T12182] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 560.897883][T12145] team0: Port device team_slave_1 added [ 561.002103][T12145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 561.015108][T12145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 561.046169][T12145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.060130][T12145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.067553][T12145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 561.103451][T12145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.138582][T12185] tmpfs: Unknown parameter 'usr|Lqu)ako~kWИy"cd3 czϗyC״/ޮ 9şY˼' [ 561.249408][T12145] hsr_slave_0: entered promiscuous mode [ 561.258065][T12145] hsr_slave_1: entered promiscuous mode [ 561.265860][T12145] debugfs: 'hsr0' already exists in 'hsr' [ 561.274525][T12145] Cannot create hsr debugfs directory [ 561.400263][T12189] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 561.426763][ T5879] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 561.568427][ T3467] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.596686][ T5879] usb 4-1: Using ep0 maxpacket: 32 [ 561.604103][ T5879] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 561.614403][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.626018][ T5879] usb 4-1: config 0 descriptor?? [ 561.648695][ T3467] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.696188][ T29] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 561.732477][ T3467] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.776087][ T1216] usb 3-1: new full-speed USB device number 85 using dummy_hcd [ 561.827654][ T3467] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.849203][T12185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 561.850699][ T29] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 561.859693][T12185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 561.872693][ T29] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 561.885249][ T29] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 561.895324][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.926894][ T29] usb 2-1: config 0 descriptor?? [ 561.929208][ T1216] usb 3-1: too many configurations: 234, using maximum allowed: 8 [ 561.961385][ T1216] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 561.974635][ T1216] usb 3-1: can't read configurations, error -61 [ 562.028060][ T3467] : left allmulticast mode [ 562.033135][ T3467] : left promiscuous mode [ 562.039874][ T3467] bridge0: port 2() entered disabled state [ 562.050317][ T3467] bridge_slave_0: left allmulticast mode [ 562.056975][ T3467] bridge_slave_0: left promiscuous mode [ 562.062937][ T3467] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.112299][ T5879] usb 4-1: string descriptor 0 read error: -71 [ 562.125042][ T5879] as10x_usb: device has been detected [ 562.131515][ T1216] usb 3-1: new full-speed USB device number 86 using dummy_hcd [ 562.151760][ T5879] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 562.176584][ T5879] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 562.243252][ T5879] as10x_usb: error during firmware upload part1 [ 562.253495][ T5879] Registered device nBox DVB-T Dongle [ 562.259081][ T5879] usb 4-1: USB disconnect, device number 84 [ 562.276926][ T1216] usb 3-1: too many configurations: 234, using maximum allowed: 8 [ 562.298104][ T5879] Unregistered device nBox DVB-T Dongle [ 562.301214][ T1216] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 562.302587][ T5879] as10x_usb: device has been disconnected [ 562.320787][ T1216] usb 3-1: can't read configurations, error -61 [ 562.338378][ T1216] usb usb3-port1: attempt power cycle [ 562.436003][ T51] Bluetooth: hci2: command tx timeout [ 562.465747][ T3467] ***** Releasing 0 refcount on 0000000000000000 [ 562.473808][ T3467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.487028][ T3467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.497621][ T3467] bond0 (unregistering): Released all slaves [ 562.566116][ T3467] tipc: Left network mode [ 562.686022][ T1216] usb 3-1: new full-speed USB device number 87 using dummy_hcd [ 562.719475][ T1216] usb 3-1: too many configurations: 234, using maximum allowed: 8 [ 562.749525][ T1216] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 562.773739][ T1216] usb 3-1: can't read configurations, error -61 [ 562.941647][ T1216] usb 3-1: new full-speed USB device number 88 using dummy_hcd [ 562.989133][ T1216] usb 3-1: too many configurations: 234, using maximum allowed: 8 [ 563.007902][ T1216] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 563.027912][ T1216] usb 3-1: can't read configurations, error -61 [ 563.039545][ T1216] usb usb3-port1: unable to enumerate USB device [ 563.245253][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.253337][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.360270][ T3467] hsr_slave_0: left promiscuous mode [ 563.371587][ T3467] hsr_slave_1: left promiscuous mode [ 563.420364][ T3467] veth1_macvtap: left promiscuous mode [ 563.437388][ T3467] veth0_macvtap: left promiscuous mode [ 563.456258][ T3467] veth1_vlan: left promiscuous mode [ 563.470855][ T3467] veth0_vlan: left promiscuous mode [ 564.423295][ T5879] usb 2-1: USB disconnect, device number 31 [ 564.516864][ T51] Bluetooth: hci2: command tx timeout [ 564.540242][T12226] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2448'. [ 564.775343][T12145] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 564.792578][T12145] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 564.804058][T12145] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 564.821315][T12145] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 564.978566][ T5879] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 565.081638][T12145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 565.142077][T12145] 8021q: adding VLAN 0 to HW filter on device team0 [ 565.157346][ T5879] usb 3-1: Using ep0 maxpacket: 8 [ 565.168023][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 565.188702][ T5879] usb 3-1: config 0 has no interfaces? [ 565.199949][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 565.211091][ T5879] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 565.211768][ T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) [ 565.211792][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 565.211804][ T51] Workqueue: hci4 hci_rx_work [ 565.211832][ T51] Call Trace: [ 565.211840][ T51] [ 565.211849][ T51] dump_stack_lvl+0xe8/0x150 [ 565.211877][ T51] sysfs_create_dir_ns+0x271/0x2a0 [ 565.211907][ T51] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 565.211936][ T51] ? do_raw_spin_unlock+0xf5/0x210 [ 565.211968][ T51] kobject_add_internal+0x62b/0xd00 [ 565.211998][ T51] kobject_add+0x163/0x240 [ 565.212024][ T51] ? __pfx_kobject_add+0x10/0x10 [ 565.212044][ T51] ? _raw_spin_unlock+0x28/0x50 [ 565.212072][ T51] ? get_device_parent+0x366/0x3a0 [ 565.212096][ T51] device_add+0x408/0xb70 [ 565.212119][ T51] hci_conn_add_sysfs+0xd5/0x210 [ 565.212144][ T51] le_conn_complete_evt+0xf1d/0x1430 [ 565.212179][ T51] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 565.212210][ T51] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 565.212231][ T51] ? __pfx___mutex_lock+0x10/0x10 [ 565.212249][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 565.212266][ T51] ? skb_pull_data+0xfb/0x200 [ 565.212293][ T51] hci_le_conn_complete_evt+0x187/0x470 [ 565.212325][ T51] hci_event_packet+0x7af/0x12c0 [ 565.212353][ T51] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 565.212377][ T51] ? __pfx_hci_event_packet+0x10/0x10 [ 565.212404][ T51] ? kcov_remote_start+0x49a/0x7a0 [ 565.212432][ T51] ? hci_send_to_monitor+0xe2/0x590 [ 565.212461][ T51] hci_rx_work+0x3ee/0x1030 [ 565.212493][ T51] ? process_one_work+0x87c/0x15a0 [ 565.212512][ T51] process_one_work+0x949/0x15a0 [ 565.212555][ T51] ? __pfx_process_one_work+0x10/0x10 [ 565.212573][ T51] ? do_raw_spin_lock+0x12b/0x2f0 [ 565.212615][ T51] worker_thread+0xb46/0x1140 [ 565.212663][ T51] kthread+0x388/0x470 [ 565.212687][ T51] ? __pfx_worker_thread+0x10/0x10 [ 565.212705][ T51] ? __pfx_kthread+0x10/0x10 [ 565.212731][ T51] ret_from_fork+0x51b/0xa40 [ 565.212756][ T51] ? __pfx_ret_from_fork+0x10/0x10 [ 565.212775][ T51] ? __switch_to+0xc7d/0x1400 [ 565.212808][ T51] ? __pfx_kthread+0x10/0x10 [ 565.212834][ T51] ret_from_fork_asm+0x1a/0x30 [ 565.212875][ T51] [ 565.212926][ T51] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 565.249825][ T3438] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.252323][ T51] Bluetooth: hci4: failed to register connection device [ 565.254506][ T3438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 565.487238][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.501384][ T5879] usb 3-1: config 0 descriptor?? [ 565.532188][ T3438] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.539605][ T3438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.735603][ T1216] usb 3-1: USB disconnect, device number 89 [ 566.132080][T12145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 566.286237][T12145] veth0_vlan: entered promiscuous mode [ 566.319115][T12145] veth1_vlan: entered promiscuous mode [ 566.376322][ T1216] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 566.400611][ T5150] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 566.414154][T12145] veth0_macvtap: entered promiscuous mode [ 566.428735][T12145] veth1_macvtap: entered promiscuous mode [ 566.457307][T12145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 566.481277][T12145] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 566.511673][ T153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.551963][ T1216] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.552838][ T153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.574883][ T1216] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 566.596455][ T51] Bluetooth: hci2: command tx timeout [ 566.616037][ T1216] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 566.638656][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.669151][ T1216] usb 4-1: config 0 descriptor?? [ 566.709732][ T153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.744246][ T153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.851792][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 566.866517][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 566.980579][ T3018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 567.005338][ T3018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 567.360731][ T1216] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 567.387911][ T51] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 567.513452][T12293] tipc: Started in network mode [ 567.518876][T12293] tipc: Node identity dad7d0ea2931, cluster identity 4711 [ 567.527310][T12293] tipc: Enabled bearer , priority 0 [ 567.548745][T12289] tipc: Resetting bearer [ 567.556050][ T1216] usb 1-1: Using ep0 maxpacket: 16 [ 567.564300][ T1216] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.579258][ T1216] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.591807][ T1216] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 567.601082][ T1216] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.616716][ T1216] usb 1-1: config 0 descriptor?? [ 568.039742][ T1216] apple 0003:05AC:024B.0042: unknown global tag 0xe [ 568.057016][ T1216] apple 0003:05AC:024B.0042: item 0 1 1 14 parsing failed [ 568.066495][ T1216] apple 0003:05AC:024B.0042: parse failed [ 568.072645][ T1216] apple 0003:05AC:024B.0042: probe with driver apple failed with error -22 [ 568.252700][ T1216] usb 1-1: USB disconnect, device number 45 [ 568.310816][T12295] binder: 12294:12295 unknown command 0 [ 568.317711][T12295] binder: 12294:12295 ioctl c0306201 200000000080 returned -22 [ 568.627968][ T1216] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 568.806109][ T1216] usb 3-1: Using ep0 maxpacket: 8 [ 568.829928][ T1216] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 568.846462][ T1216] usb 3-1: config 0 has no interfaces? [ 568.852211][ T1216] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 568.865459][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.877779][ T1216] usb 3-1: config 0 descriptor?? [ 568.962367][T12300] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2466'. [ 569.095131][T12277] usb 3-1: USB disconnect, device number 90 [ 569.127429][ T1216] usb 4-1: USB disconnect, device number 85 [ 569.601638][T12289] tipc: Disabling bearer [ 569.616709][ T29] tipc: Node number set to 4091990250 [ 569.829070][ T51] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 569.871102][T12316] binder: 12315:12316 unknown command 0 [ 569.879279][T12316] binder: 12315:12316 ioctl c0306201 200000000080 returned -22 [ 569.882316][T12318] binder: 12317:12318 unknown command 0 [ 569.891376][T12316] binder: 12315:12316 ioctl c0306201 0 returned -14 [ 569.895624][T12318] binder: 12317:12318 ioctl c0306201 200000000080 returned -22 [ 569.973417][T12321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2475'. [ 569.982888][T12321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2475'. [ 570.003818][T12321] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2475'. [ 570.070363][T12326] infiniband: Added to hash: ib_dev=ffff88803378c000 (0)() ndev=ffff88807bafe000 (21)(team_slave_0) [ 570.085978][ T1216] usb 4-1: new low-speed USB device number 86 using dummy_hcd [ 570.261316][ T1216] usb 4-1: unable to get BOS descriptor or descriptor too short [ 570.281803][ T1216] usb 4-1: config 1 has an invalid interface number: 3 but max is 2 [ 570.291885][ T1216] usb 4-1: config 1 has an invalid descriptor of length 192, skipping remainder of the config [ 570.303523][ T1216] usb 4-1: config 1 has 4 interfaces, different from the descriptor's value: 3 [ 570.313920][ T1216] usb 4-1: too many endpoints for config 1 interface 3 altsetting 191: 186, using maximum allowed: 30 [ 570.325352][ T1216] usb 4-1: config 1 interface 3 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 186 [ 570.340370][ T1216] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 570.350582][ T1216] usb 4-1: config 1 interface 3 has no altsetting 0 [ 570.362129][ T1216] usb 4-1: string descriptor 0 read error: -22 [ 570.368905][ T1216] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 570.379596][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.400489][ T1216] usb 4-1: low speed audio streaming not supported [ 570.479652][T12326] infiniband !yz!: set active [ 570.486128][T12326] infiniband !yz!: added team_slave_0 [ 570.506506][T11872] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 570.544760][T12326] RDS/IB: !yz!: added [ 570.551294][T12326] smc: adding ib device !yz! with port count 1 [ 570.558179][T12326] smc: ib device !yz! port 1 has no pnetid [ 570.603690][ T1216] usb 4-1: USB disconnect, device number 86 [ 570.684312][T11872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 570.703661][T11872] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 570.717065][T11872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.745163][T11872] usb 1-1: config 0 descriptor?? [ 570.912715][ T153] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88803378c000 (14)(!yz!) rdma_ndev=ffff88807bafe000 (23)(team_slave_0) cookie=ffff88805585c000 (11)(wlan4) start [ 570.934224][ T153] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88803378c000 (14)(!yz!) rdma_ndev=ffff88807bafe000 (25)(team_slave_0) cookie=ffff88805585c000 (6)(wlan4) end [ 570.935990][T12277] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 570.955454][T12330] loop4: detected capacity change from 0 to 7 [ 570.973757][T12330] Dev loop4: unable to read RDB block 7 [ 570.980147][T12330] loop4: unable to read partition table [ 570.986172][T12330] loop4: partition table beyond EOD, truncated [ 570.993682][T12330] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5) [ 571.018052][T11872] usb 1-1: string descriptor 0 read error: -71 [ 571.049414][T11872] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input91 [ 571.102651][ T5184] bcm5974 1-1:0.0: could not read from device [ 571.122310][ T5184] bcm5974 1-1:0.0: could not read from device [ 571.137829][T11872] usb 1-1: USB disconnect, device number 46 [ 571.137954][T12277] usb 3-1: Using ep0 maxpacket: 8 [ 571.152336][ T5184] bcm5974 1-1:0.0: could not read from device [ 571.161306][T12277] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.175545][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88803378c000 (14)(!yz!) rdma_ndev=ffff88807bafe000 (23)(team_slave_0) cookie=ffff888021310000 (11)(wlan3) start [ 571.186574][T12277] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 571.194756][ T36] infiniband: netdevice_event(NETDEV_UNREGISTER) ib_dev=ffff88803378c000 (14)(!yz!) rdma_ndev=ffff88807bafe000 (23)(team_slave_0) cookie=ffff888021310000 (4)(wlan3) end [ 571.208214][T12277] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 571.239830][T12277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.266995][T12277] usb 3-1: config 0 descriptor?? [ 571.545669][T11872] usb 3-1: USB disconnect, device number 91 [ 571.730846][T12340] ubi31: detaching mtd0 [ 571.742157][T12340] ubi31: mtd0 is detached [ 571.961792][T12342] FAULT_INJECTION: forcing a failure. [ 571.961792][T12342] name failslab, interval 1, probability 0, space 0, times 0 [ 571.995609][T12342] CPU: 1 UID: 0 PID: 12342 Comm: syz.0.2481 Not tainted syzkaller #0 PREEMPT(full) [ 571.995640][T12342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 571.995652][T12342] Call Trace: [ 571.995661][T12342] [ 571.995670][T12342] dump_stack_lvl+0xe8/0x150 [ 571.995703][T12342] should_fail_ex+0x412/0x560 [ 571.995735][T12342] should_failslab+0xa8/0x100 [ 571.995768][T12342] __kmalloc_noprof+0xe8/0x760 [ 571.995796][T12342] ? tomoyo_encode+0x28b/0x550 [ 571.995823][T12342] tomoyo_encode+0x28b/0x550 [ 571.995851][T12342] tomoyo_realpath_from_path+0x58d/0x5d0 [ 571.995889][T12342] ? tomoyo_path_number_perm+0x219/0x630 [ 571.995916][T12342] tomoyo_path_number_perm+0x246/0x630 [ 571.995947][T12342] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 571.995973][T12342] ? __lock_acquire+0x6b5/0x2cf0 [ 571.996014][T12342] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 571.996057][T12342] ? __fget_files+0x2a/0x420 [ 571.996084][T12342] ? __fget_files+0x2a/0x420 [ 571.996115][T12342] ? __fget_files+0x3a0/0x420 [ 571.996137][T12342] ? __fget_files+0x2a/0x420 [ 571.996163][T12342] security_file_ioctl+0xc3/0x2a0 [ 571.996194][T12342] __se_sys_ioctl+0x47/0x170 [ 571.996225][T12342] do_syscall_64+0xe2/0xf80 [ 571.996254][T12342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.996274][T12342] ? trace_irq_disable+0x37/0x100 [ 571.996298][T12342] ? clear_bhb_loop+0x40/0x90 [ 571.996324][T12342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.996344][T12342] RIP: 0033:0x7f1672f9acb9 [ 571.996364][T12342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.996381][T12342] RSP: 002b:00007f1673e48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 571.996403][T12342] RAX: ffffffffffffffda RBX: 00007f1673215fa0 RCX: 00007f1672f9acb9 [ 571.996418][T12342] RDX: 0000200000000440 RSI: 0000000040046f41 RDI: 0000000000000004 [ 571.996432][T12342] RBP: 00007f1673e48090 R08: 0000000000000000 R09: 0000000000000000 [ 571.996444][T12342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 571.996457][T12342] R13: 00007f1673216038 R14: 00007f1673215fa0 R15: 00007ffc3ec3b138 [ 571.996491][T12342] [ 572.266725][T12342] ERROR: Out of memory at tomoyo_realpath_from_path. [ 572.340006][T12347] binder: 12346:12347 unknown command 0 [ 572.345995][T12347] binder: 12346:12347 ioctl c0306201 200000000080 returned -22 [ 572.518675][ T5964] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 572.532497][ T5150] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 572.547906][ T5150] CPU: 0 UID: 0 PID: 5150 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 572.547936][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 572.547951][ T5150] Workqueue: hci2 hci_rx_work [ 572.547979][ T5150] Call Trace: [ 572.547989][ T5150] [ 572.547999][ T5150] dump_stack_lvl+0xe8/0x150 [ 572.548032][ T5150] sysfs_create_dir_ns+0x271/0x2a0 [ 572.548067][ T5150] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 572.548100][ T5150] ? do_raw_spin_unlock+0xf5/0x210 [ 572.548138][ T5150] kobject_add_internal+0x62b/0xd00 [ 572.548171][ T5150] kobject_add+0x163/0x240 [ 572.548200][ T5150] ? __pfx_kobject_add+0x10/0x10 [ 572.548225][ T5150] ? _raw_spin_unlock+0x28/0x50 [ 572.548258][ T5150] ? get_device_parent+0x366/0x3a0 [ 572.548287][ T5150] device_add+0x408/0xb70 [ 572.548314][ T5150] hci_conn_add_sysfs+0xd5/0x210 [ 572.548342][ T5150] le_conn_complete_evt+0xf1d/0x1430 [ 572.548385][ T5150] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 572.548419][ T5150] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 572.548443][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 572.548464][ T5150] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 572.548483][ T5150] ? skb_pull_data+0xfb/0x200 [ 572.548514][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 572.548554][ T5150] hci_event_packet+0x7af/0x12c0 [ 572.548586][ T5150] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 572.548615][ T5150] ? __pfx_hci_event_packet+0x10/0x10 [ 572.548647][ T5150] ? kcov_remote_start+0x49a/0x7a0 [ 572.548679][ T5150] ? hci_send_to_monitor+0xe2/0x590 [ 572.548714][ T5150] hci_rx_work+0x3ee/0x1030 [ 572.548752][ T5150] ? process_one_work+0x87c/0x15a0 [ 572.548775][ T5150] process_one_work+0x949/0x15a0 [ 572.548824][ T5150] ? __pfx_process_one_work+0x10/0x10 [ 572.548845][ T5150] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.548894][ T5150] worker_thread+0xb46/0x1140 [ 572.548928][ T5150] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 572.548973][ T5150] kthread+0x388/0x470 [ 572.549003][ T5150] ? __pfx_worker_thread+0x10/0x10 [ 572.549025][ T5150] ? __pfx_kthread+0x10/0x10 [ 572.549056][ T5150] ret_from_fork+0x51b/0xa40 [ 572.549085][ T5150] ? __pfx_ret_from_fork+0x10/0x10 [ 572.549108][ T5150] ? __switch_to+0xc7d/0x1400 [ 572.549146][ T5150] ? __pfx_kthread+0x10/0x10 [ 572.549176][ T5150] ret_from_fork_asm+0x1a/0x30 [ 572.549223][ T5150] [ 572.549255][ T5150] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 572.623700][T12358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2487'. [ 572.817924][ T5150] Bluetooth: hci2: failed to register connection device [ 572.832346][ T5150] ================================================================== [ 572.840559][ T5150] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x87d/0x13e0 [ 572.849114][ T5150] Read of size 8 at addr ffff888057a05480 by task kworker/u9:1/5150 [ 572.857236][ T5150] [ 572.859570][ T5150] CPU: 1 UID: 0 PID: 5150 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 572.859590][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 572.859601][ T5150] Workqueue: hci2 hci_rx_work [ 572.859626][ T5150] Call Trace: [ 572.859634][ T5150] [ 572.859642][ T5150] dump_stack_lvl+0xe8/0x150 [ 572.859664][ T5150] print_report+0xba/0x230 [ 572.859682][ T5150] ? l2cap_connect_cfm+0x87d/0x13e0 [ 572.859705][ T5150] kasan_report+0x117/0x150 [ 572.859730][ T5150] ? l2cap_connect_cfm+0x87d/0x13e0 [ 572.859755][ T5150] l2cap_connect_cfm+0x87d/0x13e0 [ 572.859781][ T5150] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 572.859804][ T5150] ? __pfx_bt_err+0x10/0x10 [ 572.859821][ T5150] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 572.859843][ T5150] hci_connect_cfm+0x95/0x140 [ 572.859863][ T5150] le_conn_complete_evt+0xf65/0x1430 [ 572.859888][ T5150] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 572.859908][ T5150] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 572.859923][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 572.859937][ T5150] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 572.859951][ T5150] ? skb_pull_data+0xfb/0x200 [ 572.859970][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 572.859992][ T5150] hci_event_packet+0x7af/0x12c0 [ 572.860011][ T5150] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 572.860030][ T5150] ? __pfx_hci_event_packet+0x10/0x10 [ 572.860048][ T5150] ? kcov_remote_start+0x49a/0x7a0 [ 572.860068][ T5150] ? hci_send_to_monitor+0xe2/0x590 [ 572.860091][ T5150] hci_rx_work+0x3ee/0x1030 [ 572.860110][ T5150] ? process_one_work+0x87c/0x15a0 [ 572.860126][ T5150] process_one_work+0x949/0x15a0 [ 572.860149][ T5150] ? __pfx_process_one_work+0x10/0x10 [ 572.860164][ T5150] ? do_raw_spin_lock+0x12b/0x2f0 [ 572.860190][ T5150] worker_thread+0xb46/0x1140 [ 572.860211][ T5150] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 572.860236][ T5150] kthread+0x388/0x470 [ 572.860256][ T5150] ? __pfx_worker_thread+0x10/0x10 [ 572.860272][ T5150] ? __pfx_kthread+0x10/0x10 [ 572.860293][ T5150] ret_from_fork+0x51b/0xa40 [ 572.860311][ T5150] ? __pfx_ret_from_fork+0x10/0x10 [ 572.860327][ T5150] ? __switch_to+0xc7d/0x1400 [ 572.860351][ T5150] ? __pfx_kthread+0x10/0x10 [ 572.860371][ T5150] ret_from_fork_asm+0x1a/0x30 [ 572.860397][ T5150] [ 572.860403][ T5150] [ 573.084726][ T5150] Allocated by task 5150: [ 573.089144][ T5150] kasan_save_track+0x3e/0x80 [ 573.093851][ T5150] __kasan_kmalloc+0x93/0xb0 [ 573.098465][ T5150] __kmalloc_cache_noprof+0x31c/0x660 [ 573.103893][ T5150] l2cap_chan_create+0x51/0x790 [ 573.108848][ T5150] l2cap_sock_new_connection_cb+0x182/0x2e0 [ 573.115013][ T5150] l2cap_connect_cfm+0x368/0x13e0 [ 573.120050][ T5150] hci_connect_cfm+0x95/0x140 [ 573.124736][ T5150] le_conn_complete_evt+0xf65/0x1430 [ 573.130032][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 573.135595][ T5150] hci_event_packet+0x7af/0x12c0 [ 573.140707][ T5150] hci_rx_work+0x3ee/0x1030 [ 573.145212][ T5150] process_one_work+0x949/0x15a0 [ 573.150321][ T5150] worker_thread+0xb46/0x1140 [ 573.154999][ T5150] kthread+0x388/0x470 [ 573.159206][ T5150] ret_from_fork+0x51b/0xa40 [ 573.163810][ T5150] ret_from_fork_asm+0x1a/0x30 [ 573.168668][ T5150] [ 573.171094][ T5150] Freed by task 12352: [ 573.175182][ T5150] kasan_save_track+0x3e/0x80 [ 573.179867][ T5150] kasan_save_free_info+0x46/0x50 [ 573.184981][ T5150] __kasan_slab_free+0x5c/0x80 [ 573.189845][ T5150] kfree+0x1c1/0x610 [ 573.193748][ T5150] l2cap_sock_cleanup_listen+0xf0/0x440 [ 573.199304][ T5150] l2cap_sock_release+0x6a/0x230 [ 573.204243][ T5150] __sock_release+0xb9/0x250 [ 573.208929][ T5150] sock_close+0x1c/0x30 [ 573.213089][ T5150] __fput+0x44f/0xa70 [ 573.217161][ T5150] task_work_run+0x1d9/0x270 [ 573.221844][ T5150] exit_to_user_mode_loop+0xed/0x480 [ 573.227132][ T5150] do_syscall_64+0x2b7/0xf80 [ 573.231727][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.237711][ T5150] [ 573.240038][ T5150] The buggy address belongs to the object at ffff888057a05000 [ 573.240038][ T5150] which belongs to the cache kmalloc-2k of size 2048 [ 573.254439][ T5150] The buggy address is located 1152 bytes inside of [ 573.254439][ T5150] freed 2048-byte region [ffff888057a05000, ffff888057a05800) [ 573.268674][ T5150] [ 573.271002][ T5150] The buggy address belongs to the physical page: [ 573.277437][ T5150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57a00 [ 573.286236][ T5150] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 573.294997][ T5150] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 573.302631][ T5150] page_type: f5(slab) [ 573.306613][ T5150] raw: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 573.315291][ T5150] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 573.323880][ T5150] head: 00fff00000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 573.333074][ T5150] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 573.341742][ T5150] head: 00fff00000000003 ffffea00015e8001 00000000ffffffff 00000000ffffffff [ 573.350410][ T5150] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 573.359079][ T5150] page dumped because: kasan: bad access detected [ 573.365489][ T5150] page_owner tracks the page as allocated [ 573.371200][ T5150] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11756, tgid 11756 (syz-executor), ts 540872985118, free_ts 540848871193 [ 573.393434][ T5150] post_alloc_hook+0x231/0x280 [ 573.398389][ T5150] get_page_from_freelist+0x24dc/0x2580 [ 573.404554][ T5150] __alloc_frozen_pages_noprof+0x18d/0x380 [ 573.410395][ T5150] allocate_slab+0x7b/0x660 [ 573.414898][ T5150] refill_objects+0x33a/0x3d0 [ 573.419577][ T5150] __pcs_replace_empty_main+0x2b9/0x620 [ 573.425210][ T5150] __kmalloc_noprof+0x474/0x760 [ 573.430172][ T5150] ieee80211_register_hw+0x1ee1/0x4150 [ 573.435808][ T5150] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 573.441705][ T5150] hwsim_new_radio_nl+0xf85/0x1c30 [ 573.446821][ T5150] genl_family_rcv_msg_doit+0x22a/0x330 [ 573.452491][ T5150] genl_rcv_msg+0x61c/0x7a0 [ 573.457238][ T5150] netlink_rcv_skb+0x232/0x4b0 [ 573.462097][ T5150] genl_rcv+0x28/0x40 [ 573.466081][ T5150] netlink_unicast+0x80f/0x9b0 [ 573.470854][ T5150] netlink_sendmsg+0x813/0xb40 [ 573.475626][ T5150] page last free pid 11756 tgid 11756 stack trace: [ 573.482123][ T5150] __free_frozen_pages+0xc01/0xd80 [ 573.487251][ T5150] __slab_free+0x263/0x2b0 [ 573.491691][ T5150] qlist_free_all+0x97/0x100 [ 573.496381][ T5150] kasan_quarantine_reduce+0x148/0x160 [ 573.501934][ T5150] __kasan_slab_alloc+0x22/0x80 [ 573.506809][ T5150] __kmalloc_cache_noprof+0x2ba/0x660 [ 573.512190][ T5150] ____ip_mc_inc_group+0x518/0xdd0 [ 573.517324][ T5150] ip_mc_up+0x115/0x2e0 [ 573.521490][ T5150] inetdev_event+0xff6/0x1610 [ 573.526165][ T5150] notifier_call_chain+0x19d/0x3a0 [ 573.531457][ T5150] __dev_notify_flags+0x1a9/0x310 [ 573.536582][ T5150] netif_change_flags+0xe8/0x1a0 [ 573.541521][ T5150] do_setlink+0xf82/0x4590 [ 573.545945][ T5150] rtnl_newlink+0x15a9/0x1be0 [ 573.550713][ T5150] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 573.555678][ T5150] netlink_rcv_skb+0x232/0x4b0 [ 573.560476][ T5150] [ 573.562810][ T5150] Memory state around the buggy address: [ 573.568451][ T5150] ffff888057a05380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.576605][ T5150] ffff888057a05400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.584753][ T5150] >ffff888057a05480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.592814][ T5150] ^ [ 573.596992][ T5150] ffff888057a05500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.605057][ T5150] ffff888057a05580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.613116][ T5150] ================================================================== [ 573.647376][ T5150] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 573.654633][ T5150] CPU: 1 UID: 0 PID: 5150 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 573.664240][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 573.674474][ T5150] Workqueue: hci2 hci_rx_work [ 573.679256][ T5150] Call Trace: [ 573.682558][ T5150] [ 573.685492][ T5150] vpanic+0x1e0/0x670 [ 573.689570][ T5150] panic+0xc5/0xd0 [ 573.693297][ T5150] ? __pfx_panic+0x10/0x10 [ 573.697719][ T5150] ? preempt_schedule_thunk+0x16/0x30 [ 573.703097][ T5150] ? l2cap_connect_cfm+0x87d/0x13e0 [ 573.708305][ T5150] check_panic_on_warn+0x89/0xb0 [ 573.713253][ T5150] ? l2cap_connect_cfm+0x87d/0x13e0 [ 573.718552][ T5150] end_report+0x6f/0x140 [ 573.722804][ T5150] kasan_report+0x128/0x150 [ 573.727314][ T5150] ? l2cap_connect_cfm+0x87d/0x13e0 [ 573.732529][ T5150] l2cap_connect_cfm+0x87d/0x13e0 [ 573.737992][ T5150] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 573.743460][ T5150] ? __pfx_bt_err+0x10/0x10 [ 573.748078][ T5150] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 573.753582][ T5150] hci_connect_cfm+0x95/0x140 [ 573.758401][ T5150] le_conn_complete_evt+0xf65/0x1430 [ 573.763823][ T5150] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 573.769732][ T5150] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 573.775493][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 573.780524][ T5150] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 573.786512][ T5150] ? skb_pull_data+0xfb/0x200 [ 573.791246][ T5150] hci_le_conn_complete_evt+0x187/0x470 [ 573.796888][ T5150] hci_event_packet+0x7af/0x12c0 [ 573.801920][ T5150] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 573.807480][ T5150] ? __pfx_hci_event_packet+0x10/0x10 [ 573.812956][ T5150] ? kcov_remote_start+0x49a/0x7a0 [ 573.818228][ T5150] ? hci_send_to_monitor+0xe2/0x590 [ 573.823631][ T5150] hci_rx_work+0x3ee/0x1030 [ 573.828151][ T5150] ? process_one_work+0x87c/0x15a0 [ 573.833277][ T5150] process_one_work+0x949/0x15a0 [ 573.838228][ T5150] ? __pfx_process_one_work+0x10/0x10 [ 573.843692][ T5150] ? do_raw_spin_lock+0x12b/0x2f0 [ 573.848744][ T5150] worker_thread+0xb46/0x1140 [ 573.853463][ T5150] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 573.859338][ T5150] kthread+0x388/0x470 [ 573.863434][ T5150] ? __pfx_worker_thread+0x10/0x10 [ 573.868559][ T5150] ? __pfx_kthread+0x10/0x10 [ 573.873272][ T5150] ret_from_fork+0x51b/0xa40 [ 573.877900][ T5150] ? __pfx_ret_from_fork+0x10/0x10 [ 573.883210][ T5150] ? __switch_to+0xc7d/0x1400 [ 573.887928][ T5150] ? __pfx_kthread+0x10/0x10 [ 573.892546][ T5150] ret_from_fork_asm+0x1a/0x30 [ 573.897443][ T5150] [ 573.901026][ T5150] Kernel Offset: disabled [ 573.905437][ T5150] Rebooting in 86400 seconds..