last executing test programs: 10.66019201s ago: executing program 1 (id=927): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="07000000000000000000c447c2ae00000000000000c00000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xfffffffb}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x20000023896) close(r6) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 8.738578448s ago: executing program 1 (id=936): r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000040)=@buf) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0d, &(0x7f0000000040)) 6.650017849s ago: executing program 3 (id=945): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r2 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x6, 0x3, 0x7, 0x8}]}) r5 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc01c7c02, &(0x7f0000000340)={0x80000000, &(0x7f0000000240), &(0x7f0000000280)}) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="170200000200000005d6000005"], 0x217) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 5.741840811s ago: executing program 3 (id=949): mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x30, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4000800) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x7}]}, 0x8) 5.586546425s ago: executing program 1 (id=950): r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) r1 = dup(r0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1180}}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x300) fsopen(&(0x7f0000000000)='qnx6\x00', 0x0) r5 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000340)={"00eeff00", 0x7, 0xb0, 0x0, 0xa, 0x8005, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r8, 0x84, 0x20, &(0x7f0000000140), &(0x7f0000000240)=0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)={0x2c, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x3, 0x0, 0x0, @pid}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c0009800800014000"], 0xb0}, 0x1, 0x0, 0x0, 0x20010810}, 0x0) sendmsg$NFT_MSG_GETTABLE(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="00010000010a0101"], 0x100}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="1e011800d3", @ANYRES16=r6], 0xffdd) syz_open_procfs(0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000040), 0x0) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f046}) 4.351524537s ago: executing program 2 (id=953): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f00000002c0), 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0040d07, 0x0) 4.201602649s ago: executing program 2 (id=955): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sndctrl(0x0, 0xe8000000, 0x8ebb480b69b51531) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @loopback}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000001c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @empty=0xe0000001}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x0, 0x3d}}}}}}}, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r4, 0x80085665, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) close(r5) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000940)) r6 = getpid() ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, &(0x7f0000000100)={0x1, 0x1, 0x15, 0x17, 0x10d, &(0x7f0000000540)}) sched_setattr(r6, &(0x7f0000000340)={0x38, 0x0, 0x1000002d, 0x12000, 0x299c0, 0x7, 0x395400000000000, 0xfc5, 0x3, 0x5507}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010400000000000000000200e704050001000700000030692b5aebac0cd17186e7779be9ab9e218cc6ca0af0bd83226a6865a9f66727"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) 4.05670163s ago: executing program 1 (id=956): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={0x0, 0x0, 0x8}, 0x14) creat(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x57}], 0xee01}, 0x18, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2c0c3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xf, 0x4, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0x0, 0x6, 0x21, &(0x7f0000000200)=""/33, 0x41000, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff], &(0x7f0000000340)=[{0x1, 0x8000001, 0x7, 0x2}], 0x10, 0xab}, 0x94) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) syz_genetlink_get_family_id$batadv(0x0, r0) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) listen(r5, 0x5) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001400010125bd7000fddbdf25010f08074e244e22030000003100000001ffffffc300004191a799f343b076a50000004007000000ea8b99df9f58096e0f9ef28c717494d7fa0eb92c5ec60e179da3e7e01137eebb5bd3a03d4e11d5bbb01a934c8173dea5aa39a5fa500dea5f17bfc71afad81373afdf83e78de15c6e09c26a", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x24048084}, 0x40000) fsopen(0x0, 0x0) unshare(0x40000080) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1414, 0x2021}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x3}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) setitimer(0x3, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800600"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 3.994653174s ago: executing program 4 (id=957): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmmsg(r0, 0x0, 0x0, 0x881) 3.94614855s ago: executing program 0 (id=958): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000040)=0x9, 0x92) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x196, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r3 = getpgrp(0x0) prlimit64(r3, 0x8, &(0x7f0000000100)={0x8, 0x41e7}, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000300)=0x7, 0x4) recvmmsg(r0, &(0x7f0000001b80)=[{{0x0, 0xffffffffffffff64, 0x0, 0x0, &(0x7f00000001c0)=""/78, 0x4e}, 0x40000}], 0x1, 0x12000, 0x0) mq_open(&(0x7f0000000080)='(:$l^.{\x00', 0x2, 0x20, &(0x7f00000000c0)={0x366e, 0xfffffffd, 0x7f, 0x1}) 3.554829539s ago: executing program 4 (id=959): r0 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) r1 = socket(0x21, 0x800, 0x2) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x2d, 0x100000) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000340)={0x800, 0x5, 0x1, 0x2, '\x00', '\x00', '\x00', 0x4, 0x0, 0x2000100, 0xfffffffd, "a900"}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000060a010400000000000000000a0000010900010073797a3100000000300004802c000180090001007866726d000000001c0002800800024000000005080001400000000205000300010000000900020073797a32"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x1}, 'port1\x00', 0x3eb, 0x2062f, 0x3, 0x7, 0x0, 0x40000c, 0x400, 0x0, 0x6, 0xfd}) r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r4, &(0x7f0000000040)='./cgroup\x00', r4, &(0x7f0000000540)='./cgroup\x00', 0x0) r5 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x20000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) keyctl$set_reqkey_keyring(0xe, 0x7) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r7 = openat$fb0(0xffffff9c, &(0x7f0000000200), 0x109282, 0x0) ioctl$FBIOGETCMAP(r7, 0x4604, &(0x7f0000000040)={0x2, 0x1, &(0x7f00000047c0)=[0x0], 0x0, 0x0, 0x0}) ptrace$cont(0x1f, r6, 0x6, 0xf) r8 = dup2(r0, r5) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) pselect6(0x1c, &(0x7f0000002100)={0x6, 0x0, 0x7, 0x1, 0x5, 0xe, 0xffff, 0xfffffffffffffbff}, 0xfffffffffffffffe, 0x0, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="cc0000000001010400000000000000000a0000003c0001802c000180b3cbc232f40dce130000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007400000000038000d80140004000000000000000000000000000000000114000500000000000000000000000000000000000c0003800600020000000000"], 0xcc}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c000380280000800800034000000002040002800c000440000010c6f7a0b5ec0c0005"], 0xec}}, 0x8890) get_mempolicy(&(0x7f0000000240), &(0x7f00000002c0), 0x7ff, &(0x7f0000375000/0x3000)=nil, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read$FUSE(r8, &(0x7f0000004380)={0x2020}, 0x2020) 3.535463792s ago: executing program 3 (id=960): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r2 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x6, 0x3, 0x7, 0x8}]}) r5 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc01c7c02, &(0x7f0000000340)={0x80000000, &(0x7f0000000240), &(0x7f0000000280)}) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="170200000200000005d6000005"], 0x217) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 3.437666571s ago: executing program 0 (id=961): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 3.18661439s ago: executing program 4 (id=962): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r5 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000300)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r8, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, "b4bc323ef77d1f000071849800000000dfff00"}}) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='load trusted:s}z 0000000000000000103'], 0x30, 0xfffffffffffffffa) syz_io_uring_complete(r6) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200005c053579ac584878da9d711812d5000400", @ANYRES32=0x0, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000feffffff000000000100000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000008b7030000000000008500000008000000bf09000000000000a5090100ffffff80bf00200000000000ad980000000000005e080000000000008500000005000000b700000000000000"], &(0x7f0000000980)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@fallback, r10, 0x36, 0x8, 0x0, @void, @value=r10}, 0x20) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000240)) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91", 0x3) write$dsp(0xffffffffffffffff, &(0x7f0000000080)="cd", 0x1) write$dsp(0xffffffffffffffff, &(0x7f00000000c0)="1359a7b637341adbff62ec6add15460c682304e4fccad9e34173348bfa33359731791967c61a51691f2e3d3d44601d5154e3516d956d4645ec724600"/84, 0x54) 2.849160623s ago: executing program 0 (id=963): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) pselect6(0x40, &(0x7f0000000800)={0xd, 0x1, 0xff3e, 0xd, 0x4000000000008, 0x2cc, 0x4, 0xac83}, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.405343422s ago: executing program 3 (id=964): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={0x0, 0x0, 0x8}, 0x14) creat(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x57}], 0xee01}, 0x18, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2c0c3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xf, 0x4, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0x0, 0x6, 0x21, &(0x7f0000000200)=""/33, 0x41000, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff], &(0x7f0000000340)=[{0x1, 0x8000001, 0x7, 0x2}], 0x10, 0xab}, 0x94) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) syz_genetlink_get_family_id$batadv(0x0, r0) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001400010125bd7000fddbdf25010f08074e244e22030000003100000001ffffffc300004191a799f343b076a50000004007000000ea8b99df9f58096e0f9ef28c717494d7fa0eb92c5ec60e179da3e7e01137eebb5bd3a03d4e11d5bbb01a934c8173dea5aa39a5fa500dea5f17bfc71afad81373afdf83e78de15c6e09c26a", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x24048084}, 0x40000) fsopen(0x0, 0x0) unshare(0x40000080) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1414, 0x2021}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x3}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) setitimer(0x3, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800600"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 2.363311015s ago: executing program 2 (id=965): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f00000002c0), 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0040d07, 0x0) 2.10165659s ago: executing program 1 (id=966): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x15c}}, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = userfaultfd(0x80001) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x1080}) mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0xb2) ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000000)) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0x1, 0x2000000000000000, 0x80000004000000, 0xffffffffffffffff], 0x8000000, 0x2010d3}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000200)="440f20c0350b000000440f22c0360f09c4217d700c9d0000000028b8010000000f01c166b82e000f00d80f20d835080000000f22d82e0f019885000000b9b1060000b86f8d0000ba0000000066b8b5008ec036363ef3420f51a600000000b9e30b0000b8f233278fba000000000f30", 0x6f}], 0x1, 0x13, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r8, @ANYBLOB="0c00990000000000000000000800a102ffff0000080026008d0300"], 0x40}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xb}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xc}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x4800}, 0x4810) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000046000701fefffffffcdbdf25047c0000080001"], 0x1c}}, 0xc000) 2.093409678s ago: executing program 2 (id=967): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00']) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x4f, 0x0, 0x27}, 0x810) sched_setattr(0x0, &(0x7f0000000340)={0xffffffffffffff68, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x1, 0x8, 0xffffffff, 0x1}, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x8) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) r5 = syz_io_uring_setup(0x78ad, &(0x7f0000000200)={0x0, 0x8b22, 0x20000, 0x1, 0x3}, &(0x7f0000002480), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000002380)={0x1, 0x0, 0x0, &(0x7f00000022c0)=[{0x0}], 0x0}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000004f00)=[{0x0}], 0xfffffffffffffffe, 0x1}, 0x20) syz_genetlink_get_family_id$l2tp(0x0, r2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) mprotect(&(0x7f000000f000/0x2000)=nil, 0x2000, 0x1000005) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x0, 0x6000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0xeeef6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x0, 0x0, 0x0, &(0x7f000000d000/0x3000)=nil, 0x3000, 0x8}) close_range(r6, 0xffffffffffffffff, 0x0) 1.785489966s ago: executing program 0 (id=968): r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x11, r1, 0x0) msync(&(0x7f000081e000/0x3000)=nil, 0x3000, 0x6) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000006110a400000000001f0100000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6, 0x0, 0x2}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x1, 0x43, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001600), 0x1, r7}, 0x38) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={r7, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'gretap0\x00', 0x0}) sendto$packet(r3, 0x0, 0x0, 0x2400d805, &(0x7f0000000380)={0x11, 0x8100, r8, 0x1, 0x85, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 905.038858ms ago: executing program 4 (id=969): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmmsg(r0, 0x0, 0x0, 0x881) 702.550231ms ago: executing program 0 (id=970): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000180)={{{0x1, 0x1}}, 0x1f, 0x6, 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) io_pgetevents(0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000540)={'syzkaller0\x00', 0x1}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r6 = socket$kcm(0x11, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000500)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1ffffffffffffe4a, &(0x7f0000000480)=[{0x2, 0x0, 0x7, 0x56}, {0xfd75, 0x60, 0xc, 0x7fff}, {0x4, 0x7, 0x25, 0x4}, {0x7f, 0x7, 0x9, 0x8}, {0xfff7, 0xbf, 0x7f, 0x3ff}, {0x3, 0xfb, 0xf4, 0x10001}, {0x400, 0xc, 0x9, 0x80}, {0x0, 0x10, 0x1, 0x9}, {0x3, 0x40, 0x81, 0x3}, {0x3, 0xff, 0xfc, 0x402}]}) msync(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x6) r8 = openat$nvram(0xffffff9c, &(0x7f0000000140), 0x200000, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r5) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r8, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="040026bd7000fedbdf251d0000000c00990003000000730000000800010022000000"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x40) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) 665.500832ms ago: executing program 4 (id=971): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x7}]}, 0x8) 548.422602ms ago: executing program 4 (id=972): r0 = socket(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x7fffffff, 0x0, 0x2}, {0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x4000}]}]}, 0xfc}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b160000000000000000020000084c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000000800044000000f73080003400000001408000240000000020900010073797a3000000000090002"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5801000040000701feffffff00000000017c0000040042800c00018006000600800a0000340102802e011480"], 0x158}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000500)={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x16}}, 0x6c) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mtu(r4, 0x0, 0xa, 0x0, 0xfffffffffffffca7) sendmmsg$inet(r3, &(0x7f00000039c0)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r3, 0x0, 0x0, 0x12000000, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r6, 0x8008ae9d, &(0x7f0000000240)) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x4}, 0x38) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905"], 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r5, 0x84, 0x85, &(0x7f0000000540)={r7, 0x88, "0200000000000000703fcd09bdf0b493d4323725cdcff2eae49f89843a5318d5ba093aa761132b5e2e8c4eb4eb76aa3f3069d1d5a64a2c75a2d59986feff48dc51b23de50b4c052630642b3348c700b558041310b18d364b87808f6ec3b597fae6ac116b5b25b716a73e48c8c8f8ec21e15e7a5d6743243dfde88d2786c355a2c222145b4ddeb213"}, &(0x7f0000000500)=0x90) 366.778565ms ago: executing program 2 (id=973): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}}, 0xb4}}, 0x0) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 309.99221ms ago: executing program 1 (id=974): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r2 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x3}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x6, 0x3, 0x7, 0x8}]}) r5 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc01c7c02, &(0x7f0000000340)={0x80000000, &(0x7f0000000240), &(0x7f0000000280)}) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="170200000200000005d6000005"], 0x217) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 231.165423ms ago: executing program 3 (id=975): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) r0 = memfd_create(&(0x7f0000000200)='\x02\n(qT\x1a\xed\xda\xb2\x01\x00\x00N\xf2Y\x1c\x91\x9f\'b\xddd\x9b\xb0l\r\x9f\x815\x04x\x1eJ]\x90\xa4\xd1\x9c\xff\x14^\x97\r', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ftruncate(r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, r0, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) r1 = eventfd2(0x2, 0x80001) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x10b500, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x40a0ae49, &(0x7f0000000000)={0x4, 0xeeef0000, 0x0, 0xffffffffffffffff, 0x100000}) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB='$\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="c4e0fa97b3319ac9500e486710bff6a5bf153b0d063d8f3b42e87d5066a5001000009fc26daba20c56efd15788e762116ce23847e110e03fa1509ea46595671cd66309ccf700cd4b27b62d7f005a3a330652939f010000004246dc10d407234c74580c84257fcbc63db6e79a8e477736958080c48df391857fd8d421cb1d07d3ad4c7bd703c3408dbc3ca75a4a541b3f1df670e0c10cd8775482bde2af9eaf9deafbfdf883fcfad96d9083e5602699dc55959523ea360874fcc6c0ea84fe356de9c47b2e6cc1a96541da29eb7592435bcd94ac76148e2042c52d01f7d9b783c3067b2d62d3a9158c2658fb2101516e30b1a437ce8adc4f26a497dbc8b18a3384131ce391f1a7ba1c849bc4124044710a714b08f9ab167c33e2bb84ed92e58359e89fdbf806c0fd2764477951e560092e7248cc80aab080fe3438f0cc74c0524ee90b14f741ad5505ff2411863a138b20e7ddc862f3a28da256000000000000000036af3af0", @ANYRES64=0x0], 0x20) (async) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40050) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0080000d000000000000000a0000010900020073797a31000000000900010073797a3100000000100003800c0000800800034000641600e0cf1b281db7db8421bbfa792e3cfb1feb41a32e3e"], 0x3c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) (async) r7 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10) r8 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000600)={0x2, @win={{0x6, 0x1593, 0xa, 0x1}, 0x3, 0x0, 0x0, 0x2, 0x0, 0x8}}) (async) ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2}) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, 0x0) (async) write(r7, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r7, &(0x7f0000002ec0), 0x0, 0x22, &(0x7f00000001c0)={0x0, 0x3938700}) 14.836191ms ago: executing program 3 (id=976): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) ioctl$KDSETMODE(r0, 0x4b3a, 0x0) write$UHID_INPUT(r0, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b37071887f70e09d038e7ff7fc6e5539b0d450a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 13.86591ms ago: executing program 0 (id=986): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x8) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) listxattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)=""/157, 0x9d) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000000, 0x20002, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10, 0x5}}, 0x50) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x18, 0x0, 0xce1, {0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=977): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={0x0, 0x0, 0x8}, 0x14) creat(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x57}], 0xee01}, 0x18, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2c0c3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xf, 0x4, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0x0, 0x6, 0x21, &(0x7f0000000200)=""/33, 0x41000, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff], &(0x7f0000000340)=[{0x1, 0x8000001, 0x7, 0x2}], 0x10, 0xab}, 0x94) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) syz_genetlink_get_family_id$batadv(0x0, r0) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) listen(r5, 0x5) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001400010125bd7000fddbdf25010f08074e244e22030000003100000001ffffffc300004191a799f343b076a50000004007000000ea8b99df9f58096e0f9ef28c717494d7fa0eb92c5ec60e179da3e7e01137eebb5bd3a03d4e11d5bbb01a934c8173dea5aa39a5fa500dea5f17bfc71afad81373afdf83e78de15c6e09c26a", @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x24048084}, 0x40000) fsopen(0x0, 0x0) unshare(0x40000080) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1414, 0x2021}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x3}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) setitimer(0x3, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800600"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) kernel console output (not intermixed with test programs): scriptor's value: 9 [ 149.450488][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.490267][ T5931] usb 5-1: Using ep0 maxpacket: 16 [ 149.503057][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.523350][ T5913] usb 2-1: config index 0 descriptor too short (expected 64548, got 36) [ 149.530537][ T5931] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 149.539856][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.542320][ T5913] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 149.552950][ T43] usb 1-1: USB disconnect, device number 2 [ 149.565979][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.595358][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.610083][ T5931] usb 5-1: config 0 has no interface number 0 [ 149.618747][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.639885][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.656300][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.667542][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.682219][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.690277][ T5913] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 149.692156][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.721850][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.730924][ T5931] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 149.747694][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.766362][ T5931] usb 5-1: Product: syz [ 149.771827][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.778497][ T5931] usb 5-1: Manufacturer: syz [ 149.783503][ T5931] usb 5-1: SerialNumber: syz [ 149.793375][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.799053][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.815783][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.833357][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.841125][ T5931] usb 5-1: config 0 descriptor?? [ 149.857594][ T5931] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046c:14e8) [ 149.860307][ T5913] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00 [ 149.865411][ T5931] uvcvideo 5-1:0.105: No valid video chain found. [ 149.884661][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.893855][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.908935][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.926003][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.936562][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.951811][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 149.960445][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.965806][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.992120][ T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.018788][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 150.032991][ T24] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 150.033733][ T5913] usb 2-1: config 0 descriptor?? [ 150.194636][ T24] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 150.224718][ T24] usb 4-1: Product: syz [ 150.231556][ T24] usb 4-1: Manufacturer: syz [ 150.236350][ T24] usb 4-1: SerialNumber: syz [ 150.268244][ T24] usb 4-1: config 0 descriptor?? [ 150.298259][ T24] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 150.313540][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: unknown main item tag 0x0 [ 150.335725][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: unknown main item tag 0x0 [ 150.364397][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: unknown main item tag 0x0 [ 150.388551][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: unknown main item tag 0x0 [ 150.409936][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: unknown main item tag 0x0 [ 150.436464][ T5913] aquacomputer_d5next 0003:0C70:F0BD.0002: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.1-1/input0 [ 150.621640][ T5913] usb 2-1: USB disconnect, device number 7 [ 150.635162][ T24] usb 4-1: USB disconnect, device number 15 [ 150.646456][ T24] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 150.662627][ T7179] netlink: 12 bytes leftover after parsing attributes in process `syz.2.418'. [ 150.717322][ T7177] fido_id[7177]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 151.972470][ T7197] fuse: Bad value for 'fd' [ 152.175674][ T5884] usb 5-1: USB disconnect, device number 9 [ 152.692798][ T7221] tipc: Started in network mode [ 152.707057][ T7221] tipc: Node identity 4, cluster identity 4711 [ 152.803977][ T7221] tipc: Node number set to 4 [ 152.930270][ T5931] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 153.582775][ T5931] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 153.587469][ T7231] fuse: Bad value for 'fd' [ 153.675427][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 153.710829][ T43] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 153.729317][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 153.755859][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 153.811714][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 153.831606][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 153.852330][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 153.874813][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 153.874830][ T30] audit: type=1326 audit(1763094384.380:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.2.435" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x0 [ 153.890387][ T43] usb 1-1: device descriptor read/64, error -71 [ 153.951796][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.190310][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.206706][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.323879][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.610480][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.650548][ T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 154.669983][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.865643][ T43] usb 1-1: device descriptor read/64, error -71 [ 154.885055][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.915308][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.942264][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.966652][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.991736][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 155.020235][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 155.030572][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 155.039828][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 155.053183][ T43] usb usb1-port1: attempt power cycle [ 155.069055][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 155.087152][ T5931] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 155.096982][ T5931] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 155.127751][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 155.152232][ T5931] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 155.163796][ T5931] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 155.178724][ T5931] usb 2-1: Product: syz [ 155.201757][ T5931] usb 2-1: Manufacturer: syz [ 155.240236][ T5931] usb 2-1: SerialNumber: syz [ 155.291065][ T5931] usb 2-1: config 0 descriptor?? [ 155.326939][ T5931] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 155.332133][ T7250] policy can only be matched on NF_INET_PRE_ROUTING [ 155.343650][ T7250] unable to load match [ 155.410778][ T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 155.435630][ T43] usb 1-1: device descriptor read/8, error -71 [ 155.572448][ T24] usb 2-1: USB disconnect, device number 8 [ 155.584717][ T24] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 155.728692][ T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 155.767038][ T7260] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 155.882195][ T7263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.441'. [ 155.980031][ T7265] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 155.999650][ T7265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.442'. [ 156.052822][ T43] usb 1-1: device not accepting address 6, error -71 [ 156.069270][ T43] usb usb1-port1: unable to enumerate USB device [ 156.487369][ T7276] fuse: Bad value for 'fd' [ 156.724443][ T7280] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 156.779623][ T7280] netlink: 12 bytes leftover after parsing attributes in process `syz.4.447'. [ 156.967882][ T7287] netem: incorrect gi model size [ 156.973956][ T7287] netem: change failed [ 157.046201][ T7291] usb usb7: usbfs: process 7291 (syz.3.451) did not claim interface 0 before use [ 157.072607][ T7289] IPVS: set_ctl: invalid protocol: 46 127.0.0.1:20001 [ 157.146242][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.1.446'. [ 157.742603][ T43] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 157.936062][ T43] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 158.035867][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.077472][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.096920][ T7305] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 158.099885][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.134774][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.143872][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.160253][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.181445][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.194242][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.234039][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.272409][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.281658][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.306368][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.326862][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.339294][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.390527][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.421179][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.430402][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.464358][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.478644][ T7309] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 158.487628][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.496935][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.514717][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.457'. [ 158.524222][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.554199][ T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 158.565561][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 158.591429][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.601030][ T43] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 158.614027][ T43] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 158.631645][ T43] usb 4-1: Product: syz [ 158.641268][ T43] usb 4-1: Manufacturer: syz [ 158.653650][ T43] usb 4-1: SerialNumber: syz [ 158.670259][ T43] usb 4-1: config 0 descriptor?? [ 158.694228][ T43] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 158.930681][ T43] usb 4-1: USB disconnect, device number 16 [ 158.953307][ T43] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 158.980912][ T5891] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 159.143169][ T5891] usb 1-1: Using ep0 maxpacket: 16 [ 159.161717][ T5891] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 159.180490][ T5891] usb 1-1: config 0 has no interfaces? [ 159.201823][ T5891] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 159.220454][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.240497][ T5891] usb 1-1: Product: syz [ 159.244692][ T5891] usb 1-1: Manufacturer: syz [ 159.249292][ T5891] usb 1-1: SerialNumber: syz [ 159.268480][ T5891] usb 1-1: config 0 descriptor?? [ 159.448740][ T7324] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 159.484664][ T7324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.462'. [ 159.587730][ T7332] FAULT_INJECTION: forcing a failure. [ 159.587730][ T7332] name failslab, interval 1, probability 0, space 0, times 1 [ 159.610596][ T7333] tipc: Can't bind to reserved service type 1 [ 159.620561][ T7332] CPU: 1 UID: 0 PID: 7332 Comm: syz.3.464 Not tainted syzkaller #0 PREEMPT(full) [ 159.620582][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.620591][ T7332] Call Trace: [ 159.620598][ T7332] [ 159.620605][ T7332] dump_stack_lvl+0x189/0x250 [ 159.620631][ T7332] ? __pfx____ratelimit+0x10/0x10 [ 159.620653][ T7332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.620674][ T7332] ? __pfx__printk+0x10/0x10 [ 159.620697][ T7332] ? __pfx___might_resched+0x10/0x10 [ 159.620714][ T7332] ? fs_reclaim_acquire+0x7d/0x100 [ 159.620735][ T7332] should_fail_ex+0x414/0x560 [ 159.620769][ T7332] should_failslab+0xa8/0x100 [ 159.620788][ T7332] __kmalloc_noprof+0xcb/0x7f0 [ 159.620809][ T7332] ? tomoyo_encode+0x28b/0x550 [ 159.620838][ T7332] tomoyo_encode+0x28b/0x550 [ 159.620867][ T7332] tomoyo_realpath_from_path+0x58d/0x5d0 [ 159.620902][ T7332] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 159.620922][ T7332] tomoyo_path_number_perm+0x1e8/0x5a0 [ 159.620946][ T7332] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 159.620984][ T7332] ? __lock_acquire+0xab9/0xd20 [ 159.621019][ T7332] ? __fget_files+0x2a/0x420 [ 159.621038][ T7332] ? __fget_files+0x3a0/0x420 [ 159.621051][ T7332] ? __fget_files+0x2a/0x420 [ 159.621068][ T7332] security_file_ioctl_compat+0xcb/0x2d0 [ 159.621090][ T7332] __ia32_compat_sys_ioctl+0x128/0x840 [ 159.621112][ T7332] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 159.621141][ T7332] ? __fget_files+0x3a0/0x420 [ 159.621162][ T7332] ? fput+0xa0/0xd0 [ 159.621184][ T7332] ? ksys_write+0x22a/0x250 [ 159.621202][ T7332] ? exc_page_fault+0x82/0x100 [ 159.621223][ T7332] ? __pfx_ksys_write+0x10/0x10 [ 159.621246][ T7332] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 159.621269][ T7332] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.621292][ T7332] __do_fast_syscall_32+0xb6/0x2b0 [ 159.621315][ T7332] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.621339][ T7332] do_fast_syscall_32+0x34/0x80 [ 159.621361][ T7332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 159.621380][ T7332] RIP: 0023:0xf7f45539 [ 159.621394][ T7332] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 159.621407][ T7332] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 159.621464][ T7332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0f8565c [ 159.621476][ T7332] RDX: 0000000080000f80 RSI: 0000000000000000 RDI: 0000000000000000 [ 159.621486][ T7332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 159.621495][ T7332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 159.621504][ T7332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 159.621532][ T7332] [ 159.621638][ T7332] ERROR: Out of memory at tomoyo_realpath_from_path. [ 159.979009][ T30] audit: type=1326 audit(1763094390.490:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7338 comm="syz.1.466" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0 [ 160.226283][ T5891] usb 1-1: USB disconnect, device number 7 [ 160.933154][ T7359] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 160.942124][ T7360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.471'. [ 160.969420][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.1.472'. [ 162.481444][ T24] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 162.814002][ T24] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 162.855490][ T24] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 162.889904][ T24] usb 2-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 162.950394][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 162.971085][ T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=027c, bcdDevice= 0.00 [ 163.017777][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.091903][ T24] usb 2-1: config 0 descriptor?? [ 163.156108][ T7384] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 163.173469][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.479'. [ 164.212981][ T30] audit: type=1326 audit(1763094394.730:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.2.482" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x0 [ 164.429768][ T24] apple 0003:05AC:027C.0003: hidraw0: USB HID v0.04 Device [HID 05ac:027c] on usb-dummy_hcd.1-1/input0 [ 164.760028][ T7362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.784129][ T7362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.990776][ T7362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.058726][ T7362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.152226][ T5899] usb 2-1: USB disconnect, device number 9 [ 165.610558][ T5884] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 165.760621][ T5884] usb 3-1: Using ep0 maxpacket: 16 [ 165.767091][ T7433] netlink: 4 bytes leftover after parsing attributes in process `syz.4.487'. [ 165.768351][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.799475][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 165.824265][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 165.844175][ T5884] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 165.885181][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.925669][ T5884] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 165.935039][ T5884] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 165.950524][ T5884] usb 3-1: Manufacturer: syz [ 165.964336][ T5884] usb 3-1: config 0 descriptor?? [ 166.691775][ T5884] rc_core: IR keymap rc-hauppauge not found [ 166.697824][ T5884] Registered IR keymap rc-empty [ 166.707732][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 166.750036][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 166.771614][ T5884] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 166.786190][ T5884] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input10 [ 166.843440][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 166.921774][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 166.960691][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.010466][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.078571][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.111433][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.140600][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.168168][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.350492][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.390760][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 167.422330][ T5884] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 167.479234][ T5884] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 167.590903][ T5884] usb 3-1: USB disconnect, device number 10 [ 167.694366][ T7455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.493'. [ 167.831769][ T7459] FAULT_INJECTION: forcing a failure. [ 167.831769][ T7459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.919994][ T7459] CPU: 1 UID: 0 PID: 7459 Comm: syz.3.495 Not tainted syzkaller #0 PREEMPT(full) [ 167.920017][ T7459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 167.920026][ T7459] Call Trace: [ 167.920033][ T7459] [ 167.920040][ T7459] dump_stack_lvl+0x189/0x250 [ 167.920068][ T7459] ? __pfx____ratelimit+0x10/0x10 [ 167.920089][ T7459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.920111][ T7459] ? __pfx__printk+0x10/0x10 [ 167.920129][ T7459] ? __might_fault+0xb0/0x130 [ 167.920164][ T7459] should_fail_ex+0x414/0x560 [ 167.920193][ T7459] _copy_from_user+0x2d/0xb0 [ 167.920213][ T7459] kstrtouint_from_user+0xc4/0x170 [ 167.920234][ T7459] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 167.920269][ T7459] proc_fail_nth_write+0x88/0x200 [ 167.920290][ T7459] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 167.920317][ T7459] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 167.920339][ T7459] vfs_write+0x27e/0xb30 [ 167.920371][ T7459] ? __pfx_vfs_write+0x10/0x10 [ 167.920395][ T7459] ? __fget_files+0x2a/0x420 [ 167.920417][ T7459] ? __fget_files+0x3a0/0x420 [ 167.920432][ T7459] ? __fget_files+0x2a/0x420 [ 167.920457][ T7459] ksys_write+0x145/0x250 [ 167.920477][ T7459] ? exc_page_fault+0x82/0x100 [ 167.920496][ T7459] ? __pfx_ksys_write+0x10/0x10 [ 167.920520][ T7459] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 167.920543][ T7459] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.920568][ T7459] __do_fast_syscall_32+0xb6/0x2b0 [ 167.920593][ T7459] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.920618][ T7459] do_fast_syscall_32+0x34/0x80 [ 167.920640][ T7459] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.920659][ T7459] RIP: 0023:0xf7f45539 [ 167.920673][ T7459] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 167.920686][ T7459] RSP: 002b:00000000f5415590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 167.920704][ T7459] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5415620 [ 167.920716][ T7459] RDX: 0000000000000001 RSI: 00000000f73d6ff4 RDI: 0000000000000000 [ 167.920725][ T7459] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 167.920734][ T7459] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 167.920743][ T7459] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.920769][ T7459] [ 168.265375][ T30] audit: type=1326 audit(1763094398.790:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7464 comm="syz.1.497" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0 [ 168.271950][ T7461] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 168.455310][ T7461] netlink: 12 bytes leftover after parsing attributes in process `syz.2.496'. [ 168.603444][ T30] audit: type=1326 audit(1763094399.130:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 168.962788][ T30] audit: type=1326 audit(1763094399.150:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.047109][ T30] audit: type=1326 audit(1763094399.150:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.130282][ T30] audit: type=1326 audit(1763094399.150:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.271476][ T30] audit: type=1326 audit(1763094399.150:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.302646][ T30] audit: type=1326 audit(1763094399.150:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.407431][ T30] audit: type=1326 audit(1763094399.150:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.432777][ T7478] netlink: 'syz.2.501': attribute type 5 has an invalid length. [ 169.450761][ T30] audit: type=1326 audit(1763094399.150:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.479779][ T30] audit: type=1326 audit(1763094399.150:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.0.498" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 169.845110][ T7491] netlink: 12 bytes leftover after parsing attributes in process `syz.1.503'. [ 169.882285][ T7491] tap0: tun_chr_ioctl cmd 35111 [ 170.868662][ T7497] binder: 7496:7497 ioctl 4018620d 0 returned -22 [ 171.430892][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.511'. [ 173.280865][ T7542] xt_TCPMSS: Only works on TCP SYN packets [ 173.280910][ T7538] binder: 7537:7538 ioctl 4018620d 0 returned -22 [ 173.657289][ T7548] netlink: 156 bytes leftover after parsing attributes in process `syz.0.522'. [ 173.740559][ T7551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.523'. [ 174.436297][ T7569] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 174.447246][ T7569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.529'. [ 175.049047][ T7580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.524'. [ 175.058424][ T7580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.524'. [ 175.072608][ T7580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.524'. [ 175.409772][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.4.533'. [ 175.749295][ T7595] binder: 7594:7595 ioctl 4018620d 0 returned -22 [ 176.900083][ T7620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.537'. [ 176.990220][ T7626] trusted_key: encrypted_key: hex blob is missing [ 177.224453][ T7631] netlink: 'syz.2.545': attribute type 5 has an invalid length. [ 177.648820][ T7638] netlink: 12 bytes leftover after parsing attributes in process `syz.0.549'. [ 179.745453][ T5891] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 179.921820][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 179.933115][ T5891] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 179.941344][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.952811][ T7681] netlink: 96 bytes leftover after parsing attributes in process `syz.0.558'. [ 180.300592][ T5891] usb 2-1: config 0 has no interface number 0 [ 180.338278][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 180.347630][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.380572][ T5891] usb 2-1: Product: syz [ 180.384841][ T5891] usb 2-1: Manufacturer: syz [ 180.389801][ T5891] usb 2-1: SerialNumber: syz [ 180.488406][ T5891] usb 2-1: config 0 descriptor?? [ 180.711923][ T5891] uvcvideo 2-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 180.820307][ T5891] uvcvideo 2-1:0.31: No valid video chain found. [ 181.153212][ T7694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.559'. [ 181.297372][ T7702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.564'. [ 181.332533][ T7702] tap0: tun_chr_ioctl cmd 35111 [ 181.415516][ T5891] usb 2-1: USB disconnect, device number 10 [ 183.244141][ T7732] netlink: 'syz.3.572': attribute type 5 has an invalid length. [ 183.280780][ T5899] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 183.288628][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 183.288641][ T30] audit: type=1326 audit(1763094413.810:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.332790][ T30] audit: type=1326 audit(1763094413.810:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.356552][ T30] audit: type=1326 audit(1763094413.810:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.399759][ T30] audit: type=1326 audit(1763094413.810:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.422979][ T30] audit: type=1326 audit(1763094413.810:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.445700][ T30] audit: type=1326 audit(1763094413.810:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.471672][ T30] audit: type=1326 audit(1763094413.810:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.497659][ T30] audit: type=1326 audit(1763094413.810:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.521453][ T30] audit: type=1326 audit(1763094413.810:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 183.545538][ T5899] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 183.557837][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.594850][ T5899] usb 2-1: config 0 descriptor?? [ 183.616912][ T5899] gspca_main: spca508-2.14.0 probing 8086:0110 [ 183.779816][ T7731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'. [ 183.821154][ T7726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 183.831408][ T5899] gspca_spca508: reg_read err -32 [ 183.844329][ T7726] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 183.883818][ T30] audit: type=1326 audit(1763094413.810:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7733 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 184.147042][ T5899] gspca_spca508: reg_read err -32 [ 184.156351][ T5899] gspca_spca508: reg_read err -32 [ 184.682546][ T5899] gspca_spca508: reg_read err -110 [ 184.691145][ T5899] gspca_spca508: reg write: error -32 [ 184.696683][ T5899] spca508 2-1:0.0: probe with driver spca508 failed with error -32 [ 184.802246][ T5884] usb 2-1: USB disconnect, device number 11 [ 185.061794][ T7756] netlink: 12 bytes leftover after parsing attributes in process `syz.0.581'. [ 185.573316][ T7770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.580'. [ 186.333536][ T7782] batman_adv: batadv0: Adding interface: ipvlan2 [ 186.444315][ T7788] trusted_key: encrypted_key: hex blob is missing [ 186.535547][ T7782] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.643694][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.700660][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.711394][ T7782] batman_adv: batadv0: Interface activated: ipvlan2 [ 186.992270][ T7799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.593'. [ 187.920074][ T7804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.594'. [ 188.078736][ T7804] bond0: (slave bond_slave_1): Releasing backup interface [ 188.131206][ T7804] bond_slave_1 (unregistering): left promiscuous mode [ 188.202231][ T7808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.595'. [ 188.485298][ T7832] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 188.495194][ T7832] netlink: 12 bytes leftover after parsing attributes in process `syz.2.604'. [ 188.792859][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.601'. [ 189.321060][ T5899] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 189.530272][ T5899] usb 1-1: Using ep0 maxpacket: 8 [ 189.539063][ T5899] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.699008][ T5899] usb 1-1: config 0 has no interfaces? [ 189.707933][ T5899] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 189.718793][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.730987][ T5899] usb 1-1: Product: syz [ 189.735169][ T5899] usb 1-1: Manufacturer: syz [ 189.739772][ T5899] usb 1-1: SerialNumber: syz [ 189.763536][ T5899] usb 1-1: config 0 descriptor?? [ 189.811561][ T7848] fuse: Unknown parameter 'user_id00000000000000000000' [ 190.104695][ T7853] netlink: 'syz.4.611': attribute type 7 has an invalid length. [ 190.112706][ T7853] netlink: 'syz.4.611': attribute type 8 has an invalid length. [ 190.258521][ T5891] usb 1-1: USB disconnect, device number 8 [ 190.490469][ T7858] FAULT_INJECTION: forcing a failure. [ 190.490469][ T7858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.520656][ T7858] CPU: 0 UID: 0 PID: 7858 Comm: syz.3.613 Not tainted syzkaller #0 PREEMPT(full) [ 190.520686][ T7858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 190.520696][ T7858] Call Trace: [ 190.520702][ T7858] [ 190.520710][ T7858] dump_stack_lvl+0x189/0x250 [ 190.520747][ T7858] ? __pfx____ratelimit+0x10/0x10 [ 190.520770][ T7858] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.520791][ T7858] ? __pfx__printk+0x10/0x10 [ 190.520809][ T7858] ? __might_fault+0xb0/0x130 [ 190.520842][ T7858] should_fail_ex+0x414/0x560 [ 190.520871][ T7858] _copy_from_user+0x2d/0xb0 [ 190.520892][ T7858] __ia32_sys_epoll_ctl+0x120/0x1a0 [ 190.520913][ T7858] ? __pfx___ia32_sys_epoll_ctl+0x10/0x10 [ 190.520933][ T7858] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 190.520958][ T7858] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.520982][ T7858] __do_fast_syscall_32+0xb6/0x2b0 [ 190.521005][ T7858] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.521030][ T7858] do_fast_syscall_32+0x34/0x80 [ 190.521056][ T7858] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.521075][ T7858] RIP: 0023:0xf7f45539 [ 190.521096][ T7858] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 190.521109][ T7858] RSP: 002b:00000000f541555c EFLAGS: 00000206 ORIG_RAX: 00000000000000ff [ 190.521133][ T7858] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 [ 190.521144][ T7858] RDX: 0000000000000005 RSI: 00000000800001c0 RDI: 0000000000000000 [ 190.521154][ T7858] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.521163][ T7858] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 190.521173][ T7858] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.521199][ T7858] [ 190.708594][ C0] vkms_vblank_simulate: vblank timer overrun [ 191.336545][ T7865] netlink: 'syz.0.615': attribute type 5 has an invalid length. [ 191.496660][ T7871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.616'. [ 192.530035][ T7883] fuse: Unknown parameter 'user_id00000000000000000000' [ 193.141164][ T5899] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 193.152159][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.4.619'. [ 193.325340][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 193.342284][ T5899] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 193.354638][ T5899] usb 4-1: config 0 has no interface number 0 [ 193.383899][ T5899] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 193.403903][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.424173][ T5899] usb 4-1: Product: syz [ 193.438055][ T5899] usb 4-1: Manufacturer: syz [ 193.443891][ T5899] usb 4-1: SerialNumber: syz [ 193.459447][ T5899] usb 4-1: config 0 descriptor?? [ 193.481579][ T5899] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 193.700692][ T5891] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 193.709283][ T5899] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 193.746743][ T5899] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 193.997387][ T5891] usb 1-1: Using ep0 maxpacket: 32 [ 194.006112][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 194.016058][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 194.029578][ T5891] usb 1-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 194.038719][ T5899] usb 4-1: USB disconnect, device number 17 [ 194.094727][ T5891] usb 1-1: config 1 interface 0 has no altsetting 0 [ 194.131974][ T5899] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 194.147641][ T5891] usb 1-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice= 0.40 [ 194.156994][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.184575][ T5899] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 194.311303][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.317635][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.336062][ T5899] quatech2 4-1:0.51: device disconnected [ 194.436788][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input11 [ 194.503489][ T5184] bcm5974 1-1:1.0: could not read from device [ 194.579718][ T5891] usb 1-1: USB disconnect, device number 9 [ 194.599999][ T5184] bcm5974 1-1:1.0: could not read from device [ 194.633368][ T5184] bcm5974 1-1:1.0: could not read from device [ 194.668616][ T5833] bcm5974 1-1:1.0: could not read from device [ 195.122135][ T7917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.630'. [ 195.566234][ T7927] fuse: Bad value for 'fd' [ 196.360522][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 197.412132][ T7937] fuse: Unknown parameter 'ÿÿ0x0000000000000007' [ 198.404867][ T7969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.645'. [ 198.797768][ T7978] fuse: Bad value for 'fd' [ 198.905644][ T7985] trusted_key: encrypted_key: hex blob is missing [ 199.697580][ T7991] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 199.708235][ T7991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.652'. [ 199.903065][ T5917] IPVS: starting estimator thread 0... [ 200.050366][ T7998] IPVS: using max 28 ests per chain, 67200 per kthread [ 200.058855][ T8004] fuse: Unknown parameter 'group_iØ¡ŸIü¡ò¬00000000000000000000' [ 200.350069][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 200.350098][ T30] audit: type=1326 audit(1763094430.870:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8008 comm="syz.1.656" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0 [ 200.964840][ T30] audit: type=1326 audit(1763094431.490:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.046059][ T30] audit: type=1326 audit(1763094431.510:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.101715][ T30] audit: type=1326 audit(1763094431.510:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.199679][ T30] audit: type=1326 audit(1763094431.510:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.278201][ T30] audit: type=1326 audit(1763094431.510:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.345411][ T30] audit: type=1326 audit(1763094431.510:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.394978][ T30] audit: type=1326 audit(1763094431.510:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.418287][ T30] audit: type=1326 audit(1763094431.510:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.574336][ T30] audit: type=1326 audit(1763094431.510:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8019 comm="syz.0.660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x7ffc0000 [ 201.575872][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 201.602839][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 201.608977][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 201.610034][ T5830] Bluetooth: hci3: command 0x0406 tx timeout [ 201.912951][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.664'. [ 202.607166][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 202.800278][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 202.818126][ T24] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 202.830421][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.849184][ T24] usb 5-1: config 0 has no interface number 0 [ 202.938811][ T24] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 202.953596][ T8050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 203.046061][ T24] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 203.086436][ T24] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 203.097791][ T24] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 203.207519][ T24] usb 5-1: config 0 interface 52 has no altsetting 0 [ 203.230458][ T24] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 203.239696][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.400674][ T24] usb 5-1: config 0 descriptor?? [ 203.644243][ T24] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input12 [ 204.424393][ T8078] netlink: 'syz.2.683': attribute type 10 has an invalid length. [ 204.724896][ T8053] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 204.753544][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 204.901297][ T24] usb 3-1: device descriptor read/64, error -71 [ 204.949925][ T8078] team0: Port device netdevsim0 removed [ 204.989921][ T8078] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 205.180552][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 205.283046][ T8091] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 205.340604][ T24] usb 3-1: device descriptor read/64, error -71 [ 205.355753][ T8093] FAULT_INJECTION: forcing a failure. [ 205.355753][ T8093] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.399624][ T8093] CPU: 0 UID: 0 PID: 8093 Comm: syz.3.677 Not tainted syzkaller #0 PREEMPT(full) [ 205.399649][ T8093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 205.399659][ T8093] Call Trace: [ 205.399666][ T8093] [ 205.399672][ T8093] dump_stack_lvl+0x189/0x250 [ 205.399699][ T8093] ? __pfx____ratelimit+0x10/0x10 [ 205.399719][ T8093] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.399738][ T8093] ? __pfx__printk+0x10/0x10 [ 205.399755][ T8093] ? __might_fault+0xb0/0x130 [ 205.399786][ T8093] should_fail_ex+0x414/0x560 [ 205.399814][ T8093] _copy_from_user+0x2d/0xb0 [ 205.399836][ T8093] get_compat_msghdr+0xad/0x4a0 [ 205.399859][ T8093] ? __pfx_get_compat_msghdr+0x10/0x10 [ 205.399889][ T8093] ___sys_sendmsg+0x193/0x2a0 [ 205.399911][ T8093] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.399963][ T8093] ? __fget_files+0x2a/0x420 [ 205.399979][ T8093] ? __fget_files+0x3a0/0x420 [ 205.400005][ T8093] __sys_sendmsg+0x164/0x220 [ 205.400025][ T8093] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.400051][ T8093] ? __pfx_ksys_write+0x10/0x10 [ 205.400076][ T8093] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 205.400097][ T8093] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.400126][ T8093] __do_fast_syscall_32+0xb6/0x2b0 [ 205.400151][ T8093] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.400178][ T8093] do_fast_syscall_32+0x34/0x80 [ 205.400198][ T8093] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 205.400217][ T8093] RIP: 0023:0xf7f45539 [ 205.400231][ T8093] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 205.400244][ T8093] RSP: 002b:00000000f541555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 205.400262][ T8093] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180 [ 205.400274][ T8093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.400284][ T8093] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 205.400293][ T8093] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 205.400304][ T8093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 205.400331][ T8093] [ 205.613586][ T24] usb usb3-port1: attempt power cycle [ 205.637739][ T8095] trusted_key: encrypted_key: insufficient parameters specified [ 205.684499][ T8097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.680'. [ 205.844681][ T5891] usb 5-1: USB disconnect, device number 10 [ 205.970297][ T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 205.990888][ T24] usb 3-1: device descriptor read/8, error -71 [ 206.372191][ T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 206.398456][ T8108] fuse: Unknown parameter '0x0000000000000004' [ 206.421161][ T24] usb 3-1: device descriptor read/8, error -71 [ 206.535622][ T24] usb usb3-port1: unable to enumerate USB device [ 207.139905][ T8123] trusted_key: encrypted_key: insufficient parameters specified [ 207.360749][ T43] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 207.461267][ T8135] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 207.612637][ T43] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 207.629057][ T43] usb 4-1: config 0 has no interface number 0 [ 207.642576][ T43] usb 4-1: config 0 interface 16 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.672894][ T43] usb 4-1: config 0 interface 16 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.685217][ T43] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice=95.dc [ 207.823057][ T43] usb 4-1: New USB device strings: Mfr=0, Product=18, SerialNumber=0 [ 207.833144][ T43] usb 4-1: Product: syz [ 207.862282][ T43] usb 4-1: config 0 descriptor?? [ 207.955480][ T8140] fuse: Unknown parameter '0x0000000000000004' [ 208.114339][ T8144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.698'. [ 208.286819][ T43] uclogic 0003:256C:006D.0004: interface is invalid, ignoring [ 208.350772][ T5899] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 208.540346][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 208.568915][ T5899] usb 3-1: no configurations [ 208.573737][ T5899] usb 3-1: can't read configurations, error -22 [ 208.574371][ T5891] usb 4-1: USB disconnect, device number 18 [ 208.708263][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.699'. [ 208.750455][ T5899] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 209.230848][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 209.251197][ T5899] usb 3-1: no configurations [ 209.255952][ T5899] usb 3-1: can't read configurations, error -22 [ 209.263395][ T5899] usb usb3-port1: attempt power cycle [ 209.292074][ T8156] netlink: 'syz.4.700': attribute type 10 has an invalid length. [ 209.379460][ T8156] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 209.601016][ T5899] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 209.640111][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 209.645907][ T5899] usb 3-1: no configurations [ 209.653281][ T5899] usb 3-1: can't read configurations, error -22 [ 209.660319][ T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 209.772460][ T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 209.781039][ T5899] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 209.812468][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 209.818470][ T5899] usb 3-1: no configurations [ 209.824182][ T5899] usb 3-1: can't read configurations, error -22 [ 209.831649][ T43] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 209.841947][ T43] usb 2-1: config 0 interface 0 has no altsetting 0 [ 209.849067][ T5899] usb usb3-port1: unable to enumerate USB device [ 209.858222][ T43] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 209.873140][ T43] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 209.883265][ T43] usb 2-1: Product: syz [ 209.887413][ T43] usb 2-1: Manufacturer: syz [ 209.897350][ T43] usb 2-1: SerialNumber: syz [ 209.918639][ T43] usb 2-1: config 0 descriptor?? [ 209.924401][ T24] usb 5-1: device descriptor read/64, error -71 [ 209.946309][ T43] usb 2-1: selecting invalid altsetting 0 [ 210.170671][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 210.330921][ T24] usb 5-1: device descriptor read/64, error -71 [ 210.441152][ T24] usb usb5-port1: attempt power cycle [ 210.780761][ T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 210.812746][ T24] usb 5-1: device descriptor read/8, error -71 [ 211.060863][ T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 211.093686][ T24] usb 5-1: device descriptor read/8, error -71 [ 211.171581][ T8183] fuse: Unknown parameter '0x0000000000000004' [ 211.235058][ T24] usb usb5-port1: unable to enumerate USB device [ 211.422713][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 211.422726][ T30] audit: type=1326 audit(1763094441.950:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.710" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x0 [ 211.536105][ T8193] netlink: 12 bytes leftover after parsing attributes in process `syz.3.711'. [ 212.474356][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.712'. [ 212.500497][ T24] usb 2-1: USB disconnect, device number 12 [ 213.076090][ T8211] trusted_key: encrypted_key: hex blob is missing [ 213.361946][ T8208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.716'. [ 214.366734][ T8222] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 214.373286][ T8222] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 214.402674][ T8225] netlink: 8 bytes leftover after parsing attributes in process `syz.4.718'. [ 214.569065][ T8222] vhci_hcd vhci_hcd.0: Device attached [ 214.763667][ T5899] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 214.783134][ T8223] vhci_hcd: connection reset by peer [ 214.789558][ T13] vhci_hcd: stop threads [ 214.794964][ T13] vhci_hcd: release socket [ 214.799429][ T13] vhci_hcd: disconnect device [ 215.400774][ T43] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 215.450824][ T8232] fuse: Unknown parameter '0x0000000000000004' [ 215.599595][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 215.622302][ T43] usb 4-1: no configurations [ 215.626919][ T43] usb 4-1: can't read configurations, error -22 [ 215.651070][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.0.722'. [ 215.680742][ T8235] netlink: 28 bytes leftover after parsing attributes in process `syz.0.722'. [ 215.790875][ T43] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 215.801686][ T8239] netlink: 32 bytes leftover after parsing attributes in process `syz.1.724'. [ 215.869500][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.725'. [ 215.933627][ T8243] FAULT_INJECTION: forcing a failure. [ 215.933627][ T8243] name failslab, interval 1, probability 0, space 0, times 0 [ 215.957621][ T8243] CPU: 0 UID: 0 PID: 8243 Comm: syz.4.725 Not tainted syzkaller #0 PREEMPT(full) [ 215.957644][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 215.957654][ T8243] Call Trace: [ 215.957662][ T8243] [ 215.957669][ T8243] dump_stack_lvl+0x189/0x250 [ 215.957694][ T8243] ? __pfx____ratelimit+0x10/0x10 [ 215.957715][ T8243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.957735][ T8243] ? __pfx__printk+0x10/0x10 [ 215.957771][ T8243] ? __pfx___might_resched+0x10/0x10 [ 215.957788][ T8243] ? fs_reclaim_acquire+0x7d/0x100 [ 215.957809][ T8243] should_fail_ex+0x414/0x560 [ 215.957838][ T8243] should_failslab+0xa8/0x100 [ 215.957863][ T8243] __kmalloc_cache_noprof+0x6f/0x6f0 [ 215.957886][ T8243] ? register_netdevice+0x58b/0x1ae0 [ 215.957911][ T8243] register_netdevice+0x58b/0x1ae0 [ 215.957939][ T8243] ? rcu_is_watching+0x15/0xb0 [ 215.957960][ T8243] ? __pfx_register_netdevice+0x10/0x10 [ 215.957977][ T8243] ? alloc_netdev_mqs+0xc89/0x11b0 [ 215.957994][ T8243] ? alloc_netdev_mqs+0xbf8/0x11b0 [ 215.958014][ T8243] ? tun_net_initialize+0x18d/0x450 [ 215.958034][ T8243] ? __pfx_tun_net_initialize+0x10/0x10 [ 215.958055][ T8243] ? alloc_netdev_mqs+0xd9b/0x11b0 [ 215.958081][ T8243] tun_set_iff+0x844/0xf00 [ 215.958109][ T8243] __tun_chr_ioctl+0x788/0x1df0 [ 215.958136][ T8243] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 215.958156][ T8243] ? __fget_files+0x2a/0x420 [ 215.958178][ T8243] ? __fget_files+0x3a0/0x420 [ 215.958199][ T8243] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 215.958221][ T8243] __ia32_compat_sys_ioctl+0x543/0x840 [ 215.958247][ T8243] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 215.958269][ T8243] ? __fget_files+0x3a0/0x420 [ 215.958292][ T8243] ? fput+0xa0/0xd0 [ 215.958311][ T8243] ? ksys_write+0x22a/0x250 [ 215.958332][ T8243] ? exc_page_fault+0x82/0x100 [ 215.958355][ T8243] ? __pfx_ksys_write+0x10/0x10 [ 215.958379][ T8243] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 215.958404][ T8243] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.958427][ T8243] __do_fast_syscall_32+0xb6/0x2b0 [ 215.958451][ T8243] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.958477][ T8243] do_fast_syscall_32+0x34/0x80 [ 215.958500][ T8243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.958516][ T8243] RIP: 0023:0xf7fc5539 [ 215.958531][ T8243] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 215.958545][ T8243] RSP: 002b:00000000f549555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 215.958564][ T8243] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400454ca [ 215.958574][ T8243] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.958583][ T8243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 215.958592][ T8243] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 215.958602][ T8243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.958630][ T8243] [ 216.020994][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 216.231030][ T30] audit: type=1326 audit(1763094446.680:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.2.726" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x0 [ 216.429897][ T43] usb 4-1: no configurations [ 216.469160][ T43] usb 4-1: can't read configurations, error -22 [ 216.477212][ T43] usb usb4-port1: attempt power cycle [ 216.778625][ T5891] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 216.840836][ T43] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 216.899441][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 216.921130][ T43] usb 4-1: no configurations [ 216.930298][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 216.937213][ T5891] usb 1-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 250, changing to 11 [ 216.939583][ T43] usb 4-1: can't read configurations, error -22 [ 217.073590][ T5891] usb 1-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 217.094761][ T5891] usb 1-1: config 1 interface 0 has no altsetting 0 [ 217.104445][ T5891] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.40 [ 217.115027][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.123362][ T5891] usb 1-1: Product: ä“‚æ±î†¿í›ªä§™ìº’꧃ﻑ˘ৠ粻駋뜬殮엯숦ⴊୀ麊뭊쭢ë…ଳꌕê»îª‹äª®îŸ‘ï¤ä¹—ꤣ㽚㸅砪쬳斵㓎á¢æ‚‘横 [ 217.200779][ T43] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 217.218341][ T5891] usb 1-1: Manufacturer: Ð [ 217.220902][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 217.228659][ T43] usb 4-1: no configurations [ 217.234097][ T43] usb 4-1: can't read configurations, error -22 [ 217.244317][ T43] usb usb4-port1: unable to enumerate USB device [ 217.253256][ T5891] usb 1-1: SerialNumber: 莂塸ꂅ꼣쭃餲賨뺘ï©ïŽ‰ã¤»á¢®î‚樄궶歀켎쵅ᦗâ çŽšë±¹ë¡·åž«ï´­á¿¾é­®â³²ìµ¬é­•ì¡¾ë°å¿Ÿä»¤ï¨‹æ‰’嬺閫â¿ä§”霘磗梚ለ淨છꃋ칾쾆汧霆ࢩ纋盒쌛綊ì…衬é¼â‚ƒêŠ¥â³ë›¤á†Šìµ‡ç–¶ìŸµí‘šà®·ãƒê¬“壬䇓妨燾찫༣ሎ [ 217.609107][ T8264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'. [ 218.566694][ T5891] usbhid 1-1:1.0: can't add hid device: -71 [ 218.577309][ T5891] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 218.699289][ T5891] usb 1-1: USB disconnect, device number 10 [ 218.770332][ T5884] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 218.981814][ T8281] trusted_key: encrypted_key: hex blob is missing [ 219.051101][ T5884] usb 4-1: Using ep0 maxpacket: 32 [ 219.061566][ T5884] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 219.069879][ T5884] usb 4-1: config 0 has no interface number 0 [ 219.079636][ T5884] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 219.089880][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.100355][ T5884] usb 4-1: Product: syz [ 219.114721][ T5884] usb 4-1: Manufacturer: syz [ 219.150408][ T5884] usb 4-1: SerialNumber: syz [ 219.172016][ T5884] usb 4-1: config 0 descriptor?? [ 219.200130][ T5884] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 219.455103][ T8287] trusted_key: encrypted_key: hex blob is missing [ 219.495250][ T5884] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 219.534345][ T8285] netlink: 'syz.1.733': attribute type 5 has an invalid length. [ 219.541958][ T5884] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 219.698197][ T8277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.731951][ T8277] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.876030][ T5899] vhci_hcd: vhci_device speed not set [ 220.241754][ T8295] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 220.251143][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 220.251531][ T43] usb 4-1: USB disconnect, device number 23 [ 220.304137][ T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 220.368445][ T8296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'. [ 220.432561][ T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 220.462006][ T43] quatech2 4-1:0.51: device disconnected [ 220.657897][ T8299] FAULT_INJECTION: forcing a failure. [ 220.657897][ T8299] name failslab, interval 1, probability 0, space 0, times 0 [ 220.694658][ T8299] CPU: 1 UID: 0 PID: 8299 Comm: syz.0.738 Not tainted syzkaller #0 PREEMPT(full) [ 220.694683][ T8299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 220.694693][ T8299] Call Trace: [ 220.694700][ T8299] [ 220.694707][ T8299] dump_stack_lvl+0x189/0x250 [ 220.694735][ T8299] ? __pfx____ratelimit+0x10/0x10 [ 220.694757][ T8299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.694779][ T8299] ? __pfx__printk+0x10/0x10 [ 220.694802][ T8299] ? __pfx___might_resched+0x10/0x10 [ 220.694819][ T8299] ? fs_reclaim_acquire+0x7d/0x100 [ 220.694840][ T8299] should_fail_ex+0x414/0x560 [ 220.694869][ T8299] should_failslab+0xa8/0x100 [ 220.694895][ T8299] kmem_cache_alloc_node_noprof+0x77/0x710 [ 220.694921][ T8299] ? __alloc_skb+0x112/0x2d0 [ 220.694944][ T8299] __alloc_skb+0x112/0x2d0 [ 220.694964][ T8299] _sctp_make_chunk+0x5e/0x430 [ 220.694992][ T8299] sctp_make_datafrag_empty+0x122/0x230 [ 220.695018][ T8299] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 220.695045][ T8299] ? sctp_auth_send_cid+0x69/0x250 [ 220.695071][ T8299] sctp_datamsg_from_user+0x729/0xef0 [ 220.695113][ T8299] sctp_sendmsg_to_asoc+0xffe/0x1810 [ 220.695129][ T8299] ? __asan_memcpy+0x40/0x70 [ 220.695157][ T8299] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 220.695189][ T8299] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 220.695207][ T8299] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 220.695225][ T8299] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 220.695242][ T8299] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 220.695258][ T8299] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 220.695276][ T8299] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 220.695294][ T8299] ? security_sctp_bind_connect+0x7e/0x2e0 [ 220.695324][ T8299] sctp_sendmsg+0x1941/0x2810 [ 220.695358][ T8299] ? __pfx_sctp_sendmsg+0x10/0x10 [ 220.695378][ T8299] ? aa_sk_perm+0x81e/0x950 [ 220.695406][ T8299] ? __pfx_aa_sk_perm+0x10/0x10 [ 220.695432][ T8299] ? sock_rps_record_flow+0x19/0x410 [ 220.695459][ T8299] ? inet_sendmsg+0x2f4/0x370 [ 220.695473][ T8299] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 220.695493][ T8299] __sock_sendmsg+0x19c/0x270 [ 220.695518][ T8299] __sys_sendto+0x3bd/0x520 [ 220.695537][ T8299] ? __pfx___sys_sendto+0x10/0x10 [ 220.695551][ T8299] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 220.695587][ T8299] ? __fget_files+0x3a0/0x420 [ 220.695614][ T8299] ? ksys_write+0x22a/0x250 [ 220.695639][ T8299] ? __pfx_ksys_write+0x10/0x10 [ 220.695667][ T8299] __ia32_sys_sendto+0xdd/0x100 [ 220.695687][ T8299] __do_fast_syscall_32+0xb6/0x2b0 [ 220.695712][ T8299] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.695738][ T8299] do_fast_syscall_32+0x34/0x80 [ 220.695761][ T8299] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 220.695782][ T8299] RIP: 0023:0xf7fe7539 [ 220.695797][ T8299] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 220.695812][ T8299] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171 [ 220.695831][ T8299] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 220.695843][ T8299] RDX: 000000000000ffe0 RSI: 0000000000000000 RDI: 0000000080000100 [ 220.695854][ T8299] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 220.695865][ T8299] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 220.695875][ T8299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 220.695903][ T8299] [ 221.176343][ T30] audit: type=1326 audit(1763094451.690:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8302 comm="syz.4.740" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x0 [ 221.909630][ T8312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.744'. [ 222.079774][ T8321] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 222.180783][ T5899] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 222.232371][ T8327] trusted_key: encrypted_key: hex blob is missing [ 222.560284][ T5899] usb 2-1: Using ep0 maxpacket: 8 [ 222.571239][ T5899] usb 2-1: unable to get BOS descriptor or descriptor too short [ 222.584034][ T5899] usb 2-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 222.655207][ T5899] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 222.667481][ T5899] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 222.698159][ T5899] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 222.723743][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.778526][ T5899] usb 2-1: Product: syz [ 222.787561][ T5899] usb 2-1: Manufacturer: syz [ 222.808803][ T5899] usb 2-1: SerialNumber: syz [ 223.040152][ T5899] cdc_ncm 2-1:1.0: skipping garbage [ 223.057459][ T5899] cdc_ncm 2-1:1.0: skipping garbage [ 223.080271][ T5899] cdc_ncm 2-1:1.0: skipping garbage [ 223.097029][ T5899] cdc_ncm 2-1:1.0: skipping garbage [ 223.126906][ T5899] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 223.157138][ T5899] cdc_ncm 2-1:1.0: bind() failure [ 223.231507][ T5899] usb 2-1: USB disconnect, device number 13 [ 223.439846][ T5884] IPVS: starting estimator thread 0... [ 223.544044][ T8338] IPVS: using max 31 ests per chain, 74400 per kthread [ 223.678327][ T8342] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 223.689338][ T8342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.753'. [ 223.720304][ T5899] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 223.872161][ T5899] usb 3-1: config 7 has an invalid interface number: 101 but max is 0 [ 223.880865][ T5899] usb 3-1: config 7 has no interface number 0 [ 223.888833][ T5899] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 223.898465][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.906491][ T5899] usb 3-1: Product: syz [ 223.910918][ T5899] usb 3-1: Manufacturer: syz [ 223.915500][ T5899] usb 3-1: SerialNumber: syz [ 224.101088][ T5884] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 224.253656][ T5884] usb 1-1: Using ep0 maxpacket: 16 [ 224.260603][ T5884] usb 1-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 224.271808][ T5884] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 224.283485][ T5884] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 224.292759][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.300843][ T5884] usb 1-1: Product: syz [ 224.305007][ T5884] usb 1-1: Manufacturer: syz [ 224.309605][ T5884] usb 1-1: SerialNumber: syz [ 224.639337][ T30] audit: type=1326 audit(1763094455.160:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8357 comm="syz.3.758" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x0 [ 224.685708][ T5899] as10x_usb: device has been detected [ 224.693317][ T5899] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 224.730807][ T5899] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 224.885531][ T5899] as10x_usb: error during firmware upload part1 [ 224.892645][ T5899] Registered device Elgato EyeTV DTT Deluxe [ 224.974293][ T8337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.999739][ T8337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.064705][ T8337] netlink: 'syz.2.751': attribute type 9 has an invalid length. [ 225.135692][ T8363] netlink: 'syz.4.759': attribute type 5 has an invalid length. [ 225.752122][ T8371] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 225.782487][ T5899] usb 3-1: USB disconnect, device number 19 [ 225.965121][ T5899] Unregistered device Elgato EyeTV DTT Deluxe [ 226.067017][ T8377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.762'. [ 226.835395][ T5899] as10x_usb: device has been disconnected [ 226.888031][ T5884] usb 1-1: 0:2 : does not exist [ 227.166230][ T5884] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 227.444966][ T8388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.763'. [ 227.730406][ T5884] usb 1-1: USB disconnect, device number 11 [ 227.867628][ T8394] FAULT_INJECTION: forcing a failure. [ 227.867628][ T8394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.888822][ T8395] tipc: Enabling of bearer rejected, failed to enable media [ 227.905424][ T6676] udevd[6676]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 228.064442][ T8394] CPU: 1 UID: 0 PID: 8394 Comm: syz.1.765 Not tainted syzkaller #0 PREEMPT(full) [ 228.064466][ T8394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 228.064477][ T8394] Call Trace: [ 228.064484][ T8394] [ 228.064491][ T8394] dump_stack_lvl+0x189/0x250 [ 228.064519][ T8394] ? __pfx____ratelimit+0x10/0x10 [ 228.064541][ T8394] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.064563][ T8394] ? __pfx__printk+0x10/0x10 [ 228.064593][ T8394] should_fail_ex+0x414/0x560 [ 228.064622][ T8394] _copy_to_user+0x31/0xb0 [ 228.064646][ T8394] simple_read_from_buffer+0xe1/0x170 [ 228.064674][ T8394] proc_fail_nth_read+0x1b3/0x220 [ 228.064697][ T8394] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.064721][ T8394] ? rw_verify_area+0x2a6/0x4d0 [ 228.064741][ T8394] ? __lock_acquire+0xab9/0xd20 [ 228.064756][ T8394] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.064778][ T8394] vfs_read+0x200/0xa30 [ 228.064799][ T8394] ? fdget_pos+0x247/0x320 [ 228.064819][ T8394] ? __pfx___mutex_lock+0x10/0x10 [ 228.064841][ T8394] ? __pfx_vfs_read+0x10/0x10 [ 228.064870][ T8394] ? __fget_files+0x2a/0x420 [ 228.064890][ T8394] ? __fget_files+0x3a0/0x420 [ 228.064905][ T8394] ? __fget_files+0x2a/0x420 [ 228.064929][ T8394] ksys_read+0x145/0x250 [ 228.064953][ T8394] ? __pfx_ksys_read+0x10/0x10 [ 228.064981][ T8394] ? syscall_enter_from_user_mode_prepare+0x8f/0x110 [ 228.065006][ T8394] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.065032][ T8394] __do_fast_syscall_32+0xb6/0x2b0 [ 228.065063][ T8394] do_fast_syscall_32+0x34/0x80 [ 228.065087][ T8394] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 228.065106][ T8394] RIP: 0023:0xf705d539 [ 228.065121][ T8394] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 228.065136][ T8394] RSP: 002b:00000000f542c590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 228.065154][ T8394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542c620 [ 228.065166][ T8394] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000 [ 228.065177][ T8394] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 228.065187][ T8394] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 228.065197][ T8394] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 228.065225][ T8394] [ 228.409984][ T8397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.768'. [ 228.554458][ T30] audit: type=1326 audit(1763094459.070:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8398 comm="syz.4.771" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x0 [ 228.624082][ T8409] ======================================================= [ 228.624082][ T8409] WARNING: The mand mount option has been deprecated and [ 228.624082][ T8409] and is ignored by this kernel. Remove the mand [ 228.624082][ T8409] option from the mount to silence this warning. [ 228.624082][ T8409] ======================================================= [ 229.220934][ T5917] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 229.438723][ T5917] usb 3-1: Using ep0 maxpacket: 8 [ 229.450697][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 229.480332][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 229.826651][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 229.867995][ T30] audit: type=1326 audit(1763094460.380:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 229.975241][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 230.009088][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 230.045049][ T5917] usb 3-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f [ 230.064855][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.073354][ T5917] usb 3-1: Product: syz [ 230.077669][ T5917] usb 3-1: Manufacturer: syz [ 230.097620][ T5917] usb 3-1: SerialNumber: syz [ 230.122073][ T30] audit: type=1326 audit(1763094460.380:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.161326][ T30] audit: type=1326 audit(1763094460.380:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.185066][ T30] audit: type=1326 audit(1763094460.380:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.484310][ T30] audit: type=1326 audit(1763094460.390:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=181 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.519574][ T5917] usb 3-1: config 0 descriptor?? [ 230.582686][ T30] audit: type=1326 audit(1763094460.390:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.606522][ T30] audit: type=1326 audit(1763094460.390:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.629204][ T30] audit: type=1326 audit(1763094460.390:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.660936][ T30] audit: type=1326 audit(1763094460.420:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8424 comm="syz.4.774" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 230.762324][ T5917] usb 3-1: USB disconnect, device number 20 [ 230.854699][ T8432] trusted_key: encrypted_key: hex blob is missing [ 231.067902][ T8436] netlink: 40 bytes leftover after parsing attributes in process `syz.3.777'. [ 231.798842][ T8447] netlink: 32 bytes leftover after parsing attributes in process `syz.2.780'. [ 231.821542][ T5884] ip6_tunnel: ip6gretap0: Local routing loop detected! [ 231.969598][ T8448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.776'. [ 232.041250][ T5917] ip6_tunnel: ip6gretap0: Local routing loop detected! [ 232.370964][ T5917] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 232.550920][ T5917] usb 4-1: Using ep0 maxpacket: 8 [ 232.586622][ T5917] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 232.611337][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.783'. [ 232.630288][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.660309][ T5917] usb 4-1: Product: syz [ 232.689970][ T5917] usb 4-1: Manufacturer: syz [ 232.719703][ T5917] usb 4-1: SerialNumber: syz [ 232.787259][ T5917] usb 4-1: config 0 descriptor?? [ 232.849929][ T5917] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 233.023010][ T8466] netlink: 136 bytes leftover after parsing attributes in process `syz.4.788'. [ 233.041616][ T8466] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 233.079653][ T5917] gspca_sonixj: reg_w1 err -71 [ 233.084645][ T5917] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 233.104694][ T5917] usb 4-1: USB disconnect, device number 24 [ 233.330714][ T5931] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 233.481618][ T5931] usb 2-1: too many configurations: 241, using maximum allowed: 8 [ 233.504561][ T5931] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 233.504590][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.504615][ T5931] usb 2-1: Product: syz [ 233.504629][ T5931] usb 2-1: Manufacturer: syz [ 233.504643][ T5931] usb 2-1: SerialNumber: syz [ 233.514215][ T5931] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 233.532299][ T43] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 233.668843][ T8483] tipc: Started in network mode [ 233.668899][ T8483] tipc: Node identity 96e4f1f7b50a, cluster identity 4711 [ 233.669432][ T8483] tipc: Enabled bearer , priority 0 [ 233.686043][ T8483] tipc: Resetting bearer [ 233.767057][ T8481] tipc: Disabling bearer [ 234.966842][ T5917] usb 2-1: USB disconnect, device number 14 [ 234.986461][ T43] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 234.996017][ T43] ath9k_htc: Failed to initialize the device [ 235.012190][ T5917] usb 2-1: ath9k_htc: USB layer deinitialized [ 235.207533][ T8493] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 64993 [ 235.373339][ T8495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.795'. [ 235.773730][ T8507] trusted_key: encrypted_key: hex blob is missing [ 235.952167][ T8510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.799'. [ 235.977203][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.798'. [ 236.013584][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 236.013598][ T30] audit: type=1326 audit(1763094466.540:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.017542][ T8510] raw_sendmsg: syz.3.799 forgot to set AF_INET. Fix it! [ 236.020082][ T30] audit: type=1326 audit(1763094466.540:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.260846][ T30] audit: type=1326 audit(1763094466.600:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.336669][ T30] audit: type=1326 audit(1763094466.600:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.421156][ T8517] netlink: 'syz.2.801': attribute type 5 has an invalid length. [ 236.433866][ T30] audit: type=1326 audit(1763094466.600:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.644488][ T30] audit: type=1326 audit(1763094466.600:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.721078][ T30] audit: type=1326 audit(1763094466.600:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 236.914148][ T30] audit: type=1326 audit(1763094466.600:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 237.010274][ T30] audit: type=1326 audit(1763094466.600:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 237.073147][ T30] audit: type=1326 audit(1763094466.600:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8511 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 237.160744][ T5931] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 237.350249][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 237.425065][ T5931] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 237.444454][ T5931] usb 2-1: can't read configurations, error -61 [ 237.692638][ T5931] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 237.781744][ T8541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.806'. [ 238.050291][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 238.066738][ T5931] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 238.078575][ T5931] usb 2-1: can't read configurations, error -61 [ 238.085658][ T5931] usb usb2-port1: attempt power cycle [ 238.678624][ T8545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.807'. [ 238.920281][ T5931] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 238.940758][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 238.954575][ T5931] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 238.962676][ T5931] usb 2-1: can't read configurations, error -61 [ 239.101301][ T5931] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 239.161077][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 239.193539][ T5931] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 239.227839][ T5931] usb 2-1: can't read configurations, error -61 [ 239.279999][ T5931] usb usb2-port1: unable to enumerate USB device [ 239.650498][ T5917] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 240.019855][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.046665][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.080629][ T5917] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 240.171757][ T5917] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 240.198105][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.226259][ T5917] usb 4-1: config 0 descriptor?? [ 240.706737][ T5917] plantronics 0003:047F:FFFF.0005: global environment stack underflow [ 240.731939][ T5917] plantronics 0003:047F:FFFF.0005: item 0 1 1 11 parsing failed [ 240.874597][ T5917] plantronics 0003:047F:FFFF.0005: parse failed [ 240.898687][ T5917] plantronics 0003:047F:FFFF.0005: probe with driver plantronics failed with error -22 [ 241.127308][ T8578] netlink: 'syz.0.815': attribute type 5 has an invalid length. [ 241.241667][ T5917] usb 4-1: USB disconnect, device number 25 [ 241.377794][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 241.377810][ T30] audit: type=1326 audit(1763094471.900:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.4.816" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x0 [ 241.433782][ T30] audit: type=1326 audit(1763094471.960:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.478786][ T8588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.819'. [ 241.532713][ T30] audit: type=1326 audit(1763094472.000:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.599200][ T30] audit: type=1326 audit(1763094472.000:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.649972][ T30] audit: type=1326 audit(1763094472.000:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.683125][ T30] audit: type=1326 audit(1763094472.000:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.706990][ T30] audit: type=1326 audit(1763094472.000:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.729786][ T30] audit: type=1326 audit(1763094472.000:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.735889][ T8598] IPVS: Scheduler module ip_vs_ not found [ 241.763045][ T30] audit: type=1326 audit(1763094472.000:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.804369][ T30] audit: type=1326 audit(1763094472.000:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8583 comm="syz.2.818" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000 [ 241.890878][ T5931] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 242.051384][ T5931] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 242.069760][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.090872][ T5931] usb 4-1: config 0 has no interfaces? [ 242.097877][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.108441][ T5931] usb 4-1: config 0 has no interfaces? [ 242.122829][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.134998][ T5931] usb 4-1: config 0 has no interfaces? [ 242.151858][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.168185][ T5931] usb 4-1: config 0 has no interfaces? [ 242.176506][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.187491][ T5931] usb 4-1: config 0 has no interfaces? [ 242.194493][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.205524][ T5931] usb 4-1: config 0 has no interfaces? [ 242.213103][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.230496][ T5931] usb 4-1: config 0 has no interfaces? [ 242.237913][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.251088][ T5931] usb 4-1: config 0 has no interfaces? [ 242.262230][ T5931] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 242.280678][ T5931] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 242.301080][ T5931] usb 4-1: Product: syz [ 242.309453][ T5931] usb 4-1: Manufacturer: syz [ 242.316614][ T5931] usb 4-1: SerialNumber: syz [ 242.326326][ T5931] usb 4-1: config 0 descriptor?? [ 242.468186][ T8621] netlink: 'syz.1.829': attribute type 5 has an invalid length. [ 242.547180][ T43] usb 4-1: USB disconnect, device number 26 [ 242.690315][ T5931] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 242.820295][ T5931] usb 1-1: device descriptor read/64, error -71 [ 242.840623][ T8629] netlink: 4 bytes leftover after parsing attributes in process `syz.1.831'. [ 243.060879][ T5931] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 243.250618][ T5931] usb 1-1: device descriptor read/64, error -71 [ 243.325471][ T8637] can: request_module (can-proto-3) failed. [ 243.362545][ T5931] usb usb1-port1: attempt power cycle [ 243.751000][ T5931] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 243.800531][ T5931] usb 1-1: device descriptor read/8, error -71 [ 244.040306][ T5931] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 244.061511][ T5931] usb 1-1: device descriptor read/8, error -71 [ 244.170557][ T5931] usb usb1-port1: unable to enumerate USB device [ 244.647754][ T8662] netlink: 'syz.3.841': attribute type 5 has an invalid length. [ 244.770836][ T5931] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 245.010764][ T5931] usb 3-1: Using ep0 maxpacket: 8 [ 245.490253][ T5931] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 245.505062][ T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 245.582440][ T5931] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 245.598322][ T5931] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 245.607844][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.707637][ T5931] usbtmc 3-1:16.0: bulk endpoints not found [ 245.763778][ T43] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 245.805878][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.830244][ T43] usb 4-1: config 0 has no interfaces? [ 245.857222][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.897159][ T43] usb 4-1: config 0 has no interfaces? [ 246.182497][ T8680] trusted_key: encrypted_key: hex blob is missing [ 246.197837][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.208490][ T43] usb 4-1: config 0 has no interfaces? [ 246.215424][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.226164][ T43] usb 4-1: config 0 has no interfaces? [ 246.233333][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.243905][ T43] usb 4-1: config 0 has no interfaces? [ 246.252426][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.267116][ T43] usb 4-1: config 0 has no interfaces? [ 246.274739][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.285189][ T43] usb 4-1: config 0 has no interfaces? [ 246.297094][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.307866][ T43] usb 4-1: config 0 has no interfaces? [ 246.318116][ T43] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 246.328762][ T43] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 246.337391][ T43] usb 4-1: Product: syz [ 246.341894][ T43] usb 4-1: Manufacturer: syz [ 246.358889][ T43] usb 4-1: SerialNumber: syz [ 246.373483][ T43] usb 4-1: config 0 descriptor?? [ 246.590732][ T43] usb 4-1: USB disconnect, device number 27 [ 246.832580][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 246.832596][ T30] audit: type=1326 audit(1763094477.360:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 246.941710][ T8687] trusted_key: encrypted_key: hex blob is missing [ 247.005393][ T30] audit: type=1326 audit(1763094477.390:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.083761][ T30] audit: type=1326 audit(1763094477.390:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.109019][ T30] audit: type=1326 audit(1763094477.390:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.217050][ T30] audit: type=1326 audit(1763094477.390:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.265985][ T30] audit: type=1326 audit(1763094477.390:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.288765][ T30] audit: type=1326 audit(1763094477.390:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.322532][ T30] audit: type=1326 audit(1763094477.390:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.345384][ T30] audit: type=1326 audit(1763094477.390:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.491308][ T30] audit: type=1326 audit(1763094477.390:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8683 comm="syz.1.847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf705d539 code=0x7ffc0000 [ 247.601133][ T5917] usb 3-1: USB disconnect, device number 21 [ 249.318295][ T43] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 249.561551][ T43] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 249.570440][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.582731][ T43] usb 2-1: config 0 has no interfaces? [ 249.589848][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.602259][ T43] usb 2-1: config 0 has no interfaces? [ 249.618622][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.633285][ T43] usb 2-1: config 0 has no interfaces? [ 249.647291][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.659197][ T43] usb 2-1: config 0 has no interfaces? [ 249.668113][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.678907][ T43] usb 2-1: config 0 has no interfaces? [ 249.694673][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.755421][ T43] usb 2-1: config 0 has no interfaces? [ 249.826636][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.856968][ T43] usb 2-1: config 0 has no interfaces? [ 249.914137][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.933476][ T43] usb 2-1: config 0 has no interfaces? [ 249.959731][ T43] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 250.027167][ T8734] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 250.045017][ T43] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 250.085693][ T43] usb 2-1: Product: syz [ 250.089892][ T43] usb 2-1: Manufacturer: syz [ 250.136253][ T43] usb 2-1: SerialNumber: syz [ 250.163063][ T43] usb 2-1: config 0 descriptor?? [ 250.306730][ T8738] trusted_key: encrypted_key: hex blob is missing [ 250.397841][ T5917] usb 2-1: USB disconnect, device number 19 [ 250.801540][ T5917] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 250.960480][ T5917] usb 4-1: Using ep0 maxpacket: 8 [ 250.974988][ T5917] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 251.001021][ T8750] --map-set only usable from mangle table [ 251.052954][ T5917] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 251.126025][ T5917] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 251.142702][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.164395][ T8752] netlink: 'syz.1.867': attribute type 5 has an invalid length. [ 251.169134][ T5917] usbtmc 4-1:16.0: bulk endpoints not found [ 251.382664][ T8758] netlink: 4 bytes leftover after parsing attributes in process `syz.2.869'. [ 251.409883][ T8760] netlink: 'syz.1.879': attribute type 5 has an invalid length. [ 251.820790][ T43] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 252.038579][ T43] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 252.769824][ T43] usb 2-1: config 0 has no interface number 0 [ 252.793788][ T43] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 252.804390][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.812846][ T43] usb 2-1: Product: syz [ 252.817083][ T43] usb 2-1: Manufacturer: syz [ 252.823003][ T43] usb 2-1: SerialNumber: syz [ 252.838609][ T43] usb 2-1: config 0 descriptor?? [ 253.518015][ T8788] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 253.571448][ T5913] usb 4-1: USB disconnect, device number 28 [ 253.992752][ T8796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.878'. [ 254.351521][ T43] usb 2-1: Firmware version (0.0) predates our first public release. [ 254.370772][ T43] usb 2-1: Please update to version 0.2 or newer [ 254.629409][ T8805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.882'. [ 254.697167][ T8805] netlink: 100 bytes leftover after parsing attributes in process `syz.2.882'. [ 254.706941][ T43] usb 2-1: USB disconnect, device number 20 [ 254.739230][ T8805] netlink: 100 bytes leftover after parsing attributes in process `syz.2.882'. [ 254.802143][ T8805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.882'. [ 255.125329][ T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 255.300853][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 255.383972][ T24] usb 3-1: config 8 has an invalid interface number: 203 but max is 0 [ 255.414463][ T24] usb 3-1: config 8 has no interface number 0 [ 255.760826][ T24] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 255.850592][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.857115][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.067115][ T24] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 256.212499][ T24] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 256.384849][ T24] usb 3-1: config 8 interface 203 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 256.422635][ T24] usb 3-1: config 8 interface 203 has no altsetting 0 [ 256.442143][ T24] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 256.452991][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.471173][ T24] usb 3-1: Product: syz [ 256.476385][ T24] usb 3-1: Manufacturer: syz [ 256.483355][ T24] usb 3-1: SerialNumber: syz [ 256.517440][ T8805] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 256.560506][ T8805] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 257.164257][ T8805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.882'. [ 257.186677][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 257.186693][ T30] audit: type=1326 audit(1763094487.710:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8829 comm="syz.1.886" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0 [ 257.240372][ T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 257.367075][ T8837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.887'. [ 257.410320][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 257.417265][ T43] usb 5-1: config 1 has an invalid descriptor of length 94, skipping remainder of the config [ 257.429589][ T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 257.441573][ T43] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 257.451147][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.459263][ T43] usb 5-1: Product: syz [ 257.463566][ T43] usb 5-1: Manufacturer: syz [ 257.468187][ T43] usb 5-1: SerialNumber: syz [ 257.631232][ T5913] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 257.693606][ T43] usb 5-1: 0:2 : does not exist [ 257.712880][ T43] usb 5-1: USB disconnect, device number 15 [ 257.791333][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 257.799043][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.809371][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 257.821852][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 257.833179][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 257.845821][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 257.862424][ T5913] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 257.871732][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 257.879832][ T5913] usb 1-1: Product: syz [ 257.884825][ T5913] usb 1-1: Manufacturer: syz [ 257.889454][ T5913] usb 1-1: SerialNumber: syz [ 257.897177][ T5913] usb 1-1: config 0 descriptor?? [ 257.902267][ T5917] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 258.060898][ T5917] usb 2-1: Using ep0 maxpacket: 8 [ 258.068378][ T5917] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 258.079213][ T5917] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 258.092143][ T5917] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 258.102372][ T5917] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 258.116602][ T5917] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 258.126688][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.162929][ T5917] usbtmc 2-1:16.0: bulk endpoints not found [ 258.325340][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 258.332376][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 258.362012][ T24] port100 3-1:8.203: NFC: Could not get supported command types [ 258.384846][ T24] usb 3-1: USB disconnect, device number 22 [ 258.419295][ T8843] loop2: detected capacity change from 0 to 7 [ 258.421286][ T5913] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 258.445590][ T5913] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 258.466596][ T5837] loop2: [ 258.469699][ T5837] loop2: partition table partially beyond EOD, truncated [ 258.497274][ T8843] loop2: [ 258.503275][ T8843] loop2: partition table partially beyond EOD, truncated [ 258.509481][ T8848] FAULT_INJECTION: forcing a failure. [ 258.509481][ T8848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.527602][ T8848] CPU: 0 UID: 0 PID: 8848 Comm: syz.4.893 Not tainted syzkaller #0 PREEMPT(full) [ 258.527625][ T8848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 258.527635][ T8848] Call Trace: [ 258.527642][ T8848] [ 258.527650][ T8848] dump_stack_lvl+0x189/0x250 [ 258.527677][ T8848] ? __pfx____ratelimit+0x10/0x10 [ 258.527699][ T8848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.527719][ T8848] ? __pfx__printk+0x10/0x10 [ 258.527759][ T8848] should_fail_ex+0x414/0x560 [ 258.527788][ T8848] _copy_from_user+0x2d/0xb0 [ 258.527810][ T8848] copy_from_sockptr_offset+0x66/0xa0 [ 258.527837][ T8848] do_ip6t_set_ctl+0x91a/0xce0 [ 258.527863][ T8848] ? rcu_is_watching+0x15/0xb0 [ 258.527886][ T8848] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 258.527914][ T8848] ? nf_setsockopt+0x221/0x290 [ 258.527936][ T8848] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 258.527958][ T8848] ? __lock_acquire+0xab9/0xd20 [ 258.527987][ T8848] ? __pfx_aa_sk_perm+0x10/0x10 [ 258.528014][ T8848] nf_setsockopt+0x26f/0x290 [ 258.528036][ T8848] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 258.528058][ T8848] do_sock_setsockopt+0x17c/0x1b0 [ 258.528081][ T8848] __ia32_sys_setsockopt+0x13f/0x1b0 [ 258.528103][ T8848] __do_fast_syscall_32+0xb6/0x2b0 [ 258.528127][ T8848] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.528152][ T8848] do_fast_syscall_32+0x34/0x80 [ 258.528175][ T8848] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 258.528195][ T8848] RIP: 0023:0xf7fc5539 [ 258.528210][ T8848] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 258.528223][ T8848] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 258.528241][ T8848] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029 [ 258.528253][ T8848] RDX: 0000000000000040 RSI: 0000000080000480 RDI: 00000000000003f8 [ 258.528263][ T8848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 258.528273][ T8848] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 258.528282][ T8848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 258.528309][ T8848] [ 258.741678][ C0] vkms_vblank_simulate: vblank timer overrun [ 259.918693][ T30] audit: type=1326 audit(1763094490.440:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8870 comm="syz.2.900" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x0 [ 260.155657][ T8876] netlink: 14 bytes leftover after parsing attributes in process `syz.4.901'. [ 260.315072][ T8876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.377127][ T8876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 260.420703][ T24] usb 1-1: USB disconnect, device number 16 [ 260.452649][ T8876] bond0 (unregistering): (slave netdevsim0): Releasing backup interface [ 260.547330][ T8876] bond0 (unregistering): Released all slaves [ 260.714225][ T24] usb 2-1: USB disconnect, device number 21 [ 261.210775][ T43] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 261.260932][ T24] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 261.330311][ T5913] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 261.400832][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 261.408170][ T43] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 261.417585][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.432328][ T43] usb 3-1: config 0 descriptor?? [ 261.437475][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 261.448725][ T24] usb 2-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00 [ 261.466310][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.480534][ T5913] usb 1-1: Using ep0 maxpacket: 32 [ 261.487181][ T24] usb 2-1: config 0 descriptor?? [ 261.490608][ T5917] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 261.493559][ T8891] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 261.514474][ T5913] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 261.527486][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.544145][ T5913] usb 1-1: config 0 descriptor?? [ 261.660807][ T5917] usb 5-1: device descriptor read/64, error -71 [ 261.772910][ T5913] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 261.789161][ T5913] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 261.814770][ T5913] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 261.832483][ T5913] usb 1-1: media controller created [ 261.867111][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 261.897671][ T43] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 261.901962][ T5917] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 261.920568][ T43] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 261.936921][ T24] kye 0003:0458:500F.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 261.960073][ T43] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 261.974619][ T43] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 261.982913][ T24] kye 0003:0458:500F.0007: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.1-1/input0 [ 261.994441][ T43] prodikeys 0003:041E:2801.0006: unknown main item tag 0x0 [ 262.002283][ T24] kye 0003:0458:500F.0007: tablet-enabling feature report not found [ 262.013136][ T24] kye 0003:0458:500F.0007: tablet enabling failed [ 262.020122][ T43] prodikeys 0003:041E:2801.0006: hidraw1: USB HID v1.01 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0 [ 262.041082][ T5917] usb 5-1: device descriptor read/64, error -71 [ 262.151411][ T5917] usb usb5-port1: attempt power cycle [ 262.269782][ T43] usb 3-1: USB disconnect, device number 23 [ 262.329114][ T5884] usb 2-1: USB disconnect, device number 22 [ 262.414418][ T8907] fido_id[8907]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 262.508823][ T5913] az6027: usb out operation failed. (-71) [ 262.522107][ T5913] stb0899_attach: Driver disabled by Kconfig [ 262.562611][ T5913] az6027: no front-end attached [ 262.562611][ T5913] [ 262.581422][ T5917] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 262.593130][ T5913] az6027: usb out operation failed. (-71) [ 262.608138][ T5913] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 262.652161][ T5917] usb 5-1: device descriptor read/8, error -71 [ 262.696063][ T5913] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 262.748220][ T5913] dvb-usb: schedule remote query interval to 400 msecs. [ 262.782202][ T5913] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 262.870378][ T5913] usb 1-1: USB disconnect, device number 17 [ 262.960378][ T5917] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 263.020800][ T5917] usb 5-1: device descriptor read/8, error -71 [ 263.063494][ T5913] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 263.074529][ T8914] capability: warning: `syz.1.913' uses 32-bit capabilities (legacy support in use) [ 263.160524][ T5917] usb usb5-port1: unable to enumerate USB device [ 263.591761][ T8921] netlink: 48 bytes leftover after parsing attributes in process `syz.0.914'. [ 263.640277][ T43] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 263.810825][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 263.818807][ T43] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 263.830010][ T43] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 263.842452][ T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 263.855101][ T43] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 263.868729][ T43] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 263.880146][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.895999][ T43] usbtmc 2-1:16.0: bulk endpoints not found [ 265.335279][ T8946] trusted_key: encrypted_key: hex blob is missing [ 266.071918][ T43] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 266.276088][ T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 266.293095][ T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.320775][ T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 266.341671][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.382130][ T24] usb 2-1: USB disconnect, device number 23 [ 266.497059][ T8959] netlink: 'syz.1.926': attribute type 1 has an invalid length. [ 266.614084][ T43] usb 3-1: GET_CAPABILITIES returned 0 [ 266.619621][ T43] usbtmc 3-1:16.0: can't read capabilities [ 266.830520][ T8967] binder: BINDER_SET_CONTEXT_MGR already set [ 266.837199][ T8967] binder: 8966:8967 ioctl 4018620d 80004a80 returned -16 [ 267.409570][ T30] audit: type=1326 audit(1763094497.930:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8978 comm="syz.4.931" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x0 [ 268.852830][ T5913] usb 3-1: USB disconnect, device number 24 [ 268.910449][ T24] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 269.326525][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 269.561574][ T24] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 269.571910][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 269.588571][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 269.599675][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 269.613748][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 269.623693][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.630501][ T5913] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 269.667434][ T24] usbtmc 2-1:16.0: bulk endpoints not found [ 269.854603][ T5913] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 269.869687][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 269.881608][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 269.934032][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 269.973926][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 269.983757][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 269.997034][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.009945][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.019594][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.032667][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.043525][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.056048][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.067047][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.075858][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.089004][ T9024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.943'. [ 270.516119][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.527335][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.550057][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.565128][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.577531][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.586102][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.610085][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.631379][ T30] audit: type=1326 audit(1763094501.140:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9030 comm="syz.3.945" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x0 [ 270.654958][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.671710][ T5913] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.681102][ T5913] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.708455][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0 [ 270.732572][ T5913] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 270.807609][ T5913] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 270.835973][ T5913] usb 3-1: Product: syz [ 270.846891][ T5913] usb 3-1: Manufacturer: syz [ 270.853566][ T5913] usb 3-1: SerialNumber: syz [ 270.867149][ T5913] usb 3-1: config 0 descriptor?? [ 270.887734][ T5913] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 271.169622][ C0] usb 3-1: yurex_control_callback - control failed: -71 [ 271.170114][ T24] usb 3-1: USB disconnect, device number 25 [ 271.224653][ T24] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 271.581045][ T24] usb 2-1: USB disconnect, device number 24 [ 272.171431][ T9058] netlink: 236 bytes leftover after parsing attributes in process `syz.1.950'. [ 272.743607][ T9065] binder: BINDER_SET_CONTEXT_MGR already set [ 272.749723][ T9065] binder: 9064:9065 ioctl 4018620d 80004a80 returned -16 [ 273.143177][ T9070] netlink: 36 bytes leftover after parsing attributes in process `syz.0.954'. [ 273.905185][ T30] audit: type=1326 audit(1763094504.430:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9088 comm="syz.3.960" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f45539 code=0x0 [ 273.944796][ T9087] netlink: 40 bytes leftover after parsing attributes in process `syz.4.959'. [ 274.310075][ T9098] trusted_key: encrypted_key: hex blob is missing [ 274.593738][ T9100] binder: 9099:9100 ioctl c0306201 0 returned -14 [ 276.610910][ T9128] usb usb8: usbfs: process 9128 (syz.0.970) did not claim interface 0 before use [ 276.712730][ T9133] netlink: 4 bytes leftover after parsing attributes in process `syz.4.972'. [ 276.741835][ T9133] netlink: 4 bytes leftover after parsing attributes in process `syz.4.972'. [ 276.760947][ T9133] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 277.019042][ T30] audit: type=1326 audit(1763094507.540:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9136 comm="syz.1.974" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0 [ 277.041254][ T5917] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 277.210930][ T5917] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 277.219032][ T5917] usb 5-1: config 0 has no interface number 0 [ 277.238944][ T5917] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 277.270518][ T5917] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 277.272442][ T5917] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 277.272469][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 277.272488][ T5917] usb 5-1: Product: syz [ 277.272502][ T5917] usb 5-1: SerialNumber: syz [ 277.275499][ T5917] usb 5-1: config 0 descriptor?? [ 277.303986][ T5917] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input15 [ 277.348661][ T5917] list_add double add: new=ffff88807bbeb618, prev=ffff88807bbeb618, next=ffff88807e1b3078. [ 277.349119][ T5917] ------------[ cut here ]------------ [ 277.349128][ T5917] kernel BUG at lib/list_debug.c:37! [ 277.349165][ T5917] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 277.349186][ T5917] CPU: 0 UID: 0 PID: 5917 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) [ 277.349217][ T5917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 277.349231][ T5917] Workqueue: usb_hub_wq hub_event [ 277.349251][ T5917] RIP: 0010:__list_add_valid_or_report+0xa5/0x130 [ 277.349273][ T5917] Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 82 78 b6 06 cc 48 c7 c7 20 0a bf 8b 4c 89 fe 4c 89 f2 48 89 d9 e8 3c c5 94 fc 90 <0f> 0b 48 c7 c7 20 08 bf 8b e8 2d c5 94 fc 90 0f 0b 48 c7 c7 c0 08 [ 277.349286][ T5917] RSP: 0018:ffffc900045dea40 EFLAGS: 00010046 [ 277.349299][ T5917] RAX: 0000000000000058 RBX: ffff88807e1b3078 RCX: 61df6075ca2f8500 [ 277.349310][ T5917] RDX: ffffc9001a074000 RSI: 000000000006e02d RDI: 000000000006e02e [ 277.349320][ T5917] RBP: 1ffff1100fc36610 R08: ffff8880b8824293 R09: 1ffff11017104852 [ 277.349332][ T5917] R10: dffffc0000000000 R11: ffffed1017104853 R12: 1ffff1100f77d6c3 [ 277.349343][ T5917] R13: dffffc0000000000 R14: ffff88807bbeb618 R15: ffff88807bbeb618 [ 277.349354][ T5917] FS: 0000000000000000(0000) GS:ffff88812613b000(0000) knlGS:0000000000000000 [ 277.349366][ T5917] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 277.349377][ T5917] CR2: 00000000f51caa2c CR3: 000000007d230000 CR4: 00000000003526f0 [ 277.349390][ T5917] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 277.349400][ T5917] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 277.349410][ T5917] Call Trace: [ 277.349416][ T5917] [ 277.349424][ T5917] usb_hcd_link_urb_to_ep+0x1d2/0x330 [ 277.349440][ T5917] dummy_urb_enqueue+0x2a1/0x780 [ 277.349451][ T5917] ? __pfx___mutex_lock+0x10/0x10 [ 277.349466][ T5917] usb_hcd_submit_urb+0x325/0x1aa0 [ 277.349478][ T5917] cm109_input_open+0x1fe/0x4b0 [ 277.349493][ T5917] input_open_device+0x1d3/0x390 [ 277.349503][ T5917] kbd_connect+0xed/0x140 [ 277.349517][ T5917] input_register_device+0xd00/0x1140 [ 277.349529][ T5917] cm109_usb_probe+0x118c/0x1690 [ 277.349544][ T5917] usb_probe_interface+0x668/0xc30 [ 277.349557][ T5917] ? __pfx_usb_probe_interface+0x10/0x10 [ 277.349567][ T5917] really_probe+0x26d/0x9e0 [ 277.349579][ T5917] __driver_probe_device+0x18c/0x2f0 [ 277.349591][ T5917] driver_probe_device+0x4f/0x430 [ 277.349606][ T5917] __device_attach_driver+0x2ce/0x530 [ 277.349618][ T5917] bus_for_each_drv+0x251/0x2e0 [ 277.349627][ T5917] ? __pfx___device_attach_driver+0x10/0x10 [ 277.349638][ T5917] ? __pfx_bus_for_each_drv+0x10/0x10 [ 277.349649][ T5917] __device_attach+0x2b8/0x400 [ 277.349660][ T5917] ? __pfx___device_attach+0x10/0x10 [ 277.349670][ T5917] ? do_raw_spin_unlock+0x122/0x240 [ 277.349684][ T5917] bus_probe_device+0x185/0x260 [ 277.349693][ T5917] device_add+0x7b6/0xb50 [ 277.349704][ T5917] usb_set_configuration+0x1a87/0x20e0 [ 277.349718][ T5917] usb_generic_driver_probe+0x8d/0x150 [ 277.349728][ T5917] usb_probe_device+0x1c4/0x390 [ 277.349738][ T5917] ? __pfx_usb_probe_device+0x10/0x10 [ 277.349747][ T5917] really_probe+0x26d/0x9e0 [ 277.349759][ T5917] __driver_probe_device+0x18c/0x2f0 [ 277.349770][ T5917] driver_probe_device+0x4f/0x430 [ 277.349782][ T5917] __device_attach_driver+0x2ce/0x530 [ 277.349794][ T5917] bus_for_each_drv+0x251/0x2e0 [ 277.349802][ T5917] ? __pfx___device_attach_driver+0x10/0x10 [ 277.349814][ T5917] ? __pfx_bus_for_each_drv+0x10/0x10 [ 277.349824][ T5917] __device_attach+0x2b8/0x400 [ 277.349835][ T5917] ? __pfx___device_attach+0x10/0x10 [ 277.349853][ T5917] ? do_raw_spin_unlock+0x122/0x240 [ 277.349867][ T5917] bus_probe_device+0x185/0x260 [ 277.349877][ T5917] device_add+0x7b6/0xb50 [ 277.349888][ T5917] usb_new_device+0xa39/0x16f0 [ 277.349903][ T5917] ? __pfx_usb_new_device+0x10/0x10 [ 277.349916][ T5917] ? _raw_spin_unlock_irq+0x23/0x50 [ 277.349928][ T5917] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.349940][ T5917] hub_event+0x2958/0x4a20 [ 277.349957][ T5917] ? __pfx_hub_event+0x10/0x10 [ 277.349965][ T5917] ? process_scheduled_works+0x9ef/0x17b0 [ 277.349977][ T5917] ? _raw_spin_unlock_irq+0x23/0x50 [ 277.349987][ T5917] ? process_scheduled_works+0x9ef/0x17b0 [ 277.349997][ T5917] ? process_scheduled_works+0x9ef/0x17b0 [ 277.350006][ T5917] process_scheduled_works+0xae1/0x17b0 [ 277.350021][ T5917] ? __pfx_process_scheduled_works+0x10/0x10 [ 277.350033][ T5917] worker_thread+0x8a0/0xda0 [ 277.350044][ T5917] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 277.350057][ T5917] ? __kthread_parkme+0x7b/0x200 [ 277.350069][ T5917] kthread+0x711/0x8a0 [ 277.350080][ T5917] ? __pfx_worker_thread+0x10/0x10 [ 277.350090][ T5917] ? __pfx_kthread+0x10/0x10 [ 277.350101][ T5917] ? _raw_spin_unlock_irq+0x23/0x50 [ 277.350112][ T5917] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.350123][ T5917] ? __pfx_kthread+0x10/0x10 [ 277.350134][ T5917] ret_from_fork+0x4bc/0x870 [ 277.350145][ T5917] ? __pfx_ret_from_fork+0x10/0x10 [ 277.350155][ T5917] ? __switch_to_asm+0x39/0x70 [ 277.350163][ T5917] ? __switch_to_asm+0x33/0x70 [ 277.350174][ T5917] ? __pfx_kthread+0x10/0x10 [ 277.350192][ T5917] ret_from_fork_asm+0x1a/0x30 [ 277.350203][ T5917] [ 277.350207][ T5917] Modules linked in: [ 277.350221][ T5917] ---[ end trace 0000000000000000 ]--- [ 277.350226][ T5917] RIP: 0010:__list_add_valid_or_report+0xa5/0x130 [ 277.350241][ T5917] Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 82 78 b6 06 cc 48 c7 c7 20 0a bf 8b 4c 89 fe 4c 89 f2 48 89 d9 e8 3c c5 94 fc 90 <0f> 0b 48 c7 c7 20 08 bf 8b e8 2d c5 94 fc 90 0f 0b 48 c7 c7 c0 08 [ 277.350249][ T5917] RSP: 0018:ffffc900045dea40 EFLAGS: 00010046 [ 277.350258][ T5917] RAX: 0000000000000058 RBX: ffff88807e1b3078 RCX: 61df6075ca2f8500 [ 277.350265][ T5917] RDX: ffffc9001a074000 RSI: 000000000006e02d RDI: 000000000006e02e [ 277.350272][ T5917] RBP: 1ffff1100fc36610 R08: ffff8880b8824293 R09: 1ffff11017104852 [ 277.350280][ T5917] R10: dffffc0000000000 R11: ffffed1017104853 R12: 1ffff1100f77d6c3 [ 277.350287][ T5917] R13: dffffc0000000000 R14: ffff88807bbeb618 R15: ffff88807bbeb618 [ 277.350296][ T5917] FS: 0000000000000000(0000) GS:ffff88812613b000(0000) knlGS:0000000000000000 [ 277.350303][ T5917] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 277.350311][ T5917] CR2: 00000000f51caa2c CR3: 000000007d230000 CR4: 00000000003526f0 [ 277.350319][ T5917] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 277.350326][ T5917] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 277.350334][ T5917] Kernel panic - not syncing: Fatal exception [ 278.448231][ T5917] Shutting down cpus with NMI [ 278.448599][ T5917] Kernel Offset: disabled