last executing test programs: 10.329149282s ago: executing program 1 (id=3320): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff0924031300010005024524", @ANYRES8=r2, @ANYBLOB="05"], 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x13f, 0x4}}, 0x20) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') r4 = getpgid(0x0) syz_open_procfs(r4, &(0x7f0000000100)='net/ip6_mr_vif\x00') r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000002780)) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r6 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x1ce) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}}) socket$packet(0x11, 0x2, 0x300) 8.648809087s ago: executing program 4 (id=3325): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_open_dev$video4linux(&(0x7f00000000c0), 0xf, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001100), 0x2, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x3) r3 = dup(r2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r6 = syz_open_dev$dri(0x0, 0x1, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780d206050086dd6018232500182c00fe8000000000000000000000000000bbfe8000"/50], 0x0) syz_emit_ethernet(0x56, &(0x7f00000001c0)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x20, 0x2c, 0x0, @remote, @local, {[@routing={0x2b, 0x0, 0x2, 0x1}], "b9365394fc379af00659ab39e65121dd3e8c7219b1f783b2"}}}}}, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) close(r7) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r6, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x3a9e9908}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x6, 0x2, 0x2, 0x0, 0xc6}) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r8, &(0x7f0000000780)=ANY=[@ANYBLOB="c20200007d00000005fa0000006a0000004000000000000000000000000000000010000000020000000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000000000000000000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8106b494e11200fbe161e900000000000000000000f313f6005e00f8f67efb716dcf315ecaf385409ac65b9408679d2c3b9e1d52c3d6da9bf1995688dace6cde7ba4a400b4b0b4dbe64f64b1d63f26796dcbec498623d6a838c69a69dfce9cdd5906f174a666a8529a45773407dbdab2885baf050000000000b3016f6465762d6eb17b2300f9daa1ee23266ecf85fea65eb2d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae89480687bd7f3d", @ANYRES32=0x0, @ANYRES64=r6, @ANYRES32=0x0], 0x2c2) write$UHID_INPUT(r3, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d300987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46064d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) socket(0x11, 0xa, 0x0) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x2c, 0x3e, 0x107, 0x0, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x2c}}, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000100)='timers\x00') readahead(r10, 0x8, 0x9) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x36}, './file0\x00'}) 7.031625603s ago: executing program 1 (id=3328): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) socket$nl_netfilter(0x10, 0x3, 0xc) lsm_set_self_attr(0x65, 0x0, 0x20, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000240)=0x1e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0) syz_open_dev$usbfs(0x0, 0x76, 0x101301) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea}) r4 = epoll_create1(0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000180)={0xc0002000}) socket$inet(0x2, 0x4000000000000001, 0x0) syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2) close_range(r2, 0xffffffffffffffff, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000df000000bfa300000000000007030000f0ffffff720af0fff8ffffff71a4f0ff000000705d040200000000001d400500000000004704000001ed000062030000000000003f440000000000007a0a00fe00ffffffd704000020000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a0000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 5.101687355s ago: executing program 4 (id=3333): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x3, "5f68dd"}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000cc0)={0x84, &(0x7f0000000a00)=ANY=[@ANYBLOB="00110d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x5}, &(0x7f0000000100)=0x8) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x3, 0xe8, 0x401, 0x3, 0x7, 0x4, 0x8000000000000001, 0x80000001, 0x0, 0x200, 0x4, 0x6, 0x9, 0x10000000003a, 0x9, 0x8], 0x0, 0x2a80}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.065109687s ago: executing program 1 (id=3334): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000001200)={0x18, 0xef9, 0x1}) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)="2e0000002e008f866b29924a6f130000005a14060800000000000480a81802dd0000000000000000", 0x28}, {&(0x7f0000000080)="06000000b667", 0x6}, {&(0x7f0000000280)="881b0163a169907172077a74457325091a04ae437d00d9fe49eaa80edaf426f18bfe281fc67cba9c50a322b686cfbeb49cb2eb39f9485c1e5e7c5816cfd520ed8e5ca4ecba47fd26a3c29b005df805aeea3931d6183b7b669d6d1c92a67e3862d2f5", 0x62}, {&(0x7f0000000200)="c51a5426b28752f9ee5a6288ff69f40803253898987bb50d839e3b947cf6f1f5ea78d0b44050665344201663b74ca2698044b552c6a51708d3579c93f90e21515ec2b47cb6c270aa63cc42e23822134064e6addfd8122d150259454e24d2336c2a9b4e6974623e6b6acac102b1f41d35c7090cf7ae724f2f72f005c2e5", 0x7d}], 0x4}, 0x20048081) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x1000f0000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f00000003c0)={0x1, 0x9, 0x2, &(0x7f0000000380)={0x1d, "a0acac257e64e799062c9e0aae58c4cf014534673bcd0f4ae614e1539402bb225c"}}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00') r6 = open_tree(r5, &(0x7f00000000c0)='./file0\x00', 0x8901) statx(r5, &(0x7f0000000180)='./file0\x00', 0x100, 0x4, &(0x7f0000000300)) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r6, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_usb_connect(0x0, 0x1152, &(0x7f0000001240)={{0x12, 0x1, 0x110, 0x12, 0x60, 0xf, 0x20, 0x413c, 0x81bb, 0xb56f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1140, 0x4, 0x4, 0x6a, 0x180, 0x4, [{{0x9, 0x4, 0x37, 0x6, 0xd, 0x2, 0xd, 0x0, 0x6, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, '\v%'}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1000, 0x1, 0x1}, [@mbim={0xc, 0x24, 0x1b, 0x8, 0x0, 0x7, 0x0, 0x6, 0x9}]}, @generic={0x38, 0x30, "89e20def12bff3079f49f107b6f53e603a17357c66ec727d5eba72c5d641b9d5e63dca884f862644f0f01579331eb69e99c007426f54"}], [{{0x9, 0x5, 0x5, 0x4, 0x3ff, 0x0, 0x46, 0x33}}, {{0x9, 0x5, 0xf, 0x1, 0x200, 0x39, 0xf, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x2}]}}, {{0x9, 0x5, 0x3, 0x0, 0x40, 0x5, 0xf0, 0x2}}, {{0x9, 0x5, 0x6, 0xefeecd2b1c807d8b, 0x40, 0x2, 0xf8, 0xfd, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x4c, 0x50, 0x4}}, {{0x9, 0x5, 0x7, 0x2, 0x8, 0x6, 0x8, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x40, 0x9, 0x9fe}]}}, {{0x9, 0x5, 0x1, 0x10, 0x200, 0xcd, 0x80, 0x29}}, {{0x9, 0x5, 0xb, 0xc, 0x448, 0x80, 0x2, 0x5, [@generic={0xa7, 0x4, "2083001220ba84e4f9f4d4d5591f81b4657f1af9874ebd9c0bdccf968c81b48ee890e63ef834f5dbdf41b6e1483a138be473f0664afcf2ecfef4ee4a8b93b322f179d59d2f8b24ed3d08572d2de21c99fbeecdbd3e9bfae4febd3ed423dd0e7e96f41450c2b825f5192415baea4ff1ee1030a1f082ded2e9bfc6692870a47fc66ca04664f304d52dc3e46b753ed3f2b64c4ead10d92fd98dbc19f6aeacb4e1c209d6ff9f2e"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0xcf7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x6c, 0x10, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x5}]}}, {{0x9, 0x5, 0x5, 0x10, 0x20, 0x10, 0xf, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x7, 0x3ff}, @generic={0x9b, 0x11, "61f38753426211d7d1e3b428a23a2b794a8027f7bb918d43a5f271a45b631f84ed0d4f92b8615f1fca9cf0427bf8eee69957bde2ccf1bf8a0df69ac31bd0388b9be5d6b5e974d957acbcbd59a90285b710edaf97b9cb615bcee35ba82800d5cf331b9557b88fb49859287d5d6f5a05479d7e9de9cc834352c8ea305ed0c1ca94dd58e6d8797e588573f36b1c6fdc90fa71f708234382696ba7"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0xf8, 0x2, 0x29, [@generic={0xe5, 0x11, "674999335ae731e77909a71c6d59c5e4014dc99be3e29eda65598bd5e428504a6265b651afa18aaa09e45c8b1b4f65793f68fdf12d2741d36324b93f2f0c01452e359c299ac60f17e211a3befa56f782f71c5e89cf4d90657465608d7f58daf610face759cdb158d55c5acf5895558f459472cd0461de0791952eaaddf87d5bd7c26d97171b481a6c8052b909efa12ee6ce420e941cee7cabef6b8b045a8f774019b8162baab4437f9fe6e7f9666082dfd60fdb2f0b37e825597c477416d18441cc05bac68627757a28ba25554e9e5df4ec8a7d7c68aaffa75f5d13d062fa2f923e29c"}, @generic={0x9c, 0xc, "d49665ba94f08d70d7867e08a155ee08a7daba201d0b976df3af50ec0023beba0ac47fe12e8341e63c644a654f84eecf997cbce3fa992d8e07cf63583270bd1dd4d50150a519ff2639c352c50b4c126623f3fb740af1596bd8365d87b8a06335fa6e2415f6b4f9ff2e96f61949967142df52e7ec4802f9552846bd1d95f9cacec4a5a197c946ceee0cb45674ccad1e84013a7592bc1daa1cd190"}]}}, {{0x9, 0x5, 0xb, 0x10, 0x400, 0x9, 0x8, 0x9}}, {{0x9, 0x5, 0x80, 0x0, 0x8, 0xf4, 0x8, 0x4}}]}}, {{0x9, 0x4, 0xfb, 0x8, 0xa, 0x52, 0xc6, 0x13, 0x7f, [@uac_as={[@format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x8, 0x4, 0x1, 0xd, "408be6", 'yU'}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x2, 0x0, 0x3, "663a1661c9d34b77"}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x8, 0x4, 0x21, 0xd2, "b754f2a150"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x3, 0xa, "2a19585f"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x687, 0x5649, 0x4}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x5, 0x2, 0x1, 0xc, "2ffc"}]}], [{{0x9, 0x5, 0xe, 0x8, 0x8, 0x4, 0x2, 0xfc, [@generic={0xff, 0x9, "afddb81a1e0e009eb3c567313cc39f2f1708d544afd6602c1f3baa443d671d39d3f4c9ec9a09f3b9c745eed0d7754b14dd1fceb48a7accecb8397be164e60ebf5f336aa0526fe494233700e84e68353301978205ef00a9d975dd98334eac38d5dce5bd6cf88d4a8de51a241f7df755e99cee4b44408eaa7074b06e61872e40e1e969b744ce142d116e1807da368e2a3a82ade79e9bfb43bd2565926c2db1d556d6fb59edc8ecc2391e4a3764f631f8f603db3804d50ed47a582f4650be268a91a37b18628022d60b6c1c11641b25d3659c631708400c5975b33d9b04f95536e3f0734a4d90172e9c9bc5abe02b90f3d2a67f8ab2c59830baed00c46f07"}]}}, {{0x9, 0x5, 0xc, 0x10, 0x20, 0x40, 0x0, 0xa1, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x1}, @generic={0x40, 0x8, "45f835e7c02ea68f56522dca491424e117c0d4e2697a1bac5dd69d485b1206ec181271cacf054479f411e0a4287bef81ac6f92ca8d8f60d3d38041614b25"}]}}, {{0x9, 0x5, 0x7, 0x4, 0x40, 0x3, 0x5, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x6fa}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x6f}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0xff, 0x7, 0x5, [@generic={0x89, 0x5, "6cf75e9d6b632c7767cc04732fdddd02c8ae299b884d2e68f07b58b6f3246ee47242e20a8796dd7d7b717ed2bb7d04bd34d7490ac4c6a8ea2ac50634f79873deea1e74a85d4f6136849fbf9b2b45beaa1fc87d92870a868c0bd4283a90831de48aa2317f8932967c44ffd28de9b40e5bfd1de5562a4eb4048a18a1fc8a763d9f54a4f839cb200b"}]}}, {{0x9, 0x5, 0x8, 0x2, 0x20, 0x8, 0x1c, 0xdb}}, {{0x9, 0x5, 0x5, 0x2, 0x8, 0xaf, 0x2, 0xff}}, {{0x9, 0x5, 0x2, 0x8, 0x200, 0xd, 0x3, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x197b}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x9, 0x2}]}}, {{0x9, 0x5, 0x4, 0x3, 0x10, 0x5, 0x7, 0x9, [@generic={0x93, 0x21, "3b2a48c67ac5222747cac1363222465bb498b14fbbd8c066906e8ffa53fd362f3e14e102b9f1dcd49a9ebaa76fede571afadd85d49b0093cf82eacffedd25259bb8c8f3f0419acd7eacad1a7444cd99ccb23091869c6ab7c06f9fab84fc9251b76df8705964807d39565596a619cc1039269744bf305733495fecd66ba3b90025bd1008d4921f4f8fed2f7b7f621b6d6a1"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x9}]}}, {{0x9, 0x5, 0xf, 0x8, 0x8, 0xd, 0x0, 0x40, [@generic={0x77, 0xe, "81ac537abc873b3b74752e4100ee3b25310fac5776ae2e08ab00d2dc32d24d4dbd478e1d6913af738118362b80ef43bcaac064930a4c54ec4e67e65f85f1ff359ce6c514b08d15ec1a7e7ad32c0e4e57934a61208f10ed263becddf73a946e83da133207c30a9d423e0b3d8b1a135e6311545622f0"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0xc, 0x2, 0x9, [@generic={0x6a, 0x1c, "8e5fa13982a4f220dee71d0ca5cb7d3809b1dafda0f4a4ef9e5d59eee5e47470a8fc89ea98b48097f475f5d75b28a246b82b929826c0246dd34aff0ab83daf08c837d2e130c88385d8d0ac5e83b5fc031810b3b414c70c8b4e347edbe86753cecee4bbdc04dfd8c2"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x63, 0x8000}]}}]}}, {{0x9, 0x4, 0xe0, 0x7, 0x8, 0xd2, 0x89, 0x52, 0x3, [], [{{0x9, 0x5, 0x8, 0x0, 0x400, 0x3, 0xc0, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xa3, 0x8001}, @generic={0xf, 0x1, "69d9eab38b815fb6dd9e6df026"}]}}, {{0x9, 0x5, 0x8, 0x8, 0x20, 0x9, 0xa4, 0xc0, [@generic={0x2c, 0x4, "f3fe904b5a72ce302fe48d1c63177e0e4122d41f4db1254ae8f0e540e4b2d204a10044829e2d913c43cc"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x10, 0xf9, 0x0, 0x9}}, {{0x9, 0x5, 0xa, 0x0, 0x200, 0x70, 0xf2, 0x8}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0x5, 0xa, 0x2, [@generic={0xa6, 0x23, "9e47095ab191d27fefeaad22a57e03925340f612c8730316476b697bbdbbad020b1ed5bbb1aaef80a757f871610c20c1ff7fe022c612441459fc699e76d179a031ecccc9b9eb6bfa4c9199198e6cf8ba743cf224916e0a9db6d7f36f919ddc53bbb235a2357f2f78472da70c81deb9f17c7ae2289ebd72a3d789ab93c39d159b8dc5e3bcdee50d6f03a60c6bc9da961959fccf0838e1d2d84ade9e62fec906795ad79cbe"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0x28, 0x8, 0xf9}}, {{0x9, 0x5, 0x80, 0x4, 0x10, 0x80, 0x9, 0x9, [@generic={0x31, 0x6, "392424713ff10e6019697597a008e30f8a9b388eb35dcf39d6c7b4b4b25e84bb70493dff5b1d9efb4cdbeb3dcc7a8e"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x40, 0x2, 0xfa, 0x3}}]}}, {{0x9, 0x4, 0xbe, 0x53, 0xe, 0x8, 0x6, 0x0, 0x6, [@hid_hid={0x9, 0x21, 0x9642, 0x4, 0x1, {0x22, 0xb6c}}, @cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "6c4a040870"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x3ff, 0x6, 0x67}, {0x6, 0x24, 0x1a, 0x8}, [@mdlm_detail={0xf, 0x24, 0x13, 0xa, "7d0d406296474f1e74526b"}, @mdlm_detail={0xfe, 0x24, 0x13, 0x6, "a02e0263bfc31e56535035de5d155d3795280c4bc2ad12bbce10b040fffc880f826b99bcf42eafa6419987f16a404efff15412ea2059d9021980e5d4771686ba59b46e20a2a26864a7d4da965d7b0496135d10fc3887b5f21b1ecdd752b5ae82be98e730acb98ff2910c4024b216a822ac2747bde7e9c0d768e0063de919712e4334aab0261514e47d815c2a53e1131e4d30f13637472e67df611a4c60af8e898ec41d415f75941bb2d6fc6488bd397bbc9ffaa4680e041eb4a4c33e6645eefa760106f614538278acdb7a4077c950196caa87735b9ccb799021d958e2c90f225f93233c794c044fc094734a0b4eef256d44ffe76fd26c5ed5b9"}]}], [{{0x9, 0x5, 0x7, 0x10, 0x8, 0x7, 0xfd, 0xda}}, {{0x9, 0x5, 0xf, 0x10, 0x8, 0x6, 0x10, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0xc}]}}, {{0x9, 0x5, 0xc, 0x10, 0x8, 0xe0, 0xa6, 0x8, [@generic={0xa0, 0x3, "f504b070e2e54e93758d988000bfce0a489b149fc62db2e302058aee66b6a7e7886207b218863ebda0a19deaa72d92d9007d772a3d7234f23b1a09b49367af581a6c88d925ee013dc1628cf6c3dcf234e1ce10a9ae195f9dea6cce9ff29b6b06284bd1a63e24c7a18ec4439ab6b015a181785723491de77b59bf159fdbd697cf26e496c8cf9fcef93ed7b7587f611cfb5da18b06a215167f6b9c275c50f8"}, @generic={0xb6, 0x23, "41e434f8c4b9359d06cf18824210ba8f3777e6430d22e3b31d402c239a215433e877a3812c91d904109bd719830c6cfd6c84fd415dc127864ec85852f388a1bd13c3cbdeefcb055ce9c3884f2e6260aef1ac9fc94cfa5168f58316a2e5ec4945a963e7c5860a48d53e0dd7f71d3055b65c651930e64def21617172ad42e87a5c8a2de89818e7fe63ee2e9d7b7d257ff0d9f46b226035d1d8d94b68f20f846b61254a9a5dc630fc514e9818f2d469df62d71aaff0"}]}}, {{0x9, 0x5, 0xe, 0x11, 0x10, 0x6, 0x80, 0x2, [@generic={0x79, 0xe, "b4d47cb59a803ea5d344993b8b0d0513e8384eb95f76756f7dd64e6681e28ce0cf8509d1e4c35380511942795028930bf3565758dd711653d46743d683049a85660cb15122cb22f0ad8af854c21f9ad3f0196005f99af461fdf64ea14885fdbfa651218d5c22a482c869cdd847e23927b01c851692eefb"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x2, 0x8000}]}}, {{0x9, 0x5, 0xe, 0x8, 0x200, 0xfc, 0x0, 0xe, [@generic={0x9c, 0xe, "bdfada0c37273ed4f0bbb462c38efaebdf5193b14eb04f449dc862b74e2ef54da74770a6806f7e4ba25c6611c0b7bc6f463bf61fb538105b153c4343baff472519cc02f93449d10f08adc668a154a0e1bfbe88101c49d858115b1dbe298c4bc776752f129651aa573d8d7ffc80e080764c9e24fc6c4fc97ccb23c0819e17c921cf37f10d09f21397cb2b8b8df46a80f3457cab8d28b99a48d543"}, @generic={0xb9, 0x24, "72e0661695520388fdf1b65e05695ccdad718541a8453420e09d8889c66d1f75d6bbb498bd14ea65e168c129b74d7be3f2c80362e44389c7cac4f82bba7e6d597431400e0b3207af9f231203cdf618806e7d902bbeb3af0432bbe0b2ea961177579686f7d763d1bc528c9a08dba65c09f52c752caa5476d5a8fda76df2e2b1655cdb868dbd263cbaf9b86dab930f7d8d9560c8e1e0f1f9e545e06d4ae4a5085e22f483a366aed69362c23394f3b2487902d4d10d953902"}]}}, {{0x9, 0x5, 0x5, 0x8, 0x200, 0x38, 0x35, 0x6, [@generic={0x7e, 0x24, "069db5253f03fe0df657810b238ef93a213ea905187c4934f65aaa3b990f35c7c231450d665e6d8d6e7fded5f9a40112f961d156dc85122851ee7ed4423ed4ee659e9134d9c1fa5e779a30c51c94bac477ceb32dcbec917b2e3c646c5caf1d592d351493265392ce811b8de493ffab97cd5f6dcb346f08295650e7a9"}]}}, {{0x9, 0x5, 0xa, 0x8, 0x8, 0x4, 0x5, 0x7}}, {{0x9, 0x5, 0x6, 0x2, 0x200, 0x3, 0x6, 0x90, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x4}]}}, {{0x9, 0x5, 0x8, 0x14, 0x400, 0x3, 0xff, 0x0, [@generic={0xcd, 0xb, "e5fc4f849ae03b925c686c742652ed369a183b503911815249a8c53d1b73f3d62885f7fa5efbfedc7acef350d24d8fe5bf6fc9ab2da86b20c01a76410cf7230134c3a0a74e6f5e54b98a7312620be1fe558d1d1ff838488e3d64f1b684d7a54062b7bd07bb30cfec50f59905ba5dcd2e6f28d621490f1efd6caa530aaec5846186739026470746ae781f40f5ab930b4979e1a6fd1a65036487fa118952428242964a6115e7b06e834fbc94680a5d9db5d01c9dc7ac9317fc01c579393be167561482985916e295ce5d9b36"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x400, 0x8, 0x7, 0x9, [@generic={0xe8, 0xd, "b3a763e3e9aebecbf1d8eb39b4660abec027cbdcd7888a991ff7dee29564082b203765c68f68a9f654e471ac9d136da574059222c811ed8189102b9d2a2d29c19d18b954e2d534b871d70a558ea84ea9121a7836ad1192907cf4524cc02b245c8085379011c8874ae5fd638374a1035cd7887886305f8af0228a97ae18b1f6cadf2118b7ca4bc7c32b9bfc9655001e08c3ff7fa4b4db05a20a73afc57fa41b4a84836785df87df6ccd43d858412edf81981e4c72df3c7f0d6ed412789e79540d1ea1a9e9ca7c9e84f0479e9db954902716a79893d8a70716d75e3dd8e941c0f25842a5d544f4"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x0, 0x3, 0x2, 0x0, [@generic={0x9, 0x10, "dd1f89f97d6141"}, @generic={0x9b, 0x21, "8442f99f47da92de094568714176e29e734addaed81093f0ea7a6c40a88c68ff4fc071061c4983732b1705a8cd25b3b5a8020dfd640f06e21820eeee731ba58c8c2009e567f091b8f3a2d466f8615ca0f9654f97757944d6e6a067b6b9e8f1acb663b6bde5fe38b3bc862256a57f4eb5a1a4536118a882920c13b0d245ad15688a18daad839a65a7c3fe6b3fc9de76c0b0abff06d6cd135613"}]}}, {{0x9, 0x5, 0x0, 0x2, 0x10, 0x6, 0x8, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x4}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0xee, 0x6, 0x8}}, {{0x9, 0x5, 0x80, 0x1, 0x400, 0x1, 0xd, 0x85, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x4c, 0x3}]}}]}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x201, 0x1, 0xb6, 0x7, 0x40, 0x23}, 0x74, &(0x7f0000000480)={0x5, 0xf, 0x74, 0x3, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0x69, 0x10, 0x4, "57aad6c6292c975c37a116c68f25dc714445adbf36d54deafe02f73dbed14b848df0f45012a77e5a411524d2423b7cfa281ad382384b84f53a9f08426e354edc25ddd69954d54df63782416280a6054b07d3aacb2a99276375cb06fa6beb7467f0af73c005d0"}]}, 0x3, [{0x46, &(0x7f0000000500)=@string={0x46, 0x3, "464035dc4b0f6f083c3b0cf2d2fc61236043cd7ead86812164b7e4eed7df7f48f8bf61cd3c4cdb83b25ec3801469de3c6ff66b1cf8b3d47d7eb1b7993f14264db07c80af"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x40f}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x448}}]}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000640)=ANY=[@ANYBLOB="0900000000000000190000800600000005000000100000000000000003000000fbffffff000000000000000000000000018000000000000000000000060000000800000081ffffff000800000000000000000000000000000a000000ffffff7f0200000000000000040000000200ff000c00000000000000000000000000000006000000ffff000000000000ff03000002000000090000000700000000000000000000000000000007000080302100000500000003000000050000000b000000030000000000000000000000000000000d0000000700000000000000080000000a000000040000000700000000000000000000000000000000000040aba400000400000002000000c6e700000800000004000000000000000000000000000000001700400700000007"]) ioctl$SNDCTL_FM_4OP_ENABLE(r7, 0x4004510f, &(0x7f0000000100)=0x7fffffff) 4.843078668s ago: executing program 3 (id=3337): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x28480, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000), 0x4) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040d90455a018000000000109022400010000000009040100010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000ac0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 4.669187078s ago: executing program 0 (id=3339): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xeaff) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000680)={0x42, 0x0, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000140)={0x10000042}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) r3 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r3, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000002, 0x30, r3, 0xf11ab000) sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x40000) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x80781, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000100)=0x12) ioctl$SNDCTL_DSP_GETBLKSIZE(r5, 0xc0045004, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/config', 0x0, 0x0) openat$cgroup_ro(r6, &(0x7f0000001780)='devices.list\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001000ffff27bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1503000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r4], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003980)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000074000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021380011800a0001006c696d6974000000280002800c00024000000000000000030c00014000000000000001010c0001400000000000000101b81700000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000008c1703800c0000800800034000000002b0020080ac020180300002800900020073797a31000000000900020073797a32000000000900020073797a310000000008000180fffffffdab0001001adaed3733fd9115650ada04ae7ffb8493d0b305cf76df597919f96e0b09693fb746d0a48836f76ca83eda01c27b93031c49c9ef1655e8c822c3fab678d2b92d2e26984aab897cdd1a38ee4a7aeaa09fe68358d5b5aca2f1060ed19d981fb56eea81924d982e595e35ca7779cd98fcdc828eac052df33ad37fc6ddb9295dedb381278051f78b68d44f7c7e66c126e3e460ec7d192f14d760a7012553768362d995b66d024c046c0028000280080003400000000408000340000000030900020073797a300000000008000340000000030c00028008000340000000013000028008000180fffffffe0900020073797a31000000000900020073797a30000000000900020073797a3000000000440002800900020073797a310000000008000180fffffffd080003400000000108000180ffffffff080003400000000108000340000000020900020073797a300000000034000280080003400000000208000340000000040800034000000004080003400000000308000180fffffffd08000180000000003e0001"], 0x1874}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008004}, 0x20048040) 4.575413781s ago: executing program 0 (id=3340): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x48, &(0x7f0000000000)=0x6, 0x4) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r5 = syz_open_dev$media(&(0x7f0000000040), 0x2, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000001580)}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0xc}]}}, @TCA_RATE={0x6}]}, 0x40}}, 0x4000) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigqueueinfo(0x0, 0x21, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r1, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x27, 0xe8, 0x401, 0x0, 0x7, 0x4, 0x8000000000000001, 0x80000001, 0x0, 0x200, 0x4, 0x6, 0x9, 0x10000000003a, 0x9, 0x8], 0x0, 0x2a80}) r7 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0) close(0x3) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0015"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.638872653s ago: executing program 2 (id=3344): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r0 = landlock_create_ruleset(&(0x7f0000000140)={0x8b28, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x0, 0x0, 0x0, 0x180, 0x0, 0xfffffffc, {}, {}, {0x0, 0x9}, {0x0, 0xffffffff}, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x80, 0x0, 0x0, 0x23, 0x0, 0x1}) 3.543249718s ago: executing program 2 (id=3345): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x3, 0xe8, 0x401, 0x3, 0x7, 0x4, 0x8000000000000001, 0x80000001, 0x0, 0x200, 0x4, 0x6, 0x9, 0x10000000003a, 0x9, 0x8], 0x0, 0x2a80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) 3.418031491s ago: executing program 0 (id=3346): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @private=0xa010101, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x4000, 0x7f000001}}}}}, 0x0) 3.22914396s ago: executing program 0 (id=3347): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x8}, 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYRES16], 0xc) 3.114321639s ago: executing program 0 (id=3348): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x11000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xd, 0xffe1}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) 3.059861673s ago: executing program 2 (id=3349): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000640)=0x6d93, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000080)=ANY=[], 0x68) sendmsg$sock(r0, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4f03, 0x41d, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0x1}}], 0x17, 0x7ffffff7}, 0x2004c0c1) 3.052265372s ago: executing program 2 (id=3350): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x140, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0xddff, 0x0, 0x0, 0x180, 0x0, 0x0, {0x6}, {}, {}, {}, 0x2, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x10000000, 0x0, 0x2, 0x0, 0x1}) 2.975698824s ago: executing program 3 (id=3351): openat$dsp(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_IRQCHIP(r2, 0xc208ae62, 0x0) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) inotify_init() ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000400)={0x0, 0x0}) ptrace$getregset(0x4204, r4, 0x4, &(0x7f00000004c0)={&(0x7f0000000480)=""/21, 0x15}) chdir(&(0x7f0000000340)='./cgroup\x00') mkdir(&(0x7f00000002c0)='./file2\x00', 0x0) rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00') r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) memfd_create(&(0x7f0000000840)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842.\x17c`\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10d\x89J\xb3zz\x83\x81\x0f\xbd\xdf\xff9**\xb7\xfa\xa9h;<\xe8\x85\v\x9e\x02\x03\xad\xa4\x11R\x14\xbc\xc8\xb5\x89\xffx\x98%O\xf8n~1G\x89\x96\x1d\xecz\xe8\x04\x86G%\xa0\xd5[\xda\xc9', 0x4) socket$inet6(0xa, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, r6, 0x9dffffff}}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_ringparam={0x33, 0x7f, 0x20000a2e, 0x0, 0xe, 0x3, 0x2000000, 0x0, 0x3000000}}) 2.943830638s ago: executing program 1 (id=3352): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0xe, 'syz0\x00'}, 0x5, 0x31, 0x1, 0x0, 0x0, 0x8, 'syz0\x00', 0x0}) mremap(&(0x7f00002ce000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) socket$kcm(0x10, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000804) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xf}, {0xd, 0xb}, {0xffe0, 0xd}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x4}}}]}, 0x3c}}, 0x4010004) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.943179822s ago: executing program 2 (id=3353): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) r2 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r2, 0x200004) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2083, 0x10056}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40050}, 0x4000880) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x8000000, 0x10000, 0x1}) sendfile(r1, r2, 0x0, 0x80001d00c0d1) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r4, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 2.521141362s ago: executing program 1 (id=3354): openat$dsp(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_IRQCHIP(r2, 0xc208ae62, 0x0) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r4 = inotify_init() ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000400)={0x0, 0x0}) ptrace$getregset(0x4204, r5, 0x4, &(0x7f00000004c0)={&(0x7f0000000480)=""/21, 0x15}) chdir(&(0x7f0000000340)='./cgroup\x00') rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00') inotify_add_watch(r4, &(0x7f00000000c0)='.\x00', 0x5000009) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) memfd_create(&(0x7f0000000840)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842.\x17c`\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10d\x89J\xb3zz\x83\x81\x0f\xbd\xdf\xff9**\xb7\xfa\xa9h;<\xe8\x85\v\x9e\x02\x03\xad\xa4\x11R\x14\xbc\xc8\xb5\x89\xffx\x98%O\xf8n~1G\x89\x96\x1d\xecz\xe8\x04\x86G%\xa0\xd5[\xda\xc9', 0x4) socket$inet6(0xa, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, r7, 0x9dffffff}}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_ringparam={0x33, 0x7f, 0x20000a2e, 0x0, 0xe, 0x3, 0x2000000, 0x0, 0x3000000}}) 2.079778219s ago: executing program 0 (id=3355): socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYRES8=r2, @ANYRES64, @ANYRES32=0x0], 0x70}}, 0x8000) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'ip6erspan0\x00', &(0x7f0000000700)=@ethtool_perm_addr}) syz_open_dev$dri(0x0, 0x1, 0x6082) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="070000000400000080000000"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800"/12, @ANYRES32=r3], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r4}, 0x18) syz_io_uring_setup(0x4c55, &(0x7f0000000140)={0x0, 0x6158, 0x80, 0x8000002, 0x1f9}, &(0x7f0000000480)=0x0, &(0x7f0000000300)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket(0x22, 0x6, 0x0) sendmsg$WG_CMD_GET_DEVICE(r6, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f00000015c0)=ANY=[@ANYBLOB="d90d23001e9a23bd0b30bc19c88b251ddd1f101e83ee9e34c8f520d2a8c471ff4b4d126743b0dcd5be147e9476bbd7d717a6dd3c240a65f49291f21f7766826c7e2eb80eb730ad1a36b4c7495c4eff24eb6fd919212cbc0921476e0a47253a0000326ea85594000000000000000000", @ANYRES16=0x0, @ANYBLOB], 0xd94}, 0x1, 0x0, 0x0, 0x40008c0}, 0xc0014) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r7, &(0x7f0000000080), 0x0, 0x0, 0x6) sendto$inet6(r6, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9ea685a168d0bf47d32345653602648dcaaf6c26c291214549935ade4a460c20b6ec0cff3959547f500f58ba86c902060f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa415ac4d31c4f7a1", 0x8b, 0x0, 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x2c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_procs(r9, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r10, &(0x7f00000001c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) 2.012161317s ago: executing program 4 (id=3356): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) r2 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r2, 0x200004) sendfile(r1, r2, 0x0, 0x80001d00c0d1) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r3, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x700000000000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 1.731794651s ago: executing program 2 (id=3357): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x58) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x24c0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r2, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") close(r3) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b9040200000000806c010000150010001800feffffff09000d2000000401a80074efc22bb31ad49f50a03cb4d92706000000036010fab94dcf5c0468c1d67f6f94007134cf6ee062e1c547cbc7225e67c20b278d56cfb39b0590b4800089e408e8d8ef52b49816277cf4090000001fb791643a5ee4ce1b14d6d930dfe1d9db22fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db701000000eafad95667e006dcdf969b3ef35ce3bb9ad809d561cace81ed0bffece0b42a", 0xcb}], 0x1}, 0x0) 1.419611918s ago: executing program 3 (id=3358): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x8}, 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0xc) 1.272243859s ago: executing program 1 (id=3359): r0 = syz_open_procfs(0x0, &(0x7f0000006400)='personality\x00') read$FUSE(r0, &(0x7f00000001c0)={0x2020}, 0x2020) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x3, 0xe8, 0x401, 0x3, 0x7, 0x4, 0x8000000000000001, 0x80000001, 0x0, 0x200, 0x4, 0x6, 0x9, 0x10000000003a, 0x9, 0x8], 0x0, 0x2a80}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0) syz_usb_ep_write(r4, 0x8d, 0x0, 0x0) signalfd(r1, &(0x7f00000000c0)={[0x1]}, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x30000, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.096015136s ago: executing program 3 (id=3360): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0x0, 0xfff1}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x6, 0x80000000}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) 943.678551ms ago: executing program 3 (id=3361): timer_create(0x2, &(0x7f0000000100)={0x0, 0x20, 0x2, @thr={&(0x7f00000001c0)="2da9da54e2cfe7afcd041acc18d014e9c420ab36be299146eeb41aae2edbc711ea49a1f0078577e279e4c6d81a4c413c9f80022c259fee9da3409d38b5827f202c50a16bf8035b408b80f241e99cab49a92f097da9", &(0x7f0000000000)="9d85d569ad59a71e24357af216ddb119fd8d4ec5e7ff86c87cec1a31389b"}}, &(0x7f0000000300)=0x0) r1 = gettid() r2 = syz_open_dev$vcsn(&(0x7f00000000c0), 0xe54, 0x1a141) fcntl$lock(r2, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x3, r1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) signalfd4(r2, &(0x7f0000000240)={[0xfe]}, 0x8, 0x100000) (async) r3 = signalfd4(r2, &(0x7f0000000240)={[0xfe]}, 0x8, 0x100000) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f0000000500)={&(0x7f00008b7000/0x3000)=nil, &(0x7f0000dff000/0x2000)=nil, 0x3000, 0x3}) (async) ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f0000000500)={&(0x7f00008b7000/0x3000)=nil, &(0x7f0000dff000/0x2000)=nil, 0x3000, 0x3}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/dev_mcast\x00') socket$packet(0x11, 0x3, 0x300) (async) socket$packet(0x11, 0x3, 0x300) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x400) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) socket(0x200000100000011, 0x3, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(r6, 0xc1007c00, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) getpriority(0x0, 0x0) (async) getpriority(0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r7 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r7, &(0x7f0000000080), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r7, 0x65, 0x2, &(0x7f0000000000), 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) 922.073567ms ago: executing program 3 (id=3362): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}], 0x20}}], 0x1, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000fffd06040000000000f93132", 0x39}], 0x1) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57) setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) write$cgroup_int(r5, &(0x7f0000000000)=0x2b00, 0x12) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) 798.876881ms ago: executing program 4 (id=3363): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000000000000000000ccf5000a20000000000a05000000000000000000010000000900010073797a30fff5000040000000030a01010000000000000000010000000900030073797a310000000014000480080002400000000008000140000000000900010073797a300000000040000000060a010400000000000000000100000018000480140001800a00010072656469720000000400028008000b40000000000900010073797a30000000001400000011"], 0xc8}}, 0x0) 107.910992ms ago: executing program 4 (id=3364): syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000480)={{0x4, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) sendmmsg(r0, 0x0, 0x0, 0x9200000000000000) r1 = socket$kcm(0xa, 0x2, 0x0) socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f00000001c0)={{0x84, @broadcast, 0x4e21, 0x3, 'lblcr\x00', 0x25, 0x10008, 0x77}, {@remote, 0x4e20, 0x10006, 0xcd, 0xfffffffc}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 0s ago: executing program 4 (id=3365): timerfd_create(0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x60040, 0x0) unshare(0x46011400) socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x54, 0x66, 0x200, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xb, 0xfff2}, {0xa, 0x5}}, [{0x8, 0xb, 0x47821b96}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x8001}, {0x8, 0xb, 0xe5}]}, 0x54}, 0x1, 0x0, 0x0, 0xc004}, 0x8800) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x5, 0x180, 0x4, 0x10, 0xf1, 0x51, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x122182}) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): id length. [ 696.801083][T16549] block nbd0: Attempted send on invalid socket [ 696.809285][T16549] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 696.939012][ T8945] IPVS: stop unused estimator thread 0... [ 697.995379][T16581] FAULT_INJECTION: forcing a failure. [ 697.995379][T16581] name failslab, interval 1, probability 0, space 0, times 0 [ 697.995454][T16581] CPU: 1 UID: 0 PID: 16581 Comm: syz.3.2939 Not tainted syzkaller #0 PREEMPT(full) [ 697.995474][T16581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 697.995485][T16581] Call Trace: [ 697.995493][T16581] [ 697.995500][T16581] dump_stack_lvl+0x189/0x250 [ 697.995524][T16581] ? __pfx____ratelimit+0x10/0x10 [ 697.995544][T16581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 697.995564][T16581] ? __pfx__printk+0x10/0x10 [ 697.995593][T16581] ? __pfx___might_resched+0x10/0x10 [ 697.995609][T16581] ? fs_reclaim_acquire+0x7d/0x100 [ 697.995631][T16581] should_fail_ex+0x414/0x560 [ 697.995662][T16581] should_failslab+0xa8/0x100 [ 697.995692][T16581] __kmalloc_cache_noprof+0x70/0x3d0 [ 697.995713][T16581] ? drm_atomic_state_alloc+0xa9/0x100 [ 697.995739][T16581] drm_atomic_state_alloc+0xa9/0x100 [ 697.995760][T16581] drm_client_modeset_commit_atomic+0xe2/0x760 [ 697.995781][T16581] ? trace_contention_end+0x39/0x120 [ 697.995805][T16581] ? trace_contention_end+0x39/0x120 [ 697.995828][T16581] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 697.995872][T16581] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 697.995913][T16581] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 697.995939][T16581] drm_fb_helper_pan_display+0x3e7/0xbd0 [ 697.995980][T16581] fb_pan_display+0x39e/0x680 [ 697.995999][T16581] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 697.996029][T16581] bit_update_start+0x4d/0x1e0 [ 697.996052][T16581] fbcon_modechanged+0xc38/0x13a0 [ 697.996091][T16581] do_fb_ioctl+0x6fd/0x750 [ 697.996115][T16581] ? __pfx_do_fb_ioctl+0x10/0x10 [ 697.996179][T16581] ? __fget_files+0x2a/0x420 [ 697.996202][T16581] ? __fget_files+0x3a0/0x420 [ 697.996217][T16581] ? __fget_files+0x2a/0x420 [ 697.996237][T16581] ? bpf_lsm_file_ioctl+0x9/0x20 [ 697.996257][T16581] ? __pfx_fb_ioctl+0x10/0x10 [ 697.996277][T16581] __se_sys_ioctl+0xfc/0x170 [ 697.996301][T16581] do_syscall_64+0xfa/0x3b0 [ 697.996318][T16581] ? lockdep_hardirqs_on+0x9c/0x150 [ 697.996336][T16581] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.996353][T16581] ? clear_bhb_loop+0x60/0xb0 [ 697.996375][T16581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.996391][T16581] RIP: 0033:0x7f8085f8eec9 [ 697.996407][T16581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 697.996422][T16581] RSP: 002b:00007f8086f13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 697.996439][T16581] RAX: ffffffffffffffda RBX: 00007f80861e5fa0 RCX: 00007f8085f8eec9 [ 697.996451][T16581] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003 [ 697.996462][T16581] RBP: 00007f8086f13090 R08: 0000000000000000 R09: 0000000000000000 [ 697.996472][T16581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 697.996482][T16581] R13: 00007f80861e6038 R14: 00007f80861e5fa0 R15: 00007f808630fa28 [ 697.996514][T16581] [ 698.012793][ T6006] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 698.173044][ T6006] usb 2-1: Using ep0 maxpacket: 32 [ 698.175720][ T6006] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 698.175745][ T6006] usb 2-1: config 0 has no interface number 0 [ 698.175786][ T6006] usb 2-1: config 0 interface 184 has no altsetting 0 [ 698.177767][ T6006] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 698.177793][ T6006] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.177813][ T6006] usb 2-1: Product: syz [ 698.177827][ T6006] usb 2-1: Manufacturer: syz [ 698.177841][ T6006] usb 2-1: SerialNumber: syz [ 698.183432][ T6006] usb 2-1: config 0 descriptor?? [ 698.201665][ T6006] smsc75xx v1.0.0 [ 698.804147][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 698.804178][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 698.810375][T16362] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 698.848960][T16362] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 699.194258][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 699.214457][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 699.233959][T16595] ptrace attach of "./syz-executor exec"[5878] was attempted by "./syz-executor exec"[16595] [ 699.256162][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 699.278678][T16603] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 699.422777][ T6006] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 699.446985][T16595] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 699.454973][ T6006] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 699.529303][ T6006] usb 2-1: USB disconnect, device number 101 [ 699.705802][T16362] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 699.917090][T16362] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 700.536928][T16362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.625492][T16362] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.726482][ T8945] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.733663][ T8945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.791163][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.798373][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 701.141559][T16362] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 701.511323][T16362] veth0_vlan: entered promiscuous mode [ 701.590052][T16362] veth1_vlan: entered promiscuous mode [ 701.629879][T16651] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2954'. [ 701.697640][T16362] veth0_macvtap: entered promiscuous mode [ 701.736757][T16362] veth1_macvtap: entered promiscuous mode [ 701.852075][T16362] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 701.907880][T16362] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 701.965869][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.995180][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.055881][ T8924] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.083003][ T8924] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.540469][T16677] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 702.850010][ T1169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.927073][ T1169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.086586][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.137841][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.564343][T16696] kvm: pic: non byte write [ 703.593804][T16700] FAULT_INJECTION: forcing a failure. [ 703.593804][T16700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 703.634101][T16700] CPU: 1 UID: 0 PID: 16700 Comm: syz.3.2963 Not tainted syzkaller #0 PREEMPT(full) [ 703.634125][T16700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 703.634136][T16700] Call Trace: [ 703.634144][T16700] [ 703.634152][T16700] dump_stack_lvl+0x189/0x250 [ 703.634177][T16700] ? __pfx____ratelimit+0x10/0x10 [ 703.634197][T16700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 703.634216][T16700] ? __pfx__printk+0x10/0x10 [ 703.634237][T16700] ? __might_fault+0xb0/0x130 [ 703.634271][T16700] should_fail_ex+0x414/0x560 [ 703.634300][T16700] _copy_from_iter+0x1de/0x1790 [ 703.634336][T16700] ? rcu_is_watching+0x15/0xb0 [ 703.634355][T16700] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 703.634378][T16700] ? __pfx__copy_from_iter+0x10/0x10 [ 703.634400][T16700] ? __build_skb_around+0x257/0x3e0 [ 703.634426][T16700] ? netlink_sendmsg+0x642/0xb30 [ 703.634443][T16700] ? skb_put+0x11b/0x210 [ 703.634466][T16700] netlink_sendmsg+0x6b2/0xb30 [ 703.634494][T16700] ? __pfx_netlink_sendmsg+0x10/0x10 [ 703.634515][T16700] ? aa_sock_msg_perm+0xf1/0x1d0 [ 703.634534][T16700] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 703.634553][T16700] ? __pfx_netlink_sendmsg+0x10/0x10 [ 703.634573][T16700] __sock_sendmsg+0x21c/0x270 [ 703.634597][T16700] ____sys_sendmsg+0x505/0x830 [ 703.634622][T16700] ? __pfx_____sys_sendmsg+0x10/0x10 [ 703.634652][T16700] ? import_iovec+0x74/0xa0 [ 703.634675][T16700] ___sys_sendmsg+0x21f/0x2a0 [ 703.634697][T16700] ? __pfx____sys_sendmsg+0x10/0x10 [ 703.634737][T16700] ? __fget_files+0x2a/0x420 [ 703.634746][T16700] ? __fget_files+0x3a0/0x420 [ 703.634760][T16700] __x64_sys_sendmsg+0x19b/0x260 [ 703.634775][T16700] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 703.634792][T16700] ? __pfx_ksys_write+0x10/0x10 [ 703.634804][T16700] ? rcu_is_watching+0x15/0xb0 [ 703.634816][T16700] ? do_syscall_64+0xbe/0x3b0 [ 703.634829][T16700] do_syscall_64+0xfa/0x3b0 [ 703.634839][T16700] ? lockdep_hardirqs_on+0x9c/0x150 [ 703.634849][T16700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.634859][T16700] ? clear_bhb_loop+0x60/0xb0 [ 703.634870][T16700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.634880][T16700] RIP: 0033:0x7f8085f8eec9 [ 703.634890][T16700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.634898][T16700] RSP: 002b:00007f8086f13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 703.634910][T16700] RAX: ffffffffffffffda RBX: 00007f80861e5fa0 RCX: 00007f8085f8eec9 [ 703.634917][T16700] RDX: 0000000024000800 RSI: 0000200000000200 RDI: 0000000000000003 [ 703.634924][T16700] RBP: 00007f8086f13090 R08: 0000000000000000 R09: 0000000000000000 [ 703.634930][T16700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 703.634936][T16700] R13: 00007f80861e6038 R14: 00007f80861e5fa0 R15: 00007f808630fa28 [ 703.634951][T16700] [ 704.189239][T16705] netlink: 'syz.4.2962': attribute type 12 has an invalid length. [ 704.198093][T16705] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.2962'. [ 704.963102][T16720] nvme_fabrics: missing parameter 'transport=%s' [ 705.082577][T16728] vlan0: entered allmulticast mode [ 705.143802][T16720] nvme_fabrics: missing parameter 'nqn=%s' [ 705.852972][ T5947] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 706.096506][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 706.138090][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 706.277517][ T5947] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 706.842839][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.052019][ T5947] usb 2-1: config 0 descriptor?? [ 707.469954][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 707.480086][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 707.488261][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 707.496662][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 707.505260][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 707.535675][T16744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 707.568961][T16744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 707.988429][T16744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 707.999709][ T5947] hid-led 0003:27B8:01ED.0019: probe with driver hid-led failed with error -32 [ 708.000736][T16744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 708.032202][ T8945] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 708.132296][ T5947] usb 2-1: USB disconnect, device number 102 [ 708.750359][ T8945] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 708.986726][T16795] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 709.396598][ T5947] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 709.583933][T13478] Bluetooth: hci3: command tx timeout [ 709.710360][T16810] netlink: 'syz.2.2982': attribute type 12 has an invalid length. [ 709.718388][T16810] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.2982'. [ 709.782407][ T5947] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 709.797918][ T8945] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 709.854747][ T5947] usb 5-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01 [ 709.879126][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.906439][ T5947] usb 5-1: Product: syz [ 709.920491][ T5947] usb 5-1: Manufacturer: syz [ 709.932756][ T5947] usb 5-1: SerialNumber: syz [ 709.956445][ T5947] usb 5-1: config 0 descriptor?? [ 709.972644][ T5947] go7007 5-1:0.0: Sensoray 2250 found [ 709.986011][ T5947] go7007 5-1:0.0: probe with driver go7007 failed with error -12 [ 710.227933][ T8945] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.310960][ T5946] usb 5-1: USB disconnect, device number 86 [ 710.731380][T16763] chnl_net:caif_netlink_parms(): no params data found [ 711.243684][ T5986] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 711.425783][ T5986] usb 5-1: Using ep0 maxpacket: 32 [ 711.434405][ T5986] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 711.442574][ T5986] usb 5-1: config 0 has no interface number 0 [ 711.449786][ T5986] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 711.461110][ T5986] usb 5-1: config 0 interface 85 has no altsetting 0 [ 711.480414][ T5986] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 711.490823][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.499163][ T5986] usb 5-1: Product: syz [ 711.503619][ T5986] usb 5-1: Manufacturer: syz [ 711.508255][ T5986] usb 5-1: SerialNumber: syz [ 711.518636][ T5986] usb 5-1: config 0 descriptor?? [ 711.670180][T13478] Bluetooth: hci3: command tx timeout [ 711.948100][ T5986] appletouch 5-1:0.85: Geyser mode initialized. [ 711.956669][ T5986] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input49 [ 712.133853][ T8945] bond0 (unregistering): Released all slaves [ 712.797705][ T5986] usb 5-1: USB disconnect, device number 87 [ 712.849225][ T5986] appletouch 5-1:0.85: input: appletouch disconnected [ 713.029260][T16855] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 713.125850][ T8945] bond1 (unregistering): Released all slaves [ 713.340261][ T8945] bond2 (unregistering): Released all slaves [ 713.362011][ T8945] bond3 (unregistering): Released all slaves [ 713.582241][ T8945] tipc: Left network mode [ 713.583748][T16763] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.631166][T16763] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.638647][T16763] bridge_slave_0: entered allmulticast mode [ 713.666422][ T8945] IPVS: stopping master sync thread 6300 ... [ 713.685423][T16763] bridge_slave_0: entered promiscuous mode [ 713.743917][T13478] Bluetooth: hci3: command tx timeout [ 714.063667][T16763] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.070810][T16763] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.117790][T16763] bridge_slave_1: entered allmulticast mode [ 714.135944][T16763] bridge_slave_1: entered promiscuous mode [ 714.642199][T16763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 714.672398][T16763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.006309][T16763] team0: Port device team_slave_0 added [ 715.085555][T16763] team0: Port device team_slave_1 added [ 715.473907][ T8945] hsr_slave_0: left promiscuous mode [ 715.522894][ T8945] hsr_slave_1: left promiscuous mode [ 715.561492][ T8945] hsr0: left allmulticast mode [ 715.642248][T16898] netlink: 'syz.3.2998': attribute type 12 has an invalid length. [ 715.659312][T16898] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.2998'. [ 715.834602][T13478] Bluetooth: hci3: command tx timeout [ 716.934253][T16917] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 717.451757][T16763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 717.460561][T16763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 717.487048][T16763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 717.500047][T16763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 717.511514][T16763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 717.543473][ T6006] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 717.642610][T16763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 717.732855][ T6006] usb 5-1: Using ep0 maxpacket: 16 [ 717.745360][ T6006] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 717.757045][ T6006] usb 5-1: config 0 interface 0 has no altsetting 0 [ 717.763926][ T6006] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 717.898945][ T6006] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.930627][ T6006] usb 5-1: config 0 descriptor?? [ 718.058619][T16763] hsr_slave_0: entered promiscuous mode [ 718.074193][T16763] hsr_slave_1: entered promiscuous mode [ 718.096412][T16763] debugfs: 'hsr0' already exists in 'hsr' [ 718.123316][T16763] Cannot create hsr debugfs directory [ 718.374537][ T6006] nzxt-smart2 0003:1E71:2009.001A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0 [ 718.571406][T16931] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 718.871811][ T6006] usb 5-1: USB disconnect, device number 88 [ 720.584533][ T6006] usb 4-1: new low-speed USB device number 110 using dummy_hcd [ 720.815009][ T6006] usb 4-1: device descriptor read/64, error -71 [ 721.045816][T16763] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 721.173608][T16763] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 721.231911][T16763] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 721.243334][ T6006] usb 4-1: new low-speed USB device number 111 using dummy_hcd [ 721.279567][T16763] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 721.405815][ T6006] usb 4-1: device descriptor read/64, error -71 [ 721.452085][T16998] syzkaller0: entered promiscuous mode [ 721.458348][T16998] syzkaller0: entered allmulticast mode [ 721.529970][ T6006] usb usb4-port1: attempt power cycle [ 721.854077][T16763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 721.902960][ T6006] usb 4-1: new low-speed USB device number 112 using dummy_hcd [ 721.912531][T16763] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.084103][ T6006] usb 4-1: device descriptor read/8, error -71 [ 722.108432][ T8924] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.115570][ T8924] bridge0: port 1(bridge_slave_0) entered forwarding state [ 722.186049][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.193898][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.439881][ T6006] usb 4-1: new low-speed USB device number 113 using dummy_hcd [ 722.800423][ T6006] usb 4-1: device descriptor read/8, error -71 [ 722.801412][T16763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 722.834474][T17024] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 723.019090][ T6006] usb usb4-port1: unable to enumerate USB device [ 723.134663][T16763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.405352][T16763] veth0_vlan: entered promiscuous mode [ 723.470242][T16763] veth1_vlan: entered promiscuous mode [ 723.714986][T16763] veth0_macvtap: entered promiscuous mode [ 723.740023][T16763] veth1_macvtap: entered promiscuous mode [ 723.911339][T16763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 724.064579][T16763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 724.093599][ T8924] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.194849][ T8924] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.273737][ T8924] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.338041][ T8924] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.541976][ T8924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.592127][ T8924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.836622][ T4816] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.960265][ T4816] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.194907][T17060] vlan0: entered allmulticast mode [ 726.091639][T17077] netdevsim netdevsim0: Direct firmware load for . [ 726.091639][T17077] failed with error -2 [ 726.103075][T17077] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 726.103075][T17077] [ 727.258108][T17097] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 727.389215][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 727.413135][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 727.447930][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 727.495478][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 727.506338][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 727.642888][ T9] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 727.905025][ T9] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 727.922378][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.937935][ T9] usb 4-1: config 0 descriptor?? [ 727.945131][ T9] gspca_main: spca508-2.14.0 probing 8086:0110 [ 728.473302][ T9] gspca_spca508: reg_read err -110 [ 728.493105][ T9] gspca_spca508: reg_read err -32 [ 728.558606][ T9] gspca_spca508: reg_read err -32 [ 729.093064][ T9] gspca_spca508: reg_read err -110 [ 729.115191][T17136] sock: sock_timestamping_bind_phc: sock not bind to device [ 729.145502][ T9] gspca_spca508: reg_read err -32 [ 729.201085][ T9] gspca_spca508: reg write: error -32 [ 729.271998][ T9] spca508 4-1:0.0: probe with driver spca508 failed with error -32 [ 729.583333][ T51] Bluetooth: hci0: command tx timeout [ 730.389180][T17145] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3045'. [ 730.885775][ T9] usb 4-1: USB disconnect, device number 114 [ 731.032530][ T8924] bond0 (unregistering): Released all slaves [ 731.046135][ T8924] bond1 (unregistering): Released all slaves [ 731.071013][ T8924] bond2 (unregistering): Released all slaves [ 731.091230][ T8924] bond3 (unregistering): Released all slaves [ 731.159297][T17134] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 731.426237][T17160] vlan0: entered allmulticast mode [ 731.502191][ T8924] tipc: Disabling bearer [ 731.509476][ T8924] tipc: Left network mode [ 731.663242][ T51] Bluetooth: hci0: command tx timeout [ 731.698714][T17108] chnl_net:caif_netlink_parms(): no params data found [ 732.372437][T17185] netlink: 'syz.0.3049': attribute type 12 has an invalid length. [ 732.380425][T17185] netlink: 9472 bytes leftover after parsing attributes in process `syz.0.3049'. [ 732.523267][ T5986] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 732.826683][ T5986] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 732.836135][ T5986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.852776][ T5986] usb 3-1: Product: syz [ 732.857054][ T5986] usb 3-1: Manufacturer: syz [ 732.992760][ T5986] usb 3-1: SerialNumber: syz [ 733.004828][T17108] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.053684][ T5986] usb 3-1: config 0 descriptor?? [ 733.069170][T17108] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.089464][T17108] bridge_slave_0: entered allmulticast mode [ 733.105091][T17108] bridge_slave_0: entered promiscuous mode [ 733.233045][T17108] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.292971][T17108] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.308815][ T5986] usb 3-1: Firmware version (0.0) predates our first public release. [ 733.336011][T17108] bridge_slave_1: entered allmulticast mode [ 733.362166][ T5986] usb 3-1: Please update to version 0.2 or newer [ 733.384575][T17108] bridge_slave_1: entered promiscuous mode [ 733.544400][ T5986] usb 3-1: USB disconnect, device number 100 [ 733.708243][T17108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 733.743733][ T51] Bluetooth: hci0: command tx timeout [ 733.769554][ T918] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 733.795381][T17108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 733.951628][ T918] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 734.017322][ T918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 734.045218][T17108] team0: Port device team_slave_0 added [ 734.057332][ T918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 734.095857][ T918] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 734.128592][ T918] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 734.218459][T17108] team0: Port device team_slave_1 added [ 734.247683][ T918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 734.301375][ T918] usb 4-1: config 0 descriptor?? [ 734.391165][T17227] FAULT_INJECTION: forcing a failure. [ 734.391165][T17227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 734.454202][T17227] CPU: 1 UID: 0 PID: 17227 Comm: syz.0.3059 Not tainted syzkaller #0 PREEMPT(full) [ 734.454227][T17227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 734.454238][T17227] Call Trace: [ 734.454246][T17227] [ 734.454255][T17227] dump_stack_lvl+0x189/0x250 [ 734.454280][T17227] ? __pfx____ratelimit+0x10/0x10 [ 734.454299][T17227] ? __pfx_dump_stack_lvl+0x10/0x10 [ 734.454320][T17227] ? __pfx__printk+0x10/0x10 [ 734.454341][T17227] ? __might_fault+0xb0/0x130 [ 734.454371][T17227] should_fail_ex+0x414/0x560 [ 734.454399][T17227] _copy_from_user+0x2d/0xb0 [ 734.454421][T17227] kvm_arch_vcpu_ioctl+0x638/0x2a80 [ 734.454445][T17227] ? __lock_acquire+0xab9/0xd20 [ 734.454467][T17227] ? kvm_arch_vcpu_ioctl+0x5f8/0x2a80 [ 734.454493][T17227] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 734.454521][T17227] ? __lock_acquire+0xab9/0xd20 [ 734.454562][T17227] ? is_bpf_text_address+0x26/0x2b0 [ 734.454597][T17227] ? is_bpf_text_address+0x292/0x2b0 [ 734.454618][T17227] ? is_bpf_text_address+0x26/0x2b0 [ 734.454641][T17227] ? kernel_text_address+0xa5/0xe0 [ 734.454663][T17227] ? __kernel_text_address+0xd/0x40 [ 734.454683][T17227] ? unwind_get_return_address+0x4d/0x90 [ 734.454701][T17227] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 734.454722][T17227] ? arch_stack_walk+0xfc/0x150 [ 734.454756][T17227] ? __pfx_stack_trace_save+0x10/0x10 [ 734.454778][T17227] ? stack_depot_save_flags+0x40/0x860 [ 734.454818][T17227] ? __lock_acquire+0xab9/0xd20 [ 734.454849][T17227] ? __mutex_trylock_common+0x153/0x260 [ 734.454870][T17227] ? __pfx___mutex_trylock_common+0x10/0x10 [ 734.454894][T17227] ? rcu_is_watching+0x15/0xb0 [ 734.454912][T17227] ? trace_contention_end+0x39/0x120 [ 734.454929][T17227] ? __mutex_lock+0x335/0x1350 [ 734.454954][T17227] ? kasan_quarantine_put+0xdd/0x220 [ 734.454979][T17227] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 734.455004][T17227] ? __pfx___mutex_lock+0x10/0x10 [ 734.455023][T17227] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 734.455051][T17227] ? do_vfs_ioctl+0xbe8/0x1430 [ 734.455073][T17227] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 734.455097][T17227] kvm_vcpu_ioctl+0x74d/0xe90 [ 734.455125][T17227] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 734.455143][T17227] ? __lock_acquire+0xab9/0xd20 [ 734.455184][T17227] ? __fget_files+0x2a/0x420 [ 734.455203][T17227] ? __fget_files+0x2a/0x420 [ 734.455217][T17227] ? __fget_files+0x3a0/0x420 [ 734.455231][T17227] ? __fget_files+0x2a/0x420 [ 734.455250][T17227] ? bpf_lsm_file_ioctl+0x9/0x20 [ 734.455269][T17227] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 734.455289][T17227] __se_sys_ioctl+0xfc/0x170 [ 734.455312][T17227] do_syscall_64+0xfa/0x3b0 [ 734.455330][T17227] ? lockdep_hardirqs_on+0x9c/0x150 [ 734.455346][T17227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.455364][T17227] ? clear_bhb_loop+0x60/0xb0 [ 734.455384][T17227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.455400][T17227] RIP: 0033:0x7f39db58eec9 [ 734.455417][T17227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.455431][T17227] RSP: 002b:00007f39dc474038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 734.455450][T17227] RAX: ffffffffffffffda RBX: 00007f39db7e5fa0 RCX: 00007f39db58eec9 [ 734.455463][T17227] RDX: 0000200000000640 RSI: 000000004008ae89 RDI: 0000000000000006 [ 734.455474][T17227] RBP: 00007f39dc474090 R08: 0000000000000000 R09: 0000000000000000 [ 734.455484][T17227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 734.455493][T17227] R13: 00007f39db7e6038 R14: 00007f39db7e5fa0 R15: 00007f39db90fa28 [ 734.455521][T17227] [ 734.831231][ T8924] hsr_slave_0: left promiscuous mode [ 735.047543][ T918] plantronics 0003:047F:FFFF.001B: ignoring exceeding usage max [ 735.070610][ T918] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 735.307716][T17212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 735.316523][T17212] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 735.331761][ T918] usb 4-1: USB disconnect, device number 115 [ 735.462871][ T10] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 735.631092][ T10] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 735.699516][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 735.726497][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 735.735778][ T10] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 735.794579][ T10] usb 1-1: Product: syz [ 735.799393][ T10] usb 1-1: Manufacturer: syz [ 735.823267][ T51] Bluetooth: hci0: command tx timeout [ 735.868730][ T10] usb 1-1: SerialNumber: syz [ 735.883993][ T10] usb 1-1: config 0 descriptor?? [ 735.946163][ T10] usb 1-1: selecting invalid altsetting 0 [ 737.235278][T17108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 737.259946][T17108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.296666][T17108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 737.316907][T17108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 737.333117][T17108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.425231][T17108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 737.710126][T17277] netlink: 'syz.4.3065': attribute type 12 has an invalid length. [ 737.718431][T17277] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.3065'. [ 738.286253][T17108] hsr_slave_0: entered promiscuous mode [ 738.397421][T17108] hsr_slave_1: entered promiscuous mode [ 738.431735][ T9] usb 1-1: USB disconnect, device number 94 [ 738.759477][T17298] vlan0: entered allmulticast mode [ 739.780160][T17313] could not allocate digest TFM handle poly1305-neon [ 740.695327][T17108] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 740.753800][T17108] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 740.910811][T17108] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 740.960700][T17108] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 741.399092][T17351] syzkaller0: entered promiscuous mode [ 741.417071][T17351] syzkaller0: entered allmulticast mode [ 741.987997][T17108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 742.071036][T17108] 8021q: adding VLAN 0 to HW filter on device team0 [ 742.121998][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.129170][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 742.204886][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.212045][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 742.592673][T17379] vlan0: entered allmulticast mode [ 742.677838][T17387] FAULT_INJECTION: forcing a failure. [ 742.677838][T17387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 742.766357][T17387] CPU: 1 UID: 0 PID: 17387 Comm: syz.0.3085 Not tainted syzkaller #0 PREEMPT(full) [ 742.766383][T17387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 742.766394][T17387] Call Trace: [ 742.766403][T17387] [ 742.766411][T17387] dump_stack_lvl+0x189/0x250 [ 742.766436][T17387] ? __pfx____ratelimit+0x10/0x10 [ 742.766456][T17387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 742.766476][T17387] ? __pfx__printk+0x10/0x10 [ 742.766511][T17387] should_fail_ex+0x414/0x560 [ 742.766540][T17387] _copy_to_user+0x31/0xb0 [ 742.766564][T17387] simple_read_from_buffer+0xe1/0x170 [ 742.766592][T17387] proc_fail_nth_read+0x1b3/0x220 [ 742.766616][T17387] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 742.766639][T17387] ? rw_verify_area+0x2a6/0x4d0 [ 742.766659][T17387] ? __lock_acquire+0xab9/0xd20 [ 742.766679][T17387] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 742.766701][T17387] vfs_read+0x200/0xa30 [ 742.766721][T17387] ? fdget_pos+0x247/0x320 [ 742.766741][T17387] ? __pfx___mutex_lock+0x10/0x10 [ 742.766760][T17387] ? __pfx_vfs_read+0x10/0x10 [ 742.766789][T17387] ? __fget_files+0x2a/0x420 [ 742.766810][T17387] ? __fget_files+0x3a0/0x420 [ 742.766825][T17387] ? __fget_files+0x2a/0x420 [ 742.766850][T17387] ksys_read+0x145/0x250 [ 742.766874][T17387] ? __pfx_ksys_read+0x10/0x10 [ 742.766893][T17387] ? rcu_is_watching+0x15/0xb0 [ 742.766916][T17387] ? do_syscall_64+0xbe/0x3b0 [ 742.766940][T17387] do_syscall_64+0xfa/0x3b0 [ 742.766957][T17387] ? lockdep_hardirqs_on+0x9c/0x150 [ 742.766975][T17387] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.766993][T17387] ? clear_bhb_loop+0x60/0xb0 [ 742.767014][T17387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.767031][T17387] RIP: 0033:0x7f39db58d8dc [ 742.767047][T17387] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 742.767063][T17387] RSP: 002b:00007f39dc474030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 742.767082][T17387] RAX: ffffffffffffffda RBX: 00007f39db7e5fa0 RCX: 00007f39db58d8dc [ 742.767096][T17387] RDX: 000000000000000f RSI: 00007f39dc4740a0 RDI: 0000000000000004 [ 742.767108][T17387] RBP: 00007f39dc474090 R08: 0000000000000000 R09: 0000000000000000 [ 742.767119][T17387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.767130][T17387] R13: 00007f39db7e6038 R14: 00007f39db7e5fa0 R15: 00007f39db90fa28 [ 742.767161][T17387] [ 743.358296][T17108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 743.383544][ T979] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 743.470242][T17108] veth0_vlan: entered promiscuous mode [ 743.525021][T17108] veth1_vlan: entered promiscuous mode [ 743.542856][ T979] usb 5-1: Using ep0 maxpacket: 16 [ 743.566039][ T979] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 743.586747][T17403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3089'. [ 743.616087][ T979] usb 5-1: config 0 has no interface number 0 [ 743.632665][ T979] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.652681][T17405] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 743.661555][ T979] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 743.665001][T17108] veth0_macvtap: entered promiscuous mode [ 743.700547][ T979] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 743.797282][ T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.829959][T17108] veth1_macvtap: entered promiscuous mode [ 743.830300][ T979] usb 5-1: config 0 descriptor?? [ 743.988570][T17108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 744.119800][T17108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 744.212450][ T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.241334][ T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.450306][ T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.479200][ T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 744.507355][ T979] usb 5-1: USB disconnect, device number 89 [ 744.838753][ T8924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 744.906017][ T8924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 745.048416][ T8924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 745.131982][ T8924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 745.218533][T17434] FAULT_INJECTION: forcing a failure. [ 745.218533][T17434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 745.246460][T17434] CPU: 1 UID: 0 PID: 17434 Comm: syz.4.3096 Not tainted syzkaller #0 PREEMPT(full) [ 745.246483][T17434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 745.246494][T17434] Call Trace: [ 745.246501][T17434] [ 745.246510][T17434] dump_stack_lvl+0x189/0x250 [ 745.246535][T17434] ? __pfx____ratelimit+0x10/0x10 [ 745.246561][T17434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 745.246580][T17434] ? __pfx__printk+0x10/0x10 [ 745.246613][T17434] should_fail_ex+0x414/0x560 [ 745.246643][T17434] _copy_to_user+0x31/0xb0 [ 745.246666][T17434] simple_read_from_buffer+0xe1/0x170 [ 745.246695][T17434] proc_fail_nth_read+0x1b3/0x220 [ 745.246718][T17434] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 745.246741][T17434] ? rw_verify_area+0x2a6/0x4d0 [ 745.246760][T17434] ? __lock_acquire+0xab9/0xd20 [ 745.246780][T17434] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 745.246802][T17434] vfs_read+0x200/0xa30 [ 745.246822][T17434] ? fdget_pos+0x247/0x320 [ 745.246842][T17434] ? __pfx___mutex_lock+0x10/0x10 [ 745.246861][T17434] ? __pfx_vfs_read+0x10/0x10 [ 745.246884][T17434] ? __fget_files+0x2a/0x420 [ 745.246904][T17434] ? __fget_files+0x3a0/0x420 [ 745.246919][T17434] ? __fget_files+0x2a/0x420 [ 745.246945][T17434] ksys_read+0x145/0x250 [ 745.246968][T17434] ? __pfx_ksys_read+0x10/0x10 [ 745.246995][T17434] ? do_syscall_64+0xbe/0x3b0 [ 745.247018][T17434] do_syscall_64+0xfa/0x3b0 [ 745.247035][T17434] ? lockdep_hardirqs_on+0x9c/0x150 [ 745.247053][T17434] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.247070][T17434] ? clear_bhb_loop+0x60/0xb0 [ 745.247090][T17434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.247106][T17434] RIP: 0033:0x7f7a7518d8dc [ 745.247123][T17434] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 745.247137][T17434] RSP: 002b:00007f7a76058030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 745.247156][T17434] RAX: ffffffffffffffda RBX: 00007f7a753e6090 RCX: 00007f7a7518d8dc [ 745.247170][T17434] RDX: 000000000000000f RSI: 00007f7a760580a0 RDI: 0000000000000007 [ 745.247182][T17434] RBP: 00007f7a76058090 R08: 0000000000000000 R09: 0000000000000000 [ 745.247193][T17434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 745.247204][T17434] R13: 00007f7a753e6128 R14: 00007f7a753e6090 R15: 00007f7a7550fa28 [ 745.247234][T17434] [ 745.805764][T17440] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3097'. [ 745.831533][T17443] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3030'. [ 746.161566][T17448] vlan0: entered promiscuous mode [ 747.332025][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.339658][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.324569][T13478] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 748.363047][T13478] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 748.374480][T13478] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 748.389983][T13478] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 748.403568][T13478] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 748.512461][T17466] vlan0: entered allmulticast mode [ 748.926089][T17483] netlink: 'syz.0.3106': attribute type 4 has an invalid length. [ 748.983418][T17485] netlink: 'syz.0.3106': attribute type 4 has an invalid length. [ 749.929790][T17474] chnl_net:caif_netlink_parms(): no params data found [ 750.462896][T13478] Bluetooth: hci5: command tx timeout [ 750.470373][T17503] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3109'. [ 750.504017][T17474] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.511220][T17474] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.520813][T17474] bridge_slave_0: entered allmulticast mode [ 750.529449][T17474] bridge_slave_0: entered promiscuous mode [ 750.539635][T17474] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.549539][T17474] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.560948][T17474] bridge_slave_1: entered allmulticast mode [ 750.568944][T17474] bridge_slave_1: entered promiscuous mode [ 750.807427][T17474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 750.880923][T17474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 750.953800][T17515] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3112'. [ 751.339770][T17474] team0: Port device team_slave_0 added [ 751.411349][T17523] netlink: 'syz.3.3114': attribute type 12 has an invalid length. [ 751.419522][T17523] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.3114'. [ 751.429913][T17474] team0: Port device team_slave_1 added [ 752.002634][T17474] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 752.021294][T17474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.129066][T17474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 752.252193][T17474] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 752.326012][T17474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.466246][T17474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 752.555433][T13478] Bluetooth: hci5: command tx timeout [ 752.830174][T17474] hsr_slave_0: entered promiscuous mode [ 752.854130][T17474] hsr_slave_1: entered promiscuous mode [ 752.865575][T17534] FAULT_INJECTION: forcing a failure. [ 752.865575][T17534] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 752.868731][T17474] debugfs: 'hsr0' already exists in 'hsr' [ 752.900754][T17534] CPU: 0 UID: 0 PID: 17534 Comm: syz.1.3118 Not tainted syzkaller #0 PREEMPT(full) [ 752.900794][T17534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 752.900816][T17534] Call Trace: [ 752.900830][T17534] [ 752.900837][T17534] dump_stack_lvl+0x189/0x250 [ 752.900861][T17534] ? __pfx____ratelimit+0x10/0x10 [ 752.900881][T17534] ? __pfx_dump_stack_lvl+0x10/0x10 [ 752.900899][T17534] ? __pfx__printk+0x10/0x10 [ 752.900920][T17534] ? __might_fault+0xb0/0x130 [ 752.900952][T17534] should_fail_ex+0x414/0x560 [ 752.900980][T17534] _copy_from_user+0x2d/0xb0 [ 752.901002][T17534] __sys_connect+0x123/0x440 [ 752.901021][T17534] ? __fget_files+0x3a0/0x420 [ 752.901038][T17534] ? __pfx___sys_connect+0x10/0x10 [ 752.901068][T17534] ? __pfx_ksys_write+0x10/0x10 [ 752.901087][T17534] ? rcu_is_watching+0x15/0xb0 [ 752.901112][T17534] __x64_sys_connect+0x7a/0x90 [ 752.901132][T17534] do_syscall_64+0xfa/0x3b0 [ 752.901150][T17534] ? lockdep_hardirqs_on+0x9c/0x150 [ 752.901168][T17534] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.901184][T17534] ? clear_bhb_loop+0x60/0xb0 [ 752.901204][T17534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.901222][T17534] RIP: 0033:0x7efeb258eec9 [ 752.901238][T17534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.901252][T17534] RSP: 002b:00007efeb338b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 752.901270][T17534] RAX: ffffffffffffffda RBX: 00007efeb27e5fa0 RCX: 00007efeb258eec9 [ 752.901284][T17534] RDX: 000000000000006e RSI: 0000200000000100 RDI: 0000000000000005 [ 752.901295][T17534] RBP: 00007efeb338b090 R08: 0000000000000000 R09: 0000000000000000 [ 752.901306][T17534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.901317][T17534] R13: 00007efeb27e6038 R14: 00007efeb27e5fa0 R15: 00007efeb290fa28 [ 752.901344][T17534] [ 752.913760][T17474] Cannot create hsr debugfs directory [ 753.200722][T17541] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3120'. [ 753.536854][T17549] netlink: 'syz.1.3119': attribute type 12 has an invalid length. [ 753.545987][T17549] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.3119'. [ 753.874829][T17557] fuse: Unknown parameter 'grou00000000000000000000' [ 754.350441][T17566] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3126'. [ 754.633848][T13478] Bluetooth: hci5: command tx timeout [ 754.671817][T17474] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.681118][T17571] FAULT_INJECTION: forcing a failure. [ 754.681118][T17571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 754.739953][T17474] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.839423][T17571] CPU: 1 UID: 0 PID: 17571 Comm: syz.1.3128 Not tainted syzkaller #0 PREEMPT(full) [ 754.839449][T17571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 754.839460][T17571] Call Trace: [ 754.839468][T17571] [ 754.839476][T17571] dump_stack_lvl+0x189/0x250 [ 754.839501][T17571] ? __pfx____ratelimit+0x10/0x10 [ 754.839520][T17571] ? __pfx_dump_stack_lvl+0x10/0x10 [ 754.839540][T17571] ? __pfx__printk+0x10/0x10 [ 754.839575][T17571] should_fail_ex+0x414/0x560 [ 754.839605][T17571] _copy_to_user+0x31/0xb0 [ 754.839628][T17571] simple_read_from_buffer+0xe1/0x170 [ 754.839656][T17571] proc_fail_nth_read+0x1b3/0x220 [ 754.839680][T17571] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 754.839703][T17571] ? rw_verify_area+0x2a6/0x4d0 [ 754.839723][T17571] ? __lock_acquire+0xab9/0xd20 [ 754.839745][T17571] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 754.839766][T17571] vfs_read+0x200/0xa30 [ 754.839786][T17571] ? fdget_pos+0x247/0x320 [ 754.839810][T17571] ? __pfx___mutex_lock+0x10/0x10 [ 754.839829][T17571] ? __pfx_vfs_read+0x10/0x10 [ 754.839853][T17571] ? __fget_files+0x2a/0x420 [ 754.839873][T17571] ? __fget_files+0x3a0/0x420 [ 754.839888][T17571] ? __fget_files+0x2a/0x420 [ 754.839914][T17571] ksys_read+0x145/0x250 [ 754.839937][T17571] ? __pfx_ksys_read+0x10/0x10 [ 754.839955][T17571] ? rcu_is_watching+0x15/0xb0 [ 754.839979][T17571] ? do_syscall_64+0xbe/0x3b0 [ 754.840001][T17571] do_syscall_64+0xfa/0x3b0 [ 754.840018][T17571] ? lockdep_hardirqs_on+0x9c/0x150 [ 754.840037][T17571] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.840055][T17571] ? clear_bhb_loop+0x60/0xb0 [ 754.840076][T17571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.840093][T17571] RIP: 0033:0x7efeb258d8dc [ 754.840109][T17571] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 754.840124][T17571] RSP: 002b:00007efeb338b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 754.840143][T17571] RAX: ffffffffffffffda RBX: 00007efeb27e5fa0 RCX: 00007efeb258d8dc [ 754.840157][T17571] RDX: 000000000000000f RSI: 00007efeb338b0a0 RDI: 0000000000000005 [ 754.840168][T17571] RBP: 00007efeb338b090 R08: 0000000000000000 R09: 0000000000000000 [ 754.840180][T17571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.840191][T17571] R13: 00007efeb27e6038 R14: 00007efeb27e5fa0 R15: 00007efeb290fa28 [ 754.840221][T17571] [ 755.155365][T17474] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.437103][T17474] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.569821][T17578] fuse: Unknown parameter '' [ 755.838349][T17474] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 755.965918][T17587] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3131'. [ 756.016892][T17474] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 756.068891][T17474] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 756.089639][T17474] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 756.598869][T17474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 756.658009][T17474] 8021q: adding VLAN 0 to HW filter on device team0 [ 756.691163][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 756.698305][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 756.709685][T13478] Bluetooth: hci5: command tx timeout [ 756.770448][T16905] bridge0: port 2(bridge_slave_1) entered blocking state [ 756.777624][T16905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 757.743437][T17474] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 757.872720][T17474] veth0_vlan: entered promiscuous mode [ 758.063645][T17614] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3137'. [ 758.099663][T17474] veth1_vlan: entered promiscuous mode [ 758.194847][T17618] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3138'. [ 759.331256][T17474] veth0_macvtap: entered promiscuous mode [ 759.415334][T17616] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3137'. [ 759.425653][T17474] veth1_macvtap: entered promiscuous mode [ 759.788152][T17474] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 759.843636][T17474] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 759.933601][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.059359][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.131225][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.168899][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.332918][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.359243][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.461404][T16905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.516440][T16905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.564002][T17636] FAULT_INJECTION: forcing a failure. [ 760.564002][T17636] name failslab, interval 1, probability 0, space 0, times 0 [ 760.595847][T17636] CPU: 0 UID: 0 PID: 17636 Comm: syz.3.3142 Not tainted syzkaller #0 PREEMPT(full) [ 760.595870][T17636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 760.595881][T17636] Call Trace: [ 760.595888][T17636] [ 760.595896][T17636] dump_stack_lvl+0x189/0x250 [ 760.595918][T17636] ? __pfx____ratelimit+0x10/0x10 [ 760.595937][T17636] ? __pfx_dump_stack_lvl+0x10/0x10 [ 760.595957][T17636] ? __pfx__printk+0x10/0x10 [ 760.595984][T17636] ? __pfx___might_resched+0x10/0x10 [ 760.596001][T17636] ? fs_reclaim_acquire+0x7d/0x100 [ 760.596022][T17636] should_fail_ex+0x414/0x560 [ 760.596047][T17636] should_failslab+0xa8/0x100 [ 760.596078][T17636] __kmalloc_noprof+0xcb/0x4f0 [ 760.596101][T17636] ? tomoyo_encode2+0x27f/0x530 [ 760.596124][T17636] tomoyo_encode2+0x27f/0x530 [ 760.596148][T17636] tomoyo_check_unix_address+0x3c3/0x7b0 [ 760.596173][T17636] ? tomoyo_check_unix_address+0x15a/0x7b0 [ 760.596191][T17636] ? __pfx_tomoyo_check_unix_address+0x10/0x10 [ 760.596223][T17636] ? __might_fault+0xb0/0x130 [ 760.596251][T17636] tomoyo_socket_connect_permission+0x1b2/0x290 [ 760.596278][T17636] security_socket_connect+0xc8/0x2b0 [ 760.596301][T17636] __sys_connect+0x231/0x440 [ 760.596321][T17636] ? __fget_files+0x3a0/0x420 [ 760.596337][T17636] ? __pfx___sys_connect+0x10/0x10 [ 760.596367][T17636] ? __pfx_ksys_write+0x10/0x10 [ 760.596387][T17636] ? rcu_is_watching+0x15/0xb0 [ 760.596412][T17636] __x64_sys_connect+0x7a/0x90 [ 760.596431][T17636] do_syscall_64+0xfa/0x3b0 [ 760.596449][T17636] ? lockdep_hardirqs_on+0x9c/0x150 [ 760.596465][T17636] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.596483][T17636] ? clear_bhb_loop+0x60/0xb0 [ 760.596504][T17636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.596521][T17636] RIP: 0033:0x7f8085f8eec9 [ 760.596537][T17636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.596551][T17636] RSP: 002b:00007f8086f13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 760.596569][T17636] RAX: ffffffffffffffda RBX: 00007f80861e5fa0 RCX: 00007f8085f8eec9 [ 760.596583][T17636] RDX: 000000000000006e RSI: 0000200000000100 RDI: 0000000000000005 [ 760.596595][T17636] RBP: 00007f8086f13090 R08: 0000000000000000 R09: 0000000000000000 [ 760.596606][T17636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 760.596616][T17636] R13: 00007f80861e6038 R14: 00007f80861e5fa0 R15: 00007f808630fa28 [ 760.596644][T17636] [ 760.621226][T17638] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3143'. [ 761.292934][ T5986] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 761.412782][ T918] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 761.424048][T17655] netlink: 'syz.4.3146': attribute type 12 has an invalid length. [ 761.432140][T17655] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.3146'. [ 761.466130][ T5986] usb 2-1: Using ep0 maxpacket: 8 [ 761.490005][ T5986] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 761.611585][ T5986] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 761.667996][ T5986] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 761.687477][ T918] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 761.733873][ T918] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 761.757677][ T5986] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 761.840326][ T918] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 761.859306][ T5986] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 761.895497][ T918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 761.939795][ T5986] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.081394][T17652] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 762.136565][ T918] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 762.347246][ T5986] usb 2-1: GET_CAPABILITIES returned 0 [ 762.357614][ T5986] usbtmc 2-1:16.0: can't read capabilities [ 762.369303][T17652] fuse: Bad value for 'fd' [ 762.469389][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 762.478054][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 762.486194][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 762.519595][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 762.532263][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 762.560711][T17645] netlink: 172 bytes leftover after parsing attributes in process `syz.1.3144'. [ 762.582301][ T5986] usb 1-1: USB disconnect, device number 95 [ 762.665747][ T979] usb 2-1: USB disconnect, device number 103 [ 763.225526][T16905] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.302014][T17677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3151'. [ 763.631243][T16905] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 764.362271][T17694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3153'. [ 764.659716][ T51] Bluetooth: hci1: command tx timeout [ 765.123823][T17703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3154'. [ 765.355539][T16905] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.024134][T17717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3157'. [ 766.289217][T16905] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.626543][T17664] chnl_net:caif_netlink_parms(): no params data found [ 766.703385][ T51] Bluetooth: hci1: command tx timeout [ 767.064296][T17743] netlink: 'syz.0.3162': attribute type 4 has an invalid length. [ 767.195010][T17750] netlink: 'syz.0.3162': attribute type 4 has an invalid length. [ 767.922630][T17764] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3164'. [ 768.080531][T17771] vlan2: entered allmulticast mode [ 768.086169][T17771] bridge0: entered allmulticast mode [ 768.647958][T17774] kvm: user requested TSC rate below hardware speed [ 768.661293][T17664] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.662357][T17664] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.662480][T17664] bridge_slave_0: entered allmulticast mode [ 768.665192][T17664] bridge_slave_0: entered promiscuous mode [ 768.666559][T17664] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.666660][T17664] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.666748][T17664] bridge_slave_1: entered allmulticast mode [ 768.667717][T17664] bridge_slave_1: entered promiscuous mode [ 768.792811][ T51] Bluetooth: hci1: command tx timeout [ 769.233648][T16905] veth0_to_bond: left allmulticast mode [ 769.281356][T16905] veth0_to_bond: left promiscuous mode [ 769.309102][T16905] bridge3: port 1(veth0_to_bond) entered disabled state [ 769.439072][T17783] fuse: Unknown parameter 'group_id00000000000000000000' [ 769.744749][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 769.744767][ T30] audit: type=1326 audit(1758684076.667:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 769.773090][ C0] vkms_vblank_simulate: vblank timer overrun [ 769.827824][ T30] audit: type=1326 audit(1758684076.667:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 769.864212][ T30] audit: type=1326 audit(1758684076.677:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.010352][ T918] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 770.107080][ T30] audit: type=1326 audit(1758684076.677:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.147683][ T30] audit: type=1326 audit(1758684076.677:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.177356][ T30] audit: type=1326 audit(1758684076.677:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.214749][ T30] audit: type=1326 audit(1758684076.677:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.248004][ T30] audit: type=1326 audit(1758684076.677:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.271850][ T30] audit: type=1326 audit(1758684076.677:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.295643][ T918] usb 5-1: Using ep0 maxpacket: 16 [ 770.305520][ T30] audit: type=1326 audit(1758684076.677:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17786 comm="syz.1.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x7ffc0000 [ 770.331509][ T918] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 32 [ 770.348311][ T918] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 770.361319][ T918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.371767][ T918] usb 5-1: Product: Ѝ [ 770.378822][ T918] usb 5-1: Manufacturer: Ы [ 770.399760][ T918] usb 5-1: SerialNumber: ⁶滔 [ 770.453792][T17791] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 770.673804][ T918] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 90 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 770.703869][ T918] usb 5-1: USB disconnect, device number 90 [ 770.745960][ T918] usblp0: removed [ 770.755541][ T5964] udevd[5964]: setting owner of /dev/usb/lp0 to uid=0, gid=7 failed: No such file or directory [ 770.873127][ T51] Bluetooth: hci1: command tx timeout [ 770.929985][T17664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 770.957443][T17664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.050181][T17811] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3176'. [ 771.082564][T16905] : left promiscuous mode [ 771.103830][T17664] team0: Port device team_slave_0 added [ 771.112609][T17664] team0: Port device team_slave_1 added [ 771.118587][ T10] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 771.163496][T16905] tipc: Disabling bearer [ 771.168988][T16905] tipc: Left network mode [ 771.280534][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 771.296353][T17664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 771.299563][T17817] trusted_key: encrypted_key: insufficient parameters specified [ 771.305809][T17664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.311484][ T979] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 771.347171][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.355854][ T10] usb 2-1: Product: syz [ 771.360063][ T10] usb 2-1: Manufacturer: syz [ 771.366013][ T10] usb 2-1: SerialNumber: syz [ 771.375313][ T10] usb 2-1: config 0 descriptor?? [ 771.390038][T17664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 771.407733][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 771.436804][T17664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 771.469806][T17664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.495695][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.509301][T17664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.542984][ T979] usb 3-1: Using ep0 maxpacket: 16 [ 771.555170][ T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 771.588293][ T979] usb 3-1: New USB device found, idVendor=046d, idProduct=0a87, bcdDevice= 0.00 [ 771.603343][T17807] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3175'. [ 771.612887][T17807] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3175'. [ 771.621858][T17807] netlink: 'syz.1.3175': attribute type 5 has an invalid length. [ 771.642779][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.674744][T17807] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3175'. [ 771.693819][ T979] usb 3-1: config 0 descriptor?? [ 771.845211][T17664] hsr_slave_0: entered promiscuous mode [ 771.862037][T17664] hsr_slave_1: entered promiscuous mode [ 771.869747][T17664] debugfs: 'hsr0' already exists in 'hsr' [ 771.880212][T17664] Cannot create hsr debugfs directory [ 771.904383][T17808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 771.930250][ T10] gspca_sunplus: reg_r err -110 [ 771.939447][T17808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 771.953714][ T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 771.967462][T17808] netlink: 'syz.2.3174': attribute type 14 has an invalid length. [ 771.978109][T17808] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3174'. [ 772.002981][ T6006] usb 5-1: new full-speed USB device number 91 using dummy_hcd [ 772.199738][ T6006] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 772.272823][ T6006] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.333328][ T6006] usb 5-1: Product: syz [ 772.354393][ T6006] usb 5-1: Manufacturer: syz [ 772.382837][ T6006] usb 5-1: SerialNumber: syz [ 772.406396][ T6006] usb 5-1: config 0 descriptor?? [ 772.559675][ T5947] usb 2-1: USB disconnect, device number 104 [ 772.632487][ T6006] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 772.838472][T16905] hsr_slave_0: left promiscuous mode [ 772.849153][T16905] hsr_slave_1: left promiscuous mode [ 772.902670][T16905] veth1_macvtap: left promiscuous mode [ 772.910659][T16905] veth0_macvtap: left promiscuous mode [ 772.917731][T16905] veth1_vlan: left promiscuous mode [ 772.924047][T16905] veth0_vlan: left promiscuous mode [ 772.982946][ T5947] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 773.162802][ T5947] usb 2-1: Using ep0 maxpacket: 32 [ 773.181248][ T5947] usb 2-1: config 0 has an invalid interface number: 83 but max is 0 [ 773.206035][ T5947] usb 2-1: config 0 has no interface number 0 [ 773.226981][ T5947] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11 [ 773.236162][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.248968][ T5947] usb 2-1: Product: syz [ 773.258421][ T5947] usb 2-1: Manufacturer: syz [ 773.275163][ T5947] usb 2-1: SerialNumber: syz [ 773.316934][ T5947] usb 2-1: config 0 descriptor?? [ 773.334762][ T5947] redrat3 2-1:0.83: Couldn't find all endpoints [ 773.841601][ T6006] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 774.027758][ T979] usbhid 3-1:0.0: can't add hid device: -71 [ 774.042660][ T979] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 774.135623][ T979] usb 3-1: USB disconnect, device number 101 [ 774.142253][T17859] fuse: Unknown parameter 'group_id00000000000000000000' [ 774.726305][T17871] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3184'. [ 774.771215][ T6006] usb 5-1: USB disconnect, device number 91 [ 774.885112][ T979] usb 2-1: USB disconnect, device number 105 [ 775.906539][T17877] vlan2: entered allmulticast mode [ 775.925389][T17877] bridge0: entered allmulticast mode [ 775.952237][T17888] veth0: entered promiscuous mode [ 776.259322][T17898] netdevsim netdevsim1: Direct firmware load for . [ 776.259322][T17898] failed with error -2 [ 776.271498][T17898] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 776.271498][T17898] [ 776.392970][ T918] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 776.425629][ T10] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 776.440558][T17902] fuse: Unknown parameter 'group_id00000000000000000000' [ 776.459791][T16905] IPVS: stop unused estimator thread 0... [ 776.555067][ T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 776.586871][ T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 776.605555][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 776.620237][ T918] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 776.625980][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 776.650063][ T918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.658922][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 776.671813][ T918] usb 1-1: config 0 descriptor?? [ 776.708935][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 776.753645][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 776.778583][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 776.802077][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 776.822422][ T10] usb 3-1: SerialNumber: syz [ 776.826221][T17910] FAULT_INJECTION: forcing a failure. [ 776.826221][T17910] name failslab, interval 1, probability 0, space 0, times 0 [ 776.850105][T17910] CPU: 1 UID: 0 PID: 17910 Comm: syz.4.3193 Not tainted syzkaller #0 PREEMPT(full) [ 776.850133][T17910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 776.850143][T17910] Call Trace: [ 776.850151][T17910] [ 776.850160][T17910] dump_stack_lvl+0x189/0x250 [ 776.850183][T17910] ? __pfx____ratelimit+0x10/0x10 [ 776.850209][T17910] ? __pfx_dump_stack_lvl+0x10/0x10 [ 776.850229][T17910] ? __pfx__printk+0x10/0x10 [ 776.850255][T17910] ? __pfx___might_resched+0x10/0x10 [ 776.850277][T17910] should_fail_ex+0x414/0x560 [ 776.850306][T17910] should_failslab+0xa8/0x100 [ 776.850331][T17910] __kmalloc_noprof+0xcb/0x4f0 [ 776.850351][T17910] ? io_cache_alloc_new+0x40/0x100 [ 776.850376][T17910] io_cache_alloc_new+0x40/0x100 [ 776.850397][T17910] io_msg_alloc_async+0x1b2/0x2d0 [ 776.850421][T17910] io_send_zc_prep+0x42f/0xa10 [ 776.850451][T17910] io_submit_sqes+0x914/0x1d30 [ 776.850511][T17910] __se_sys_io_uring_enter+0x2df/0x2b20 [ 776.850554][T17910] ? ksys_write+0x1cb/0x250 [ 776.850579][T17910] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 776.850599][T17910] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 776.850618][T17910] ? __pfx_vfs_write+0x10/0x10 [ 776.850643][T17910] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 776.850665][T17910] ? __fget_files+0x3a0/0x420 [ 776.850689][T17910] ? fput+0xa0/0xd0 [ 776.850708][T17910] ? ksys_write+0x22a/0x250 [ 776.850731][T17910] ? __pfx_ksys_write+0x10/0x10 [ 776.850748][T17910] ? rcu_is_watching+0x15/0xb0 [ 776.850772][T17910] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 776.850798][T17910] do_syscall_64+0xfa/0x3b0 [ 776.850816][T17910] ? lockdep_hardirqs_on+0x9c/0x150 [ 776.850833][T17910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.850850][T17910] ? clear_bhb_loop+0x60/0xb0 [ 776.850872][T17910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.850889][T17910] RIP: 0033:0x7f255558eec9 [ 776.850904][T17910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.850918][T17910] RSP: 002b:00007f25564bd038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 776.850935][T17910] RAX: ffffffffffffffda RBX: 00007f25557e5fa0 RCX: 00007f255558eec9 [ 776.850947][T17910] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000 [ 776.850958][T17910] RBP: 00007f25564bd090 R08: 0000000000000000 R09: 0000000000000000 [ 776.850969][T17910] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 776.850978][T17910] R13: 00007f25557e6038 R14: 00007f25557e5fa0 R15: 00007f255590fa28 [ 776.851006][T17910] [ 776.862243][ T10] hub 3-1:1.0: bad descriptor, ignoring hub [ 777.202138][ T10] hub 3-1:1.0: probe with driver hub failed with error -5 [ 777.210639][ T10] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 777.330184][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.350759][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 777.350776][ T30] audit: type=1326 audit(1758684084.287:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17913 comm="syz.1.3194" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efeb258eec9 code=0x0 [ 777.382121][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.391656][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.400475][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.413581][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.420690][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.437238][ T918] cp2112 0003:10C4:EA90.001D: unknown main item tag 0x0 [ 777.525215][ T918] cp2112 0003:10C4:EA90.001D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 777.655723][ T918] cp2112 0003:10C4:EA90.001D: Part Number: 0x00 Device Version: 0x00 [ 777.863026][ T5947] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 778.046263][ T5947] usb 2-1: config 0 has an invalid interface number: 40 but max is 0 [ 778.106102][ T5947] usb 2-1: config 0 has no interface number 0 [ 778.112246][ T5947] usb 2-1: too many endpoints for config 0 interface 40 altsetting 48: 120, using maximum allowed: 30 [ 778.187392][ T5947] usb 2-1: config 0 interface 40 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 778.251905][ T5947] usb 2-1: config 0 interface 40 has no altsetting 0 [ 778.401132][ T5947] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 778.423246][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.446890][ T5947] usb 2-1: Product: syz [ 778.458746][ T5947] usb 2-1: Manufacturer: syz [ 778.470232][ T5947] usb 2-1: SerialNumber: syz [ 778.500405][ T5947] usb 2-1: config 0 descriptor?? [ 778.604413][T17932] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3196'. [ 778.744907][T16905] bond0 (unregistering): Released all slaves [ 778.921330][T16905] bond1 (unregistering): Released all slaves [ 779.125295][T17927] veth0: left promiscuous mode [ 779.147685][T17664] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 779.193349][ T979] usb 3-1: USB disconnect, device number 102 [ 779.227609][T16905] tipc: Left network mode [ 779.237715][T17664] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 779.343053][ T918] cp2112 0003:10C4:EA90.001D: error reading lock byte: -71 [ 779.356608][T17664] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 779.380486][ T918] usb 1-1: USB disconnect, device number 96 [ 779.491552][T17664] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 779.544933][T17945] syzkaller0: entered promiscuous mode [ 779.559419][T17945] syzkaller0: entered allmulticast mode [ 779.882974][ T918] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 779.938806][T17964] fuse: Bad value for 'user_id' [ 779.944289][T17964] fuse: Bad value for 'user_id' [ 780.062935][ T918] usb 1-1: Using ep0 maxpacket: 32 [ 780.119550][ T918] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 780.159277][ T918] usb 1-1: config 0 interface 0 has no altsetting 0 [ 780.187470][T17664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.195349][ T918] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 780.221544][ T918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.272823][T17664] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.290991][ T918] usb 1-1: config 0 descriptor?? [ 780.321273][T17971] netdevsim netdevsim2: Direct firmware load for . [ 780.321273][T17971] failed with error -2 [ 780.396059][T17971] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 780.396059][T17971] [ 780.459195][ T5947] usb 2-1: USB disconnect, device number 106 [ 780.459655][ T4816] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.472369][ T4816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.560426][ T918] usbhid 1-1:0.0: can't add hid device: -71 [ 780.585124][ T918] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 780.633936][ T918] usb 1-1: USB disconnect, device number 97 [ 780.680312][ T4816] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.687512][ T4816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 780.738269][T17978] netlink: 'syz.1.3204': attribute type 4 has an invalid length. [ 780.840941][T17979] netlink: 'syz.1.3204': attribute type 4 has an invalid length. [ 780.915058][T16905] hsr_slave_0: left promiscuous mode [ 780.920925][T16905] hsr_slave_1: left promiscuous mode [ 780.956221][T17978] block nbd0: Attempted send on invalid socket [ 780.972458][T16905] veth1_macvtap: left promiscuous mode [ 780.978628][T16905] veth0_macvtap: left promiscuous mode [ 780.984879][T17978] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 780.994618][T16905] veth1_vlan: left promiscuous mode [ 781.006718][T16905] veth0_vlan: left promiscuous mode [ 781.153208][ T918] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 781.343120][ T918] usb 1-1: Using ep0 maxpacket: 16 [ 781.372287][ T918] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 781.384182][ T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 781.408622][ T918] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 781.418677][ T918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.439623][ T918] usb 1-1: Product: syz [ 781.454804][ T918] usb 1-1: Manufacturer: syz [ 781.459411][ T918] usb 1-1: SerialNumber: syz [ 781.469397][ T918] usb 1-1: config 0 descriptor?? [ 781.478270][ T918] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 781.489474][ T30] audit: type=1326 audit(1758684088.447:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.545772][ T30] audit: type=1326 audit(1758684088.457:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.568476][ T918] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 781.580560][ T30] audit: type=1326 audit(1758684088.457:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.611636][ T30] audit: type=1326 audit(1758684088.457:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.657096][ T30] audit: type=1326 audit(1758684088.457:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.692224][ T30] audit: type=1326 audit(1758684088.467:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.740358][ T30] audit: type=1326 audit(1758684088.467:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.784609][ T30] audit: type=1326 audit(1758684088.467:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 781.811643][ T30] audit: type=1326 audit(1758684088.467:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17984 comm="syz.4.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255558eec9 code=0x7ffc0000 [ 782.085702][T17992] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3207'. [ 782.094911][ T918] em28xx 1-1:0.0: unknown em28xx chip ID (64) [ 782.295520][ T918] em28xx 1-1:0.0: Config register raw data: 0x20 [ 782.301889][ T918] em28xx 1-1:0.0: I2S Audio (3 sample rate(s)) [ 782.349027][ T918] em28xx 1-1:0.0: No AC97 audio processor [ 782.360195][T17995] mmap: syz.4.3208 (17995): VmData 37724160 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 782.504541][ T918] usb 1-1: USB disconnect, device number 98 [ 783.047362][T18006] fuse: Bad value for 'user_id' [ 783.087275][T18006] fuse: Bad value for 'user_id' [ 784.055185][ T979] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 784.140854][T18017] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 784.243194][ T979] usb 1-1: Using ep0 maxpacket: 32 [ 784.267267][ T979] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 784.292773][ T979] usb 1-1: config 0 has no interface number 0 [ 784.353422][ T979] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 784.447618][ T979] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 784.473468][ T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.001586][ T979] usb 1-1: Product: syz [ 785.005875][ T979] usb 1-1: Manufacturer: syz [ 785.010479][ T979] usb 1-1: SerialNumber: syz [ 785.020203][ T979] usb 1-1: config 0 descriptor?? [ 785.040104][ T979] radio-si470x 1-1:0.35: could not find interrupt in endpoint [ 785.059524][ T979] radio-si470x 1-1:0.35: probe with driver radio-si470x failed with error -5 [ 785.101694][T17664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 785.112991][ T5947] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 785.232050][ T979] radio-raremono 1-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 785.288882][ T5947] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 785.299726][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.532341][ T979] radio-raremono 1-1:0.35: V4L2 device registered as radio48 [ 785.556717][ T5947] usb 2-1: Product: syz [ 785.597036][ T5947] usb 2-1: Manufacturer: syz [ 785.653246][ T5947] usb 2-1: SerialNumber: syz [ 785.768796][T17664] veth0_vlan: entered promiscuous mode [ 785.889225][T17664] veth1_vlan: entered promiscuous mode [ 785.990726][T17664] veth0_macvtap: entered promiscuous mode [ 786.006135][T18051] fuse: Bad value for 'user_id' [ 786.026754][T18051] fuse: Bad value for 'user_id' [ 786.035292][T17664] veth1_macvtap: entered promiscuous mode [ 786.096892][T17664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.116356][T17664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.139056][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.190776][ T4816] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.210975][ T4816] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.236541][ T4816] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.352891][ T4816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.371022][ T4816] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.421397][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.438344][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.473328][ T5986] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 786.632825][ T5986] usb 5-1: Using ep0 maxpacket: 8 [ 786.646853][ T5986] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 786.668407][ T5986] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.712269][ T5986] pvrusb2: Hardware description: Terratec Grabster AV400 [ 786.725465][ T5947] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 786.742306][ T5947] cdc_ncm 2-1:1.0: setting tx_max = 32 [ 786.749546][ T5986] pvrusb2: ********** [ 786.760923][ T5986] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 786.779953][ T5986] pvrusb2: Important functionality might not be entirely working. [ 786.793723][ T5986] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 786.807452][ T5986] pvrusb2: ********** [ 786.879065][ T918] usb 1-1: USB disconnect, device number 99 [ 786.886699][ T918] radio-raremono 1-1:0.35: Thanko's Raremono disconnected [ 786.908111][ T2345] pvrusb2: Invalid write control endpoint [ 787.038089][ T2345] pvrusb2: Invalid write control endpoint [ 787.044891][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 787.070547][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 787.098309][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 787.120576][ T2345] pvrusb2: Device being rendered inoperable [ 787.129078][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 787.129864][T18077] FAULT_INJECTION: forcing a failure. [ 787.129864][T18077] name failslab, interval 1, probability 0, space 0, times 0 [ 787.141159][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 787.149860][T18077] CPU: 1 UID: 0 PID: 18077 Comm: syz.2.3225 Not tainted syzkaller #0 PREEMPT(full) [ 787.149882][T18077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 787.149891][T18077] Call Trace: [ 787.149902][T18077] [ 787.149910][T18077] dump_stack_lvl+0x189/0x250 [ 787.149935][T18077] ? __pfx____ratelimit+0x10/0x10 [ 787.149954][T18077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 787.149974][T18077] ? __pfx__printk+0x10/0x10 [ 787.149997][T18077] ? __pfx___might_resched+0x10/0x10 [ 787.150014][T18077] ? fs_reclaim_acquire+0x7d/0x100 [ 787.150035][T18077] should_fail_ex+0x414/0x560 [ 787.150062][T18077] should_failslab+0xa8/0x100 [ 787.150085][T18077] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 787.150107][T18077] ? __alloc_skb+0x112/0x2d0 [ 787.150129][T18077] __alloc_skb+0x112/0x2d0 [ 787.150151][T18077] sock_wmalloc+0xb2/0x130 [ 787.150174][T18077] unix_stream_connect+0x3e2/0x1010 [ 787.150204][T18077] ? bpf_lsm_socket_connect+0x9/0x20 [ 787.150225][T18077] __sys_connect+0x316/0x440 [ 787.150243][T18077] ? __fget_files+0x3a0/0x420 [ 787.150259][T18077] ? __pfx___sys_connect+0x10/0x10 [ 787.150289][T18077] ? __pfx_ksys_write+0x10/0x10 [ 787.150307][T18077] ? rcu_is_watching+0x15/0xb0 [ 787.150332][T18077] __x64_sys_connect+0x7a/0x90 [ 787.150351][T18077] do_syscall_64+0xfa/0x3b0 [ 787.150370][T18077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.150385][T18077] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 787.150402][T18077] ? clear_bhb_loop+0x60/0xb0 [ 787.150422][T18077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.150438][T18077] RIP: 0033:0x7f69e5d8eec9 [ 787.150454][T18077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.150467][T18077] RSP: 002b:00007f69e6bb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 787.150486][T18077] RAX: ffffffffffffffda RBX: 00007f69e5fe5fa0 RCX: 00007f69e5d8eec9 [ 787.150505][T18077] RDX: 000000000000006e RSI: 0000200000000100 RDI: 0000000000000005 [ 787.150516][T18077] RBP: 00007f69e6bb3090 R08: 0000000000000000 R09: 0000000000000000 [ 787.150527][T18077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 787.150538][T18077] R13: 00007f69e5fe6038 R14: 00007f69e5fe5fa0 R15: 00007f69e610fa28 [ 787.150565][T18077] [ 787.181137][ T2345] pvrusb2: Attached sub-driver cx25840 [ 787.347397][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 787.352017][ T5947] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 787.402561][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 787.464758][ T979] usb 2-1: USB disconnect, device number 107 [ 787.497978][ T979] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 787.890216][T18089] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 788.123137][T18094] fuse: Bad value for 'fd' [ 788.915555][T18112] netlink: 'syz.2.3235': attribute type 12 has an invalid length. [ 788.923562][T18112] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.3235'. [ 789.022826][ T979] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 789.259529][T18116] vlan2: entered allmulticast mode [ 789.271277][T13968] usb 5-1: USB disconnect, device number 92 [ 789.295471][ T979] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 789.314348][T18116] bridge0: entered allmulticast mode [ 789.331901][ T979] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 789.427874][ T979] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 789.489474][ T979] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 789.610449][ T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.929496][ T979] usb 2-1: config 0 descriptor?? [ 790.016420][ T979] em28xx 2-1:0.0: New device @ 480 Mbps (2040:1605, interface 0, class 0) [ 790.192767][ T979] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 790.301061][ T979] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 790.312070][ T979] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 790.319787][ T979] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 790.342920][ T979] em28xx 2-1:0.0: No AC97 audio processor [ 790.360224][T18134] vlan2: entered allmulticast mode [ 790.419446][ T979] usb 2-1: USB disconnect, device number 108 [ 790.431862][ T979] em28xx 2-1:0.0: Disconnecting em28xx [ 790.451415][ T979] em28xx 2-1:0.0: Freeing device [ 790.538641][T18139] fuse: Bad value for 'fd' [ 790.646814][T18142] binder: 18140:18142 ioctl 400c620e 200000000380 returned -22 [ 790.680548][T18142] usb usb8: usbfs: process 18142 (syz.3.3244) did not claim interface 0 before use [ 790.771403][ T9] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 790.809862][T18145] netlink: 'syz.0.3246': attribute type 9 has an invalid length. [ 790.818007][T18145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3246'. [ 790.939971][ T9] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 790.950632][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.983817][ T9] usb 3-1: Product: syz [ 791.063106][ T9] usb 3-1: Manufacturer: syz [ 791.082775][ T5947] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 791.172980][ T9] usb 3-1: SerialNumber: syz [ 791.180557][ T9] usb 3-1: config 0 descriptor?? [ 791.256940][T18151] AppArmor: change_hat: Invalid input '0x00' [ 791.324907][ T5947] usb 1-1: device descriptor read/64, error -71 [ 791.399555][ T9] usb 3-1: USB disconnect, device number 103 [ 791.823576][ T5947] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 792.132767][ T5947] usb 1-1: device descriptor read/64, error -71 [ 792.269715][ T5947] usb usb1-port1: attempt power cycle [ 792.309918][T18165] tipc: Started in network mode [ 792.320190][T18165] tipc: Node identity 56169c81a603, cluster identity 4711 [ 792.331999][T18165] tipc: Enabled bearer , priority 0 [ 792.344181][T18165] syzkaller0: entered promiscuous mode [ 792.349727][T18165] syzkaller0: entered allmulticast mode [ 792.370051][T18165] tipc: Resetting bearer [ 792.400226][T18164] tipc: Resetting bearer [ 792.572538][T18164] tipc: Disabling bearer [ 792.632782][ T5947] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 792.653466][ T5947] usb 1-1: device descriptor read/8, error -71 [ 792.892872][ T5947] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 792.964977][ T5947] usb 1-1: device descriptor read/8, error -71 [ 793.113982][ T5947] usb usb1-port1: unable to enumerate USB device [ 793.163005][T18175] fuse: Bad value for 'fd' [ 793.832529][T18180] netlink: 'syz.1.3252': attribute type 12 has an invalid length. [ 793.840976][T18180] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.3252'. [ 794.229135][ T10] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 794.259570][T18188] vlan2: entered allmulticast mode [ 794.434424][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 794.464811][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 794.514380][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 794.549689][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.590285][ T10] usb 5-1: Product: syz [ 794.593681][ T5947] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 794.622371][ T10] usb 5-1: Manufacturer: syz [ 794.632502][ T10] usb 5-1: SerialNumber: syz [ 794.763589][T18193] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3258'. [ 794.772908][ T5947] usb 1-1: Using ep0 maxpacket: 32 [ 794.803265][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 794.820421][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 794.843866][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 794.848255][T18182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 794.872557][ T5947] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 794.883228][T18182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 794.902431][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.902549][ T10] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 794.942084][ T5947] usb 1-1: config 0 descriptor?? [ 794.957791][T18191] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 794.967793][ T5947] hub 1-1:0.0: USB hub found [ 795.038083][ T10] usb 5-1: USB disconnect, device number 93 [ 795.173969][ T5947] hub 1-1:0.0: 2 ports detected [ 795.413061][ T10] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 795.440439][ T979] usb 2-1: new low-speed USB device number 109 using dummy_hcd [ 795.552820][ T10] usb 5-1: device descriptor read/64, error -71 [ 795.615568][ T979] usb 2-1: Invalid ep0 maxpacket: 64 [ 795.621894][ T5947] hub 1-1:0.0: set hub depth failed [ 795.631692][ T5947] usb 1-1: USB disconnect, device number 104 [ 795.773025][ T979] usb 2-1: new low-speed USB device number 110 using dummy_hcd [ 795.873007][ T10] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 796.093539][ T979] usb 2-1: Invalid ep0 maxpacket: 64 [ 796.099380][ T979] usb usb2-port1: attempt power cycle [ 796.222922][ T10] usb 5-1: device descriptor read/64, error -71 [ 796.333057][ T10] usb usb5-port1: attempt power cycle [ 796.375166][T18208] tipc: Started in network mode [ 796.380148][T18208] tipc: Node identity 92da55e9c18, cluster identity 4711 [ 796.389418][T18208] tipc: Enabled bearer , priority 0 [ 796.398433][T18208] syzkaller0: entered promiscuous mode [ 796.405408][T18208] syzkaller0: entered allmulticast mode [ 796.417634][T18208] tipc: Resetting bearer [ 796.426138][T18207] tipc: Resetting bearer [ 796.440964][T18207] tipc: Disabling bearer [ 796.448478][ T979] usb 2-1: new low-speed USB device number 111 using dummy_hcd [ 796.473334][ T979] usb 2-1: Invalid ep0 maxpacket: 64 [ 796.595963][T18215] fuse: Bad value for 'fd' [ 796.606564][ T979] usb 2-1: new low-speed USB device number 112 using dummy_hcd [ 796.633346][ T979] usb 2-1: Invalid ep0 maxpacket: 64 [ 796.643738][ T979] usb usb2-port1: unable to enumerate USB device [ 796.672787][ T10] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 796.693270][ T10] usb 5-1: device descriptor read/8, error -71 [ 796.770184][T18220] netdevsim netdevsim3: Direct firmware load for . [ 796.770184][T18220] failed with error -2 [ 796.781256][T18220] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 796.781256][T18220] [ 797.682886][ T10] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 798.531012][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 798.564853][T18233] AppArmor: change_hat: Invalid input '0x00' [ 798.701503][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 798.736140][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 798.748235][ T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 798.763191][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.824892][ T10] usb 5-1: config 0 descriptor?? [ 798.843627][ T10] hub 5-1:0.0: USB hub found [ 799.044517][ T10] hub 5-1:0.0: 26 ports detected [ 799.050290][ T10] hub 5-1:0.0: insufficient power available to use all downstream ports [ 799.202880][ T5946] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 799.255527][ T10] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 799.255559][ T10] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 799.271419][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 799.271481][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 799.293527][ T10] usb 5-1: USB disconnect, device number 97 [ 799.342836][ T5946] usb 3-1: device descriptor read/64, error -71 [ 799.540897][T18255] hsr0: entered promiscuous mode [ 799.657919][ T5946] usb 3-1: new full-speed USB device number 105 using dummy_hcd [ 799.710771][T18258] fuse: Bad value for 'fd' [ 799.940346][ T5946] usb 3-1: device descriptor read/64, error -71 [ 800.053351][ T5946] usb usb3-port1: attempt power cycle [ 800.432914][ T5946] usb 3-1: new full-speed USB device number 106 using dummy_hcd [ 800.473447][ T5946] usb 3-1: device descriptor read/8, error -71 [ 800.714699][ T5946] usb 3-1: new full-speed USB device number 107 using dummy_hcd [ 800.764054][ T5946] usb 3-1: device descriptor read/8, error -71 [ 800.920120][ T5946] usb usb3-port1: unable to enumerate USB device [ 802.213799][T18288] overlayfs: missing 'lowerdir' [ 802.377292][T18292] fuse: Bad value for 'fd' [ 802.386848][T18293] fuse: Bad value for 'fd' [ 802.403460][T18256] hsr0: left promiscuous mode [ 802.898989][T18305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3291'. [ 803.355876][T13968] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 803.409218][T18312] netlink: 'syz.4.3294': attribute type 4 has an invalid length. [ 803.437221][T18312] netlink: 'syz.4.3294': attribute type 4 has an invalid length. [ 804.060790][T18322] syzkaller0: entered promiscuous mode [ 804.071496][T13968] usb 4-1: Using ep0 maxpacket: 32 [ 804.077059][T18322] syzkaller0: entered allmulticast mode [ 804.090862][T13968] usb 4-1: unable to get BOS descriptor or descriptor too short [ 804.101783][T13968] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 804.331568][T13968] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 804.348001][T13968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.358048][T13968] usb 4-1: Product: syz [ 804.362291][T13968] usb 4-1: Manufacturer: syz [ 804.396190][T13968] usb 4-1: SerialNumber: syz [ 804.860731][T13968] usb 4-1: Invalid number of CPorts: 0 [ 804.877143][T13968] es2_ap_driver 4-1:7.0: probe with driver es2_ap_driver failed with error -22 [ 805.094296][T18344] FAULT_INJECTION: forcing a failure. [ 805.094296][T18344] name failslab, interval 1, probability 0, space 0, times 0 [ 805.141223][T18344] CPU: 1 UID: 0 PID: 18344 Comm: syz.1.3303 Not tainted syzkaller #0 PREEMPT(full) [ 805.141246][T18344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 805.141257][T18344] Call Trace: [ 805.141265][T18344] [ 805.141273][T18344] dump_stack_lvl+0x189/0x250 [ 805.141297][T18344] ? __pfx____ratelimit+0x10/0x10 [ 805.141316][T18344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 805.141335][T18344] ? __pfx__printk+0x10/0x10 [ 805.141362][T18344] ? __pfx___might_resched+0x10/0x10 [ 805.141378][T18344] ? fs_reclaim_acquire+0x7d/0x100 [ 805.141399][T18344] should_fail_ex+0x414/0x560 [ 805.141428][T18344] should_failslab+0xa8/0x100 [ 805.141452][T18344] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 805.141475][T18344] ? __alloc_skb+0x112/0x2d0 [ 805.141497][T18344] __alloc_skb+0x112/0x2d0 [ 805.141529][T18344] netlink_ack+0x146/0xa50 [ 805.141545][T18344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 805.141571][T18344] ? __asan_memcpy+0x40/0x70 [ 805.141588][T18344] ? __pfx_ref_tracker_free+0x10/0x10 [ 805.141612][T18344] netlink_rcv_skb+0x28c/0x470 [ 805.141628][T18344] ? __lock_acquire+0xab9/0xd20 [ 805.141651][T18344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 805.141673][T18344] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 805.141710][T18344] ? down_read+0x1ad/0x2e0 [ 805.141733][T18344] genl_rcv+0x28/0x40 [ 805.141752][T18344] netlink_unicast+0x82c/0x9e0 [ 805.141784][T18344] ? __pfx_netlink_unicast+0x10/0x10 [ 805.141807][T18344] ? netlink_sendmsg+0x642/0xb30 [ 805.141823][T18344] ? skb_put+0x11b/0x210 [ 805.141845][T18344] netlink_sendmsg+0x805/0xb30 [ 805.141873][T18344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 805.141895][T18344] ? aa_sock_msg_perm+0xf1/0x1d0 [ 805.141915][T18344] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 805.141932][T18344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 805.141952][T18344] __sock_sendmsg+0x21c/0x270 [ 805.141978][T18344] ____sys_sendmsg+0x505/0x830 [ 805.142005][T18344] ? __pfx_____sys_sendmsg+0x10/0x10 [ 805.142035][T18344] ? import_iovec+0x74/0xa0 [ 805.142060][T18344] ___sys_sendmsg+0x21f/0x2a0 [ 805.142083][T18344] ? __pfx____sys_sendmsg+0x10/0x10 [ 805.142110][T18344] ? rcu_read_lock_any_held+0xb3/0x120 [ 805.142141][T18344] ? sb_end_write+0xe9/0x1c0 [ 805.142172][T18344] ? __pfx_vfs_write+0x10/0x10 [ 805.142204][T18344] __x64_sys_sendmsg+0x19b/0x260 [ 805.142228][T18344] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 805.142258][T18344] ? __pfx_ksys_write+0x10/0x10 [ 805.142276][T18344] ? rcu_is_watching+0x15/0xb0 [ 805.142299][T18344] ? do_syscall_64+0xbe/0x3b0 [ 805.142322][T18344] do_syscall_64+0xfa/0x3b0 [ 805.142339][T18344] ? lockdep_hardirqs_on+0x9c/0x150 [ 805.142357][T18344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.142374][T18344] ? clear_bhb_loop+0x60/0xb0 [ 805.142395][T18344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.142411][T18344] RIP: 0033:0x7efeb258eec9 [ 805.142428][T18344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.142443][T18344] RSP: 002b:00007efeb338b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 805.142463][T18344] RAX: ffffffffffffffda RBX: 00007efeb27e5fa0 RCX: 00007efeb258eec9 [ 805.142476][T18344] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 000000000000000b [ 805.142488][T18344] RBP: 00007efeb338b090 R08: 0000000000000000 R09: 0000000000000000 [ 805.142498][T18344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.142508][T18344] R13: 00007efeb27e6038 R14: 00007efeb27e5fa0 R15: 00007efeb290fa28 [ 805.142543][T18344] [ 805.551461][T18351] FAULT_INJECTION: forcing a failure. [ 805.551461][T18351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 805.598036][T18351] CPU: 1 UID: 0 PID: 18351 Comm: syz.0.3305 Not tainted syzkaller #0 PREEMPT(full) [ 805.598059][T18351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 805.598071][T18351] Call Trace: [ 805.598078][T18351] [ 805.598086][T18351] dump_stack_lvl+0x189/0x250 [ 805.598110][T18351] ? __pfx____ratelimit+0x10/0x10 [ 805.598129][T18351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 805.598148][T18351] ? __pfx__printk+0x10/0x10 [ 805.598186][T18351] should_fail_ex+0x414/0x560 [ 805.598215][T18351] _copy_to_user+0x31/0xb0 [ 805.598240][T18351] simple_read_from_buffer+0xe1/0x170 [ 805.598268][T18351] proc_fail_nth_read+0x1b3/0x220 [ 805.598290][T18351] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 805.598312][T18351] ? rw_verify_area+0x2a6/0x4d0 [ 805.598331][T18351] ? __lock_acquire+0xab9/0xd20 [ 805.598351][T18351] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 805.598371][T18351] vfs_read+0x200/0xa30 [ 805.598390][T18351] ? fdget_pos+0x247/0x320 [ 805.598410][T18351] ? __pfx___mutex_lock+0x10/0x10 [ 805.598429][T18351] ? __pfx_vfs_read+0x10/0x10 [ 805.598452][T18351] ? __fget_files+0x2a/0x420 [ 805.598480][T18351] ? __fget_files+0x3a0/0x420 [ 805.598494][T18351] ? __fget_files+0x2a/0x420 [ 805.598519][T18351] ksys_read+0x145/0x250 [ 805.598541][T18351] ? __pfx_ksys_read+0x10/0x10 [ 805.598559][T18351] ? rcu_is_watching+0x15/0xb0 [ 805.598582][T18351] ? do_syscall_64+0xbe/0x3b0 [ 805.598604][T18351] do_syscall_64+0xfa/0x3b0 [ 805.598620][T18351] ? lockdep_hardirqs_on+0x9c/0x150 [ 805.598637][T18351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.598655][T18351] ? clear_bhb_loop+0x60/0xb0 [ 805.598675][T18351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.598691][T18351] RIP: 0033:0x7f39db58d8dc [ 805.598707][T18351] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 805.598720][T18351] RSP: 002b:00007f39dc474030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 805.598739][T18351] RAX: ffffffffffffffda RBX: 00007f39db7e5fa0 RCX: 00007f39db58d8dc [ 805.598752][T18351] RDX: 000000000000000f RSI: 00007f39dc4740a0 RDI: 0000000000000006 [ 805.598762][T18351] RBP: 00007f39dc474090 R08: 0000000000000000 R09: 0000000000000000 [ 805.598772][T18351] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 805.598783][T18351] R13: 00007f39db7e6038 R14: 00007f39db7e5fa0 R15: 00007f39db90fa28 [ 805.598812][T18351] [ 805.969773][T18362] netdevsim netdevsim1: Direct firmware load for . [ 805.969773][T18362] failed with error -2 [ 805.980467][T18362] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 805.980467][T18362] [ 806.318483][T18367] syzkaller0: entered promiscuous mode [ 806.327313][T18367] syzkaller0: entered allmulticast mode [ 806.614023][ T5947] usb 4-1: USB disconnect, device number 116 [ 807.515690][T18396] vlan2: entered allmulticast mode [ 807.532781][ T5947] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 807.682801][ T5946] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 807.717129][ T5947] usb 4-1: Using ep0 maxpacket: 16 [ 807.724001][ T5947] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 807.736538][ T5947] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 807.780725][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 807.831594][ T5947] usb 4-1: Manufacturer: syz [ 807.849011][ T5947] usb 4-1: SerialNumber: syz [ 807.857333][ T5946] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 807.872529][ T5946] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 807.889978][ T5946] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 807.899999][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 807.914052][ T5946] usb 2-1: SerialNumber: syz [ 807.951075][ T5947] usb 4-1: config 0 descriptor?? [ 808.374604][T18407] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(15) [ 808.381887][T18407] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 808.482062][T18407] vhci_hcd vhci_hcd.0: Device attached [ 808.485187][T18410] netdevsim netdevsim1: Direct firmware load for nel/config failed with error -2 [ 808.541453][T18410] netdevsim netdevsim1: Falling back to sysfs fallback for: nel/config [ 808.588111][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.594879][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.702951][ T43] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 809.223010][ T10] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 809.372817][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 809.379369][ T10] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 809.387971][ T10] usb 5-1: config 0 has no interface number 0 [ 809.395984][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 809.410617][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.420194][ T10] usb 5-1: Product: syz [ 809.431262][ T10] usb 5-1: Manufacturer: syz [ 809.436221][ T10] usb 5-1: SerialNumber: syz [ 809.446126][ T10] usb 5-1: config 0 descriptor?? [ 809.459266][ T10] smsc95xx v2.0.0 [ 809.587803][T18420] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3326'. [ 809.652786][T13968] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 809.812785][T13968] usb 3-1: Using ep0 maxpacket: 32 [ 809.828745][T13968] usb 3-1: too many endpoints for config 64 interface 0 altsetting 8: 33, using maximum allowed: 30 [ 809.841969][T13968] usb 3-1: config 64 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 809.854094][T13968] usb 3-1: config 64 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 809.867801][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 809.881075][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 809.891162][T13968] usb 3-1: config 64 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 809.904968][T13968] usb 3-1: config 64 interface 0 has no altsetting 0 [ 809.911782][T13968] usb 3-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 809.922466][T13968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.518662][T18408] vhci_hcd: connection reset by peer [ 810.538251][ T5946] usb 2-1: 0:2 : does not exist [ 810.570373][ T5946] usb 2-1: USB disconnect, device number 113 [ 810.572372][ T5986] usb 4-1: USB disconnect, device number 117 [ 810.622805][T13478] Bluetooth: hci4: command 0x0406 tx timeout [ 810.629469][T16905] vhci_hcd: stop threads [ 810.645137][T16905] vhci_hcd: release socket [ 810.715823][T16905] vhci_hcd: disconnect device [ 810.717048][ T5964] udevd[5964]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 810.832359][T18428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 810.880242][T18428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 811.152891][ T5986] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 811.446936][ T5986] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 811.609397][ T5986] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 811.715707][ T5986] usb 4-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 811.766269][ T5986] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.846338][ T5986] usb 4-1: config 0 descriptor?? [ 812.076091][ T5986] usbhid 4-1:0.0: can't add hid device: -71 [ 812.087297][ T5986] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 812.154172][ T5986] usb 4-1: USB disconnect, device number 118 [ 812.412606][T13968] usbhid 3-1:64.0: can't add hid device: -71 [ 812.496679][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 812.522066][T13968] usbhid 3-1:64.0: probe with driver usbhid failed with error -71 [ 812.538423][ T10] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 812.566626][T13968] usb 3-1: USB disconnect, device number 108 [ 812.601195][ T10] usb 5-1: USB disconnect, device number 98 [ 812.691715][T18443] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3335'. [ 812.885734][T18451] macvlan2: entered promiscuous mode [ 812.891151][T18451] macvlan2: entered allmulticast mode [ 812.899453][T18451] gretap0: entered allmulticast mode [ 812.907440][ T5986] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 812.943079][ T10] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 813.012853][T13968] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 813.072795][ T5986] usb 2-1: Using ep0 maxpacket: 32 [ 813.080002][ T5986] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 813.092990][ T5986] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.105118][ T5986] usb 2-1: config 0 descriptor?? [ 813.115547][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.137614][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 813.152419][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 813.162606][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.185820][T13968] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 813.195896][ T10] usb 5-1: config 0 descriptor?? [ 813.212568][T13968] usb 4-1: config 0 has no interface number 0 [ 813.223461][T13968] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.261422][T13968] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 813.271567][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 813.271581][ T30] audit: type=1326 audit(1758684120.207:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.301825][T13968] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 813.313821][T13968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.322065][ T5986] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 813.325231][T13968] usb 4-1: config 0 descriptor?? [ 813.343068][ T30] audit: type=1326 audit(1758684120.217:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.376408][ T5986] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 813.377296][ T30] audit: type=1326 audit(1758684120.217:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.389574][ T5986] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 813.463665][T18455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3340'. [ 813.467384][ T5986] usb 2-1: media controller created [ 813.479056][T18455] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 813.499141][ T30] audit: type=1326 audit(1758684120.217:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.523288][ T30] audit: type=1326 audit(1758684120.247:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.555490][T18441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 813.562230][ T30] audit: type=1326 audit(1758684120.247:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39db58eec9 code=0x7ffc0000 [ 813.579654][ T5986] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 813.603597][T18441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 813.606165][T18462] netlink: 'syz.2.3342': attribute type 11 has an invalid length. [ 813.652829][ T30] audit: type=1326 audit(1758684120.367:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39db58eacb code=0x7ffc0000 [ 813.684937][ T10] pyra 0003:1E7D:2CF6.001E: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0 [ 813.691112][ T30] audit: type=1326 audit(1758684120.367:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39db58eacb code=0x7ffc0000 [ 813.769453][ T30] audit: type=1326 audit(1758684120.367:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39db58eacb code=0x7ffc0000 [ 813.799253][ T30] audit: type=1326 audit(1758684120.367:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18454 comm="syz.0.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f39db58eacb code=0x7ffc0000 [ 813.799313][T18468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3343'. [ 813.823775][ T43] vhci_hcd: vhci_device speed not set [ 813.869834][ T5986] az6027: usb out operation failed. (-71) [ 813.885162][ T5986] az6027: usb out operation failed. (-71) [ 813.901172][ T5986] stb0899_attach: Driver disabled by Kconfig [ 813.921418][ T5986] az6027: no front-end attached [ 813.921418][ T5986] [ 813.937368][T13968] input: HID 04d9:a055 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:04D9:A055.001F/input/input51 [ 813.945328][ T5986] az6027: usb out operation failed. (-71) [ 813.965763][ T5986] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 814.005721][ T5986] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input52 [ 814.081726][ T5986] dvb-usb: schedule remote query interval to 400 msecs. [ 814.109290][ T5986] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 814.110201][T13968] holtek_kbd 0003:04D9:A055.001F: input,hidraw1: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.3-1/input1 [ 814.135313][ T5986] usb 2-1: USB disconnect, device number 114 [ 814.234013][T13968] usb 4-1: USB disconnect, device number 119 [ 814.357995][T18471] fido_id[18471]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 814.375596][ T5986] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 814.739443][T18492] syzkaller0: entered promiscuous mode [ 814.749489][T18492] syzkaller0: entered allmulticast mode [ 814.924696][ T10] pyra 0003:1E7D:2CF6.001E: couldn't init struct pyra_device [ 814.932290][ T10] pyra 0003:1E7D:2CF6.001E: couldn't install mouse [ 814.946011][ T10] pyra 0003:1E7D:2CF6.001E: probe with driver pyra failed with error -71 [ 814.966027][ T10] usb 5-1: USB disconnect, device number 99 [ 814.975391][T18497] netdevsim netdevsim3: Direct firmware load for . [ 814.975391][T18497] failed with error -2 [ 814.988655][T18497] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 814.988655][T18497] [ 816.527173][ T10] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 816.708879][ T10] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 816.717704][ T10] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 816.728062][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 816.737333][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 816.751920][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 816.766376][ T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 816.782902][ T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 816.792050][ T10] usb 3-1: Product: syz [ 816.796814][ T10] usb 3-1: Manufacturer: syz [ 816.850861][T13968] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 816.941519][T18527] netlink: 'syz.3.3362': attribute type 4 has an invalid length. [ 817.003420][T18528] netlink: 'syz.3.3362': attribute type 4 has an invalid length. [ 817.114383][T18528] block nbd0: Attempted send on invalid socket [ 817.127982][T18528] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 817.137428][T13968] usb 2-1: Using ep0 maxpacket: 8 [ 817.253747][T13968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 817.267161][T13968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 817.285245][T13968] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 817.300075][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 817.315600][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 817.322140][T13968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 817.337476][ T10] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 817.355834][T13968] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 817.366143][ T10] cdc_wdm 3-1:1.0: Unknown control protocol [ 817.385050][T13968] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 817.397348][T13968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.421434][T13968] usb 2-1: config 0 descriptor?? [ 817.430431][T18515] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 817.855116][T18515] ------------[ cut here ]------------ [ 817.860614][T18515] WARNING: CPU: 1 PID: 18515 at arch/x86/kvm/x86.c:11563 kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 817.864949][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE [ 817.871348][T18515] Modules linked in: [ 817.883464][T18515] CPU: 1 UID: 0 PID: 18515 Comm: syz.1.3359 Not tainted syzkaller #0 PREEMPT(full) [ 817.892902][T18515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 817.903032][T18515] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 817.909514][T18515] Code: 10 45 85 f6 7e 3a e8 2d 31 79 00 49 bd 00 00 00 00 00 fc ff df 4c 8b 64 24 08 4c 8b 7c 24 28 e9 6e fd ff ff e8 0f 31 79 00 90 <0f> 0b 90 e9 2a fd ff ff e8 01 31 79 00 90 0f 0b 90 e9 52 fd ff ff [ 817.930370][T18515] RSP: 0018:ffffc900053c79e0 EFLAGS: 00010283 [ 817.937358][T18515] RAX: ffffffff81467c81 RBX: ffff888076332940 RCX: 0000000000080000 [ 817.945464][T18515] RDX: ffffc9000f984000 RSI: 00000000000009d4 RDI: 00000000000009d5 [ 817.953496][T18515] RBP: ffffc900053c7c90 R08: 0000000000000000 R09: ffffffff81466c63 [ 817.961489][T18515] R10: dffffc0000000000 R11: fffff91ffffa63ad R12: ffff888076332a18 [ 817.969545][T18515] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff88802efe8000 [ 817.977767][T18515] FS: 00007efeb338b6c0(0000) GS:ffff888125d12000(0000) knlGS:0000000000000000 [ 817.987374][T18515] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 817.994009][T18515] CR2: 0000001b2fd1dff8 CR3: 0000000078e0a000 CR4: 00000000003526f0 [ 818.002009][T18515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 818.010053][T18515] DR3: 3a810b1eb6134bdc DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 818.018102][T18515] Call Trace: [ 818.022398][T18515] [ 818.026165][T18515] ? __mutex_trylock_common+0x153/0x260 [ 818.031753][T18515] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 818.037555][T18515] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 818.043603][T18515] ? rcu_is_watching+0x15/0xb0 [ 818.048390][T18515] ? trace_contention_end+0x39/0x120 [ 818.053733][T18515] ? __mutex_lock+0x335/0x1350 [ 818.058538][T18515] ? kasan_quarantine_put+0xdd/0x220 [ 818.063979][T18515] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 818.068874][T18515] ? __pfx___mutex_lock+0x10/0x10 [ 818.070106][T13968] usb 3-1: USB disconnect, device number 109 [ 818.073978][T18515] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 818.074016][T18515] ? do_vfs_ioctl+0xbe8/0x1430 [ 818.074043][T18515] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 818.074071][T18515] kvm_vcpu_ioctl+0x95c/0xe90 [ 818.100163][T18515] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 818.105405][T18515] ? __lock_acquire+0xab9/0xd20 [ 818.110295][T18515] ? __fget_files+0x2a/0x420 [ 818.114921][T18515] ? __fget_files+0x2a/0x420 [ 818.119524][T18515] ? __fget_files+0x3a0/0x420 [ 818.124882][T18515] ? __fget_files+0x2a/0x420 [ 818.129468][T18515] ? bpf_lsm_file_ioctl+0x9/0x20 [ 818.135133][T18515] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 818.140346][T18515] __se_sys_ioctl+0xfc/0x170 [ 818.145389][T18515] do_syscall_64+0xfa/0x3b0 [ 818.150224][T18515] ? lockdep_hardirqs_on+0x9c/0x150 [ 818.155494][T18515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.161584][T18515] ? clear_bhb_loop+0x60/0xb0 [ 818.166318][T18515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.172261][T18515] RIP: 0033:0x7efeb258eec9 [ 818.176730][T18515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.196469][T18515] RSP: 002b:00007efeb338b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.204970][T18515] RAX: ffffffffffffffda RBX: 00007efeb27e5fa0 RCX: 00007efeb258eec9 [ 818.212998][T18515] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 818.221007][T18515] RBP: 00007efeb2611f91 R08: 0000000000000000 R09: 0000000000000000 [ 818.230063][T18515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 818.238945][T18515] R13: 00007efeb27e6038 R14: 00007efeb27e5fa0 R15: 00007efeb290fa28 [ 818.247003][T18515] [ 818.250051][T18515] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 818.257332][T18515] CPU: 1 UID: 0 PID: 18515 Comm: syz.1.3359 Not tainted syzkaller #0 PREEMPT(full) [ 818.266705][T18515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 818.276763][T18515] Call Trace: [ 818.280043][T18515] [ 818.282978][T18515] dump_stack_lvl+0x99/0x250 [ 818.287579][T18515] ? __asan_memcpy+0x40/0x70 [ 818.292168][T18515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 818.297373][T18515] ? __pfx__printk+0x10/0x10 [ 818.301985][T18515] vpanic+0x281/0x750 [ 818.305970][T18515] ? __pfx__printk+0x10/0x10 [ 818.310570][T18515] ? __pfx_vpanic+0x10/0x10 [ 818.315081][T18515] ? is_bpf_text_address+0x26/0x2b0 [ 818.320299][T18515] panic+0xb9/0xc0 [ 818.324026][T18515] ? __pfx_panic+0x10/0x10 [ 818.328463][T18515] __warn+0x31b/0x4b0 [ 818.332450][T18515] ? kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 818.338273][T18515] ? kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 818.344102][T18515] report_bug+0x2be/0x4f0 [ 818.348435][T18515] ? kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 818.354248][T18515] ? kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 818.360057][T18515] ? kvm_arch_vcpu_ioctl_run+0x1214/0x1940 [ 818.365864][T18515] handle_bug+0x84/0x160 [ 818.370107][T18515] exc_invalid_op+0x1a/0x50 [ 818.374612][T18515] asm_exc_invalid_op+0x1a/0x20 [ 818.379466][T18515] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1212/0x1940 [ 818.385895][T18515] Code: 10 45 85 f6 7e 3a e8 2d 31 79 00 49 bd 00 00 00 00 00 fc ff df 4c 8b 64 24 08 4c 8b 7c 24 28 e9 6e fd ff ff e8 0f 31 79 00 90 <0f> 0b 90 e9 2a fd ff ff e8 01 31 79 00 90 0f 0b 90 e9 52 fd ff ff [ 818.405499][T18515] RSP: 0018:ffffc900053c79e0 EFLAGS: 00010283 [ 818.411572][T18515] RAX: ffffffff81467c81 RBX: ffff888076332940 RCX: 0000000000080000 [ 818.419541][T18515] RDX: ffffc9000f984000 RSI: 00000000000009d4 RDI: 00000000000009d5 [ 818.427510][T18515] RBP: ffffc900053c7c90 R08: 0000000000000000 R09: ffffffff81466c63 [ 818.435484][T18515] R10: dffffc0000000000 R11: fffff91ffffa63ad R12: ffff888076332a18 [ 818.443460][T18515] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff88802efe8000 [ 818.451438][T18515] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 818.457163][T18515] ? kvm_arch_vcpu_ioctl_run+0x1211/0x1940 [ 818.462986][T18515] ? __mutex_trylock_common+0x153/0x260 [ 818.468536][T18515] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 818.474262][T18515] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 818.480251][T18515] ? rcu_is_watching+0x15/0xb0 [ 818.485018][T18515] ? trace_contention_end+0x39/0x120 [ 818.490302][T18515] ? __mutex_lock+0x335/0x1350 [ 818.495074][T18515] ? kasan_quarantine_put+0xdd/0x220 [ 818.500365][T18515] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 818.505222][T18515] ? __pfx___mutex_lock+0x10/0x10 [ 818.510259][T18515] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 818.515904][T18515] ? do_vfs_ioctl+0xbe8/0x1430 [ 818.520675][T18515] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 818.525704][T18515] kvm_vcpu_ioctl+0x95c/0xe90 [ 818.530392][T18515] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 818.535593][T18515] ? __lock_acquire+0xab9/0xd20 [ 818.540476][T18515] ? __fget_files+0x2a/0x420 [ 818.545069][T18515] ? __fget_files+0x2a/0x420 [ 818.549655][T18515] ? __fget_files+0x3a0/0x420 [ 818.554326][T18515] ? __fget_files+0x2a/0x420 [ 818.558917][T18515] ? bpf_lsm_file_ioctl+0x9/0x20 [ 818.563855][T18515] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 818.569058][T18515] __se_sys_ioctl+0xfc/0x170 [ 818.573657][T18515] do_syscall_64+0xfa/0x3b0 [ 818.578165][T18515] ? lockdep_hardirqs_on+0x9c/0x150 [ 818.583375][T18515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.589448][T18515] ? clear_bhb_loop+0x60/0xb0 [ 818.594135][T18515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.600029][T18515] RIP: 0033:0x7efeb258eec9 [ 818.604449][T18515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.624057][T18515] RSP: 002b:00007efeb338b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.632479][T18515] RAX: ffffffffffffffda RBX: 00007efeb27e5fa0 RCX: 00007efeb258eec9 [ 818.640456][T18515] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 818.648430][T18515] RBP: 00007efeb2611f91 R08: 0000000000000000 R09: 0000000000000000 [ 818.656405][T18515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 818.664373][T18515] R13: 00007efeb27e6038 R14: 00007efeb27e5fa0 R15: 00007efeb290fa28 [ 818.672336][T18515] [ 818.675609][T18515] Kernel Offset: disabled [ 818.679914][T18515] Rebooting in 86400 seconds..