last executing test programs: 11.563894623s ago: executing program 0 (id=950): socket(0x840000000002, 0x3, 0xff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES8=r2], 0x34}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0002000001, 0xfa11, 0x3}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r3 = open(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x400101042, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) r5 = openat$ttynull(0xffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$PIO_UNIMAPCLR(r5, 0x4b68, &(0x7f0000000100)={0x6, 0xff, 0x8}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800006, 0x12, r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) capget(&(0x7f00000002c0)={0x300c07b3}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) unshare(0x24060400) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x7, 0x2}) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r9, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10) 10.276053268s ago: executing program 4 (id=954): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)}, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000100), 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000000)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x2, 0x86b}}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xee}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}}, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000240)={0x4, 0x0, [{0xffff2b63, 0x4, 0x0, 0x0, @irqchip={0x81c, 0x4}}, {0xfffffffb, 0x3, 0x1, 0x0, @irqchip={0x1006, 0x7f}}, {0x26, 0x3, 0x1, 0x0, @irqchip={0x6}}, {0x2, 0x5, 0x0, 0x0, @adapter={0x7fff, 0xfff, 0x1, 0x6943, 0x5}}]}) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480)}, 0x400c0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000012c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xee00}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2b0, 0x0, 0xa, 0xd0e0000, 0x138, 0x100, 0x250, 0x1d8, 0x1d8, 0x250, 0x1d8, 0x3, 0x0, {[{{@ip={@local, @multicast1, 0xffffff00, 0xff, 'wlan1\x00', 'veth1_to_team\x00', {}, {0xff}, 0x1, 0x3, 0x10}, 0x0, 0x98, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x8, '\x00', 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x8, 0x0, 0x36, 0x1, 'snmp_trap\x00', 'syz1\x00', {0x5}}}}, {{@uncond, 0x3202, 0xd8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@set={{0x40}, {{0xffffffffffffffff, [0x1, 0x2, 0x4, 0x0, 0x6, 0xc], 0x5, 0x7a19653e03c56032}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x10, 0x4, {0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000200)=@filename='./file0\x00', r4, &(0x7f0000001500)) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798ab20000000bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d2000000000000000819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba84279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5603a9d801300000000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d535556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee52303da186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c44500f8ffff970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c1b04e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d3dad8549f99bf6c5cb060fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce1060f3e6806e774a5f079c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae794286b6c3e1f5a76b85ed6e1f0000c608b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa395964434476719334482eb5424c81814079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fbdd351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2dff78ce9308c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da939954e126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9aaa65aa3edaaa6b3f5a0c7cdfd008c898d73bb97168ca390ef539800000000000077a5ad1e683aeff92bb0b66b33ed878df1e344b99450086c819bf174578705c049d2fb25a91ba04643cde1a3c391d8646e5249dbf28b13b1c4d5127f685ee0c0576bf74e17cd3b4df4eb7095e504e361689572b0f93ff1dc6f52e8728a03e5a4df80a32c6055df8f4f4152c0bf4d793b20ac2cfa907b5af80716118f82027d3e4cb096fe86de545008b85cb9b637bca30d765b0c3ad489db32955454dcfe000000002830e5e125322d2f5829040a91405bf2fe5bf14833fd7b1e72c775f267bc45"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) write$sysctl(r6, &(0x7f0000000580)='1\x00', 0x2) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12011900000000406a0563000000000000010902"], 0x0) write$sysctl(r6, &(0x7f00000000c0)='2\x00', 0x2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x5, 0x0) socket(0x400000000010, 0x3, 0x0) 10.012238074s ago: executing program 0 (id=958): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0xff, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8, 0x0, 0x3}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000004c0)=[@in6={0xa, 0x4e24, 0x20b, @loopback, 0x7fff}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, &(0x7f0000000380)) 9.815933408s ago: executing program 0 (id=960): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x5309, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) 8.191445255s ago: executing program 2 (id=963): symlinkat(&(0x7f0000002000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) exit(0x5) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000540)) r1 = syz_usb_connect(0x0, 0x3d7, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100004cefc008e10593085bfd010203010902c50301000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000000)={0x18, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x0}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) socket(0x22, 0x1, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x480) r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$I2C_PEC(r5, 0x708, 0x2) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x2, &(0x7f0000000200)={0x2, "90f5ae8b4ffd6190910a11805984d3c9f144d744c7bf982eb50900294657715900"}}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000200)={0x3, 0x2, 0x1, 0x1, 0x100000}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18) prctl$PR_SET_NAME(0x4, 0x0) syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000)=0xffffffffffffffff, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) process_madvise(r10, 0x0, 0x0, 0x19, 0x0) 8.135778884s ago: executing program 0 (id=964): madvise(&(0x7f0000b52000/0x3000)=nil, 0x3000, 0x12) userfaultfd(0x801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) munmap(&(0x7f0000b53000/0x2000)=nil, 0x2000) openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000007c0)={[0x8aba, 0x100d, 0xb4b7, 0x804, 0x8000007ffd, 0xe2b, 0x120000, 0x9, 0x51f, 0x5, 0x8000000000000000, 0x1, 0x1, 0xfffffffffffffffb, 0x6, 0x1], 0x4000, 0x141200}) ioctl$KVM_CAP_HYPERV_SYNIC2(r3, 0x4068aea3, &(0x7f0000000280)) request_key(0x0, &(0x7f0000000740)={'syz', 0x2}, &(0x7f0000000780)='M', 0xfffffffffffffff8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x800, 0xa, 0x4}) r4 = openat$dsp(0xffffff9c, &(0x7f0000000ac0), 0x101000, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000b00)=0x88f) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000140)=@multiplanar_userptr={0x0, 0x8, 0x4, 0x0, 0x9, {0x0, 0x2710}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, "dd4291c0"}, 0x0, 0x2, {0x0}}) getpid() ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r5}) socket$nl_generic(0x10, 0x3, 0x10) 6.544154509s ago: executing program 4 (id=966): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x0, 0x8}, 0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@empty, @in=@multicast1, 0x200, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xfffffffffffffffe, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x8000, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0xfffffffc, 0x3c}, 0x2, @in=@local, 0x3504, 0x4, 0x3, 0x0, 0x401}]}]}, 0xfc}}, 0xc004004) sendmmsg$inet6(r1, &(0x7f0000006e80)=[{{&(0x7f0000002080)={0xa, 0x4e1f, 0x2, @rand_addr=' \x01\x00', 0xd1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000100)="d5", 0xfd}], 0x1}}], 0x1, 0x20002845) 6.483624347s ago: executing program 3 (id=968): pipe2(&(0x7f0000000340)={0x0, 0x0}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16"], 0x0}, 0x94) r4 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="01002bbd70000e0010005400"], 0x14}, 0x1, 0x0, 0x0, 0x20000850}, 0x4000000) (fail_nth: 5) close(r6) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd00ac6700000000000000000000c2888e7d52164ec480e79200000100", [0x0, 0x2000000000001]}}) ioctl$XFS_IOC_SCRUBV_METADATA(r0, 0xc0285840, &(0x7f0000000000)={0xd22, 0x200, 0x5, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000600)=0x0) io_submit(r9, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r8, 0x0}]) 6.27818876s ago: executing program 4 (id=969): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe800000000000000000040000"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x8, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xfffe, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0x2ca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0xff0000, 0x56}]}}}}}}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) vmsplice(0xffffffffffffffff, &(0x7f0000e79000)=[{&(0x7f00003fb000)='\x00', 0x1}], 0x1, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x7c, 0x24, 0x3fe3aa0262d8c583, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}, @TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x2, 0xee, 0x4, 0x2, 0x80, 0x3}}, {0x4}}, {{0x1c, 0x1, {0x0, 0xdb, 0x602, 0x7a, 0x1, 0xc84, 0x5, 0x1}}, {0x6, 0x2, [0x5]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x803}, 0x20004004) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f00000001c0)=0xc) ptrace(0x4208, r5) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='attr/prev\x00') r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r8, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000042f00fe88a43de1a400000000000000027d01ff020000000000000000000000000001"], 0xfdef) 6.136359058s ago: executing program 0 (id=970): syz_open_procfs(0x0, 0x0) syz_usb_connect$uac3(0x3, 0x89, &(0x7f0000001340)=ANY=[@ANYBLOB="120100020000000882058205400001020301090277000301095000080b0002012030040904000000010130000a2401ea0a000100010009040100000102300009040104"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x80000004, 0x4, 0x6}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0d00000006000000040000000100000004000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000bae4a6c4000000000000000000000000278e8ca5"], 0x50) syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) accept4$tipc(0xffffffffffffffff, &(0x7f0000000140)=@id, &(0x7f00000001c0)=0x10, 0x80000) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f0000000540)={0x0, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x44}}, @can, @llc={0x1a, 0x320, 0x2, 0x4, 0x3, 0x7f, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0xa5b5, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000000)='wg1\x00', 0x20009, 0x1, 0xc2}) r4 = socket(0x22, 0x2, 0x3) getsockopt$packet_buf(r4, 0x107, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_tables_names\x00') fchdir(r5) r6 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xc, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="64000000020601020000000000000000000000001c0007800800124000060000080008400000003708001340000000ed10000300686173683a69702c6d616300050005000a00000005000400000000000900020073797a31000000000500"], 0x64}}, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"}) 5.093897239s ago: executing program 2 (id=971): socket$nl_route(0x10, 0x3, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x4) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) socket(0x400000000010, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') pread64(r2, &(0x7f0000000200)=""/4087, 0xff7, 0xd37) 4.940044378s ago: executing program 3 (id=972): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x54, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x59}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x20080000, @local, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000029"], 0x18}, 0xc044) 4.911354499s ago: executing program 2 (id=973): r0 = syz_usb_connect$midi(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0xd8c, 0x102, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x5, 0x60, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3, 0x20, 0x2}}}}}]}}, 0x0) syz_usb_control_io$sierra_net(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f0000000180)={0xc, &(0x7f0000000040)={0x20, 0x0, 0x5c, {0x5c, 0xf, "1cb2430c702f8fdcb999513b170be7c561a07dd1daf8799661739f88d1fb18f1c4436e090c1464852373bfdb3f9cdf427234485fc577304249d7f8eace4f034bb6717b99451e03dcfc95ff53978e6dd756af26bc770ad8279e49"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81d}}}, &(0x7f0000000400)={0x18, &(0x7f0000000240)={0x40, 0x8, 0x3c, "75d9804fb285cbe5b5ca15e3f9b9a16a3d7f0e053689a5002a08830995860a9ec18e7b4b58542b9decd0673d2d90c064f7ea430cd82bed3ed2dfd012"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x2b}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)={0xc0, 0x5, 0x4, "7828e5f6"}, &(0x7f0000000380)={0x40, 0x5, 0x6, "255bea17ca6f"}}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27, 0x810}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x839, 0x0, 0x2700, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$midi(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0xd8c, 0x102, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x5, 0x60, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x3, 0x20, 0x2}}}}}]}}, 0x0) (async) syz_usb_control_io$sierra_net(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) (async) syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) (async) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io$rtl8150(r0, &(0x7f0000000180)={0xc, &(0x7f0000000040)={0x20, 0x0, 0x5c, {0x5c, 0xf, "1cb2430c702f8fdcb999513b170be7c561a07dd1daf8799661739f88d1fb18f1c4436e090c1464852373bfdb3f9cdf427234485fc577304249d7f8eace4f034bb6717b99451e03dcfc95ff53978e6dd756af26bc770ad8279e49"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81d}}}, &(0x7f0000000400)={0x18, &(0x7f0000000240)={0x40, 0x8, 0x3c, "75d9804fb285cbe5b5ca15e3f9b9a16a3d7f0e053689a5002a08830995860a9ec18e7b4b58542b9decd0673d2d90c064f7ea430cd82bed3ed2dfd012"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x2b}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)={0xc0, 0x5, 0x4, "7828e5f6"}, &(0x7f0000000380)={0x40, 0x5, 0x6, "255bea17ca6f"}}) (async) socket$packet(0x11, 0x3, 0x300) (async) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27, 0x810}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x839, 0x0, 0x2700, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) 4.78018025s ago: executing program 3 (id=974): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x5309, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) 4.720190545s ago: executing program 4 (id=975): getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000000c0)={@loopback, @multicast2}, &(0x7f0000000100)=0xc) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c090003042402020424"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 4.049543364s ago: executing program 1 (id=976): semget$private(0x0, 0x20000000102, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0x40}, 0x0) (async) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async) r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) writev(r2, &(0x7f0000000380)=[{&(0x7f0000000400)="8867e877ccd861dbc4ac96fe2951c97bbb02672a0dafe1ecac335719e87b93a2db31d2886ed844ba4a4c8df6441f413402741a38e805f5cd685936f3a05159074fef1aaec79b5f1007ad5da77d9c117746ae2ba939b1b1705a070d3c82d03005e09147a3c9f8b11fa17f59dbc0325ce0c991cbac996d7eb1ac57947728edd7164fcdaee5d16907a30b8dcab517be26ca273ba5134cc8865b91", 0x99}, {&(0x7f00000004c0)}], 0x2) (async) syz_open_dev$sndpcmc(0x0, 0x0, 0x42c001) (async) syz_open_procfs(0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00') sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400800}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x38, 0x140d, 0x200, 0x70bd27, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x4) (async) read$FUSE(r3, &(0x7f00000051c0)={0x2020}, 0x2020) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={0x40, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x40}}, 0x2008040) (async) pread64(r3, 0x0, 0x0, 0xadc) (async) r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) (async) socket$packet(0x11, 0x2, 0x300) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000003fc0), &(0x7f0000004000), &(0x7f0000004040)) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$uac2(0x0, 0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="12015002000000089713bd00400001020301090271000301653002080b0001010620020904000000010120000924010b000809000409040100000102200009040101010102200009050109ff0303ff08082501820003020009040200000102200009040201010102200008240201fd03070e09058209ff0306020108250102000d0000124ac08f9bd619559ce46638b1895f6fb98f471f530e28f8862059cae30da61019d10f93d34aff4efa413cbdf0b32eb97a5e0d7e49dee7cf1de408237aab658894a629feece6d5a72e663d6e69d570eb35dab348915838ece434b4298f58e82df71cd769502be2b4a13606e9d4e3dce77e72c59bd5bd2f380412ea8e1b91cca008dcac83d101dadb974b3605383defd26a42381ff8b784e24ae6f273cd62a0abfa3d83d099c65418739f15f18af0e66387384d093eb39ec07b2eb2d000119caef1dbb00899cc0bdf1f7dbe00ffb399184d6b675b008c49106f3128843632122cb20b329daa2ebc2f9905c9d6bb94"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) (async) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x3c, 0x301, 0x70bd25, 0xfffffffc, {0xd}, [@typed={0x8, 0x3, 0x0, 0x0, @fd=r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200448d3}, 0x0) (async) r8 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) r9 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r8) add_key(&(0x7f0000000680)='rxrpc\x00', 0x0, 0x0, 0x0, r9) 3.499117974s ago: executing program 1 (id=977): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x9000000, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x0) 3.347330388s ago: executing program 3 (id=978): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc25c4110, &(0x7f0000000100)={0x4, [[0x1, 0x1797, 0x1, 0x9fc, 0x0, 0x1], [0x0, 0x94, 0x2, 0x0, 0x0, 0xffffffff], [0x3, 0x9f, 0x40000000, 0x10, 0x0, 0x3bc9, 0x0, 0x1]], '\x00', [{0xffffffff, 0x0, 0x0, 0x1, 0x1}, {0x1ff, 0x0, 0x0, 0x1}, {0x0, 0x4000e}, {0x1, 0x7}, {0x0, 0x4}, {}, {}, {0x8}, {0xfffffffc, 0x400001}, {0x0, 0x9}, {0x80000000, 0x4}, {0xec4}], '\x00', 0x1}) (async) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc25c4110, &(0x7f0000000100)={0x4, [[0x1, 0x1797, 0x1, 0x9fc, 0x0, 0x1], [0x0, 0x94, 0x2, 0x0, 0x0, 0xffffffff], [0x3, 0x9f, 0x40000000, 0x10, 0x0, 0x3bc9, 0x0, 0x1]], '\x00', [{0xffffffff, 0x0, 0x0, 0x1, 0x1}, {0x1ff, 0x0, 0x0, 0x1}, {0x0, 0x4000e}, {0x1, 0x7}, {0x0, 0x4}, {}, {}, {0x8}, {0xfffffffc, 0x400001}, {0x0, 0x9}, {0x80000000, 0x4}, {0xec4}], '\x00', 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket(0x400000000010, 0x3, 0x0) (async) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="54000000020601030000000000000000070000000c00078008001200000000ff0500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x54}, 0x1, 0x0, 0x0, 0x20000810}, 0x20004000) (async) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="54000000020601030000000000000000070000000c00078008001200000000ff0500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x54}, 0x1, 0x0, 0x0, 0x20000810}, 0x20004000) socket$unix(0x1, 0x1, 0x0) (async) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) (async) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000000), 0xfffffecc) io_uring_register$IORING_REGISTER_PBUF_STATUS(r7, 0x1a, &(0x7f0000000000)={0x5}, 0x1) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xf2ff, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 3.347147998s ago: executing program 1 (id=979): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$inet6(r0, &(0x7f0000006e80)=[{{&(0x7f0000002080)={0xa, 0x4e1f, 0x2, @rand_addr=' \x01\x00', 0xd1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000100)="d5", 0xfd}], 0x1}}], 0x1, 0x20002845) 3.293661517s ago: executing program 1 (id=980): madvise(&(0x7f0000b52000/0x3000)=nil, 0x3000, 0x12) userfaultfd(0x801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) munmap(&(0x7f0000b53000/0x2000)=nil, 0x2000) openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000007c0)={[0x8aba, 0x100d, 0xb4b7, 0x804, 0x8000007ffd, 0xe2b, 0x120000, 0x9, 0x51f, 0x5, 0x8000000000000000, 0x1, 0x1, 0xfffffffffffffffb, 0x6, 0x1], 0x4000, 0x141200}) ioctl$KVM_CAP_HYPERV_SYNIC2(r3, 0x4068aea3, &(0x7f0000000280)) request_key(0x0, &(0x7f0000000740)={'syz', 0x2}, &(0x7f0000000780)='M', 0xfffffffffffffff8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x800, 0xa, 0x4}) r4 = openat$dsp(0xffffff9c, &(0x7f0000000ac0), 0x101000, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000b00)=0x88f) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000140)=@multiplanar_userptr={0x0, 0x8, 0x4, 0x0, 0x9, {0x0, 0x2710}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, "dd4291c0"}, 0x0, 0x2, {0x0}}) getpid() ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r5}) socket$nl_generic(0x10, 0x3, 0x10) 2.883462368s ago: executing program 0 (id=981): symlinkat(&(0x7f0000002000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) exit(0x5) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000540)) r1 = syz_usb_connect(0x0, 0x3d7, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100004cefc008e10593085bfd010203010902c50301000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000000)={0x18, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x0}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) socket(0x22, 0x1, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x480) r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000040)) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r9, 0xffffffffffffffff, 0x0) ioctl$I2C_PEC(r5, 0x708, 0x2) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x2, &(0x7f0000000200)={0x2, "90f5ae8b4ffd6190910a11805984d3c9f144d744c7bf982eb50900294657715900"}}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000200)={0x3, 0x2, 0x1, 0x1, 0x100000}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18) prctl$PR_SET_NAME(0x4, 0x0) syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000)=0xffffffffffffffff, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) process_madvise(r10, 0x0, 0x0, 0x19, 0x0) 2.423429848s ago: executing program 2 (id=982): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000000800)=[{{&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x48061}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4011}}], 0x2, 0x444) r1 = openat$rdma_cm(0xffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f00000004c0)={0x5, 0x10, 0xc8, {0x0, 0xffffffffffffffff, 0x1}}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa888cf230000140012800b0001006d616373656300000400028008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x44}}, 0x8000) 2.352550123s ago: executing program 3 (id=983): socket$nl_route(0x10, 0x3, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x4) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) socket(0x400000000010, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') pread64(r2, &(0x7f0000000200)=""/4087, 0xff7, 0xd37) 2.264731029s ago: executing program 2 (id=984): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x54, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x59}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x20080000, @local, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000029"], 0x18}, 0xc044) 2.220062948s ago: executing program 3 (id=985): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000500)) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)) r2 = socket$inet_tcp(0x2, 0x1, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="5c0000000206010200000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a0000001400078008001140000000683a6e657400000000"], 0x5c}, 0x1, 0x0, 0x0, 0x84}, 0x0) r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10108, 0x3}, &(0x7f0000002000), &(0x7f0000000000), &(0x7f0000000000)) io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000003c0)='./binderfs2/binder1\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1100, 0x40}) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r7 = dup3(r6, r5, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x10000000000) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000600)="f8f27a39e3d0dcd27716d775915561aa89073e2f78a49e45b089ef3dae96f4b329a125276d642ff623cae8b4fa6a90639965d90d3f78ff91ee219d127d99215f0c52d9c8557382211738dabd1bc82d0d6cf408c0"}) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) syz_usb_connect(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="120100006325a64040200020726597000001090224008e000000000904000002214c6a0009050702000000da00090589c2d1cdcfee1e5f6288794a00004ec52b3b79bd46577da6f3ed568c44814054c8eb128d74053cc45b88f967fb6542a9972608be7c6424555728ec713b18d9ab29c4a29a17a2f87f0219cd76b0dcf68ac5c19d6534089a7205419536"], 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', r9}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 2.140399104s ago: executing program 2 (id=986): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0) ioctl$FIBMAP(r3, 0x5309, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="240000002100df4c2abd70c6270000220000e900104e88cb7634ce58ea220000"], 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000100), 0xa7e, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000001ac0), 0x4) ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x2000, 0x3, 0x4, 0x0, 0xd, {0x0, 0xea60}, {0x3, 0x0, 0x1, 0x3d, 0x0, 0x0, "a730ba01"}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r7, 0xffffffffffffffff, 0x0) 2.049419134s ago: executing program 1 (id=987): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/config\x00') r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185647, &(0x7f0000000100)={0xf030000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90f, 0x8000000, '\x00', @string=&(0x7f0000000340)=0xfe}}) pread64(r0, &(0x7f0000000040)=""/33, 0x21, 0x73) 1.931601398s ago: executing program 1 (id=988): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x5309, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) 1.520520189s ago: executing program 4 (id=989): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, 0x0, 0xa}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000540)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000001ff0)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000280)=@canfd={{0x1}, 0xf6, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000080000004e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0) 0s ago: executing program 4 (id=990): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$inet6(r0, &(0x7f0000006e80)=[{{&(0x7f0000002080)={0xa, 0x4e1f, 0x2, @rand_addr=' \x01\x00', 0xd1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000100)="d5", 0xfd}], 0x1}}], 0x1, 0x20002845) kernel console output (not intermixed with test programs): .194761][ T8009] ? ksys_write+0x242/0x270 [ 223.194797][ T8009] __ia32_sys_unshare+0x37/0x40 [ 223.194819][ T8009] __do_fast_syscall_32+0x229/0x6e0 [ 223.194843][ T8009] ? do_fast_syscall_32+0x33/0x70 [ 223.194864][ T8009] ? lockdep_hardirqs_on+0x7a/0x110 [ 223.194883][ T8009] ? asm_int80_emulation+0x1a/0x20 [ 223.194901][ T8009] ? do_int80_emulation+0x286/0x530 [ 223.194922][ T8009] ? trace_irq_disable+0x3b/0x140 [ 223.194951][ T8009] do_fast_syscall_32+0x33/0x70 [ 223.194974][ T8009] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 223.194997][ T8009] RIP: 0023:0xf70af01c [ 223.195014][ T8009] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 223.195030][ T8009] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000136 [ 223.195050][ T8009] RAX: ffffffffffffffda RBX: 0000000022020400 RCX: 0000000000000000 [ 223.195063][ T8009] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.195073][ T8009] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.195084][ T8009] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 223.195095][ T8009] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.195121][ T8009] [ 223.428381][ T5723] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 223.482942][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 223.754595][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.766796][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 223.777136][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 223.791458][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 223.800760][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.811150][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.606'. [ 223.827881][ T9] usb 2-1: config 0 descriptor?? [ 224.039181][ T5683] usb 2-1: USB disconnect, device number 21 [ 224.081264][ T8029] FAULT_INJECTION: forcing a failure. [ 224.081264][ T8029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.120755][ T8029] CPU: 1 UID: 0 PID: 8029 Comm: syz.2.607 Tainted: G L syzkaller #0 PREEMPT(full) [ 224.120776][ T8029] Tainted: [L]=SOFTLOCKUP [ 224.120781][ T8029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 224.120789][ T8029] Call Trace: [ 224.120794][ T8029] [ 224.120799][ T8029] dump_stack_lvl+0xe8/0x150 [ 224.120819][ T8029] should_fail_ex+0x412/0x560 [ 224.120839][ T8029] _copy_from_user+0x2d/0xb0 [ 224.120887][ T8029] __sys_bind+0x1c6/0x410 [ 224.120909][ T8029] ? __pfx___sys_bind+0x10/0x10 [ 224.120947][ T8029] __ia32_sys_bind+0x7a/0x90 [ 224.120962][ T8029] __do_fast_syscall_32+0x229/0x6e0 [ 224.120979][ T8029] ? do_fast_syscall_32+0x33/0x70 [ 224.120993][ T8029] ? lockdep_hardirqs_on+0x7a/0x110 [ 224.121007][ T8029] ? asm_int80_emulation+0x1a/0x20 [ 224.121019][ T8029] ? do_int80_emulation+0x286/0x530 [ 224.121034][ T8029] ? trace_irq_disable+0x3b/0x140 [ 224.121055][ T8029] do_fast_syscall_32+0x33/0x70 [ 224.121071][ T8029] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 224.121087][ T8029] RIP: 0023:0xf70af01c [ 224.121099][ T8029] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 224.121110][ T8029] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000169 [ 224.121124][ T8029] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 224.121133][ T8029] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 224.121140][ T8029] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 224.121147][ T8029] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 224.121154][ T8029] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.121172][ T8029] [ 224.902932][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 225.102415][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 225.117841][ T5683] usb 4-1: USB disconnect, device number 23 [ 225.136149][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.160039][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 225.193723][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 225.245434][ T9] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 225.279828][ T9] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 225.295888][ T8056] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 225.311729][ T9] usb 5-1: Product: syz [ 225.317844][ T9] usb 5-1: Manufacturer: syz [ 225.327580][ T9] usb 5-1: SerialNumber: syz [ 225.344560][ T9] usb 5-1: config 0 descriptor?? [ 225.462932][ T9] rc_core: IR keymap rc-imon-rsc not found [ 225.470748][ T9] Registered IR keymap rc-empty [ 225.558323][ T9] rc rc0: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 225.599792][ T8059] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 225.647092][ T9] input: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input18 [ 225.779353][ T9] usb 5-1: USB disconnect, device number 23 [ 226.160283][ T8072] netlink: 176 bytes leftover after parsing attributes in process `syz.1.620'. [ 226.315867][ T9] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 226.503781][ T9] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 226.521207][ T9] usb 5-1: can't read configurations, error -71 [ 226.740123][ T8077] Invalid argument reading file caps for ./file0 [ 226.991417][ T8079] netlink: 576 bytes leftover after parsing attributes in process `syz.0.622'. [ 227.598344][ T8090] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 227.933325][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 228.016621][ T8095] validate_nla: 204 callbacks suppressed [ 228.016640][ T8095] netlink: 'syz.0.626': attribute type 29 has an invalid length. [ 228.071900][ T8095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'. [ 228.132899][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 228.143653][ T9] usb 4-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 228.177995][ T9] usb 4-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 228.235071][ T9] usb 4-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=e2.5c [ 228.251806][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.280288][ T9] usb 4-1: Product: syz [ 228.295256][ T9] usb 4-1: Manufacturer: syz [ 228.307952][ T9] usb 4-1: SerialNumber: syz [ 228.560610][ T9] cytherm 4-1:5.0: Cypress thermometer device now attached [ 228.603317][ T9] usb 4-1: USB disconnect, device number 24 [ 228.623819][ T9] cytherm 4-1:5.0: Cypress thermometer now disconnected [ 228.929986][ T8110] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 229.122568][ T8116] FAULT_INJECTION: forcing a failure. [ 229.122568][ T8116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.204256][ T8116] CPU: 0 UID: 0 PID: 8116 Comm: syz.1.632 Tainted: G L syzkaller #0 PREEMPT(full) [ 229.204279][ T8116] Tainted: [L]=SOFTLOCKUP [ 229.204283][ T8116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 229.204291][ T8116] Call Trace: [ 229.204296][ T8116] [ 229.204302][ T8116] dump_stack_lvl+0xe8/0x150 [ 229.204322][ T8116] should_fail_ex+0x412/0x560 [ 229.204341][ T8116] _copy_to_user+0x31/0xb0 [ 229.204361][ T8116] simple_read_from_buffer+0xe1/0x170 [ 229.204379][ T8116] proc_fail_nth_read+0x1bb/0x230 [ 229.204399][ T8116] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.204417][ T8116] ? rw_verify_area+0x2a6/0x4d0 [ 229.204434][ T8116] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.204451][ T8116] vfs_read+0x20c/0xa70 [ 229.204473][ T8116] ? __pfx_vfs_read+0x10/0x10 [ 229.204492][ T8116] ? kmem_cache_free+0x182/0x650 [ 229.204510][ T8116] ? __pfx_aa_sk_perm+0x10/0x10 [ 229.204526][ T8116] ? rcu_is_watching+0x15/0xb0 [ 229.204547][ T8116] ksys_read+0x150/0x270 [ 229.204563][ T8116] ? do_sock_setsockopt+0x185/0x1b0 [ 229.204580][ T8116] ? __pfx_ksys_read+0x10/0x10 [ 229.204600][ T8116] ? asm_int80_emulation+0x1a/0x20 [ 229.204616][ T8116] do_int80_emulation+0x181/0x530 [ 229.204631][ T8116] ? trace_irq_disable+0x3b/0x140 [ 229.204649][ T8116] ? asm_int80_emulation+0x1a/0x20 [ 229.204661][ T8116] ? clear_bhb_loop+0x40/0x90 [ 229.204674][ T8116] ? clear_bhb_loop+0x40/0x90 [ 229.204689][ T8116] asm_int80_emulation+0x1a/0x20 [ 229.204701][ T8116] RIP: 0023:0xf71a616b [ 229.204712][ T8116] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 229.204723][ T8116] RSP: 002b:00000000f545d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 229.204737][ T8116] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f545d5d0 [ 229.204745][ T8116] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 229.204752][ T8116] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 229.204759][ T8116] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 229.204766][ T8116] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.204784][ T8116] [ 229.833941][ T8121] netlink: 44 bytes leftover after parsing attributes in process `syz.4.634'. [ 229.858540][ T8121] netlink: 12 bytes leftover after parsing attributes in process `syz.4.634'. [ 229.863245][ T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 229.905393][ T8121] netdevsim netdevsim4: Direct firmware load for .. @ failed with error -2 [ 229.934573][ T8121] netdevsim netdevsim4: Falling back to sysfs fallback for: .. @ [ 230.036371][ T24] usb 2-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 230.045490][ T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 230.059555][ T8128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'. [ 230.069816][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.091128][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.109715][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 230.134392][ T24] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 230.156594][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.195438][ T24] usb 2-1: config 0 descriptor?? [ 230.745106][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 230.766301][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 230.782921][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 230.820661][ T24] input: HID 28bd:0909 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0909.0007/input/input19 [ 230.836470][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 230.891453][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 230.965746][ T24] uclogic 0003:28BD:0909.0007: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.1-1/input0 [ 230.985110][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 231.048839][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 231.092011][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 231.116374][ T8147] netlink: 'syz.4.642': attribute type 3 has an invalid length. [ 232.654617][ T5722] usb 2-1: USB disconnect, device number 22 [ 233.110131][ T8186] FAULT_INJECTION: forcing a failure. [ 233.110131][ T8186] name failslab, interval 1, probability 0, space 0, times 0 [ 233.141786][ T8186] CPU: 0 UID: 0 PID: 8186 Comm: syz.2.654 Tainted: G L syzkaller #0 PREEMPT(full) [ 233.141810][ T8186] Tainted: [L]=SOFTLOCKUP [ 233.141815][ T8186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.141823][ T8186] Call Trace: [ 233.141829][ T8186] [ 233.141835][ T8186] dump_stack_lvl+0xe8/0x150 [ 233.141855][ T8186] should_fail_ex+0x412/0x560 [ 233.141876][ T8186] should_failslab+0xa8/0x100 [ 233.141902][ T8186] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 233.141927][ T8186] ? __alloc_skb+0x186/0x7d0 [ 233.141943][ T8186] ? __alloc_skb+0x1d0/0x7d0 [ 233.141956][ T8186] ? __local_bh_enable_ip+0xd0/0x130 [ 233.141974][ T8186] __alloc_skb+0x1d0/0x7d0 [ 233.141989][ T8186] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 233.142012][ T8186] netlink_sendmsg+0x5d4/0xb40 [ 233.142037][ T8186] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.142056][ T8186] ? aa_sock_msg_perm+0xf1/0x1b0 [ 233.142096][ T8186] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 233.142126][ T8186] ____sys_sendmsg+0x972/0x9f0 [ 233.142149][ T8186] ? __pfx_____sys_sendmsg+0x10/0x10 [ 233.142168][ T8186] ? kstrtoull+0x12f/0x1d0 [ 233.142188][ T8186] ___sys_sendmsg+0x2a5/0x360 [ 233.142204][ T8186] ? __lock_acquire+0x6b5/0x2cf0 [ 233.142221][ T8186] ? __pfx____sys_sendmsg+0x10/0x10 [ 233.142239][ T8186] ? get_pid_task+0x20/0x1f0 [ 233.142256][ T8186] ? get_pid_task+0x20/0x1f0 [ 233.142271][ T8186] ? get_pid_task+0x20/0x1f0 [ 233.142323][ T8186] ? __fget_files+0x2a/0x420 [ 233.142340][ T8186] ? __fget_files+0x3a0/0x420 [ 233.142363][ T8186] __sys_sendmsg+0x183/0x260 [ 233.142383][ T8186] ? __pfx___sys_sendmsg+0x10/0x10 [ 233.142416][ T8186] __do_fast_syscall_32+0x229/0x6e0 [ 233.142434][ T8186] ? do_fast_syscall_32+0x33/0x70 [ 233.142450][ T8186] ? lockdep_hardirqs_on+0x7a/0x110 [ 233.142465][ T8186] ? asm_int80_emulation+0x1a/0x20 [ 233.142478][ T8186] ? do_int80_emulation+0x286/0x530 [ 233.142494][ T8186] ? trace_irq_disable+0x3b/0x140 [ 233.142518][ T8186] do_fast_syscall_32+0x33/0x70 [ 233.142535][ T8186] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 233.142553][ T8186] RIP: 0023:0xf70af01c [ 233.142566][ T8186] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 233.142578][ T8186] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 233.142593][ T8186] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 233.142603][ T8186] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000 [ 233.142611][ T8186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 233.142619][ T8186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 233.142628][ T8186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 233.142648][ T8186] [ 234.186976][ T8203] syzkaller1: entered promiscuous mode [ 234.204768][ T8203] syzkaller1: entered allmulticast mode [ 234.225812][ T8204] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 234.377205][ T8210] openvswitch: netlink: Duplicate key (type 21). [ 234.567845][ T8215] sctp: [Deprecated]: syz.4.664 (pid 8215) Use of int in max_burst socket option. [ 234.567845][ T8215] Use struct sctp_assoc_value instead [ 235.362966][ T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 235.567542][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 235.586917][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 235.634619][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.672057][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.708210][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 235.732931][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.755079][ T24] usb 5-1: Product: syz [ 235.773376][ T24] usb 5-1: Manufacturer: syz [ 235.797454][ T24] usb 5-1: SerialNumber: syz [ 235.831124][ T24] usb 5-1: 0:2 : does not exist [ 236.222906][ T5683] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 236.383837][ T5683] usb 4-1: Using ep0 maxpacket: 32 [ 236.398082][ T5683] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.429325][ T5683] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 236.470389][ T5683] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 236.499017][ T8243] FAULT_INJECTION: forcing a failure. [ 236.499017][ T8243] name failslab, interval 1, probability 0, space 0, times 0 [ 236.521574][ T5683] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 26 [ 236.524834][ T8243] CPU: 0 UID: 0 PID: 8243 Comm: syz.1.673 Tainted: G L syzkaller #0 PREEMPT(full) [ 236.524902][ T8243] Tainted: [L]=SOFTLOCKUP [ 236.524920][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 236.524957][ T8243] Call Trace: [ 236.524977][ T8243] [ 236.524995][ T8243] dump_stack_lvl+0xe8/0x150 [ 236.525070][ T8243] should_fail_ex+0x412/0x560 [ 236.525133][ T8243] should_failslab+0xa8/0x100 [ 236.525252][ T8243] __kmalloc_cache_noprof+0x88/0x660 [ 236.525327][ T8243] ? hash_ipmark_create+0x387/0x10e0 [ 236.525390][ T8243] hash_ipmark_create+0x387/0x10e0 [ 236.525465][ T8243] ? __nla_parse+0x40/0x60 [ 236.525528][ T8243] ? __pfx_hash_ipmark_create+0x10/0x10 [ 236.525583][ T8243] ip_set_create+0xae6/0x1a40 [ 236.525658][ T8243] ? ip_set_create+0x4eb/0x1a40 [ 236.525756][ T8243] ? __pfx_ip_set_create+0x10/0x10 [ 236.525948][ T8243] nfnetlink_rcv_msg+0xc03/0x12c0 [ 236.526009][ T8243] ? unwind_get_return_address+0x4d/0x90 [ 236.526074][ T8243] ? nfnetlink_rcv_msg+0x22a/0x12c0 [ 236.526175][ T8243] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 236.526335][ T8243] netlink_rcv_skb+0x232/0x4b0 [ 236.526400][ T8243] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 236.526476][ T8243] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 236.526573][ T8243] ? bpf_lsm_capable+0x9/0x20 [ 236.526621][ T8243] ? security_capable+0x7e/0x2c0 [ 236.526690][ T8243] nfnetlink_rcv+0x2c0/0x27b0 [ 236.526769][ T8243] ? __local_bh_enable_ip+0xd0/0x130 [ 236.526818][ T8243] ? lockdep_hardirqs_on+0x7a/0x110 [ 236.526869][ T8243] ? __dev_queue_xmit+0x2b6/0x3950 [ 236.526934][ T8243] ? __local_bh_enable_ip+0xd0/0x130 [ 236.526981][ T8243] ? __dev_queue_xmit+0x2b6/0x3950 [ 236.527045][ T8243] ? __dev_queue_xmit+0x1fe5/0x3950 [ 236.527098][ T8243] ? __sys_sendmsg+0x183/0x260 [ 236.527163][ T8243] ? __dev_queue_xmit+0x2b6/0x3950 [ 236.527251][ T8243] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 236.527348][ T8243] ? __pfx___dev_queue_xmit+0x10/0x10 [ 236.527462][ T8243] ? ref_tracker_free+0x693/0x840 [ 236.527523][ T8243] ? __pfx_ref_tracker_free+0x10/0x10 [ 236.527588][ T8243] ? __asan_memcpy+0x40/0x70 [ 236.527644][ T8243] ? __skb_clone+0x63/0x7a0 [ 236.527719][ T8243] ? __skb_clone+0x483/0x7a0 [ 236.527794][ T8243] ? skb_clone+0x246/0x3a0 [ 236.527869][ T8243] ? __netlink_deliver_tap+0x807/0x850 [ 236.527928][ T8243] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.527983][ T8243] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.528039][ T8243] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.528112][ T8243] netlink_unicast+0x75c/0x8e0 [ 236.528187][ T8243] netlink_sendmsg+0x813/0xb40 [ 236.528265][ T8243] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.528330][ T8243] ? aa_sock_msg_perm+0xf1/0x1b0 [ 236.528400][ T8243] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 236.528476][ T8243] ____sys_sendmsg+0x972/0x9f0 [ 236.528564][ T8243] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.528650][ T8243] ? kstrtoull+0x12f/0x1d0 [ 236.528735][ T8243] ___sys_sendmsg+0x2a5/0x360 [ 236.528792][ T8243] ? __lock_acquire+0x6b5/0x2cf0 [ 236.528854][ T8243] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.528927][ T8243] ? get_pid_task+0x20/0x1f0 [ 236.528985][ T8243] ? get_pid_task+0x20/0x1f0 [ 236.529040][ T8243] ? get_pid_task+0x20/0x1f0 [ 236.529168][ T8243] ? __fget_files+0x2a/0x420 [ 236.529225][ T8243] ? __fget_files+0x3a0/0x420 [ 236.529307][ T8243] __sys_sendmsg+0x183/0x260 [ 236.529366][ T8243] ? __pfx___sys_sendmsg+0x10/0x10 [ 236.529475][ T8243] __do_fast_syscall_32+0x229/0x6e0 [ 236.529532][ T8243] ? do_fast_syscall_32+0x33/0x70 [ 236.529587][ T8243] ? lockdep_hardirqs_on+0x7a/0x110 [ 236.529638][ T8243] ? asm_int80_emulation+0x1a/0x20 [ 236.529684][ T8243] ? do_int80_emulation+0x286/0x530 [ 236.529734][ T8243] ? trace_irq_disable+0x3b/0x140 [ 236.529808][ T8243] do_fast_syscall_32+0x33/0x70 [ 236.529871][ T8243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.529927][ T8243] RIP: 0023:0xf706f01c [ 236.529972][ T8243] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 236.530011][ T8243] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 236.530059][ T8243] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 236.530104][ T8243] RDX: 0000000020004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 236.530132][ T8243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 236.530165][ T8243] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 236.530194][ T8243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.530262][ T8243] [ 237.111939][ T5683] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 237.127036][ T5683] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 237.135289][ T5683] usb 4-1: SerialNumber: syz [ 237.146690][ T5683] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 237.156203][ T5683] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12 [ 237.258047][ T9] usb 5-1: USB disconnect, device number 26 [ 237.373854][ T5683] usb 4-1: USB disconnect, device number 25 [ 237.872583][ T8261] kAFS: unable to lookup cell '' [ 238.222665][ T8271] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 238.642331][ T8276] validate_nla: 41 callbacks suppressed [ 238.642345][ T8276] netlink: 'syz.3.683': attribute type 10 has an invalid length. [ 238.676875][ T8276] syz_tun: entered promiscuous mode [ 238.709722][ T8276] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 239.432291][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.685'. [ 239.481190][ T8282] netlink: 277 bytes leftover after parsing attributes in process `syz.1.685'. [ 239.513963][ T8282] netlink: 277 bytes leftover after parsing attributes in process `syz.1.685'. [ 239.599594][ T8286] usb usb8: usbfs: process 8286 (syz.1.685) did not claim interface 0 before use [ 239.912928][ T992] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 240.103407][ T992] usb 2-1: Using ep0 maxpacket: 8 [ 240.110740][ T992] usb 2-1: unable to get BOS descriptor or descriptor too short [ 240.120385][ T992] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 240.133856][ T992] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 240.154405][ T992] usb 2-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 240.184316][ T992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.202873][ T992] usb 2-1: Product: syz [ 240.214746][ T992] usb 2-1: Manufacturer: syz [ 240.226745][ T992] usb 2-1: SerialNumber: syz [ 240.343189][ T8285] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 240.368107][ T8285] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 240.387030][ T8285] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 240.408116][ T8285] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 240.433346][ T8285] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 240.444957][ T8285] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 240.523360][ T8285] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 240.537748][ T8285] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 240.551733][ T8285] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 240.558433][ T8285] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 240.743881][ T8298] FAULT_INJECTION: forcing a failure. [ 240.743881][ T8298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.762281][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz.2.689 Tainted: G L syzkaller #0 PREEMPT(full) [ 240.762313][ T8298] Tainted: [L]=SOFTLOCKUP [ 240.762320][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 240.762334][ T8298] Call Trace: [ 240.762341][ T8298] [ 240.762349][ T8298] dump_stack_lvl+0xe8/0x150 [ 240.762374][ T8298] should_fail_ex+0x412/0x560 [ 240.762412][ T8298] _copy_from_user+0x2d/0xb0 [ 240.762437][ T8298] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 240.762465][ T8298] drm_ioctl+0x5ca/0xb80 [ 240.762502][ T8298] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 240.762522][ T8298] ? __pfx_drm_ioctl+0x10/0x10 [ 240.762548][ T8298] ? __fget_files+0x3a0/0x420 [ 240.762568][ T8298] ? __fget_files+0x2a/0x420 [ 240.762602][ T8298] ? drm_compat_ioctl+0x128/0x360 [ 240.762622][ T8298] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 240.762648][ T8298] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 240.762674][ T8298] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 240.762700][ T8298] ? __fget_files+0x3a0/0x420 [ 240.762721][ T8298] ? fput+0xa0/0xd0 [ 240.762739][ T8298] ? ksys_write+0x242/0x270 [ 240.762768][ T8298] __do_fast_syscall_32+0x229/0x6e0 [ 240.762788][ T8298] ? do_fast_syscall_32+0x33/0x70 [ 240.762804][ T8298] ? lockdep_hardirqs_on+0x7a/0x110 [ 240.762820][ T8298] ? asm_int80_emulation+0x1a/0x20 [ 240.762834][ T8298] ? do_int80_emulation+0x286/0x530 [ 240.762852][ T8298] ? trace_irq_disable+0x3b/0x140 [ 240.762882][ T8298] do_fast_syscall_32+0x33/0x70 [ 240.762903][ T8298] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.762923][ T8298] RIP: 0023:0xf70af01c [ 240.762936][ T8298] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 240.762949][ T8298] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 240.762965][ T8298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c05064a7 [ 240.762975][ T8298] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000 [ 240.762984][ T8298] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 240.762992][ T8298] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 240.763001][ T8298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 240.763021][ T8298] [ 241.106023][ T8300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.690'. [ 241.244354][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.269511][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.286162][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.309928][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.319445][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.328314][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.336941][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.347188][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.404895][ T8304] netlink: 'syz.4.691': attribute type 3 has an invalid length. [ 241.691570][ T8319] xt_TPROXY: Can be used only with -p tcp or -p udp [ 242.179992][ T8328] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 242.411717][ T992] usb 2-1: failed waiting for Axe-Fx III to boot: -71 [ 242.431657][ T992] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 242.488335][ T992] usb 2-1: USB disconnect, device number 23 [ 242.972013][ T8344] FAULT_INJECTION: forcing a failure. [ 242.972013][ T8344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.016556][ T8344] CPU: 0 UID: 0 PID: 8344 Comm: syz.3.702 Tainted: G L syzkaller #0 PREEMPT(full) [ 243.016580][ T8344] Tainted: [L]=SOFTLOCKUP [ 243.016585][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 243.016592][ T8344] Call Trace: [ 243.016598][ T8344] [ 243.016604][ T8344] dump_stack_lvl+0xe8/0x150 [ 243.016622][ T8344] should_fail_ex+0x412/0x560 [ 243.016642][ T8344] _copy_from_iter+0x1d3/0x1670 [ 243.016659][ T8344] ? unwind_next_frame+0xa6/0x2550 [ 243.016678][ T8344] ? __lock_acquire+0x6b5/0x2cf0 [ 243.016693][ T8344] ? __pfx__copy_from_iter+0x10/0x10 [ 243.016718][ T8344] tun_get_user+0x267/0x43e0 [ 243.016734][ T8344] ? aa_file_perm+0x192/0x15e0 [ 243.016758][ T8344] ? aa_file_perm+0x192/0x15e0 [ 243.016777][ T8344] ? aa_file_perm+0x50e/0x15e0 [ 243.016793][ T8344] ? __pfx_tun_get_user+0x10/0x10 [ 243.016809][ T8344] ? __lock_acquire+0x6b5/0x2cf0 [ 243.016834][ T8344] ? kstrtoull+0x12f/0x1d0 [ 243.016851][ T8344] ? ref_tracker_alloc+0x35c/0x4c0 [ 243.016871][ T8344] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 243.016889][ T8344] ? tun_get+0x1c/0x2f0 [ 243.016903][ T8344] ? tun_get+0x1c/0x2f0 [ 243.016921][ T8344] ? tun_get+0x1c/0x2f0 [ 243.016935][ T8344] ? tun_get+0x1c/0x2f0 [ 243.016952][ T8344] tun_chr_write_iter+0x113/0x200 [ 243.016969][ T8344] vfs_write+0x61d/0xb90 [ 243.016993][ T8344] ? __pfx_vfs_write+0x10/0x10 [ 243.017017][ T8344] ? __fget_files+0x2a/0x420 [ 243.017038][ T8344] ksys_write+0x150/0x270 [ 243.017056][ T8344] ? __pfx_ksys_write+0x10/0x10 [ 243.017081][ T8344] __do_fast_syscall_32+0x229/0x6e0 [ 243.017098][ T8344] ? do_fast_syscall_32+0x33/0x70 [ 243.017113][ T8344] ? lockdep_hardirqs_on+0x7a/0x110 [ 243.017127][ T8344] ? asm_int80_emulation+0x1a/0x20 [ 243.017139][ T8344] ? do_int80_emulation+0x286/0x530 [ 243.017157][ T8344] do_fast_syscall_32+0x33/0x70 [ 243.017172][ T8344] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 243.017188][ T8344] RIP: 0023:0xf7f3501c [ 243.017200][ T8344] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 243.017211][ T8344] RSP: 002b:00000000f53f650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 243.017224][ T8344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001580 [ 243.017233][ T8344] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000 [ 243.017241][ T8344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 243.017271][ T8344] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 243.017282][ T8344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 243.017308][ T8344] [ 244.021967][ T8348] IPVS: length: 150 != 130852941144 [ 244.569088][ T8357] FAULT_INJECTION: forcing a failure. [ 244.569088][ T8357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.593062][ T8357] CPU: 0 UID: 0 PID: 8357 Comm: syz.2.705 Tainted: G L syzkaller #0 PREEMPT(full) [ 244.593092][ T8357] Tainted: [L]=SOFTLOCKUP [ 244.593097][ T8357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 244.593105][ T8357] Call Trace: [ 244.593110][ T8357] [ 244.593115][ T8357] dump_stack_lvl+0xe8/0x150 [ 244.593134][ T8357] should_fail_ex+0x412/0x560 [ 244.593154][ T8357] _copy_from_user+0x2d/0xb0 [ 244.593174][ T8357] proc_control+0xa8/0x130 [ 244.593192][ T8357] ? __pfx_proc_control+0x10/0x10 [ 244.593217][ T8357] usbdev_ioctl+0xc3d/0x2120 [ 244.593237][ T8357] ? __fget_files+0x2a/0x420 [ 244.593254][ T8357] ? __pfx_usbdev_ioctl+0x10/0x10 [ 244.593273][ T8357] ? __fget_files+0x3a0/0x420 [ 244.593288][ T8357] ? __fget_files+0x2a/0x420 [ 244.593305][ T8357] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 244.593329][ T8357] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 244.593351][ T8357] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 244.593374][ T8357] ? __fget_files+0x3a0/0x420 [ 244.593393][ T8357] ? fput+0xa0/0xd0 [ 244.593408][ T8357] ? ksys_write+0x242/0x270 [ 244.593434][ T8357] __do_fast_syscall_32+0x229/0x6e0 [ 244.593451][ T8357] ? do_fast_syscall_32+0x33/0x70 [ 244.593465][ T8357] ? lockdep_hardirqs_on+0x7a/0x110 [ 244.593479][ T8357] ? asm_int80_emulation+0x1a/0x20 [ 244.593491][ T8357] ? do_int80_emulation+0x286/0x530 [ 244.593506][ T8357] ? trace_irq_disable+0x3b/0x140 [ 244.593528][ T8357] do_fast_syscall_32+0x33/0x70 [ 244.593543][ T8357] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 244.593559][ T8357] RIP: 0023:0xf70af01c [ 244.593570][ T8357] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 244.593582][ T8357] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 244.593596][ T8357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0185500 [ 244.593605][ T8357] RDX: 00000000800006c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 244.593613][ T8357] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 244.593620][ T8357] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 244.593628][ T8357] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 244.593646][ T8357] [ 245.242530][ T8367] tipc: Enabled bearer , priority 0 [ 245.250755][ T8367] syzkaller0: entered promiscuous mode [ 245.256698][ T8367] syzkaller0: entered allmulticast mode [ 245.311881][ T8366] tipc: Resetting bearer [ 245.359798][ T8366] tipc: Disabling bearer [ 245.388576][ T8369] validate_nla: 41 callbacks suppressed [ 245.388587][ T8369] netlink: 'syz.0.711': attribute type 4 has an invalid length. [ 245.441713][ T8369] netlink: 17 bytes leftover after parsing attributes in process `syz.0.711'. [ 245.703808][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 245.739448][ T8380] loop2: detected capacity change from 0 to 7 [ 245.810363][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 245.862028][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 245.880100][ T8380] Dev loop2: unable to read RDB block 7 [ 245.938834][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 245.955465][ T8380] loop2: unable to read partition table [ 245.969257][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 246.001425][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 246.016336][ T8380] loop2: partition table beyond EOD, truncated [ 246.034770][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 246.087611][ T8380] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 246.099402][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 246.109500][ T8384] netlink: 'syz.4.714': attribute type 3 has an invalid length. [ 246.328003][ T4994] Dev loop2: unable to read RDB block 7 [ 246.345966][ T4994] loop2: unable to read partition table [ 246.364376][ T4994] loop2: partition table beyond EOD, truncated [ 246.587732][ T8397] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 246.958361][ T8404] netlink: 40 bytes leftover after parsing attributes in process `syz.2.722'. [ 247.225078][ T9] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 247.405395][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 247.429870][ T9] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 247.455893][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 4096, setting to 64 [ 247.479203][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 247.504229][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 247.515546][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 247.524878][ T9] usb 3-1: SerialNumber: syz [ 247.740943][ T5683] usb 3-1: USB disconnect, device number 26 [ 248.068508][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.729'. [ 248.360588][ T8431] netdevsim netdevsim2: Direct firmware load for io failed with error -2 [ 248.378725][ T8431] netdevsim netdevsim2: Falling back to sysfs fallback for: io [ 248.404618][ T8432] usb usb1: check_ctrlrecip: process 8432 (syz.2.730) requesting ep 01 but needs 81 [ 248.429960][ T8432] usb usb1: usbfs: process 8432 (syz.2.730) did not claim interface 0 before use [ 248.690802][ T8434] syz.3.731: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 248.780459][ T8434] CPU: 1 UID: 0 PID: 8434 Comm: syz.3.731 Tainted: G L syzkaller #0 PREEMPT(full) [ 248.780495][ T8434] Tainted: [L]=SOFTLOCKUP [ 248.780500][ T8434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 248.780509][ T8434] Call Trace: [ 248.780514][ T8434] [ 248.780520][ T8434] dump_stack_lvl+0xe8/0x150 [ 248.780539][ T8434] warn_alloc+0x249/0x340 [ 248.780561][ T8434] ? stack_trace_save+0xa9/0x100 [ 248.780584][ T8434] ? __pfx_warn_alloc+0x10/0x10 [ 248.780607][ T8434] ? kasan_save_track+0x4f/0x80 [ 248.780625][ T8434] ? kasan_save_track+0x3e/0x80 [ 248.780641][ T8434] ? __kasan_kmalloc+0x93/0xb0 [ 248.780663][ T8434] ? __kmalloc_cache_noprof+0x31c/0x660 [ 248.780682][ T8434] ? xskq_create+0x56/0x170 [ 248.780694][ T8434] ? xsk_setsockopt+0x54c/0x990 [ 248.780712][ T8434] ? do_sock_setsockopt+0x17c/0x1b0 [ 248.780727][ T8434] ? __ia32_sys_setsockopt+0x13d/0x1b0 [ 248.780742][ T8434] ? __do_fast_syscall_32+0x229/0x6e0 [ 248.780777][ T8434] __vmalloc_node_range_noprof+0x132/0x1750 [ 248.780827][ T8434] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 248.780851][ T8434] ? __kasan_kmalloc+0x93/0xb0 [ 248.780873][ T8434] vmalloc_user_noprof+0xad/0xe0 [ 248.780891][ T8434] ? xskq_create+0xbf/0x170 [ 248.780904][ T8434] xskq_create+0xbf/0x170 [ 248.780918][ T8434] xsk_init_queue+0x8a/0xe0 [ 248.780941][ T8434] xsk_setsockopt+0x54c/0x990 [ 248.780963][ T8434] ? __pfx_xsk_setsockopt+0x10/0x10 [ 248.780985][ T8434] ? __pfx_aa_sk_perm+0x10/0x10 [ 248.781003][ T8434] ? aa_sock_opt_perm+0xff/0x1a0 [ 248.781022][ T8434] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 248.781041][ T8434] ? __pfx_xsk_setsockopt+0x10/0x10 [ 248.781062][ T8434] do_sock_setsockopt+0x17c/0x1b0 [ 248.781080][ T8434] __ia32_sys_setsockopt+0x13d/0x1b0 [ 248.781101][ T8434] __do_fast_syscall_32+0x229/0x6e0 [ 248.781117][ T8434] ? do_fast_syscall_32+0x33/0x70 [ 248.781132][ T8434] ? lockdep_hardirqs_on+0x7a/0x110 [ 248.781146][ T8434] ? asm_int80_emulation+0x1a/0x20 [ 248.781172][ T8434] ? do_int80_emulation+0x286/0x530 [ 248.781193][ T8434] ? trace_irq_disable+0x3b/0x140 [ 248.781225][ T8434] do_fast_syscall_32+0x33/0x70 [ 248.781247][ T8434] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 248.781271][ T8434] RIP: 0023:0xf7f3501c [ 248.781289][ T8434] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 248.781306][ T8434] RSP: 002b:00000000f53f650c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 248.781327][ T8434] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000011b [ 248.781341][ T8434] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 248.781353][ T8434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 248.781364][ T8434] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 248.781377][ T8434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 248.781410][ T8434] [ 248.782542][ T8434] Mem-Info: [ 249.132526][ T8434] active_anon:6087 inactive_anon:0 isolated_anon:0 [ 249.132526][ T8434] active_file:13082 inactive_file:39986 isolated_file:0 [ 249.132526][ T8434] unevictable:768 dirty:327 writeback:0 [ 249.132526][ T8434] slab_reclaimable:10382 slab_unreclaimable:100327 [ 249.132526][ T8434] mapped:30692 shmem:1288 pagetables:1225 [ 249.132526][ T8434] sec_pagetables:0 bounce:0 [ 249.132526][ T8434] kernel_misc_reclaimable:0 [ 249.132526][ T8434] free:1307533 free_pcp:14298 free_cma:0 [ 249.230521][ T8434] Node 0 active_anon:24548kB inactive_anon:0kB active_file:52316kB inactive_file:159732kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126856kB dirty:1308kB writeback:0kB shmem:3616kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12720kB pagetables:4752kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 249.308699][ T8434] Node 1 active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 249.389867][ T8434] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 249.481443][ T8434] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 249.570704][ T8434] Node 0 DMA32 free:1288204kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23548kB inactive_anon:0kB active_file:52316kB inactive_file:159732kB unevictable:1536kB writepending:1308kB zspages:0kB present:3129332kB managed:2552716kB mlocked:0kB bounce:0kB free_pcp:49692kB local_pcp:29112kB free_cma:0kB [ 249.752413][ T8434] lowmem_reserve[]: 0 0 0 0 0 [ 249.762906][ T8434] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:672kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:20kB free_cma:0kB [ 249.820375][ T8434] lowmem_reserve[]: 0 0 0 0 0 [ 249.828390][ T8434] Node 1 Normal free:3930760kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:212kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:7764kB local_pcp:7764kB free_cma:0kB [ 249.890090][ T8434] lowmem_reserve[]: 0 0 0 0 0 [ 249.900214][ T8434] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 249.923277][ T992] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 249.942198][ T8434] Node 0 DMA32: 3463*4kB (UME) 1843*8kB (UME) 687*16kB (UM) 173*32kB (UM) 270*64kB (UM) 97*128kB (UM) 55*256kB (UM) 17*512kB (UME) 2*1024kB (UE) 3*2048kB (M) 289*4096kB (UM) = 1289540kB [ 249.981294][ T8434] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 250.008749][ T8434] Node 1 Normal: 5*4kB (UM) 13*8kB (UM) 14*16kB (UM) 15*32kB (UM) 12*64kB (UM) 5*128kB (UM) 4*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 956*4096kB (M) = 3930812kB [ 250.062899][ T8434] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 250.083107][ T8434] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 250.094824][ T992] usb 3-1: Using ep0 maxpacket: 8 [ 250.105810][ T8434] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 250.121119][ T8434] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 250.122248][ T992] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 250.164768][ T992] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 250.165497][ T8434] 54352 total pagecache pages [ 250.179975][ T992] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 250.190449][ T8434] 0 pages in swap cache [ 250.197992][ T992] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.214246][ T8434] Free swap = 124996kB [ 250.215188][ T992] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 250.225966][ T8434] Total swap = 124996kB [ 250.228188][ T992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.258391][ T8434] 2097051 pages RAM [ 250.268129][ T8434] 0 pages HighMem/MovableOnly [ 250.273368][ T8434] 427089 pages reserved [ 250.277578][ T8434] 0 pages cma reserved [ 250.428511][ T8455] input: syz1 as /devices/virtual/input/input20 [ 250.453172][ T992] usb 3-1: GET_CAPABILITIES returned 0 [ 250.458952][ T992] usbtmc 3-1:16.0: can't read capabilities [ 250.466330][ T8455] syzkaller1: entered allmulticast mode [ 250.674449][ T10] usb 3-1: USB disconnect, device number 27 [ 250.740529][ T8469] validate_nla: 42 callbacks suppressed [ 250.740548][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.770680][ T8471] netlink: 40 bytes leftover after parsing attributes in process `syz.1.743'. [ 250.791009][ T8471] netlink: 44 bytes leftover after parsing attributes in process `syz.1.743'. [ 250.809432][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.841115][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.857643][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.874541][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.890161][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.908609][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.925364][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.942030][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.961054][ T8469] netlink: 'syz.0.742': attribute type 3 has an invalid length. [ 250.985328][ T8473] batadv_slave_0: entered promiscuous mode [ 251.032393][ T30] audit: type=1326 audit(1777117470.211:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.082775][ T8471] netlink: 28 bytes leftover after parsing attributes in process `syz.1.743'. [ 251.092901][ T30] audit: type=1326 audit(1777117470.211:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.092946][ T30] audit: type=1326 audit(1777117470.211:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.092985][ T30] audit: type=1326 audit(1777117470.211:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093023][ T30] audit: type=1326 audit(1777117470.211:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093062][ T30] audit: type=1326 audit(1777117470.211:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093102][ T30] audit: type=1326 audit(1777117470.241:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093140][ T30] audit: type=1326 audit(1777117470.241:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093178][ T30] audit: type=1326 audit(1777117470.241:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.093240][ T30] audit: type=1326 audit(1777117470.251:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 251.406686][ T8471] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.451434][ T8471] batadv_slave_0 (unregistering): left promiscuous mode [ 251.471091][ T8471] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.296982][ T8498] FAULT_INJECTION: forcing a failure. [ 252.296982][ T8498] name failslab, interval 1, probability 0, space 0, times 0 [ 252.336712][ T8498] CPU: 0 UID: 0 PID: 8498 Comm: syz.4.751 Tainted: G L syzkaller #0 PREEMPT(full) [ 252.336741][ T8498] Tainted: [L]=SOFTLOCKUP [ 252.336746][ T8498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 252.336754][ T8498] Call Trace: [ 252.336760][ T8498] [ 252.336765][ T8498] dump_stack_lvl+0xe8/0x150 [ 252.336784][ T8498] should_fail_ex+0x412/0x560 [ 252.336803][ T8498] should_failslab+0xa8/0x100 [ 252.336825][ T8498] __kmalloc_noprof+0xe8/0x760 [ 252.336844][ T8498] ? tomoyo_encode+0x28b/0x550 [ 252.336865][ T8498] tomoyo_encode+0x28b/0x550 [ 252.336885][ T8498] tomoyo_realpath_from_path+0x58d/0x5d0 [ 252.336909][ T8498] ? tomoyo_path_number_perm+0x219/0x630 [ 252.336924][ T8498] tomoyo_path_number_perm+0x246/0x630 [ 252.336940][ T8498] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 252.336955][ T8498] ? __lock_acquire+0x6b5/0x2cf0 [ 252.336992][ T8498] ? __fget_files+0x2a/0x420 [ 252.337010][ T8498] ? __fget_files+0x3a0/0x420 [ 252.337025][ T8498] ? __fget_files+0x2a/0x420 [ 252.337042][ T8498] security_file_ioctl_compat+0xc3/0x2a0 [ 252.337063][ T8498] __ia32_compat_sys_ioctl+0x139/0x950 [ 252.337086][ T8498] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 252.337109][ T8498] ? __fget_files+0x3a0/0x420 [ 252.337128][ T8498] ? fput+0xa0/0xd0 [ 252.337143][ T8498] ? ksys_write+0x242/0x270 [ 252.337191][ T8498] __do_fast_syscall_32+0x229/0x6e0 [ 252.337215][ T8498] ? do_fast_syscall_32+0x33/0x70 [ 252.337236][ T8498] ? lockdep_hardirqs_on+0x7a/0x110 [ 252.337256][ T8498] ? asm_int80_emulation+0x1a/0x20 [ 252.337276][ T8498] ? do_int80_emulation+0x286/0x530 [ 252.337290][ T8498] ? trace_irq_disable+0x3b/0x140 [ 252.337314][ T8498] do_fast_syscall_32+0x33/0x70 [ 252.337330][ T8498] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.337346][ T8498] RIP: 0023:0xf706f01c [ 252.337358][ T8498] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 252.337370][ T8498] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 252.337384][ T8498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005424 [ 252.337393][ T8498] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.337400][ T8498] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.337408][ T8498] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 252.337415][ T8498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.337433][ T8498] [ 252.337447][ T8498] ERROR: Out of memory at tomoyo_realpath_from_path. [ 252.938693][ T8510] openvswitch: netlink: Message has 1 unknown bytes. [ 252.970713][ T8510] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 253.243423][ T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 253.383204][ T10] usb 5-1: device descriptor read/64, error -71 [ 253.546963][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.761'. [ 253.560598][ T8527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.633503][ T8528] input: syz0 as /devices/virtual/input/input21 [ 253.653457][ T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 253.715947][ T8527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.804996][ T10] usb 5-1: device descriptor read/64, error -71 [ 253.926481][ T10] usb usb5-port1: attempt power cycle [ 254.275791][ T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 254.324328][ T10] usb 5-1: device descriptor read/8, error -71 [ 254.522930][ T29] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 254.583145][ T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 254.590791][ T992] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 254.643737][ T10] usb 5-1: device descriptor read/8, error -71 [ 254.758557][ T10] usb usb5-port1: unable to enumerate USB device [ 254.824772][ T992] usb 4-1: config 0 has no interfaces? [ 254.833399][ T992] usb 4-1: New USB device found, idVendor=0471, idProduct=0307, bcdDevice=e4.df [ 254.860318][ T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.928233][ T992] usb 4-1: config 0 descriptor?? [ 255.121887][ T8547] x_tables: duplicate underflow at hook 2 [ 255.346617][ T992] usb 4-1: USB disconnect, device number 26 [ 255.619693][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.626307][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.910901][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.771'. [ 256.266760][ T8572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.774'. [ 256.298329][ T8573] validate_nla: 43 callbacks suppressed [ 256.298342][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.314902][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.363528][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.403810][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.436503][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.472589][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.536016][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.582976][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.601071][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.609508][ T8573] netlink: 'syz.3.772': attribute type 3 has an invalid length. [ 256.906314][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 256.906330][ T30] audit: type=1326 audit(1777117476.091:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.031108][ T30] audit: type=1326 audit(1777117476.091:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.149518][ T30] audit: type=1326 audit(1777117476.121:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.214927][ T30] audit: type=1326 audit(1777117476.121:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.299594][ T8587] loop5: detected capacity change from 0 to 7 [ 257.311156][ T30] audit: type=1326 audit(1777117476.121:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.367264][ T30] audit: type=1326 audit(1777117476.121:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.421463][ T8587] Dev loop5: unable to read RDB block 7 [ 257.433904][ T30] audit: type=1326 audit(1777117476.121:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.467376][ T8587] loop5: AHDI p1 [ 257.498566][ T30] audit: type=1326 audit(1777117476.131:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.522377][ T8587] loop5: partition table partially beyond EOD, truncated [ 257.578157][ T30] audit: type=1326 audit(1777117476.131:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.668429][ T30] audit: type=1326 audit(1777117476.131:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8584 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf6fcf01c code=0x7ffc0000 [ 257.983403][ T8599] netlink: 64 bytes leftover after parsing attributes in process `syz.2.782'. [ 258.289318][ T8609] IPVS: set_ctl: invalid protocol: 47 127.0.0.1:20003 [ 258.522948][ T24] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 258.700530][ T24] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 258.725558][ T24] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 258.748056][ T24] usb 2-1: Product: syz [ 258.767091][ T24] usb 2-1: Manufacturer: syz [ 258.784373][ T24] usb 2-1: SerialNumber: syz [ 258.801814][ T24] usb 2-1: config 0 descriptor?? [ 258.826157][ T24] ch341 2-1:0.0: ch341-uart converter detected [ 259.025726][ T24] usb 2-1: failed to receive control message: -121 [ 259.032768][ T24] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 260.048675][ T8635] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4180564684 (8361129368 ns) > initial count (6590827116 ns). Using initial count to start timer. [ 260.894155][ T8641] FAULT_INJECTION: forcing a failure. [ 260.894155][ T8641] name failslab, interval 1, probability 0, space 0, times 0 [ 260.908979][ T8641] CPU: 0 UID: 0 PID: 8641 Comm: syz.3.796 Tainted: G L syzkaller #0 PREEMPT(full) [ 260.909006][ T8641] Tainted: [L]=SOFTLOCKUP [ 260.909014][ T8641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.909024][ T8641] Call Trace: [ 260.909031][ T8641] [ 260.909039][ T8641] dump_stack_lvl+0xe8/0x150 [ 260.909066][ T8641] should_fail_ex+0x412/0x560 [ 260.909094][ T8641] should_failslab+0xa8/0x100 [ 260.909124][ T8641] __kmalloc_cache_noprof+0x88/0x660 [ 260.909151][ T8641] ? resv_map_alloc+0x51/0x2c0 [ 260.909179][ T8641] resv_map_alloc+0x51/0x2c0 [ 260.909205][ T8641] hugetlbfs_get_inode+0x5d/0x650 [ 260.909235][ T8641] ? security_capable+0xb9/0x2c0 [ 260.909258][ T8641] ? in_group_p+0x82/0x1c0 [ 260.909284][ T8641] hugetlb_file_setup+0x28f/0x630 [ 260.909316][ T8641] newseg+0x467/0xc60 [ 260.909346][ T8641] ? __pfx_newseg+0x10/0x10 [ 260.909387][ T8641] ipcget+0x1d4/0xec0 [ 260.909413][ T8641] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 260.909436][ T8641] ? __pfx_vfs_write+0x10/0x10 [ 260.909465][ T8641] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 260.909488][ T8641] ? __pfx_ipcget+0x10/0x10 [ 260.909511][ T8641] ? __fget_files+0x3a0/0x420 [ 260.909540][ T8641] __ia32_sys_shmget+0x140/0x190 [ 260.909566][ T8641] ? __pfx___ia32_sys_shmget+0x10/0x10 [ 260.909599][ T8641] __do_fast_syscall_32+0x229/0x6e0 [ 260.909622][ T8641] ? do_fast_syscall_32+0x33/0x70 [ 260.909643][ T8641] ? lockdep_hardirqs_on+0x7a/0x110 [ 260.909663][ T8641] ? asm_int80_emulation+0x1a/0x20 [ 260.909681][ T8641] ? do_int80_emulation+0x286/0x530 [ 260.909702][ T8641] ? trace_irq_disable+0x3b/0x140 [ 260.909732][ T8641] do_fast_syscall_32+0x33/0x70 [ 260.909754][ T8641] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 260.909780][ T8641] RIP: 0023:0xf7f3501c [ 260.909796][ T8641] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 260.909812][ T8641] RSP: 002b:00000000f53f650c EFLAGS: 00000206 ORIG_RAX: 000000000000018b [ 260.909832][ T8641] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000000d000 [ 260.909844][ T8641] RDX: 0000000078000c82 RSI: 000000008052b000 RDI: 0000000000000000 [ 260.909857][ T8641] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 260.909867][ T8641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 260.909878][ T8641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 260.909904][ T8641] [ 261.662881][ T992] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 261.708341][ T5683] usb 2-1: USB disconnect, device number 24 [ 261.715866][ T5683] ch341 2-1:0.0: device disconnected [ 261.810669][ T8657] fuse: Bad value for 'user_id' [ 261.815887][ T992] usb 3-1: Using ep0 maxpacket: 32 [ 261.824094][ T8657] fuse: Bad value for 'user_id' [ 261.830683][ T992] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 261.849640][ T992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.867166][ T992] usb 3-1: config 0 descriptor?? [ 261.896020][ T992] as10x_usb: device has been detected [ 261.903753][ T992] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 261.945617][ T992] usb 3-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 262.088071][ T8649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.121333][ T8649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.134084][ T992] as10x_usb: error during firmware upload part1 [ 262.150982][ T992] Registered device nBox DVB-T Dongle [ 262.163766][ T992] usb 3-1: USB disconnect, device number 29 [ 262.242217][ T992] Unregistered device nBox DVB-T Dongle [ 262.249747][ T992] as10x_usb: device has been disconnected [ 262.289627][ T8665] validate_nla: 40 callbacks suppressed [ 262.289638][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.317617][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.332588][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.346800][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.360812][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.378207][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.389860][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.408077][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.422249][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.440063][ T8665] netlink: 'syz.1.804': attribute type 3 has an invalid length. [ 262.713022][ T992] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 262.872927][ T5683] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 262.883750][ T992] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 262.911699][ T992] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.943186][ T992] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 262.956978][ T992] usb 5-1: New USB device found, idVendor=056e, idProduct=00ff, bcdDevice= 0.00 [ 262.967576][ T992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.000865][ T992] usb 5-1: config 0 descriptor?? [ 263.045014][ T5683] usb 4-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99 [ 263.065819][ T5683] usb 4-1: config 0 interface 0 has no altsetting 0 [ 263.074834][ T5683] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 263.084395][ T5683] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 263.092612][ T5683] usb 4-1: Product: syz [ 263.099241][ T5683] usb 4-1: Manufacturer: syz [ 263.105759][ T5683] usb 4-1: SerialNumber: syz [ 263.113462][ T5683] usb 4-1: config 0 descriptor?? [ 263.120859][ T8669] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 263.134255][ T8673] netlink: 1002 bytes leftover after parsing attributes in process `syz.0.808'. [ 263.147727][ T5683] usb 4-1: selecting invalid altsetting 0 [ 263.341749][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.0.809'. [ 263.439546][ T992] hid_parser_main: 28 callbacks suppressed [ 263.439566][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.468135][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.485957][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.502049][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.532335][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.568262][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.589650][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.618049][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.629030][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.649601][ T992] elecom 0003:056E:00FF.0008: unknown main item tag 0x0 [ 263.677985][ T992] elecom 0003:056E:00FF.0008: hidraw0: USB HID v0.03 Device [HID 056e:00ff] on usb-dummy_hcd.4-1/input0 [ 263.699149][ T8686] x_tables: arp_tables: AUDIT target: not valid for this family [ 263.737214][ T992] usb 5-1: USB disconnect, device number 31 [ 263.841804][ T8687] fido_id[8687]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 265.082905][ T5683] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 265.244714][ T5683] usb 3-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 265.273483][ T5683] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 265.284338][ T5683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.296766][ T5683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.314812][ T5683] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 265.343800][ T5683] usb 3-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 265.364376][ T5683] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.397833][ T5683] usb 3-1: config 0 descriptor?? [ 265.684299][ T5683] input: HID 28bd:0909 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0909.0009/input/input22 [ 265.815224][ T5683] uclogic 0003:28BD:0909.0009: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.2-1/input0 [ 265.897481][ T5683] usb 3-1: USB disconnect, device number 30 [ 266.063750][ T8713] fido_id[8713]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 266.100585][ T10] usb 4-1: USB disconnect, device number 27 [ 266.236234][ T8715] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 266.441381][ T8726] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 266.561321][ T8727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.821'. [ 266.641946][ T8729] netlink: 24 bytes leftover after parsing attributes in process `syz.4.821'. [ 267.646054][ T5683] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 267.803527][ T5683] usb 2-1: Using ep0 maxpacket: 16 [ 267.817105][ T5683] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 267.843188][ T5683] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 267.859709][ T5683] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.881322][ T5683] usb 2-1: Product: syz [ 267.891934][ T5683] usb 2-1: Manufacturer: syz [ 267.902760][ T5683] usb 2-1: SerialNumber: syz [ 267.927229][ T5683] usb 2-1: config 0 descriptor?? [ 267.954312][ T5683] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 267.979678][ T5683] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 268.570031][ T5683] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 268.762936][ T29] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 268.896811][ T8755] xt_CT: You must specify a L4 protocol and not use inversions on it [ 268.935150][ T29] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 269.007754][ T29] usb 5-1: New USB device found, idVendor=041e, idProduct=0005, bcdDevice= 0.40 [ 269.009867][ T8758] fuse: Unknown parameter '0x0000000000000007' [ 269.019238][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.042922][ T29] usb 5-1: Product: syz [ 269.052673][ T29] usb 5-1: Manufacturer: syz [ 269.062667][ T29] usb 5-1: SerialNumber: syz [ 269.102605][ T8759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.832'. [ 269.279721][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.304803][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.325910][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.337384][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.348589][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.362011][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.385863][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.402367][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.419021][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.437357][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.560545][ T29] usb 5-1: USB disconnect, device number 32 [ 269.679968][ T5683] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 269.695058][ T5683] em28xx 2-1:0.0: board has no eeprom [ 269.764744][ T5683] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 269.777997][ T5683] em28xx 2-1:0.0: dvb set to bulk mode. [ 269.798792][ T29] em28xx 2-1:0.0: Binding DVB extension [ 269.892988][ T29] em28xx 2-1:0.0: Registering input extension [ 270.143364][ T8787] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 270.398546][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 270.398561][ T30] audit: type=1326 audit(1777117489.581:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.452197][ T5683] usb 2-1: USB disconnect, device number 25 [ 270.494540][ T5683] em28xx 2-1:0.0: Disconnecting em28xx [ 270.504816][ T5683] em28xx 2-1:0.0: Closing input extension [ 270.527697][ T30] audit: type=1326 audit(1777117489.581:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.550527][ T29] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 270.608284][ T5683] em28xx 2-1:0.0: Freeing device [ 270.660215][ T30] audit: type=1326 audit(1777117489.591:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.742861][ T29] usb 4-1: Using ep0 maxpacket: 8 [ 270.749791][ T29] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 270.772754][ T30] audit: type=1326 audit(1777117489.591:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.825014][ T29] usb 4-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 270.862975][ T30] audit: type=1326 audit(1777117489.621:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.898240][ T29] usb 4-1: config 1 interface 0 has no altsetting 0 [ 270.923831][ T29] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.40 [ 270.945196][ T30] audit: type=1326 audit(1777117489.621:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 270.981151][ T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.017777][ T30] audit: type=1326 audit(1777117489.621:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 271.026196][ T29] usb 4-1: Product: syz [ 271.044171][ T29] usb 4-1: Manufacturer: syz [ 271.048826][ T29] usb 4-1: SerialNumber: syz [ 271.143683][ T30] audit: type=1326 audit(1777117489.651:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 271.244647][ T30] audit: type=1326 audit(1777117489.651:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 271.301485][ T30] audit: type=1326 audit(1777117489.671:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.4.840" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 271.446513][ T8805] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 271.474157][ T8785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.507869][ T8785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.067950][ T8822] syzkaller0: entered promiscuous mode [ 273.078987][ T8822] syzkaller0: entered allmulticast mode [ 273.247372][ T29] usbhid 4-1:1.0: can't add hid device: -71 [ 273.267866][ T29] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 273.317229][ T29] usb 4-1: USB disconnect, device number 28 [ 273.421673][ T8827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'. [ 273.439778][ T8827] netlink: 277 bytes leftover after parsing attributes in process `syz.3.854'. [ 273.450788][ T8827] netlink: 277 bytes leftover after parsing attributes in process `syz.3.854'. [ 273.505272][ T8825] netlink: 36 bytes leftover after parsing attributes in process `syz.1.847'. [ 273.535803][ T8833] usb usb8: usbfs: process 8833 (syz.3.854) did not claim interface 0 before use [ 273.743276][ T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 273.802226][ T8839] openvswitch: netlink: Message has 1 unknown bytes. [ 273.819829][ T8839] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 273.872900][ T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 273.905696][ T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 273.925939][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 273.943989][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 273.955968][ T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 273.966878][ T9] usb 5-1: Product: syz [ 273.974992][ T9] usb 5-1: Manufacturer: syz [ 273.983261][ T9] usb 5-1: SerialNumber: syz [ 274.001353][ T9] usb 5-1: config 0 descriptor?? [ 274.015261][ T9] usb 5-1: selecting invalid altsetting 0 [ 274.093629][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 274.102635][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 274.138957][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.181681][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 274.230632][ T24] usb 4-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 274.255626][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.270513][ T24] usb 4-1: Product: syz [ 274.275924][ T24] usb 4-1: Manufacturer: syz [ 274.280875][ T24] usb 4-1: SerialNumber: syz [ 274.497617][ T24] usb 4-1: cannot find UAC_HEADER [ 274.596700][ T24] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 274.666536][ T6281] udevd[6281]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 275.803887][ T8861] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 276.548903][ T24] usb 4-1: USB disconnect, device number 29 [ 277.086573][ T9] usb 5-1: USB disconnect, device number 33 [ 277.543415][ T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 277.617811][ T8883] validate_nla: 41 callbacks suppressed [ 277.617827][ T8883] netlink: 'syz.3.867': attribute type 27 has an invalid length. [ 277.633780][ T8883] IPv6: NLM_F_CREATE should be specified when creating new route [ 277.713187][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 277.719957][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 277.742281][ T9] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 277.757215][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.778329][ T9] usb 5-1: Product: syz [ 277.784685][ T9] usb 5-1: Manufacturer: syz [ 277.790132][ T9] usb 5-1: SerialNumber: syz [ 277.811375][ T9] usb 5-1: config 0 descriptor?? [ 277.823823][ T9] cdc_ether 5-1:0.0: missing cdc header descriptor [ 277.842279][ T9] usb 5-1: unsupported MDLM descriptors [ 278.051552][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.869'. [ 278.095479][ T10] usb 5-1: USB disconnect, device number 34 [ 278.473732][ T8898] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 278.778149][ T8903] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 278.932897][ T5683] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 279.122527][ T5683] usb 2-1: unable to get BOS descriptor or descriptor too short [ 279.161968][ T5683] usb 2-1: not running at top speed; connect to a high speed hub [ 279.193763][ T5683] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 279.204762][ T29] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 279.248034][ T5683] usb 2-1: New USB device found, idVendor=0499, idProduct=105c, bcdDevice= 0.40 [ 279.289822][ T5683] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.319205][ T5683] usb 2-1: Product: 턞䦷뾼紻譙ཨꖩֽអ㶱쾷쇣㳹㉭翠冉棲ꈄ㶝劂䨮Ќ萏覙攙ਚꀞ︩魤꘤ﺾᨶ뮿᫮많䧸익㚤៍鸊둘쩟Ɣ…겗휂縩맚공築袍⠧鋎シ迱鴥ͩ㏧䁄 [ 279.382904][ T29] usb 5-1: Using ep0 maxpacket: 8 [ 279.388075][ T5683] usb 2-1: Manufacturer: Љ [ 279.414649][ T29] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 279.431814][ T5683] usb 2-1: SerialNumber: У [ 279.495540][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.516131][ T8900] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 279.672821][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 279.738185][ T29] usb 5-1: Product: syz [ 279.760991][ T29] usb 5-1: Manufacturer: syz [ 279.796311][ T29] usb 5-1: SerialNumber: syz [ 279.823724][ T29] usb 5-1: config 0 descriptor?? [ 279.847779][ T5683] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 280.125026][ T5683] usb 2-1: USB disconnect, device number 26 [ 280.260514][ T5954] udevd[5954]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 280.671043][ T8905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.697388][ T8905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.747008][ T8915] FAULT_INJECTION: forcing a failure. [ 280.747008][ T8915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.780859][ T29] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in cold state [ 280.796552][ T8915] CPU: 1 UID: 0 PID: 8915 Comm: syz.3.877 Tainted: G L syzkaller #0 PREEMPT(full) [ 280.796581][ T8915] Tainted: [L]=SOFTLOCKUP [ 280.796586][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 280.796594][ T8915] Call Trace: [ 280.796599][ T8915] [ 280.796604][ T8915] dump_stack_lvl+0xe8/0x150 [ 280.796625][ T8915] should_fail_ex+0x412/0x560 [ 280.796644][ T8915] _copy_from_user+0x2d/0xb0 [ 280.796663][ T8915] copy_clone_args_from_user+0x1fa/0x740 [ 280.796690][ T8915] ? get_pid_task+0x20/0x1f0 [ 280.796708][ T8915] ? __pfx_copy_clone_args_from_user+0x10/0x10 [ 280.796737][ T8915] __se_sys_clone3+0x142/0x360 [ 280.796753][ T8915] ? ksys_write+0x1e6/0x270 [ 280.796772][ T8915] ? __pfx___se_sys_clone3+0x10/0x10 [ 280.796797][ T8915] ? __fget_files+0x3a0/0x420 [ 280.796827][ T8915] __do_fast_syscall_32+0x229/0x6e0 [ 280.796844][ T8915] ? do_fast_syscall_32+0x33/0x70 [ 280.796858][ T8915] ? lockdep_hardirqs_on+0x7a/0x110 [ 280.796872][ T8915] ? asm_int80_emulation+0x1a/0x20 [ 280.796885][ T8915] ? do_int80_emulation+0x286/0x530 [ 280.796899][ T8915] ? trace_irq_disable+0x3b/0x140 [ 280.796921][ T8915] do_fast_syscall_32+0x33/0x70 [ 280.796936][ T8915] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 280.796952][ T8915] RIP: 0023:0xf7f3501c [ 280.796963][ T8915] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 280.796974][ T8915] RSP: 002b:00000000f53f63dc EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 280.796988][ T8915] RAX: ffffffffffffffda RBX: 00000000f53f6410 RCX: 000000000000009c [ 280.796996][ T8915] RDX: 0000000000000000 RSI: 0000000066002400 RDI: 0000000000000001 [ 280.797004][ T8915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.797012][ T8915] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 280.797019][ T8915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 280.797036][ T8915] [ 281.000899][ T29] usb 5-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2 [ 281.010849][ T29] usb 5-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw [ 281.402901][ T5683] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 281.584940][ T5683] usb 3-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99 [ 281.609559][ T5683] usb 3-1: config 0 interface 0 has no altsetting 0 [ 281.635396][ T5683] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 281.659137][ T5683] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 281.669226][ T5683] usb 3-1: Product: syz [ 281.674249][ T5683] usb 3-1: Manufacturer: syz [ 281.694973][ T5683] usb 3-1: SerialNumber: syz [ 281.730615][ T5683] usb 3-1: config 0 descriptor?? [ 281.769420][ T8918] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 281.826248][ T5683] usb 3-1: selecting invalid altsetting 0 [ 281.847105][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.879'. [ 281.999758][ T8927] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 282.202512][ T8932] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 282.425128][ T8939] netlink: 'syz.0.883': attribute type 1 has an invalid length. [ 282.527234][ T8939] 8021q: adding VLAN 0 to HW filter on device bond3 [ 282.616004][ T8943] bond3: (slave gretap1): making interface the new active one [ 282.651747][ T8943] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 283.310446][ T30] kauditd_printk_skb: 123 callbacks suppressed [ 283.310463][ T30] audit: type=1326 audit(1777117502.491:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.375803][ T8962] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 283.447813][ T30] audit: type=1326 audit(1777117502.531:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.545077][ T30] audit: type=1326 audit(1777117502.531:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.630112][ T30] audit: type=1326 audit(1777117502.531:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.702284][ T30] audit: type=1326 audit(1777117502.541:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.797542][ T30] audit: type=1326 audit(1777117502.541:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.879147][ T30] audit: type=1326 audit(1777117502.541:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 283.923788][ T8974] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000 [ 283.950651][ T30] audit: type=1326 audit(1777117502.541:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 284.011348][ T30] audit: type=1326 audit(1777117502.581:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 284.073872][ T30] audit: type=1326 audit(1777117502.581:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8956 comm="syz.4.890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706f01c code=0x7ffc0000 [ 284.840060][ T5683] usb 3-1: USB disconnect, device number 31 [ 285.247581][ T8981] openvswitch: netlink: Unexpected mask (mask=2200040, allowed=2010048) [ 287.633000][ T9010] fuse: Bad value for 'group_id' [ 287.638064][ T9010] fuse: Bad value for 'group_id' [ 287.813138][ T9016] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 287.923582][ T9023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.907'. [ 287.984217][ T9023] netlink: 72 bytes leftover after parsing attributes in process `syz.1.907'. [ 288.633456][ T9028] FAULT_INJECTION: forcing a failure. [ 288.633456][ T9028] name failslab, interval 1, probability 0, space 0, times 0 [ 288.679510][ T9028] CPU: 1 UID: 0 PID: 9028 Comm: syz.3.909 Tainted: G L syzkaller #0 PREEMPT(full) [ 288.679544][ T9028] Tainted: [L]=SOFTLOCKUP [ 288.679552][ T9028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 288.679563][ T9028] Call Trace: [ 288.679570][ T9028] [ 288.679578][ T9028] dump_stack_lvl+0xe8/0x150 [ 288.679605][ T9028] should_fail_ex+0x412/0x560 [ 288.679635][ T9028] should_failslab+0xa8/0x100 [ 288.679665][ T9028] ? skb_clone+0x212/0x3a0 [ 288.679691][ T9028] kmem_cache_alloc_noprof+0x87/0x650 [ 288.679718][ T9028] ? __netlink_lookup+0xc6/0x8b0 [ 288.679747][ T9028] skb_clone+0x212/0x3a0 [ 288.679776][ T9028] __netlink_deliver_tap+0x404/0x850 [ 288.679810][ T9028] ? netlink_deliver_tap+0x2e/0x1b0 [ 288.679835][ T9028] netlink_deliver_tap+0x19c/0x1b0 [ 288.679859][ T9028] netlink_unicast+0x730/0x8e0 [ 288.679890][ T9028] netlink_sendmsg+0x813/0xb40 [ 288.679922][ T9028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.679949][ T9028] ? aa_sock_msg_perm+0xf1/0x1b0 [ 288.679975][ T9028] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 288.680005][ T9028] ____sys_sendmsg+0x972/0x9f0 [ 288.680038][ T9028] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.680066][ T9028] ? kstrtoull+0x12f/0x1d0 [ 288.680095][ T9028] ___sys_sendmsg+0x2a5/0x360 [ 288.680117][ T9028] ? __lock_acquire+0x6b5/0x2cf0 [ 288.680142][ T9028] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.680168][ T9028] ? get_pid_task+0x20/0x1f0 [ 288.680192][ T9028] ? get_pid_task+0x20/0x1f0 [ 288.680214][ T9028] ? get_pid_task+0x20/0x1f0 [ 288.680263][ T9028] ? __fget_files+0x2a/0x420 [ 288.680292][ T9028] ? __fget_files+0x3a0/0x420 [ 288.680325][ T9028] __sys_sendmsg+0x183/0x260 [ 288.680369][ T9028] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.680416][ T9028] __do_fast_syscall_32+0x229/0x6e0 [ 288.680442][ T9028] ? do_fast_syscall_32+0x33/0x70 [ 288.680465][ T9028] ? lockdep_hardirqs_on+0x7a/0x110 [ 288.680486][ T9028] ? asm_int80_emulation+0x1a/0x20 [ 288.680506][ T9028] ? do_int80_emulation+0x286/0x530 [ 288.680529][ T9028] ? trace_irq_disable+0x3b/0x140 [ 288.680562][ T9028] do_fast_syscall_32+0x33/0x70 [ 288.680587][ T9028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.680612][ T9028] RIP: 0023:0xf7f3501c [ 288.680630][ T9028] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 288.680647][ T9028] RSP: 002b:00000000f53f650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 288.680669][ T9028] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 288.680683][ T9028] RDX: 0000000024044000 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.680695][ T9028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.680706][ T9028] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 288.680718][ T9028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.680747][ T9028] [ 290.004696][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'. [ 290.059450][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'. [ 290.360096][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 290.360117][ T30] audit: type=1326 audit(1777117509.541:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.411023][ T30] audit: type=1326 audit(1777117509.551:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.508380][ T30] audit: type=1326 audit(1777117509.571:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=97 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.588446][ T30] audit: type=1326 audit(1777117509.571:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.603324][ T5683] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 290.622882][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 290.630466][ T992] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 290.704686][ T30] audit: type=1326 audit(1777117509.571:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.740222][ T9060] tipc: Can't bind to reserved service type 2 [ 290.788499][ T30] audit: type=1326 audit(1777117509.571:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.810721][ T992] usb 3-1: Using ep0 maxpacket: 16 [ 290.817970][ T992] usb 3-1: config 0 has no interfaces? [ 290.844780][ T5683] usb 4-1: Using ep0 maxpacket: 8 [ 290.853128][ T992] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 290.865550][ T30] audit: type=1326 audit(1777117509.571:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71e616b code=0x7ffc0000 [ 290.895479][ T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.910992][ T992] usb 3-1: Product: syz [ 290.919545][ T992] usb 3-1: Manufacturer: syz [ 290.945985][ T992] usb 3-1: SerialNumber: syz [ 290.950995][ T5683] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.952368][ T30] audit: type=1326 audit(1777117509.571:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 290.995145][ T992] usb 3-1: config 0 descriptor?? [ 291.043586][ T5683] usb 4-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 291.053411][ T30] audit: type=1326 audit(1777117509.571:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 291.131812][ T5683] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.168289][ T5683] usb 4-1: Product: syz [ 291.172662][ T30] audit: type=1326 audit(1777117509.581:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9051 comm="syz.2.918" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70af01c code=0x7ffc0000 [ 291.247439][ T9064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.921'. [ 291.264846][ T5683] usb 4-1: Manufacturer: syz [ 291.272904][ T5683] usb 4-1: SerialNumber: syz [ 291.295328][ T5683] usb 4-1: config 0 descriptor?? [ 291.325954][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.918'. [ 291.364823][ T5683] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 291.374785][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.918'. [ 291.403302][ T5683] usb 4-1: selecting invalid altsetting 1 [ 291.552689][ T5683] gspca_stk014: init reg: 0x00 [ 291.566937][ T5683] stk014 4-1:0.0: probe with driver stk014 failed with error -5 [ 291.670043][ T9071] netlink: 12 bytes leftover after parsing attributes in process `syz.4.923'. [ 291.826768][ T9073] bridge2: entered promiscuous mode [ 291.843229][ T9073] bridge2: entered allmulticast mode [ 291.886306][ T9073] team0: Port device bridge2 added [ 291.910740][ T9077] raw_sendmsg: syz.1.925 forgot to set AF_INET. Fix it! [ 291.955613][ T9076] bridge0: port 3(team0) entered blocking state [ 291.969360][ T9076] bridge0: port 3(team0) entered disabled state [ 291.977638][ T9076] team0: entered allmulticast mode [ 291.984645][ T9076] team_slave_0: entered allmulticast mode [ 291.990623][ T9076] team_slave_1: entered allmulticast mode [ 292.009378][ T9076] team0: entered promiscuous mode [ 292.031106][ T992] usb 4-1: USB disconnect, device number 30 [ 292.035171][ T9076] team_slave_0: entered promiscuous mode [ 292.056474][ T9076] team_slave_1: entered promiscuous mode [ 292.081329][ T9076] bridge0: port 3(team0) entered blocking state [ 292.088465][ T9076] bridge0: port 3(team0) entered forwarding state [ 292.521769][ T9095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.931'. [ 292.740611][ T9100] Cannot find set identified by id 0 to match [ 292.962979][ T5683] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 293.347879][ T5722] usb 3-1: USB disconnect, device number 32 [ 293.464874][ T9108] fuse: Bad value for 'fd' [ 293.575820][ T9111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.934'. [ 294.326823][ T9119] ptrace attach of "./syz-executor exec"[5640] was attempted by "./syz-executor exec"[9119] [ 294.824927][ T9132] x_tables: duplicate underflow at hook 2 [ 295.120926][ T9137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.941'. [ 295.662186][ T9152] FAULT_INJECTION: forcing a failure. [ 295.662186][ T9152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.693133][ T9152] CPU: 0 UID: 0 PID: 9152 Comm: syz.0.945 Tainted: G L syzkaller #0 PREEMPT(full) [ 295.693161][ T9152] Tainted: [L]=SOFTLOCKUP [ 295.693168][ T9152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 295.693179][ T9152] Call Trace: [ 295.693187][ T9152] [ 295.693194][ T9152] dump_stack_lvl+0xe8/0x150 [ 295.693219][ T9152] should_fail_ex+0x412/0x560 [ 295.693246][ T9152] _copy_from_user+0x2d/0xb0 [ 295.693273][ T9152] do_ip_getsockopt+0x292/0x1d40 [ 295.693300][ T9152] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 295.693323][ T9152] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 295.693348][ T9152] ? __lock_acquire+0x6b5/0x2cf0 [ 295.693371][ T9152] ? _parse_integer_limit+0x1ae/0x1f0 [ 295.693396][ T9152] ? kstrtoull+0x12f/0x1d0 [ 295.693436][ T9152] ? aa_sk_perm+0x6d5/0x900 [ 295.693461][ T9152] ip_getsockopt+0xbb/0x230 [ 295.693485][ T9152] ? __pfx_ip_getsockopt+0x10/0x10 [ 295.693501][ T9152] ? aa_sock_opt_perm+0xff/0x1a0 [ 295.693526][ T9152] ? sock_common_getsockopt+0x2d/0xb0 [ 295.693543][ T9152] ? raw_getsockopt+0xce/0x1f0 [ 295.693565][ T9152] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 295.693584][ T9152] do_sock_getsockopt+0x51d/0x7e0 [ 295.693611][ T9152] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 295.693631][ T9152] ? __fget_files+0x2a/0x420 [ 295.693668][ T9152] ? __fget_files+0x2a/0x420 [ 295.693693][ T9152] ? __fget_files+0x3a0/0x420 [ 295.693713][ T9152] ? __fget_files+0x2a/0x420 [ 295.693741][ T9152] __ia32_sys_getsockopt+0x1a4/0x240 [ 295.693772][ T9152] __do_fast_syscall_32+0x229/0x6e0 [ 295.693794][ T9152] ? do_fast_syscall_32+0x33/0x70 [ 295.693815][ T9152] ? lockdep_hardirqs_on+0x7a/0x110 [ 295.693833][ T9152] ? asm_int80_emulation+0x1a/0x20 [ 295.693851][ T9152] ? do_int80_emulation+0x286/0x530 [ 295.693872][ T9152] ? trace_irq_disable+0x3b/0x140 [ 295.693901][ T9152] do_fast_syscall_32+0x33/0x70 [ 295.693923][ T9152] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 295.693945][ T9152] RIP: 0023:0xf6fcf01c [ 295.693962][ T9152] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 295.693977][ T9152] RSP: 002b:00000000f53bd50c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 295.693996][ T9152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 295.694008][ T9152] RDX: 0000000000000016 RSI: 0000000080000440 RDI: 0000000080000b40 [ 295.694020][ T9152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 295.694031][ T9152] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 295.694041][ T9152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 295.694067][ T9152] [ 295.863085][ T5684] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 296.040847][ T9154] netlink: 8 bytes leftover after parsing attributes in process `syz.4.946'. [ 296.382902][ T5684] usb 3-1: Using ep0 maxpacket: 8 [ 296.403880][ T5684] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.417898][ T5684] usb 3-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 296.427455][ T5684] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.451430][ T5684] usb 3-1: Product: syz [ 296.482413][ T5684] usb 3-1: Manufacturer: syz [ 296.510917][ T5684] usb 3-1: SerialNumber: syz [ 296.545849][ T5684] usb 3-1: config 0 descriptor?? [ 296.576586][ T5684] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 296.600788][ T5684] usb 3-1: selecting invalid altsetting 1 [ 296.771365][ T5684] gspca_stk014: init reg: 0x00 [ 296.799312][ T5684] stk014 3-1:0.0: probe with driver stk014 failed with error -5 [ 296.894945][ T30] kauditd_printk_skb: 76 callbacks suppressed [ 296.894962][ T30] audit: type=1326 audit(1777117516.071:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9168 comm="syz.4.951" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706f01c code=0x0 [ 297.315043][ T992] usb 3-1: USB disconnect, device number 33 [ 297.540468][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.953'. [ 298.163203][ T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 298.329655][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 298.357732][ T9] usb 3-1: New USB device found, idVendor=04b4, idProduct=9320, bcdDevice= 0.40 [ 298.378945][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.397773][ T9] usb 3-1: Product: syz [ 298.407626][ T9] usb 3-1: Manufacturer: syz [ 298.423703][ T9] usb 3-1: SerialNumber: syz [ 298.474711][ T9] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 298.656384][ T9] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 298.711566][ T9] snd-usb-hiface 3-1:1.0: probe with driver snd-usb-hiface failed with error -22 [ 298.833882][ T5722] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 298.925950][ T9] usb 3-1: can't set first interface for hiFace device. [ 298.957757][ T9] snd-usb-hiface 3-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 298.992933][ T5722] usb 4-1: Using ep0 maxpacket: 8 [ 299.009547][ T9] usb 3-1: can't set first interface for hiFace device. [ 299.011080][ T5722] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 299.039843][ T9] snd-usb-hiface 3-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 299.065325][ T5722] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 299.080408][ T9] usb 3-1: USB disconnect, device number 34 [ 299.105220][ T5722] usb 4-1: Product: syz [ 299.115502][ T5722] usb 4-1: Manufacturer: syz [ 299.125957][ T5722] usb 4-1: SerialNumber: syz [ 299.157008][ T5722] usb 4-1: config 0 descriptor?? [ 299.193891][ T5722] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 299.206261][ T6281] udevd[6281]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 299.947890][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.962'. [ 300.056354][ T9204] hsr_slave_1 (unregistering): left promiscuous mode [ 300.083146][ T5722] gspca_zc3xx: reg_w_i err -110 [ 300.104325][ T5722] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 300.343730][ T10] usb 4-1: USB disconnect, device number 31 [ 300.423393][ T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 300.592925][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 300.614855][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.639118][ T9] usb 3-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 300.662661][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.691171][ T9] usb 3-1: Product: syz [ 300.705732][ T9] usb 3-1: Manufacturer: syz [ 300.728080][ T9] usb 3-1: SerialNumber: syz [ 300.750931][ T9] usb 3-1: config 0 descriptor?? [ 300.773930][ T9] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 300.787028][ T9] usb 3-1: selecting invalid altsetting 1 [ 300.975884][ T9] gspca_stk014: init reg: 0x00 [ 300.999101][ T9] stk014 3-1:0.0: probe with driver stk014 failed with error -5 [ 301.191879][ T9219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.965'. [ 301.236242][ T9219] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 301.405482][ T5722] usb 3-1: USB disconnect, device number 35 [ 301.459953][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.966'. [ 301.609861][ T9227] netlink: 'syz.3.968': attribute type 39 has an invalid length. [ 301.905381][ T9228] FAULT_INJECTION: forcing a failure. [ 301.905381][ T9228] name failslab, interval 1, probability 0, space 0, times 0 [ 301.954933][ T9228] CPU: 1 UID: 0 PID: 9228 Comm: syz.3.968 Tainted: G L syzkaller #0 PREEMPT(full) [ 301.954965][ T9228] Tainted: [L]=SOFTLOCKUP [ 301.954972][ T9228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 301.954983][ T9228] Call Trace: [ 301.954991][ T9228] [ 301.954998][ T9228] dump_stack_lvl+0xe8/0x150 [ 301.955026][ T9228] should_fail_ex+0x412/0x560 [ 301.955055][ T9228] should_failslab+0xa8/0x100 [ 301.955084][ T9228] ? skb_clone+0x212/0x3a0 [ 301.955108][ T9228] kmem_cache_alloc_noprof+0x87/0x650 [ 301.955133][ T9228] ? __netlink_lookup+0xc6/0x8b0 [ 301.955162][ T9228] skb_clone+0x212/0x3a0 [ 301.955195][ T9228] __netlink_deliver_tap+0x404/0x850 [ 301.955228][ T9228] ? netlink_deliver_tap+0x2e/0x1b0 [ 301.955251][ T9228] netlink_deliver_tap+0x19c/0x1b0 [ 301.955275][ T9228] netlink_unicast+0x730/0x8e0 [ 301.955304][ T9228] netlink_sendmsg+0x813/0xb40 [ 301.955336][ T9228] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.955362][ T9228] ? aa_sock_msg_perm+0xf1/0x1b0 [ 301.955387][ T9228] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 301.955415][ T9228] ____sys_sendmsg+0x972/0x9f0 [ 301.955446][ T9228] ? __pfx_____sys_sendmsg+0x10/0x10 [ 301.955475][ T9228] ? kstrtoull+0x12f/0x1d0 [ 301.955503][ T9228] ___sys_sendmsg+0x2a5/0x360 [ 301.955525][ T9228] ? __lock_acquire+0x6b5/0x2cf0 [ 301.955549][ T9228] ? __pfx____sys_sendmsg+0x10/0x10 [ 301.955575][ T9228] ? get_pid_task+0x20/0x1f0 [ 301.955600][ T9228] ? get_pid_task+0x20/0x1f0 [ 301.955621][ T9228] ? get_pid_task+0x20/0x1f0 [ 301.955667][ T9228] ? __fget_files+0x2a/0x420 [ 301.955689][ T9228] ? __fget_files+0x3a0/0x420 [ 301.955720][ T9228] __sys_sendmsg+0x183/0x260 [ 301.955746][ T9228] ? __pfx___sys_sendmsg+0x10/0x10 [ 301.955788][ T9228] __do_fast_syscall_32+0x229/0x6e0 [ 301.955812][ T9228] ? do_fast_syscall_32+0x33/0x70 [ 301.955833][ T9228] ? lockdep_hardirqs_on+0x7a/0x110 [ 301.955852][ T9228] ? asm_int80_emulation+0x1a/0x20 [ 301.955870][ T9228] ? do_int80_emulation+0x286/0x530 [ 301.955889][ T9228] ? trace_irq_disable+0x3b/0x140 [ 301.955935][ T9228] do_fast_syscall_32+0x33/0x70 [ 301.955957][ T9228] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.955980][ T9228] RIP: 0023:0xf7f3501c [ 301.955997][ T9228] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 301.956013][ T9228] RSP: 002b:00000000f53d550c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 301.956033][ T9228] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 0000000080000200 [ 301.956046][ T9228] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 301.956057][ T9228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 301.956068][ T9228] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 301.956079][ T9228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.956106][ T9228] [ 301.958696][ T9234] loop5: detected capacity change from 0 to 7 [ 302.298750][ T9234] Dev loop5: unable to read RDB block 7 [ 302.320007][ T9234] loop5: unable to read partition table [ 302.339245][ T9234] loop5: partition table beyond EOD, truncated [ 302.353634][ T9228] binder: 9225:9228 ioctl c0285840 80000000 returned -22 [ 302.377154][ T9234] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 303.075623][ T9231] syz.4.969 (9231): drop_caches: 2 [ 303.285712][ T5723] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 303.442989][ T5723] usb 3-1: Using ep0 maxpacket: 16 [ 303.461404][ T5723] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 303.478171][ T5723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.494054][ T5723] usb 3-1: Product: syz [ 303.503466][ T5723] usb 3-1: Manufacturer: syz [ 303.512917][ T5723] usb 3-1: SerialNumber: syz [ 305.175060][ T5723] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 305.182586][ T5723] usb 3-1: MIDIStreaming interface descriptor not found [ 305.195388][ T9244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.210891][ T9244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.402451][ T5722] usb 3-1: USB disconnect, device number 36 [ 305.539374][ T5954] udevd[5954]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 305.717844][ T9286] netlink: 16 bytes leftover after parsing attributes in process `syz.3.985'. [ 305.967352][ T9294] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 306.042875][ T5722] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 306.204944][ T5722] usb 4-1: config 0 has too many interfaces: 142, using maximum allowed: 32 [ 306.228853][ T5722] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 142 [ 306.238554][ T5722] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 306.248535][ T5722] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 306.258627][ T5722] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 52689, setting to 1024 [ 306.270129][ T5722] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024 [ 306.281696][ T5722] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 306.291164][ T5722] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 306.299658][ T5722] usb 4-1: Manufacturer: syz [ 306.310351][ T5722] usb 4-1: config 0 descriptor?? [ 306.329483][ T9290] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 306.343310][ T5722] smsusb:smsusb_probe: board id=9, interface number 0 [ 306.362253][ T5722] smsusb:siano_media_device_register: media controller created [ 306.426851][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.434332][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.441594][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.448896][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.456142][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.503315][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.510807][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.518072][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.525298][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.532522][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.539749][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.547373][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.554621][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.561861][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.569146][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.576370][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.585292][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.592583][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.599844][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.607096][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.614317][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.624986][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.632366][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.639607][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.646831][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.654058][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.662563][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.669846][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.677086][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.684385][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.691633][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.699311][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.706629][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.713911][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.721159][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.728400][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.740101][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.747378][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.754621][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.761844][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.769064][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.776678][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.783943][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.791190][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.798453][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.805713][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.815366][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.822624][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.829894][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.837148][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.844406][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.852121][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.859414][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.866674][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.873925][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.881177][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.888778][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.896063][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.903334][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.910597][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.917846][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.925633][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.932893][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.940128][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.947357][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.954594][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.962721][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.969979][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.977211][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.984439][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 306.991821][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.000325][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.007607][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.014886][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.022135][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.029373][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.036950][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.044213][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.051455][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.058694][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.065926][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.075958][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.083233][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.090475][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.097710][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.104945][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.131150][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.138497][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.145772][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.153019][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.160258][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.167499][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.175440][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.182718][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.189943][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.197161][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.204426][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.211656][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.224132][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.231440][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.238768][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.246034][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.253292][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.260553][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.268447][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.275770][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.283062][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.290327][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.297977][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.305209][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.312429][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.319669][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.326908][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.334131][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.341346][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.399494][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.406768][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.414008][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.421228][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.428445][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.435671][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.442890][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.450106][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.457318][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.464537][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.484554][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.491857][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.499140][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.506443][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.513734][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.521033][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.528287][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.535568][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.542845][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.550111][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.573598][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.581010][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.588251][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.595498][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.602748][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.609989][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.617224][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.624965][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.632478][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.639759][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.647026][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.654303][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.661603][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.668896][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.676166][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.685642][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.692929][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.700156][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.707384][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.714608][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.721839][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.729078][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.736332][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.743610][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.753616][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.760902][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.768198][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.775469][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.782740][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.789993][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.797219][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.804472][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.811767][ C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 307.819346][ T5722] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 307.827703][ T5722] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 307.835629][ T5722] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 307.843349][ T5722] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 307.871049][ T5722] ------------[ cut here ]------------ [ 307.876946][ T5722] !PageLargeKmalloc(page) [ 307.876972][ T5722] WARNING: mm/slub.c:6471 at free_large_kmalloc+0x9b/0x110, CPU#1: kworker/1:5/5722 [ 307.891533][ T5722] Modules linked in: [ 307.896828][ T5722] CPU: 1 UID: 0 PID: 5722 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.907886][ T5722] Tainted: [L]=SOFTLOCKUP [ 307.912220][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 307.922341][ T5722] Workqueue: usb_hub_wq hub_event [ 307.927577][ T5722] RIP: 0010:free_large_kmalloc+0x9b/0x110 [ 307.933463][ T5722] Code: 8b 43 30 83 f8 ff 74 13 25 00 00 00 ff 3d 00 00 00 f8 75 74 c7 43 30 ff ff ff ff 48 89 df 89 ee 5b 41 5e 5d e9 36 d8 fc ff 90 <0f> 0b 90 48 89 df 48 c7 c6 7c e1 fb 8d 5b 41 5e 5d e9 6f 6f 02 ff [ 307.953266][ T5722] RSP: 0018:ffffc90004e26b20 EFLAGS: 00010206 [ 307.959347][ T5722] RAX: 00000000ff000000 RBX: ffffea0001247880 RCX: 0000000000000001 [ 307.967412][ T5722] RDX: ffffc9001e08a000 RSI: ffff8880491e2000 RDI: ffffea0001247880 [ 307.975894][ T5722] RBP: 0000000000000000 R08: ffff888028e3ea03 R09: 1ffff110051c7d40 [ 307.983939][ T5722] R10: dffffc0000000000 R11: ffffed10051c7d41 R12: 1ffff110067d1282 [ 307.991946][ T5722] R13: ffff88801db89180 R14: ffff888028e3ea60 R15: dffffc0000000000 [ 308.000008][ T5722] FS: 0000000000000000(0000) GS:ffff888125395000(0000) knlGS:0000000000000000 [ 308.009005][ T5722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 308.016031][ T5722] CR2: 00000000800cf018 CR3: 000000000e74a000 CR4: 00000000003526f0 [ 308.024093][ T5722] Call Trace: [ 308.027384][ T5722] [ 308.030328][ T5722] usb_free_urb+0xd0/0x120 [ 308.034792][ T5722] smsusb_term_device+0x1d7/0x3e0 [ 308.039836][ T5722] smsusb_probe+0x1aba/0x2280 [ 308.044575][ T5722] ? __pfx_smsusb_probe+0x10/0x10 [ 308.049628][ T5722] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 308.055228][ T5722] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 308.061051][ T5722] ? __pm_runtime_set_status+0x9d4/0xcd0 [ 308.066762][ T5722] usb_probe_interface+0x659/0xc70 [ 308.071890][ T5722] ? __pfx_usb_probe_interface+0x10/0x10 [ 308.077579][ T5722] really_probe+0x267/0xaf0 [ 308.082115][ T5722] __driver_probe_device+0x1ef/0x380 [ 308.087451][ T5722] driver_probe_device+0x4f/0x240 [ 308.092485][ T5722] __device_attach_driver+0x279/0x430 [ 308.097976][ T5722] bus_for_each_drv+0x258/0x2f0 [ 308.102914][ T5722] ? __pfx___device_attach_driver+0x10/0x10 [ 308.108845][ T5722] ? __pfx_bus_for_each_drv+0x10/0x10 [ 308.114289][ T5722] ? lockdep_hardirqs_on+0x7a/0x110 [ 308.119520][ T5722] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 308.125398][ T5722] __device_attach+0x2c5/0x450 [ 308.130195][ T5722] ? __pfx___device_attach+0x10/0x10 [ 308.135575][ T5722] ? _raw_spin_unlock+0x28/0x50 [ 308.140444][ T5722] device_initial_probe+0xa1/0xd0 [ 308.145583][ T5722] bus_probe_device+0x12a/0x220 [ 308.150507][ T5722] device_add+0x7e9/0xbb0 [ 308.154958][ T5722] usb_set_configuration+0x1a87/0x2110 [ 308.160484][ T5722] usb_generic_driver_probe+0x8d/0x150 [ 308.166006][ T5722] usb_probe_device+0x1c4/0x3b0 [ 308.170863][ T5722] ? __pfx_usb_probe_device+0x10/0x10 [ 308.176294][ T5722] really_probe+0x267/0xaf0 [ 308.180825][ T5722] __driver_probe_device+0x1ef/0x380 [ 308.186179][ T5722] driver_probe_device+0x4f/0x240 [ 308.191213][ T5722] __device_attach_driver+0x279/0x430 [ 308.196614][ T5722] bus_for_each_drv+0x258/0x2f0 [ 308.201498][ T5722] ? __pfx___device_attach_driver+0x10/0x10 [ 308.207495][ T5722] ? __pfx_bus_for_each_drv+0x10/0x10 [ 308.212942][ T5722] ? lockdep_hardirqs_on+0x7a/0x110 [ 308.218172][ T5722] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 308.224064][ T5722] __device_attach+0x2c5/0x450 [ 308.228840][ T5722] ? __pfx___device_attach+0x10/0x10 [ 308.234180][ T5722] ? _raw_spin_unlock+0x28/0x50 [ 308.239036][ T5722] device_initial_probe+0xa1/0xd0 [ 308.244119][ T5722] bus_probe_device+0x12a/0x220 [ 308.249002][ T5722] device_add+0x7e9/0xbb0 [ 308.253924][ T5722] usb_new_device+0xa08/0x16f0 [ 308.258792][ T5722] ? __pfx_usb_new_device+0x10/0x10 [ 308.264070][ T5722] ? _raw_spin_unlock_irq+0x23/0x50 [ 308.269302][ T5722] hub_event+0x2a1c/0x4f30 [ 308.273814][ T5722] ? do_raw_spin_unlock+0xf5/0x210 [ 308.279040][ T5722] ? __pfx_hub_event+0x10/0x10 [ 308.283888][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.289643][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.295461][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.301219][ T5722] process_scheduled_works+0xb5d/0x1860 [ 308.306906][ T5722] ? __pfx_process_scheduled_works+0x10/0x10 [ 308.312992][ T5722] ? assign_work+0x3d5/0x5e0 [ 308.317634][ T5722] worker_thread+0xa53/0xfc0 [ 308.322297][ T5722] kthread+0x388/0x470 [ 308.326470][ T5722] ? __pfx_worker_thread+0x10/0x10 [ 308.331634][ T5722] ? __pfx_kthread+0x10/0x10 [ 308.336438][ T5722] ret_from_fork+0x514/0xb70 [ 308.341068][ T5722] ? __pfx_ret_from_fork+0x10/0x10 [ 308.346283][ T5722] ? __switch_to+0xc79/0x1410 [ 308.351004][ T5722] ? __pfx_kthread+0x10/0x10 [ 308.355748][ T5722] ret_from_fork_asm+0x1a/0x30 [ 308.360591][ T5722] [ 308.363698][ T5722] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 308.371015][ T5722] CPU: 1 UID: 0 PID: 5722 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 308.381977][ T5722] Tainted: [L]=SOFTLOCKUP [ 308.386329][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 308.396406][ T5722] Workqueue: usb_hub_wq hub_event [ 308.401474][ T5722] Call Trace: [ 308.404800][ T5722] [ 308.407767][ T5722] vpanic+0x56c/0xa60 [ 308.411782][ T5722] ? __pfx__printk+0x10/0x10 [ 308.416416][ T5722] ? __pfx_vpanic+0x10/0x10 [ 308.420949][ T5722] ? is_bpf_text_address+0x292/0x2b0 [ 308.426257][ T5722] ? is_bpf_text_address+0x26/0x2b0 [ 308.431464][ T5722] panic+0xc5/0xd0 [ 308.435183][ T5722] ? __pfx_panic+0x10/0x10 [ 308.439599][ T5722] ? ret_from_fork_asm+0x1a/0x30 [ 308.444562][ T5722] __warn+0x315/0x4c0 [ 308.448545][ T5722] ? free_large_kmalloc+0x9b/0x110 [ 308.453660][ T5722] ? free_large_kmalloc+0x9b/0x110 [ 308.458772][ T5722] __report_bug+0x29a/0x540 [ 308.463271][ T5722] ? device_initial_probe+0xa1/0xd0 [ 308.468462][ T5722] ? bus_probe_device+0x12a/0x220 [ 308.473499][ T5722] ? device_add+0x7e9/0xbb0 [ 308.478021][ T5722] ? free_large_kmalloc+0x9b/0x110 [ 308.483134][ T5722] ? __pfx___report_bug+0x10/0x10 [ 308.488162][ T5722] ? usb_new_device+0xa08/0x16f0 [ 308.493098][ T5722] ? hub_event+0x2a1c/0x4f30 [ 308.497699][ T5722] ? process_scheduled_works+0xb5d/0x1860 [ 308.503422][ T5722] ? smscore_unregister_device+0x651/0x780 [ 308.509239][ T5722] ? free_large_kmalloc+0x9b/0x110 [ 308.514362][ T5722] report_bug+0x16a/0x220 [ 308.518753][ T5722] ? free_large_kmalloc+0x9b/0x110 [ 308.523874][ T5722] ? free_large_kmalloc+0x9d/0x110 [ 308.529010][ T5722] handle_bug+0x9c/0x200 [ 308.533253][ T5722] exc_invalid_op+0x1a/0x50 [ 308.537750][ T5722] asm_exc_invalid_op+0x1a/0x20 [ 308.542626][ T5722] RIP: 0010:free_large_kmalloc+0x9b/0x110 [ 308.548427][ T5722] Code: 8b 43 30 83 f8 ff 74 13 25 00 00 00 ff 3d 00 00 00 f8 75 74 c7 43 30 ff ff ff ff 48 89 df 89 ee 5b 41 5e 5d e9 36 d8 fc ff 90 <0f> 0b 90 48 89 df 48 c7 c6 7c e1 fb 8d 5b 41 5e 5d e9 6f 6f 02 ff [ 308.568041][ T5722] RSP: 0018:ffffc90004e26b20 EFLAGS: 00010206 [ 308.574136][ T5722] RAX: 00000000ff000000 RBX: ffffea0001247880 RCX: 0000000000000001 [ 308.582137][ T5722] RDX: ffffc9001e08a000 RSI: ffff8880491e2000 RDI: ffffea0001247880 [ 308.590107][ T5722] RBP: 0000000000000000 R08: ffff888028e3ea03 R09: 1ffff110051c7d40 [ 308.598094][ T5722] R10: dffffc0000000000 R11: ffffed10051c7d41 R12: 1ffff110067d1282 [ 308.606063][ T5722] R13: ffff88801db89180 R14: ffff888028e3ea60 R15: dffffc0000000000 [ 308.614059][ T5722] usb_free_urb+0xd0/0x120 [ 308.618491][ T5722] smsusb_term_device+0x1d7/0x3e0 [ 308.623529][ T5722] smsusb_probe+0x1aba/0x2280 [ 308.628254][ T5722] ? __pfx_smsusb_probe+0x10/0x10 [ 308.633288][ T5722] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 308.638846][ T5722] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 308.644654][ T5722] ? __pm_runtime_set_status+0x9d4/0xcd0 [ 308.650291][ T5722] usb_probe_interface+0x659/0xc70 [ 308.655416][ T5722] ? __pfx_usb_probe_interface+0x10/0x10 [ 308.661042][ T5722] really_probe+0x267/0xaf0 [ 308.665587][ T5722] __driver_probe_device+0x1ef/0x380 [ 308.670887][ T5722] driver_probe_device+0x4f/0x240 [ 308.675909][ T5722] __device_attach_driver+0x279/0x430 [ 308.681294][ T5722] bus_for_each_drv+0x258/0x2f0 [ 308.686150][ T5722] ? __pfx___device_attach_driver+0x10/0x10 [ 308.692043][ T5722] ? __pfx_bus_for_each_drv+0x10/0x10 [ 308.697426][ T5722] ? lockdep_hardirqs_on+0x7a/0x110 [ 308.702620][ T5722] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 308.708458][ T5722] __device_attach+0x2c5/0x450 [ 308.713219][ T5722] ? __pfx___device_attach+0x10/0x10 [ 308.718538][ T5722] ? _raw_spin_unlock+0x28/0x50 [ 308.723388][ T5722] device_initial_probe+0xa1/0xd0 [ 308.728445][ T5722] bus_probe_device+0x12a/0x220 [ 308.733322][ T5722] device_add+0x7e9/0xbb0 [ 308.737688][ T5722] usb_set_configuration+0x1a87/0x2110 [ 308.743176][ T5722] usb_generic_driver_probe+0x8d/0x150 [ 308.748645][ T5722] usb_probe_device+0x1c4/0x3b0 [ 308.753497][ T5722] ? __pfx_usb_probe_device+0x10/0x10 [ 308.758867][ T5722] really_probe+0x267/0xaf0 [ 308.763376][ T5722] __driver_probe_device+0x1ef/0x380 [ 308.768676][ T5722] driver_probe_device+0x4f/0x240 [ 308.773716][ T5722] __device_attach_driver+0x279/0x430 [ 308.779117][ T5722] bus_for_each_drv+0x258/0x2f0 [ 308.783988][ T5722] ? __pfx___device_attach_driver+0x10/0x10 [ 308.789884][ T5722] ? __pfx_bus_for_each_drv+0x10/0x10 [ 308.795274][ T5722] ? lockdep_hardirqs_on+0x7a/0x110 [ 308.800468][ T5722] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 308.806271][ T5722] __device_attach+0x2c5/0x450 [ 308.811071][ T5722] ? __pfx___device_attach+0x10/0x10 [ 308.816357][ T5722] ? _raw_spin_unlock+0x28/0x50 [ 308.821213][ T5722] device_initial_probe+0xa1/0xd0 [ 308.826235][ T5722] bus_probe_device+0x12a/0x220 [ 308.831099][ T5722] device_add+0x7e9/0xbb0 [ 308.835426][ T5722] usb_new_device+0xa08/0x16f0 [ 308.840213][ T5722] ? __pfx_usb_new_device+0x10/0x10 [ 308.845429][ T5722] ? _raw_spin_unlock_irq+0x23/0x50 [ 308.850621][ T5722] hub_event+0x2a1c/0x4f30 [ 308.855035][ T5722] ? do_raw_spin_unlock+0xf5/0x210 [ 308.860183][ T5722] ? __pfx_hub_event+0x10/0x10 [ 308.864973][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.870697][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.876413][ T5722] ? process_scheduled_works+0xa70/0x1860 [ 308.882136][ T5722] process_scheduled_works+0xb5d/0x1860 [ 308.887700][ T5722] ? __pfx_process_scheduled_works+0x10/0x10 [ 308.893679][ T5722] ? assign_work+0x3d5/0x5e0 [ 308.898268][ T5722] worker_thread+0xa53/0xfc0 [ 308.902892][ T5722] kthread+0x388/0x470 [ 308.906999][ T5722] ? __pfx_worker_thread+0x10/0x10 [ 308.912103][ T5722] ? __pfx_kthread+0x10/0x10 [ 308.916692][ T5722] ret_from_fork+0x514/0xb70 [ 308.921280][ T5722] ? __pfx_ret_from_fork+0x10/0x10 [ 308.926481][ T5722] ? __switch_to+0xc79/0x1410 [ 308.931178][ T5722] ? __pfx_kthread+0x10/0x10 [ 308.935804][ T5722] ret_from_fork_asm+0x1a/0x30 [ 308.940585][ T5722] [ 308.944349][ T5722] Kernel Offset: disabled [ 308.948678][ T5722] Rebooting in 86400 seconds..