last executing test programs: 7.01118951s ago: executing program 2 (id=762): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) close(0x3) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d60c3af28c6e7bae7c352699dbeea72092536d3f12826176e966c4324720e40f4f372d18d70983ab964f1f550305be31a8a18fe7609eefb511088ac4e7457ead7434fe5dfa9ab32499f9feeaaf7bf828927c8115a4d031e6ee5da47873a146aba12", @ANYBLOB=',default_permissions,\x00'], 0xfe, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@getrule={0x14, 0x22, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8040084}, 0x4080) write$FUSE_INIT(r2, &(0x7f0000002200)={0x50, 0x0, 0x0, {0x7, 0x8, 0x2000800, 0x238d117e660ceb5b, 0x401, 0x6, 0x7f, 0x2bf, 0x0, 0x0, 0x100, 0x27}}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x1, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x3, 0x2, 0x26, '\x00', 0xfc}, {0x5, 0xef, 0x8d, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0xfc, 0x2, '\x00', 0x5}, {0x40, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x5}, {0x9, 0xcc, 0x1, '\x00', 0xff}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x84, 0x5, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x3, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0x2}, {0x10, 0x35, 0x40, '\x00', 0xcf}, {0x32, 0x3f, 0x0, '\x00', 0x3}, {0x6e, 0x4, 0x1, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x9}, {0x13, 0x7}, {0x11, 0x6, 0x9, '\x00', 0x2}, {0x8, 0x6, 0x1, '\x00', 0x49}, {0xae, 0x65, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0xbd, 0x9, 0x74, '\x00', 0x9}]}}) 6.408609051s ago: executing program 0 (id=767): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='./file0\x00') mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)={0x200001, 0x81, 0x100000}, 0x20) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200228bd70060000000000000000040001800100018008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="34000180140002007465616d30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002006d616373656330000000000000000000"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336be", 0x95}, {0x0}, {&(0x7f00000005c0)="f2b3", 0x2}], 0x3}}], 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000001040)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8d0}, 0x4040800) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffffff0000000000010000000000002900000004000000041c000000000000fe72f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc00f3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad0738000000010c7a0180050000000000000009000000000000000400000000000000060000000000000000040000000000000b0000000000000005020a7e00010005020bf4c910fc0200000000000000000000780e000000000000000000140000000000000029000000340000000000000000000000700100000000000029000000360000005e2a000000000000ff4150d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70000100000100010800000000000000000708000000030000ff0f07100000000002070600ff7f00000000000008c6c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a"], 0x340}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000500)='q', 0x1}, {&(0x7f0000000600)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78", 0x69}, {&(0x7f00000006c0)="138b9f8300af1d793c8e", 0xa}, {&(0x7f0000000700)="e59c889c8be9e17c21882a76c6907239d44f6a0efb65359c6a8e5e", 0x1b}, {&(0x7f0000000e80)}], 0x5}}], 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xf9, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x28, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0xeeef0000, 0xb, 0x50, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x0, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0x6, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x26000, 0x4000, 0xb, 0x9d, 0x3, 0x80, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xfec00000, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]}) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x80000000}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0x80000000, 0xf, 0x8, 0x80, 0x2, 0x318, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0xbc5b, 0x80000001, 0x25, 0x11, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x2, 0x8, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x208, 0x3e, 0x7fffffff, 0x6, 0x6, 0x2, 0x9, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x6, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x9, 0x5, 0xfffffff7, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6ca, 0xfffff001, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0x200, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x7, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x0, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0x5, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0xf94, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x3, 0x5, 0x1, 0x486, 0x3, 0x303c, 0x3e7, 0x4, 0x5, 0x2002, 0x2, 0x3, 0x20000008, 0x2, 0x6d04, 0x6, 0x38, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x9, 0x5, 0x1c, 0x120000, 0x3, 0x7f, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x68d9, 0xb, 0x5, 0x4, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0xb53, 0x101, 0x10000, 0x4, 0x7fff, 0x14000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10082, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x7fffffff, 0x8000, 0x98, 0xa1f, 0xf40, 0x2002, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x800c42, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000002500010325bd7000fcffffff110000000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x2004c0d3}, 0x200040c4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) 6.200389255s ago: executing program 2 (id=768): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x4, 0x3, 0x40, 0x6, '\x00', 0x8}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0xc1105511, &(0x7f0000000040)) r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) r5 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r6 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x82802, 0xcd) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4010000000000ffd, 0x0, 0x0, 0x19, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}}) io_setup(0x1, &(0x7f00000016c0)=0x0) io_submit(r7, 0x16, &(0x7f0000001640)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x4, r5, &(0x7f0000000280)='a', 0x1, 0x5}]) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYRESHEX=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(0xffffffffffffffff, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r8}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000100)={0x28, 0x3, r8, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x6}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f00000002c0)={0x0, 0x3}, &(0x7f0000000300)=0x8) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r9, 0xffffffffffffffff, 0x0) 5.038143671s ago: executing program 2 (id=776): r0 = socket$inet_sctp(0x2, 0x5, 0x84) (async) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000740)=ANY=[], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000140)={0x1000001d}) epoll_pwait(r4, &(0x7f0000000180)=[{}], 0x1, 0xfffffffb, 0x0, 0x0) (async, rerun: 32) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000080)={0x7, 0x5, 0x2, 0x3, 0x1, 0x0, [{0x6312, 0x0, 0x7}]}) (async, rerun: 32) syz_open_dev$usbfs(&(0x7f0000000240), 0x10, 0x80100) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x8, 0x6, 0x5, 0x5}) (async) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=ANY=[@ANYBLOB="34000000140001e23878ff000000000000000000", @ANYRES32=r1, @ANYBLOB="08000800940600001400020000000000000000000000000000000001"], 0x34}, 0x1, 0x0, 0x0, 0x4004051}, 0x4) 4.967838421s ago: executing program 3 (id=777): timer_create(0x0, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="b80000001300000200000000fbdbdf25fc000000000000000000000000000001ac1414bb00000000000000000000000000000004000000000a0060803b000000", @ANYRESHEX, @ANYRES32, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000700000000000000fdffffffffffffff09000000000000000000000000000000feffffffffffffff000000000000000000000011b327386d0000000000d99054720998c7348d2b6f7600000000001a000006000000c06b6e000001020000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000013dfe89900000000008000000000"], 0xb8}}, 0x20004000) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e040128000000000001090224"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r8, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0}) r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, 0x0, r6}, 0x94) ioctl$KVM_RUN(r9, 0xae80, 0x0) getpid() syz_open_dev$sndctrl(&(0x7f0000001440), 0x1, 0x2) 4.831426035s ago: executing program 0 (id=778): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000280)) (fail_nth: 3) 4.617794602s ago: executing program 0 (id=779): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000040)={0x60, 0x0, &(0x7f0000003000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4000000005, &(0x7f00000001c0)=[{0x10, 0x21a, 0xffffffffffffffff}], 0x1, 0xbff, 0x68, 0x0, 0x29, 0x5f}) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000000)={0x24, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x109400, 0x0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x8, &(0x7f0000006680)) fchown(0xffffffffffffffff, 0x0, 0x0) r6 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="810200000000000014001a80100004800c000180"], 0x34}}, 0x0) syz_emit_ethernet(0x1a2, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa8100390086dd60000000016838fffe8000070000000000000000000000aaff020000000000000000000000000001860090780000040000000000018000000309bd3e6d4706598080a8030037ffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34116d42ca0a5c15b37adac15084dbaf736b41e5af03020001000000050000000026000400032077f9290b6e87290b6e87f278e94724e20c43c95f9b49e04a64d614cc9d0d46d954fda9a75d076993e3b87aa99b2454a86662e37b42678a74974ddd50b21e499efae61e3a816a367d019bc7f892d8975f1fc8a3e27139041cd21d2d12f30ee6f029d8d73f80f9b19d138598345b9c0feda226b333c55c668fb17b5b39603ee66b8534f1fbf97e139d35762307516482a1787d8f3bb76940602a0104ac045b59510dfd944672de5f77c0e6136c06847bbe70dd65236ef4d112e88fabc57d02a2a380eb697adf4e1d9090705f85ddf041bc076775f5d27555d3f60c44192fa92eee16828c1c4aa17f4a743e212cd2c084e5acc9aae96852cd54afd2d60786"], 0x0) 4.587255739s ago: executing program 4 (id=780): socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x801, 0xfffffffd, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040080}, 0x40) socket$packet(0x11, 0x3, 0x300) epoll_create(0x100806) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000500)=[{&(0x7f0000000240)="ab", 0x1}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, &(0x7f0000000100)=0x1) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) open(&(0x7f0000000280)='./file0\x00', 0x2a000, 0x32) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0xb56e2e3f2d9728b3, 0x8, 0x8001, 0x0, 0x9, 0x100000003, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x1058, [{}, {0x0, 0x100000000000000}]}, 0x68) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f80)=@mangle={'mangle\x00', 0x2, 0x6, 0x5c0, 0x420, 0x0, 0x330, 0x260, 0x190, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {0xff}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0xff000000, 0xffffffff, 0xff000000, 0xffffff00], [], 0x0, 0x886}}, @common=@inet=@dccp={{0x30}, {[0x4e21, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'sit0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@empty, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x50, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x620) socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x4}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) 3.698645545s ago: executing program 4 (id=783): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89ff, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x12, 0x0, 0x20040001, 0x0, 0x7, 0x0, 0x0, 0xa1, 0x700}}) 3.59697437s ago: executing program 1 (id=784): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x14d, @mcast1, 0x7a53}, 0x1c) write(r0, &(0x7f0000000280)="1c0000001a009b8a3c90f4ae0009042400000000ff02000000000000", 0x1c) recvmmsg$unix(r0, 0x0, 0x0, 0x10002, 0x0) 3.568654923s ago: executing program 4 (id=785): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x180) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r4, 0xfffffe4d}}, 0x48) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000007600)) sendmmsg$inet(r3, 0x0, 0x0, 0x81) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111, 0x8}}, 0x20) syz_emit_ethernet(0x2a, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008060001080006040001000000000000ac1414bbbbbbbbbbbbbbac1414"], 0x0) 3.455597778s ago: executing program 1 (id=786): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x4, 0x3, 0x40, 0x6, '\x00', 0x8}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0xc1105511, &(0x7f0000000040)) r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) r5 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r6 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x82802, 0xcd) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4010000000000ffd, 0x0, 0x0, 0x19, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}}) io_setup(0x1, &(0x7f00000016c0)=0x0) io_submit(r7, 0x16, &(0x7f0000001640)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x4, r5, &(0x7f0000000280)='a', 0x1, 0x5}]) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYRESHEX=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(0xffffffffffffffff, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r8}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000100)={0x28, 0x3, r8, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x6}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f00000002c0)={0x0, 0x3}, &(0x7f0000000300)=0x8) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r9, 0xffffffffffffffff, 0x0) 3.432305329s ago: executing program 4 (id=787): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x80085665, &(0x7f00000000c0)={0x1, 0xff, 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd2(0xa0, 0x801) r6 = eventfd2(0x10000, 0x1) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000000c0)={r6, 0x0, 0x2, r6}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000040)={r6, 0xb8, 0x2, r5}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x1c8, 0x12) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x2d03629c, 0x0, 0x5, 0x0, 0xfffffe0000000001, 0x10000000, 0xe9}, 0x0) syz_open_dev$video4linux(0x0, 0x3, 0x3cf281) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0x2182, 0x0) close(r8) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x4241, 0x0) dup3(r8, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) socket(0x1, 0x1, 0x0) unshare(0x8040480) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') ppoll(&(0x7f00000001c0)=[{r9, 0x400}], 0x1, 0x0, 0x0, 0x0) 3.110808747s ago: executing program 0 (id=788): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4006, 0x0, 0x5, 0x2) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) flistxattr(r0, &(0x7f00000003c0)=""/242, 0xf2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x42) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) removexattr(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_io_uring_setup(0xd7, &(0x7f0000000280)={0x0, 0x0, 0x40}, 0x0, 0x0, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r4, 0xb, 0x0, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$PPPIOCDISCONN(r1, 0x7439) r7 = socket$kcm(0x2, 0x1, 0x84) socket$packet(0x11, 0x2, 0x300) sendmsg$inet(r7, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$inet(r7, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1, 0x0, 0x0, 0x3000000}, 0x4000080) ppoll(&(0x7f0000000100)=[{r1, 0x4000}, {r3, 0x2046}, {r3}, {r7, 0xa8}], 0x4, 0x0, 0x0, 0x0) 2.367235339s ago: executing program 1 (id=789): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x34, r3, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000000) sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}}) 1.947691884s ago: executing program 1 (id=790): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x48815}, 0x54) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ifreq(r1, 0x8994, &(0x7f0000000000)={'bond0\x00', @ifru_mtu=0x140000}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000100269d70000000000007000000", @ANYRES32=0x0, @ANYBLOB="008400000000040014001a80100004800c0005801700230041000000"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000080000"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) socket$inet6(0x10, 0x3, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x41, &(0x7f0000000100)=r4, 0x8) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000440)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r0, 0x4068aea3, &(0x7f0000000480)={0xc5, 0x0, r5}) setsockopt$sock_attach_bpf(r3, 0x1, 0x41, &(0x7f0000000100)=r2, 0x4) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\t\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000ffdbdf255200000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990008000000060000000800cb00370500000400cf000600480046000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x10a942, 0x9f667fd378a54ed4) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r9, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0) 1.947301111s ago: executing program 2 (id=791): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x7, 0x8, 0x1014}, 0x50) syz_io_uring_setup(0x356d, &(0x7f0000000240)={0x0, 0x200a5ba, 0x1, 0xffd, 0x136}, &(0x7f0000000200), &(0x7f0000000340), 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], 0x1}) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000380), 0x3, r6, 0xcccccccc}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r6], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r8, r7, r7], &(0x7f0000000340), 0x0, 0xffffffffffffffff}) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r2, 0x10000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000880), 0xde9, r9, 0x0, 0x20000}, 0x38) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x4, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040001}, 0x40c4) 1.885431013s ago: executing program 4 (id=792): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000002c0)={0x1c, r0, 0x303, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 9) 1.737690611s ago: executing program 3 (id=793): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x100000008, 0x7f, 0x1, 0x0, 0x2, 0xfffffffffffff804, 0x0, 0x0, 0x0, 0x2000000000000, 0x7, 0x2, 0x1, 0x8], 0xeeef0000, 0x4fb40}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000b80000/0x3000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) syz_emit_ethernet(0x232, &(0x7f0000000700)=ANY=[@ANYBLOB="0180c2000002ffffffffffff8100160086dd617168ea01f82f0000000000000000000000ffff00000000fe8000000000000000000000000000182904000000000000000100c91000000000000000000000000000000000c910fc00000000000000000000000000000000320404020738001020010000000000000000000000000002ff0100000000000000000000000000010421880b005200030008563363b8bf41ddad0a2cebca7f30f20ef759a4809cb3c2e9e175ceb98c066a7c7588d8aa5a3b966428c50ccb68b05d23884793b16ba3185766ec5eae959969784d99c549cec81dda6dbff21b7ef1e54bb7fb09000800c21921ccdcb1af6b78f5b4d827e48c056b628f41c9d3466ca97a855ed24327f007b4c2696e85af27c0b2f0fa7cb4a4c249615733bd708b42b7485006de75a878a6bc010086dd0004007f0008cea67e73be308d909fa024d432461113ae9a7d0147431ae25cf286140690bcc43654cc128552a6fb340fe439f600721f91671fb9b70027ee52254d18c59ce88320bd6490e79d828997772150f96fd3760226bd879563d5fde7369eab591d080088be00000002140dd70001000000000007ff080022eb000000032005ae0602000000000000400005831a080065580000000302ecb3e7090f90a0d135d7aa72b735d87d9f42e0c7416830b64b640bd37db276c5d846e32425b092427e2dffffffff5449e249071898cd477f159235deeb503e7b6f8e69b9ed04486d8ff116774bbafd25dffcf3eb48cfbb418e3e905a0000000000495eca03a8b057d149384878a007adaeb99c719ceb1daec731404ad1ddfc3881bd985f8f207605ecd707badb9c68bfc7309de5f38be10a386390e9587b11a5c505d5b3e6c0400b4a2a8c5b680f4b7315d44776a250e5ae8a41c6c703fa73541288401ce44b876ea3d715ab0ff622ff370b72c711b96e8cbe61e8d426f5bd0bdc9aeb7a7526dd1f2b6bd8a7ef9a2aaff3378116fe1bf15f6b2aa02c47aaed0c36d9d8ad3b6c6bf303"], &(0x7f00000006c0)={0x0, 0x2, [0xba8, 0x887, 0x170, 0xe6f]}) io_uring_setup(0x25cd, &(0x7f0000000040)={0x0, 0x80000970, 0x1000, 0x3, 0x398}) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x13, r3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) restart_syscall() ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd21, 0xfbffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x400) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001300)=@newtfilter={0xc38, 0x2c, 0xd27, 0x70bd2b, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffff, 0xd}, {0x0, 0x10}, {0xfff5, 0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0xc08, 0x2, [@TCA_BASIC_EMATCHES={0x1b4, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8000}}, @TCA_EMATCH_TREE_LIST={0x198, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x5, 0x7, 0x1}, {{0x4, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}}}, @TCF_EM_IPT={0x88, 0x3, 0x0, 0x0, {{0x7fff, 0x9, 0x400}, [@TCA_EM_IPT_MATCH_DATA={0x4c, 0x5, "4326097ed78a6bca3c4e63e252914d7f0e2e9ef54c488f5f96216000e3704bb10efeb8172b74c61da8b8a8a4d2cfc44e48bf2fbe3370be8881f43103fa6133188c02e5eb1f7823f8"}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x9}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x0, 0x1, 0x8}, {0x6, 0x0, 0xc, 0x0, 0x9, 0x2, 0x1}}}, @TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0x4, 0x9, 0x4}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x2, 0x3, 0x6}, {0xfffffffa, 0x8, 0x80000000, 0x3}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0xffff, 0x2, 0x9}, {0x40, 0x1, 0x0, "87"}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x7ff, 0x8, 0x3}, {0xffffffffffffffff, 0x6}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xe4, 0x8, 0xdf}, {0xffffffffffffffff, 0x6, 0x6}}}, @TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x6, 0x2, 0x5}, {0x3b, 0x1, 0x2, '-'}}}, @TCF_EM_META={0x70, 0x2, 0x0, 0x0, {{0xf, 0x4, 0x8}, [@TCA_EM_META_LVALUE={0x1c, 0x2, [@TCF_META_TYPE_VAR="7b77a087c99a6c30524a", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="75a1", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_HDR={0xc, 0x1, {{0xcb, 0x5, 0x2}, {0x1003, 0xa, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8, 0x8}, {0x800, 0xf6}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x4, 0xf, 0x1}, {0xb, 0x1, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8000, 0x3, 0x2}, {0x40, 0x6, 0x1}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x2}, {0xc7f0, 0xf7}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x7}, {0x2, 0x2, 0x1}}}]}}]}]}, @TCA_BASIC_POLICE={0x4}, @TCA_BASIC_POLICE={0x14, 0x4, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x506c}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x6}}, @TCA_BASIC_POLICE={0x818, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x56b, 0x9, 0x0, 0x5, 0x17f4, 0x11ed, 0x0, 0x7, 0x8, 0x5, 0x6, 0x2, 0x0, 0x40, 0xc9ed, 0xa50, 0x9, 0x1e1f, 0xe, 0x6, 0x8, 0x6, 0x3, 0x3, 0x4, 0x8, 0x6, 0x4, 0xfffffff9, 0xf, 0x6, 0x0, 0x4, 0x3, 0xffc, 0x6, 0x1, 0xfff, 0x2000000, 0x101, 0xc6, 0x5e, 0x5, 0x5, 0x400, 0xaff, 0x6dbb811f, 0x2, 0x2, 0x8, 0x5, 0x6, 0x8, 0x3, 0x80, 0x5c4, 0xc, 0x4, 0x2, 0x2, 0x400, 0x2c52, 0x1125, 0x0, 0x8, 0x8690, 0x8, 0x5, 0x40, 0x0, 0x6, 0x2, 0x4, 0x1, 0x56c, 0xad1, 0x9, 0x4, 0x8000, 0xff, 0x2, 0x3, 0xfffffc01, 0xe, 0x7, 0x6, 0x7, 0x0, 0x6, 0x0, 0x4, 0x9, 0x1ff, 0xffffff91, 0x5, 0x3, 0x0, 0x5, 0x3, 0x1, 0xe, 0x8, 0x6, 0x4, 0x82e3, 0x4, 0x7, 0x1, 0x7, 0x1, 0xa, 0x4, 0x3, 0x5b7, 0x7, 0x80, 0x3, 0x9, 0x4b7, 0x8, 0xfac, 0x4, 0x2, 0x8, 0x4, 0x5, 0xb, 0x9, 0x101, 0xbfb, 0x24, 0x1, 0x1, 0x17f, 0x1, 0x7a, 0xfff, 0x4, 0xffffc35a, 0xfffffff8, 0x80000001, 0x200, 0x5, 0x0, 0x1, 0x7, 0xb3, 0x101, 0x7fffffff, 0x1, 0x6, 0x6, 0xffff0000, 0x0, 0x2, 0x5, 0x8, 0x1, 0x2, 0x2, 0x0, 0x9, 0x1, 0x3, 0x7f, 0x8, 0x7, 0x6, 0x9, 0x7fff, 0xffff, 0x2, 0x8, 0x6, 0xffff, 0x9, 0x5, 0x0, 0x4, 0x8, 0xfffff033, 0x4, 0x40, 0x2, 0xffffff36, 0xffff, 0xc2, 0xa8b, 0x8, 0xfffffff8, 0xd0b, 0xf, 0x5, 0x5, 0x3, 0x401, 0x4, 0x2, 0x401, 0x7ff, 0x0, 0x8, 0x4d, 0x5, 0x74b1, 0x8, 0x4, 0x4, 0x7f, 0x5, 0xff, 0x5, 0x101, 0x0, 0x7, 0x9, 0x0, 0x0, 0x4, 0x1, 0x82f, 0x100, 0x6, 0xe, 0x4, 0x17fc0953, 0x5, 0x7, 0xfffffff5, 0x52, 0x0, 0x3, 0x9, 0x2, 0x10000, 0x23, 0x8001, 0x3, 0x7, 0x9, 0x55, 0x5, 0x4, 0x3, 0x9, 0x8, 0x6, 0xfe, 0xc11, 0x0, 0x4, 0x9, 0x9, 0x0, 0x9, 0x100]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_RATE={0x404, 0x2, [0x80000001, 0x2b, 0x0, 0xf0e6, 0x9, 0x2313, 0xffffffff, 0x3, 0x6, 0x9, 0x80000000, 0x3, 0x1, 0x22, 0x8, 0x3, 0xcd, 0x1000, 0xb0bb, 0xa8, 0x4, 0xa3, 0x2, 0x94f3, 0x800, 0x0, 0x8000, 0x6, 0x3, 0x6, 0x1, 0x0, 0x6, 0x400000, 0x1, 0x2, 0x0, 0x4, 0x7, 0x3, 0xafda7300, 0x2, 0x7c2, 0x7cc, 0x489, 0x1, 0x0, 0x5, 0xc, 0x9, 0x6, 0x5, 0x9, 0xe, 0x3, 0x5f60, 0xc, 0x5, 0x4, 0x4, 0xfffffffe, 0x7, 0x1000, 0x2, 0x6, 0x6f7, 0x10, 0x0, 0x3, 0x0, 0x3, 0x9, 0x7fff, 0x42ce3eee, 0x9, 0x5, 0x9, 0x5, 0x9, 0xffff, 0x800, 0x14c, 0x4, 0x43, 0x3ff, 0x7, 0x10001, 0xffffff7c, 0x4, 0x1, 0x2a867a3a, 0x1, 0x10, 0x9, 0x1, 0x6, 0x2, 0x4, 0x8, 0x9, 0x8, 0x8, 0x0, 0x7, 0x8, 0x54e3, 0x101, 0xfffffff7, 0x9, 0x9, 0x31, 0xdf1e, 0xb9c, 0xcb5, 0x9, 0x9, 0x7f, 0x5, 0x9, 0x8, 0x1000, 0x2, 0x401, 0x5, 0x3, 0x3, 0x18, 0x40, 0x0, 0x8, 0x401, 0x7, 0x5, 0xdf02, 0x800, 0xd2, 0x1, 0x7, 0x6, 0x5, 0xffff, 0x800, 0x5, 0x8, 0x3, 0x3, 0x213, 0xc8, 0x6, 0xf1, 0x4, 0x2, 0x9, 0x7ff, 0xd38e, 0x0, 0x1, 0x8, 0x101, 0x6, 0x4, 0x81, 0x41b, 0x2, 0xfffffff7, 0x1000, 0x3, 0x10, 0x0, 0x7, 0xd0c8e39a, 0x10000000, 0xfb, 0x0, 0xfff, 0x8, 0x3, 0x9, 0x7f, 0x520f, 0x3, 0x7, 0x0, 0x8001, 0xa06, 0x81, 0x9, 0x4, 0x1, 0xc7, 0x66a8, 0x0, 0x3, 0x0, 0xc, 0x5, 0xabb3, 0xfffffffd, 0x8, 0x7, 0x80000001, 0x4, 0x61, 0x4, 0xdd5, 0x9, 0x40, 0xcd, 0x7, 0x6, 0x1, 0x1, 0xf, 0xd0, 0x3, 0xfff, 0xfffffff7, 0x6, 0x75, 0xf7, 0x1, 0x80, 0xfffffff7, 0x6, 0x9, 0x6, 0xcd, 0xb19, 0x2, 0x6, 0x0, 0xddb, 0xf, 0x1ff, 0x2, 0x5, 0x200, 0x0, 0x794a, 0x400, 0x4, 0x626, 0xf, 0x6, 0x4, 0xd, 0x9, 0x2, 0x5, 0x7fffffff, 0x9, 0x5, 0x7, 0xf, 0x9]}]}, @TCA_BASIC_EMATCHES={0x210, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x144, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc0, 0x2, 0x0, 0x0, {{0x8, 0x4, 0x69}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x9, 0x1}, {0xfff9, 0x6}}}, @TCA_EM_META_LVALUE={0x20, 0x2, [@TCF_META_TYPE_VAR="afed1d0f27119a5e2463", @TCF_META_TYPE_VAR="628d3dd34d363524c205", @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR="0b8f5d8b126ff636"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x3c, 0x8}, {0x5, 0x4, 0x1}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x101, 0x3, 0x1}, {0xb, 0x81, 0x2}}}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_VAR="28d3f5687f9543cb3f", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x7]}, @TCA_EM_META_LVALUE={0x19, 0x2, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="386d482201", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_LVALUE={0x19, 0x2, [@TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="a525c698418eb80647"]}, @TCA_EM_META_RVALUE={0x20, 0x3, [@TCF_META_TYPE_VAR="348a8ab856", @TCF_META_TYPE_VAR="5ca561ad900e", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="9e", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x2]}]}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x89b7, 0x8, 0x6}, {0x3, 0x5, 0x5}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x3, 0x8, 0xc}, {0x2, 0x5, 0x4}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x4, 0x7, 0x1}, {{0x4, 0x0, 0x1}, {0x0, 0x0, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x687f, 0x8, 0x5}, {0x3, 0x61, 0x1}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x1, 0x8, 0x7}, {0x4, 0x6, 0x4}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xf, 0x8, 0x9}, {0x3, 0x5}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x2, 0x3, 0x2}, {0x1, 0x8, 0x0, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_LIST={0x3c, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x9, 0x7, 0x7}, {{0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x6, 0x7, 0x401}, {{0x2, 0x0, 0x1, 0x1}, {0x4}}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x40, 0x8, 0xa}, {0x3, 0x1, 0x5}}}]}, @TCA_EMATCH_TREE_LIST={0x64, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x5, 0x8, 0x8ea9}, {0x2, 0x6, 0x5}}}, @TCF_EM_IPT={0x50, 0x3, 0x0, 0x0, {{0x7, 0x9, 0x7}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0xc, 0x5, "8aae3445e7b74b12"}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x1}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}]}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x1, 0x8}}]}}]}, 0xc38}}, 0x800) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7}}) socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 1.067850537s ago: executing program 2 (id=794): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x180) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r4, 0xfffffe4d}}, 0x48) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000007600)) sendmmsg$inet(r3, 0x0, 0x0, 0x81) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, 0xffffffffffffffff, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008060001080006040001000000000000ac1414bbbbbbbbbbbbbbac1414"], 0x0) 1.067386736s ago: executing program 4 (id=795): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x2, 0x7, 0x0, 0x3}}}}}}}, 0x0) syz_emit_ethernet(0x76, &(0x7f00000003c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9e00", 0x40, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x10, 0x2, 0xfffc, 0x0, 0x3, {[@mss={0x2, 0x4, 0x80}, @exp_fastopen={0xfe, 0x4}, @window={0x3, 0x3, 0x5}, @eol, @mptcp=@ack={0x1e, 0x8, 0x4, 0x4, "72dd612c"}, @exp_smc={0xfe, 0x6}, @nop, @fastopen={0x22, 0xb, "b59649b8a20130cc5e"}, @mss={0x2, 0x4, 0x4}]}}}}}}}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0xc45, 0x5112, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x7, 0x19, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x3, 0x1, {0x22, 0x2d}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xff, 0x3}}}}}]}}]}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@local}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket(0x2b, 0x80801, 0x1) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4e2603, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, &(0x7f0000000080)={@host, 0x2}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r1, 0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000240)={'wg1\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x437, 0x800010, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x54583, 0x1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x1}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001001010425bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="7b13000045440000200012800e0001006970366772657461700000000c00028008000100", @ANYRES32=r6, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x40080}, 0x20000844) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r8, 0xffffffffffffffff, 0x200000000000000) 933.877078ms ago: executing program 1 (id=796): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000700)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fedbdf250300"], 0x6c}}, 0x0) 925.662939ms ago: executing program 0 (id=797): timer_create(0x0, 0x0, 0x0) r0 = getpid() r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000014c0)={{0x4, 0x5, 0x6, 0x4, 'syz1\x00', 0x80000001}, 0x3, 0x400, 0x8, r0, 0x1, 0x7ff, 'syz0\x00', &(0x7f0000001480)=['!.%^\x00'], 0x5}) 799.39173ms ago: executing program 0 (id=798): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000040)={0x60, 0x0, &(0x7f0000003000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4000000005, &(0x7f00000001c0)=[{0x10, 0x21a, 0xffffffffffffffff}], 0x1, 0xbff, 0x68, 0x0, 0x29, 0x5f}) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000000)={0x24, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x109400, 0x0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x8, &(0x7f0000006680)) fchown(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f00000000c0)) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="810200000000000014001a80100004800c000180"], 0x34}}, 0x0) syz_emit_ethernet(0x1a2, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa8100390086dd60000000016838fffe8000070000000000000000000000aaff020000000000000000000000000001860090780000040000000000018000000309bd3e6d4706598080a8030037ffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34116d42ca0a5c15b37adac15084dbaf736b41e5af03020001000000050000000026000400032077f9290b6e87290b6e87f278e94724e20c43c95f9b49e04a64d614cc9d0d46d954fda9a75d076993e3b87aa99b2454a86662e37b42678a74974ddd50b21e499efae61e3a816a367d019bc7f892d8975f1fc8a3e27139041cd21d2d12f30ee6f029d8d73f80f9b19d138598345b9c0feda226b333c55c668fb17b5b39603ee66b8534f1fbf97e139d35762307516482a1787d8f3bb76940602a0104ac045b59510dfd944672de5f77c0e6136c06847bbe70dd65236ef4d112e88fabc57d02a2a380eb697adf4e1d9090705f85ddf041bc076775f5d27555d3f60c44192fa92eee16828c1c4aa17f4a743e212cd2c084e5acc9aae96852cd54afd2d60786"], 0x0) 761.51765ms ago: executing program 1 (id=799): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x4, 0x3, 0x40, 0x6, '\x00', 0x8}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0xc1105511, &(0x7f0000000040)) r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) r5 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r6 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x82802, 0xcd) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4010000000000ffd, 0x0, 0x0, 0x19, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}}) io_setup(0x1, &(0x7f00000016c0)=0x0) io_submit(r7, 0x16, &(0x7f0000001640)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x4, r5, &(0x7f0000000280)='a', 0x1, 0x5}]) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYRESHEX=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(0xffffffffffffffff, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r8}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0xc983, 0x2, 0x1ff, 0xf99e, 0x4cfc}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f00000002c0)={r9, 0x3}, &(0x7f0000000300)=0x8) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r10, 0xffffffffffffffff, 0x0) 718.244836ms ago: executing program 2 (id=800): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x336) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000980)=ANY=[@ANYBLOB="0380c2bb08000000019078ac1e0001ac1414aa030490781200183f25000000000000725846274ad7fdadd4b40000010000000000000000371f5e4d7a6d724f42b0a1077bbfa5de51acffefdaad5c353c99cb23107bb9ec8dc7009f628d9e724b29d0e0c0237711610d92b6d729a4bd44f06bbb880c79ee8ea9022eac9fe2d9e3c178462bf0ecb0508e9c36d5908b64271c913bc856244319b0718f8fa74d5a3b8913dc6acb1c6f1f862f6ebac266f4cb28812be373de19e2d2d4707b039bb0022b77d1176cc7a359e70d1c0bc8b41d11211aac801edda8e6512f82e92b474796c0349a274ac772a682b0773512eebf614defe20bd5ddcf155e2c88f3ade605b3"], 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x40, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYRES32=r5, @ANYRES8=0x0, @ANYRES16=r5, @ANYRES8=r5], 0x48}}, 0x2044081) sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0)={0xffffffffffffffff}, 0x111, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10}, {0xa, 0x4e22, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, r7, 0xfffffffa}}, 0x48) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a9c000000060a0b040000000000000000020000057000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c080003400000001730000180080001006e617400240002800800074000000000080001400000000008000340fe00001408000240000000020900010073797a3000000000090002"], 0xc4}, 0x1, 0x0, 0x0, 0x850}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) 500.277822ms ago: executing program 3 (id=801): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, 0x0, 0x190) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, &(0x7f0000000000)=ANY=[], 0x190) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000080)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) 262.535279ms ago: executing program 3 (id=802): r0 = socket$packet(0x11, 0x2, 0x300) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) 161.477109ms ago: executing program 3 (id=803): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="5d9ce3a6e15e8ec7c9f22bd68656"], 0x60}, 0x1, 0x0, 0x0, 0x1000c093}, 0x80086) 0s ago: executing program 3 (id=804): recvmmsg(0xffffffffffffffff, &(0x7f00000099c0), 0x0, 0x10002, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff}, {0x2, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x9, 0x0, 0xf, 0x10, 0x2, 0x6, 0x2, 0x8, 0x2, 0x0, 0x1, 0x8, 0x1, 0x10, 0x4], 0x3, [0xc, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x6, 0xd03, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x2a, 0x401, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x4]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r10 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r10, &(0x7f0000000140)="ba", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r9, 0x5e0, 0xd8, 0x6, @multicast}, 0x14) kernel console output (not intermixed with test programs): 64.608963][ T5899] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 164.662807][ T5899] usb 4-1: USB disconnect, device number 20 [ 164.813750][ T5926] usb 5-1: USB disconnect, device number 12 [ 165.850574][ T7297] netlink: 20 bytes leftover after parsing attributes in process `syz.1.374'. [ 166.014514][ T7305] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 166.052229][ T5926] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 166.226690][ T7313] FAULT_INJECTION: forcing a failure. [ 166.226690][ T7313] name failslab, interval 1, probability 0, space 0, times 0 [ 166.229199][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 166.255906][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.268624][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.291333][ T7313] CPU: 1 UID: 0 PID: 7313 Comm: syz.0.380 Not tainted syzkaller #0 PREEMPT(full) [ 166.291349][ T7313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 166.291356][ T7313] Call Trace: [ 166.291361][ T7313] [ 166.291366][ T7313] dump_stack_lvl+0xe8/0x150 [ 166.291387][ T7313] should_fail_ex+0x412/0x560 [ 166.291406][ T7313] should_failslab+0xa8/0x100 [ 166.291421][ T7313] __kmalloc_cache_noprof+0x88/0x660 [ 166.291435][ T7313] ? sctp_add_bind_addr+0x8c/0x370 [ 166.291450][ T7313] sctp_add_bind_addr+0x8c/0x370 [ 166.291464][ T7313] sctp_copy_local_addr_list+0x314/0x4f0 [ 166.291479][ T7313] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 166.291498][ T7313] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 166.291513][ T7313] ? sctp_v4_is_any+0x35/0x60 [ 166.291525][ T7313] ? sctp_copy_one_addr+0x93/0x360 [ 166.291538][ T7313] sctp_bind_addr_copy+0x189/0x3c0 [ 166.291554][ T7313] sctp_connect_new_asoc+0x2ff/0x6b0 [ 166.291571][ T7313] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 166.291589][ T7313] ? __local_bh_enable_ip+0xd0/0x130 [ 166.291604][ T7313] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 166.291617][ T7313] ? security_sctp_bind_connect+0x7e/0x2c0 [ 166.291633][ T7313] sctp_sendmsg+0x1528/0x2c10 [ 166.291646][ T7313] ? unwind_next_frame+0xa6/0x2550 [ 166.291664][ T7313] ? __pfx_sctp_sendmsg+0x10/0x10 [ 166.291679][ T7313] ? aa_sk_perm+0x6d5/0x900 [ 166.291699][ T7313] ? __pfx_aa_sk_perm+0x10/0x10 [ 166.291715][ T7313] ? sock_rps_record_flow+0x19/0x350 [ 166.291728][ T7313] ? inet_sendmsg+0x2f4/0x370 [ 166.291741][ T7313] ____sys_sendmsg+0x80a/0x9f0 [ 166.291757][ T7313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 166.291772][ T7313] ? import_iovec+0x73/0xa0 [ 166.291785][ T7313] ___sys_sendmsg+0x2a5/0x360 [ 166.291796][ T7313] ? __lock_acquire+0x6b5/0x2cf0 [ 166.291816][ T7313] ? __pfx____sys_sendmsg+0x10/0x10 [ 166.291844][ T7313] ? __fget_files+0x2a/0x420 [ 166.291854][ T7313] ? __fget_files+0x3a0/0x420 [ 166.291869][ T7313] __x64_sys_sendmsg+0x1bd/0x2a0 [ 166.291881][ T7313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 166.291896][ T7313] ? __pfx_ksys_write+0x10/0x10 [ 166.291913][ T7313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.291924][ T7313] do_syscall_64+0x15f/0xf80 [ 166.291936][ T7313] ? trace_irq_disable+0x3b/0x140 [ 166.291950][ T7313] ? clear_bhb_loop+0x40/0x90 [ 166.291962][ T7313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.291971][ T7313] RIP: 0033:0x7f8dcc59cdd9 [ 166.291981][ T7313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.291990][ T7313] RSP: 002b:00007f8dca7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.292002][ T7313] RAX: ffffffffffffffda RBX: 00007f8dcc815fa0 RCX: 00007f8dcc59cdd9 [ 166.292009][ T7313] RDX: 0000000004000080 RSI: 0000200000000680 RDI: 0000000000000005 [ 166.292015][ T7313] RBP: 00007f8dca7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 166.292021][ T7313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 166.292027][ T7313] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 166.292043][ T7313] [ 166.293878][ T7309] bond1 (unregistering): Released all slaves [ 166.672285][ T5926] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 166.705483][ T5926] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 166.736550][ T5926] usb 4-1: Product: syz [ 166.750574][ T5926] usb 4-1: Manufacturer: syz [ 166.801076][ T5926] hub 4-1:4.0: USB hub found [ 166.992921][ T5926] hub 4-1:4.0: 2 ports detected [ 167.131094][ T29] audit: type=1326 audit(1777029201.009:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.187155][ T7320] syzkaller0: entered promiscuous mode [ 167.195257][ T29] audit: type=1326 audit(1777029201.019:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.218134][ T7320] syzkaller0: entered allmulticast mode [ 167.226811][ T7291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.239419][ T7291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.252726][ T7291] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 167.265968][ T29] audit: type=1326 audit(1777029201.039:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.295240][ T29] audit: type=1326 audit(1777029201.039:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.320775][ T29] audit: type=1326 audit(1777029201.039:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.344796][ T29] audit: type=1326 audit(1777029201.039:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.377673][ T29] audit: type=1326 audit(1777029201.039:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.465957][ T29] audit: type=1326 audit(1777029201.049:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.511787][ T5926] hub 4-1:4.0: set hub depth failed [ 167.524935][ T29] audit: type=1326 audit(1777029201.049:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.595335][ T29] audit: type=1326 audit(1777029201.059:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.0.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 167.623820][ T5926] usb 4-1: USB disconnect, device number 21 [ 167.643467][ T7328] fuse: Bad value for 'group_id' [ 167.702161][ T7333] netlink: 'syz.2.385': attribute type 10 has an invalid length. [ 167.713023][ T7328] fuse: Bad value for 'group_id' [ 167.728408][ T7333] bond0: (slave wlan1): Opening slave failed [ 167.871997][ T7326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.204996][ T7347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.215120][ T7347] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.269424][ T5899] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 168.409315][ T5899] usb 1-1: device descriptor read/64, error -71 [ 168.664229][ T5899] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 168.721584][ T7358] netlink: 20 bytes leftover after parsing attributes in process `syz.2.398'. [ 168.809849][ T5899] usb 1-1: device descriptor read/64, error -71 [ 168.940185][ T5899] usb usb1-port1: attempt power cycle [ 169.308706][ T7378] fuse: Bad value for 'group_id' [ 169.319502][ T5899] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 169.336117][ T7378] fuse: Bad value for 'group_id' [ 169.340793][ T5899] usb 1-1: device descriptor read/8, error -71 [ 169.342028][ T7378] netlink: 'syz.1.404': attribute type 10 has an invalid length. [ 169.366723][ T7378] bond0: (slave wlan1): Opening slave failed [ 169.392886][ T7372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.589732][ T5899] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 169.620398][ T5899] usb 1-1: device descriptor read/8, error -71 [ 169.739643][ T5899] usb usb1-port1: unable to enumerate USB device [ 169.919278][ T5926] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 169.956810][ T7398] netlink: 32 bytes leftover after parsing attributes in process `syz.1.414'. [ 170.059184][ T5899] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 170.082355][ T5926] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 170.092519][ T5926] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 170.105612][ T5926] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 170.114881][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.180550][ T5912] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 170.241827][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 170.256977][ T5899] usb 3-1: not running at top speed; connect to a high speed hub [ 170.272464][ T5899] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4 [ 170.301687][ T5899] usb 3-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40 [ 170.317643][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.334514][ T5926] usb 4-1: GET_CAPABILITIES returned 0 [ 170.342094][ T5899] usb 3-1: Product: syz [ 170.348584][ T5899] usb 3-1: Manufacturer: syz [ 170.349151][ T5912] usb 5-1: Using ep0 maxpacket: 16 [ 170.353331][ T5926] usbtmc 4-1:16.0: can't read capabilities [ 170.367140][ T5899] usb 3-1: SerialNumber: syz [ 170.378008][ T5912] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 170.394256][ T5912] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 170.415092][ T5912] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 170.430393][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.438909][ T5912] usb 5-1: Product: syz [ 170.444756][ T5912] usb 5-1: Manufacturer: syz [ 170.449927][ T5912] usb 5-1: SerialNumber: syz [ 170.500867][ T5912] usb 5-1: 0:2 : does not exist [ 170.567792][ T5935] usb 4-1: USB disconnect, device number 22 [ 170.593246][ T5926] IPVS: starting estimator thread 0... [ 170.699223][ T7405] IPVS: using max 54 ests per chain, 129600 per kthread [ 171.365817][ T7415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.387514][ T7419] loop5: detected capacity change from 0 to 1 [ 171.393508][ T7415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.407163][ T7419] Dev loop5: unable to read RDB block 1 [ 171.418332][ T7419] loop5: unable to read partition table [ 171.426228][ T7419] loop5: partition table beyond EOD, truncated [ 171.445690][ T7419] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 171.472886][ T5212] Dev loop5: unable to read RDB block 1 [ 171.478624][ T5212] loop5: unable to read partition table [ 171.485072][ T5940] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 171.493659][ T5212] loop5: partition table beyond EOD, truncated [ 171.649819][ T5940] usb 1-1: Using ep0 maxpacket: 16 [ 171.656836][ T5940] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.667338][ T5940] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 171.676364][ T5940] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 171.809205][ T5926] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 171.961088][ T5926] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 171.973746][ T5926] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 171.989671][ T5926] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 171.998973][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.086758][ T7426] fuse: Bad value for 'group_id' [ 172.091787][ T7426] fuse: Bad value for 'group_id' [ 172.098223][ T7426] netlink: 'syz.1.424': attribute type 10 has an invalid length. [ 172.107034][ T7426] bond0: (slave wlan1): Opening slave failed [ 172.115801][ T7425] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.973607][ T5912] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 173.138074][ T5899] usb 3-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 173.173422][ T5912] usb 5-1: USB disconnect, device number 13 [ 173.186319][ T5899] usb 3-1: found format II with max.bitrate = 512, frame size=4095 [ 173.208490][ T5899] usb 3-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 173.253975][ T5899] usb 3-1: found format II with max.bitrate = 512, frame size=4095 [ 173.284455][ T5899] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 173.386140][ T7444] fuse: Bad value for 'group_id' [ 173.405041][ T7444] fuse: Bad value for 'group_id' [ 173.522543][ T5926] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 173.545016][ T5899] usb 3-1: USB disconnect, device number 19 [ 173.558435][ T7443] netlink: 'syz.4.430': attribute type 10 has an invalid length. [ 173.561131][ T5926] usb 4-1: invalid MIDI out EP 0 [ 173.614432][ T7442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.903714][ T5926] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 173.937880][ T5926] usb 4-1: USB disconnect, device number 23 [ 174.038387][ T6911] udevd[6911]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 174.211947][ T5940] usb 1-1: string descriptor 0 read error: -71 [ 174.243883][ T5940] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 174.290050][ T5926] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 174.301589][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.354597][ T5940] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 174.387751][ T5940] usb 1-1: no configuration chosen from 1 choice [ 174.411837][ T5940] usb 1-1: USB disconnect, device number 23 [ 174.417932][ T29] kauditd_printk_skb: 47 callbacks suppressed [ 174.417944][ T29] audit: type=1326 audit(1777029208.299:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.434" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37f219cdd9 code=0x0 [ 174.481773][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 174.515356][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.556051][ T5926] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.592873][ T5926] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 174.617200][ T5926] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 174.644213][ T5926] usb 4-1: Product: syz [ 174.663825][ T5926] usb 4-1: Manufacturer: syz [ 174.703241][ T5926] hub 4-1:4.0: USB hub found [ 174.931089][ T5926] hub 4-1:4.0: 2 ports detected [ 175.139775][ T7446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.157610][ T7446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.168081][ T7446] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 175.289326][ T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 175.388782][ T5926] hub 4-1:4.0: set hub depth failed [ 175.424998][ T5926] usb 4-1: USB disconnect, device number 24 [ 175.489794][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 175.525198][ T10] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 175.548463][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.564889][ T10] usb 3-1: Product: syz [ 175.576848][ T10] usb 3-1: Manufacturer: syz [ 175.586744][ T10] usb 3-1: SerialNumber: syz [ 175.609005][ T10] usb 3-1: config 0 descriptor?? [ 175.634841][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 175.729372][ T5940] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 175.865019][ T7466] netlink: 36 bytes leftover after parsing attributes in process `syz.4.438'. [ 175.911534][ T5940] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 175.959309][ T5940] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 175.990925][ T5940] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 176.012734][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.069386][ T5940] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 176.124103][ T5940] usb 1-1: invalid MIDI out EP 0 [ 176.485053][ T5940] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 176.508131][ T10] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 176.546737][ T10] se401 3-1:0.0: probe with driver se401 failed with error -71 [ 176.547897][ T5940] usb 1-1: USB disconnect, device number 24 [ 176.599844][ T10] usb 3-1: USB disconnect, device number 20 [ 176.975462][ T7491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.991884][ T7491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.044975][ T7495] netlink: 36 bytes leftover after parsing attributes in process `syz.0.449'. [ 177.064473][ T5891] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 177.242448][ T5891] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 177.261113][ T5891] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 177.271333][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 177.280708][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.304296][ T7483] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 177.318404][ T5891] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 177.523739][ T7483] netlink: 16 bytes leftover after parsing attributes in process `syz.3.444'. [ 177.570128][ T7483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.444'. [ 177.589966][ T7483] netlink: 'syz.3.444': attribute type 21 has an invalid length. [ 177.711900][ T7516] FAULT_INJECTION: forcing a failure. [ 177.711900][ T7516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.765603][ T7516] CPU: 1 UID: 0 PID: 7516 Comm: syz.1.456 Not tainted syzkaller #0 PREEMPT(full) [ 177.765628][ T7516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 177.765640][ T7516] Call Trace: [ 177.765647][ T7516] [ 177.765654][ T7516] dump_stack_lvl+0xe8/0x150 [ 177.765685][ T7516] should_fail_ex+0x412/0x560 [ 177.765717][ T7516] _copy_to_user+0x31/0xb0 [ 177.765740][ T7516] simple_read_from_buffer+0xe1/0x170 [ 177.765761][ T7516] proc_fail_nth_read+0x1bb/0x230 [ 177.765784][ T7516] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.765805][ T7516] ? rw_verify_area+0x2a6/0x4d0 [ 177.765825][ T7516] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.765845][ T7516] vfs_read+0x20c/0xa70 [ 177.765871][ T7516] ? __pfx___mutex_lock+0x10/0x10 [ 177.765896][ T7516] ? __pfx_vfs_read+0x10/0x10 [ 177.765916][ T7516] ? __fget_files+0x2a/0x420 [ 177.765938][ T7516] ? __fget_files+0x3a0/0x420 [ 177.765954][ T7516] ? __fget_files+0x2a/0x420 [ 177.765977][ T7516] ksys_read+0x150/0x270 [ 177.766000][ T7516] ? __pfx_ksys_read+0x10/0x10 [ 177.766020][ T7516] ? __pfx_sg_ioctl+0x10/0x10 [ 177.766045][ T7516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.766065][ T7516] do_syscall_64+0x15f/0xf80 [ 177.766088][ T7516] ? clear_bhb_loop+0x40/0x90 [ 177.766110][ T7516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.766126][ T7516] RIP: 0033:0x7f32e8d5d60e [ 177.766143][ T7516] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 177.766157][ T7516] RSP: 002b:00007f32e9c6ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.766176][ T7516] RAX: ffffffffffffffda RBX: 00007f32e9c706c0 RCX: 00007f32e8d5d60e [ 177.766189][ T7516] RDX: 000000000000000f RSI: 00007f32e9c700a0 RDI: 0000000000000004 [ 177.766200][ T7516] RBP: 00007f32e9c70090 R08: 0000000000000000 R09: 0000000000000000 [ 177.766211][ T7516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.766220][ T7516] R13: 00007f32e9016038 R14: 00007f32e9015fa0 R15: 00007f32e913fa48 [ 177.766246][ T7516] [ 178.047655][ T10] usb 4-1: USB disconnect, device number 25 [ 178.129279][ T5940] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 178.205857][ T7522] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 178.213121][ T7522] IPv6: NLM_F_CREATE should be set when creating new route [ 178.220396][ T7522] IPv6: NLM_F_CREATE should be set when creating new route [ 178.279326][ T5940] usb 1-1: Using ep0 maxpacket: 8 [ 178.337991][ T5940] usb 1-1: unable to get BOS descriptor or descriptor too short [ 178.394332][ T5940] usb 1-1: config 1 has an invalid descriptor of length 193, skipping remainder of the config [ 178.429515][ T5940] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 17, changing to 7 [ 178.470651][ T5940] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 51180, setting to 1024 [ 178.502257][ T5940] usb 1-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 178.545996][ T5940] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x8A has invalid maxpacket 14331, setting to 64 [ 178.649212][ T5940] usb 1-1: New USB device found, idVendor=0582, idProduct=0044, bcdDevice= 0.01 [ 178.683423][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.711482][ T5940] usb 1-1: Product: syz [ 178.726045][ T5940] usb 1-1: Manufacturer: syz [ 178.746810][ T5940] usb 1-1: SerialNumber: syz [ 178.893193][ T7540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.937892][ T7540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.079294][ T10] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 179.212473][ T7540] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 179.219229][ T7540] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 179.260769][ T7540] vhci_hcd vhci_hcd.0: Device attached [ 179.520469][ T5926] usb 36-1: SetAddress Request (2) to port 0 [ 179.543149][ T5926] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd [ 179.673643][ T10] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 179.688916][ T10] usb 3-1: can't read configurations, error -71 [ 179.764933][ T7542] vhci_hcd: connection reset by peer [ 179.791487][ T48] vhci_hcd vhci_hcd.1: stop threads [ 179.797494][ T48] vhci_hcd vhci_hcd.1: release socket [ 179.821232][ T48] vhci_hcd vhci_hcd.1: disconnect device [ 180.460301][ T7567] capability: warning: `syz.1.469' uses 32-bit capabilities (legacy support in use) [ 180.743310][ T7570] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 180.750602][ T7570] IPv6: NLM_F_CREATE should be set when creating new route [ 180.757843][ T7570] IPv6: NLM_F_CREATE should be set when creating new route [ 180.844369][ T7559] snd_aloop snd_aloop.0: control 5:6:4:syz1:-2147483647 is already present [ 181.003892][ T5940] usb 1-1: interface 3 not found [ 181.105464][ T5940] usb 1-1: USB disconnect, device number 25 [ 182.068688][ T29] audit: type=1326 audit(1777029215.949:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7600 comm="syz.3.481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf02b9cdd9 code=0x0 [ 182.125780][ T7605] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 182.375241][ T7614] loop5: detected capacity change from 0 to 4095 [ 182.785120][ T7625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.818544][ T7625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.914709][ T7625] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 182.931591][ T7627] openvswitch: netlink: Missing key (keys=1040, expected=10000000) [ 182.989717][ T5891] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 183.066632][ T7630] bridge1: entered promiscuous mode [ 183.076059][ T7630] bridge1: entered allmulticast mode [ 183.160548][ T5891] usb 5-1: unable to get BOS descriptor or descriptor too short [ 183.169122][ T5891] usb 5-1: not running at top speed; connect to a high speed hub [ 183.182753][ T5891] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4 [ 183.212158][ T5891] usb 5-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40 [ 183.224262][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.241641][ T5891] usb 5-1: Product: syz [ 183.250975][ T5891] usb 5-1: Manufacturer: syz [ 183.261556][ T5891] usb 5-1: SerialNumber: syz [ 183.339160][ T5846] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 183.478971][ T5925] IPVS: starting estimator thread 0... [ 183.491135][ T5846] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.503219][ T5846] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.546789][ T5891] usb 5-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 183.570345][ T7634] IPVS: using max 30 ests per chain, 72000 per kthread [ 183.582221][ T5846] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 183.582241][ T5891] usb 5-1: found format II with max.bitrate = 512, frame size=4095 [ 183.623458][ T5891] usb 5-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 183.648340][ T5891] usb 5-1: found format II with max.bitrate = 512, frame size=4095 [ 183.683473][ T5891] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 183.698876][ T5846] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 183.749702][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.821991][ T5891] usb 5-1: USB disconnect, device number 14 [ 183.836126][ T5846] usb 3-1: config 0 descriptor?? [ 183.946024][ T5841] udevd[5841]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 183.994260][ T7633] netlink: 'syz.0.473': attribute type 8 has an invalid length. [ 184.278037][ T5846] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x4 [ 184.387806][ T5846] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 184.529244][ T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 184.576163][ T7646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.589678][ T7646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.660706][ T5926] usb 36-1: device descriptor read/8, error -110 [ 184.705002][ T10] usb 4-1: config 0 has no interfaces? [ 184.724951][ T10] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 184.755397][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.783972][ T10] usb 4-1: Product: syz [ 184.803029][ T10] usb 4-1: Manufacturer: syz [ 184.816237][ T10] usb 4-1: SerialNumber: syz [ 184.846956][ T10] usb 4-1: config 0 descriptor?? [ 184.886391][ T5846] usb 3-1: USB disconnect, device number 23 [ 185.082800][ T5926] usb usb36-port1: attempt power cycle [ 185.200802][ T5846] usb 4-1: USB disconnect, device number 26 [ 185.584272][ T7662] FAULT_INJECTION: forcing a failure. [ 185.584272][ T7662] name failslab, interval 1, probability 0, space 0, times 0 [ 185.599244][ T7662] CPU: 1 UID: 0 PID: 7662 Comm: syz.1.500 Not tainted syzkaller #0 PREEMPT(full) [ 185.599269][ T7662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 185.599280][ T7662] Call Trace: [ 185.599287][ T7662] [ 185.599294][ T7662] dump_stack_lvl+0xe8/0x150 [ 185.599326][ T7662] should_fail_ex+0x412/0x560 [ 185.599358][ T7662] should_failslab+0xa8/0x100 [ 185.599385][ T7662] __kmalloc_cache_noprof+0x88/0x660 [ 185.599407][ T7662] ? register_netdevice+0x582/0x1cf0 [ 185.599434][ T7662] register_netdevice+0x582/0x1cf0 [ 185.599470][ T7662] ? __pfx_register_netdevice+0x10/0x10 [ 185.599496][ T7662] ? net_generic+0x1e/0x240 [ 185.599517][ T7662] ? net_generic+0x1e/0x240 [ 185.599542][ T7662] ip6_tnl_create2+0x79/0x3f0 [ 185.599562][ T7662] ? ip6_tnl_newlink+0x24a/0x640 [ 185.599584][ T7662] ip6_tnl_newlink+0x335/0x640 [ 185.599606][ T7662] ? __pfx_ip6_tnl_newlink+0x10/0x10 [ 185.599639][ T7662] ? __pfx_ip6_tnl_newlink+0x10/0x10 [ 185.599660][ T7662] rtnl_newlink_create+0x329/0xb70 [ 185.599679][ T7662] ? __pfx___nla_validate_parse+0x10/0x10 [ 185.599708][ T7662] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 185.599730][ T7662] ? __pfx___mutex_lock+0x10/0x10 [ 185.599764][ T7662] ? ns_capable+0x89/0xe0 [ 185.599792][ T7662] rtnl_newlink+0x166a/0x1bb0 [ 185.599832][ T7662] ? __pfx_rtnl_newlink+0x10/0x10 [ 185.599855][ T7662] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.599913][ T7662] ? kasan_quarantine_put+0xbb/0x1f0 [ 185.599933][ T7662] ? lockdep_hardirqs_on+0x7a/0x110 [ 185.599963][ T7662] ? nlmon_xmit+0xb0/0x100 [ 185.599986][ T7662] ? kmem_cache_free+0x182/0x650 [ 185.600016][ T7662] ? __lock_acquire+0x6b5/0x2cf0 [ 185.600040][ T7662] ? __dev_queue_xmit+0x2b6/0x3950 [ 185.600058][ T7662] ? __local_bh_enable_ip+0xd0/0x130 [ 185.600078][ T7662] ? lockdep_hardirqs_on+0x7a/0x110 [ 185.600094][ T7662] ? __dev_queue_xmit+0x2b6/0x3950 [ 185.600108][ T7662] ? __local_bh_enable_ip+0xd0/0x130 [ 185.600126][ T7662] ? __dev_queue_xmit+0x2b6/0x3950 [ 185.600148][ T7662] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 185.600179][ T7662] ? __pfx_rtnl_newlink+0x10/0x10 [ 185.600198][ T7662] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 185.600222][ T7662] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 185.600242][ T7662] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 185.600263][ T7662] ? ref_tracker_free+0x693/0x840 [ 185.600283][ T7662] ? __pfx_ref_tracker_free+0x10/0x10 [ 185.600298][ T7662] ? __asan_memcpy+0x40/0x70 [ 185.600316][ T7662] ? __skb_clone+0x63/0x7a0 [ 185.600341][ T7662] netlink_rcv_skb+0x232/0x4b0 [ 185.600367][ T7662] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 185.600393][ T7662] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 185.600430][ T7662] ? netlink_deliver_tap+0x2e/0x1b0 [ 185.600451][ T7662] ? netlink_deliver_tap+0x2e/0x1b0 [ 185.600473][ T7662] netlink_unicast+0x75c/0x8e0 [ 185.600506][ T7662] netlink_sendmsg+0x813/0xb40 [ 185.600531][ T7662] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.600552][ T7662] ? aa_sock_msg_perm+0xf1/0x1b0 [ 185.600573][ T7662] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.600597][ T7662] ____sys_sendmsg+0x972/0x9f0 [ 185.600616][ T7662] ? __might_fault+0xaf/0x130 [ 185.600650][ T7662] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.600678][ T7662] ? import_iovec+0x73/0xa0 [ 185.600700][ T7662] ___sys_sendmsg+0x2a5/0x360 [ 185.600718][ T7662] ? __lock_acquire+0x6b5/0x2cf0 [ 185.600747][ T7662] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.600803][ T7662] ? __fget_files+0x2a/0x420 [ 185.600820][ T7662] ? __fget_files+0x3a0/0x420 [ 185.600849][ T7662] __x64_sys_sendmsg+0x1bd/0x2a0 [ 185.600871][ T7662] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.600899][ T7662] ? __pfx_ksys_write+0x10/0x10 [ 185.600929][ T7662] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.600949][ T7662] do_syscall_64+0x15f/0xf80 [ 185.600971][ T7662] ? trace_irq_disable+0x3b/0x140 [ 185.600993][ T7662] ? clear_bhb_loop+0x40/0x90 [ 185.601016][ T7662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.601034][ T7662] RIP: 0033:0x7f32e8d9cdd9 [ 185.601051][ T7662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.601066][ T7662] RSP: 002b:00007f32e9c70028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.601084][ T7662] RAX: ffffffffffffffda RBX: 00007f32e9015fa0 RCX: 00007f32e8d9cdd9 [ 185.601096][ T7662] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 185.601107][ T7662] RBP: 00007f32e9c70090 R08: 0000000000000000 R09: 0000000000000000 [ 185.601118][ T7662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 185.601129][ T7662] R13: 00007f32e9016038 R14: 00007f32e9015fa0 R15: 00007f32e913fa48 [ 185.601157][ T7662] [ 186.077491][ T5926] usb usb36-port1: unable to enumerate USB device [ 186.503088][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.526886][ T82] bridge_slave_0 (unregistering): left allmulticast mode [ 186.534250][ T82] bridge_slave_0 (unregistering): left promiscuous mode [ 186.543165][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.803330][ T7684] loop7: detected capacity change from 0 to 16384 [ 186.942433][ T7689] netlink: 24 bytes leftover after parsing attributes in process `syz.2.506'. [ 187.043364][ C1] I/O error, dev loop7, sector 3584 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 [ 187.053265][ C1] I/O error, dev loop7, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 [ 187.067794][ C1] I/O error, dev loop7, sector 3584 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.077479][ C1] buffer_io_error: 171 callbacks suppressed [ 187.077494][ C1] Buffer I/O error on dev loop7, logical block 448, async page read [ 187.093842][ T7688] loop7: detected capacity change from 16384 to 0 [ 187.100780][ C0] I/O error, dev loop7, sector 3592 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.110260][ C0] Buffer I/O error on dev loop7, logical block 449, async page read [ 187.118280][ C0] I/O error, dev loop7, sector 3600 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.127680][ C0] Buffer I/O error on dev loop7, logical block 450, async page read [ 187.135718][ C0] I/O error, dev loop7, sector 3608 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.145100][ C0] Buffer I/O error on dev loop7, logical block 451, async page read [ 187.153134][ C0] I/O error, dev loop7, sector 3616 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.162543][ C0] Buffer I/O error on dev loop7, logical block 452, async page read [ 187.170603][ C0] I/O error, dev loop7, sector 3624 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.180022][ C0] Buffer I/O error on dev loop7, logical block 453, async page read [ 187.188066][ C0] I/O error, dev loop7, sector 3632 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.197465][ C0] Buffer I/O error on dev loop7, logical block 454, async page read [ 187.205523][ C0] I/O error, dev loop7, sector 3640 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.214917][ C0] Buffer I/O error on dev loop7, logical block 455, async page read [ 187.222993][ C0] Buffer I/O error on dev loop7, logical block 456, async page read [ 187.231056][ C0] Buffer I/O error on dev loop7, logical block 457, async page read [ 187.338944][ T7692] netlink: 'syz.2.506': attribute type 2 has an invalid length. [ 187.483273][ T7689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.150123][ T5846] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 188.342379][ T5846] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.381980][ T5846] usb 4-1: not running at top speed; connect to a high speed hub [ 188.402168][ T7724] FAULT_INJECTION: forcing a failure. [ 188.402168][ T7724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.434671][ T5846] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4 [ 188.459271][ T7724] CPU: 0 UID: 0 PID: 7724 Comm: syz.0.518 Not tainted syzkaller #0 PREEMPT(full) [ 188.459297][ T7724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 188.459307][ T7724] Call Trace: [ 188.459314][ T7724] [ 188.459320][ T7724] dump_stack_lvl+0xe8/0x150 [ 188.459340][ T7724] should_fail_ex+0x412/0x560 [ 188.459358][ T7724] _copy_from_user+0x2d/0xb0 [ 188.459371][ T7724] ___sys_sendmsg+0x1c6/0x360 [ 188.459384][ T7724] ? __lock_acquire+0x6b5/0x2cf0 [ 188.459401][ T7724] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.459429][ T7724] ? __fget_files+0x2a/0x420 [ 188.459439][ T7724] ? __fget_files+0x3a0/0x420 [ 188.459454][ T7724] __x64_sys_sendmsg+0x1bd/0x2a0 [ 188.459466][ T7724] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 188.459481][ T7724] ? __pfx_ksys_write+0x10/0x10 [ 188.459501][ T7724] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.459512][ T7724] do_syscall_64+0x15f/0xf80 [ 188.459534][ T7724] ? trace_irq_disable+0x3b/0x140 [ 188.459547][ T7724] ? clear_bhb_loop+0x40/0x90 [ 188.459560][ T7724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.459570][ T7724] RIP: 0033:0x7f8dcc59cdd9 [ 188.459579][ T7724] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 188.459588][ T7724] RSP: 002b:00007f8dca7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.459600][ T7724] RAX: ffffffffffffffda RBX: 00007f8dcc815fa0 RCX: 00007f8dcc59cdd9 [ 188.459607][ T7724] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000003 [ 188.459613][ T7724] RBP: 00007f8dca7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 188.459619][ T7724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.459625][ T7724] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 188.459640][ T7724] [ 188.468795][ T5846] usb 4-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40 [ 189.046210][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.075972][ T5846] usb 4-1: Product: syz [ 189.091873][ T5846] usb 4-1: Manufacturer: syz [ 189.111571][ T5846] usb 4-1: SerialNumber: syz [ 189.208145][ T7734] netlink: 'syz.2.521': attribute type 5 has an invalid length. [ 189.424341][ T5846] usb 4-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 189.458865][ T5846] usb 4-1: found format II with max.bitrate = 512, frame size=4095 [ 189.518919][ T5846] usb 4-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 189.569359][ T5846] usb 4-1: found format II with max.bitrate = 512, frame size=4095 [ 189.630200][ T5846] usb 4-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 189.670850][ T29] audit: type=1326 audit(1777029223.559:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7744 comm="syz.2.524" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f706199cdd9 code=0x0 [ 189.694037][ T29] audit: type=1326 audit(1777029223.579:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7744 comm="syz.2.524" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f706199cdd9 code=0x0 [ 189.863701][ T7753] ALSA: seq fatal error: cannot create timer (-19) [ 189.997759][ T5846] usb 4-1: USB disconnect, device number 27 [ 190.129733][ T5912] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 190.155091][ T7753] fuse: Unknown parameter '00000000000000000007' [ 190.165697][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 190.219405][ T7761] syzkaller0: entered promiscuous mode [ 190.239638][ T7761] syzkaller0: entered allmulticast mode [ 190.289440][ T5912] usb 3-1: Using ep0 maxpacket: 8 [ 190.325325][ T5912] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 190.346098][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.365540][ T5912] usb 3-1: Product: syz [ 190.377568][ T5912] usb 3-1: Manufacturer: syz [ 190.388844][ T5912] usb 3-1: SerialNumber: syz [ 190.406329][ T5912] usb 3-1: config 0 descriptor?? [ 190.424709][ T5912] gspca_main: se401-2.14.0 probing 047d:5003 [ 191.176474][ T5912] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 191.205482][ T5912] se401 3-1:0.0: probe with driver se401 failed with error -71 [ 191.227403][ T5912] usb 3-1: USB disconnect, device number 24 [ 191.319184][ T5926] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 191.482414][ T5926] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 191.495333][ T5926] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 191.510690][ T5926] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 191.520303][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.535890][ T7774] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 191.555763][ T7785] binder: 7784:7785 ioctl 400c620e 200000000000 returned -22 [ 191.568310][ T5926] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 191.768201][ T7774] FAULT_INJECTION: forcing a failure. [ 191.768201][ T7774] name failslab, interval 1, probability 0, space 0, times 0 [ 191.795753][ T7774] CPU: 1 UID: 0 PID: 7774 Comm: syz.3.531 Not tainted syzkaller #0 PREEMPT(full) [ 191.795780][ T7774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 191.795791][ T7774] Call Trace: [ 191.795798][ T7774] [ 191.795806][ T7774] dump_stack_lvl+0xe8/0x150 [ 191.795839][ T7774] should_fail_ex+0x412/0x560 [ 191.795873][ T7774] should_failslab+0xa8/0x100 [ 191.795900][ T7774] __kmalloc_cache_noprof+0x88/0x660 [ 191.795921][ T7774] ? snd_rawmidi_kernel_open+0x8c/0x150 [ 191.795947][ T7774] ? open_substream+0xb4/0x790 [ 191.795977][ T7774] open_substream+0xb4/0x790 [ 191.796002][ T7774] rawmidi_open_priv+0xc4/0x660 [ 191.796034][ T7774] snd_rawmidi_kernel_open+0x9c/0x150 [ 191.796062][ T7774] midisynth_use+0xe8/0x270 [ 191.796082][ T7774] ? __pfx_midisynth_use+0x10/0x10 [ 191.796105][ T7774] ? __pfx_down_write+0x10/0x10 [ 191.796133][ T7774] ? up_write+0x1ab/0x410 [ 191.796157][ T7774] ? __pfx_midisynth_use+0x10/0x10 [ 191.796177][ T7774] check_and_subscribe_port+0x66a/0xb60 [ 191.796219][ T7774] snd_seq_port_connect+0x264/0x450 [ 191.796250][ T7774] snd_seq_ioctl_subscribe_port+0x378/0x7c0 [ 191.796282][ T7774] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 191.796320][ T7774] snd_seq_oss_midi_open+0x4a2/0x8a0 [ 191.796354][ T7774] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 191.796400][ T7774] snd_seq_oss_synth_reset+0x3ca/0x8b0 [ 191.796434][ T7774] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 191.796462][ T7774] ? rcu_is_watching+0x15/0xb0 [ 191.796482][ T7774] ? trace_contention_end+0x3d/0x140 [ 191.796509][ T7774] snd_seq_oss_reset+0x5a/0x240 [ 191.796535][ T7774] snd_seq_oss_release+0xfe/0x330 [ 191.796559][ T7774] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 191.796580][ T7774] ? __fsnotify_parent+0x267/0x620 [ 191.796603][ T7774] ? odev_release+0x4b/0x70 [ 191.796627][ T7774] ? __pfx___mutex_lock+0x10/0x10 [ 191.796652][ T7774] ? __pfx___fsnotify_parent+0x10/0x10 [ 191.796670][ T7774] ? locks_remove_posix+0x14f/0x6a0 [ 191.796703][ T7774] ? evm_file_release+0x107/0x1e0 [ 191.796726][ T7774] ? __pfx_odev_release+0x10/0x10 [ 191.796752][ T7774] odev_release+0x53/0x70 [ 191.796773][ T7774] __fput+0x44f/0xa60 [ 191.796803][ T7774] fput_close_sync+0x11f/0x240 [ 191.796822][ T7774] ? __pfx_fput_close_sync+0x10/0x10 [ 191.796846][ T7774] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.796868][ T7774] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.796887][ T7774] __x64_sys_close+0x7e/0x110 [ 191.796908][ T7774] do_syscall_64+0x15f/0xf80 [ 191.796935][ T7774] ? trace_irq_disable+0x3b/0x140 [ 191.796958][ T7774] ? clear_bhb_loop+0x40/0x90 [ 191.796987][ T7774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.797005][ T7774] RIP: 0033:0x7fbf02b9cdd9 [ 191.797022][ T7774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 191.797037][ T7774] RSP: 002b:00007fbf03ab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 191.797057][ T7774] RAX: ffffffffffffffda RBX: 00007fbf02e15fa0 RCX: 00007fbf02b9cdd9 [ 191.797070][ T7774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 191.797081][ T7774] RBP: 00007fbf03ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 191.797091][ T7774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 191.797103][ T7774] R13: 00007fbf02e16038 R14: 00007fbf02e15fa0 R15: 00007fbf02f3fa48 [ 191.797134][ T7774] [ 192.260302][ T5926] usb 4-1: USB disconnect, device number 28 [ 192.299836][ T7798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.301652][ T7799] netlink: 48 bytes leftover after parsing attributes in process `syz.4.539'. [ 192.310074][ T7798] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.479354][ T5891] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 192.599221][ T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 192.752230][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.772597][ T10] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 192.798382][ T10] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 192.816156][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 192.826259][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.835644][ T10] usb 1-1: Product: syz [ 192.840220][ T10] usb 1-1: Manufacturer: syz [ 192.844913][ T10] usb 1-1: SerialNumber: syz [ 192.858207][ T10] cdc_ncm 1-1:1.0: skipping garbage [ 192.937126][ T7810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.543'. [ 193.182005][ T7818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.191112][ T7818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.219203][ T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 193.334715][ T7823] FAULT_INJECTION: forcing a failure. [ 193.334715][ T7823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.348055][ T7823] CPU: 0 UID: 0 PID: 7823 Comm: syz.4.550 Not tainted syzkaller #0 PREEMPT(full) [ 193.348078][ T7823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.348093][ T7823] Call Trace: [ 193.348099][ T7823] [ 193.348106][ T7823] dump_stack_lvl+0xe8/0x150 [ 193.348138][ T7823] should_fail_ex+0x412/0x560 [ 193.348169][ T7823] _copy_from_user+0x2d/0xb0 [ 193.348192][ T7823] ___sys_sendmsg+0x1c6/0x360 [ 193.348211][ T7823] ? __lock_acquire+0x6b5/0x2cf0 [ 193.348241][ T7823] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.348292][ T7823] ? __fget_files+0x2a/0x420 [ 193.348310][ T7823] ? __fget_files+0x3a0/0x420 [ 193.348337][ T7823] __x64_sys_sendmsg+0x1bd/0x2a0 [ 193.348359][ T7823] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 193.348387][ T7823] ? __pfx_ksys_write+0x10/0x10 [ 193.348417][ T7823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.348436][ T7823] do_syscall_64+0x15f/0xf80 [ 193.348457][ T7823] ? trace_irq_disable+0x3b/0x140 [ 193.348481][ T7823] ? clear_bhb_loop+0x40/0x90 [ 193.348502][ T7823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.348520][ T7823] RIP: 0033:0x7f37f219cdd9 [ 193.348536][ T7823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.348552][ T7823] RSP: 002b:00007f37f2faa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.348570][ T7823] RAX: ffffffffffffffda RBX: 00007f37f2415fa0 RCX: 00007f37f219cdd9 [ 193.348583][ T7823] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000004 [ 193.348595][ T7823] RBP: 00007f37f2faa090 R08: 0000000000000000 R09: 0000000000000000 [ 193.348605][ T7823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.348615][ T7823] R13: 00007f37f2416038 R14: 00007f37f2415fa0 R15: 00007f37f253fa48 [ 193.348643][ T7823] [ 193.528660][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 193.535101][ T5891] usb 3-1: device descriptor read/64, error -71 [ 193.543596][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.554057][ T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 193.567431][ T7824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.580850][ T7824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.592151][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 193.666156][ T24] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 193.684726][ T24] usb 4-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 193.708260][ T24] usb 4-1: Product: syz [ 193.720631][ T24] usb 4-1: Manufacturer: syz [ 193.738373][ T24] usb 4-1: SerialNumber: syz [ 193.772007][ T24] usb 4-1: config 0 descriptor?? [ 193.779658][ T5891] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 193.843560][ T7817] ALSA: mixer_oss: invalid OSS volume '' [ 193.849458][ T7817] ALSA: mixer_oss: invalid OSS volume ' a=!˹=+LKWM:~' [ 193.858011][ T7817] ALSA: mixer_oss: invalid OSS volume '%wѺM#i6[NVLKK-' [ 193.869453][ T24] rc_core: IR keymap rc-imon-rsc not found [ 193.875352][ T24] Registered IR keymap rc-empty [ 193.890703][ T24] rc rc0: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 193.902142][ T7817] ALSA: mixer_oss: invalid OSS volume 'ڶZ:3.F?Y^x1b' [ 193.902454][ T24] input: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input19 [ 193.910845][ T7817] ALSA: mixer_oss: invalid OSS volume ' $i.A_|#Xd#>z^a' [ 193.978465][ T7817] ALSA: mixer_oss: invalid OSS volume '*moG%BuZk@mIv initial count (268 ns). Using initial count to start timer. [ 198.619675][ T5846] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 198.759307][ T5912] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 198.779593][ T5846] usb 4-1: Using ep0 maxpacket: 8 [ 198.798487][ T5846] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 198.823788][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.856501][ T5846] usb 4-1: Product: syz [ 198.870653][ T5846] usb 4-1: Manufacturer: syz [ 198.885334][ T5846] usb 4-1: SerialNumber: syz [ 198.923656][ T5846] usb 4-1: config 0 descriptor?? [ 198.924019][ T7889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.946573][ T7889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.951091][ T5912] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.968860][ T5846] gspca_main: se401-2.14.0 probing 047d:5003 [ 198.984830][ T5912] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 199.012173][ T5912] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 199.041018][ T5912] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 199.051600][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.063686][ T5912] usb 3-1: Product: syz [ 199.067879][ T5912] usb 3-1: Manufacturer: syz [ 199.073065][ T5912] usb 3-1: SerialNumber: syz [ 199.086772][ T5912] cdc_ncm 3-1:1.0: skipping garbage [ 199.229277][ T24] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 199.391234][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 199.402889][ T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 199.413446][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 199.434270][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.453136][ T7890] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 199.472543][ T5846] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 199.486447][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 199.497426][ T5846] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 199.515722][ T5846] usb 4-1: USB disconnect, device number 30 [ 199.708086][ T7890] netlink: 16 bytes leftover after parsing attributes in process `syz.0.567'. [ 199.788012][ T7895] netlink: 12 bytes leftover after parsing attributes in process `syz.1.569'. [ 199.794437][ T5846] usb 1-1: USB disconnect, device number 31 [ 200.109933][ T7885] netlink: 32 bytes leftover after parsing attributes in process `syz.2.565'. [ 200.168890][ T7904] netlink: 24 bytes leftover after parsing attributes in process `syz.3.571'. [ 200.439287][ T7911] FAULT_INJECTION: forcing a failure. [ 200.439287][ T7911] name failslab, interval 1, probability 0, space 0, times 0 [ 200.468906][ T7911] CPU: 1 UID: 0 PID: 7911 Comm: syz.0.573 Not tainted syzkaller #0 PREEMPT(full) [ 200.468930][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 200.468937][ T7911] Call Trace: [ 200.468942][ T7911] [ 200.468947][ T7911] dump_stack_lvl+0xe8/0x150 [ 200.468971][ T7911] should_fail_ex+0x412/0x560 [ 200.468990][ T7911] should_failslab+0xa8/0x100 [ 200.469004][ T7911] ? skb_clone+0x212/0x3a0 [ 200.469016][ T7911] kmem_cache_alloc_noprof+0x87/0x650 [ 200.469028][ T7911] ? __netlink_lookup+0xc6/0x8b0 [ 200.469042][ T7911] skb_clone+0x212/0x3a0 [ 200.469054][ T7911] __netlink_deliver_tap+0x404/0x850 [ 200.469080][ T7911] ? netlink_deliver_tap+0x2e/0x1b0 [ 200.469096][ T7911] netlink_deliver_tap+0x19c/0x1b0 [ 200.469113][ T7911] netlink_unicast+0x730/0x8e0 [ 200.469152][ T7911] netlink_sendmsg+0x813/0xb40 [ 200.469177][ T7911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.469197][ T7911] ? aa_sock_msg_perm+0xf1/0x1b0 [ 200.469215][ T7911] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 200.469238][ T7911] ____sys_sendmsg+0x972/0x9f0 [ 200.469257][ T7911] ? __might_fault+0xaf/0x130 [ 200.469281][ T7911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 200.469308][ T7911] ? import_iovec+0x73/0xa0 [ 200.469332][ T7911] ___sys_sendmsg+0x2a5/0x360 [ 200.469350][ T7911] ? __lock_acquire+0x6b5/0x2cf0 [ 200.469379][ T7911] ? __pfx____sys_sendmsg+0x10/0x10 [ 200.469431][ T7911] ? __fget_files+0x2a/0x420 [ 200.469448][ T7911] ? __fget_files+0x3a0/0x420 [ 200.469476][ T7911] __x64_sys_sendmsg+0x1bd/0x2a0 [ 200.469498][ T7911] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 200.469527][ T7911] ? __pfx_ksys_write+0x10/0x10 [ 200.469557][ T7911] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.469576][ T7911] do_syscall_64+0x15f/0xf80 [ 200.469599][ T7911] ? trace_irq_disable+0x3b/0x140 [ 200.469622][ T7911] ? clear_bhb_loop+0x40/0x90 [ 200.469644][ T7911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.469661][ T7911] RIP: 0033:0x7f8dcc59cdd9 [ 200.469678][ T7911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 200.469693][ T7911] RSP: 002b:00007f8dca7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 200.469712][ T7911] RAX: ffffffffffffffda RBX: 00007f8dcc815fa0 RCX: 00007f8dcc59cdd9 [ 200.469725][ T7911] RDX: 0000000024044010 RSI: 0000200000000100 RDI: 0000000000000003 [ 200.469736][ T7911] RBP: 00007f8dca7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 200.469747][ T7911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.469758][ T7911] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 200.469787][ T7911] [ 200.589215][ T5891] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 200.755522][ T7911] Cannot find set identified by id 0 to match [ 200.966385][ T7913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.574'. [ 201.039172][ T5891] usb 5-1: Using ep0 maxpacket: 32 [ 201.050889][ T5891] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 201.059558][ T5891] usb 5-1: config 0 has no interface number 0 [ 201.074451][ T5891] usb 5-1: config 0 interface 12 has no altsetting 0 [ 201.087472][ T5891] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 201.097021][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.105546][ T5891] usb 5-1: Product: syz [ 201.110206][ T5891] usb 5-1: Manufacturer: syz [ 201.126009][ T5891] usb 5-1: SerialNumber: syz [ 201.159387][ T5891] usb 5-1: config 0 descriptor?? [ 201.381005][ T5853] Bluetooth: hci0: command 0x0406 tx timeout [ 201.389256][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 201.396097][ T5851] Bluetooth: hci1: command 0x0406 tx timeout [ 201.407420][ T5851] Bluetooth: hci2: command 0x0406 tx timeout [ 201.414235][ T5162] Bluetooth: hci4: command 0x0406 tx timeout [ 201.489752][ T5912] cdc_ncm 3-1:1.0: bind() failure [ 201.504918][ T5912] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 201.527819][ T5912] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 201.585827][ T5912] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 201.635318][ T5912] usb 3-1: USB disconnect, device number 28 [ 201.991825][ T5912] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 202.169187][ T5912] usb 3-1: Using ep0 maxpacket: 8 [ 202.173685][ T7937] netlink: 24 bytes leftover after parsing attributes in process `syz.3.580'. [ 202.188274][ T5912] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 202.200780][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.209015][ T5912] usb 3-1: Product: syz [ 202.215825][ T5912] usb 3-1: Manufacturer: syz [ 202.221175][ T5912] usb 3-1: SerialNumber: syz [ 202.243018][ T5912] usb 3-1: config 0 descriptor?? [ 202.263702][ T5912] gspca_main: se401-2.14.0 probing 047d:5003 [ 202.279203][ T5935] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 202.449157][ T5935] usb 1-1: Using ep0 maxpacket: 8 [ 202.478233][ T5935] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 202.514280][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.548469][ T5935] usb 1-1: Product: syz [ 202.561764][ T5935] usb 1-1: Manufacturer: syz [ 202.574908][ T5935] usb 1-1: SerialNumber: syz [ 202.592278][ T5935] usb 1-1: config 0 descriptor?? [ 202.607887][ T5935] gspca_main: se401-2.14.0 probing 047d:5003 [ 203.127053][ T7908] netlink: 16 bytes leftover after parsing attributes in process `syz.4.572'. [ 203.155333][ T5912] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 203.168455][ T5912] se401 3-1:0.0: probe with driver se401 failed with error -71 [ 203.180954][ T5891] f81534 5-1:0.12: f81534_set_register: reg: 1003 data: d8 failed: -71 [ 203.207150][ T5912] usb 3-1: USB disconnect, device number 29 [ 203.221649][ T5891] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 203.245118][ T5935] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 203.261503][ T5935] se401 1-1:0.0: probe with driver se401 failed with error -71 [ 203.279188][ T5891] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 203.301724][ T5935] usb 1-1: USB disconnect, device number 32 [ 203.313887][ T5891] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 203.355372][ T5891] usb 5-1: USB disconnect, device number 16 [ 203.909721][ T5891] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 204.059289][ T5925] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 204.081677][ T5891] usb 4-1: unable to get BOS descriptor or descriptor too short [ 204.094359][ T5891] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 204.110069][ T5891] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 204.134340][ T5891] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 185, changing to 7 [ 204.165501][ T5891] usb 4-1: string descriptor 0 read error: -22 [ 204.171868][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 204.183770][ T5891] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 204.200769][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.227089][ T5891] usb 4-1: selecting invalid altsetting 1 [ 204.236104][ T5925] usb 1-1: Using ep0 maxpacket: 8 [ 204.247125][ T5891] usb 4-1: unit 3 not found! [ 204.261885][ T5925] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 204.273293][ T5891] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 204.289248][ T5925] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 204.305211][ T5891] usb 4-1: selecting invalid altsetting 1 [ 204.311569][ T5925] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 204.322812][ T5891] usb 4-1: unit 3 not found! [ 204.337312][ T5925] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 204.350677][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 204.372077][ T10] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 204.385200][ T5925] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 204.404512][ T10] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 204.417685][ T5925] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.468816][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 204.481483][ T5891] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22 [ 204.497298][ T5925] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 204.508941][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.522282][ T5891] usb 4-1: USB disconnect, device number 31 [ 204.529718][ T10] usb 5-1: Product: Ї [ 204.535638][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.546927][ T10] usb 5-1: Manufacturer: о [ 204.555227][ T10] usb 5-1: SerialNumber: 愊ࣇꆯ鴋䓮씷⨊᧨緣뿐邠㰌᎜⛚భꆚ쒺寡超 [ 204.804120][ T10] cdc_ncm 5-1:1.0: bind() failure [ 204.827487][ T10] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 204.869925][ T10] cdc_ncm 5-1:1.1: bind() failure [ 204.904709][ T10] usb 5-1: USB disconnect, device number 17 [ 204.940059][ T5925] usb 1-1: GET_CAPABILITIES returned 0 [ 204.957613][ T5925] usbtmc 1-1:16.0: can't read capabilities [ 205.695545][ T7980] netlink: 'syz.1.593': attribute type 32 has an invalid length. [ 205.706128][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.593'. [ 205.715785][ T7980] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 205.791715][ T5925] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 205.902519][ T7985] FAULT_INJECTION: forcing a failure. [ 205.902519][ T7985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.916479][ T7985] CPU: 0 UID: 0 PID: 7985 Comm: syz.2.595 Not tainted syzkaller #0 PREEMPT(full) [ 205.916503][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.916514][ T7985] Call Trace: [ 205.916521][ T7985] [ 205.916528][ T7985] dump_stack_lvl+0xe8/0x150 [ 205.916560][ T7985] should_fail_ex+0x412/0x560 [ 205.916604][ T7985] _copy_from_user+0x2d/0xb0 [ 205.916626][ T7985] binder_ioctl+0x744/0x1b10 [ 205.916645][ T7985] ? tomoyo_path_number_perm+0x219/0x630 [ 205.916672][ T7985] ? tomoyo_path_number_perm+0x219/0x630 [ 205.916700][ T7985] ? do_vfs_ioctl+0x1166/0x1530 [ 205.916723][ T7985] ? __pfx_binder_ioctl+0x10/0x10 [ 205.916739][ T7985] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 205.916771][ T7985] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 205.916812][ T7985] ? __fget_files+0x2a/0x420 [ 205.916831][ T7985] ? __fget_files+0x2a/0x420 [ 205.916847][ T7985] ? __fget_files+0x3a0/0x420 [ 205.916864][ T7985] ? __fget_files+0x2a/0x420 [ 205.916884][ T7985] ? bpf_lsm_file_ioctl+0x9/0x20 [ 205.916907][ T7985] ? __pfx_binder_ioctl+0x10/0x10 [ 205.916929][ T7985] __se_sys_ioctl+0xfc/0x170 [ 205.916951][ T7985] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.916972][ T7985] do_syscall_64+0x15f/0xf80 [ 205.916992][ T7985] ? trace_irq_disable+0x3b/0x140 [ 205.917014][ T7985] ? clear_bhb_loop+0x40/0x90 [ 205.917036][ T7985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.917057][ T7985] RIP: 0033:0x7f706199cdd9 [ 205.917073][ T7985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.917088][ T7985] RSP: 002b:00007f70627de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.917107][ T7985] RAX: ffffffffffffffda RBX: 00007f7061c15fa0 RCX: 00007f706199cdd9 [ 205.917120][ T7985] RDX: 0000200000000000 RSI: 00000000400c620e RDI: 0000000000000003 [ 205.917133][ T7985] RBP: 00007f70627de090 R08: 0000000000000000 R09: 0000000000000000 [ 205.917144][ T7985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.917155][ T7985] R13: 00007f7061c16038 R14: 00007f7061c15fa0 R15: 00007f7061d3fa48 [ 205.917181][ T7985] [ 205.917198][ T7985] binder: 7984:7985 ioctl 400c620e 200000000000 returned -14 [ 206.138112][ T5925] usb 4-1: device descriptor read/64, error -71 [ 206.218150][ T7987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.234478][ T7987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.277158][ T7989] ALSA: seq fatal error: cannot create timer (-19) [ 206.379205][ T5925] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 206.519178][ T5925] usb 4-1: device descriptor read/64, error -71 [ 206.526182][ T7989] fuse: Unknown parameter '00000000000000000007' [ 206.630305][ T5925] usb usb4-port1: attempt power cycle [ 206.823933][ T5846] usb 1-1: USB disconnect, device number 33 [ 206.970614][ T5925] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 207.000034][ T5925] usb 4-1: device descriptor read/8, error -71 [ 207.249204][ T5925] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 207.270130][ T5925] usb 4-1: device descriptor read/8, error -71 [ 207.309180][ T10] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 207.379892][ T5925] usb usb4-port1: unable to enumerate USB device [ 207.462384][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.473432][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.483501][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 207.496801][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 207.505891][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.515773][ T10] usb 1-1: config 0 descriptor?? [ 207.778735][ T8012] netlink: 'syz.2.604': attribute type 32 has an invalid length. [ 207.787568][ T8012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.604'. [ 207.796792][ T8012] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 207.962616][ T10] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 208.320160][ T5846] usb 1-1: USB disconnect, device number 34 [ 208.326354][ T8002] usb 1-1: string descriptor 0 read error: -19 [ 209.230323][ T8032] FAULT_INJECTION: forcing a failure. [ 209.230323][ T8032] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.278380][ T8032] CPU: 0 UID: 0 PID: 8032 Comm: syz.0.610 Not tainted syzkaller #0 PREEMPT(full) [ 209.278406][ T8032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 209.278418][ T8032] Call Trace: [ 209.278425][ T8032] [ 209.278433][ T8032] dump_stack_lvl+0xe8/0x150 [ 209.278465][ T8032] should_fail_ex+0x412/0x560 [ 209.278499][ T8032] _copy_from_iter+0x1d3/0x1670 [ 209.278519][ T8032] ? rep_movs_alternative+0x4a/0x90 [ 209.278546][ T8032] ? __pfx__copy_from_iter+0x10/0x10 [ 209.278563][ T8032] ? sock_alloc_send_pskb+0x896/0x990 [ 209.278592][ T8032] ? __pfx__copy_from_iter+0x10/0x10 [ 209.278622][ T8032] copy_page_from_iter+0x220/0x2d0 [ 209.278645][ T8032] skb_copy_datagram_from_iter+0x306/0x710 [ 209.278677][ T8032] packet_sendmsg+0x3799/0x5120 [ 209.278718][ T8032] ? __lock_acquire+0x6b5/0x2cf0 [ 209.278764][ T8032] ? aa_sk_perm+0x6d5/0x900 [ 209.278791][ T8032] ? __pfx_packet_sendmsg+0x10/0x10 [ 209.278821][ T8032] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 209.278848][ T8032] ? aa_sock_msg_perm+0xf1/0x1b0 [ 209.278868][ T8032] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 209.278890][ T8032] ? __pfx_packet_sendmsg+0x10/0x10 [ 209.278915][ T8032] __sys_sendto+0x672/0x710 [ 209.278936][ T8032] ? __pfx___sys_sendto+0x10/0x10 [ 209.278952][ T8032] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 209.278989][ T8032] ? __fget_files+0x3a0/0x420 [ 209.279018][ T8032] ? ksys_write+0x242/0x270 [ 209.279043][ T8032] ? __pfx_ksys_write+0x10/0x10 [ 209.279068][ T8032] __x64_sys_sendto+0xde/0x100 [ 209.279086][ T8032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.279106][ T8032] do_syscall_64+0x15f/0xf80 [ 209.279129][ T8032] ? trace_irq_disable+0x3b/0x140 [ 209.279153][ T8032] ? clear_bhb_loop+0x40/0x90 [ 209.279174][ T8032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.279192][ T8032] RIP: 0033:0x7f8dcc59cdd9 [ 209.279209][ T8032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.279225][ T8032] RSP: 002b:00007f8dca7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 209.279243][ T8032] RAX: ffffffffffffffda RBX: 00007f8dcc815fa0 RCX: 00007f8dcc59cdd9 [ 209.279265][ T8032] RDX: 000000000000fef2 RSI: 0000200000000340 RDI: 0000000000000003 [ 209.279276][ T8032] RBP: 00007f8dca7f6090 R08: 0000200000000a80 R09: 0000000000000014 [ 209.279288][ T8032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 209.279298][ T8032] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 209.279327][ T8032] [ 210.001629][ T8045] netlink: 'syz.4.615': attribute type 32 has an invalid length. [ 210.024490][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.615'. [ 210.046848][ T8045] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 210.227180][ T8052] netlink: 144 bytes leftover after parsing attributes in process `syz.4.617'. [ 210.379889][ T29] audit: type=1804 audit(1777029244.259:208): pid=8052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.617" name="/newroot/120/file1" dev="fuse" ino=1 res=1 errno=0 [ 210.402604][ T8058] fuse: Bad value for 'fd' [ 210.530499][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.555888][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.817832][ T8074] netlink: 36 bytes leftover after parsing attributes in process `syz.0.626'. [ 211.089189][ T5846] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 211.249158][ T5846] usb 4-1: Using ep0 maxpacket: 32 [ 211.257278][ T5846] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 211.259245][ T5891] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 211.276376][ T5846] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 211.288502][ T5846] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 211.314531][ T5846] usb 4-1: New USB device found, idVendor=0582, idProduct=00b2, bcdDevice= 0.40 [ 211.323911][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.332040][ T5846] usb 4-1: Product: syz [ 211.336377][ T5846] usb 4-1: Manufacturer: syz [ 211.341172][ T5846] usb 4-1: SerialNumber: syz [ 211.434149][ T5891] usb 5-1: not running at top speed; connect to a high speed hub [ 211.443891][ T5891] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 211.458553][ T5891] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 211.468168][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.476585][ T5891] usb 5-1: Product: я [ 211.480894][ T5891] usb 5-1: Manufacturer: ⵍ㰃ඣ䗓蒨醕긴欭ƈ氶]瑃킸쾵鹌볪㪻虓ꪆ涴ِ編츣㧅漭뷯ࠗ믇騬粷硶亂ᒜꊹ짛蜚굱鿀ᘩ⣴繞煝핎闖묋ㆍ๊婻욗㹲浆菿ꡖ禹羒릺恍⚏혈㴢⮹ [ 211.505744][ T5891] usb 5-1: SerialNumber: Ч [ 211.528762][ T8083] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 211.560462][ T8087] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=42890 (85780 ns) > initial count (8 ns). Using initial count to start timer. [ 211.599050][ T5846] usb 4-1: USB disconnect, device number 36 [ 211.943445][ T8083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.956109][ T8083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.976854][ T5891] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 212.008621][ T5891] usb 5-1: USB disconnect, device number 18 [ 212.503171][ T5912] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 212.661146][ T5912] usb 4-1: device descriptor read/64, error -71 [ 212.848124][ T8108] FAULT_INJECTION: forcing a failure. [ 212.848124][ T8108] name failslab, interval 1, probability 0, space 0, times 0 [ 212.884468][ T8108] CPU: 1 UID: 0 PID: 8108 Comm: syz.4.636 Not tainted syzkaller #0 PREEMPT(full) [ 212.884484][ T8108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 212.884491][ T8108] Call Trace: [ 212.884495][ T8108] [ 212.884500][ T8108] dump_stack_lvl+0xe8/0x150 [ 212.884520][ T8108] should_fail_ex+0x412/0x560 [ 212.884540][ T8108] should_failslab+0xa8/0x100 [ 212.884554][ T8108] ? skb_clone+0x212/0x3a0 [ 212.884566][ T8108] kmem_cache_alloc_noprof+0x87/0x650 [ 212.884582][ T8108] skb_clone+0x212/0x3a0 [ 212.884594][ T8108] __netlink_deliver_tap+0x404/0x850 [ 212.884611][ T8108] ? netlink_deliver_tap+0x2e/0x1b0 [ 212.884621][ T8108] netlink_deliver_tap+0x19c/0x1b0 [ 212.884631][ T8108] netlink_sendskb+0x68/0x140 [ 212.884647][ T8108] netlink_rcv_skb+0x2b6/0x4b0 [ 212.884662][ T8108] ? __pfx_genl_rcv_msg+0x10/0x10 [ 212.884675][ T8108] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 212.884697][ T8108] ? down_read+0x270/0x2e0 [ 212.884712][ T8108] ? genl_rcv+0xd/0x40 [ 212.884724][ T8108] genl_rcv+0x28/0x40 [ 212.884734][ T8108] netlink_unicast+0x75c/0x8e0 [ 212.884754][ T8108] netlink_sendmsg+0x813/0xb40 [ 212.884768][ T8108] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.884780][ T8108] ? aa_sock_msg_perm+0xf1/0x1b0 [ 212.884791][ T8108] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 212.884806][ T8108] ____sys_sendmsg+0x972/0x9f0 [ 212.884817][ T8108] ? __might_fault+0xaf/0x130 [ 212.884831][ T8108] ? __pfx_____sys_sendmsg+0x10/0x10 [ 212.884846][ T8108] ? import_iovec+0x73/0xa0 [ 212.884860][ T8108] ___sys_sendmsg+0x2a5/0x360 [ 212.884870][ T8108] ? __lock_acquire+0x6b5/0x2cf0 [ 212.884888][ T8108] ? __pfx____sys_sendmsg+0x10/0x10 [ 212.884916][ T8108] ? __fget_files+0x2a/0x420 [ 212.884928][ T8108] ? __fget_files+0x3a0/0x420 [ 212.884943][ T8108] __x64_sys_sendmsg+0x1bd/0x2a0 [ 212.884955][ T8108] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 212.884971][ T8108] ? __pfx_ksys_write+0x10/0x10 [ 212.884994][ T8108] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.885009][ T8108] do_syscall_64+0x15f/0xf80 [ 212.885022][ T8108] ? trace_irq_disable+0x3b/0x140 [ 212.885036][ T8108] ? clear_bhb_loop+0x40/0x90 [ 212.885048][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.885058][ T8108] RIP: 0033:0x7f37f219cdd9 [ 212.885068][ T8108] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.885077][ T8108] RSP: 002b:00007f37f2faa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.885089][ T8108] RAX: ffffffffffffffda RBX: 00007f37f2415fa0 RCX: 00007f37f219cdd9 [ 212.885096][ T8108] RDX: 0000000000054880 RSI: 0000200000001480 RDI: 0000000000000003 [ 212.885102][ T8108] RBP: 00007f37f2faa090 R08: 0000000000000000 R09: 0000000000000000 [ 212.885108][ T8108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 212.885114][ T8108] R13: 00007f37f2416038 R14: 00007f37f2415fa0 R15: 00007f37f253fa48 [ 212.885129][ T8108] [ 213.499340][ T5912] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 213.657726][ T5912] usb 4-1: device descriptor read/64, error -71 [ 213.736567][ T8111] netlink: 36 bytes leftover after parsing attributes in process `syz.4.638'. [ 213.783900][ T5912] usb usb4-port1: attempt power cycle [ 214.123523][ T8131] netlink: 80 bytes leftover after parsing attributes in process `syz.2.645'. [ 214.140446][ T5912] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 214.188938][ T5912] usb 4-1: device descriptor read/8, error -71 [ 214.449670][ T5912] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 214.469650][ T5912] usb 4-1: device descriptor read/8, error -71 [ 214.511684][ T5846] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 214.518855][ T8137] netlink: 'syz.4.642': attribute type 10 has an invalid length. [ 214.530737][ T8137] fuse: Bad value for 'group_id' [ 214.530758][ T8137] fuse: Bad value for 'group_id' [ 214.580640][ T5912] usb usb4-port1: unable to enumerate USB device [ 214.678965][ T5846] usb 3-1: Using ep0 maxpacket: 8 [ 214.713721][ T5846] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 214.713746][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.713758][ T5846] usb 3-1: Product: syz [ 214.713766][ T5846] usb 3-1: Manufacturer: syz [ 214.713775][ T5846] usb 3-1: SerialNumber: syz [ 214.716117][ T5846] usb 3-1: config 0 descriptor?? [ 214.723834][ T5846] gspca_main: se401-2.14.0 probing 047d:5003 [ 215.059999][ T994] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 215.249196][ T994] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.341706][ T5846] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 215.355027][ T994] usb 1-1: config 0 has no interfaces? [ 215.371977][ T5846] se401 3-1:0.0: probe with driver se401 failed with error -71 [ 215.400081][ T994] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 215.432493][ T5846] usb 3-1: USB disconnect, device number 30 [ 215.441546][ T994] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.481058][ T994] usb 1-1: config 0 descriptor?? [ 215.687425][ T8155] netlink: 36 bytes leftover after parsing attributes in process `syz.3.652'. [ 215.714444][ T994] usb 1-1: USB disconnect, device number 35 [ 216.207886][ T8167] FAULT_INJECTION: forcing a failure. [ 216.207886][ T8167] name failslab, interval 1, probability 0, space 0, times 0 [ 216.295530][ T8167] CPU: 1 UID: 0 PID: 8167 Comm: syz.4.657 Not tainted syzkaller #0 PREEMPT(full) [ 216.295555][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 216.295565][ T8167] Call Trace: [ 216.295584][ T8167] [ 216.295592][ T8167] dump_stack_lvl+0xe8/0x150 [ 216.295635][ T8167] should_fail_ex+0x412/0x560 [ 216.295668][ T8167] should_failslab+0xa8/0x100 [ 216.295695][ T8167] __kmalloc_cache_noprof+0x88/0x660 [ 216.295718][ T8167] ? sctp_auth_set_key+0x1bd/0x930 [ 216.295747][ T8167] sctp_auth_set_key+0x1bd/0x930 [ 216.295769][ T8167] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 216.295801][ T8167] sctp_setsockopt_auth_key+0x399/0x640 [ 216.295826][ T8167] sctp_setsockopt+0x52d/0x12c0 [ 216.295849][ T8167] ? sock_common_setsockopt+0x36/0xc0 [ 216.295874][ T8167] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 216.295899][ T8167] do_sock_setsockopt+0x17c/0x1b0 [ 216.295921][ T8167] __x64_sys_setsockopt+0x13d/0x1b0 [ 216.295941][ T8167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.295955][ T8167] do_syscall_64+0x15f/0xf80 [ 216.295969][ T8167] ? clear_bhb_loop+0x40/0x90 [ 216.295981][ T8167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.295997][ T8167] RIP: 0033:0x7f37f219cdd9 [ 216.296014][ T8167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.296028][ T8167] RSP: 002b:00007f37f2faa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 216.296047][ T8167] RAX: ffffffffffffffda RBX: 00007f37f2415fa0 RCX: 00007f37f219cdd9 [ 216.296060][ T8167] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003 [ 216.296071][ T8167] RBP: 00007f37f2faa090 R08: 0000000000000009 R09: 0000000000000000 [ 216.296081][ T8167] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 216.296090][ T8167] R13: 00007f37f2416038 R14: 00007f37f2415fa0 R15: 00007f37f253fa48 [ 216.296105][ T8167] [ 216.806354][ T8179] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 216.916573][ T8184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.953172][ T8184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.643420][ T8190] netlink: 36 bytes leftover after parsing attributes in process `syz.0.663'. [ 218.159346][ T5846] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 218.319192][ T5846] usb 5-1: Using ep0 maxpacket: 8 [ 218.340344][ T5846] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 218.367631][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.390661][ T5846] usb 5-1: Product: syz [ 218.411254][ T5846] usb 5-1: Manufacturer: syz [ 218.426875][ T5846] usb 5-1: SerialNumber: syz [ 218.456197][ T5846] usb 5-1: config 0 descriptor?? [ 218.486203][ T5846] gspca_main: se401-2.14.0 probing 047d:5003 [ 218.738879][ T8209] FAULT_INJECTION: forcing a failure. [ 218.738879][ T8209] name failslab, interval 1, probability 0, space 0, times 0 [ 218.760099][ T5891] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 218.763261][ T8209] CPU: 1 UID: 0 PID: 8209 Comm: syz.0.671 Not tainted syzkaller #0 PREEMPT(full) [ 218.763285][ T8209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 218.763295][ T8209] Call Trace: [ 218.763302][ T8209] [ 218.763310][ T8209] dump_stack_lvl+0xe8/0x150 [ 218.763342][ T8209] should_fail_ex+0x412/0x560 [ 218.763377][ T8209] should_failslab+0xa8/0x100 [ 218.763401][ T8209] __kmalloc_noprof+0xe8/0x760 [ 218.763422][ T8209] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 218.763448][ T8209] tomoyo_realpath_from_path+0xe3/0x5d0 [ 218.763469][ T8209] ? tomoyo_domain+0xd7/0x130 [ 218.763492][ T8209] ? tomoyo_path_number_perm+0x219/0x630 [ 218.763517][ T8209] tomoyo_path_number_perm+0x246/0x630 [ 218.763544][ T8209] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 218.763567][ T8209] ? __lock_acquire+0x6b5/0x2cf0 [ 218.763605][ T8209] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 218.763647][ T8209] ? __fget_files+0x2a/0x420 [ 218.763667][ T8209] ? __fget_files+0x2a/0x420 [ 218.763688][ T8209] ? __fget_files+0x3a0/0x420 [ 218.763703][ T8209] ? __fget_files+0x2a/0x420 [ 218.763724][ T8209] security_file_ioctl+0xc3/0x2a0 [ 218.763749][ T8209] __se_sys_ioctl+0x47/0x170 [ 218.763771][ T8209] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.763790][ T8209] do_syscall_64+0x15f/0xf80 [ 218.763811][ T8209] ? trace_irq_disable+0x3b/0x140 [ 218.763833][ T8209] ? clear_bhb_loop+0x40/0x90 [ 218.763854][ T8209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.763871][ T8209] RIP: 0033:0x7f8dcc59cdd9 [ 218.763887][ T8209] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 218.763901][ T8209] RSP: 002b:00007f8dca7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.763919][ T8209] RAX: ffffffffffffffda RBX: 00007f8dcc815fa0 RCX: 00007f8dcc59cdd9 [ 218.763932][ T8209] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 218.763942][ T8209] RBP: 00007f8dca7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 218.763953][ T8209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.763963][ T8209] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 218.763992][ T8209] [ 218.764019][ T8209] ERROR: Out of memory at tomoyo_realpath_from_path. [ 219.089139][ T5891] usb 3-1: Using ep0 maxpacket: 8 [ 219.097583][ T5891] usb 3-1: unable to get BOS descriptor or descriptor too short [ 219.112351][ T5891] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.134298][ T5891] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 219.149273][ T5891] usb 3-1: config 1 interface 0 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 219.161439][ T5891] usb 3-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 219.181018][ T5891] usb 3-1: New USB device found, idVendor=0a92, idProduct=1020, bcdDevice= 0.40 [ 219.191494][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.200664][ T5891] usb 3-1: Product: syz [ 219.209379][ T5891] usb 3-1: Manufacturer: syz [ 219.214323][ T5891] usb 3-1: SerialNumber: syz [ 219.295918][ T29] audit: type=1326 audit(1777029253.179:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.344529][ T29] audit: type=1326 audit(1777029253.179:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.376241][ T8212] netlink: 'syz.0.672': attribute type 4 has an invalid length. [ 219.412592][ T29] audit: type=1326 audit(1777029253.179:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.476694][ T29] audit: type=1326 audit(1777029253.179:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.477027][ T5891] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 219.509594][ T8212] netlink: 'syz.0.672': attribute type 4 has an invalid length. [ 219.544059][ T29] audit: type=1326 audit(1777029253.179:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.601223][ T29] audit: type=1326 audit(1777029253.179:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.623647][ T29] audit: type=1326 audit(1777029253.179:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.647215][ T29] audit: type=1326 audit(1777029253.199:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.689554][ T29] audit: type=1326 audit(1777029253.199:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.713259][ T5846] gspca_se401: write req failed req 0x57 val 0x00 error -110 [ 219.721603][ T5846] se401 5-1:0.0: probe with driver se401 failed with error -110 [ 219.730808][ T29] audit: type=1326 audit(1777029253.209:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8211 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8dcc59cdd9 code=0x7ffc0000 [ 219.874473][ T5891] usb 3-1: USB disconnect, device number 31 [ 220.048919][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 220.233638][ T8225] ALSA: seq fatal error: cannot create timer (-19) [ 220.254587][ T8228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.267373][ T8228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.379361][ T5925] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 220.467059][ T8237] netlink: 28 bytes leftover after parsing attributes in process `syz.2.682'. [ 220.486093][ T8225] fuse: Unknown parameter '00000000000000000007' [ 220.539151][ T5925] usb 1-1: Using ep0 maxpacket: 16 [ 220.545790][ T5925] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 220.557142][ T5925] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 220.567335][ T5925] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 220.918371][ T5912] usb 5-1: USB disconnect, device number 19 [ 221.008111][ T8247] binder: 8242:8247 ioctl 4018620d 0 returned -22 [ 221.555607][ T8255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.687'. [ 221.726829][ T8260] netlink: 'syz.3.689': attribute type 16 has an invalid length. [ 221.742906][ T8260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.689'. [ 221.869258][ T5891] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 222.030803][ T5891] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 222.054593][ T5891] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 222.074006][ T5891] usb 3-1: New USB device found, idVendor=2a39, idProduct=3f8c, bcdDevice= 0.40 [ 222.085123][ T5891] usb 3-1: New USB device strings: Mfr=3, Product=2, SerialNumber=3 [ 222.106825][ T5891] usb 3-1: Product: syz [ 222.115105][ T5891] usb 3-1: Manufacturer: syz [ 222.133756][ T5891] usb 3-1: SerialNumber: syz [ 222.259218][ T5912] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 222.407515][ T5891] usb 3-1: cannot find UAC_HEADER [ 222.441463][ T5912] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.469040][ T5912] usb 4-1: config 0 has no interfaces? [ 222.485787][ T5912] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 222.524766][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.534948][ T5891] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 222.554567][ T5891] usb 3-1: USB disconnect, device number 32 [ 222.573089][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.693'. [ 222.589798][ T5912] usb 4-1: config 0 descriptor?? [ 222.616309][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.693'. [ 222.634236][ T6390] udevd[6390]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 222.838899][ T5926] usb 4-1: USB disconnect, device number 41 [ 223.116619][ T5925] usb 1-1: string descriptor 0 read error: -71 [ 223.135000][ T5925] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 223.188901][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.218357][ T5925] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 223.251007][ T5925] usb 1-1: no configuration chosen from 1 choice [ 223.285186][ T5925] usb 1-1: USB disconnect, device number 36 [ 223.391544][ T8281] netlink: 28 bytes leftover after parsing attributes in process `syz.4.696'. [ 223.429223][ T5926] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 223.575429][ T8247] syz.1.684 (8247): drop_caches: 2 [ 223.589422][ T5926] usb 3-1: Using ep0 maxpacket: 8 [ 223.621423][ T5925] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 223.635900][ T5926] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.659018][ T5926] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 223.668324][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.683005][ T5926] usb 3-1: config 0 descriptor?? [ 223.700397][ T5926] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 223.782300][ T8288] netlink: 'syz.1.699': attribute type 21 has an invalid length. [ 223.791006][ T8288] netlink: 132 bytes leftover after parsing attributes in process `syz.1.699'. [ 223.800498][ T5925] usb 1-1: Using ep0 maxpacket: 8 [ 223.811619][ T5925] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 223.820819][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.828814][ T5925] usb 1-1: Product: syz [ 223.836070][ T5925] usb 1-1: Manufacturer: syz [ 223.840903][ T5925] usb 1-1: SerialNumber: syz [ 223.848347][ T5925] usb 1-1: config 0 descriptor?? [ 223.857927][ T5925] gspca_main: se401-2.14.0 probing 047d:5003 [ 224.359174][ T5926] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 224.511502][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.522743][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.532954][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 224.546130][ T5926] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 224.555333][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.567281][ T5926] usb 4-1: config 0 descriptor?? [ 224.658454][ T8299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.668676][ T8299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.992573][ T5926] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 225.139526][ T5925] gspca_se401: write req failed req 0x57 val 0x00 error -110 [ 225.148136][ T5925] se401 1-1:0.0: probe with driver se401 failed with error -110 [ 225.619243][ T8318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.644825][ T8318] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.231735][ T5846] usb 1-1: USB disconnect, device number 37 [ 226.258312][ T24] usb 3-1: USB disconnect, device number 33 [ 226.326759][ C1] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1 [ 226.405270][ T8329] netlink: 28 bytes leftover after parsing attributes in process `syz.2.711'. [ 226.549879][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 226.549895][ T29] audit: type=1326 audit(1777029260.439:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.579208][ T29] audit: type=1326 audit(1777029260.439:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.604649][ T8335] netlink: 52 bytes leftover after parsing attributes in process `syz.4.712'. [ 226.615362][ T29] audit: type=1326 audit(1777029260.489:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.651561][ T29] audit: type=1326 audit(1777029260.489:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.675062][ T29] audit: type=1326 audit(1777029260.489:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.698399][ T29] audit: type=1326 audit(1777029260.489:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.720953][ T29] audit: type=1326 audit(1777029260.489:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.743509][ T29] audit: type=1326 audit(1777029260.489:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.766956][ T29] audit: type=1326 audit(1777029260.489:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.789814][ T29] audit: type=1326 audit(1777029260.489:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37f219cdd9 code=0x7ffc0000 [ 226.995139][ T8344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.006160][ T8344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.162999][ T5926] usb 4-1: USB disconnect, device number 42 [ 227.247106][ T8344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.305478][ T8344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.537260][ T8363] netlink: 48 bytes leftover after parsing attributes in process `syz.4.721'. [ 227.672422][ T5926] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 227.900879][ T5926] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.927471][ T5926] usb 4-1: config 0 has no interfaces? [ 227.948644][ T5926] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 228.013882][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.057803][ T5926] usb 4-1: config 0 descriptor?? [ 228.287965][ T5926] usb 4-1: USB disconnect, device number 43 [ 228.639210][ T24] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 228.784680][ T8380] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 228.807122][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.835711][ T24] usb 5-1: config 1 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 228.849578][ T24] usb 5-1: config 1 interface 0 has no altsetting 0 [ 228.859680][ T24] usb 5-1: string descriptor 0 read error: -22 [ 228.866531][ T24] usb 5-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.40 [ 228.883387][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.915153][ T24] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 229.058908][ T8390] netlink: 52 bytes leftover after parsing attributes in process `syz.1.731'. [ 229.269175][ T5926] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 229.431269][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.453782][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.464709][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 229.482435][ T5926] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 229.492728][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.524007][ T5926] usb 4-1: config 0 descriptor?? [ 229.792629][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.806768][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.816197][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.826870][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.863713][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.904482][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.923815][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.933387][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.944202][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.956306][ T8397] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 229.970726][ T8404] netlink: 48 bytes leftover after parsing attributes in process `syz.2.735'. [ 229.980120][ T5926] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 230.291111][ T8415] netlink: 32 bytes leftover after parsing attributes in process `syz.0.739'. [ 231.186575][ C0] plantronics 0003:047F:FFFF.0007: usb_submit_urb(ctrl) failed: -1 [ 231.221067][ T5925] usb 4-1: USB disconnect, device number 44 [ 231.410962][ T5926] usb 5-1: USB disconnect, device number 20 [ 231.618279][ T8434] ALSA: seq fatal error: cannot create timer (-19) [ 231.816077][ T8434] fuse: Unknown parameter '00000000000000000007' [ 231.867630][ T8439] netlink: 52 bytes leftover after parsing attributes in process `syz.0.746'. [ 232.842517][ T8450] snd_aloop snd_aloop.0: control 5:6:4:syz1:-2147483647 is already present [ 233.073897][ T8456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.751'. [ 233.610286][ T994] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 233.789223][ T994] usb 5-1: Using ep0 maxpacket: 32 [ 233.799369][ T994] usb 5-1: config 3 has an invalid interface number: 249 but max is 0 [ 233.840628][ T994] usb 5-1: config 3 has no interface number 0 [ 233.867090][ T994] usb 5-1: config 3 interface 249 has no altsetting 0 [ 234.026601][ T994] usb 5-1: New USB device found, idVendor=0cf3, idProduct=b003, bcdDevice=bf.24 [ 234.066293][ T994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.113134][ T994] usb 5-1: Product: syz [ 234.124347][ T994] usb 5-1: Manufacturer: syz [ 234.139466][ T994] usb 5-1: SerialNumber: syz [ 234.597830][ T8461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.409253][ T5926] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 235.615755][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.650806][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.672100][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.696499][ T5926] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.731139][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.815985][ T5926] usb 4-1: config 0 descriptor?? [ 235.943540][ T8487] netlink: 52 bytes leftover after parsing attributes in process `syz.2.758'. [ 236.043303][ T8426] Set syz1 is full, maxelem 65536 reached [ 236.306290][ T5926] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 236.492814][ T8492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.532104][ T8492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.610652][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.760'. [ 237.042609][ T8498] fuse: Bad value for 'group_id' [ 237.049591][ T8498] fuse: Bad value for 'group_id' [ 237.063335][ T8498] validate_nla: 23 callbacks suppressed [ 237.063356][ T8498] netlink: 'syz.2.762': attribute type 10 has an invalid length. [ 237.092877][ T8498] bond0: (slave wlan1): Opening slave failed [ 237.119725][ T8497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.549434][ C0] plantronics 0003:047F:FFFF.0008: usb_submit_urb(ctrl) failed: -1 [ 237.636919][ T994] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones [ 237.654681][ T994] usb 5-1: USB disconnect, device number 21 [ 237.759748][ T5846] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 237.919175][ T5846] usb 1-1: Using ep0 maxpacket: 8 [ 237.927240][ T5846] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 237.940738][ T5846] usb 1-1: config 0 has no interface number 0 [ 237.949523][ T5846] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 237.960937][ T5846] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 237.973314][ T5846] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 17528, setting to 1024 [ 237.984860][ T5846] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 237.998548][ T5846] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 238.041593][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.082489][ T5846] usb 1-1: config 0 descriptor?? [ 238.111746][ T8511] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 238.146113][ T5846] ldusb 1-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 238.322961][ T5891] usb 4-1: USB disconnect, device number 45 [ 238.361359][ T8525] netlink: 52 bytes leftover after parsing attributes in process `syz.4.771'. [ 238.396929][ T10] usb 1-1: USB disconnect, device number 38 [ 238.438403][ T10] ldusb 1-1:0.55: LD USB Device #1 now disconnected [ 238.590844][ T8531] ipvlan2: entered promiscuous mode [ 238.612463][ T8531] bridge0: port 3(ipvlan2) entered blocking state [ 238.624930][ T8531] bridge0: port 3(ipvlan2) entered disabled state [ 238.635094][ T8531] ipvlan2: entered allmulticast mode [ 238.643759][ T8531] bridge0: entered allmulticast mode [ 238.653960][ T8531] ipvlan2: left allmulticast mode [ 238.659922][ T8531] bridge0: left allmulticast mode [ 238.696952][ T8533] tipc: Started in network mode [ 238.702043][ T8533] tipc: Node identity 6a28b328055c, cluster identity 4711 [ 238.711202][ T8533] tipc: Enabled bearer , priority 0 [ 238.718721][ T8533] syzkaller0: entered promiscuous mode [ 238.724273][ T8533] syzkaller0: entered allmulticast mode [ 238.760372][ T8533] tipc: Resetting bearer [ 238.769958][ T8532] tipc: Resetting bearer [ 238.787004][ T8532] tipc: Disabling bearer [ 238.886858][ T8536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.900014][ T8536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.023011][ T8543] FAULT_INJECTION: forcing a failure. [ 239.023011][ T8543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.037030][ T8543] CPU: 1 UID: 0 PID: 8543 Comm: syz.0.778 Not tainted syzkaller #0 PREEMPT(full) [ 239.037045][ T8543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 239.037060][ T8543] Call Trace: [ 239.037065][ T8543] [ 239.037070][ T8543] dump_stack_lvl+0xe8/0x150 [ 239.037090][ T8543] should_fail_ex+0x412/0x560 [ 239.037109][ T8543] _copy_to_user+0x31/0xb0 [ 239.037123][ T8543] simple_read_from_buffer+0xe1/0x170 [ 239.037136][ T8543] proc_fail_nth_read+0x1bb/0x230 [ 239.037149][ T8543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.037161][ T8543] ? rw_verify_area+0x2a6/0x4d0 [ 239.037174][ T8543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.037185][ T8543] vfs_read+0x20c/0xa70 [ 239.037199][ T8543] ? __pfx___mutex_lock+0x10/0x10 [ 239.037214][ T8543] ? __pfx_vfs_read+0x10/0x10 [ 239.037226][ T8543] ? __fget_files+0x2a/0x420 [ 239.037238][ T8543] ? __fget_files+0x3a0/0x420 [ 239.037247][ T8543] ? __fget_files+0x2a/0x420 [ 239.037261][ T8543] ksys_read+0x150/0x270 [ 239.037273][ T8543] ? __pfx_ksys_read+0x10/0x10 [ 239.037284][ T8543] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 239.037300][ T8543] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.037310][ T8543] do_syscall_64+0x15f/0xf80 [ 239.037323][ T8543] ? trace_irq_disable+0x3b/0x140 [ 239.037337][ T8543] ? clear_bhb_loop+0x40/0x90 [ 239.037350][ T8543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.037360][ T8543] RIP: 0033:0x7f8dcc55d60e [ 239.037370][ T8543] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 239.037378][ T8543] RSP: 002b:00007f8dca7f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 239.037390][ T8543] RAX: ffffffffffffffda RBX: 00007f8dca7f66c0 RCX: 00007f8dcc55d60e [ 239.037397][ T8543] RDX: 000000000000000f RSI: 00007f8dca7f60a0 RDI: 0000000000000004 [ 239.037403][ T8543] RBP: 00007f8dca7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 239.037409][ T8543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.037415][ T8543] R13: 00007f8dcc816038 R14: 00007f8dcc815fa0 R15: 00007f8dcc93fa48 [ 239.037430][ T8543] [ 239.309193][ T5891] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 239.320899][ T5926] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 239.334474][ T8546] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 239.460132][ T5891] usb 3-1: device descriptor read/64, error -71 [ 239.477533][ T8549] x_tables: duplicate underflow at hook 4 [ 239.485174][ T5926] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.496480][ T5926] usb 4-1: config 0 has no interfaces? [ 239.502340][ T5926] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 239.511773][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.522649][ T5926] usb 4-1: config 0 descriptor?? [ 239.599215][ T10] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 239.696044][ T8553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.706070][ T5891] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 239.715609][ T8553] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.750673][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 239.760737][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.773918][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 239.784148][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.839225][ T5891] usb 3-1: device descriptor read/64, error -71 [ 239.949711][ T5891] usb usb3-port1: attempt power cycle [ 239.997324][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 240.003037][ T10] usbtmc 1-1:16.0: can't read capabilities [ 240.214277][ T8547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.779'. [ 240.228738][ T5846] usb 1-1: USB disconnect, device number 39 [ 240.290186][ T5891] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 240.322744][ T5891] usb 3-1: device descriptor read/8, error -71 [ 240.579374][ T5891] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 240.601566][ T5891] usb 3-1: device descriptor read/8, error -71 [ 240.721110][ T5891] usb usb3-port1: unable to enumerate USB device [ 241.262019][ T8571] block device autoloading is deprecated and will be removed. [ 241.644520][ T8583] loop2: detected capacity change from 0 to 7 [ 241.682324][ T8583] Dev loop2: unable to read RDB block 7 [ 241.710867][ T8583] loop2: AHDI p1 p2 p3 [ 241.729647][ T8583] loop2: partition table partially beyond EOD, truncated [ 241.748540][ T8583] loop2: p1 start 1818582900 is beyond EOD, truncated [ 241.774684][ T8583] loop2: p3 start 335544320 is beyond EOD, truncated [ 242.112138][ T8589] FAULT_INJECTION: forcing a failure. [ 242.112138][ T8589] name failslab, interval 1, probability 0, space 0, times 0 [ 242.139036][ T5935] usb 4-1: USB disconnect, device number 46 [ 242.169825][ T8590] netlink: 52 bytes leftover after parsing attributes in process `syz.1.790'. [ 242.189530][ T8589] CPU: 1 UID: 0 PID: 8589 Comm: syz.4.792 Not tainted syzkaller #0 PREEMPT(full) [ 242.189555][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 242.189565][ T8589] Call Trace: [ 242.189573][ T8589] [ 242.189581][ T8589] dump_stack_lvl+0xe8/0x150 [ 242.189613][ T8589] should_fail_ex+0x412/0x560 [ 242.189646][ T8589] should_failslab+0xa8/0x100 [ 242.189671][ T8589] __kmalloc_cache_noprof+0x88/0x660 [ 242.189695][ T8589] ? nl80211_prepare_wdev_dump+0x2c3/0x6a0 [ 242.189719][ T8589] ? stack_trace_save+0xa9/0x100 [ 242.189746][ T8589] nl80211_prepare_wdev_dump+0x2c3/0x6a0 [ 242.189776][ T8589] nl80211_dump_station+0x186/0xdb0 [ 242.189797][ T8589] ? kasan_save_track+0x3e/0x80 [ 242.189817][ T8589] ? __kasan_kmalloc+0x93/0xb0 [ 242.189836][ T8589] ? __kmalloc_node_track_caller_noprof+0x4db/0x7b0 [ 242.189858][ T8589] ? __alloc_skb+0x2c1/0x7d0 [ 242.189874][ T8589] ? __netlink_dump_start+0x5cb/0x7e0 [ 242.189898][ T8589] ? genl_family_rcv_msg_dumpit+0x213/0x310 [ 242.189922][ T8589] ? genl_rcv+0x28/0x40 [ 242.189940][ T8589] ? netlink_unicast+0x75c/0x8e0 [ 242.189962][ T8589] ? netlink_sendmsg+0x813/0xb40 [ 242.189978][ T8589] ? ____sys_sendmsg+0x972/0x9f0 [ 242.189995][ T8589] ? ___sys_sendmsg+0x2a5/0x360 [ 242.190016][ T8589] ? __pfx_nl80211_dump_station+0x10/0x10 [ 242.190071][ T8589] ? trace_kmalloc+0x2a/0xf0 [ 242.190095][ T8589] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0 [ 242.190127][ T8589] genl_dumpit+0x10b/0x1b0 [ 242.190153][ T8589] netlink_dump+0x702/0xe10 [ 242.190188][ T8589] ? __pfx_netlink_dump+0x10/0x10 [ 242.190224][ T8589] ? genl_start+0x499/0x6c0 [ 242.190251][ T8589] __netlink_dump_start+0x5cb/0x7e0 [ 242.190286][ T8589] genl_family_rcv_msg_dumpit+0x213/0x310 [ 242.190312][ T8589] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 242.190344][ T8589] ? genl_get_cmd+0x82e/0x960 [ 242.190370][ T8589] ? __pfx_genl_start+0x10/0x10 [ 242.190389][ T8589] ? __pfx_genl_dumpit+0x10/0x10 [ 242.190408][ T8589] ? __pfx_genl_done+0x10/0x10 [ 242.190441][ T8589] genl_rcv_msg+0x5e8/0x7a0 [ 242.190468][ T8589] ? __pfx_genl_rcv_msg+0x10/0x10 [ 242.190488][ T8589] ? __pfx_nl80211_dump_station+0x10/0x10 [ 242.190510][ T8589] ? __pfx_ref_tracker_free+0x10/0x10 [ 242.190527][ T8589] ? __asan_memcpy+0x40/0x70 [ 242.190543][ T8589] ? __skb_clone+0x63/0x7a0 [ 242.190571][ T8589] netlink_rcv_skb+0x232/0x4b0 [ 242.190597][ T8589] ? __pfx_genl_rcv_msg+0x10/0x10 [ 242.190620][ T8589] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 242.190657][ T8589] ? down_read+0x270/0x2e0 [ 242.190680][ T8589] ? genl_rcv+0xd/0x40 [ 242.190701][ T8589] genl_rcv+0x28/0x40 [ 242.190720][ T8589] netlink_unicast+0x75c/0x8e0 [ 242.190754][ T8589] netlink_sendmsg+0x813/0xb40 [ 242.190780][ T8589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.190801][ T8589] ? aa_sock_msg_perm+0xf1/0x1b0 [ 242.190821][ T8589] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 242.190845][ T8589] ____sys_sendmsg+0x972/0x9f0 [ 242.190864][ T8589] ? __might_fault+0xaf/0x130 [ 242.190891][ T8589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 242.190918][ T8589] ? import_iovec+0x73/0xa0 [ 242.190939][ T8589] ___sys_sendmsg+0x2a5/0x360 [ 242.190957][ T8589] ? __lock_acquire+0x6b5/0x2cf0 [ 242.190983][ T8589] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.191030][ T8589] ? __fget_files+0x2a/0x420 [ 242.191047][ T8589] ? __fget_files+0x3a0/0x420 [ 242.191074][ T8589] __x64_sys_sendmsg+0x1bd/0x2a0 [ 242.191096][ T8589] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 242.191123][ T8589] ? __pfx_ksys_write+0x10/0x10 [ 242.191152][ T8589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.191172][ T8589] do_syscall_64+0x15f/0xf80 [ 242.191194][ T8589] ? trace_irq_disable+0x3b/0x140 [ 242.191217][ T8589] ? clear_bhb_loop+0x40/0x90 [ 242.191239][ T8589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.191257][ T8589] RIP: 0033:0x7f37f219cdd9 [ 242.191274][ T8589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 242.191289][ T8589] RSP: 002b:00007f37f2faa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.191309][ T8589] RAX: ffffffffffffffda RBX: 00007f37f2415fa0 RCX: 00007f37f219cdd9 [ 242.191329][ T8589] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 242.191340][ T8589] RBP: 00007f37f2faa090 R08: 0000000000000000 R09: 0000000000000000 [ 242.191351][ T8589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.191362][ T8589] R13: 00007f37f2416038 R14: 00007f37f2415fa0 R15: 00007f37f253fa48 [ 242.191391][ T8589] [ 242.849521][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 242.849538][ T29] audit: type=1800 audit(1777029276.729:273): pid=8594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.793" name="bus" dev="tmpfs" ino=811 res=0 errno=0 [ 242.971117][ T8602] snd_aloop snd_aloop.0: control 5:6:4:syz1:-2147483647 is already present [ 243.066211][ T8607] netlink: 88 bytes leftover after parsing attributes in process `syz.1.796'. [ 243.219473][ T5899] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 243.299555][ T10] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 243.389586][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 243.407931][ T5899] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.428081][ T5899] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 243.448432][ T5899] usb 5-1: config 0 interface 0 has no altsetting 0 [ 243.458536][ T5899] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 243.469920][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 243.480142][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 243.493674][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.506436][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 243.525369][ T5899] usb 5-1: config 0 descriptor?? [ 243.534692][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.772995][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 243.780558][ T10] usbtmc 1-1:16.0: can't read capabilities [ 243.833746][ T8600] [ 243.836109][ T8600] ============================================ [ 243.842250][ T8600] WARNING: possible recursive locking detected [ 243.848402][ T8600] syzkaller #0 Not tainted [ 243.852807][ T8600] -------------------------------------------- [ 243.858964][ T8600] syz.4.795/8600 is trying to acquire lock: [ 243.864844][ T8600] ffffffff8f3cffb0 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 243.875019][ T8600] [ 243.875019][ T8600] but task is already holding lock: [ 243.882376][ T8600] ffffffff8f3cffb0 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 243.892642][ T8600] [ 243.892642][ T8600] other info that might help us debug this: [ 243.900699][ T8600] Possible unsafe locking scenario: [ 243.900699][ T8600] [ 243.908141][ T8600] CPU0 [ 243.911416][ T8600] ---- [ 243.914686][ T8600] lock(qp_broker_list.mutex); [ 243.919620][ T8600] lock(qp_broker_list.mutex); [ 243.924478][ T8600] [ 243.924478][ T8600] *** DEADLOCK *** [ 243.924478][ T8600] [ 243.932613][ T8600] May be due to missing lock nesting notation [ 243.932613][ T8600] [ 243.940931][ T8600] 1 lock held by syz.4.795/8600: [ 243.945863][ T8600] #0: ffffffff8f3cffb0 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf20 [ 243.956503][ T8600] [ 243.956503][ T8600] stack backtrace: [ 243.962388][ T8600] CPU: 1 UID: 0 PID: 8600 Comm: syz.4.795 Not tainted syzkaller #0 PREEMPT(full) [ 243.962413][ T8600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 243.962426][ T8600] Call Trace: [ 243.962435][ T8600] [ 243.962440][ T8600] dump_stack_lvl+0xe8/0x150 [ 243.962461][ T8600] print_deadlock_bug+0x279/0x290 [ 243.962474][ T8600] __lock_acquire+0x253f/0x2cf0 [ 243.962493][ T8600] ? is_bpf_text_address+0x292/0x2b0 [ 243.962521][ T8600] ? is_bpf_text_address+0x26/0x2b0 [ 243.962551][ T8600] ? kernel_text_address+0xa5/0xe0 [ 243.962576][ T8600] ? __kernel_text_address+0xd/0x30 [ 243.962593][ T8600] ? vmci_qp_broker_detach+0x117/0xf20 [ 243.962607][ T8600] lock_acquire+0x106/0x350 [ 243.962621][ T8600] ? vmci_qp_broker_detach+0x117/0xf20 [ 243.962637][ T8600] __mutex_lock+0x1a3/0x1550 [ 243.962658][ T8600] ? vmci_qp_broker_detach+0x117/0xf20 [ 243.962687][ T8600] ? kasan_save_track+0x4f/0x80 [ 243.962709][ T8600] ? kasan_save_track+0x3e/0x80 [ 243.962819][ T8600] ? kasan_save_free_info+0x46/0x50 [ 243.962847][ T8600] ? __kasan_slab_free+0x5c/0x80 [ 243.962871][ T8600] ? kfree+0x1c5/0x640 [ 243.962890][ T8600] ? vmci_ctx_put+0x5ef/0xc40 [ 243.962928][ T8600] ? vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 243.962942][ T8600] ? vmci_datagram_dispatch+0x450/0xc60 [ 243.962953][ T8600] ? vmci_qp_broker_detach+0x8dd/0xf20 [ 243.962969][ T8600] ? vmci_host_close+0x98/0x160 [ 243.962990][ T8600] ? vmci_qp_broker_detach+0x117/0xf20 [ 243.963017][ T8600] ? exit_to_user_mode_loop+0xed/0x480 [ 243.963049][ T8600] ? __pfx___mutex_lock+0x10/0x10 [ 243.963070][ T8600] vmci_qp_broker_detach+0x117/0xf20 [ 243.963087][ T8600] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 243.963101][ T8600] ? kasan_quarantine_put+0xbb/0x1f0 [ 243.963113][ T8600] ? lockdep_hardirqs_on+0x7a/0x110 [ 243.963136][ T8600] ? kfree+0x1c5/0x640 [ 243.963154][ T8600] ? vmci_ctx_put+0x5ef/0xc40 [ 243.963171][ T8600] ? vmci_ctx_put+0x141/0xc40 [ 243.963190][ T8600] vmci_ctx_put+0x64e/0xc40 [ 243.963207][ T8600] ? __pfx___schedule+0x10/0x10 [ 243.963220][ T8600] ? vmci_ctx_put+0x141/0xc40 [ 243.963230][ T8600] ? __pfx_vmci_ctx_put+0x10/0x10 [ 243.963239][ T8600] ? preempt_schedule_thunk+0x16/0x30 [ 243.963253][ T8600] ? preempt_schedule_common+0x82/0xd0 [ 243.963269][ T8600] vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 243.963291][ T8600] vmci_datagram_dispatch+0x450/0xc60 [ 243.963320][ T8600] ? __pfx_vmci_datagram_dispatch+0x10/0x10 [ 243.963345][ T8600] vmci_qp_broker_detach+0x8dd/0xf20 [ 243.963364][ T8600] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 243.963377][ T8600] ? kasan_quarantine_put+0xbb/0x1f0 [ 243.963389][ T8600] ? kfree+0x1c5/0x640 [ 243.963399][ T8600] ? vmci_ctx_put+0x5ef/0xc40 [ 243.963407][ T8600] ? vmci_ctx_put+0x141/0xc40 [ 243.963420][ T8600] vmci_ctx_put+0x64e/0xc40 [ 243.963439][ T8600] ? vmci_ctx_put+0x141/0xc40 [ 243.963458][ T8600] ? __pfx_vmci_ctx_put+0x10/0x10 [ 243.963483][ T8600] vmci_host_close+0x98/0x160 [ 243.963504][ T8600] ? __pfx_vmci_host_close+0x10/0x10 [ 243.963517][ T8600] __fput+0x44f/0xa60 [ 243.963529][ T8600] task_work_run+0x1d9/0x270 [ 243.963542][ T8600] ? __pfx_task_work_run+0x10/0x10 [ 243.963556][ T8600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.963571][ T8600] exit_to_user_mode_loop+0xed/0x480 [ 243.963599][ T8600] ? rcu_is_watching+0x15/0xb0 [ 243.963619][ T8600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.963639][ T8600] do_syscall_64+0x33e/0xf80 [ 243.963657][ T8600] ? trace_irq_disable+0x3b/0x140 [ 243.963670][ T8600] ? clear_bhb_loop+0x40/0x90 [ 243.963681][ T8600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.963691][ T8600] RIP: 0033:0x7f37f219cdd9 [ 243.963703][ T8600] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 243.963715][ T8600] RSP: 002b:00007f37f2f89028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 243.963736][ T8600] RAX: 0000000000000000 RBX: 00007f37f2416090 RCX: 00007f37f219cdd9 [ 243.963750][ T8600] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000006 [ 243.963764][ T8600] RBP: 00007f37f2232d69 R08: 0000000000000000 R09: 0000000000000000 [ 243.963777][ T8600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.963789][ T8600] R13: 00007f37f2416128 R14: 00007f37f2416090 R15: 00007f37f253fa48 [ 243.963804][ T8600] [ 244.408389][ T8626] syzkaller0: entered promiscuous mode [ 244.415365][ T8626] syzkaller0: entered allmulticast mode [ 244.724868][ T10] usb 1-1: USB disconnect, device number 40 [ 244.807172][ T5899] usbhid 5-1:0.0: can't add hid device: -71 [ 244.813616][ T5899] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 244.825360][ T5899] usb 5-1: USB disconnect, device number 22