last executing test programs: 33.993290577s ago: executing program 4 (id=1357): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000) fchdir(r1) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r3, &(0x7f00000000c0)=""/55, 0x37) lseek(r3, 0x3, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2e00, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000240)={0x1, 0x0, [{0xb, 0x4, 0x0, 0x7fff, 0x5}]}) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000080)) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00') lseek(r8, 0x8, 0x1) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0xf60, 0x6, 0x0, 0x5}, 'syz1\x00', 0x9}) ioctl$UI_SET_FFBIT(r4, 0x4004556b, 0x37) r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r9, 0x40045612, &(0x7f00000002c0)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r9, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x0, 0x1800002, {0x77359400}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) close_range(r9, r9, 0x0) ioctl$UI_DEV_CREATE(r4, 0x5501) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x8, 0x8000, 0x6}, 0x1c) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) 32.702461265s ago: executing program 4 (id=1364): ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, &(0x7f0000000040)={0x9de, 0xfffffffffffffffe, 0xd6, 0x1, 0x0, 0x800}) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000000)={&(0x7f0000000380)=[{0x1, 0xc401, 0x4f, &(0x7f0000000780)="2fa4aaca555c80e980979899f7a2e96c76e007198cf35a3e86a08a361ab693d4b578c5ca80b3dcebae4a9ec3d2084a95f036c2dab0a8e13b7f4757b2a22bf27639286b466ddcf6b2cae2a5a1d1fe21"}], 0x1}) syz_usb_control_io(r0, 0x0, &(0x7f0000000dc0)={0x84, &(0x7f0000000800)=ANY=[@ANYBLOB="20172f0000007fe5d6335ba65e10212144b14e94a75300589ca81697c3798a393e8574cbc3c3297b5983e14a9482171f22b6c20ab6cfc5c18d2c53f83907bc6827ae98ae7607f5b43db0a37e99901960c1f66aea52cb52b210a26218aa30156c24f4df61a2148f9749f472580d1bfed6095bed190f2b9ad1629a7becb4641cbd84fa2d49fa17c775096195bc201322048ed9eeaa9b3804295779a10b62168dcf0bafa7a705be110035c161770e0d2e53b9f66bef897428904ba086f68040fb2b318b41a429504ff7646277"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="400f01004400e6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 29.409130586s ago: executing program 4 (id=1375): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r2, 0x8800000) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r3) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r4, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f00000000c0)=0x6, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r3, r2, 0x0, 0x578410ed) sendmmsg$unix(r1, &(0x7f00000bd000), 0x83, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x3, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbac1414bb00000000000000000000000000000400100000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100020000000000000000000000004000"], 0xb8}}, 0x0) ioctl$VIDIOC_DBG_G_CHIP_INFO(0xffffffffffffffff, 0xc0c85666, &(0x7f00000005c0)={{0x1, @addr=0x1}, "522ec2c4dfdea0e049be106158e4f5aa2e9a2a24b978bb029b829364f1d8fecd", 0x1}) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) 28.435429872s ago: executing program 4 (id=1378): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r0, 0x8800000) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r1, r0, 0x0, 0x578410ed) 27.375227228s ago: executing program 4 (id=1383): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x10a, 0x2000000000000}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x98, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/184, 0xb8, 0x1, 0x2d}, @flat=@weak_handle={0x77682a85, 0x1000, 0x2}, @flat=@binder={0x73622a85, 0x101, 0x1}}, &(0x7f0000000040)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0}) 27.240830086s ago: executing program 4 (id=1384): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, 0x0, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}}) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYRES16=r0, @ANYRES16=0x0], 0x5c}, 0x1, 0x0, 0x0, 0x468d5}, 0x4044015) recvmmsg(r4, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/59, 0x3b}, {&(0x7f0000000380)=""/135, 0x87}], 0x2}, 0x2}], 0x1, 0x40000060, 0x0) socket(0x400000000010, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="3b007c05009e1d09a6fd00000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x1, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc04c560f, &(0x7f0000000280)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x100000, 0x1, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x5141, 0x1, {0x0}, 0x2, 0x20000000}) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000000), 0x4) 11.978006389s ago: executing program 32 (id=1384): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, 0x0, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}}) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYRES16=r0, @ANYRES16=0x0], 0x5c}, 0x1, 0x0, 0x0, 0x468d5}, 0x4044015) recvmmsg(r4, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/59, 0x3b}, {&(0x7f0000000380)=""/135, 0x87}], 0x2}, 0x2}], 0x1, 0x40000060, 0x0) socket(0x400000000010, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="3b007c05009e1d09a6fd00000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x1, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}}) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc04c560f, &(0x7f0000000280)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x100000, 0x1, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x5141, 0x1, {0x0}, 0x2, 0x20000000}) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000000), 0x4) 8.321017534s ago: executing program 1 (id=1459): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r1, 0x8800000) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f00000000c0)=0x6, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r3, 0x0, 0x0, 0x720, 0x0, 0x0) sendfile(r2, r1, 0x0, 0x578410ed) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2002, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x3, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbac1414bb00000000000000000000000000000400100000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100020000000000000000000000004000"], 0xb8}}, 0x0) 7.243963873s ago: executing program 1 (id=1460): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000001400), 0x13f}}, 0x20) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x48, 0x1, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x9}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x3}, @CTA_EXPECT_ID={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xf}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x40800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xc2a, 0x10100}, &(0x7f0000000180), &(0x7f0000000680)) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4004af61, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x7, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000010) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000030701"], 0x20}, 0x1, 0x0, 0x0, 0x4000011}, 0x20000000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r4, 0x8b1b, &(0x7f0000000040)) 5.759031635s ago: executing program 0 (id=1464): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000038000900000000000000000004000000040000000c"], 0x34}}, 0x0) 5.593427173s ago: executing program 0 (id=1465): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001300000400000000fbdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="001000000000000014001a80100405800c0008"], 0x34}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 5.243472305s ago: executing program 0 (id=1466): io_setup(0x7, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000000500000a30000000180a3f6d6f578dbe9c8b000002000000040003800900020073797a30000000000900010073797a300000000014000000020a010100000000000000000000000614000000110001a87769df72a734c0c47b7f03316980a48646a60dffcaa8a1804aa74fb6af4c2d30fb0c237a1211f28c323e8b4c1053272ed2fa1af5069546896df0c0fe0b3f845e50e8f679740e"], 0x6c}}, 0x880) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) setsockopt$sock_timeval(r3, 0x1, 0x42, &(0x7f0000000000)={r4, r5/1000+10000}, 0x8) (async) setsockopt$sock_timeval(r3, 0x1, 0x42, &(0x7f0000000000)={r4, r5/1000+10000}, 0x8) io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x1002, r2, &(0x7f0000001280)='3', 0x1, 0x0, 0x0, 0x1}, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x6, 0x4, r1, 0x0, 0x0, 0x7}]) r6 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x5, 0x0, 0x1, 0x1, 0xee5b7e5b1dfe46be}) socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_MPP(r9, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8200240}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x80c0}, 0x1) io_uring_enter(r6, 0x567, 0x0, 0x0, 0x0, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$vsock_stream(0x28, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) (async) socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r10, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r11, &(0x7f00000bd000), 0x318, 0x0) (async) sendmmsg$unix(r11, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'syztnl2\x00', 0x0}) sched_setattr(0x0, 0x0, 0x0) (async) sched_setattr(0x0, 0x0, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) 4.142767056s ago: executing program 3 (id=1468): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="0400"], 0x28}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000) fchdir(r1) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r3, &(0x7f00000000c0)=""/55, 0x37) lseek(r3, 0x3, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2e00, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000240)={0x1, 0x0, [{0xb, 0x4, 0x0, 0x7fff, 0x5}]}) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000080)) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00') lseek(r8, 0x8, 0x1) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0xf60, 0x6, 0x0, 0x5}, 'syz1\x00', 0x9}) ioctl$UI_SET_FFBIT(r4, 0x4004556b, 0x37) r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r9, 0x40045612, &(0x7f00000002c0)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r9, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x0, 0x1800002, {0x77359400}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) close_range(r9, r9, 0x0) ioctl$UI_DEV_CREATE(r4, 0x5501) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x8, 0x8000, 0x6}, 0x1c) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) 3.544797836s ago: executing program 3 (id=1469): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, 0x0, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0x19, &(0x7f000001f700)={@broadcast, @remote, @val={@val, {0x88a8}}, {@mpls_uc={0x88a8, {[], @llc={@llc={0x0, 0x0, "0e"}}}}}}, 0x0) 3.186676842s ago: executing program 3 (id=1471): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00', 0xc}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) writev(r1, &(0x7f00000004c0)=[{&(0x7f0000000140)="26eba9fdb4cbab48929e1af151000000000000000000000000000100", 0x1c}], 0x1) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0x3, 0x0, 0x0, '\x00', {0x0, 0x6, "00b295", 0x0, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @mcast1, [], "caa7c1b7f4c336af"}}}}}}}, 0x0) 3.016550077s ago: executing program 1 (id=1472): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r0, 0x8800000) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r1, r0, 0x0, 0x578410ed) 2.911271364s ago: executing program 3 (id=1473): sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc010) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x10001}]}, 0x44}, 0x1, 0x0, 0x0, 0x4805}, 0x20040090) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r1, 0x8b1b, &(0x7f0000000040)) 2.901500052s ago: executing program 2 (id=1474): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000140)={0x24, r2, 0x123, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x24}, 0x1, 0x0, 0x0, 0x4044054}, 0x44044) 2.82687153s ago: executing program 1 (id=1475): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001300000400000000fbdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="001000000000000014001a80100405800c0008"], 0x34}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 2.716114083s ago: executing program 3 (id=1476): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4008080, 0x0, 0x0) (fail_nth: 2) 2.627345614s ago: executing program 2 (id=1477): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) ftruncate(0xffffffffffffffff, 0x8800000) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r1, 0xffffffffffffffff, 0x0, 0x578410ed) 2.599842127s ago: executing program 1 (id=1478): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4004ae52, &(0x7f0000000040)=0x80000000) r5 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r5, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="014fb8deaac47d7e8d3f151eddbbf47a5c060956815552474029a2a3a48188ffc97d7bd9d6e3418e9d1b41ef6aba4e90be8113cf3e74bb4f52930191f6151de0ad624c99ca727cd1af73e8f45967643f8f"], 0x24}}, 0x48000) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000600)={0x12c, r6, 0x2, 0x70bd26, 0xffffff7f, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x27a}], @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5d}, @NL80211_ATTR_IE={0x83, 0x2a, [@measure_req={0x26, 0x30, {0x18, 0x7, 0x0, "e65130946cbfac5a2eea132ee4af56404b7d29bd8aea266f23088b1c22f672aa4706a1ce6398cc65004a6107b7"}}, @preq={0x82, 0x25, {{0x1, 0x1, 0x1}, 0x5, 0x9, 0x5, @device_a, 0x74db, @void, 0xd, 0x8, 0x1, [{{0x1}, @device_a, 0x3}]}}, @gcr_ga={0xbd, 0x6}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x2, 0x7c, 0x7f}}, @link_id={0x65, 0x12, {@random="0c00a401f4fd", @broadcast, @device_b}}, @ibss={0x6, 0x2, 0x3}]}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7fffffff}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_SSID={0x23, 0x34, @random="acf8c64d2aed210cd14445bfa2df92e47054ec1612e6ab6baa06fc31d98767"}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x40, 0x2, 0x6, 0x0, {0x0, 0x10, 0x0, 0xe, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x300, 0x200}}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) getsockopt$inet6_mtu(r7, 0x29, 0x17, &(0x7f0000000300), &(0x7f0000000340)=0x4) setsockopt$inet6_int(r7, 0x29, 0x21, &(0x7f0000000000)=0x80000003, 0x4) 2.168149659s ago: executing program 3 (id=1479): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000001400), 0x13f}}, 0x20) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x48, 0x1, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x9}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x3}, @CTA_EXPECT_ID={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xf}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x40800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xc2a, 0x10100}, &(0x7f0000000180), &(0x7f0000000680)) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4004af61, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x7, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000010) syz_clone3(&(0x7f00000005c0)={0x200000, &(0x7f0000000100), 0x0, &(0x7f0000000240), {0x8}, &(0x7f00000003c0)=""/209, 0xd1, &(0x7f00000004c0)=""/245, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000030701"], 0x20}, 0x1, 0x0, 0x0, 0x4000011}, 0x20000000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r3, 0x8b1b, &(0x7f0000000040)) 2.086969567s ago: executing program 0 (id=1480): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, 0x0, &(0x7f0000000040)) openat$cgroup_ro(r2, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0x19, &(0x7f000001f700)={@broadcast, @remote, @val={@val, {0x88a8}}, {@mpls_uc={0x88a8, {[], @llc={@llc={0x0, 0x0, "0e"}}}}}}, 0x0) 1.814581724s ago: executing program 0 (id=1481): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000003200)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)='R', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x44000) (fail_nth: 2) 1.297997586s ago: executing program 0 (id=1482): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000001400), 0x13f}}, 0x20) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x48, 0x1, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x9}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x3}, @CTA_EXPECT_ID={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xf}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x40800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xc2a, 0x10100}, &(0x7f0000000180), &(0x7f0000000680)) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4004af61, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x7, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000010) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000030701"], 0x20}, 0x1, 0x0, 0x0, 0x4000011}, 0x20000000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r4, 0x8b1b, &(0x7f0000000040)) 1.297688575s ago: executing program 2 (id=1483): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4008080, 0x0, 0x0) 881.25955ms ago: executing program 2 (id=1484): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r0, 0x8800000) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendfile(r1, r0, 0x0, 0x578410ed) 510.698401ms ago: executing program 2 (id=1485): sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0xc010) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x10001}]}, 0x44}, 0x1, 0x0, 0x0, 0x4805}, 0x20040090) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r1, 0x8b1b, &(0x7f0000000040)) 281.114568ms ago: executing program 2 (id=1486): r0 = socket$inet(0x2, 0x3, 0x6) fcntl$getflags(0xffffffffffffffff, 0x401) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000040)={0x3, "257beb"}, 0x4) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000380)={'syztnl2\x00', 0x0, 0x2100, 0x700, 0x10000, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x60, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote}}}}) ptrace$ARCH_SHSTK_ENABLE(0x1e, 0x0, 0x1, 0x5001) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0001110004"], 0xfdef) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x78, 0x18, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@nested={0x8, 0xc3, 0x0, 0x1, [@nested={0x4, 0xb5}]}, @typed={0x4, 0x35}, @generic="eb35c6c779951f425e2624d387a6c33868de654986cb3c23c00d564e23fdd18f99b2c7f50fb3513119a503535366cd693310ab9763ee736e40e81fe1beb0ade171be676233651ad0f0f277a2d20a18641002f6b45d73"]}, 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x14) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140affffffff00000000000002000009080003400000000a0900010073797a30000000000c000640000000000000000214000000020a010100000000000000000000000a14000000110001"], 0x70}}, 0x0) 0s ago: executing program 1 (id=1487): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001300000400000000fbdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="001000000000000014001a80100405800c0008"], 0x34}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) kernel console output (not intermixed with test programs): [ T9694] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 350.797533][ T9694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 350.797546][ T9694] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 350.797558][ T9694] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 350.797569][ T9694] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 350.797580][ T9694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 350.797606][ T9694] [ 351.014329][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 351.169920][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.180988][ T9] usb 2-1: New USB device found, idVendor=056e, idProduct=00ff, bcdDevice= 0.00 [ 351.192918][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.204201][ T9] usb 2-1: config 0 descriptor?? [ 351.290068][ T9700] input: syz1 as /devices/virtual/input/input65 [ 351.606323][ T9709] FAULT_INJECTION: forcing a failure. [ 351.606323][ T9709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.652525][ T9709] CPU: 0 UID: 0 PID: 9709 Comm: syz.0.1175 Tainted: G L syzkaller #0 PREEMPT(full) [ 351.652555][ T9709] Tainted: [L]=SOFTLOCKUP [ 351.652561][ T9709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 351.652572][ T9709] Call Trace: [ 351.652579][ T9709] [ 351.652586][ T9709] dump_stack_lvl+0xe8/0x150 [ 351.652617][ T9709] should_fail_ex+0x414/0x560 [ 351.652652][ T9709] _copy_from_user+0x2d/0xb0 [ 351.652673][ T9709] get_compat_msghdr+0xad/0x4a0 [ 351.652701][ T9709] ? __pfx_get_compat_msghdr+0x10/0x10 [ 351.652724][ T9709] ? kstrtouint+0x6e/0xe0 [ 351.652753][ T9709] ___sys_sendmsg+0x193/0x2a0 [ 351.652776][ T9709] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.652794][ T9709] ? get_pid_task+0x20/0x1f0 [ 351.652813][ T9709] ? get_pid_task+0x20/0x1f0 [ 351.652829][ T9709] ? get_pid_task+0x20/0x1f0 [ 351.652872][ T9709] ? __fget_files+0x2a/0x420 [ 351.652893][ T9709] ? __fget_files+0x3a0/0x420 [ 351.652921][ T9709] __sys_sendmsg+0x164/0x220 [ 351.652944][ T9709] ? __pfx___sys_sendmsg+0x10/0x10 [ 351.652971][ T9709] ? __pfx_ksys_write+0x10/0x10 [ 351.652997][ T9709] __do_fast_syscall_32+0x1dc/0x570 [ 351.653017][ T9709] ? lockdep_hardirqs_on+0x7b/0x110 [ 351.653034][ T9709] ? do_fast_syscall_32+0x34/0x80 [ 351.653051][ T9709] ? irqentry_exit+0x10f/0x670 [ 351.653069][ T9709] do_fast_syscall_32+0x34/0x80 [ 351.653087][ T9709] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 351.653105][ T9709] RIP: 0023:0xf707d539 [ 351.653121][ T9709] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 351.653135][ T9709] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 351.653154][ T9709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 351.653167][ T9709] RDX: 0000000004040000 RSI: 0000000000000000 RDI: 0000000000000000 [ 351.653178][ T9709] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 351.653188][ T9709] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 351.653199][ T9709] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 351.653226][ T9709] [ 352.038374][ T9] elecom 0003:056E:00FF.0013: item fetching failed at offset 0/3 [ 352.046983][ T9] elecom 0003:056E:00FF.0013: probe with driver elecom failed with error -22 [ 352.176503][ T9724] bridge0: entered promiscuous mode [ 352.211788][ T9724] macvtap1: entered promiscuous mode [ 352.217322][ T9724] macvtap1: entered allmulticast mode [ 352.263901][ T9707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.283500][ T9724] bridge0: entered allmulticast mode [ 352.292810][ T9707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.318706][ T9725] bridge0: left allmulticast mode [ 352.342717][ T9730] FAULT_INJECTION: forcing a failure. [ 352.342717][ T9730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.345194][ T9725] bridge0: left promiscuous mode [ 352.359653][ T9730] CPU: 1 UID: 0 PID: 9730 Comm: syz.4.1180 Tainted: G L syzkaller #0 PREEMPT(full) [ 352.359683][ T9730] Tainted: [L]=SOFTLOCKUP [ 352.359690][ T9730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 352.359700][ T9730] Call Trace: [ 352.359708][ T9730] [ 352.359716][ T9730] dump_stack_lvl+0xe8/0x150 [ 352.359742][ T9730] should_fail_ex+0x414/0x560 [ 352.359772][ T9730] _copy_from_user+0x2d/0xb0 [ 352.359793][ T9730] get_compat_msghdr+0xad/0x4a0 [ 352.359821][ T9730] ? __pfx_get_compat_msghdr+0x10/0x10 [ 352.359845][ T9730] ? kstrtouint+0x6e/0xe0 [ 352.359874][ T9730] ___sys_sendmsg+0x193/0x2a0 [ 352.359896][ T9730] ? __pfx____sys_sendmsg+0x10/0x10 [ 352.359915][ T9730] ? get_pid_task+0x20/0x1f0 [ 352.359935][ T9730] ? get_pid_task+0x20/0x1f0 [ 352.359953][ T9730] ? get_pid_task+0x20/0x1f0 [ 352.360007][ T9730] ? __fget_files+0x2a/0x420 [ 352.360026][ T9730] ? __fget_files+0x3a0/0x420 [ 352.360054][ T9730] __sys_sendmsg+0x164/0x220 [ 352.360076][ T9730] ? __pfx___sys_sendmsg+0x10/0x10 [ 352.360103][ T9730] ? __pfx_ksys_write+0x10/0x10 [ 352.360129][ T9730] __do_fast_syscall_32+0x1dc/0x570 [ 352.360148][ T9730] ? lockdep_hardirqs_on+0x7b/0x110 [ 352.360164][ T9730] ? do_fast_syscall_32+0x34/0x80 [ 352.360183][ T9730] ? irqentry_exit+0x10f/0x670 [ 352.360203][ T9730] do_fast_syscall_32+0x34/0x80 [ 352.360222][ T9730] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.360247][ T9730] RIP: 0023:0xf703d539 [ 352.360263][ T9730] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 352.360277][ T9730] RSP: 002b:00000000f540c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 352.360296][ T9730] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 352.360308][ T9730] RDX: 000000000000c084 RSI: 0000000000000000 RDI: 0000000000000000 [ 352.360318][ T9730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.360329][ T9730] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 352.360340][ T9730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.360365][ T9730] [ 352.626863][ T9729] bridge0: entered promiscuous mode [ 352.669296][ T9729] macvtap1: entered promiscuous mode [ 352.674784][ T9729] macvtap1: entered allmulticast mode [ 352.690697][ T9729] bridge0: entered allmulticast mode [ 352.902008][ T9736] FAULT_INJECTION: forcing a failure. [ 352.902008][ T9736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.977325][ T9736] CPU: 0 UID: 0 PID: 9736 Comm: syz.0.1183 Tainted: G L syzkaller #0 PREEMPT(full) [ 352.977353][ T9736] Tainted: [L]=SOFTLOCKUP [ 352.977360][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 352.977371][ T9736] Call Trace: [ 352.977379][ T9736] [ 352.977387][ T9736] dump_stack_lvl+0xe8/0x150 [ 352.977413][ T9736] should_fail_ex+0x414/0x560 [ 352.977440][ T9736] _copy_from_user+0x2d/0xb0 [ 352.977471][ T9736] get_compat_msghdr+0xad/0x4a0 [ 352.977497][ T9736] ? __pfx_get_compat_msghdr+0x10/0x10 [ 352.977529][ T9736] ___sys_sendmsg+0x193/0x2a0 [ 352.977552][ T9736] ? __pfx____sys_sendmsg+0x10/0x10 [ 352.977569][ T9736] ? kstrtoull+0x12f/0x1d0 [ 352.977594][ T9736] ? kstrtouint+0x6e/0xe0 [ 352.977637][ T9736] ? __fget_files+0x2a/0x420 [ 352.977656][ T9736] ? __fget_files+0x3a0/0x420 [ 352.977683][ T9736] __sys_sendmmsg+0x28e/0x430 [ 352.977708][ T9736] ? __pfx___sys_sendmmsg+0x10/0x10 [ 352.977726][ T9736] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 352.977766][ T9736] ? ksys_write+0x22a/0x250 [ 352.977785][ T9736] ? __pfx_ksys_write+0x10/0x10 [ 352.977806][ T9736] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 352.977834][ T9736] __do_fast_syscall_32+0x1dc/0x570 [ 352.977854][ T9736] ? lockdep_hardirqs_on+0x7b/0x110 [ 352.977869][ T9736] ? do_fast_syscall_32+0x34/0x80 [ 352.977886][ T9736] ? irqentry_exit+0x10f/0x670 [ 352.977905][ T9736] do_fast_syscall_32+0x34/0x80 [ 352.977923][ T9736] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.977942][ T9736] RIP: 0023:0xf707d539 [ 352.977956][ T9736] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 352.977969][ T9736] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 352.977987][ T9736] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000800002c0 [ 352.977998][ T9736] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 352.978008][ T9736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.978018][ T9736] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 352.978028][ T9736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.978051][ T9736] [ 353.310088][ T5910] IPVS: starting estimator thread 0... [ 353.377305][ T9746] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 353.388327][ T9] usb 2-1: USB disconnect, device number 29 [ 353.400786][ T9747] IPVS: using max 36 ests per chain, 86400 per kthread [ 353.679930][ T9758] FAULT_INJECTION: forcing a failure. [ 353.679930][ T9758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.679970][ T9758] CPU: 1 UID: 0 PID: 9758 Comm: syz.1.1189 Tainted: G L syzkaller #0 PREEMPT(full) [ 353.679985][ T9758] Tainted: [L]=SOFTLOCKUP [ 353.679989][ T9758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 353.679996][ T9758] Call Trace: [ 353.680001][ T9758] [ 353.680005][ T9758] dump_stack_lvl+0xe8/0x150 [ 353.680022][ T9758] should_fail_ex+0x414/0x560 [ 353.680041][ T9758] _copy_from_user+0x2d/0xb0 [ 353.680053][ T9758] get_compat_msghdr+0xad/0x4a0 [ 353.680070][ T9758] ? __pfx_get_compat_msghdr+0x10/0x10 [ 353.680088][ T9758] ___sys_sendmsg+0x193/0x2a0 [ 353.680101][ T9758] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.680112][ T9758] ? kstrtoull+0x12f/0x1d0 [ 353.680127][ T9758] ? kstrtouint+0x6e/0xe0 [ 353.680159][ T9758] ? __fget_files+0x2a/0x420 [ 353.680171][ T9758] ? __fget_files+0x3a0/0x420 [ 353.680187][ T9758] __sys_sendmmsg+0x28e/0x430 [ 353.680201][ T9758] ? __pfx___sys_sendmmsg+0x10/0x10 [ 353.680211][ T9758] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 353.680234][ T9758] ? ksys_write+0x22a/0x250 [ 353.680244][ T9758] ? __pfx_ksys_write+0x10/0x10 [ 353.680256][ T9758] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 353.680270][ T9758] __do_fast_syscall_32+0x1dc/0x570 [ 353.680281][ T9758] ? lockdep_hardirqs_on+0x7b/0x110 [ 353.680290][ T9758] ? do_fast_syscall_32+0x34/0x80 [ 353.680301][ T9758] ? irqentry_exit+0x10f/0x670 [ 353.680312][ T9758] do_fast_syscall_32+0x34/0x80 [ 353.680323][ T9758] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 353.680335][ T9758] RIP: 0023:0xf703d539 [ 353.680344][ T9758] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 353.680353][ T9758] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 353.680365][ T9758] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00000000800002c0 [ 353.680372][ T9758] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 353.680378][ T9758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 353.680383][ T9758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 353.680390][ T9758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.680405][ T9758] [ 354.171080][ T980] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 354.271602][ T5890] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 354.348996][ T980] usb 3-1: Using ep0 maxpacket: 8 [ 354.428344][ T5890] usb 2-1: Using ep0 maxpacket: 32 [ 354.437909][ T980] usb 3-1: unable to get BOS descriptor or descriptor too short [ 354.447485][ T980] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 354.463629][ T5890] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 354.463659][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.463679][ T5890] usb 2-1: Product: syz [ 354.463692][ T5890] usb 2-1: Manufacturer: syz [ 354.463700][ T5890] usb 2-1: SerialNumber: syz [ 354.465205][ T5890] usb 2-1: config 0 descriptor?? [ 354.486088][ T980] usb 3-1: config 4 has no interface number 0 [ 354.486181][ T980] usb 3-1: config 4 interface 28 altsetting 5 endpoint 0x1 has invalid wMaxPacketSize 0 [ 354.486206][ T980] usb 3-1: config 4 interface 28 has no altsetting 0 [ 354.501974][ T980] usb 3-1: Dual-Role OTG device on HNP port [ 354.502317][ T980] usb 3-1: New USB device found, idVendor=2040, idProduct=c000, bcdDevice=8e.1e [ 354.502342][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.502384][ T980] usb 3-1: Product: 鮧망㝷쟂ƪ薸勻뭐먋⦍匀㔝ꝡ᨞෡絷䖘ﭱ໾ꪧꫮ⊊U撧㥫ꅁ䏾鎃〰箩飼㟩弾宋蓰稺ᚷ쁇菾6㎷꺦帱祍⎓멵偗츧崭ጛ瑝豈⢍퍱 [ 354.502405][ T980] usb 3-1: Manufacturer: ᫱뇦썀ﮎ佈傭ꪣ髄薘읨결括⨺禸꠾먶ꇉ㇒溤됗ꝕⰝ᝼턽껟뮱귒踐᠛рஸ཭濫ꚜ₿虵솘㴏䕔ὀ淄᫻᭔鞷픁鏯鄣澄헟픪ᓷ⍑ꫝ悂伡竊꧳厂ኑ폽郁濋蓳䑗켠긟家ᓯ饧䏼疂굯錥룐缿는Ḫ仄풽௟鸸紳曌ᔒ㻭偩᛹켽㬌鷯菿脓泫茎뙉ꮨ矢ꎵ各흂 [ 354.502431][ T980] usb 3-1: SerialNumber: ᪈현ꃀ䷳୆黅ᥞ樆⿳㱘씗ᝪ娺꛴蠑랱趐䅥ⱘ恭̢땲릧뙮쨳ㆷ [ 354.691961][ T5890] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 030 [ 354.732132][ T980] smsusb:smsusb_probe: board id=8, interface number 28 [ 354.748595][ T980] usb 3-1: USB disconnect, device number 26 [ 355.258335][ T980] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 355.389294][ T9777] __nla_validate_parse: 9 callbacks suppressed [ 355.389312][ T9777] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1196'. [ 355.390140][ T9762] i2c i2c-1: failure reading status [ 355.459511][ T980] usb 5-1: Using ep0 maxpacket: 8 [ 355.549715][ T980] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 355.766321][ T5985] usb 2-1: USB disconnect, device number 30 [ 355.777990][ T980] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 355.792152][ T980] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 355.851809][ T980] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 355.863268][ T980] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 355.872470][ T980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.922133][ T980] hub 5-1:1.0: bad descriptor, ignoring hub [ 355.930524][ T980] hub 5-1:1.0: probe with driver hub failed with error -5 [ 355.948658][ T980] cdc_wdm 5-1:1.0: skipping garbage [ 355.969162][ T980] cdc_wdm 5-1:1.0: skipping garbage [ 356.004535][ T980] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 356.016424][ T980] cdc_wdm 5-1:1.0: Unknown control protocol [ 356.387647][ T9787] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.395132][ T9787] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.632984][ T9787] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 356.792018][ T9799] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1198'. [ 356.950672][ T9793] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1199'. [ 356.960236][ T9793] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1199'. [ 356.972565][ T9794] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1200'. [ 356.981999][ T9794] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1200'. [ 357.002822][ T3536] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.126729][ T3536] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.151002][ T3536] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.197401][ T3536] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.552827][ T9810] binder: 9805:9810 ioctl 4018620d 0 returned -22 [ 357.563861][ T9810] binder: 9805:9810 ioctl c0306201 80000080 returned -14 [ 357.904583][ T9812] binder: 9805:9812 ioctl d000941e 0 returned -22 [ 358.352268][ T9796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1201'. [ 358.416857][ T5985] usb 5-1: USB disconnect, device number 30 [ 358.620358][ T9817] binder: BINDER_SET_CONTEXT_MGR already set [ 358.649808][ T9817] binder: 9815:9817 ioctl 4018620d 80000180 returned -16 [ 359.229094][ T9831] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 359.932248][ T980] IPVS: starting estimator thread 0... [ 360.030861][ T9838] IPVS: using max 31 ests per chain, 74400 per kthread [ 360.071759][ T9844] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1211'. [ 360.238989][ T9844] syzkaller0: entered promiscuous mode [ 360.245794][ T9844] syzkaller0: entered allmulticast mode [ 360.328438][ T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 360.478862][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 360.488591][ T9] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 360.497975][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.506674][ T9] usb 4-1: Product: syz [ 360.518269][ T9] usb 4-1: Manufacturer: syz [ 360.538795][ T9] usb 4-1: SerialNumber: syz [ 360.574544][ T9] usb 4-1: config 0 descriptor?? [ 360.688609][ T980] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 360.833079][ T9] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 037 [ 360.912563][ T980] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 360.927146][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 360.968462][ T5985] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 361.063888][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 361.063906][ T30] audit: type=1326 audit(1768215135.887:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.119617][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 361.191519][ T30] audit: type=1326 audit(1768215135.887:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.214832][ T980] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 361.240155][ T5985] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 361.255893][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 361.268108][ T980] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 361.277293][ T30] audit: type=1326 audit(1768215135.887:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.301083][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.309164][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 361.330313][ T5985] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 361.344539][ T980] usb 1-1: config 0 descriptor?? [ 361.352181][ T30] audit: type=1326 audit(1768215135.887:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.381833][ T5985] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 361.403832][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.415481][ T30] audit: type=1326 audit(1768215135.887:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.455941][ T5985] usb 5-1: config 0 descriptor?? [ 361.492760][ T30] audit: type=1326 audit(1768215135.887:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.505359][ T9843] i2c i2c-1: failure reading status [ 361.543447][ T30] audit: type=1326 audit(1768215135.887:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.598303][ T30] audit: type=1326 audit(1768215135.887:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.656634][ T30] audit: type=1326 audit(1768215135.887:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.719149][ T9] usb 4-1: USB disconnect, device number 37 [ 361.738400][ T30] audit: type=1326 audit(1768215135.887:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9851 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 361.872697][ T9857] syzkaller0: entered promiscuous mode [ 361.895994][ T980] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 361.905075][ T980] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 361.913795][ T5985] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 361.918296][ T9857] syzkaller0: entered allmulticast mode [ 361.927602][ T5985] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 362.009544][ T5985] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 362.017029][ T980] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 362.024732][ T5985] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 362.037501][ T980] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 362.051196][ T5985] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 362.058875][ T980] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 362.094980][ T980] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 362.110045][ T5985] plantronics 0003:047F:FFFF.0015: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 362.181249][ T9850] FAULT_INJECTION: forcing a failure. [ 362.181249][ T9850] name failslab, interval 1, probability 0, space 0, times 0 [ 362.197059][ T9] usb 1-1: USB disconnect, device number 43 [ 362.212990][ T9850] CPU: 0 UID: 0 PID: 9850 Comm: syz.4.1213 Tainted: G L syzkaller #0 PREEMPT(full) [ 362.213009][ T9850] Tainted: [L]=SOFTLOCKUP [ 362.213013][ T9850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 362.213020][ T9850] Call Trace: [ 362.213024][ T9850] [ 362.213030][ T9850] dump_stack_lvl+0xe8/0x150 [ 362.213047][ T9850] should_fail_ex+0x414/0x560 [ 362.213065][ T9850] should_failslab+0xa8/0x100 [ 362.213078][ T9850] __kmalloc_noprof+0xdf/0x800 [ 362.213088][ T9850] ? kfree+0x4d/0x660 [ 362.213100][ T9850] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 362.213116][ T9850] tomoyo_realpath_from_path+0xe3/0x5d0 [ 362.213130][ T9850] ? tomoyo_domain+0xd8/0x130 [ 362.213144][ T9850] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 362.213155][ T9850] tomoyo_path_number_perm+0x1e8/0x5a0 [ 362.213167][ T9850] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 362.213178][ T9850] ? __lock_acquire+0x6b6/0x2cf0 [ 362.213190][ T9850] ? get_pid_task+0x20/0x1f0 [ 362.213207][ T9850] ? get_pid_task+0x20/0x1f0 [ 362.213227][ T9850] ? __fget_files+0x2a/0x420 [ 362.213241][ T9850] ? __fget_files+0x3a0/0x420 [ 362.213252][ T9850] ? __fget_files+0x2a/0x420 [ 362.213265][ T9850] security_file_ioctl_compat+0xcb/0x2d0 [ 362.213280][ T9850] __ia32_compat_sys_ioctl+0x128/0x840 [ 362.213291][ T9850] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 362.213301][ T9850] ? __fget_files+0x3a0/0x420 [ 362.213316][ T9850] ? fput+0xa0/0xd0 [ 362.213328][ T9850] ? ksys_write+0x22a/0x250 [ 362.213339][ T9850] ? __pfx_ksys_write+0x10/0x10 [ 362.213353][ T9850] __do_fast_syscall_32+0x1dc/0x570 [ 362.213365][ T9850] ? lockdep_hardirqs_on+0x7b/0x110 [ 362.213375][ T9850] ? do_fast_syscall_32+0x34/0x80 [ 362.213385][ T9850] ? irqentry_exit+0x10f/0x670 [ 362.213397][ T9850] do_fast_syscall_32+0x34/0x80 [ 362.213408][ T9850] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 362.213420][ T9850] RIP: 0023:0xf703d539 [ 362.213430][ T9850] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 362.213439][ T9850] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 362.213450][ T9850] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040184810 [ 362.213458][ T9850] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 362.213464][ T9850] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 362.213470][ T9850] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 362.213476][ T9850] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 362.213491][ T9850] [ 362.213496][ T9850] ERROR: Out of memory at tomoyo_realpath_from_path. [ 362.485670][ T5991] usb 5-1: USB disconnect, device number 31 [ 362.600597][ T9859] fido_id[9859]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 362.617873][ T9860] fido_id[9860]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 362.646469][ T9864] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1217'. [ 362.726698][ T9865] netlink: 'syz.1.1217': attribute type 10 has an invalid length. [ 363.298272][ T980] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 363.468342][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 363.476331][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.494584][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.506339][ T980] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 363.522113][ T980] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 363.531391][ T980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.546828][ T980] usb 5-1: config 0 descriptor?? [ 363.943417][ T9868] syzkaller0: entered promiscuous mode [ 363.949659][ T9868] syzkaller0: entered allmulticast mode [ 363.986177][ T9865] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 364.374047][ T9895] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1224'. [ 364.494323][ T980] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0016/input/input66 [ 364.606593][ T980] microsoft 0003:045E:07DA.0016: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 364.623915][ T980] usb 5-1: USB disconnect, device number 32 [ 364.730013][ T9901] fido_id[9901]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 366.428371][ T5991] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 366.544657][ T9917] binder_alloc: 9916: pid 9916 spamming oneway? 1 buffers allocated for a total size of 4096 [ 366.578352][ T5991] usb 1-1: Using ep0 maxpacket: 32 [ 366.596421][ T5991] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 366.619347][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.644688][ T5991] usb 1-1: Product: syz [ 366.657650][ T5991] usb 1-1: Manufacturer: syz [ 366.670324][ T5991] usb 1-1: SerialNumber: syz [ 366.687964][ T5991] usb 1-1: config 0 descriptor?? [ 366.704623][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 366.704640][ T30] audit: type=1326 audit(1768215141.597:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 366.736519][ T30] audit: type=1326 audit(1768215141.607:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 366.741245][ T9921] FAULT_INJECTION: forcing a failure. [ 366.741245][ T9921] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 366.759534][ T30] audit: type=1326 audit(1768215141.627:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=447 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 366.795327][ T30] audit: type=1326 audit(1768215141.627:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 366.819383][ T30] audit: type=1326 audit(1768215141.627:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 366.841434][ T9921] CPU: 0 UID: 0 PID: 9921 Comm: syz.1.1230 Tainted: G L syzkaller #0 PREEMPT(full) [ 366.841464][ T9921] Tainted: [L]=SOFTLOCKUP [ 366.841471][ T9921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 366.841490][ T9921] Call Trace: [ 366.841498][ T9921] [ 366.841506][ T9921] dump_stack_lvl+0xe8/0x150 [ 366.841534][ T9921] should_fail_ex+0x414/0x560 [ 366.841564][ T9921] _copy_from_user+0x2d/0xb0 [ 366.841586][ T9921] ucma_write+0x158/0x2e0 [ 366.841609][ T9921] ? __pfx_ucma_write+0x10/0x10 [ 366.841627][ T9921] ? security_file_permission+0x75/0x290 [ 366.841645][ T9921] ? rw_verify_area+0x255/0x4d0 [ 366.841669][ T9921] vfs_writev+0x4b6/0x960 [ 366.841690][ T9921] ? __pfx_ucma_write+0x10/0x10 [ 366.841711][ T9921] ? __pfx_vfs_writev+0x10/0x10 [ 366.841742][ T9921] ? __fget_files+0x2a/0x420 [ 366.841766][ T9921] ? __fget_files+0x3a0/0x420 [ 366.841784][ T9921] ? __fget_files+0x2a/0x420 [ 366.841810][ T9921] do_writev+0x14d/0x2d0 [ 366.841832][ T9921] ? __pfx_do_writev+0x10/0x10 [ 366.841861][ T9921] __do_fast_syscall_32+0x1dc/0x570 [ 366.841881][ T9921] ? lockdep_hardirqs_on+0x7b/0x110 [ 366.841897][ T9921] ? do_fast_syscall_32+0x34/0x80 [ 366.841913][ T9921] ? irqentry_exit+0x10f/0x670 [ 366.841929][ T9921] do_fast_syscall_32+0x34/0x80 [ 366.841944][ T9921] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 366.841968][ T9921] RIP: 0023:0xf703d539 [ 366.841984][ T9921] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 366.841999][ T9921] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000092 [ 366.842018][ T9921] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000000 [ 366.842031][ T9921] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 366.842042][ T9921] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 366.842052][ T9921] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 366.842062][ T9921] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 366.842087][ T9921] [ 366.903656][ T5991] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 044 [ 366.912013][ T980] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 367.075801][ T30] audit: type=1326 audit(1768215141.627:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 367.105507][ T30] audit: type=1326 audit(1768215141.627:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 367.133065][ T30] audit: type=1326 audit(1768215141.627:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 367.156047][ T30] audit: type=1326 audit(1768215141.627:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 367.183864][ T30] audit: type=1326 audit(1768215141.627:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9922 comm="syz.2.1231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=368 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 367.331376][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.544556][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 367.558336][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 367.566393][ T9912] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 367.595043][ T9912] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 367.601111][ T9915] i2c i2c-1: failure reading status [ 367.941324][ T5991] usb 1-1: USB disconnect, device number 44 [ 367.990702][ T980] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 368.025387][ T980] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 368.042786][ T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.097619][ T980] usb 4-1: config 0 descriptor?? [ 368.374141][ T9912] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 368.604871][ T980] hid_parser_main: 30 callbacks suppressed [ 368.604893][ T980] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 368.678443][ T9912] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 368.757527][ T980] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 368.776048][ T980] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 368.791697][ T980] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 368.811384][ T980] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 369.013629][ T9912] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.021213][ T9912] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 369.040963][ T980] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 369.342164][ T9912] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 369.352594][ T9912] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 369.358619][ T980] usb 4-1: USB disconnect, device number 38 [ 369.384088][ T9912] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 369.424782][ T9912] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 369.664770][ T9944] fido_id[9944]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 370.357344][ T9958] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.357823][ T9958] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.432449][ T9963] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1241'. [ 370.509248][ T9967] FAULT_INJECTION: forcing a failure. [ 370.509248][ T9967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 370.509273][ T9967] CPU: 0 UID: 0 PID: 9967 Comm: syz.2.1242 Tainted: G L syzkaller #0 PREEMPT(full) [ 370.509287][ T9967] Tainted: [L]=SOFTLOCKUP [ 370.509290][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 370.509297][ T9967] Call Trace: [ 370.509301][ T9967] [ 370.509307][ T9967] dump_stack_lvl+0xe8/0x150 [ 370.509323][ T9967] should_fail_ex+0x414/0x560 [ 370.509341][ T9967] _copy_from_user+0x2d/0xb0 [ 370.509355][ T9967] get_old_timespec32+0x88/0x130 [ 370.509366][ T9967] ? __pfx_get_old_timespec32+0x10/0x10 [ 370.509377][ T9967] ? __fget_files+0x3a0/0x420 [ 370.509393][ T9967] __sys_recvmmsg+0xee/0x280 [ 370.509408][ T9967] ? __pfx___sys_recvmmsg+0x10/0x10 [ 370.509420][ T9967] ? __pfx_ksys_write+0x10/0x10 [ 370.509432][ T9967] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 370.509448][ T9967] __do_fast_syscall_32+0x1dc/0x570 [ 370.509460][ T9967] ? lockdep_hardirqs_on+0x7b/0x110 [ 370.509469][ T9967] ? do_fast_syscall_32+0x34/0x80 [ 370.509480][ T9967] ? irqentry_exit+0x10f/0x670 [ 370.509491][ T9967] do_fast_syscall_32+0x34/0x80 [ 370.509502][ T9967] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 370.509514][ T9967] RIP: 0023:0xf70bd539 [ 370.509523][ T9967] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 370.509535][ T9967] RSP: 002b:00000000f548c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 370.509547][ T9967] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0 [ 370.509554][ T9967] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700 [ 370.509561][ T9967] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 370.509567][ T9967] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 370.509573][ T9967] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 370.509586][ T9967] [ 370.929960][ T9958] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 370.952589][ T9958] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.327386][ T9979] syzkaller0: entered promiscuous mode [ 371.327411][ T9979] syzkaller0: entered allmulticast mode [ 371.328910][ T1171] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.337074][ T1171] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.337108][ T1171] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.337127][ T1171] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.640823][ T5990] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 371.814076][ T5990] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 371.830676][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 371.855474][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 371.884270][ T5990] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 371.914228][ T5990] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 371.924022][ T5990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.982171][ T5990] usb 5-1: config 0 descriptor?? [ 372.119052][ T30] kauditd_printk_skb: 115 callbacks suppressed [ 372.121197][ T30] audit: type=1326 audit(1768215147.017:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.150343][ T30] audit: type=1326 audit(1768215147.017:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.173479][ T30] audit: type=1326 audit(1768215147.067:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.258652][ T30] audit: type=1326 audit(1768215147.097:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.297402][ T30] audit: type=1326 audit(1768215147.097:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.416612][ T30] audit: type=1326 audit(1768215147.117:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.480721][ T9982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.496566][ T9982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.595159][ T30] audit: type=1326 audit(1768215147.117:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.634262][ T30] audit: type=1326 audit(1768215147.117:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.716101][ T5990] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 372.740001][ T5990] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 372.747725][ T30] audit: type=1326 audit(1768215147.117:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.770619][ T5990] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 372.778040][ T5990] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 372.785669][ T5990] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 372.799367][ T30] audit: type=1326 audit(1768215147.117:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.3.1249" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 372.832870][ T5990] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 373.060684][ T9] usb 5-1: USB disconnect, device number 33 [ 373.227767][ T9999] fido_id[9999]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 373.451803][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'. [ 374.659648][T10016] FAULT_INJECTION: forcing a failure. [ 374.659648][T10016] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 374.673481][T10016] CPU: 0 UID: 0 PID: 10016 Comm: syz.3.1254 Tainted: G L syzkaller #0 PREEMPT(full) [ 374.673508][T10016] Tainted: [L]=SOFTLOCKUP [ 374.673514][T10016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 374.673524][T10016] Call Trace: [ 374.673531][T10016] [ 374.673538][T10016] dump_stack_lvl+0xe8/0x150 [ 374.673564][T10016] should_fail_ex+0x414/0x560 [ 374.673592][T10016] _copy_to_user+0x31/0xb0 [ 374.673614][T10016] simple_read_from_buffer+0xe1/0x170 [ 374.673637][T10016] proc_fail_nth_read+0x1b3/0x220 [ 374.673658][T10016] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 374.673678][T10016] ? rw_verify_area+0x2a6/0x4d0 [ 374.673699][T10016] ? __lock_acquire+0x6b6/0x2cf0 [ 374.673721][T10016] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 374.673739][T10016] vfs_read+0x200/0xa30 [ 374.673752][T10016] ? fdget_pos+0x247/0x320 [ 374.673775][T10016] ? __pfx___mutex_lock+0x10/0x10 [ 374.673794][T10016] ? __pfx_vfs_read+0x10/0x10 [ 374.673810][T10016] ? __fget_files+0x2a/0x420 [ 374.673832][T10016] ? __fget_files+0x3a0/0x420 [ 374.673849][T10016] ? __fget_files+0x2a/0x420 [ 374.673874][T10016] ksys_read+0x145/0x250 [ 374.673890][T10016] ? __pfx_ksys_read+0x10/0x10 [ 374.673912][T10016] __do_fast_syscall_32+0x1dc/0x570 [ 374.673929][T10016] ? lockdep_hardirqs_on+0x7b/0x110 [ 374.673942][T10016] ? do_fast_syscall_32+0x34/0x80 [ 374.673956][T10016] ? irqentry_exit+0x10f/0x670 [ 374.673973][T10016] do_fast_syscall_32+0x34/0x80 [ 374.673989][T10016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 374.674006][T10016] RIP: 0023:0xf703d539 [ 374.674021][T10016] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 374.674033][T10016] RSP: 002b:00000000f542d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 374.674049][T10016] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542d620 [ 374.674059][T10016] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000 [ 374.674068][T10016] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 374.674076][T10016] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 374.674085][T10016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 374.674107][T10016] [ 375.049882][T10017] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1253'. [ 375.849841][T10003] hsr0: entered promiscuous mode [ 375.899138][T10004] hsr_slave_0: left promiscuous mode [ 375.933744][T10004] hsr0 (unregistering): left promiscuous mode [ 376.284270][T10026] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1257'. [ 376.311652][T10026] syzkaller0: entered promiscuous mode [ 376.317332][T10026] syzkaller0: entered allmulticast mode [ 376.445630][T10029] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 376.557340][T10040] FAULT_INJECTION: forcing a failure. [ 376.557340][T10040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.570645][T10040] CPU: 1 UID: 0 PID: 10040 Comm: syz.3.1260 Tainted: G L syzkaller #0 PREEMPT(full) [ 376.570673][T10040] Tainted: [L]=SOFTLOCKUP [ 376.570679][T10040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 376.570690][T10040] Call Trace: [ 376.570697][T10040] [ 376.570705][T10040] dump_stack_lvl+0xe8/0x150 [ 376.570732][T10040] should_fail_ex+0x414/0x560 [ 376.570760][T10040] _copy_from_user+0x2d/0xb0 [ 376.570782][T10040] get_old_timespec32+0x88/0x130 [ 376.570802][T10040] ? __pfx_get_old_timespec32+0x10/0x10 [ 376.570818][T10040] ? __fget_files+0x3a0/0x420 [ 376.570842][T10040] __sys_recvmmsg+0xee/0x280 [ 376.570867][T10040] ? __pfx___sys_recvmmsg+0x10/0x10 [ 376.570887][T10040] ? __pfx_ksys_write+0x10/0x10 [ 376.570908][T10040] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 376.570935][T10040] __do_fast_syscall_32+0x1dc/0x570 [ 376.570955][T10040] ? lockdep_hardirqs_on+0x7b/0x110 [ 376.570971][T10040] ? do_fast_syscall_32+0x34/0x80 [ 376.570989][T10040] ? irqentry_exit+0x10f/0x670 [ 376.571011][T10040] do_fast_syscall_32+0x34/0x80 [ 376.571030][T10040] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 376.571050][T10040] RIP: 0023:0xf703d539 [ 376.571064][T10040] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 376.571098][T10040] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 376.571116][T10040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0 [ 376.571130][T10040] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700 [ 376.571142][T10040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 376.571153][T10040] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 376.571171][T10040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 376.571192][T10040] [ 376.972517][T10053] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1266'. [ 377.405573][T10064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1267'. [ 377.563872][T10068] FAULT_INJECTION: forcing a failure. [ 377.563872][T10068] name failslab, interval 1, probability 0, space 0, times 0 [ 377.578347][T10068] CPU: 1 UID: 0 PID: 10068 Comm: syz.1.1269 Tainted: G L syzkaller #0 PREEMPT(full) [ 377.578377][T10068] Tainted: [L]=SOFTLOCKUP [ 377.578384][T10068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 377.578396][T10068] Call Trace: [ 377.578404][T10068] [ 377.578413][T10068] dump_stack_lvl+0xe8/0x150 [ 377.578440][T10068] should_fail_ex+0x414/0x560 [ 377.578470][T10068] should_failslab+0xa8/0x100 [ 377.578493][T10068] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 377.578519][T10068] ? __alloc_skb+0x198/0x3a0 [ 377.578537][T10068] ? __alloc_skb+0x1dc/0x3a0 [ 377.578553][T10068] ? __local_bh_enable_ip+0xd0/0x130 [ 377.578573][T10068] ? __alloc_skb+0x198/0x3a0 [ 377.578591][T10068] __alloc_skb+0x1dc/0x3a0 [ 377.578614][T10068] netlink_sendmsg+0x5c6/0xb30 [ 377.578642][T10068] ? __pfx_netlink_sendmsg+0x10/0x10 [ 377.578666][T10068] ? __import_iovec+0x5d4/0x7f0 [ 377.578685][T10068] ? aa_sock_msg_perm+0xf1/0x1b0 [ 377.578728][T10068] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 377.578745][T10068] ? __pfx_netlink_sendmsg+0x10/0x10 [ 377.578769][T10068] __sock_sendmsg+0x21c/0x270 [ 377.578798][T10068] ____sys_sendmsg+0x505/0x820 [ 377.578824][T10068] ? __pfx_____sys_sendmsg+0x10/0x10 [ 377.578850][T10068] ? kstrtouint+0x6e/0xe0 [ 377.578880][T10068] ___sys_sendmsg+0x21f/0x2a0 [ 377.578903][T10068] ? __pfx____sys_sendmsg+0x10/0x10 [ 377.578924][T10068] ? get_pid_task+0x20/0x1f0 [ 377.578945][T10068] ? get_pid_task+0x20/0x1f0 [ 377.578964][T10068] ? get_pid_task+0x20/0x1f0 [ 377.579011][T10068] ? __fget_files+0x2a/0x420 [ 377.579029][T10068] ? __fget_files+0x3a0/0x420 [ 377.579056][T10068] __sys_sendmsg+0x164/0x220 [ 377.579080][T10068] ? __pfx___sys_sendmsg+0x10/0x10 [ 377.579117][T10068] ? __pfx_ksys_write+0x10/0x10 [ 377.579145][T10068] __do_fast_syscall_32+0x1dc/0x570 [ 377.579166][T10068] ? lockdep_hardirqs_on+0x7b/0x110 [ 377.579183][T10068] ? do_fast_syscall_32+0x34/0x80 [ 377.579203][T10068] ? irqentry_exit+0x10f/0x670 [ 377.579225][T10068] do_fast_syscall_32+0x34/0x80 [ 377.579246][T10068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.579267][T10068] RIP: 0023:0xf703d539 [ 377.579283][T10068] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 377.579298][T10068] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 377.579319][T10068] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 377.579333][T10068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 377.579349][T10068] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 377.579361][T10068] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 377.579373][T10068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.579399][T10068] [ 377.867397][ T6921] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 378.295604][T10066] netlink: 'syz.0.1268': attribute type 3 has an invalid length. [ 378.326447][T10074] syzkaller0: entered promiscuous mode [ 378.332150][T10074] syzkaller0: entered allmulticast mode [ 378.358166][ T6921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 378.376274][ T6921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.386446][ T6921] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 378.492503][ T6921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.522516][ T6921] usb 4-1: config 0 descriptor?? [ 378.561295][ T6921] uvcvideo 4-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 378.602411][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.608565][ T6921] uvcvideo 4-1:0.0: No valid video chain found. [ 378.611918][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.747151][ T980] usb 4-1: USB disconnect, device number 39 [ 379.133739][T10092] FAULT_INJECTION: forcing a failure. [ 379.133739][T10092] name failslab, interval 1, probability 0, space 0, times 0 [ 379.146666][T10092] CPU: 0 UID: 0 PID: 10092 Comm: syz.2.1278 Tainted: G L syzkaller #0 PREEMPT(full) [ 379.146696][T10092] Tainted: [L]=SOFTLOCKUP [ 379.146704][T10092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 379.146714][T10092] Call Trace: [ 379.146722][T10092] [ 379.146730][T10092] dump_stack_lvl+0xe8/0x150 [ 379.146758][T10092] should_fail_ex+0x414/0x560 [ 379.146788][T10092] should_failslab+0xa8/0x100 [ 379.146811][T10092] __kmalloc_noprof+0xdf/0x800 [ 379.146829][T10092] ? tomoyo_encode+0x28b/0x550 [ 379.146855][T10092] tomoyo_encode+0x28b/0x550 [ 379.146883][T10092] tomoyo_realpath_from_path+0x58d/0x5d0 [ 379.146914][T10092] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 379.146934][T10092] tomoyo_path_number_perm+0x1e8/0x5a0 [ 379.146956][T10092] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 379.146975][T10092] ? __lock_acquire+0x6b6/0x2cf0 [ 379.146996][T10092] ? get_pid_task+0x20/0x1f0 [ 379.147026][T10092] ? get_pid_task+0x20/0x1f0 [ 379.147063][T10092] ? __fget_files+0x2a/0x420 [ 379.147089][T10092] ? __fget_files+0x3a0/0x420 [ 379.147108][T10092] ? __fget_files+0x2a/0x420 [ 379.147132][T10092] security_file_ioctl_compat+0xcb/0x2d0 [ 379.147154][T10092] __ia32_compat_sys_ioctl+0x128/0x840 [ 379.147175][T10092] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 379.147193][T10092] ? __fget_files+0x3a0/0x420 [ 379.147219][T10092] ? fput+0xa0/0xd0 [ 379.147241][T10092] ? ksys_write+0x22a/0x250 [ 379.147260][T10092] ? __pfx_ksys_write+0x10/0x10 [ 379.147287][T10092] __do_fast_syscall_32+0x1dc/0x570 [ 379.147307][T10092] ? lockdep_hardirqs_on+0x7b/0x110 [ 379.147324][T10092] ? do_fast_syscall_32+0x34/0x80 [ 379.147343][T10092] ? irqentry_exit+0x10f/0x670 [ 379.147365][T10092] do_fast_syscall_32+0x34/0x80 [ 379.147385][T10092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 379.147406][T10092] RIP: 0023:0xf70bd539 [ 379.147421][T10092] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 379.147436][T10092] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 379.147455][T10092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c040564b [ 379.147468][T10092] RDX: 0000000080002c40 RSI: 0000000000000000 RDI: 0000000000000000 [ 379.147480][T10092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 379.147490][T10092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 379.147501][T10092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 379.147528][T10092] [ 379.147550][T10092] ERROR: Out of memory at tomoyo_realpath_from_path. [ 379.557407][T10094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1273'. [ 379.806919][T10104] input: syz1 as /devices/virtual/input/input67 [ 380.396290][T10117] FAULT_INJECTION: forcing a failure. [ 380.396290][T10117] name failslab, interval 1, probability 0, space 0, times 0 [ 380.428761][T10117] CPU: 1 UID: 0 PID: 10117 Comm: syz.4.1289 Tainted: G L syzkaller #0 PREEMPT(full) [ 380.428791][T10117] Tainted: [L]=SOFTLOCKUP [ 380.428798][T10117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 380.428814][T10117] Call Trace: [ 380.428822][T10117] [ 380.428830][T10117] dump_stack_lvl+0xe8/0x150 [ 380.428887][T10117] should_fail_ex+0x414/0x560 [ 380.428921][T10117] should_failslab+0xa8/0x100 [ 380.428943][T10117] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 380.428969][T10117] ? dup_task_struct+0x57/0x9a0 [ 380.428993][T10117] dup_task_struct+0x57/0x9a0 [ 380.429012][T10117] ? _raw_spin_unlock_irq+0x23/0x50 [ 380.429033][T10117] copy_process+0x4ea/0x3950 [ 380.429073][T10117] ? __pfx_copy_process+0x10/0x10 [ 380.429102][T10117] kernel_clone+0x21e/0x820 [ 380.429126][T10117] ? __pfx_kernel_clone+0x10/0x10 [ 380.429161][T10117] __se_sys_clone3+0x256/0x2d0 [ 380.429185][T10117] ? __pfx___se_sys_clone3+0x10/0x10 [ 380.429203][T10117] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 380.429233][T10117] ? __fget_files+0x3a0/0x420 [ 380.429268][T10117] ? __pfx_ksys_write+0x10/0x10 [ 380.429296][T10117] __do_fast_syscall_32+0x1dc/0x570 [ 380.429316][T10117] ? lockdep_hardirqs_on+0x7b/0x110 [ 380.429332][T10117] ? do_fast_syscall_32+0x34/0x80 [ 380.429352][T10117] ? irqentry_exit+0x10f/0x670 [ 380.429373][T10117] do_fast_syscall_32+0x34/0x80 [ 380.429394][T10117] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 380.429414][T10117] RIP: 0023:0xf703d539 [ 380.429431][T10117] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 380.429446][T10117] RSP: 002b:00000000f542d42c EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 380.429467][T10117] RAX: ffffffffffffffda RBX: 00000000f542d460 RCX: 0000000000000058 [ 380.429480][T10117] RDX: 0000000000000000 RSI: 0000000000a00000 RDI: 0000000000000002 [ 380.429492][T10117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 380.429503][T10117] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 380.429512][T10117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 380.429537][T10117] [ 380.790171][ T30] kauditd_printk_skb: 83 callbacks suppressed [ 380.790187][ T30] audit: type=1326 audit(1768215155.677:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.3.1290" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 380.929603][ T30] audit: type=1326 audit(1768215155.677:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.3.1290" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 381.180053][T10139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1295'. [ 381.206478][T10139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1295'. [ 381.287888][T10142] input: syz1 as /devices/virtual/input/input68 [ 381.446591][T10145] FAULT_INJECTION: forcing a failure. [ 381.446591][T10145] name failslab, interval 1, probability 0, space 0, times 0 [ 381.461923][T10145] CPU: 1 UID: 0 PID: 10145 Comm: syz.0.1297 Tainted: G L syzkaller #0 PREEMPT(full) [ 381.461952][T10145] Tainted: [L]=SOFTLOCKUP [ 381.461959][T10145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 381.461970][T10145] Call Trace: [ 381.461978][T10145] [ 381.461987][T10145] dump_stack_lvl+0xe8/0x150 [ 381.462014][T10145] should_fail_ex+0x414/0x560 [ 381.462044][T10145] should_failslab+0xa8/0x100 [ 381.462068][T10145] __kmalloc_noprof+0xdf/0x800 [ 381.462086][T10145] ? sock_kmalloc+0xd6/0x160 [ 381.462112][T10145] sock_kmalloc+0xd6/0x160 [ 381.462136][T10145] do_ipv6_setsockopt+0x1eff/0x2eb0 [ 381.462159][T10145] ? get_pid_task+0x20/0x1f0 [ 381.462188][T10145] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 381.462210][T10145] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 381.462230][T10145] ? get_pid_task+0x20/0x1f0 [ 381.462248][T10145] ? get_pid_task+0x20/0x1f0 [ 381.462301][T10145] ? aa_sk_perm+0x7ee/0x920 [ 381.462326][T10145] ? __pfx_aa_sk_perm+0x10/0x10 [ 381.462349][T10145] ? __fget_files+0x2a/0x420 [ 381.462368][T10145] ? aa_sock_opt_perm+0xff/0x1a0 [ 381.462393][T10145] ipv6_setsockopt+0x59/0x170 [ 381.462415][T10145] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 381.462435][T10145] do_sock_setsockopt+0x17c/0x1b0 [ 381.462460][T10145] __ia32_sys_setsockopt+0x13f/0x1b0 [ 381.462486][T10145] __do_fast_syscall_32+0x1dc/0x570 [ 381.462513][T10145] ? lockdep_hardirqs_on+0x7b/0x110 [ 381.462530][T10145] ? do_fast_syscall_32+0x34/0x80 [ 381.462549][T10145] ? irqentry_exit+0x10f/0x670 [ 381.462571][T10145] do_fast_syscall_32+0x34/0x80 [ 381.462591][T10145] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.462612][T10145] RIP: 0023:0xf707d539 [ 381.462629][T10145] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 381.462643][T10145] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 381.462663][T10145] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029 [ 381.462676][T10145] RDX: 0000000000000006 RSI: 0000000080000180 RDI: 0000000000000010 [ 381.462688][T10145] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 381.462699][T10145] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 381.462710][T10145] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 381.462738][T10145] [ 382.173817][ T30] audit: type=1326 audit(1768215156.987:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.255755][ T30] audit: type=1326 audit(1768215156.987:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.358794][ T30] audit: type=1326 audit(1768215156.987:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.434128][ T30] audit: type=1326 audit(1768215156.987:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.457853][ T30] audit: type=1326 audit(1768215156.987:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.636434][ T30] audit: type=1326 audit(1768215156.987:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.771376][ T30] audit: type=1326 audit(1768215156.987:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.798492][ T30] audit: type=1326 audit(1768215156.987:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10156 comm="syz.2.1312" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 382.987265][T10175] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1304'. [ 383.028740][T10155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1301'. [ 383.958158][T10154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1299'. [ 384.380808][T10197] FAULT_INJECTION: forcing a failure. [ 384.380808][T10197] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 384.401693][T10197] CPU: 0 UID: 0 PID: 10197 Comm: syz.0.1310 Tainted: G L syzkaller #0 PREEMPT(full) [ 384.401719][T10197] Tainted: [L]=SOFTLOCKUP [ 384.401725][T10197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 384.401736][T10197] Call Trace: [ 384.401744][T10197] [ 384.401752][T10197] dump_stack_lvl+0xe8/0x150 [ 384.401777][T10197] should_fail_ex+0x414/0x560 [ 384.401804][T10197] _copy_from_user+0x2d/0xb0 [ 384.401825][T10197] kstrtouint_from_user+0xc4/0x170 [ 384.401843][T10197] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 384.401874][T10197] proc_fail_nth_write+0x88/0x200 [ 384.401893][T10197] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 384.401915][T10197] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 384.401934][T10197] vfs_write+0x27e/0xb30 [ 384.401959][T10197] ? __pfx_vfs_write+0x10/0x10 [ 384.401977][T10197] ? __fget_files+0x2a/0x420 [ 384.402000][T10197] ? __fget_files+0x3a0/0x420 [ 384.402018][T10197] ? __fget_files+0x2a/0x420 [ 384.402045][T10197] ksys_write+0x145/0x250 [ 384.402064][T10197] ? __pfx_ksys_write+0x10/0x10 [ 384.402090][T10197] __do_fast_syscall_32+0x1dc/0x570 [ 384.402109][T10197] ? lockdep_hardirqs_on+0x7b/0x110 [ 384.402126][T10197] ? do_fast_syscall_32+0x34/0x80 [ 384.402144][T10197] ? irqentry_exit+0x10f/0x670 [ 384.402163][T10197] do_fast_syscall_32+0x34/0x80 [ 384.402182][T10197] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 384.402202][T10197] RIP: 0023:0xf707d539 [ 384.402217][T10197] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 384.402232][T10197] RSP: 002b:00000000f544c590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 384.402251][T10197] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544c620 [ 384.402263][T10197] RDX: 0000000000000001 RSI: 00000000f7416ff4 RDI: 0000000000000000 [ 384.402274][T10197] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 384.402285][T10197] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 384.402296][T10197] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 384.402322][T10197] [ 384.637955][T10199] binder: 10198:10199 ioctl 4018620d 0 returned -22 [ 384.922999][T10201] input: syz1 as /devices/virtual/input/input69 [ 385.128545][ T129] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 385.154595][T10210] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1316'. [ 385.281820][ T129] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.286801][T10213] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 385.296323][ T129] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.316605][T10216] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1317'. [ 385.345731][ T129] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 385.358975][ T129] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 385.368037][ T129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.375340][T10219] FAULT_INJECTION: forcing a failure. [ 385.375340][T10219] name failslab, interval 1, probability 0, space 0, times 0 [ 385.390220][T10219] CPU: 0 UID: 0 PID: 10219 Comm: syz.1.1319 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.390248][T10219] Tainted: [L]=SOFTLOCKUP [ 385.390255][T10219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 385.390265][T10219] Call Trace: [ 385.390274][T10219] [ 385.390280][T10219] dump_stack_lvl+0xe8/0x150 [ 385.390306][T10219] should_fail_ex+0x414/0x560 [ 385.390335][T10219] should_failslab+0xa8/0x100 [ 385.390358][T10219] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 385.390380][T10219] ? __alloc_skb+0x198/0x3a0 [ 385.390399][T10219] ? __alloc_skb+0x1dc/0x3a0 [ 385.390412][T10219] ? __local_bh_enable_ip+0xd0/0x130 [ 385.390429][T10219] ? __alloc_skb+0x198/0x3a0 [ 385.390447][T10219] __alloc_skb+0x1dc/0x3a0 [ 385.390469][T10219] netlink_sendmsg+0x5c6/0xb30 [ 385.390498][T10219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 385.390521][T10219] ? __import_iovec+0x5d4/0x7f0 [ 385.390538][T10219] ? aa_sock_msg_perm+0xf1/0x1b0 [ 385.390562][T10219] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 385.390578][T10219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 385.390600][T10219] __sock_sendmsg+0x21c/0x270 [ 385.390627][T10219] ____sys_sendmsg+0x505/0x820 [ 385.390651][T10219] ? __pfx_____sys_sendmsg+0x10/0x10 [ 385.390674][T10219] ? kstrtouint+0x6e/0xe0 [ 385.390717][T10219] ___sys_sendmsg+0x21f/0x2a0 [ 385.390739][T10219] ? __pfx____sys_sendmsg+0x10/0x10 [ 385.390757][T10219] ? get_pid_task+0x20/0x1f0 [ 385.390776][T10219] ? get_pid_task+0x20/0x1f0 [ 385.390792][T10219] ? get_pid_task+0x20/0x1f0 [ 385.390836][T10219] ? __fget_files+0x2a/0x420 [ 385.390853][T10219] ? __fget_files+0x3a0/0x420 [ 385.390881][T10219] __sys_sendmsg+0x164/0x220 [ 385.390904][T10219] ? __pfx___sys_sendmsg+0x10/0x10 [ 385.390931][T10219] ? __pfx_ksys_write+0x10/0x10 [ 385.390956][T10219] __do_fast_syscall_32+0x1dc/0x570 [ 385.390974][T10219] ? lockdep_hardirqs_on+0x7b/0x110 [ 385.390991][T10219] ? do_fast_syscall_32+0x34/0x80 [ 385.391008][T10219] ? irqentry_exit+0x10f/0x670 [ 385.391036][T10219] do_fast_syscall_32+0x34/0x80 [ 385.391055][T10219] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 385.391076][T10219] RIP: 0023:0xf703d539 [ 385.391091][T10219] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 385.391106][T10219] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 385.391124][T10219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 385.391137][T10219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 385.391147][T10219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 385.391158][T10219] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 385.391170][T10219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 385.391194][T10219] [ 385.392470][ T129] usb 3-1: config 0 descriptor?? [ 385.658362][ T9] usb 1-1: new full-speed USB device number 45 using dummy_hcd [ 385.970200][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 385.988416][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.000831][ T9] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 386.019526][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.048904][ T9] usb 1-1: config 0 descriptor?? [ 386.060687][ T9] uvcvideo 1-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 386.074747][ T9] uvcvideo 1-1:0.0: No valid video chain found. [ 386.102115][ T129] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 386.241229][T10239] blktrace: Concurrent blktraces are not allowed on nullb0 [ 386.391597][ T129] usb 3-1: USB disconnect, device number 27 [ 386.546486][ T6921] usb 1-1: USB disconnect, device number 45 [ 386.600475][T10237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1320'. [ 387.151653][T10242] FAULT_INJECTION: forcing a failure. [ 387.151653][T10242] name failslab, interval 1, probability 0, space 0, times 0 [ 387.290103][T10242] CPU: 1 UID: 0 PID: 10242 Comm: syz.2.1324 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.290123][T10242] Tainted: [L]=SOFTLOCKUP [ 387.290127][T10242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 387.290134][T10242] Call Trace: [ 387.290138][T10242] [ 387.290144][T10242] dump_stack_lvl+0xe8/0x150 [ 387.290162][T10242] should_fail_ex+0x414/0x560 [ 387.290180][T10242] should_failslab+0xa8/0x100 [ 387.290195][T10242] kmem_cache_alloc_noprof+0x88/0x710 [ 387.290210][T10242] ? can_rx_register+0x16d/0x790 [ 387.290225][T10242] can_rx_register+0x16d/0x790 [ 387.290239][T10242] ? __pfx_raw_rcv+0x10/0x10 [ 387.290249][T10242] raw_enable_allfilters+0xe4/0x420 [ 387.290264][T10242] raw_bind+0x297/0x7c0 [ 387.290280][T10242] __sys_bind+0x2c6/0x3e0 [ 387.290292][T10242] ? __pfx___sys_bind+0x10/0x10 [ 387.290307][T10242] ? __pfx_ksys_write+0x10/0x10 [ 387.290321][T10242] __ia32_sys_bind+0x7a/0x90 [ 387.290331][T10242] __do_fast_syscall_32+0x1dc/0x570 [ 387.290361][T10242] ? lockdep_hardirqs_on+0x7b/0x110 [ 387.290371][T10242] ? do_fast_syscall_32+0x34/0x80 [ 387.290382][T10242] ? irqentry_exit+0x10f/0x670 [ 387.290393][T10242] do_fast_syscall_32+0x34/0x80 [ 387.290404][T10242] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 387.290417][T10242] RIP: 0023:0xf70bd539 [ 387.290427][T10242] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 387.290435][T10242] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000169 [ 387.290447][T10242] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 387.290455][T10242] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 387.290461][T10242] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 387.290467][T10242] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 387.290473][T10242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 387.290487][T10242] [ 387.722641][T10244] binder: 10243:10244 ioctl 4018620d 0 returned -22 [ 387.898299][ T30] kauditd_printk_skb: 97 callbacks suppressed [ 387.948331][ T30] audit: type=1326 audit(1768215162.777:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.090597][ T30] audit: type=1326 audit(1768215162.777:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.114462][T10253] input: syz1 as /devices/virtual/input/input70 [ 388.224854][ T30] audit: type=1326 audit(1768215162.777:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.503657][ T30] audit: type=1326 audit(1768215162.777:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.735837][ T30] audit: type=1326 audit(1768215162.777:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.888682][ T30] audit: type=1326 audit(1768215162.777:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 388.998972][ T30] audit: type=1326 audit(1768215162.777:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 389.079799][ T30] audit: type=1326 audit(1768215162.777:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 389.153862][ T30] audit: type=1326 audit(1768215162.777:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 389.227567][ T30] audit: type=1326 audit(1768215162.777:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.2.1327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 389.548739][ T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 389.704953][T10278] binder: 10277:10278 ioctl 4018620d 0 returned -22 [ 389.708294][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 389.726013][ T9] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 389.736007][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.750629][ T9] usb 3-1: Product: syz [ 389.758334][ T9] usb 3-1: Manufacturer: syz [ 389.767416][ T9] usb 3-1: SerialNumber: syz [ 389.780474][ T9] usb 3-1: config 0 descriptor?? [ 390.010125][ T9] RobotFuzz Open Source InterFace, OSIF 3-1:0.0: version d4.15 found at bus 003 address 028 [ 390.225384][T10298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 390.241264][T10298] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1340'. [ 390.252034][T10298] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1340'. [ 390.336646][T10304] blktrace: Concurrent blktraces are not allowed on nullb0 [ 390.375133][T10307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1346'. [ 390.385762][T10307] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1346'. [ 390.414671][T10307] vlan2: entered allmulticast mode [ 390.421736][T10307] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 390.456740][T10306] delete_channel: no stack [ 390.698655][T10271] i2c i2c-1: failure reading status [ 390.863049][T10313] binder: BINDER_SET_CONTEXT_MGR already set [ 390.869160][T10313] binder: 10312:10313 ioctl 4018620d 80000180 returned -16 [ 390.960513][ T9] usb 3-1: USB disconnect, device number 28 [ 391.016555][T10318] FAULT_INJECTION: forcing a failure. [ 391.016555][T10318] name failslab, interval 1, probability 0, space 0, times 0 [ 391.051587][T10321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1351'. [ 391.061229][T10318] CPU: 1 UID: 0 PID: 10318 Comm: syz.4.1350 Tainted: G L syzkaller #0 PREEMPT(full) [ 391.061247][T10318] Tainted: [L]=SOFTLOCKUP [ 391.061251][T10318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 391.061258][T10318] Call Trace: [ 391.061263][T10318] [ 391.061268][T10318] dump_stack_lvl+0xe8/0x150 [ 391.061285][T10318] should_fail_ex+0x414/0x560 [ 391.061303][T10318] should_failslab+0xa8/0x100 [ 391.061317][T10318] __kmalloc_noprof+0xdf/0x800 [ 391.061327][T10318] ? tomoyo_encode+0x28b/0x550 [ 391.061342][T10318] tomoyo_encode+0x28b/0x550 [ 391.061357][T10318] tomoyo_realpath_from_path+0x58d/0x5d0 [ 391.061370][T10318] ? tomoyo_domain+0xd8/0x130 [ 391.061385][T10318] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 391.061396][T10318] tomoyo_path_number_perm+0x1e8/0x5a0 [ 391.061408][T10318] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 391.061419][T10318] ? __lock_acquire+0x6b6/0x2cf0 [ 391.061431][T10318] ? get_pid_task+0x20/0x1f0 [ 391.061448][T10318] ? get_pid_task+0x20/0x1f0 [ 391.061468][T10318] ? __fget_files+0x2a/0x420 [ 391.061481][T10318] ? __fget_files+0x3a0/0x420 [ 391.061492][T10318] ? __fget_files+0x2a/0x420 [ 391.061505][T10318] security_file_ioctl_compat+0xcb/0x2d0 [ 391.061517][T10318] __ia32_compat_sys_ioctl+0x128/0x840 [ 391.061529][T10318] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 391.061539][T10318] ? __fget_files+0x3a0/0x420 [ 391.061560][T10318] ? fput+0xa0/0xd0 [ 391.061572][T10318] ? ksys_write+0x22a/0x250 [ 391.061582][T10318] ? __pfx_ksys_write+0x10/0x10 [ 391.061597][T10318] __do_fast_syscall_32+0x1dc/0x570 [ 391.061609][T10318] ? lockdep_hardirqs_on+0x7b/0x110 [ 391.061619][T10318] ? do_fast_syscall_32+0x34/0x80 [ 391.061629][T10318] ? irqentry_exit+0x10f/0x670 [ 391.061641][T10318] do_fast_syscall_32+0x34/0x80 [ 391.061652][T10318] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 391.061664][T10318] RIP: 0023:0xf703d539 [ 391.061673][T10318] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 391.061682][T10318] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 391.061694][T10318] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 391.061701][T10318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 391.061707][T10318] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 391.061712][T10318] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 391.061718][T10318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 391.061732][T10318] [ 391.061745][T10318] ERROR: Out of memory at tomoyo_realpath_from_path. [ 391.156047][T10321] macvlan2: entered promiscuous mode [ 391.215441][T10323] netlink: 'syz.3.1351': attribute type 1 has an invalid length. [ 391.354223][T10321] bridge0: entered promiscuous mode [ 391.365167][T10321] bridge0: port 3(macvlan2) entered blocking state [ 391.380139][T10321] bridge0: port 3(macvlan2) entered disabled state [ 391.416082][T10321] macvlan2: entered allmulticast mode [ 391.423947][T10321] bridge0: entered allmulticast mode [ 391.433776][T10321] macvlan2: left allmulticast mode [ 391.444441][T10321] bridge0: left allmulticast mode [ 391.451643][T10321] bridge0: left promiscuous mode [ 392.234474][T10335] syzkaller0: entered promiscuous mode [ 392.259159][T10335] syzkaller0: entered allmulticast mode [ 392.954829][T10354] binder: BINDER_SET_CONTEXT_MGR already set [ 392.972021][T10354] binder: 10353:10354 ioctl 4018620d 80000180 returned -16 [ 393.047943][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'. [ 393.060749][T10356] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1358'. [ 393.116931][ T30] kauditd_printk_skb: 116 callbacks suppressed [ 393.116943][ T30] audit: type=1326 audit(1768215168.007:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.168519][T10356] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1358'. [ 393.208280][ T30] audit: type=1326 audit(1768215168.037:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.273322][ T30] audit: type=1326 audit(1768215168.047:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=447 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.333455][ T30] audit: type=1326 audit(1768215168.047:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.418267][ T30] audit: type=1326 audit(1768215168.047:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.448029][T10363] input: syz1 as /devices/virtual/input/input71 [ 393.561092][ T30] audit: type=1326 audit(1768215168.057:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.592602][ T30] audit: type=1326 audit(1768215168.057:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.619164][ T30] audit: type=1326 audit(1768215168.057:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 393.719468][T10369] binder: 10364:10369 ioctl 4018620d 0 returned -22 [ 393.738860][T10369] binder: 10364:10369 ioctl c0306201 80000080 returned -14 [ 393.870898][T10347] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1359'. [ 393.932378][ T30] audit: type=1326 audit(1768215168.057:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=368 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 394.115141][ T30] audit: type=1326 audit(1768215168.057:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10357 comm="syz.3.1361" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 394.238322][ T980] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 394.328952][ T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 394.418358][ T980] usb 5-1: Using ep0 maxpacket: 32 [ 394.485966][T10369] binder: 10364:10369 ioctl d000941e 0 returned -22 [ 394.540536][ T980] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 394.555231][ T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.608326][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 394.806637][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 394.817040][ T980] usb 5-1: Product: syz [ 394.943442][ T980] usb 5-1: Manufacturer: syz [ 394.963808][ T980] usb 5-1: SerialNumber: syz [ 394.970298][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 395.013929][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 395.060680][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 395.062442][ T980] usb 5-1: config 0 descriptor?? [ 395.127369][ T9] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 395.180213][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.305145][ T9] hub 4-1:1.0: bad descriptor, ignoring hub [ 395.312450][ T980] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 034 [ 395.343009][ T9] hub 4-1:1.0: probe with driver hub failed with error -5 [ 395.373190][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 395.393089][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 395.418403][ T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 395.436705][ T9] cdc_wdm 4-1:1.0: Unknown control protocol [ 396.229610][T10372] i2c i2c-1: failure reading status [ 396.433052][ T5991] usb 5-1: USB disconnect, device number 34 [ 396.627584][T10398] binder: BINDER_SET_CONTEXT_MGR already set [ 396.668685][T10398] binder: 10397:10398 ioctl 4018620d 80000180 returned -16 [ 397.098323][ T5991] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 397.248348][ T5991] usb 1-1: Using ep0 maxpacket: 32 [ 397.303799][ T5991] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 397.614185][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.642454][ T5991] usb 1-1: Product: syz [ 397.660086][T10416] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1375'. [ 397.672499][ T5991] usb 1-1: Manufacturer: syz [ 397.678016][ T5991] usb 1-1: SerialNumber: syz [ 397.687510][ T5991] usb 1-1: config 0 descriptor?? [ 397.689286][T10416] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1375'. [ 397.706636][T10416] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1375'. [ 397.840650][ T6921] usb 4-1: USB disconnect, device number 40 [ 397.930194][ T5991] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 046 [ 398.324966][T10401] i2c i2c-1: failure reading data [ 398.333129][ T980] usb 1-1: USB disconnect, device number 46 [ 399.046051][T10443] binder: 10440:10443 ioctl c0306201 0 returned -14 [ 399.152851][T10445] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1382'. [ 399.162609][T10445] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1382'. [ 399.907593][T10460] input: syz1 as /devices/virtual/input/input72 [ 400.096433][ T5985] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 400.394816][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1388'. [ 400.403779][ T5985] usb 3-1: Using ep0 maxpacket: 8 [ 400.412800][T10464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1388'. [ 400.446759][ T5985] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.488500][ T5985] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 400.557821][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 400.557832][ T30] audit: type=1326 audit(1768215175.447:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 400.652268][ T5985] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 400.663725][ T30] audit: type=1326 audit(1768215175.457:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 400.693952][ T5985] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 400.728306][ T5985] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 400.757875][ T30] audit: type=1326 audit(1768215175.477:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 400.810414][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.894812][T10469] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1389'. [ 401.016835][ T5985] hub 3-1:1.0: bad descriptor, ignoring hub [ 401.032094][ T30] audit: type=1326 audit(1768215175.477:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.058267][ T5985] hub 3-1:1.0: probe with driver hub failed with error -5 [ 401.075905][ T5985] cdc_wdm 3-1:1.0: skipping garbage [ 401.091848][ T5985] cdc_wdm 3-1:1.0: skipping garbage [ 401.148437][ T30] audit: type=1326 audit(1768215175.477:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.189290][ T5985] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 401.206898][ T5985] cdc_wdm 3-1:1.0: Unknown control protocol [ 401.254583][ T30] audit: type=1326 audit(1768215175.477:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.488599][ T30] audit: type=1326 audit(1768215175.477:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.531616][ T30] audit: type=1326 audit(1768215175.477:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.554181][ T30] audit: type=1326 audit(1768215175.487:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 401.620434][T10477] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 401.782676][ T30] audit: type=1326 audit(1768215175.487:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.3.1387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 402.028868][ T5991] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 402.179256][ T5991] usb 4-1: Using ep0 maxpacket: 32 [ 402.187820][ T5991] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 402.197311][ T5991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.213341][ T5991] usb 4-1: Product: syz [ 402.221264][ T5991] usb 4-1: Manufacturer: syz [ 402.230883][ T5991] usb 4-1: SerialNumber: syz [ 402.250436][ T5991] usb 4-1: config 0 descriptor?? [ 402.600323][ T5991] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 041 [ 402.767800][T10484] binder: 10483:10484 ioctl c0306201 0 returned -14 [ 402.853241][T10481] i2c i2c-1: failure reading data [ 402.861291][ T129] usb 4-1: USB disconnect, device number 41 [ 402.990797][ T5985] usb 3-1: USB disconnect, device number 29 [ 403.064913][T10493] FAULT_INJECTION: forcing a failure. [ 403.064913][T10493] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.079290][T10493] CPU: 1 UID: 0 PID: 10493 Comm: syz.1.1397 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.079319][T10493] Tainted: [L]=SOFTLOCKUP [ 403.079326][T10493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.079335][T10493] Call Trace: [ 403.079343][T10493] [ 403.079350][T10493] dump_stack_lvl+0xe8/0x150 [ 403.079386][T10493] should_fail_ex+0x414/0x560 [ 403.079416][T10493] _copy_from_user+0x2d/0xb0 [ 403.079437][T10493] get_compat_msghdr+0xad/0x4a0 [ 403.079462][T10493] ? __pfx_get_compat_msghdr+0x10/0x10 [ 403.079483][T10493] ? kstrtouint+0x6e/0xe0 [ 403.079519][T10493] ___sys_sendmsg+0x193/0x2a0 [ 403.079539][T10493] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.079553][T10493] ? get_pid_task+0x20/0x1f0 [ 403.079568][T10493] ? get_pid_task+0x20/0x1f0 [ 403.079581][T10493] ? get_pid_task+0x20/0x1f0 [ 403.079616][T10493] ? __fget_files+0x2a/0x420 [ 403.079632][T10493] ? __fget_files+0x3a0/0x420 [ 403.079653][T10493] __sys_sendmsg+0x164/0x220 [ 403.079670][T10493] ? __pfx___sys_sendmsg+0x10/0x10 [ 403.079692][T10493] ? __pfx_ksys_write+0x10/0x10 [ 403.079713][T10493] __do_fast_syscall_32+0x1dc/0x570 [ 403.079730][T10493] ? lockdep_hardirqs_on+0x7b/0x110 [ 403.079743][T10493] ? do_fast_syscall_32+0x34/0x80 [ 403.079757][T10493] ? irqentry_exit+0x10f/0x670 [ 403.079774][T10493] do_fast_syscall_32+0x34/0x80 [ 403.079790][T10493] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 403.079807][T10493] RIP: 0023:0xf703d539 [ 403.079828][T10493] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 403.079840][T10493] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 403.079855][T10493] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000b80 [ 403.079864][T10493] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 403.079872][T10493] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.079879][T10493] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 403.079887][T10493] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.079906][T10493] [ 403.428590][T10497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'. [ 403.451965][T10497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'. [ 403.944104][T10510] FAULT_INJECTION: forcing a failure. [ 403.944104][T10510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.958995][T10510] CPU: 1 UID: 0 PID: 10510 Comm: syz.2.1403 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.959025][T10510] Tainted: [L]=SOFTLOCKUP [ 403.959032][T10510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.959043][T10510] Call Trace: [ 403.959051][T10510] [ 403.959059][T10510] dump_stack_lvl+0xe8/0x150 [ 403.959086][T10510] should_fail_ex+0x414/0x560 [ 403.959116][T10510] _copy_from_user+0x2d/0xb0 [ 403.959139][T10510] move_addr_to_kernel+0x7e/0x160 [ 403.959165][T10510] get_compat_msghdr+0x3bd/0x4a0 [ 403.959193][T10510] ? __pfx_get_compat_msghdr+0x10/0x10 [ 403.959217][T10510] ? kstrtouint+0x6e/0xe0 [ 403.959247][T10510] ___sys_sendmsg+0x193/0x2a0 [ 403.959271][T10510] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.959290][T10510] ? get_pid_task+0x20/0x1f0 [ 403.959311][T10510] ? get_pid_task+0x20/0x1f0 [ 403.959337][T10510] ? get_pid_task+0x20/0x1f0 [ 403.959384][T10510] ? __fget_files+0x2a/0x420 [ 403.959404][T10510] ? __fget_files+0x3a0/0x420 [ 403.959434][T10510] __sys_sendmsg+0x164/0x220 [ 403.959457][T10510] ? __pfx___sys_sendmsg+0x10/0x10 [ 403.959486][T10510] ? __pfx_ksys_write+0x10/0x10 [ 403.959513][T10510] __do_fast_syscall_32+0x1dc/0x570 [ 403.959533][T10510] ? lockdep_hardirqs_on+0x7b/0x110 [ 403.959551][T10510] ? do_fast_syscall_32+0x34/0x80 [ 403.959569][T10510] ? irqentry_exit+0x10f/0x670 [ 403.959590][T10510] do_fast_syscall_32+0x34/0x80 [ 403.959609][T10510] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 403.959631][T10510] RIP: 0023:0xf70bd539 [ 403.959646][T10510] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 403.959660][T10510] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 403.959680][T10510] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280 [ 403.959692][T10510] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000 [ 403.959703][T10510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.959714][T10510] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 403.959726][T10510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.959752][T10510] [ 405.569652][ T129] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 405.596694][T10528] binder: 10527:10528 ioctl c0306201 0 returned -14 [ 405.778350][ T129] usb 3-1: Using ep0 maxpacket: 8 [ 405.788313][ T129] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 405.799101][ T129] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 405.827958][ T129] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 405.865160][ T129] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 405.909902][ T129] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 406.055142][ T129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.320733][ T129] hub 3-1:1.0: bad descriptor, ignoring hub [ 406.328604][T10537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1412'. [ 406.337304][ T129] hub 3-1:1.0: probe with driver hub failed with error -5 [ 406.345609][ T129] cdc_wdm 3-1:1.0: skipping garbage [ 406.350978][ T129] cdc_wdm 3-1:1.0: skipping garbage [ 406.357990][ T129] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 406.364389][ T129] cdc_wdm 3-1:1.0: Unknown control protocol [ 406.741815][T10546] input: syz0 as /devices/virtual/input/input73 [ 408.179043][ T5991] usb 3-1: USB disconnect, device number 30 [ 408.379703][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1422'. [ 408.390848][T10571] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1422'. [ 408.408402][T10571] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1422'. [ 409.206915][T10570] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1423'. [ 409.449208][T10580] FAULT_INJECTION: forcing a failure. [ 409.449208][T10580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 409.492851][T10580] CPU: 0 UID: 0 PID: 10580 Comm: syz.0.1425 Tainted: G L syzkaller #0 PREEMPT(full) [ 409.492902][T10580] Tainted: [L]=SOFTLOCKUP [ 409.492915][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 409.492935][T10580] Call Trace: [ 409.492945][T10580] [ 409.492951][T10580] dump_stack_lvl+0xe8/0x150 [ 409.492975][T10580] should_fail_ex+0x414/0x560 [ 409.493003][T10580] _copy_from_user+0x2d/0xb0 [ 409.493025][T10580] get_compat_msghdr+0xad/0x4a0 [ 409.493052][T10580] ? __pfx_get_compat_msghdr+0x10/0x10 [ 409.493072][T10580] ? kstrtouint+0x6e/0xe0 [ 409.493089][T10580] ___sys_sendmsg+0x193/0x2a0 [ 409.493103][T10580] ? __pfx____sys_sendmsg+0x10/0x10 [ 409.493114][T10580] ? get_pid_task+0x20/0x1f0 [ 409.493126][T10580] ? get_pid_task+0x20/0x1f0 [ 409.493136][T10580] ? get_pid_task+0x20/0x1f0 [ 409.493160][T10580] ? __fget_files+0x2a/0x420 [ 409.493172][T10580] ? __fget_files+0x3a0/0x420 [ 409.493187][T10580] __sys_sendmsg+0x164/0x220 [ 409.493199][T10580] ? __pfx___sys_sendmsg+0x10/0x10 [ 409.493215][T10580] ? __pfx_ksys_write+0x10/0x10 [ 409.493229][T10580] __do_fast_syscall_32+0x1dc/0x570 [ 409.493241][T10580] ? lockdep_hardirqs_on+0x7b/0x110 [ 409.493250][T10580] ? do_fast_syscall_32+0x34/0x80 [ 409.493260][T10580] ? irqentry_exit+0x10f/0x670 [ 409.493272][T10580] do_fast_syscall_32+0x34/0x80 [ 409.493283][T10580] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.493295][T10580] RIP: 0023:0xf707d539 [ 409.493304][T10580] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 409.493313][T10580] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 409.493324][T10580] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006ec0 [ 409.493331][T10580] RDX: 0000000000000804 RSI: 0000000000000000 RDI: 0000000000000000 [ 409.493337][T10580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 409.493343][T10580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 409.493349][T10580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 409.493362][T10580] [ 409.758824][T10581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1424'. [ 410.000510][T10584] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1421'. [ 410.171429][T10596] input: syz1 as /devices/virtual/input/input74 [ 410.835525][ T5985] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 411.020955][ T5985] usb 2-1: Using ep0 maxpacket: 8 [ 411.055635][ T5985] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 411.103147][ T5985] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 411.146503][ T5985] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 411.254229][ T5985] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 411.358936][ T5985] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 411.395241][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.443213][ T5985] hub 2-1:1.0: bad descriptor, ignoring hub [ 411.466357][T10612] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1435'. [ 411.516190][ T5985] hub 2-1:1.0: probe with driver hub failed with error -5 [ 411.533169][T10612] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1435'. [ 411.538951][ T5985] cdc_wdm 2-1:1.0: skipping garbage [ 411.568840][ T5985] cdc_wdm 2-1:1.0: skipping garbage [ 411.600137][ T5985] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 411.611939][ T5985] cdc_wdm 2-1:1.0: Unknown control protocol [ 412.656647][ T30] kauditd_printk_skb: 89 callbacks suppressed [ 412.656663][ T30] audit: type=1326 audit(1768215187.547:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 412.773453][ T30] audit: type=1326 audit(1768215187.617:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 412.842200][ T30] audit: type=1326 audit(1768215187.617:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 412.917085][ T30] audit: type=1326 audit(1768215187.617:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.014787][ T30] audit: type=1326 audit(1768215187.617:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.064265][ T30] audit: type=1326 audit(1768215187.617:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.101148][T10627] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 413.130154][T10627] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1440'. [ 413.166408][ T30] audit: type=1326 audit(1768215187.617:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=368 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.189928][T10627] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 413.306872][ T30] audit: type=1326 audit(1768215187.617:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.402026][ T30] audit: type=1326 audit(1768215187.617:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.475541][ T30] audit: type=1326 audit(1768215187.617:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10621 comm="syz.3.1438" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf703d539 code=0x7ffc0000 [ 413.633230][ T5985] usb 2-1: USB disconnect, device number 31 [ 413.944048][T10644] FAULT_INJECTION: forcing a failure. [ 413.944048][T10644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 413.982480][T10644] CPU: 1 UID: 0 PID: 10644 Comm: syz.3.1447 Tainted: G L syzkaller #0 PREEMPT(full) [ 413.982514][T10644] Tainted: [L]=SOFTLOCKUP [ 413.982521][T10644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 413.982534][T10644] Call Trace: [ 413.982542][T10644] [ 413.982557][T10644] dump_stack_lvl+0xe8/0x150 [ 413.982585][T10644] should_fail_ex+0x414/0x560 [ 413.982616][T10644] _copy_from_user+0x2d/0xb0 [ 413.982639][T10644] snd_seq_write+0x300/0x810 [ 413.982675][T10644] ? __pfx_snd_seq_write+0x10/0x10 [ 413.982700][T10644] ? bpf_lsm_file_permission+0x9/0x20 [ 413.982718][T10644] ? security_file_permission+0x75/0x290 [ 413.982738][T10644] ? rw_verify_area+0x255/0x4d0 [ 413.982764][T10644] ? __pfx_snd_seq_write+0x10/0x10 [ 413.982789][T10644] vfs_write+0x27e/0xb30 [ 413.982814][T10644] ? __pfx_vfs_write+0x10/0x10 [ 413.982834][T10644] ? __fget_files+0x2a/0x420 [ 413.982857][T10644] ? __fget_files+0x2a/0x420 [ 413.982877][T10644] ? __fget_files+0x3a0/0x420 [ 413.982897][T10644] ? __fget_files+0x2a/0x420 [ 413.982925][T10644] ksys_write+0x145/0x250 [ 413.982945][T10644] ? __pfx_ksys_write+0x10/0x10 [ 413.982973][T10644] __do_fast_syscall_32+0x1dc/0x570 [ 413.982993][T10644] ? lockdep_hardirqs_on+0x7b/0x110 [ 413.983010][T10644] ? do_fast_syscall_32+0x34/0x80 [ 413.983030][T10644] ? irqentry_exit+0x10f/0x670 [ 413.983051][T10644] do_fast_syscall_32+0x34/0x80 [ 413.983072][T10644] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.983091][T10644] RIP: 0023:0xf703d539 [ 413.983108][T10644] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 413.983123][T10644] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 413.983143][T10644] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 413.983156][T10644] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 413.983168][T10644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.983178][T10644] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 413.983190][T10644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.983217][T10644] [ 414.296827][T10633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1437'. [ 414.702443][T10650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1445'. [ 415.370331][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 415.389471][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 415.408352][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 415.422985][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 415.442140][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 415.503795][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 415.511110][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 415.518760][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 415.526904][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 415.539327][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 416.010657][T10655] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1446'. [ 416.344971][T10664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1451'. [ 416.599755][ T5991] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 416.758397][ T5991] usb 3-1: Using ep0 maxpacket: 16 [ 416.802807][ T5991] usb 3-1: config 0 has an invalid interface number: 49 but max is 0 [ 416.842110][ T5991] usb 3-1: config 0 has no interface number 0 [ 416.876199][ T5991] usb 3-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 416.931578][ T5991] usb 3-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0x69, changing to 0x9 [ 416.970179][ T5991] usb 3-1: config 0 interface 49 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 417.040604][T10677] FAULT_INJECTION: forcing a failure. [ 417.040604][T10677] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.069931][ T5991] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 417.100196][ T5991] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.103148][T10677] CPU: 1 UID: 0 PID: 10677 Comm: syz.1.1454 Tainted: G L syzkaller #0 PREEMPT(full) [ 417.103175][T10677] Tainted: [L]=SOFTLOCKUP [ 417.103183][T10677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 417.103194][T10677] Call Trace: [ 417.103202][T10677] [ 417.103210][T10677] dump_stack_lvl+0xe8/0x150 [ 417.103236][T10677] should_fail_ex+0x414/0x560 [ 417.103265][T10677] _copy_from_user+0x2d/0xb0 [ 417.103287][T10677] load_msg+0x1f5/0x3b0 [ 417.103357][T10677] do_msgsnd+0x19a/0x13d0 [ 417.103381][T10677] ? __pfx_vfs_write+0x10/0x10 [ 417.103401][T10677] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 417.103426][T10677] ? __might_fault+0xb0/0x130 [ 417.103450][T10677] ? __might_fault+0xb0/0x130 [ 417.103475][T10677] ? __pfx_do_msgsnd+0x10/0x10 [ 417.103499][T10677] ? __might_fault+0xb0/0x130 [ 417.103525][T10677] ? __ia32_compat_sys_msgsnd+0xed/0x120 [ 417.103551][T10677] __do_fast_syscall_32+0x1dc/0x570 [ 417.103569][T10677] ? lockdep_hardirqs_on+0x7b/0x110 [ 417.103585][T10677] ? do_fast_syscall_32+0x34/0x80 [ 417.103603][T10677] ? irqentry_exit+0x10f/0x670 [ 417.103623][T10677] do_fast_syscall_32+0x34/0x80 [ 417.103642][T10677] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 417.103662][T10677] RIP: 0023:0xf703d539 [ 417.103679][T10677] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 417.103693][T10677] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000190 [ 417.103712][T10677] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080001000 [ 417.103724][T10677] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 417.103735][T10677] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 417.103745][T10677] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 417.103756][T10677] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 417.103781][T10677] [ 417.495140][T10661] chnl_net:caif_netlink_parms(): no params data found [ 417.568445][ T5834] Bluetooth: hci5: command tx timeout [ 417.609809][T10683] input: syz1 as /devices/virtual/input/input75 [ 417.698369][ T6921] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 417.706278][ T5991] usb 3-1: Product: syz [ 417.748450][ T5991] usb 3-1: Manufacturer: syz [ 417.753083][ T5991] usb 3-1: SerialNumber: syz [ 417.803800][ T5991] usb 3-1: config 0 descriptor?? [ 417.815382][T10667] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 417.868323][ T6921] usb 1-1: Using ep0 maxpacket: 8 [ 417.889600][T10693] loop5: detected capacity change from 0 to 7 [ 417.928133][T10693] Dev loop5: unable to read RDB block 7 [ 417.934399][T10693] loop5: AHDI p3 [ 417.938337][T10693] loop5: partition table partially beyond EOD, truncated [ 417.960782][ T6921] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 418.000401][ T6921] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 418.019277][ T6921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 418.069573][ T5991] usb 3-1: USB disconnect, device number 31 [ 418.075739][ T6921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 418.138448][ T6921] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 418.218400][ T6921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.314766][T10661] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.323424][ T6921] hub 1-1:1.0: bad descriptor, ignoring hub [ 418.362640][T10661] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.373394][ T6921] hub 1-1:1.0: probe with driver hub failed with error -5 [ 418.464235][T10661] bridge_slave_0: entered allmulticast mode [ 418.499566][ T6921] cdc_wdm 1-1:1.0: skipping garbage [ 418.508567][T10661] bridge_slave_0: entered promiscuous mode [ 418.535984][ T6921] cdc_wdm 1-1:1.0: skipping garbage [ 418.567251][ T6921] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 418.573599][T10661] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.581437][T10661] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.645569][ T6921] cdc_wdm 1-1:1.0: Unknown control protocol [ 418.653538][T10661] bridge_slave_1: entered allmulticast mode [ 418.807390][T10661] bridge_slave_1: entered promiscuous mode [ 418.933520][T10661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.973877][T10661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 419.291666][T10661] team0: Port device team_slave_0 added [ 419.330761][T10661] team0: Port device team_slave_1 added [ 419.525874][T10661] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.556134][T10661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 419.638497][ T5834] Bluetooth: hci5: command tx timeout [ 419.672332][T10661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 419.685230][T10661] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 419.692458][T10661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 419.757508][T10661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.249224][ T5991] usb 1-1: USB disconnect, device number 47 [ 420.568387][T10710] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1463'. [ 420.587696][T10710] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1463'. [ 420.600920][T10710] netlink: 'syz.3.1463': attribute type 3 has an invalid length. [ 420.626618][T10714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1464'. [ 420.635777][T10710] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1463'. [ 420.656743][T10714] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1464'. [ 420.863703][T10717] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1461'. [ 421.428687][T10724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1460'. [ 421.597882][T10661] hsr_slave_0: entered promiscuous mode [ 421.748563][ T5834] Bluetooth: hci5: command tx timeout [ 421.870130][T10661] hsr_slave_1: entered promiscuous mode [ 421.876618][T10661] debugfs: 'hsr0' already exists in 'hsr' [ 422.008290][T10661] Cannot create hsr debugfs directory [ 422.561454][T10731] input: syz1 as /devices/virtual/input/input76 [ 423.677250][T10661] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 423.747799][T10661] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 423.798781][ T5834] Bluetooth: hci5: command tx timeout [ 423.827944][T10661] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 423.847951][T10748] FAULT_INJECTION: forcing a failure. [ 423.847951][T10748] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.888464][T10748] CPU: 0 UID: 0 PID: 10748 Comm: syz.3.1476 Tainted: G L syzkaller #0 PREEMPT(full) [ 423.888495][T10748] Tainted: [L]=SOFTLOCKUP [ 423.888502][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 423.888512][T10748] Call Trace: [ 423.888520][T10748] [ 423.888529][T10748] dump_stack_lvl+0xe8/0x150 [ 423.888555][T10748] should_fail_ex+0x414/0x560 [ 423.888590][T10748] _copy_from_user+0x2d/0xb0 [ 423.888612][T10748] kstrtouint_from_user+0xc4/0x170 [ 423.888635][T10748] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 423.888681][T10748] proc_fail_nth_write+0x88/0x200 [ 423.888700][T10748] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 423.888723][T10748] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 423.888746][T10748] vfs_write+0x27e/0xb30 [ 423.888771][T10748] ? __pfx_vfs_write+0x10/0x10 [ 423.888790][T10748] ? __fget_files+0x2a/0x420 [ 423.888820][T10748] ? __fget_files+0x3a0/0x420 [ 423.888855][T10748] ? __fget_files+0x2a/0x420 [ 423.888882][T10748] ksys_write+0x145/0x250 [ 423.888902][T10748] ? __pfx_ksys_write+0x10/0x10 [ 423.888929][T10748] __do_fast_syscall_32+0x1dc/0x570 [ 423.888948][T10748] ? lockdep_hardirqs_on+0x7b/0x110 [ 423.888962][T10748] ? do_fast_syscall_32+0x34/0x80 [ 423.888979][T10748] ? irqentry_exit+0x10f/0x670 [ 423.889000][T10748] do_fast_syscall_32+0x34/0x80 [ 423.889020][T10748] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 423.889040][T10748] RIP: 0023:0xf703d539 [ 423.889056][T10748] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 423.889071][T10748] RSP: 002b:00000000f542d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 423.889087][T10748] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542d620 [ 423.889099][T10748] RDX: 0000000000000001 RSI: 00000000f73d6ff4 RDI: 0000000000000000 [ 423.889109][T10748] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 423.889120][T10748] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 423.889130][T10748] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.889156][T10748] [ 424.198879][T10661] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 424.316209][T10753] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'. [ 424.690294][T10770] FAULT_INJECTION: forcing a failure. [ 424.690294][T10770] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 424.759053][T10770] CPU: 0 UID: 0 PID: 10770 Comm: syz.0.1481 Tainted: G L syzkaller #0 PREEMPT(full) [ 424.759083][T10770] Tainted: [L]=SOFTLOCKUP [ 424.759090][T10770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 424.759102][T10770] Call Trace: [ 424.759110][T10770] [ 424.759118][T10770] dump_stack_lvl+0xe8/0x150 [ 424.759145][T10770] should_fail_ex+0x414/0x560 [ 424.759175][T10770] _copy_to_user+0x31/0xb0 [ 424.759198][T10770] simple_read_from_buffer+0xe1/0x170 [ 424.759221][T10770] proc_fail_nth_read+0x1b3/0x220 [ 424.759242][T10770] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.759264][T10770] ? rw_verify_area+0x2a6/0x4d0 [ 424.759287][T10770] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.759306][T10770] vfs_read+0x200/0xa30 [ 424.759323][T10770] ? fdget_pos+0x247/0x320 [ 424.759348][T10770] ? __pfx___mutex_lock+0x10/0x10 [ 424.759367][T10770] ? __pfx_vfs_read+0x10/0x10 [ 424.759385][T10770] ? __fget_files+0x2a/0x420 [ 424.759409][T10770] ? __fget_files+0x3a0/0x420 [ 424.759429][T10770] ? __fget_files+0x2a/0x420 [ 424.759456][T10770] ksys_read+0x145/0x250 [ 424.759475][T10770] ? __pfx_ksys_read+0x10/0x10 [ 424.759509][T10770] __do_fast_syscall_32+0x1dc/0x570 [ 424.759529][T10770] ? lockdep_hardirqs_on+0x7b/0x110 [ 424.759546][T10770] ? do_fast_syscall_32+0x34/0x80 [ 424.759564][T10770] ? irqentry_exit+0x10f/0x670 [ 424.759586][T10770] do_fast_syscall_32+0x34/0x80 [ 424.759606][T10770] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 424.759626][T10770] RIP: 0023:0xf707d539 [ 424.759640][T10770] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 424.759654][T10770] RSP: 002b:00000000f546d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 424.759673][T10770] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f546d620 [ 424.759686][T10770] RDX: 000000000000000f RSI: 00000000f7416ff4 RDI: 0000000000000000 [ 424.759698][T10770] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 424.759708][T10770] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 424.759720][T10770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 424.759746][T10770] [ 424.780838][T10661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.135849][T10661] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.259140][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.266262][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.329520][ T3001] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.336730][ T3001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.782705][T10661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.950829][T10661] veth0_vlan: entered promiscuous mode [ 426.000697][T10661] veth1_vlan: entered promiscuous mode [ 426.170109][T10661] veth0_macvtap: entered promiscuous mode [ 426.224718][T10661] veth1_macvtap: entered promiscuous mode [ 426.301518][T10787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1486'. [ 426.320609][T10661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.366373][T10661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.393188][T10788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1486'. [ 426.467412][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.501295][T10787] ------------[ cut here ]------------ [ 426.506828][T10787] WARNING: net/netfilter/core.c:329 at nf_hook_entry_head+0x23e/0x2c0, CPU#0: syz.2.1486/10787 [ 426.517848][T10787] Modules linked in: [ 426.522456][T10787] CPU: 0 UID: 0 PID: 10787 Comm: syz.2.1486 Tainted: G L syzkaller #0 PREEMPT(full) [ 426.533625][T10787] Tainted: [L]=SOFTLOCKUP [ 426.539201][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 426.549636][T10787] RIP: 0010:nf_hook_entry_head+0x23e/0x2c0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 426.555700][T10787] Code: 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 0d 4b a7 f8 4d 39 37 74 36 e8 83 28 41 f8 90 <0f> 0b 90 31 db 48 89 d8 5b 41 5e 41 5f 5d e9 3f d0 dc 01 cc e8 69 [ 426.575451][T10787] RSP: 0018:ffffc90003746ee0 EFLAGS: 00010287 [ 426.582001][T10787] RAX: ffffffff897fcf8b RBX: ffff888056d34000 RCX: 0000000000080000 [ 426.590538][T10787] RDX: ffffc9000c529000 RSI: 000000000000443b RDI: 000000000000443c [ 426.598747][T10787] RBP: 0000000000000000 R08: ffff888032c48000 R09: 0000000000000006 [ 426.606746][T10787] R10: 000000000000000a R11: 0000000000000002 R12: ffff888028aea5c0 [ 426.614782][T10787] R13: 0000000000000005 R14: ffff888028aea5c0 R15: ffff888056d34108 [ 426.622787][T10787] FS: 0000000000000000(0000) GS:ffff888125e1f000(0063) knlGS:00000000f54adb40 [ 426.631769][T10787] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 426.638413][T10787] CR2: 000000000c2eb938 CR3: 000000003560c000 CR4: 00000000003526f0 [ 426.646383][T10787] DR0: 0000000000000004 DR1: 0000000000000000 DR2: 0000000000000000 [ 426.654401][T10787] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 426.662413][T10787] Call Trace: [ 426.665683][T10787] [ 426.668686][T10787] __nf_unregister_net_hook+0x74/0x6f0 [ 426.674170][T10787] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 426.680612][T10787] nf_tables_commit+0x415e/0xa350 [ 426.685866][T10787] ? nft_pernet+0x23/0x240 [ 426.690636][T10787] ? __pfx_nf_tables_commit+0x10/0x10 [ 426.696005][T10787] ? nft_pernet+0x23/0x240 [ 426.700517][T10787] ? nft_pernet+0x23/0x240 [ 426.704921][T10787] ? nft_pernet+0x23/0x240 [ 426.709393][T10787] ? nft_trans_commit_list_add_tail+0x179/0x520 [ 426.715621][T10787] ? nft_flush_table+0xd06/0xea0 [ 426.720597][T10787] ? nf_tables_deltable+0x674/0xe10 [ 426.725782][T10787] ? __pfx_nf_tables_deltable+0x10/0x10 [ 426.731377][T10787] nfnetlink_rcv+0x1ac9/0x2590 [ 426.736154][T10787] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 426.741386][T10787] ? ref_tracker_free+0x63a/0x7d0 [ 426.746429][T10787] ? __netlink_deliver_tap+0x807/0x850 [ 426.751962][T10787] ? netlink_deliver_tap+0x2e/0x1b0 [ 426.757253][T10787] netlink_unicast+0x82f/0x9e0 [ 426.762309][T10787] ? __pfx_netlink_unicast+0x10/0x10 [ 426.767610][T10787] ? __alloc_skb+0x198/0x3a0 [ 426.772286][T10787] ? netlink_sendmsg+0x642/0xb30 [ 426.777231][T10787] ? skb_put+0x11b/0x210 [ 426.780203][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.781604][T10787] netlink_sendmsg+0x805/0xb30 [ 426.795509][T10787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.801135][T10787] ? __import_iovec+0x5d4/0x7f0 [ 426.805984][T10787] ? aa_sock_msg_perm+0xf1/0x1b0 [ 426.810977][T10787] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 426.816253][T10787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.821566][T10787] __sock_sendmsg+0x21c/0x270 [ 426.826239][T10787] ____sys_sendmsg+0x505/0x820 [ 426.831044][T10787] ? __pfx_____sys_sendmsg+0x10/0x10 [ 426.836343][T10787] ? __pfx_futex_wake_mark+0x10/0x10 [ 426.841842][T10787] ___sys_sendmsg+0x21f/0x2a0 [ 426.846528][T10787] ? __pfx____sys_sendmsg+0x10/0x10 [ 426.851884][T10787] ? futex_wait+0x285/0x360 [ 426.856405][T10787] ? __fget_files+0x2a/0x420 [ 426.861049][T10787] ? __fget_files+0x3a0/0x420 [ 426.865718][T10787] __sys_sendmsg+0x164/0x220 [ 426.870351][T10787] ? __pfx___sys_sendmsg+0x10/0x10 [ 426.875453][T10787] ? rcu_is_watching+0x15/0xb0 [ 426.880538][T10787] __do_fast_syscall_32+0x1dc/0x570 [ 426.885766][T10787] ? lockdep_hardirqs_on+0x7b/0x110 [ 426.891287][T10787] ? do_fast_syscall_32+0x34/0x80 [ 426.896318][T10787] ? irqentry_exit+0x10f/0x670 [ 426.901390][T10787] do_fast_syscall_32+0x34/0x80 [ 426.906251][T10787] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 426.912681][T10787] RIP: 0023:0xf70bd539 [ 426.916747][T10787] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 426.936693][T10787] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 426.945146][T10787] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 426.953158][T10787] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 426.961187][T10787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 426.969277][T10787] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 426.977246][T10787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 426.985338][T10787] [ 426.988440][T10787] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 426.995720][T10787] CPU: 0 UID: 0 PID: 10787 Comm: syz.2.1486 Tainted: G L syzkaller #0 PREEMPT(full) [ 427.006667][T10787] Tainted: [L]=SOFTLOCKUP [ 427.010983][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 427.021043][T10787] Call Trace: [ 427.024322][T10787] [ 427.027235][T10787] vpanic+0x1e0/0x670 [ 427.031209][T10787] panic+0xb9/0xc0 [ 427.034911][T10787] ? __pfx_panic+0x10/0x10 [ 427.039342][T10787] __warn+0x317/0x4b0 [ 427.043306][T10787] ? nf_hook_entry_head+0x23e/0x2c0 [ 427.048503][T10787] ? nf_hook_entry_head+0x23e/0x2c0 [ 427.053700][T10787] __report_bug+0x288/0x500 [ 427.058258][T10787] ? nf_hook_entry_head+0x23e/0x2c0 [ 427.063500][T10787] ? __pfx___report_bug+0x10/0x10 [ 427.068520][T10787] ? nf_flow_offload_xdp_setup+0x68a/0x690 [ 427.074755][T10787] ? kfree+0x1c0/0x660 [ 427.078821][T10787] ? nf_flow_offload_xdp_setup+0x68a/0x690 [ 427.084635][T10787] ? nf_hook_entry_head+0x23e/0x2c0 [ 427.089819][T10787] report_bug+0x16a/0x220 [ 427.094139][T10787] ? nf_hook_entry_head+0x23e/0x2c0 [ 427.099357][T10787] ? nf_hook_entry_head+0x240/0x2c0 [ 427.104548][T10787] handle_bug+0x98/0x200 [ 427.108817][T10787] exc_invalid_op+0x1a/0x50 [ 427.113389][T10787] asm_exc_invalid_op+0x1a/0x20 [ 427.118224][T10787] RIP: 0010:nf_hook_entry_head+0x23e/0x2c0 [ 427.124039][T10787] Code: 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 0d 4b a7 f8 4d 39 37 74 36 e8 83 28 41 f8 90 <0f> 0b 90 31 db 48 89 d8 5b 41 5e 41 5f 5d e9 3f d0 dc 01 cc e8 69 [ 427.143651][T10787] RSP: 0018:ffffc90003746ee0 EFLAGS: 00010287 [ 427.149716][T10787] RAX: ffffffff897fcf8b RBX: ffff888056d34000 RCX: 0000000000080000 [ 427.157683][T10787] RDX: ffffc9000c529000 RSI: 000000000000443b RDI: 000000000000443c [ 427.165642][T10787] RBP: 0000000000000000 R08: ffff888032c48000 R09: 0000000000000006 [ 427.173686][T10787] R10: 000000000000000a R11: 0000000000000002 R12: ffff888028aea5c0 [ 427.181667][T10787] R13: 0000000000000005 R14: ffff888028aea5c0 R15: ffff888056d34108 [ 427.189650][T10787] ? nf_hook_entry_head+0x1fb/0x2c0 [ 427.194858][T10787] __nf_unregister_net_hook+0x74/0x6f0 [ 427.200319][T10787] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 427.206649][T10787] nf_tables_commit+0x415e/0xa350 [ 427.211716][T10787] ? nft_pernet+0x23/0x240 [ 427.216153][T10787] ? __pfx_nf_tables_commit+0x10/0x10 [ 427.221506][T10787] ? nft_pernet+0x23/0x240 [ 427.225903][T10787] ? nft_pernet+0x23/0x240 [ 427.230297][T10787] ? nft_pernet+0x23/0x240 [ 427.234698][T10787] ? nft_trans_commit_list_add_tail+0x179/0x520 [ 427.240922][T10787] ? nft_flush_table+0xd06/0xea0 [ 427.245845][T10787] ? nf_tables_deltable+0x674/0xe10 [ 427.251027][T10787] ? __pfx_nf_tables_deltable+0x10/0x10 [ 427.256567][T10787] nfnetlink_rcv+0x1ac9/0x2590 [ 427.261331][T10787] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 427.266442][T10787] ? ref_tracker_free+0x63a/0x7d0 [ 427.271567][T10787] ? __netlink_deliver_tap+0x807/0x850 [ 427.277033][T10787] ? netlink_deliver_tap+0x2e/0x1b0 [ 427.282244][T10787] netlink_unicast+0x82f/0x9e0 [ 427.287000][T10787] ? __pfx_netlink_unicast+0x10/0x10 [ 427.292367][T10787] ? __alloc_skb+0x198/0x3a0 [ 427.296958][T10787] ? netlink_sendmsg+0x642/0xb30 [ 427.301930][T10787] ? skb_put+0x11b/0x210 [ 427.306184][T10787] netlink_sendmsg+0x805/0xb30 [ 427.310955][T10787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.316244][T10787] ? __import_iovec+0x5d4/0x7f0 [ 427.321267][T10787] ? aa_sock_msg_perm+0xf1/0x1b0 [ 427.326189][T10787] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 427.331455][T10787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.336737][T10787] __sock_sendmsg+0x21c/0x270 [ 427.341424][T10787] ____sys_sendmsg+0x505/0x820 [ 427.346188][T10787] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.351467][T10787] ? __pfx_futex_wake_mark+0x10/0x10 [ 427.356752][T10787] ___sys_sendmsg+0x21f/0x2a0 [ 427.361415][T10787] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.366601][T10787] ? futex_wait+0x285/0x360 [ 427.371126][T10787] ? __fget_files+0x2a/0x420 [ 427.375698][T10787] ? __fget_files+0x3a0/0x420 [ 427.380360][T10787] __sys_sendmsg+0x164/0x220 [ 427.384934][T10787] ? __pfx___sys_sendmsg+0x10/0x10 [ 427.390033][T10787] ? rcu_is_watching+0x15/0xb0 [ 427.394801][T10787] __do_fast_syscall_32+0x1dc/0x570 [ 427.400007][T10787] ? lockdep_hardirqs_on+0x7b/0x110 [ 427.405203][T10787] ? do_fast_syscall_32+0x34/0x80 [ 427.410226][T10787] ? irqentry_exit+0x10f/0x670 [ 427.414984][T10787] do_fast_syscall_32+0x34/0x80 [ 427.419826][T10787] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 427.426141][T10787] RIP: 0023:0xf70bd539 [ 427.430195][T10787] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 427.449807][T10787] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 427.458215][T10787] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 427.466204][T10787] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 427.474177][T10787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.482146][T10787] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 427.490116][T10787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 427.498099][T10787] [ 427.501523][T10787] Kernel Offset: disabled [ 427.505841][T10787] Rebooting in 86400 seconds..