last executing test programs: 15.668050444s ago: executing program 1 (id=1858): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e90200", 0x87}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 14.77314732s ago: executing program 1 (id=1860): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setresuid(0xee00, 0xee01, 0xee01) (fail_nth: 1) 12.802561495s ago: executing program 1 (id=1862): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xd, &(0x7f0000000540)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @printk={@ld={0x18, 0x0}, {}, {0x5}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}, {0x85, 0x0, 0x0, 0x8b}}]}, &(0x7f0000000180)='syzkaller\x00', 0x6}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = creat(&(0x7f0000000240)='./file1\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x5}, 0x94) io_setup(0x200, &(0x7f0000000140)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r2, 0x0}]) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x4000, &(0x7f0000000200)='workdir') prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) setresuid(0xee00, 0xee01, 0xee01) 11.354624469s ago: executing program 4 (id=1874): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3", 0x89}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRES32, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 11.071361619s ago: executing program 4 (id=1877): socketpair$unix(0x1, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) close(0x3) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000100000040"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000700), 0x5003, r3}, 0x38) 10.094358758s ago: executing program 3 (id=1885): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2c", 0x71}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3", 0x89}], 0x2}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 8.162694728s ago: executing program 1 (id=1889): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) sendmmsg$inet(r2, &(0x7f0000001500)=[{{0x0, 0x100000019, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x34000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40) recvmmsg(r2, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003cc0)=[{&(0x7f00000027c0)=""/4114, 0x1012}], 0x1}, 0x5}], 0x1, 0x10000, 0x0) 8.046204519s ago: executing program 3 (id=1890): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c80)={0x14c, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0xb8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x7c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x80, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @rand_addr=0x64010100}}}]}, @CTA_EXPECT_NAT_TUPLE={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x4, 0x5}}, 0x28) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f00000004c0)=[@ioring_restriction_register_op={0x0, 0x9}], 0x1) r3 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x4]}, 0x8) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, r3, 0x0, {0x2, 0x100000004}}, 0x1) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) r6 = syz_io_uring_setup(0xd03, &(0x7f0000002900)={0x0, 0xf25d, 0x10, 0x0, 0x3}, &(0x7f0000000440), &(0x7f0000000140), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_PBUF_STATUS(r6, 0x1a, &(0x7f0000000040)={0x2}, 0x1) io_uring_register$IORING_UNREGISTER_EVENTFD(r4, 0x5, 0x0, 0x0) close(0x3) bind(r2, &(0x7f0000000240)=@qipcrtr={0x2a, 0x2, 0x2}, 0x80) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) statx(0xffffffffffffff9c, &(0x7f0000000bc0)='./file0\x00', 0x0, 0xffff4a9c0080ffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r9, @in6={{0xa, 0x3, 0x6a, @dev={0xfe, 0x80, '\x00', 0xf}, 0x8}}}, &(0x7f0000000040)=0x84) getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f) r10 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) copy_file_range(r10, &(0x7f0000000100)=0xfffffffffffffdfe, r10, 0x0, 0x3, 0x700000000000000) 7.715081939s ago: executing program 4 (id=1893): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2c", 0x71}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3", 0x89}], 0x2}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRES32, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f", 0xcd}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 7.464286124s ago: executing program 4 (id=1895): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)}], 0x1}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 7.430790155s ago: executing program 2 (id=1896): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@ccm_128={{0x304}, "7f19fc310307195b", "b000", "aa6cfa6e", "4ae119ffc56cc0e3"}, 0x28) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1000000000000107) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0) sendfile(r3, r2, &(0x7f0000002700)=0x23, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a000000080000000000000f040000000800000002000084f7ffffff060000000100000002000000000000000100000008000000003061305f002e305f"], 0x0, 0x52, 0x0, 0x1, 0x0, 0x10000, @value=r2}, 0x28) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000", @ANYRESHEX], &(0x7f0000000f80)=""/4096, 0x26, 0x1000, 0x1, 0x80}, 0x28) close(r0) 7.175934921s ago: executing program 4 (id=1898): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps\x00') lseek(r4, 0xf162, 0x1) (fail_nth: 1) 6.838297248s ago: executing program 3 (id=1901): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0x800}, 0x1c, 0x0, 0x0, &(0x7f0000001080)=ANY=[@ANYBLOB='@\x00\x00\x00\x00\x00\b'], 0x40}}, {{&(0x7f00000005c0)={0xa, 0x4e20, 0x1, @mcast2, 0x200696}, 0x1c, 0x0, 0x0, &(0x7f0000000880)}}], 0x3, 0x0) 6.835452402s ago: executing program 2 (id=1902): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0x800}, 0x1c, 0x0, 0x0, &(0x7f0000001080)=ANY=[@ANYBLOB='@\x00\x00\x00\x00\x00\b'], 0x40}}, {{&(0x7f00000005c0)={0xa, 0x4e20, 0x1, @mcast2, 0x200696}, 0x1c, 0x0, 0x0, &(0x7f0000000880)}}], 0x3, 0x0) (fail_nth: 1) 4.819258031s ago: executing program 0 (id=1904): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000b00)=ANY=[], 0x0, 0x28, 0x0, 0x1, 0xb}, 0x28) ioctl$FIONCLEX(r0, 0x5450) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x80) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 4.760382632s ago: executing program 2 (id=1905): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0xf, 0xe9a, 0x56555959, 0x6, 0x5, 0xa8, 0x5, 0x400, 0x1, 0x7, 0x2}}) 4.646441065s ago: executing program 3 (id=1906): r0 = socket$nl_route(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="240000005800410f9c00f4f90085b3a85c91fddf080001000501009f0800021400000000", 0x24) symlink(&(0x7f0000000780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') chown(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@bloom_filter={0x1e, 0x80, 0x6, 0xcbfd, 0x1000, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x5, 0xa}, 0x50) r1 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000740)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000005c0)={r2, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x1c, "fee8a2ab78fc179fd1f8a0e9a1af1ea09dc2b7fb0a01000000000000000003000000000000000000000000000000000000fa00000000001b00", "28095397bab22d0000b42076c1ce8ef05f819e01177d3d458dac0000000000000000000800000000003788cf8f00", "90be8b1c5512406c7f00", [0x4, 0xa]}}) r3 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240) mlock2(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x7fff, 0x1800}], 0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000280)=0x9, 0x4) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001280)={r1, 0x0, {0x2a12, 0x80010000, 0x0, 0x9, 0x4, 0x0, 0x0, 0xe, 0x0, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe0]}}) statx(r2, &(0x7f0000000340)='./file0/../file0\x00', 0x4000, 0x202, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$cgroup2(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000080), 0x202840, &(0x7f0000000d00)=ANY=[@ANYBLOB="6e7364656c65676174652c6e65742c6d656d6f72795f68756765746c625f61636374696e672c6d656d6f72795f68756765746c625f6163636f756e74696e672c6d656d6f72795f6c6f6361ff6576656e74732c6661766f7264796e6d6f64732c6e7364656c65676174652c706964735f6c6f63616c6576656e74732c706964735f6c6f63616c6576656e74732c6d656d6f72795f68756765746c625f6163636f756e74696e672c666f776e65723c20f7192824339c8c70c8e5ac135a857f8ed66d1e08a7d8c704d305559086d4e7493351468566e3272cb982f3c4c5df9efada3a826fc46668c431dbab64b4d4f1824635be1e550ff7d1088b72f9bada2d815453cf31e516b943557ed2151f00000077383c7e84a43c608aa5a0909a389e42c943fa7d91bdfd20f07487f39798a6e08e4eb57d02063d8ae605abbbef3809f7c8723b35e781b7cb190000433d34a657b9905b4bee82780dc1c16e8f735dd305b0aabfbf5ec1063f8d0ad94509ff428e0507539cc70849883dc58d6400d2e7eb28294ca382cccdfa1ace41b782eb5debdcdbc7", @ANYRESDEC=r4, @ANYBLOB="2c7375626a5f747970653d6d656d6f72795f6c6f63616c6576656e74732c66736e616d653d3a595c5c2dbf5e2f2c00"]) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000001c0)) io_submit(0x0, 0x1, &(0x7f0000000500)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x2, r5, &(0x7f00000002c0)="1bd01c3482690c187408c00477460bce76c694738d645c862a6a0acedcdb6634", 0x20, 0x1}]) r6 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) fchdir(r7) r8 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r8, &(0x7f0000000700)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x10, 0x3f6, 0x3e2f23111739e745, 0x70bd29, 0x25dfdbff, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x1cf1086ebeda768}, 0x400c040) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000b80)=ANY=[@ANYRESOCT=0x0, @ANYRESOCT=r0, @ANYBLOB="8b11e0611233f28301905d290a35004e07fe7e1fe90291b85fdd300f410811c5d0a63335e6c305c030274c09684b76727fa2fe778f41686d3b7321ef98e6e2e4da8376adb0f7a2abced4b4a162d4bbd4d92a977f28c1d4ff1f58df57c5c3d0427702aae63d01301178b631044f2f2ef723e7be66361bc0d1b6a2e7ec1ce6802d4daabefaeed735629aaa944d63f1b26147ba2a7ca7b15d7c5af59c1d72d4a575814b685cd3a15ad0f6342b1e389744162ca8d4fc4c892bb184a30c66550839570de8073fa5e6420d48b50ca4f12b23a562e5d1ea5a95997130374a9ee9fa8775603aed2eb85a04d3cce90d0bab4a0ab393af164b29ab1a8bfa58944e5b95096301ee8c", @ANYRES16=r1, @ANYRESOCT=r6, @ANYRES8, @ANYRES16=r0, @ANYRESOCT=r7], &(0x7f0000000140)='syzkaller\x00', 0xff, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 4.536056859s ago: executing program 2 (id=1907): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e25, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1}, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x7d, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0x400}, 0x90) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x402, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x9, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x8, 0xe9e3, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0x5, 0xe661, 0x4, 0x7, 0x5, 0xa, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x7, 0x1, 0x407, 0x5, 0x3e, 0x8, 0x4006, 0x6, 0x4, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xbffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x4, 0x129432e2, 0x1, 0xf9, 0xe, 0x10, 0x6c7, 0x9, 0xfffffffc, 0x80000003, 0x203, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xa1, 0x4, 0x7, 0x7fff, 0x5a7c, 0x7ff, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x10000004, 0x2, 0x4, 0xb, 0x4, 0x101, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x250, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x2, 0x5, 0xc, 0x401, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x4, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x6, 0x40, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x7, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0xfffffff9, 0xc8, 0x9, 0xfffff000, 0x7, 0x3, 0x7e, 0x100, 0x9602, 0x1, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x7, 0x8, 0x30b1d693, 0xa21, 0x1000f40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0xffff, 0xb1e, 0x5, 0x200, 0xffff3441, 0x40fff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 4.5356759s ago: executing program 0 (id=1908): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 4.276978561s ago: executing program 0 (id=1909): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2c, &(0x7f0000000140), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$NILFS_IOCTL_RESIZE(r0, 0x40086e8b, &(0x7f0000000180)=0x8bf) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000fa0000000000000000010000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8}, 0x94) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 4.223934818s ago: executing program 2 (id=1910): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x401, 0x0, 0x0, {0xb, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x50, 0x3, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x48, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x35, 0x1, "f70e2de648b5f7158b7246b7c3139e6126b88699b84935159f25eb251350ec42d17c0869584cafedc73165a2efc3b4b75f"}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x94}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffea8, &(0x7f0000000140)=ANY=[]) 4.220072848s ago: executing program 3 (id=1911): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c80)={0x14c, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0xb8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x7c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x80, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @rand_addr=0x64010100}}}]}, @CTA_EXPECT_NAT_TUPLE={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x4, 0x5}}, 0x28) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f00000004c0)=[@ioring_restriction_register_op={0x0, 0x9}], 0x1) r3 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x4]}, 0x8) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, r3, 0x0, {0x2, 0x100000004}}, 0x1) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) r6 = syz_io_uring_setup(0xd03, &(0x7f0000002900)={0x0, 0xf25d, 0x10, 0x0, 0x3}, &(0x7f0000000440), &(0x7f0000000140), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_PBUF_STATUS(r6, 0x1a, &(0x7f0000000040)={0x2}, 0x1) io_uring_register$IORING_UNREGISTER_EVENTFD(r4, 0x5, 0x0, 0x0) close(0x3) bind(r2, &(0x7f0000000240)=@qipcrtr={0x2a, 0x2, 0x2}, 0x80) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) statx(0xffffffffffffff9c, &(0x7f0000000bc0)='./file0\x00', 0x0, 0xffff4a9c0080ffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r9, @in6={{0xa, 0x3, 0x6a, @dev={0xfe, 0x80, '\x00', 0xf}, 0x8}}}, &(0x7f0000000040)=0x84) getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f) r10 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) copy_file_range(r10, &(0x7f0000000100)=0xfffffffffffffdfe, r10, 0x0, 0x3, 0x700000000000000) 2.596519835s ago: executing program 0 (id=1912): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@ccm_128={{0x304}, "7f19fc310307195b", "b000", "aa6cfa6e", "4ae119ffc56cc0e3"}, 0x28) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1000000000000107) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0) sendfile(r3, r2, &(0x7f0000002700)=0x23, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a000000080000000000000f040000000800000002000084f7ffffff060000000100000002000000000000000100000008000000003061305f002e305f"], 0x0, 0x52, 0x0, 0x1, 0x0, 0x10000, @value=r2}, 0x28) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000", @ANYRESHEX], &(0x7f0000000f80)=""/4096, 0x26, 0x1000, 0x1, 0x80}, 0x28) close(r0) 2.528843185s ago: executing program 1 (id=1913): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0xa, 0x3, 0xff) syz_emit_ethernet(0x42, 0x0, 0x0) select(0x40, &(0x7f0000003cc0)={0x2, 0xfffffffffffffff9, 0x401, 0xfffffffffffffffa, 0xffffffff, 0x5, 0x1e545919}, 0x0, 0x0, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = syz_open_pts(r5, 0x8000) ioctl$TIOCSBRK(r6, 0x5427) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000340)={0x5, 0x90, 0x1, 'queue0\x00', 0x3}) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1c3481) 763.444603ms ago: executing program 0 (id=1914): socketpair$unix(0x1, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) close(0x3) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000010000004000000005"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000700), 0x5003, r3}, 0x38) 307.512182ms ago: executing program 1 (id=1915): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRES32, @ANYRESDEC, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 248.475074ms ago: executing program 2 (id=1916): syz_emit_ethernet(0xaa, &(0x7f0000000380)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x9c, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x37}, {[@cipso={0x86, 0x69, 0x0, [{0x0, 0xc, "e256b28c04000000fb52"}, {0x0, 0x9, "789607675ca638"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x2, 0x9, "e706d30bd224f8"}, {0x6, 0x7, "cfa11cab1a"}, {0x0, 0x10, "c600"/14}, {0x0, 0xa, "65807fe97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x6, 0x4, "c8f4"}]}]}}}}}}}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r0, 0x400, 0x1) fcntl$setlease(r0, 0x400, 0x1) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x82002, 0x0) write$dsp(r1, &(0x7f0000000040)='F', 0x1) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0x10004) syz_emit_ethernet(0x2c, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@llc_tr={0x11, {@snap={0x1, 0xab, "8abe", "d94944", 0x8847, "5d9f44bf0d1d077860a347d3557f30853892a9bb59"}}}}}, 0x0) 181.98107ms ago: executing program 3 (id=1917): openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40082) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x5d5d, 0x4) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000000c0)={0x4, 0x0, 0x0, 'queue0\x00', 0xfffffff9}) write$sndseq(r3, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @result={0x0, 0x1}}], 0x1c) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 125.842383ms ago: executing program 0 (id=1918): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="160000000000000004000000ffff000000000000", @ANYRES32=0x1, @ANYBLOB="00000000002000140000000000000000000b0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) syz_open_dev$dvb_dvr(&(0x7f0000000040), 0x7fffffffffffffff, 0x0) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000080)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000002000/0x3000)=nil, &(0x7f0000000000/0xe000)=nil, &(0x7f000000a000/0x2000)=nil, &(0x7f0000008000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000008000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f0000006000/0x4000)=nil, 0x0}, 0x68) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 0s ago: executing program 4 (id=1919): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x48}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10010002}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="7c0100", @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25070000000c000180080003000100000074000180140002007767320000000000000000000000000008000300020000001400020070696d3672656730000000000000000014000200677265746170300000000000000000000800030007000000140002007465616d3000"/126, @ANYRESDEC, @ANYRES32=r0, @ANYRES8=r1, @ANYRES32=r0, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74756e00000000000000000014000200697036677265746170300000000000003000018008000100", @ANYRES8, @ANYBLOB="080003000300000008000100", @ANYRES32=r0, @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): idProduct=8528, bcdDevice=6d.39 [ 253.070735][ T5737] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.070758][ T5737] usb 4-1: Product: syz [ 253.070775][ T5737] usb 4-1: Manufacturer: syz [ 253.070791][ T5737] usb 4-1: SerialNumber: syz [ 253.166735][ T5737] usb 4-1: config 0 descriptor?? [ 254.078917][ T5584] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 254.249999][ T5584] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 254.250093][ T5584] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.340843][ T5584] usb 1-1: config 0 descriptor?? [ 254.387321][ T5584] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 254.811116][ T5584] gspca_sunplus: reg_w_riv err -71 [ 254.811400][ T5584] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 254.904181][ T5584] usb 1-1: USB disconnect, device number 13 [ 255.954087][ T7689] 9pnet_fd: Insufficient options for proto=fd [ 256.076508][ T5737] usbhid 4-1:0.200: couldn't find an input interrupt endpoint [ 256.099313][ T5737] usb 4-1: USB disconnect, device number 27 [ 256.144571][ T7691] netlink: 'syz.0.682': attribute type 196 has an invalid length. [ 256.329355][ T7697] netlink: 'syz.0.685': attribute type 61 has an invalid length. [ 256.354390][ T7696] netlink: 'syz.3.684': attribute type 196 has an invalid length. [ 257.127193][ T7723] netlink: 92 bytes leftover after parsing attributes in process `syz.2.696'. [ 257.260959][ T7728] FAULT_INJECTION: forcing a failure. [ 257.260959][ T7728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.261015][ T7728] CPU: 1 UID: 0 PID: 7728 Comm: syz.0.698 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 257.261056][ T7728] Tainted: [L]=SOFTLOCKUP [ 257.261064][ T7728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 257.261078][ T7728] Call Trace: [ 257.261086][ T7728] [ 257.261096][ T7728] dump_stack_lvl+0xe8/0x150 [ 257.261126][ T7728] should_fail_ex+0x46b/0x600 [ 257.261171][ T7728] _copy_from_user+0x2d/0xb0 [ 257.261199][ T7728] ___sys_sendmsg+0x1c6/0x360 [ 257.261234][ T7728] ? __lock_acquire+0x6b5/0x2cf0 [ 257.261269][ T7728] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.261340][ T7728] ? __fget_files+0x2a/0x420 [ 257.261361][ T7728] ? __fget_files+0x3a6/0x420 [ 257.261394][ T7728] __x64_sys_sendmsg+0x1c3/0x2a0 [ 257.261427][ T7728] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 257.261468][ T7728] ? __pfx_ksys_write+0x10/0x10 [ 257.261503][ T7728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.261526][ T7728] do_syscall_64+0x15f/0xf80 [ 257.261556][ T7728] ? trace_irq_disable+0x3b/0x140 [ 257.261583][ T7728] ? clear_bhb_loop+0x40/0x90 [ 257.261611][ T7728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.261634][ T7728] RIP: 0033:0x7f6de4f7ce59 [ 257.261654][ T7728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 257.261673][ T7728] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.261697][ T7728] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 257.261714][ T7728] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 257.261728][ T7728] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 257.261743][ T7728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.261756][ T7728] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 257.261792][ T7728] [ 257.776668][ T7734] netlink: 92 bytes leftover after parsing attributes in process `syz.0.702'. [ 258.323747][ T7753] binder: 7752:7753 ioctl c0306201 200000000040 returned -22 [ 259.139330][ T7777] loop8: detected capacity change from 0 to 7 [ 259.176844][ T7777] Dev loop8: unable to read RDB block 7 [ 259.176896][ T7777] loop8: unable to read partition table [ 259.177127][ T7777] loop8: partition table beyond EOD, truncated [ 259.177175][ T7777] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 259.517138][ T5599] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 259.688143][ T5599] usb 1-1: Using ep0 maxpacket: 16 [ 259.693152][ T5599] usb 1-1: config 10 has an invalid interface number: 145 but max is 0 [ 259.693200][ T5599] usb 1-1: config 10 has no interface number 0 [ 259.693250][ T5599] usb 1-1: config 10 interface 145 has no altsetting 0 [ 259.736736][ T5599] usb 1-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=5b.44 [ 259.736770][ T5599] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.736793][ T5599] usb 1-1: Product: syz [ 259.736809][ T5599] usb 1-1: Manufacturer: syz [ 259.736824][ T5599] usb 1-1: SerialNumber: syz [ 260.078298][ T7794] netlink: 436 bytes leftover after parsing attributes in process `syz.3.730'. [ 260.078350][ T7794] netlink: 16 bytes leftover after parsing attributes in process `syz.3.730'. [ 260.823856][ T5599] asix 1-1:10.145: probe with driver asix failed with error -22 [ 260.882992][ T5599] usb 1-1: USB disconnect, device number 14 [ 260.968267][ T5902] udevd[5902]: setting mode of /dev/bus/usb/001/014 to 020664 failed: No such file or directory [ 260.968479][ T5902] udevd[5902]: setting owner of /dev/bus/usb/001/014 to uid=0, gid=0 failed: No such file or directory [ 261.521847][ T7825] tipc: Enabled bearer , priority 0 [ 261.594919][ T7825] tipc: Resetting bearer [ 261.753083][ T7827] tipc: Disabling bearer [ 262.379094][ T7852] netlink: 436 bytes leftover after parsing attributes in process `syz.3.755'. [ 262.379154][ T7852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.755'. [ 262.479201][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 262.479266][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.510104][ T5737] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 262.670788][ T5737] usb 3-1: Using ep0 maxpacket: 8 [ 262.679663][ T5737] usb 3-1: unable to get BOS descriptor or descriptor too short [ 262.683308][ T5737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 262.683346][ T5737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 262.683373][ T5737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 262.683403][ T5737] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 262.683431][ T5737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 262.683455][ T5737] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x65, changing to 0x5 [ 262.683482][ T5737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 8192, setting to 1024 [ 262.683510][ T5737] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 262.786860][ T5737] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 262.786902][ T5737] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.786922][ T5737] usb 3-1: Product: syz [ 262.786938][ T5737] usb 3-1: Manufacturer: syz [ 262.786954][ T5737] usb 3-1: SerialNumber: syz [ 262.830966][ T5737] usb 3-1: config 0 descriptor?? [ 262.833042][ T7848] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 262.867420][ T5737] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 263.114129][ T5737] usb 3-1: USB disconnect, device number 7 [ 263.348199][ T7874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.764'. [ 263.348225][ T7874] netlink: 12 bytes leftover after parsing attributes in process `syz.1.764'. [ 263.940788][ T7885] syz.2.767 uses obsolete (PF_INET,SOCK_PACKET) [ 264.016474][ T7889] FAULT_INJECTION: forcing a failure. [ 264.016474][ T7889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.016514][ T7889] CPU: 0 UID: 0 PID: 7889 Comm: syz.2.767 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 264.016545][ T7889] Tainted: [L]=SOFTLOCKUP [ 264.016554][ T7889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 264.016573][ T7889] Call Trace: [ 264.016582][ T7889] [ 264.016591][ T7889] dump_stack_lvl+0xe8/0x150 [ 264.016625][ T7889] should_fail_ex+0x46b/0x600 [ 264.016675][ T7889] _copy_to_user+0x31/0xb0 [ 264.016704][ T7889] simple_read_from_buffer+0xe1/0x170 [ 264.016751][ T7889] proc_fail_nth_read+0x1be/0x230 [ 264.016793][ T7889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.016835][ T7889] ? rw_verify_area+0x2ac/0x4e0 [ 264.016861][ T7889] ? tun_chr_write_iter+0xe6/0x200 [ 264.016891][ T7889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.016930][ T7889] vfs_read+0x212/0xa80 [ 264.016965][ T7889] ? __pfx_vfs_read+0x10/0x10 [ 264.016993][ T7889] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 264.017030][ T7889] ? lockdep_hardirqs_on+0x7a/0x110 [ 264.017061][ T7889] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 264.017112][ T7889] ? mutex_lock_nested+0x152/0x1d0 [ 264.017133][ T7889] ? fdget_pos+0x252/0x320 [ 264.017169][ T7889] ksys_read+0x156/0x270 [ 264.017199][ T7889] ? __pfx_ksys_read+0x10/0x10 [ 264.017234][ T7889] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.017260][ T7889] do_syscall_64+0x15f/0xf80 [ 264.017291][ T7889] ? trace_irq_disable+0x3b/0x140 [ 264.017319][ T7889] ? clear_bhb_loop+0x40/0x90 [ 264.017368][ T7889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.017399][ T7889] RIP: 0033:0x7f5b1ae4d68e [ 264.017420][ T7889] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 264.017441][ T7889] RSP: 002b:00007f5b190a3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 264.017466][ T7889] RAX: ffffffffffffffda RBX: 00007f5b190a46c0 RCX: 00007f5b1ae4d68e [ 264.017483][ T7889] RDX: 000000000000000f RSI: 00007f5b190a40a0 RDI: 0000000000000005 [ 264.017497][ T7889] RBP: 00007f5b190a4090 R08: 0000000000000000 R09: 0000000000000000 [ 264.017512][ T7889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.017524][ T7889] R13: 00007f5b1b106218 R14: 00007f5b1b106180 R15: 00007ffc69dffa98 [ 264.017560][ T7889] [ 264.819180][ T7905] netlink: 20 bytes leftover after parsing attributes in process `syz.3.773'. [ 267.448510][ T5599] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 267.497783][ T7983] FAULT_INJECTION: forcing a failure. [ 267.497783][ T7983] name failslab, interval 1, probability 0, space 0, times 0 [ 267.497823][ T7983] CPU: 0 UID: 0 PID: 7983 Comm: syz.0.808 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 267.497855][ T7983] Tainted: [L]=SOFTLOCKUP [ 267.497862][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 267.497877][ T7983] Call Trace: [ 267.497886][ T7983] [ 267.497895][ T7983] dump_stack_lvl+0xe8/0x150 [ 267.497927][ T7983] should_fail_ex+0x46b/0x600 [ 267.497971][ T7983] should_failslab+0xa8/0x100 [ 267.498001][ T7983] __kmalloc_noprof+0xdf/0x7b0 [ 267.498025][ T7983] ? kfree+0x4d/0x6c0 [ 267.498046][ T7983] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 267.498081][ T7983] tomoyo_realpath_from_path+0xe3/0x5d0 [ 267.498107][ T7983] ? tomoyo_domain+0xd7/0x130 [ 267.498136][ T7983] ? tomoyo_path_number_perm+0x219/0x630 [ 267.498168][ T7983] tomoyo_path_number_perm+0x246/0x630 [ 267.498204][ T7983] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 267.498235][ T7983] ? __lock_acquire+0x6b5/0x2cf0 [ 267.498270][ T7983] ? do_raw_spin_lock+0x12b/0x2f0 [ 267.498334][ T7983] ? __fget_files+0x2a/0x420 [ 267.498360][ T7983] ? __fget_files+0x2a/0x420 [ 267.498380][ T7983] ? __fget_files+0x3a6/0x420 [ 267.498400][ T7983] ? __fget_files+0x2a/0x420 [ 267.498433][ T7983] security_file_ioctl+0xc3/0x2a0 [ 267.498471][ T7983] __se_sys_ioctl+0x47/0x170 [ 267.498500][ T7983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.498525][ T7983] do_syscall_64+0x15f/0xf80 [ 267.498556][ T7983] ? trace_irq_disable+0x3b/0x140 [ 267.498584][ T7983] ? clear_bhb_loop+0x40/0x90 [ 267.498614][ T7983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.498638][ T7983] RIP: 0033:0x7f6de4f7ce59 [ 267.498658][ T7983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 267.498679][ T7983] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 267.498705][ T7983] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 267.498722][ T7983] RDX: 0000200000000500 RSI: 00000000c058565d RDI: 0000000000000008 [ 267.498737][ T7983] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 267.498752][ T7983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.498765][ T7983] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 267.498802][ T7983] [ 267.498923][ T7983] ERROR: Out of memory at tomoyo_realpath_from_path. [ 267.778161][ T5599] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 8 [ 267.793481][ T5599] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 267.793514][ T5599] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.793537][ T5599] usb 3-1: Product: syz [ 267.793554][ T5599] usb 3-1: Manufacturer: syz [ 267.793570][ T5599] usb 3-1: SerialNumber: syz [ 267.839074][ T5599] usb 3-1: config 0 descriptor?? [ 268.072663][ T7973] Unsupported ieee802154 address type: 0 [ 268.122839][ T5852] usb 3-1: USB disconnect, device number 8 [ 268.795436][ T37] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 268.955697][ T37] usb 1-1: Using ep0 maxpacket: 16 [ 268.959604][ T37] usb 1-1: unable to get BOS descriptor or descriptor too short [ 268.980740][ T37] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 268.980839][ T37] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 268.980869][ T37] usb 1-1: config 1 interface 1 has no altsetting 0 [ 269.024556][ T37] usb 1-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 269.024589][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.024611][ T37] usb 1-1: Product: syz [ 269.024627][ T37] usb 1-1: Manufacturer: syz [ 269.024642][ T37] usb 1-1: SerialNumber: syz [ 271.445556][ T8060] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.841'. [ 272.114962][ T37] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 272.115844][ T37] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 272.248565][ T37] usb 1-1: unknown interface protocol 0xe, assuming v1 [ 272.248597][ T37] usb 1-1: cannot find UAC_HEADER [ 272.258011][ T8074] loop8: detected capacity change from 0 to 7 [ 272.395061][ T8074] Dev loop8: unable to read RDB block 7 [ 272.395111][ T8074] loop8: unable to read partition table [ 272.395341][ T8074] loop8: partition table beyond EOD, truncated [ 272.428968][ T8074] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 273.039571][ T37] snd-usb-audio 1-1:1.2: probe with driver snd-usb-audio failed with error -22 [ 273.120531][ T37] usb 1-1: USB disconnect, device number 15 [ 273.411456][ T8098] FAULT_INJECTION: forcing a failure. [ 273.411456][ T8098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.411487][ T8098] CPU: 1 UID: 0 PID: 8098 Comm: syz.1.856 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 273.411510][ T8098] Tainted: [L]=SOFTLOCKUP [ 273.411516][ T8098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 273.411527][ T8098] Call Trace: [ 273.411533][ T8098] [ 273.411540][ T8098] dump_stack_lvl+0xe8/0x150 [ 273.411565][ T8098] should_fail_ex+0x46b/0x600 [ 273.411597][ T8098] _copy_from_user+0x2d/0xb0 [ 273.411617][ T8098] __sys_bpf+0x229/0x950 [ 273.411639][ T8098] ? __pfx___sys_bpf+0x10/0x10 [ 273.411698][ T8098] ? rt_mutex_slowunlock+0x1cb/0x300 [ 273.411743][ T8098] ? ksys_write+0x248/0x270 [ 273.411764][ T8098] ? __pfx_ksys_write+0x10/0x10 [ 273.411786][ T8098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.411804][ T8098] __x64_sys_bpf+0x7c/0x90 [ 273.411822][ T8098] do_syscall_64+0x15f/0xf80 [ 273.411844][ T8098] ? trace_irq_disable+0x3b/0x140 [ 273.411888][ T8098] ? clear_bhb_loop+0x40/0x90 [ 273.411917][ T8098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.411939][ T8098] RIP: 0033:0x7ff8fca7ce59 [ 273.411960][ T8098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.411985][ T8098] RSP: 002b:00007ff8facce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 273.412002][ T8098] RAX: ffffffffffffffda RBX: 00007ff8fccf5fa0 RCX: 00007ff8fca7ce59 [ 273.412014][ T8098] RDX: 0000000000000020 RSI: 00002000000001c0 RDI: 0000000000000002 [ 273.412025][ T8098] RBP: 00007ff8facce090 R08: 0000000000000000 R09: 0000000000000000 [ 273.412035][ T8098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.412045][ T8098] R13: 00007ff8fccf6038 R14: 00007ff8fccf5fa0 R15: 00007ffda3ce47e8 [ 273.412070][ T8098] [ 273.515113][ T8096] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.855'. [ 274.318028][ T5902] udevd[5902]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 277.049182][ T8191] FAULT_INJECTION: forcing a failure. [ 277.049182][ T8191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.049223][ T8191] CPU: 1 UID: 0 PID: 8191 Comm: syz.3.894 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 277.049253][ T8191] Tainted: [L]=SOFTLOCKUP [ 277.049262][ T8191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 277.049276][ T8191] Call Trace: [ 277.049285][ T8191] [ 277.049295][ T8191] dump_stack_lvl+0xe8/0x150 [ 277.049327][ T8191] should_fail_ex+0x46b/0x600 [ 277.049372][ T8191] _copy_to_user+0x31/0xb0 [ 277.049402][ T8191] simple_read_from_buffer+0xe1/0x170 [ 277.049443][ T8191] proc_fail_nth_read+0x1be/0x230 [ 277.049483][ T8191] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.049523][ T8191] ? rw_verify_area+0x2ac/0x4e0 [ 277.049548][ T8191] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.049586][ T8191] vfs_read+0x212/0xa80 [ 277.049628][ T8191] ? __pfx_vfs_read+0x10/0x10 [ 277.049657][ T8191] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 277.049689][ T8191] ? lockdep_hardirqs_on+0x7a/0x110 [ 277.049719][ T8191] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 277.049750][ T8191] ? mutex_lock_nested+0x152/0x1d0 [ 277.049772][ T8191] ? fdget_pos+0x252/0x320 [ 277.049804][ T8191] ksys_read+0x156/0x270 [ 277.049832][ T8191] ? __pfx_ksys_read+0x10/0x10 [ 277.049867][ T8191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.049898][ T8191] do_syscall_64+0x15f/0xf80 [ 277.049928][ T8191] ? trace_irq_disable+0x3b/0x140 [ 277.049956][ T8191] ? clear_bhb_loop+0x40/0x90 [ 277.049984][ T8191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.050007][ T8191] RIP: 0033:0x7f4ce14ad68e [ 277.050028][ T8191] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 277.050050][ T8191] RSP: 002b:00007f4cdf745fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 277.050075][ T8191] RAX: ffffffffffffffda RBX: 00007f4cdf7466c0 RCX: 00007f4ce14ad68e [ 277.050092][ T8191] RDX: 000000000000000f RSI: 00007f4cdf7460a0 RDI: 0000000000000005 [ 277.050107][ T8191] RBP: 00007f4cdf746090 R08: 0000000000000000 R09: 0000000000000000 [ 277.050121][ T8191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.050135][ T8191] R13: 00007f4ce1766038 R14: 00007f4ce1765fa0 R15: 00007ffe35f94738 [ 277.050172][ T8191] [ 279.741541][ T8224] tipc: Enabled bearer , priority 0 [ 279.775314][ T8224] tipc: Resetting bearer [ 279.947242][ T8224] tipc: Disabling bearer [ 280.820050][ T8253] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.921'. [ 281.355463][ T5599] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 281.557346][ T5599] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 281.557381][ T5599] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.619402][ T5599] usb 1-1: config 0 descriptor?? [ 281.661870][ T5599] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 282.060798][ T5599] gspca_sunplus: reg_w_riv err -71 [ 282.060901][ T5599] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 282.089814][ T5599] usb 1-1: USB disconnect, device number 16 [ 282.155310][ T8287] loop8: detected capacity change from 0 to 7 [ 282.187628][ T8287] Dev loop8: unable to read RDB block 7 [ 282.187686][ T8287] loop8: unable to read partition table [ 282.187921][ T8287] loop8: partition table beyond EOD, truncated [ 282.187942][ T8287] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 282.543525][ T5712] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 282.712871][ T5712] usb 4-1: Using ep0 maxpacket: 32 [ 282.717983][ T5712] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 282.718014][ T5712] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 282.718039][ T5712] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 282.718063][ T5712] usb 4-1: config 1 has no interface number 0 [ 282.718110][ T5712] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 282.718157][ T5712] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 282.718743][ T5712] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 282.718771][ T5712] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.849293][ T5712] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 283.096058][ T5712] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 283.553743][ T8313] FAT-fs (loop2): unable to read boot sector [ 283.584482][ T5712] usb 4-1: USB disconnect, device number 28 [ 283.603792][ T5712] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 285.762351][ T8376] FAT-fs (loop2): unable to read boot sector [ 287.416158][ T37] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 287.587165][ T37] usb 3-1: Using ep0 maxpacket: 32 [ 287.589910][ T37] usb 3-1: config index 0 descriptor too short (expected 4114, got 18) [ 287.589941][ T37] usb 3-1: config 1 has an invalid interface number: 82 but max is 0 [ 287.589962][ T37] usb 3-1: config 1 has no interface number 0 [ 287.589993][ T37] usb 3-1: config 1 interface 82 has no altsetting 0 [ 287.593538][ T37] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice=fa.2a [ 287.593572][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.593594][ T37] usb 3-1: Product: syz [ 287.593611][ T37] usb 3-1: Manufacturer: syz [ 287.593627][ T37] usb 3-1: SerialNumber: syz [ 288.544640][ T37] hub 3-1:1.82: bad descriptor, ignoring hub [ 288.544683][ T37] hub 3-1:1.82: probe with driver hub failed with error -5 [ 288.548232][ T37] sierra 3-1:1.82: Sierra USB modem converter detected [ 288.717850][ T37] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 288.761289][ T37] usb 3-1: USB disconnect, device number 9 [ 288.877503][ T37] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 288.878321][ T37] sierra 3-1:1.82: device disconnected [ 289.093417][ T8438] FAULT_INJECTION: forcing a failure. [ 289.093417][ T8438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.093458][ T8438] CPU: 0 UID: 0 PID: 8438 Comm: syz.0.1005 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 289.093491][ T8438] Tainted: [L]=SOFTLOCKUP [ 289.093499][ T8438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 289.093513][ T8438] Call Trace: [ 289.093523][ T8438] [ 289.093531][ T8438] dump_stack_lvl+0xe8/0x150 [ 289.093565][ T8438] should_fail_ex+0x46b/0x600 [ 289.093609][ T8438] _copy_from_user+0x2d/0xb0 [ 289.093635][ T8438] ___sys_sendmsg+0x1c6/0x360 [ 289.093666][ T8438] ? __lock_acquire+0x6b5/0x2cf0 [ 289.093703][ T8438] ? __pfx____sys_sendmsg+0x10/0x10 [ 289.093739][ T8438] ? kstrtouint+0x6e/0xe0 [ 289.093800][ T8438] ? __fget_files+0x2a/0x420 [ 289.093821][ T8438] ? __fget_files+0x3a6/0x420 [ 289.093853][ T8438] __sys_sendmmsg+0x282/0x4e0 [ 289.093906][ T8438] ? __pfx___sys_sendmmsg+0x10/0x10 [ 289.093948][ T8438] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 289.093988][ T8438] ? ksys_write+0x248/0x270 [ 289.094018][ T8438] ? __pfx_ksys_write+0x10/0x10 [ 289.094056][ T8438] __x64_sys_sendmmsg+0xa0/0xc0 [ 289.094088][ T8438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.094112][ T8438] do_syscall_64+0x15f/0xf80 [ 289.094141][ T8438] ? trace_irq_disable+0x3b/0x140 [ 289.094167][ T8438] ? clear_bhb_loop+0x40/0x90 [ 289.094194][ T8438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.094216][ T8438] RIP: 0033:0x7f6de4f7ce59 [ 289.094237][ T8438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 289.094257][ T8438] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 289.094281][ T8438] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 289.094299][ T8438] RDX: 0000000000000002 RSI: 00002000000008c0 RDI: 0000000000000003 [ 289.094313][ T8438] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 289.094328][ T8438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.094342][ T8438] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 289.094377][ T8438] [ 290.719661][ T8453] FAT-fs (loop3): unable to read boot sector [ 292.803476][ T5815] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 292.963851][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 292.997667][ T5815] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 292.997699][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.997723][ T5815] usb 4-1: Product: syz [ 292.997739][ T5815] usb 4-1: Manufacturer: syz [ 292.997755][ T5815] usb 4-1: SerialNumber: syz [ 293.789049][ T5815] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 293.854182][ T5815] usb 4-1: USB disconnect, device number 29 [ 294.558524][ T8552] loop8: detected capacity change from 0 to 7 [ 294.563141][ T8552] Dev loop8: unable to read RDB block 7 [ 294.563184][ T8552] loop8: unable to read partition table [ 294.563554][ T8552] loop8: partition table beyond EOD, truncated [ 294.563582][ T8552] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 295.887805][ T8597] FAULT_INJECTION: forcing a failure. [ 295.887805][ T8597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.887847][ T8597] CPU: 0 UID: 0 PID: 8597 Comm: syz.3.1076 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 295.887878][ T8597] Tainted: [L]=SOFTLOCKUP [ 295.887887][ T8597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 295.887901][ T8597] Call Trace: [ 295.887910][ T8597] [ 295.887920][ T8597] dump_stack_lvl+0xe8/0x150 [ 295.887952][ T8597] should_fail_ex+0x46b/0x600 [ 295.888001][ T8597] _copy_from_user+0x2d/0xb0 [ 295.888028][ T8597] ___sys_sendmsg+0x1c6/0x360 [ 295.888058][ T8597] ? __lock_acquire+0x6b5/0x2cf0 [ 295.888094][ T8597] ? __pfx____sys_sendmsg+0x10/0x10 [ 295.888130][ T8597] ? kstrtouint+0x6e/0xe0 [ 295.888193][ T8597] ? __fget_files+0x2a/0x420 [ 295.888213][ T8597] ? __fget_files+0x3a6/0x420 [ 295.888246][ T8597] __sys_sendmmsg+0x282/0x4e0 [ 295.888284][ T8597] ? __pfx___sys_sendmmsg+0x10/0x10 [ 295.888326][ T8597] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 295.888366][ T8597] ? ksys_write+0x248/0x270 [ 295.888395][ T8597] ? __pfx_ksys_write+0x10/0x10 [ 295.888442][ T8597] __x64_sys_sendmmsg+0xa0/0xc0 [ 295.888473][ T8597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.888506][ T8597] do_syscall_64+0x15f/0xf80 [ 295.888536][ T8597] ? trace_irq_disable+0x3b/0x140 [ 295.888561][ T8597] ? clear_bhb_loop+0x40/0x90 [ 295.888590][ T8597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.888614][ T8597] RIP: 0033:0x7f4ce14ece59 [ 295.888635][ T8597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.888655][ T8597] RSP: 002b:00007f4cdf746028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 295.888680][ T8597] RAX: ffffffffffffffda RBX: 00007f4ce1765fa0 RCX: 00007f4ce14ece59 [ 295.888697][ T8597] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000007 [ 295.888712][ T8597] RBP: 00007f4cdf746090 R08: 0000000000000000 R09: 0000000000000000 [ 295.888727][ T8597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.888741][ T8597] R13: 00007f4ce1766038 R14: 00007f4ce1765fa0 R15: 00007ffe35f94738 [ 295.888778][ T8597] [ 296.804027][ T8622] Bluetooth: MGMT ver 1.23 [ 297.154966][ T5599] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 297.316800][ T5599] usb 4-1: config 0 has an invalid interface number: 200 but max is 0 [ 297.316833][ T5599] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.316856][ T5599] usb 4-1: config 0 has no interface number 0 [ 297.316902][ T5599] usb 4-1: config 0 interface 200 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 297.316932][ T5599] usb 4-1: config 0 interface 200 has no altsetting 0 [ 297.373371][ T5599] usb 4-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 297.373404][ T5599] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.373434][ T5599] usb 4-1: Product: syz [ 297.373449][ T5599] usb 4-1: Manufacturer: syz [ 297.373465][ T5599] usb 4-1: SerialNumber: syz [ 297.426775][ T5599] usb 4-1: config 0 descriptor?? [ 298.322996][ T8665] FAULT_INJECTION: forcing a failure. [ 298.322996][ T8665] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 298.323046][ T8665] CPU: 0 UID: 0 PID: 8665 Comm: syz.1.1108 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 298.323079][ T8665] Tainted: [L]=SOFTLOCKUP [ 298.323087][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 298.323101][ T8665] Call Trace: [ 298.323110][ T8665] [ 298.323119][ T8665] dump_stack_lvl+0xe8/0x150 [ 298.323153][ T8665] should_fail_ex+0x46b/0x600 [ 298.323196][ T8665] prepare_alloc_pages+0x22a/0x6b0 [ 298.323235][ T8665] __alloc_frozen_pages_noprof+0x12f/0x380 [ 298.323270][ T8665] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 298.323305][ T8665] ? __pfx_policy_nodemask+0x10/0x10 [ 298.323350][ T8665] ? __lock_acquire+0x6b5/0x2cf0 [ 298.323389][ T8665] alloc_pages_mpol+0xd1/0x380 [ 298.323422][ T8665] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 298.323453][ T8665] vma_alloc_folio_noprof+0xe1/0x1e0 [ 298.323485][ T8665] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 298.323516][ T8665] ? __pte_offset_map+0x29/0x200 [ 298.323547][ T8665] do_pte_missing+0x822/0x2950 [ 298.323595][ T8665] handle_mm_fault+0xd09/0x13c0 [ 298.323627][ T8665] ? handle_mm_fault+0xe7/0x13c0 [ 298.323656][ T8665] ? __pfx_handle_mm_fault+0x10/0x10 [ 298.323685][ T8665] ? lock_vma_under_rcu+0x45a/0x500 [ 298.323743][ T8665] do_user_addr_fault+0xa73/0x1340 [ 298.323777][ T8665] ? rcu_is_watching+0x15/0xb0 [ 298.323812][ T8665] ? trace_page_fault_user+0x84/0x1e0 [ 298.323841][ T8665] exc_page_fault+0x6a/0xc0 [ 298.323872][ T8665] asm_exc_page_fault+0x26/0x30 [ 298.323895][ T8665] RIP: 0033:0x7ff8fca4bec7 [ 298.323915][ T8665] Code: 7e 6f 44 16 e0 48 29 fe 48 83 e1 e0 48 01 ce 0f 1f 40 00 c5 fe 6f 4e 60 c5 fe 6f 56 40 c5 fe 6f 5e 20 c5 fe 6f 26 48 83 c6 80 fd 7f 49 60 c5 fd 7f 51 40 c5 fd 7f 59 20 c5 fd 7f 21 48 83 c1 [ 298.323936][ T8665] RSP: 002b:00007ff8facce018 EFLAGS: 00010207 [ 298.323956][ T8665] RAX: 0000200000004020 RBX: 00007ff8fccf5fa0 RCX: 0000200000003e00 [ 298.323973][ T8665] RDX: fffffffffffffe73 RSI: 0000200000000060 RDI: 0000200000004020 [ 298.323990][ T8665] RBP: 00007ff8facce090 R08: fffffffffffffe73 R09: 0000000000000000 [ 298.324005][ T8665] R10: 0000200000004000 R11: 0000200000000300 R12: 0000000000000001 [ 298.324019][ T8665] R13: 00007ff8fccf6038 R14: 00007ff8fccf5fa0 R15: 00007ffda3ce47e8 [ 298.324054][ T8665] [ 298.326538][ T8665] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 300.154098][ T5599] usbhid 4-1:0.200: couldn't find an input interrupt endpoint [ 300.225020][ T5599] usb 4-1: USB disconnect, device number 30 [ 301.506485][ T5815] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 301.606103][ T5737] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 301.698862][ T5815] usb 4-1: device descriptor read/64, error -71 [ 301.818828][ T5737] usb 1-1: Using ep0 maxpacket: 32 [ 301.834827][ T5737] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 301.834857][ T5737] usb 1-1: config 0 has no interface number 0 [ 301.834906][ T5737] usb 1-1: config 0 interface 12 has no altsetting 0 [ 301.869207][ T5737] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 301.869242][ T5737] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.869257][ T5737] usb 1-1: Product: syz [ 301.869268][ T5737] usb 1-1: Manufacturer: syz [ 301.869279][ T5737] usb 1-1: SerialNumber: syz [ 301.915070][ T5737] usb 1-1: config 0 descriptor?? [ 302.146437][ T5815] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 302.284909][ T5815] usb 4-1: device descriptor read/64, error -71 [ 302.430669][ T5815] usb usb4-port1: attempt power cycle [ 302.575879][ T8735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.579069][ T8735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.155435][ T5815] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 304.161797][ T5737] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 304.161871][ T5737] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 304.161891][ T5737] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 304.161990][ T5737] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 304.181746][ T5815] usb 4-1: device descriptor read/8, error -71 [ 304.245129][ T5737] usb 1-1: USB disconnect, device number 17 [ 304.433441][ T5815] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 304.456602][ T5815] usb 4-1: device descriptor read/8, error -71 [ 304.574493][ T5815] usb usb4-port1: unable to enumerate USB device [ 308.420453][ T5815] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 308.583228][ T5815] usb 3-1: config 0 has an invalid interface number: 200 but max is 0 [ 308.583260][ T5815] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.583282][ T5815] usb 3-1: config 0 has no interface number 0 [ 308.583329][ T5815] usb 3-1: config 0 interface 200 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 308.583359][ T5815] usb 3-1: config 0 interface 200 has no altsetting 0 [ 308.591752][ T5815] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 308.591786][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.591808][ T5815] usb 3-1: Product: syz [ 308.591824][ T5815] usb 3-1: Manufacturer: syz [ 308.591839][ T5815] usb 3-1: SerialNumber: syz [ 308.716323][ T5815] usb 3-1: config 0 descriptor?? [ 309.659324][ T5815] usbhid 3-1:0.200: couldn't find an input interrupt endpoint [ 309.680740][ T5815] usb 3-1: USB disconnect, device number 10 [ 311.156447][ T8951] FAT-fs (loop3): unable to read boot sector [ 311.532628][ T8966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1246'. [ 311.645265][ T8969] FAULT_INJECTION: forcing a failure. [ 311.645265][ T8969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.645308][ T8969] CPU: 1 UID: 0 PID: 8969 Comm: syz.1.1246 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 311.645339][ T8969] Tainted: [L]=SOFTLOCKUP [ 311.645347][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 311.645362][ T8969] Call Trace: [ 311.645371][ T8969] [ 311.645380][ T8969] dump_stack_lvl+0xe8/0x150 [ 311.645413][ T8969] should_fail_ex+0x46b/0x600 [ 311.645458][ T8969] _copy_to_user+0x31/0xb0 [ 311.645495][ T8969] simple_read_from_buffer+0xe1/0x170 [ 311.645537][ T8969] proc_fail_nth_read+0x1be/0x230 [ 311.645579][ T8969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.645619][ T8969] ? rw_verify_area+0x2ac/0x4e0 [ 311.645644][ T8969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.645694][ T8969] vfs_read+0x212/0xa80 [ 311.645730][ T8969] ? __pfx_vfs_read+0x10/0x10 [ 311.645759][ T8969] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 311.645798][ T8969] ? lockdep_hardirqs_on+0x7a/0x110 [ 311.645826][ T8969] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 311.645857][ T8969] ? mutex_lock_nested+0x152/0x1d0 [ 311.645878][ T8969] ? fdget_pos+0x252/0x320 [ 311.645909][ T8969] ksys_read+0x156/0x270 [ 311.645937][ T8969] ? __pfx_ksys_read+0x10/0x10 [ 311.645972][ T8969] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.645996][ T8969] do_syscall_64+0x15f/0xf80 [ 311.646026][ T8969] ? trace_irq_disable+0x3b/0x140 [ 311.646052][ T8969] ? clear_bhb_loop+0x40/0x90 [ 311.646080][ T8969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.646104][ T8969] RIP: 0033:0x7ff8fca3d68e [ 311.646125][ T8969] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 311.646149][ T8969] RSP: 002b:00007ff8facacfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 311.646173][ T8969] RAX: ffffffffffffffda RBX: 00007ff8facad6c0 RCX: 00007ff8fca3d68e [ 311.646190][ T8969] RDX: 000000000000000f RSI: 00007ff8facad0a0 RDI: 0000000000000005 [ 311.646205][ T8969] RBP: 00007ff8facad090 R08: 0000000000000000 R09: 0000000000000000 [ 311.646219][ T8969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.646232][ T8969] R13: 00007ff8fccf6128 R14: 00007ff8fccf6090 R15: 00007ffda3ce47e8 [ 311.646267][ T8969] [ 312.717774][ T5712] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 312.882918][ T5712] usb 3-1: config 0 has an invalid interface number: 200 but max is 0 [ 312.882950][ T5712] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.882972][ T5712] usb 3-1: config 0 has no interface number 0 [ 312.883020][ T5712] usb 3-1: config 0 interface 200 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 312.883051][ T5712] usb 3-1: config 0 interface 200 has no altsetting 0 [ 312.935800][ T5712] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 312.935838][ T5712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.935864][ T5712] usb 3-1: Product: syz [ 312.935882][ T5712] usb 3-1: Manufacturer: syz [ 312.935900][ T5712] usb 3-1: SerialNumber: syz [ 312.990461][ T5712] usb 3-1: config 0 descriptor?? [ 313.893374][ T5705] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 314.101709][ T5705] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 314.101805][ T5705] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.137633][ T5705] usb 4-1: config 0 descriptor?? [ 314.166736][ T5705] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 314.580997][ T5705] gspca_sunplus: reg_w_riv err -71 [ 314.581343][ T5705] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 314.616709][ T5705] usb 4-1: USB disconnect, device number 35 [ 315.298583][ T9027] FAT-fs (loop4): unable to read boot sector [ 316.883182][ T5712] usbhid 3-1:0.200: couldn't find an input interrupt endpoint [ 316.907180][ T5712] usb 3-1: USB disconnect, device number 11 [ 317.036022][ T5599] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 317.075048][ T9049] loop8: detected capacity change from 0 to 7 [ 317.083170][ T9049] Dev loop8: unable to read RDB block 7 [ 317.083252][ T9049] loop8: unable to read partition table [ 317.083910][ T9049] loop8: partition table beyond EOD, truncated [ 317.084015][ T9049] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 317.209253][ T5599] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 317.212102][ T5599] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 317.212136][ T5599] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.212158][ T5599] usb 4-1: Product: syz [ 317.212173][ T5599] usb 4-1: Manufacturer: syz [ 317.212189][ T5599] usb 4-1: SerialNumber: syz [ 317.338665][ T5599] usb 4-1: config 0 descriptor?? [ 317.367167][ T5599] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 317.397480][ T5599] usb 4-1: Detected FT232R [ 317.580037][ T9036] Unsupported ieee802154 address type: 0 [ 317.602492][ T5599] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 317.605070][ T5599] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 317.607260][ T5599] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 317.626095][ T5599] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 317.769571][ T5599] usb 4-1: USB disconnect, device number 36 [ 317.817121][ T9063] FAULT_INJECTION: forcing a failure. [ 317.817121][ T9063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.817162][ T9063] CPU: 0 UID: 0 PID: 9063 Comm: syz.4.1288 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 317.817201][ T9063] Tainted: [L]=SOFTLOCKUP [ 317.817207][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 317.817217][ T9063] Call Trace: [ 317.817225][ T9063] [ 317.817231][ T9063] dump_stack_lvl+0xe8/0x150 [ 317.817255][ T9063] should_fail_ex+0x46b/0x600 [ 317.817287][ T9063] _copy_to_user+0x31/0xb0 [ 317.817308][ T9063] drm_read+0x3f2/0x890 [ 317.817343][ T9063] ? __pfx_drm_read+0x10/0x10 [ 317.817366][ T9063] ? __pfx_autoremove_wake_function+0x10/0x10 [ 317.817393][ T9063] ? rw_verify_area+0x2ac/0x4e0 [ 317.817415][ T9063] vfs_readv+0x597/0x850 [ 317.817440][ T9063] ? __pfx_drm_read+0x10/0x10 [ 317.817472][ T9063] ? __pfx_vfs_readv+0x10/0x10 [ 317.817506][ T9063] ? __fget_files+0x2a/0x420 [ 317.817524][ T9063] ? __fget_files+0x3a6/0x420 [ 317.817537][ T9063] ? __fget_files+0x2a/0x420 [ 317.817559][ T9063] __x64_sys_preadv+0x1a2/0x2b0 [ 317.817581][ T9063] ? __pfx___x64_sys_preadv+0x10/0x10 [ 317.817609][ T9063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.817626][ T9063] do_syscall_64+0x15f/0xf80 [ 317.817647][ T9063] ? trace_irq_disable+0x3b/0x140 [ 317.817666][ T9063] ? clear_bhb_loop+0x40/0x90 [ 317.817686][ T9063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.817703][ T9063] RIP: 0033:0x7fe99733ce59 [ 317.817718][ T9063] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.817732][ T9063] RSP: 002b:00007fe99558e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 317.817749][ T9063] RAX: ffffffffffffffda RBX: 00007fe9975b5fa0 RCX: 00007fe99733ce59 [ 317.817761][ T9063] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000004 [ 317.817771][ T9063] RBP: 00007fe99558e090 R08: 0000000000008008 R09: 0000000000000000 [ 317.817781][ T9063] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 317.817790][ T9063] R13: 00007fe9975b6038 R14: 00007fe9975b5fa0 R15: 00007fff44619818 [ 317.817815][ T9063] [ 318.238213][ T5599] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 318.239017][ T5599] ftdi_sio 4-1:0.0: device disconnected [ 318.385835][ T9081] loop8: detected capacity change from 0 to 7 [ 318.387062][ T9081] Dev loop8: unable to read RDB block 7 [ 318.387106][ T9081] loop8: unable to read partition table [ 318.387351][ T9081] loop8: partition table beyond EOD, truncated [ 318.387371][ T9081] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 321.251111][ T9121] loop8: detected capacity change from 0 to 7 [ 321.275676][ T9121] Dev loop8: unable to read RDB block 7 [ 321.275720][ T9121] loop8: unable to read partition table [ 321.275971][ T9121] loop8: partition table beyond EOD, truncated [ 321.275992][ T9121] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 321.726047][ T9129] FAULT_INJECTION: forcing a failure. [ 321.726047][ T9129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.726092][ T9129] CPU: 0 UID: 0 PID: 9129 Comm: syz.0.1317 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 321.726123][ T9129] Tainted: [L]=SOFTLOCKUP [ 321.726132][ T9129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 321.726146][ T9129] Call Trace: [ 321.726155][ T9129] [ 321.726165][ T9129] dump_stack_lvl+0xe8/0x150 [ 321.726198][ T9129] should_fail_ex+0x46b/0x600 [ 321.726240][ T9129] _copy_from_iter+0x1d3/0x1670 [ 321.726261][ T9129] ? unwind_next_frame+0xa6/0x2550 [ 321.726301][ T9129] ? __pfx__copy_from_iter+0x10/0x10 [ 321.726320][ T9129] ? is_bpf_text_address+0x26/0x2b0 [ 321.726367][ T9129] tun_get_user+0x264/0x4400 [ 321.726393][ T9129] ? is_bpf_text_address+0x292/0x2b0 [ 321.726422][ T9129] ? is_bpf_text_address+0x26/0x2b0 [ 321.726455][ T9129] ? kernel_text_address+0xa5/0xe0 [ 321.726491][ T9129] ? __kernel_text_address+0xd/0x30 [ 321.726524][ T9129] ? unwind_get_return_address+0x4d/0x90 [ 321.726554][ T9129] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 321.726589][ T9129] ? __lock_acquire+0x6b5/0x2cf0 [ 321.726621][ T9129] ? __pfx_tun_get_user+0x10/0x10 [ 321.726650][ T9129] ? __lock_acquire+0x6b5/0x2cf0 [ 321.726683][ T9129] ? kstrtoull+0x12f/0x1d0 [ 321.726725][ T9129] ? ref_tracker_alloc+0x332/0x4a0 [ 321.726748][ T9129] ? get_pid_task+0x20/0x1f0 [ 321.726780][ T9129] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 321.726807][ T9129] ? tun_get+0x1c/0x2f0 [ 321.726832][ T9129] ? tun_get+0x1c/0x2f0 [ 321.726864][ T9129] ? tun_get+0x1c/0x2f0 [ 321.726890][ T9129] ? tun_get+0x1c/0x2f0 [ 321.726930][ T9129] tun_chr_write_iter+0x119/0x200 [ 321.726959][ T9129] vfs_write+0x629/0xba0 [ 321.726995][ T9129] ? __pfx_vfs_write+0x10/0x10 [ 321.727032][ T9129] ? __fget_files+0x2a/0x420 [ 321.727062][ T9129] ksys_write+0x156/0x270 [ 321.727090][ T9129] ? __pfx_ksys_write+0x10/0x10 [ 321.727124][ T9129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.727150][ T9129] do_syscall_64+0x15f/0xf80 [ 321.727181][ T9129] ? trace_irq_disable+0x3b/0x140 [ 321.727208][ T9129] ? clear_bhb_loop+0x40/0x90 [ 321.727236][ T9129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.727259][ T9129] RIP: 0033:0x7f6de4f7ce59 [ 321.727280][ T9129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 321.727301][ T9129] RSP: 002b:00007f6de31ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 321.727326][ T9129] RAX: ffffffffffffffda RBX: 00007f6de51f6090 RCX: 00007f6de4f7ce59 [ 321.727343][ T9129] RDX: 000000000000fdef RSI: 0000200000000080 RDI: 0000000000000003 [ 321.727356][ T9129] RBP: 00007f6de31ad090 R08: 0000000000000000 R09: 0000000000000000 [ 321.727369][ T9129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.727388][ T9129] R13: 00007f6de51f6128 R14: 00007f6de51f6090 R15: 00007ffd1e245248 [ 321.727428][ T9129] [ 323.158742][ T9138] FAT-fs (loop4): unable to read boot sector [ 323.403777][ T9150] FAT-fs (loop4): unable to read boot sector [ 324.967013][ T9160] tipc: Enabling of bearer rejected, failed to enable media [ 325.363260][ T9170] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1332'. [ 325.477605][ T9175] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1332'. [ 325.707601][ T9185] FAULT_INJECTION: forcing a failure. [ 325.707601][ T9185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.707643][ T9185] CPU: 0 UID: 0 PID: 9185 Comm: syz.1.1339 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 325.707675][ T9185] Tainted: [L]=SOFTLOCKUP [ 325.707683][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 325.707697][ T9185] Call Trace: [ 325.707706][ T9185] [ 325.707716][ T9185] dump_stack_lvl+0xe8/0x150 [ 325.707757][ T9185] should_fail_ex+0x46b/0x600 [ 325.707802][ T9185] _copy_from_user+0x2d/0xb0 [ 325.707830][ T9185] do_ipv6_setsockopt+0x25c/0x3150 [ 325.707878][ T9185] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 325.707914][ T9185] ? kstrtouint+0x6e/0xe0 [ 325.707950][ T9185] ? get_pid_task+0x20/0x1f0 [ 325.707987][ T9185] ? __lock_acquire+0x6b5/0x2cf0 [ 325.708023][ T9185] ? get_pid_task+0x20/0x1f0 [ 325.708052][ T9185] ? get_pid_task+0x20/0x1f0 [ 325.708094][ T9185] ? __lock_acquire+0x6b5/0x2cf0 [ 325.708129][ T9185] ? do_raw_spin_lock+0x12b/0x2f0 [ 325.708168][ T9185] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.708206][ T9185] ipv6_setsockopt+0x59/0x170 [ 325.708232][ T9185] rawv6_setsockopt+0x276/0x5f0 [ 325.708272][ T9185] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 325.708310][ T9185] ? sock_common_setsockopt+0x36/0xc0 [ 325.708333][ T9185] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 325.708360][ T9185] do_sock_setsockopt+0x17c/0x1b0 [ 325.708393][ T9185] __x64_sys_setsockopt+0x143/0x1b0 [ 325.708424][ T9185] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.708449][ T9185] do_syscall_64+0x15f/0xf80 [ 325.708478][ T9185] ? trace_irq_disable+0x3b/0x140 [ 325.708504][ T9185] ? clear_bhb_loop+0x40/0x90 [ 325.708532][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.708555][ T9185] RIP: 0033:0x7ff8fca7ce59 [ 325.708576][ T9185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.708596][ T9185] RSP: 002b:00007ff8facce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 325.708620][ T9185] RAX: ffffffffffffffda RBX: 00007ff8fccf5fa0 RCX: 00007ff8fca7ce59 [ 325.708636][ T9185] RDX: 000000000000004b RSI: 0000000000000029 RDI: 0000000000000003 [ 325.708650][ T9185] RBP: 00007ff8facce090 R08: 0000000000000004 R09: 0000000000000000 [ 325.708664][ T9185] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 325.708678][ T9185] R13: 00007ff8fccf6038 R14: 00007ff8fccf5fa0 R15: 00007ffda3ce47e8 [ 325.708714][ T9185] [ 328.147877][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 328.147955][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 330.621834][ T9229] FAULT_INJECTION: forcing a failure. [ 330.621834][ T9229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.623657][ T9229] CPU: 1 UID: 0 PID: 9229 Comm: syz.1.1360 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 330.623691][ T9229] Tainted: [L]=SOFTLOCKUP [ 330.623699][ T9229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 330.623714][ T9229] Call Trace: [ 330.623722][ T9229] [ 330.623732][ T9229] dump_stack_lvl+0xe8/0x150 [ 330.623764][ T9229] should_fail_ex+0x46b/0x600 [ 330.623808][ T9229] _copy_from_user+0x2d/0xb0 [ 330.623836][ T9229] ucma_write+0x166/0x2f0 [ 330.623867][ T9229] ? __pfx_ucma_write+0x10/0x10 [ 330.623897][ T9229] ? rw_verify_area+0x25b/0x4e0 [ 330.623923][ T9229] ? __pfx_ucma_write+0x10/0x10 [ 330.623952][ T9229] vfs_write+0x2a3/0xba0 [ 330.623987][ T9229] ? __pfx_vfs_write+0x10/0x10 [ 330.624018][ T9229] ? __fget_files+0x2a/0x420 [ 330.624041][ T9229] ? __fget_files+0x2a/0x420 [ 330.624059][ T9229] ? __fget_files+0x3a6/0x420 [ 330.624078][ T9229] ? __fget_files+0x2a/0x420 [ 330.624107][ T9229] ksys_write+0x156/0x270 [ 330.624136][ T9229] ? __pfx_ksys_write+0x10/0x10 [ 330.624170][ T9229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.624196][ T9229] do_syscall_64+0x15f/0xf80 [ 330.624225][ T9229] ? trace_irq_disable+0x3b/0x140 [ 330.624252][ T9229] ? clear_bhb_loop+0x40/0x90 [ 330.624279][ T9229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.624302][ T9229] RIP: 0033:0x7ff8fca7ce59 [ 330.624323][ T9229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.624343][ T9229] RSP: 002b:00007ff8facce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 330.624367][ T9229] RAX: ffffffffffffffda RBX: 00007ff8fccf5fa0 RCX: 00007ff8fca7ce59 [ 330.624384][ T9229] RDX: 0000000000000030 RSI: 0000200000000240 RDI: 0000000000000004 [ 330.624399][ T9229] RBP: 00007ff8facce090 R08: 0000000000000000 R09: 0000000000000000 [ 330.624414][ T9229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.624427][ T9229] R13: 00007ff8fccf6038 R14: 00007ff8fccf5fa0 R15: 00007ffda3ce47e8 [ 330.624472][ T9229] [ 332.157252][ T9262] FAULT_INJECTION: forcing a failure. [ 332.157252][ T9262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.157293][ T9262] CPU: 1 UID: 0 PID: 9262 Comm: syz.0.1372 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 332.157324][ T9262] Tainted: [L]=SOFTLOCKUP [ 332.157332][ T9262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.157346][ T9262] Call Trace: [ 332.157355][ T9262] [ 332.157364][ T9262] dump_stack_lvl+0xe8/0x150 [ 332.157397][ T9262] should_fail_ex+0x46b/0x600 [ 332.157449][ T9262] _copy_to_iter+0x1e4/0x17d0 [ 332.157490][ T9262] ? __pfx__copy_to_iter+0x10/0x10 [ 332.157536][ T9262] ? splice_from_pipe_next+0x61c/0x670 [ 332.157567][ T9262] copy_page_to_iter+0x247/0x340 [ 332.157596][ T9262] pipe_to_user+0xa8/0x140 [ 332.157624][ T9262] __splice_from_pipe+0x34d/0x920 [ 332.157661][ T9262] ? __pfx_pipe_to_user+0x10/0x10 [ 332.157695][ T9262] __se_sys_vmsplice+0x38c/0x1620 [ 332.157732][ T9262] ? get_pid_task+0x20/0x1f0 [ 332.157761][ T9262] ? get_pid_task+0x20/0x1f0 [ 332.157796][ T9262] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 332.157833][ T9262] ? do_raw_spin_lock+0x12b/0x2f0 [ 332.157873][ T9262] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 332.157905][ T9262] ? lockdep_hardirqs_on+0x7a/0x110 [ 332.157935][ T9262] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 332.157977][ T9262] ? rt_mutex_slowunlock+0x1cb/0x300 [ 332.158020][ T9262] ? fput+0xa0/0xd0 [ 332.158079][ T9262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.158104][ T9262] do_syscall_64+0x15f/0xf80 [ 332.158133][ T9262] ? trace_irq_disable+0x3b/0x140 [ 332.158161][ T9262] ? clear_bhb_loop+0x40/0x90 [ 332.158191][ T9262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.158223][ T9262] RIP: 0033:0x7f6de4f7ce59 [ 332.158244][ T9262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 332.158294][ T9262] RSP: 002b:00007f6de31ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 332.158321][ T9262] RAX: ffffffffffffffda RBX: 00007f6de51f6090 RCX: 00007f6de4f7ce59 [ 332.158338][ T9262] RDX: 0000000000000001 RSI: 00002000000028c0 RDI: 0000000000000003 [ 332.158358][ T9262] RBP: 00007f6de31ad090 R08: 0000000000000000 R09: 0000000000000000 [ 332.158373][ T9262] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 332.158387][ T9262] R13: 00007f6de51f6128 R14: 00007f6de51f6090 R15: 00007ffd1e245248 [ 332.158424][ T9262] [ 333.111519][ T9283] FAT-fs (loop4): unable to read boot sector [ 333.123324][ T5705] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 333.286290][ T5705] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.286320][ T5705] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 333.324253][ T5705] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 333.324290][ T5705] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.324312][ T5705] usb 3-1: Product: syz [ 333.324328][ T5705] usb 3-1: Manufacturer: syz [ 333.324344][ T5705] usb 3-1: SerialNumber: syz [ 333.367107][ T5705] usb 3-1: config 0 descriptor?? [ 334.200674][ T9320] FAT-fs (loop4): unable to read boot sector [ 335.651377][ T9380] FAULT_INJECTION: forcing a failure. [ 335.651377][ T9380] name failslab, interval 1, probability 0, space 0, times 0 [ 335.651419][ T9380] CPU: 1 UID: 0 PID: 9380 Comm: syz.1.1424 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 335.651450][ T9380] Tainted: [L]=SOFTLOCKUP [ 335.651459][ T9380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 335.651473][ T9380] Call Trace: [ 335.651482][ T9380] [ 335.651492][ T9380] dump_stack_lvl+0xe8/0x150 [ 335.651525][ T9380] should_fail_ex+0x46b/0x600 [ 335.651571][ T9380] should_failslab+0xa8/0x100 [ 335.651601][ T9380] __kmalloc_noprof+0xdf/0x7b0 [ 335.651626][ T9380] ? kfree+0x4d/0x6c0 [ 335.651646][ T9380] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 335.651686][ T9380] tomoyo_realpath_from_path+0xe3/0x5d0 [ 335.651741][ T9380] ? tomoyo_domain+0xd7/0x130 [ 335.651776][ T9380] ? tomoyo_path_number_perm+0x219/0x630 [ 335.651807][ T9380] tomoyo_path_number_perm+0x246/0x630 [ 335.651854][ T9380] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 335.651884][ T9380] ? __lock_acquire+0x6b5/0x2cf0 [ 335.651964][ T9380] ? do_raw_spin_lock+0x12b/0x2f0 [ 335.652025][ T9380] ? __fget_files+0x2a/0x420 [ 335.652049][ T9380] ? __fget_files+0x2a/0x420 [ 335.652084][ T9380] ? __fget_files+0x3a6/0x420 [ 335.652215][ T9380] ? __fget_files+0x2a/0x420 [ 335.652268][ T9380] security_file_ioctl+0xc3/0x2a0 [ 335.652350][ T9380] __se_sys_ioctl+0x47/0x170 [ 335.652408][ T9380] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.652435][ T9380] do_syscall_64+0x15f/0xf80 [ 335.652474][ T9380] ? trace_irq_disable+0x3b/0x140 [ 335.652503][ T9380] ? clear_bhb_loop+0x40/0x90 [ 335.652540][ T9380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.652564][ T9380] RIP: 0033:0x7ff8fca7ce59 [ 335.652587][ T9380] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.652613][ T9380] RSP: 002b:00007ff8facce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.652638][ T9380] RAX: ffffffffffffffda RBX: 00007ff8fccf5fa0 RCX: 00007ff8fca7ce59 [ 335.652656][ T9380] RDX: 00002000000000c0 RSI: 00000000c0884113 RDI: 0000000000000005 [ 335.652671][ T9380] RBP: 00007ff8facce090 R08: 0000000000000000 R09: 0000000000000000 [ 335.652686][ T9380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.652700][ T9380] R13: 00007ff8fccf6038 R14: 00007ff8fccf5fa0 R15: 00007ffda3ce47e8 [ 335.652732][ T9380] [ 335.655115][ T9380] ERROR: Out of memory at tomoyo_realpath_from_path. [ 336.167639][ T5815] usb 3-1: USB disconnect, device number 12 [ 336.550072][ T9396] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1432'. [ 336.550399][ T9398] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1432'. [ 337.121147][ T5705] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 337.297884][ T5705] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.297915][ T5705] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 337.323842][ T5705] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 337.323875][ T5705] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.323897][ T5705] usb 4-1: Product: syz [ 337.323912][ T5705] usb 4-1: Manufacturer: syz [ 337.323928][ T5705] usb 4-1: SerialNumber: syz [ 337.365246][ T5705] usb 4-1: config 0 descriptor?? [ 337.570086][ T5737] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 337.751795][ T5737] usb 1-1: Using ep0 maxpacket: 16 [ 337.754105][ T5737] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.754136][ T5737] usb 1-1: config 0 has no interfaces? [ 337.755771][ T5737] usb 1-1: string descriptor 0 read error: -71 [ 337.755917][ T5737] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 337.755944][ T5737] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.816709][ T5737] usb 1-1: config 0 descriptor?? [ 337.817175][ T5737] usb 1-1: can't set config #0, error -71 [ 337.824950][ T5737] usb 1-1: USB disconnect, device number 18 [ 340.404408][ T5815] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 340.575524][ T5815] usb 3-1: Using ep0 maxpacket: 32 [ 340.577470][ T5815] usb 3-1: config 0 has no interfaces? [ 340.577507][ T5815] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 340.577535][ T5815] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.627986][ T5815] usb 3-1: config 0 descriptor?? [ 340.990924][ T5712] usb 4-1: USB disconnect, device number 37 [ 341.963403][ T5726] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 342.125544][ T5726] usb 4-1: Using ep0 maxpacket: 32 [ 342.131051][ T5726] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 342.131082][ T5726] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 342.131104][ T5726] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 342.131127][ T5726] usb 4-1: config 1 has no interface number 0 [ 342.131173][ T5726] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 342.131203][ T5726] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 342.131250][ T5726] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 342.131277][ T5726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.353469][ T5726] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 342.579432][ T5726] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 343.078673][ T5726] usb 4-1: USB disconnect, device number 38 [ 343.110050][ T5726] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 343.218033][ T5737] usb 3-1: USB disconnect, device number 13 [ 343.696491][ T9553] loop5: detected capacity change from 0 to 7 [ 343.724075][ T9551] bond1: Unable to set up delay as MII monitoring is disabled [ 343.728218][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.728406][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.754742][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.754780][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.790178][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.790217][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.810556][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.810604][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.857002][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.857046][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.909344][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.909380][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.967696][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 343.967736][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 343.968011][ T9561] FAULT_INJECTION: forcing a failure. [ 343.968011][ T9561] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 343.968045][ T9561] CPU: 1 UID: 0 PID: 9561 Comm: syz.3.1504 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 343.968079][ T9561] Tainted: [L]=SOFTLOCKUP [ 343.968085][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 343.968095][ T9561] Call Trace: [ 343.968101][ T9561] [ 343.968107][ T9561] dump_stack_lvl+0xe8/0x150 [ 343.968131][ T9561] should_fail_ex+0x46b/0x600 [ 343.968162][ T9561] _copy_to_user+0x31/0xb0 [ 343.968183][ T9561] simple_read_from_buffer+0xe1/0x170 [ 343.968214][ T9561] proc_fail_nth_read+0x1be/0x230 [ 343.968243][ T9561] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 343.968272][ T9561] ? rw_verify_area+0x2ac/0x4e0 [ 343.968289][ T9561] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 343.968316][ T9561] vfs_read+0x212/0xa80 [ 343.968341][ T9561] ? __pfx_vfs_read+0x10/0x10 [ 343.968360][ T9561] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 343.968382][ T9561] ? lockdep_hardirqs_on+0x7a/0x110 [ 343.968403][ T9561] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 343.968425][ T9561] ? mutex_lock_nested+0x152/0x1d0 [ 343.968440][ T9561] ? fdget_pos+0x252/0x320 [ 343.968462][ T9561] ksys_read+0x156/0x270 [ 343.968482][ T9561] ? __pfx_ksys_read+0x10/0x10 [ 343.968502][ T9561] ? arch_syscall_is_vdso_sigreturn+0x11f/0x1a0 [ 343.968538][ T9561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.968555][ T9561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.968572][ T9561] do_syscall_64+0x15f/0xf80 [ 343.968593][ T9561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.968610][ T9561] ? clear_bhb_loop+0x40/0x90 [ 343.968629][ T9561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.968646][ T9561] RIP: 0033:0x7f4ce14ad68e [ 343.968660][ T9561] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 343.968674][ T9561] RSP: 002b:00007f4cdf745fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 343.968695][ T9561] RAX: ffffffffffffffda RBX: 00007f4cdf7466c0 RCX: 00007f4ce14ad68e [ 343.968707][ T9561] RDX: 000000000000000f RSI: 00007f4cdf7460a0 RDI: 0000000000000003 [ 343.968717][ T9561] RBP: 00007f4cdf746090 R08: 0000000000000000 R09: 0000000000000000 [ 343.968727][ T9561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.968736][ T9561] R13: 00007f4ce1766038 R14: 00007f4ce1765fa0 R15: 00007ffe35f94738 [ 343.968763][ T9561] [ 344.020096][ T9553] ldm_validate_partition_table(): Disk read failed. [ 344.061820][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 344.061913][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 344.090119][ T9551] bond1 (unregistering): Released all slaves [ 344.116025][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 344.116065][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 344.379220][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 344.379264][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 344.379728][ T9553] Dev loop5: unable to read RDB block 0 [ 344.495106][ T9553] loop5: unable to read partition table [ 344.495363][ T9553] loop5: partition table beyond EOD, truncated [ 344.495406][ T9553] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 344.555356][ T5598] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 344.558162][ T5598] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 344.599620][ T5598] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 344.649471][ T5598] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 344.693179][ T5598] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 345.965159][ T9595] openvswitch: netlink: IPv4 tun info is not correct [ 347.040807][ T59] Bluetooth: hci5: command tx timeout [ 347.340231][ T9618] FAULT_INJECTION: forcing a failure. [ 347.340231][ T9618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 347.340274][ T9618] CPU: 1 UID: 0 PID: 9618 Comm: syz.0.1526 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 347.340306][ T9618] Tainted: [L]=SOFTLOCKUP [ 347.340315][ T9618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 347.340329][ T9618] Call Trace: [ 347.340337][ T9618] [ 347.340347][ T9618] dump_stack_lvl+0xe8/0x150 [ 347.340378][ T9618] should_fail_ex+0x46b/0x600 [ 347.340432][ T9618] _copy_from_user+0x2d/0xb0 [ 347.340459][ T9618] ___sys_sendmsg+0x1c6/0x360 [ 347.340491][ T9618] ? __lock_acquire+0x6b5/0x2cf0 [ 347.340527][ T9618] ? __pfx____sys_sendmsg+0x10/0x10 [ 347.340564][ T9618] ? kstrtouint+0x6e/0xe0 [ 347.340625][ T9618] ? __fget_files+0x2a/0x420 [ 347.340649][ T9618] ? __fget_files+0x3a6/0x420 [ 347.340681][ T9618] __sys_sendmmsg+0x282/0x4e0 [ 347.340718][ T9618] ? __pfx___sys_sendmmsg+0x10/0x10 [ 347.340760][ T9618] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 347.340799][ T9618] ? ksys_write+0x248/0x270 [ 347.340828][ T9618] ? __pfx_ksys_write+0x10/0x10 [ 347.340861][ T9618] __x64_sys_sendmmsg+0xa0/0xc0 [ 347.340892][ T9618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.340916][ T9618] do_syscall_64+0x15f/0xf80 [ 347.340944][ T9618] ? trace_irq_disable+0x3b/0x140 [ 347.340971][ T9618] ? clear_bhb_loop+0x40/0x90 [ 347.340999][ T9618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.341022][ T9618] RIP: 0033:0x7f6de4f7ce59 [ 347.341043][ T9618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 347.341063][ T9618] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 347.341088][ T9618] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 347.341106][ T9618] RDX: 0000000000000002 RSI: 00002000000008c0 RDI: 0000000000000003 [ 347.341120][ T9618] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 347.341134][ T9618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 347.341149][ T9618] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 347.341185][ T9618] [ 347.943168][ T9043] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.658330][ T9638] FAULT_INJECTION: forcing a failure. [ 348.658330][ T9638] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 348.658372][ T9638] CPU: 1 UID: 0 PID: 9638 Comm: syz.4.1533 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 348.658395][ T9638] Tainted: [L]=SOFTLOCKUP [ 348.658401][ T9638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 348.658411][ T9638] Call Trace: [ 348.658417][ T9638] [ 348.658424][ T9638] dump_stack_lvl+0xe8/0x150 [ 348.658448][ T9638] should_fail_ex+0x46b/0x600 [ 348.658480][ T9638] _copy_from_user+0x2d/0xb0 [ 348.658499][ T9638] ___sys_recvmsg+0x175/0x590 [ 348.658528][ T9638] ? get_pid_task+0x20/0x1f0 [ 348.658548][ T9638] ? get_pid_task+0x20/0x1f0 [ 348.658573][ T9638] ? __pfx____sys_recvmsg+0x10/0x10 [ 348.658599][ T9638] ? __fget_files+0x2a/0x420 [ 348.658630][ T9638] ? __fget_files+0x3a6/0x420 [ 348.658652][ T9638] __x64_sys_recvmsg+0x1c0/0x2a0 [ 348.658678][ T9638] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 348.658707][ T9638] ? __pfx_ksys_write+0x10/0x10 [ 348.658761][ T9638] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.658805][ T9638] do_syscall_64+0x15f/0xf80 [ 348.658835][ T9638] ? trace_irq_disable+0x3b/0x140 [ 348.658862][ T9638] ? clear_bhb_loop+0x40/0x90 [ 348.658891][ T9638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.658915][ T9638] RIP: 0033:0x7fe99733ce59 [ 348.658929][ T9638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 348.658943][ T9638] RSP: 002b:00007fe99558e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 348.658960][ T9638] RAX: ffffffffffffffda RBX: 00007fe9975b5fa0 RCX: 00007fe99733ce59 [ 348.658972][ T9638] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 348.658983][ T9638] RBP: 00007fe99558e090 R08: 0000000000000000 R09: 0000000000000000 [ 348.658993][ T9638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 348.659002][ T9638] R13: 00007fe9975b6038 R14: 00007fe9975b5fa0 R15: 00007fff44619818 [ 348.659026][ T9638] [ 349.269525][ T59] Bluetooth: hci5: command tx timeout [ 349.294010][ T9043] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.514043][ T9649] FAULT_INJECTION: forcing a failure. [ 349.514043][ T9649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.514084][ T9649] CPU: 1 UID: 0 PID: 9649 Comm: syz.4.1538 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 349.514116][ T9649] Tainted: [L]=SOFTLOCKUP [ 349.514125][ T9649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 349.514139][ T9649] Call Trace: [ 349.514147][ T9649] [ 349.514157][ T9649] dump_stack_lvl+0xe8/0x150 [ 349.514190][ T9649] should_fail_ex+0x46b/0x600 [ 349.514235][ T9649] _copy_to_user+0x31/0xb0 [ 349.514263][ T9649] simple_read_from_buffer+0xe1/0x170 [ 349.514304][ T9649] proc_fail_nth_read+0x1be/0x230 [ 349.514344][ T9649] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.514383][ T9649] ? rw_verify_area+0x2ac/0x4e0 [ 349.514409][ T9649] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.514447][ T9649] vfs_read+0x212/0xa80 [ 349.514492][ T9649] ? __pfx_vfs_read+0x10/0x10 [ 349.514519][ T9649] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 349.514551][ T9649] ? lockdep_hardirqs_on+0x7a/0x110 [ 349.514582][ T9649] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 349.514613][ T9649] ? mutex_lock_nested+0x152/0x1d0 [ 349.514634][ T9649] ? fdget_pos+0x252/0x320 [ 349.514665][ T9649] ksys_read+0x156/0x270 [ 349.514694][ T9649] ? __pfx_ksys_read+0x10/0x10 [ 349.514729][ T9649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.514755][ T9649] do_syscall_64+0x15f/0xf80 [ 349.514784][ T9649] ? trace_irq_disable+0x3b/0x140 [ 349.514812][ T9649] ? clear_bhb_loop+0x40/0x90 [ 349.514841][ T9649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.514865][ T9649] RIP: 0033:0x7fe9972fd68e [ 349.514887][ T9649] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 349.514907][ T9649] RSP: 002b:00007fe99556cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 349.514931][ T9649] RAX: ffffffffffffffda RBX: 00007fe99556d6c0 RCX: 00007fe9972fd68e [ 349.514949][ T9649] RDX: 000000000000000f RSI: 00007fe99556d0a0 RDI: 0000000000000006 [ 349.514963][ T9649] RBP: 00007fe99556d090 R08: 0000000000000000 R09: 0000000000000000 [ 349.514978][ T9649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.514992][ T9649] R13: 00007fe9975b6128 R14: 00007fe9975b6090 R15: 00007fff44619818 [ 349.515029][ T9649] [ 349.986865][ T9660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'. [ 350.597778][ T9043] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.489055][ T59] Bluetooth: hci5: command tx timeout [ 351.655855][ T9043] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.590069][ T9710] FAULT_INJECTION: forcing a failure. [ 352.590069][ T9710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.590113][ T9710] CPU: 0 UID: 0 PID: 9710 Comm: syz.0.1564 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 352.590144][ T9710] Tainted: [L]=SOFTLOCKUP [ 352.590152][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 352.590166][ T9710] Call Trace: [ 352.590175][ T9710] [ 352.590185][ T9710] dump_stack_lvl+0xe8/0x150 [ 352.590217][ T9710] should_fail_ex+0x46b/0x600 [ 352.590260][ T9710] _copy_from_user+0x2d/0xb0 [ 352.590302][ T9710] ___sys_recvmsg+0x175/0x590 [ 352.590333][ T9710] ? get_pid_task+0x20/0x1f0 [ 352.590362][ T9710] ? get_pid_task+0x20/0x1f0 [ 352.590396][ T9710] ? __pfx____sys_recvmsg+0x10/0x10 [ 352.590436][ T9710] ? __fget_files+0x2a/0x420 [ 352.590475][ T9710] ? __fget_files+0x3a6/0x420 [ 352.590507][ T9710] __x64_sys_recvmsg+0x1c0/0x2a0 [ 352.590541][ T9710] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 352.590584][ T9710] ? __pfx_ksys_write+0x10/0x10 [ 352.590618][ T9710] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.590644][ T9710] do_syscall_64+0x15f/0xf80 [ 352.590677][ T9710] ? clear_bhb_loop+0x40/0x90 [ 352.590704][ T9710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.590727][ T9710] RIP: 0033:0x7f6de4f7ce59 [ 352.590749][ T9710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 352.590768][ T9710] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 352.590790][ T9710] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 352.590807][ T9710] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 352.590821][ T9710] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 352.590836][ T9710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 352.590850][ T9710] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 352.590890][ T9710] [ 352.623597][ T5712] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 352.861828][ T5712] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.861850][ T5712] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 352.888520][ T5712] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 352.888543][ T5712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.888558][ T5712] usb 3-1: Product: syz [ 352.888570][ T5712] usb 3-1: Manufacturer: syz [ 352.888581][ T5712] usb 3-1: SerialNumber: syz [ 353.117071][ T5712] usb 3-1: config 0 descriptor?? [ 353.710861][ T59] Bluetooth: hci5: command tx timeout [ 355.105797][ T9043] bridge_slave_1: left allmulticast mode [ 355.106059][ T9043] bridge_slave_1: left promiscuous mode [ 355.181222][ T9043] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.655142][ T9043] bridge_slave_0: left allmulticast mode [ 355.655182][ T9043] bridge_slave_0: left promiscuous mode [ 355.655430][ T9043] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.764477][ T5599] usb 3-1: USB disconnect, device number 14 [ 356.155642][ T9775] loop8: detected capacity change from 0 to 7 [ 356.156303][ T9776] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1583'. [ 356.156327][ T9776] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1583'. [ 356.156344][ T9776] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1583'. [ 356.200625][ T9775] Dev loop8: unable to read RDB block 7 [ 356.200675][ T9775] loop8: unable to read partition table [ 356.200930][ T9775] loop8: partition table beyond EOD, truncated [ 356.200950][ T9775] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 357.230657][ T9782] FAT-fs (loop3): unable to read boot sector [ 359.423602][ T9043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 359.512890][ T9824] FAULT_INJECTION: forcing a failure. [ 359.512890][ T9824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 359.512931][ T9824] CPU: 1 UID: 0 PID: 9824 Comm: syz.0.1606 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 359.512963][ T9824] Tainted: [L]=SOFTLOCKUP [ 359.512971][ T9824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 359.512986][ T9824] Call Trace: [ 359.512994][ T9824] [ 359.513003][ T9824] dump_stack_lvl+0xe8/0x150 [ 359.513034][ T9824] should_fail_ex+0x46b/0x600 [ 359.513078][ T9824] _copy_from_user+0x2d/0xb0 [ 359.513109][ T9824] ___sys_recvmsg+0x175/0x590 [ 359.513141][ T9824] ? get_pid_task+0x20/0x1f0 [ 359.513168][ T9824] ? get_pid_task+0x20/0x1f0 [ 359.513201][ T9824] ? __pfx____sys_recvmsg+0x10/0x10 [ 359.513239][ T9824] ? __fget_files+0x2a/0x420 [ 359.513278][ T9824] ? __fget_files+0x3a6/0x420 [ 359.513310][ T9824] __x64_sys_recvmsg+0x1c0/0x2a0 [ 359.513346][ T9824] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 359.513389][ T9824] ? __pfx_ksys_write+0x10/0x10 [ 359.513425][ T9824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.513451][ T9824] do_syscall_64+0x15f/0xf80 [ 359.513479][ T9824] ? trace_irq_disable+0x3b/0x140 [ 359.513507][ T9824] ? clear_bhb_loop+0x40/0x90 [ 359.513536][ T9824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.513560][ T9824] RIP: 0033:0x7f6de4f7ce59 [ 359.513582][ T9824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.513601][ T9824] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 359.513625][ T9824] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 359.513643][ T9824] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 359.513659][ T9824] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 359.513673][ T9824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.513687][ T9824] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 359.513724][ T9824] [ 359.716369][ T9043] bond0 (unregistering): Released all slaves [ 359.847323][ T9043] bond1 (unregistering): Released all slaves [ 360.101906][ T5257] 8021q: adding VLAN 0 to HW filter on device eth1 [ 361.149544][ T9848] FAT-fs (loop3): unable to read boot sector [ 363.256211][ T5257] 8021q: adding VLAN 0 to HW filter on device eth2 [ 366.576969][ T9557] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.577154][ T9557] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.577402][ T9557] bridge_slave_0: entered allmulticast mode [ 366.605635][ T9557] bridge_slave_0: entered promiscuous mode [ 366.639043][ T9557] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.639176][ T9557] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.639395][ T9557] bridge_slave_1: entered allmulticast mode [ 366.729536][ T9557] bridge_slave_1: entered promiscuous mode [ 367.044041][ T9922] FAULT_INJECTION: forcing a failure. [ 367.044041][ T9922] name failslab, interval 1, probability 0, space 0, times 0 [ 367.044086][ T9922] CPU: 0 UID: 0 PID: 9922 Comm: syz.4.1642 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 367.044131][ T9922] Tainted: [L]=SOFTLOCKUP [ 367.044141][ T9922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 367.044163][ T9922] Call Trace: [ 367.044180][ T9922] [ 367.044190][ T9922] dump_stack_lvl+0xe8/0x150 [ 367.044226][ T9922] should_fail_ex+0x46b/0x600 [ 367.044275][ T9922] should_failslab+0xa8/0x100 [ 367.044310][ T9922] kmem_cache_alloc_noprof+0x87/0x680 [ 367.044339][ T9922] ? lockdep_hardirqs_on+0x7a/0x110 [ 367.044371][ T9922] ? do_getname+0x2e/0x250 [ 367.044412][ T9922] do_getname+0x2e/0x250 [ 367.044444][ T9922] ? getname_flags+0x11/0x20 [ 367.044484][ T9922] do_sys_openat2+0xca/0x200 [ 367.044527][ T9922] ? __pfx_do_sys_openat2+0x10/0x10 [ 367.044569][ T9922] ? ksys_write+0x248/0x270 [ 367.044599][ T9922] ? __pfx_ksys_write+0x10/0x10 [ 367.044634][ T9922] __x64_sys_openat+0x138/0x170 [ 367.044677][ T9922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.044704][ T9922] do_syscall_64+0x15f/0xf80 [ 367.044737][ T9922] ? trace_irq_disable+0x3b/0x140 [ 367.044765][ T9922] ? clear_bhb_loop+0x40/0x90 [ 367.044797][ T9922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.044823][ T9922] RIP: 0033:0x7fe9972fd68e [ 367.044845][ T9922] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 367.044868][ T9922] RSP: 002b:00007fe99558db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 367.044894][ T9922] RAX: ffffffffffffffda RBX: 00007fe99558e6c0 RCX: 00007fe9972fd68e [ 367.044912][ T9922] RDX: 00000000000a2c25 RSI: 00007fe99558dc00 RDI: ffffffffffffff9c [ 367.044930][ T9922] RBP: 00007fe99558dc00 R08: 0000000000000000 R09: 0000000000000000 [ 367.044945][ T9922] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 367.044962][ T9922] R13: 00007fe9975b6038 R14: 00007fe9975b5fa0 R15: 00007fff44619818 [ 367.045002][ T9922] [ 367.627891][ T9043] hsr_slave_0: left promiscuous mode [ 367.670487][ T9043] hsr_slave_1: left promiscuous mode [ 367.706470][ T9043] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.706552][ T9043] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.741303][ T9043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.741333][ T9043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 368.068087][ T9043] veth1_macvtap: left promiscuous mode [ 368.085228][ T9043] veth0_macvtap: left promiscuous mode [ 368.159468][ T9043] veth1_vlan: left promiscuous mode [ 368.194850][ T9043] veth0_vlan: left promiscuous mode [ 372.385764][ T9043] team0 (unregistering): Port device team_slave_1 removed [ 372.453325][ T9043] team0 (unregistering): Port device team_slave_0 removed [ 372.955303][ T9557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.033486][ T5257] 8021q: adding VLAN 0 to HW filter on device eth3 [ 373.083361][ T9557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 373.446497][T10023] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1682'. [ 373.489831][ T9557] team0: Port device team_slave_0 added [ 373.507549][T10023] netlink: 'syz.3.1682': attribute type 1 has an invalid length. [ 373.533241][ T9557] team0: Port device team_slave_1 added [ 373.617422][ T5705] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 374.539051][ T5705] usb 3-1: Using ep0 maxpacket: 32 [ 374.591964][ T5705] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 374.591999][ T5705] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 374.592022][ T5705] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 374.592045][ T5705] usb 3-1: config 1 has no interface number 0 [ 374.592092][ T5705] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 374.592120][ T5705] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 374.592166][ T5705] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 374.592193][ T5705] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.703058][ T5705] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 374.960700][ T5705] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 374.990605][ T9557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 374.990624][ T9557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 374.990675][ T9557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.056142][ T9557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.056161][ T9557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 375.056193][ T9557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.556252][ T5584] usb 3-1: USB disconnect, device number 15 [ 375.559510][ T5584] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 376.771493][ T9557] hsr_slave_0: entered promiscuous mode [ 376.777801][ T9557] hsr_slave_1: entered promiscuous mode [ 376.818930][ T9557] debugfs: 'hsr0' already exists in 'hsr' [ 376.818961][ T9557] Cannot create hsr debugfs directory [ 380.025254][ T5257] 8021q: adding VLAN 0 to HW filter on device eth4 [ 383.967511][T10126] FAULT_INJECTION: forcing a failure. [ 383.967511][T10126] name failslab, interval 1, probability 0, space 0, times 0 [ 383.967560][T10126] CPU: 0 UID: 0 PID: 10126 Comm: syz.0.1718 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 383.967593][T10126] Tainted: [L]=SOFTLOCKUP [ 383.967601][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 383.967616][T10126] Call Trace: [ 383.967625][T10126] [ 383.967634][T10126] dump_stack_lvl+0xe8/0x150 [ 383.967668][T10126] should_fail_ex+0x46b/0x600 [ 383.967713][T10126] should_failslab+0xa8/0x100 [ 383.967745][T10126] __kvmalloc_node_noprof+0x170/0x8e0 [ 383.967776][T10126] ? traverse+0xde/0x580 [ 383.967814][T10126] traverse+0xde/0x580 [ 383.967842][T10126] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 383.967878][T10126] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 383.967918][T10126] ? seq_read_iter+0xb8/0xe20 [ 383.967953][T10126] seq_read_iter+0xd09/0xe20 [ 383.967982][T10126] ? _parse_integer_limit+0x1ae/0x1f0 [ 383.968044][T10126] ? __asan_memset+0x22/0x50 [ 383.968087][T10126] seq_read+0x36a/0x490 [ 383.968284][T10126] ? get_pid_task+0x20/0x1f0 [ 383.968330][T10126] ? __pfx_seq_read+0x10/0x10 [ 383.968379][T10126] ? __pfx_seq_read+0x10/0x10 [ 383.968406][T10126] proc_reg_read+0x1f6/0x2f0 [ 383.968434][T10126] ? __pfx_proc_reg_read+0x10/0x10 [ 383.968461][T10126] vfs_read+0x212/0xa80 [ 383.968499][T10126] ? __pfx_vfs_read+0x10/0x10 [ 383.968527][T10126] ? __fget_files+0x2a/0x420 [ 383.968551][T10126] ? __fget_files+0x2a/0x420 [ 383.968572][T10126] ? __fget_files+0x3a6/0x420 [ 383.968592][T10126] ? __fget_files+0x2a/0x420 [ 383.968626][T10126] __x64_sys_pread64+0x19c/0x230 [ 383.968658][T10126] ? __pfx___x64_sys_pread64+0x10/0x10 [ 383.968696][T10126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.968723][T10126] do_syscall_64+0x15f/0xf80 [ 383.968754][T10126] ? trace_irq_disable+0x3b/0x140 [ 383.968781][T10126] ? clear_bhb_loop+0x40/0x90 [ 383.968811][T10126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.968835][T10126] RIP: 0033:0x7f6de4f7ce59 [ 383.968857][T10126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 383.968878][T10126] RSP: 002b:00007f6de318c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 383.968904][T10126] RAX: ffffffffffffffda RBX: 00007f6de51f6180 RCX: 00007f6de4f7ce59 [ 383.968922][T10126] RDX: 0000000000018fd4 RSI: 0000200000000080 RDI: 0000000000000005 [ 383.968937][T10126] RBP: 00007f6de318c090 R08: 0000000000000000 R09: 0000000000000000 [ 383.968953][T10126] R10: 00000000000000ac R11: 0000000000000246 R12: 0000000000000001 [ 383.968967][T10126] R13: 00007f6de51f6218 R14: 00007f6de51f6180 R15: 00007ffd1e245248 [ 383.969005][T10126] [ 384.613635][ T5705] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 384.806085][ T5705] usb 3-1: Using ep0 maxpacket: 32 [ 384.808840][ T5705] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 384.808872][ T5705] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 384.808894][ T5705] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 384.808917][ T5705] usb 3-1: config 1 has no interface number 0 [ 384.808966][ T5705] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 384.809011][ T5705] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 384.809065][ T5705] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 384.809091][ T5705] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.933754][ T5705] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 384.964177][T10110] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 385.215700][ T5705] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 385.840992][ T5712] usb 3-1: USB disconnect, device number 16 [ 385.865742][ T5712] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 387.821383][ T5726] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 388.057846][ T5726] usb 3-1: Using ep0 maxpacket: 16 [ 388.100570][ T5726] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 388.100595][ T5726] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.100610][ T5726] usb 3-1: Product: syz [ 388.100622][ T5726] usb 3-1: Manufacturer: syz [ 388.100633][ T5726] usb 3-1: SerialNumber: syz [ 389.902216][ T5726] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 389.941008][ T5726] usb 3-1: USB disconnect, device number 17 [ 389.962399][T10168] bond1: Unable to set up delay as MII monitoring is disabled [ 390.027496][T10168] bond1 (unregistering): Released all slaves [ 390.066117][T10178] FAULT_INJECTION: forcing a failure. [ 390.066117][T10178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 390.066296][T10178] CPU: 1 UID: 0 PID: 10178 Comm: syz.0.1733 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 390.066336][T10178] Tainted: [L]=SOFTLOCKUP [ 390.066344][T10178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 390.066358][T10178] Call Trace: [ 390.066367][T10178] [ 390.066376][T10178] dump_stack_lvl+0xe8/0x150 [ 390.066407][T10178] should_fail_ex+0x46b/0x600 [ 390.066451][T10178] _copy_from_user+0x2d/0xb0 [ 390.066479][T10178] ___sys_sendmsg+0x1c6/0x360 [ 390.066511][T10178] ? __lock_acquire+0x6b5/0x2cf0 [ 390.066547][T10178] ? __pfx____sys_sendmsg+0x10/0x10 [ 390.066617][T10178] ? __fget_files+0x2a/0x420 [ 390.066637][T10178] ? __fget_files+0x3a6/0x420 [ 390.066670][T10178] __x64_sys_sendmsg+0x1c3/0x2a0 [ 390.066704][T10178] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 390.066746][T10178] ? __pfx_ksys_write+0x10/0x10 [ 390.066781][T10178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.066814][T10178] do_syscall_64+0x15f/0xf80 [ 390.066847][T10178] ? clear_bhb_loop+0x40/0x90 [ 390.066874][T10178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.066897][T10178] RIP: 0033:0x7f6de4f7ce59 [ 390.066917][T10178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 390.066937][T10178] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 390.066962][T10178] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 390.066979][T10178] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 390.066994][T10178] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 390.067009][T10178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 390.067022][T10178] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 390.067058][T10178] [ 393.188593][ T5712] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 393.351906][ T5712] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 393.354985][ T5712] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 393.355020][ T5712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.355043][ T5712] usb 4-1: Product: syz [ 393.355059][ T5712] usb 4-1: Manufacturer: syz [ 393.355075][ T5712] usb 4-1: SerialNumber: syz [ 393.409831][ T5712] usb 4-1: config 0 descriptor?? [ 393.427084][ T5712] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 393.440648][ T5712] usb 4-1: Detected FT232R [ 393.663691][T10215] Unsupported ieee802154 address type: 0 [ 393.863647][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 393.888314][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 393.889193][ T5712] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 393.899391][ T5712] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 393.900672][ T5712] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 394.033429][ T5712] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 394.072729][ T5712] usb 4-1: USB disconnect, device number 39 [ 394.197754][ T5712] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 394.200211][ T5712] ftdi_sio 4-1:0.0: device disconnected [ 394.227921][ T5902] udevd[5902]: setting mode of /dev/bus/usb/004/039 to 020664 failed: No such file or directory [ 394.228109][ T5902] udevd[5902]: setting owner of /dev/bus/usb/004/039 to uid=0, gid=0 failed: No such file or directory [ 394.805105][T10235] bond0: (slave bond_slave_1): Releasing backup interface [ 395.210931][ T9557] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 395.320868][ T9557] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 395.323678][ T9557] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 395.448850][ T9557] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 395.479453][ T9557] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 395.572970][ T9557] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 395.574603][ T9557] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 395.635209][ T9557] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 396.924241][ T9557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.171836][ T9557] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.239559][ T6637] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.239694][ T6637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.371637][ T1194] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.371778][ T1194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.054818][T10253] syz.3.1756 (10253) used greatest stack depth: 16600 bytes left [ 400.091666][ T5815] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 400.254886][ T5815] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 400.270523][ T5815] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 400.270569][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.270591][ T5815] usb 4-1: Product: syz [ 400.270607][ T5815] usb 4-1: Manufacturer: syz [ 400.270624][ T5815] usb 4-1: SerialNumber: syz [ 400.346714][ T5815] usb 4-1: config 0 descriptor?? [ 400.367372][ T5815] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 400.382821][ T5815] usb 4-1: Detected FT232R [ 400.427148][ T9557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.617065][T10353] Unsupported ieee802154 address type: 0 [ 400.686841][ T5815] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 400.687324][ T5815] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 400.687834][ T5815] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 400.741613][ T5815] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 400.759155][ T5815] usb 4-1: USB disconnect, device number 40 [ 400.791285][ T5815] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 400.819332][ T5815] ftdi_sio 4-1:0.0: device disconnected [ 401.133275][ T9557] veth0_vlan: entered promiscuous mode [ 401.261271][ T9557] veth1_vlan: entered promiscuous mode [ 401.763437][ T9557] veth0_macvtap: entered promiscuous mode [ 401.869674][ T9557] veth1_macvtap: entered promiscuous mode [ 402.008237][ T9557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.123835][ T9557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.269802][ T9043] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.271952][ T9043] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.290903][ T9043] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.306217][ T9043] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.336173][ T5815] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 402.518179][ T5815] usb 4-1: Using ep0 maxpacket: 16 [ 402.552329][ T5815] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 402.552361][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.552381][ T5815] usb 4-1: Product: syz [ 402.552397][ T5815] usb 4-1: Manufacturer: syz [ 402.552413][ T5815] usb 4-1: SerialNumber: syz [ 402.819725][T10406] FAULT_INJECTION: forcing a failure. [ 402.819725][T10406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 402.819767][T10406] CPU: 0 UID: 0 PID: 10406 Comm: syz.0.1797 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 402.819799][T10406] Tainted: [L]=SOFTLOCKUP [ 402.819808][T10406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 402.819823][T10406] Call Trace: [ 402.819832][T10406] [ 402.819842][T10406] dump_stack_lvl+0xe8/0x150 [ 402.819875][T10406] should_fail_ex+0x46b/0x600 [ 402.819919][T10406] _copy_from_user+0x2d/0xb0 [ 402.819947][T10406] ___sys_sendmsg+0x1c6/0x360 [ 402.819978][T10406] ? __lock_acquire+0x6b5/0x2cf0 [ 402.820015][T10406] ? __pfx____sys_sendmsg+0x10/0x10 [ 402.820093][T10406] ? __fget_files+0x2a/0x420 [ 402.820115][T10406] ? __fget_files+0x3a6/0x420 [ 402.820146][T10406] __x64_sys_sendmsg+0x1c3/0x2a0 [ 402.820180][T10406] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 402.820228][T10406] ? __pfx_ksys_write+0x10/0x10 [ 402.820266][T10406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.820291][T10406] do_syscall_64+0x15f/0xf80 [ 402.820321][T10406] ? trace_irq_disable+0x3b/0x140 [ 402.820349][T10406] ? clear_bhb_loop+0x40/0x90 [ 402.820377][T10406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.820401][T10406] RIP: 0033:0x7f6de4f7ce59 [ 402.820423][T10406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.820443][T10406] RSP: 002b:00007f6de31ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 402.820468][T10406] RAX: ffffffffffffffda RBX: 00007f6de51f6090 RCX: 00007f6de4f7ce59 [ 402.820485][T10406] RDX: 0000000000000042 RSI: 0000200000000c80 RDI: 0000000000000003 [ 402.820499][T10406] RBP: 00007f6de31ad090 R08: 0000000000000000 R09: 0000000000000000 [ 402.820512][T10406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 402.820525][T10406] R13: 00007f6de51f6128 R14: 00007f6de51f6090 R15: 00007ffd1e245248 [ 402.820561][T10406] [ 403.348797][ T5815] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 403.434412][ T5815] usb 4-1: USB disconnect, device number 41 [ 403.801794][ T5852] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 404.072357][ T5852] usb 3-1: config 0 has an invalid interface number: 200 but max is 0 [ 404.072388][ T5852] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.072408][ T5852] usb 3-1: config 0 has no interface number 0 [ 404.072455][ T5852] usb 3-1: config 0 interface 200 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 404.072487][ T5852] usb 3-1: config 0 interface 200 has no altsetting 0 [ 404.131035][ T5852] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 404.131073][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.131096][ T5852] usb 3-1: Product: syz [ 404.131112][ T5852] usb 3-1: Manufacturer: syz [ 404.131128][ T5852] usb 3-1: SerialNumber: syz [ 404.182309][ T5852] usb 3-1: config 0 descriptor?? [ 404.275234][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.275255][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.782167][ T780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.782190][ T780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.484091][ T5852] usbhid 3-1:0.200: couldn't find an input interrupt endpoint [ 405.509951][ T5852] usb 3-1: USB disconnect, device number 18 [ 407.226984][T10463] ceph: No mds server is up or the cluster is laggy [ 407.298260][ T37] libceph: connect (1)[c::]:6789 error -101 [ 407.319401][ T37] libceph: mon0 (1)[c::]:6789 connect error [ 408.730964][ T38] audit: type=1400 audit(1778999258.505:2): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10489 comm="syz.2.1821" saddr=172.30.0.3 daddr=172.20.20.170 netif=wpan0 [ 408.932688][T10510] FAULT_INJECTION: forcing a failure. [ 408.932688][T10510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.932725][T10510] CPU: 0 UID: 0 PID: 10510 Comm: syz.0.1827 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 408.932755][T10510] Tainted: [L]=SOFTLOCKUP [ 408.932762][T10510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 408.932775][T10510] Call Trace: [ 408.932782][T10510] [ 408.932790][T10510] dump_stack_lvl+0xe8/0x150 [ 408.932820][T10510] should_fail_ex+0x46b/0x600 [ 408.932860][T10510] _copy_to_user+0x31/0xb0 [ 408.932895][T10510] simple_read_from_buffer+0xe1/0x170 [ 408.932935][T10510] proc_fail_nth_read+0x1be/0x230 [ 408.932974][T10510] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 408.933013][T10510] ? rw_verify_area+0x2ac/0x4e0 [ 408.933039][T10510] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 408.933070][T10510] vfs_read+0x212/0xa80 [ 408.933096][T10510] ? __pfx_vfs_read+0x10/0x10 [ 408.933118][T10510] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 408.933142][T10510] ? lockdep_hardirqs_on+0x7a/0x110 [ 408.933166][T10510] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 408.933190][T10510] ? mutex_lock_nested+0x152/0x1d0 [ 408.933206][T10510] ? fdget_pos+0x252/0x320 [ 408.933231][T10510] ksys_read+0x156/0x270 [ 408.933254][T10510] ? __pfx_ksys_read+0x10/0x10 [ 408.933288][T10510] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.933311][T10510] do_syscall_64+0x15f/0xf80 [ 408.933334][T10510] ? trace_irq_disable+0x3b/0x140 [ 408.933355][T10510] ? clear_bhb_loop+0x40/0x90 [ 408.933377][T10510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.933395][T10510] RIP: 0033:0x7f6de4f3d68e [ 408.933412][T10510] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 408.933428][T10510] RSP: 002b:00007f6de31acfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 408.933449][T10510] RAX: ffffffffffffffda RBX: 00007f6de31ad6c0 RCX: 00007f6de4f3d68e [ 408.933464][T10510] RDX: 000000000000000f RSI: 00007f6de31ad0a0 RDI: 0000000000000004 [ 408.933475][T10510] RBP: 00007f6de31ad090 R08: 0000000000000000 R09: 0000000000000000 [ 408.933487][T10510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.933498][T10510] R13: 00007f6de51f6128 R14: 00007f6de51f6090 R15: 00007ffd1e245248 [ 408.933529][T10510] [ 409.231063][ T5852] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 409.422576][ T5852] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 409.422607][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.422628][ T5852] usb 3-1: Product: syz [ 409.422643][ T5852] usb 3-1: Manufacturer: syz [ 409.422658][ T5852] usb 3-1: SerialNumber: syz [ 409.484614][ T5852] usb 3-1: config 0 descriptor?? [ 409.518125][ T5852] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 019 [ 409.960459][T10523] FAULT_INJECTION: forcing a failure. [ 409.960459][T10523] name failslab, interval 1, probability 0, space 0, times 0 [ 409.960500][T10523] CPU: 1 UID: 0 PID: 10523 Comm: syz.3.1834 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 409.960532][T10523] Tainted: [L]=SOFTLOCKUP [ 409.960540][T10523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 409.960555][T10523] Call Trace: [ 409.960563][T10523] [ 409.960573][T10523] dump_stack_lvl+0xe8/0x150 [ 409.960605][T10523] should_fail_ex+0x46b/0x600 [ 409.960655][T10523] should_failslab+0xa8/0x100 [ 409.960686][T10523] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 409.960712][T10523] ? __alloc_skb+0x1d0/0x7d0 [ 409.960737][T10523] ? lockdep_hardirqs_on+0x7a/0x110 [ 409.960772][T10523] __alloc_skb+0x1d0/0x7d0 [ 409.960804][T10523] netlink_sendmsg+0x5d4/0xb40 [ 409.960855][T10523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 409.960894][T10523] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 409.960920][T10523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 409.960948][T10523] sock_write_iter+0x4a1/0x4f0 [ 409.960987][T10523] ? __pfx_sock_write_iter+0x10/0x10 [ 409.961048][T10523] vfs_write+0x629/0xba0 [ 409.961084][T10523] ? __pfx_vfs_write+0x10/0x10 [ 409.961121][T10523] ? __fget_files+0x2a/0x420 [ 409.961152][T10523] ksys_write+0x156/0x270 [ 409.961182][T10523] ? __pfx_ksys_write+0x10/0x10 [ 409.961219][T10523] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.961244][T10523] do_syscall_64+0x15f/0xf80 [ 409.961272][T10523] ? trace_irq_disable+0x3b/0x140 [ 409.961299][T10523] ? clear_bhb_loop+0x40/0x90 [ 409.961327][T10523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.961351][T10523] RIP: 0033:0x7f4ce14ece59 [ 409.961372][T10523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 409.961393][T10523] RSP: 002b:00007f4cdf746028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 409.961417][T10523] RAX: ffffffffffffffda RBX: 00007f4ce1765fa0 RCX: 00007f4ce14ece59 [ 409.961434][T10523] RDX: 00000000000000fc RSI: 00002000000002c0 RDI: 0000000000000003 [ 409.961449][T10523] RBP: 00007f4cdf746090 R08: 0000000000000000 R09: 0000000000000000 [ 409.961463][T10523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.961477][T10523] R13: 00007f4ce1766038 R14: 00007f4ce1765fa0 R15: 00007ffe35f94738 [ 409.961513][T10523] [ 409.990631][ T5852] (null): failure reading functionality [ 410.434234][T10496] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1821'. [ 410.434266][T10496] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1821'. [ 410.460264][ T5705] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 410.533226][ T5852] i2c i2c-1: connected i2c-tiny-usb device [ 410.627118][ T5852] usb 3-1: USB disconnect, device number 19 [ 410.679878][ T5705] usb 2-1: config 8 has an invalid interface number: 223 but max is 0 [ 410.679911][ T5705] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 410.679933][ T5705] usb 2-1: config 8 has no interface number 0 [ 410.679993][ T5705] usb 2-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 410.738257][ T5705] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 410.738291][ T5705] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.738314][ T5705] usb 2-1: Product: syz [ 410.738329][ T5705] usb 2-1: Manufacturer: syz [ 410.738345][ T5705] usb 2-1: SerialNumber: syz [ 410.798186][T10535] FAULT_INJECTION: forcing a failure. [ 410.798186][T10535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.798226][T10535] CPU: 1 UID: 0 PID: 10535 Comm: syz.0.1839 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 410.798257][T10535] Tainted: [L]=SOFTLOCKUP [ 410.798265][T10535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 410.798279][T10535] Call Trace: [ 410.798288][T10535] [ 410.798297][T10535] dump_stack_lvl+0xe8/0x150 [ 410.798330][T10535] should_fail_ex+0x46b/0x600 [ 410.798373][T10535] strncpy_from_user+0x36/0x2b0 [ 410.798413][T10535] __se_sys_add_key+0xdb/0x420 [ 410.798447][T10535] ? __pfx___se_sys_add_key+0x10/0x10 [ 410.798486][T10535] ? __x64_sys_add_key+0x20/0xc0 [ 410.798514][T10535] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.798539][T10535] do_syscall_64+0x15f/0xf80 [ 410.798575][T10535] ? trace_irq_disable+0x3b/0x140 [ 410.798603][T10535] ? clear_bhb_loop+0x40/0x90 [ 410.798632][T10535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.798660][T10535] RIP: 0033:0x7f6de4f7ce59 [ 410.798680][T10535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 410.798700][T10535] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 410.798725][T10535] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 410.798742][T10535] RDX: 0000200000000080 RSI: 0000200000000400 RDI: 00002000000003c0 [ 410.798758][T10535] RBP: 00007f6de31ce090 R08: 000000003bfefb64 R09: 0000000000000000 [ 410.798773][T10535] R10: 00000000000fffff R11: 0000000000000246 R12: 0000000000000001 [ 410.798787][T10535] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 410.798822][T10535] [ 411.317231][ T5705] usb 2-1: USB disconnect, device number 6 [ 411.719312][T10549] usb usb8: usbfs: process 10549 (syz.2.1844) did not claim interface 0 before use [ 412.549964][T10567] tipc: Enabling of bearer <b:b> rejected, media not registered [ 414.520510][T10584] FAULT_INJECTION: forcing a failure. [ 414.520510][T10584] name failslab, interval 1, probability 0, space 0, times 0 [ 414.520602][T10584] CPU: 0 UID: 0 PID: 10584 Comm: syz.1.1860 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 414.520641][T10584] Tainted: [L]=SOFTLOCKUP [ 414.520648][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 414.520658][T10584] Call Trace: [ 414.520664][T10584] [ 414.520671][T10584] dump_stack_lvl+0xe8/0x150 [ 414.520694][T10584] should_fail_ex+0x46b/0x600 [ 414.520726][T10584] should_failslab+0xa8/0x100 [ 414.520747][T10584] kmem_cache_alloc_noprof+0x87/0x680 [ 414.520765][T10584] ? prepare_creds+0x30/0x820 [ 414.520793][T10584] prepare_creds+0x30/0x820 [ 414.520820][T10584] __sys_setresuid+0x628/0xc40 [ 414.520840][T10584] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.520858][T10584] do_syscall_64+0x15f/0xf80 [ 414.520881][T10584] ? clear_bhb_loop+0x40/0x90 [ 414.520901][T10584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.520917][T10584] RIP: 0033:0x7f215856ce59 [ 414.520932][T10584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.520945][T10584] RSP: 002b:00007f21567a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 414.520962][T10584] RAX: ffffffffffffffda RBX: 00007f21587e6090 RCX: 00007f215856ce59 [ 414.520974][T10584] RDX: 000000000000ee01 RSI: 000000000000ee01 RDI: 000000000000ee00 [ 414.520984][T10584] RBP: 00007f21567a5090 R08: 0000000000000000 R09: 0000000000000000 [ 414.520994][T10584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.521003][T10584] R13: 00007f21587e6128 R14: 00007f21587e6090 R15: 00007ffcea164178 [ 414.521028][T10584] [ 416.083715][T10592] FAULT_INJECTION: forcing a failure. [ 416.083715][T10592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.083755][T10592] CPU: 1 UID: 0 PID: 10592 Comm: syz.0.1863 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 416.083786][T10592] Tainted: [L]=SOFTLOCKUP [ 416.083794][T10592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 416.083808][T10592] Call Trace: [ 416.083817][T10592] [ 416.083827][T10592] dump_stack_lvl+0xe8/0x150 [ 416.083860][T10592] should_fail_ex+0x46b/0x600 [ 416.083908][T10592] _copy_to_user+0x31/0xb0 [ 416.083939][T10592] simple_read_from_buffer+0xe1/0x170 [ 416.083981][T10592] proc_fail_nth_read+0x1be/0x230 [ 416.084022][T10592] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 416.084062][T10592] ? rw_verify_area+0x2ac/0x4e0 [ 416.084088][T10592] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 416.084125][T10592] vfs_read+0x212/0xa80 [ 416.084159][T10592] ? __pfx_vfs_read+0x10/0x10 [ 416.084188][T10592] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 416.084219][T10592] ? lockdep_hardirqs_on+0x7a/0x110 [ 416.084248][T10592] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 416.084279][T10592] ? mutex_lock_nested+0x152/0x1d0 [ 416.084301][T10592] ? fdget_pos+0x252/0x320 [ 416.084333][T10592] ksys_read+0x156/0x270 [ 416.084360][T10592] ? __pfx_ksys_read+0x10/0x10 [ 416.084381][T10592] ? fput+0xa0/0xd0 [ 416.084422][T10592] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.084446][T10592] do_syscall_64+0x15f/0xf80 [ 416.084475][T10592] ? trace_irq_disable+0x3b/0x140 [ 416.084501][T10592] ? clear_bhb_loop+0x40/0x90 [ 416.084538][T10592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.084561][T10592] RIP: 0033:0x7f6de4f3d68e [ 416.084581][T10592] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 416.084601][T10592] RSP: 002b:00007f6de31cdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 416.084626][T10592] RAX: ffffffffffffffda RBX: 00007f6de31ce6c0 RCX: 00007f6de4f3d68e [ 416.084643][T10592] RDX: 000000000000000f RSI: 00007f6de31ce0a0 RDI: 0000000000000006 [ 416.084658][T10592] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 416.084673][T10592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.084686][T10592] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 416.084737][T10592] [ 418.504312][T10647] FAULT_INJECTION: forcing a failure. [ 418.504312][T10647] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.504353][T10647] CPU: 0 UID: 0 PID: 10647 Comm: syz.0.1887 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 418.504384][T10647] Tainted: [L]=SOFTLOCKUP [ 418.504393][T10647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 418.504407][T10647] Call Trace: [ 418.504416][T10647] [ 418.504426][T10647] dump_stack_lvl+0xe8/0x150 [ 418.504459][T10647] should_fail_ex+0x46b/0x600 [ 418.504505][T10647] _copy_from_user+0x2d/0xb0 [ 418.504534][T10647] __sys_bpf+0x229/0x950 [ 418.504564][T10647] ? __pfx___sys_bpf+0x10/0x10 [ 418.504589][T10647] ? rt_mutex_slowunlock+0x1cb/0x300 [ 418.504632][T10647] ? ksys_write+0x248/0x270 [ 418.504662][T10647] ? __pfx_ksys_write+0x10/0x10 [ 418.504695][T10647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.504721][T10647] __x64_sys_bpf+0x7c/0x90 [ 418.504748][T10647] do_syscall_64+0x15f/0xf80 [ 418.504777][T10647] ? trace_irq_disable+0x3b/0x140 [ 418.504804][T10647] ? clear_bhb_loop+0x40/0x90 [ 418.504833][T10647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.504856][T10647] RIP: 0033:0x7f6de4f7ce59 [ 418.504876][T10647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 418.504895][T10647] RSP: 002b:00007f6de31ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 418.504918][T10647] RAX: ffffffffffffffda RBX: 00007f6de51f5fa0 RCX: 00007f6de4f7ce59 [ 418.504935][T10647] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 000000000000001c [ 418.504949][T10647] RBP: 00007f6de31ce090 R08: 0000000000000000 R09: 0000000000000000 [ 418.504962][T10647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.504975][T10647] R13: 00007f6de51f6038 R14: 00007f6de51f5fa0 R15: 00007ffd1e245248 [ 418.505007][T10647] [ 419.182670][T10648] overlay: Bad value for 'workdir' [ 423.345496][T10687] FAULT_INJECTION: forcing a failure. [ 423.345496][T10687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.345536][T10687] CPU: 0 UID: 0 PID: 10687 Comm: syz.2.1902 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 423.345568][T10687] Tainted: [L]=SOFTLOCKUP [ 423.345576][T10687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 423.345591][T10687] Call Trace: [ 423.345599][T10687] [ 423.345608][T10687] dump_stack_lvl+0xe8/0x150 [ 423.345642][T10687] should_fail_ex+0x46b/0x600 [ 423.345685][T10687] _copy_from_user+0x2d/0xb0 [ 423.345713][T10687] ___sys_sendmsg+0x1c6/0x360 [ 423.345753][T10687] ? __lock_acquire+0x6b5/0x2cf0 [ 423.345787][T10687] ? __pfx____sys_sendmsg+0x10/0x10 [ 423.345823][T10687] ? kstrtouint+0x6e/0xe0 [ 423.345884][T10687] ? __fget_files+0x2a/0x420 [ 423.345905][T10687] ? __fget_files+0x3a6/0x420 [ 423.345936][T10687] __sys_sendmmsg+0x282/0x4e0 [ 423.345974][T10687] ? __pfx___sys_sendmmsg+0x10/0x10 [ 423.346017][T10687] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 423.346054][T10687] ? ksys_write+0x248/0x270 [ 423.346083][T10687] ? __pfx_ksys_write+0x10/0x10 [ 423.346116][T10687] __x64_sys_sendmmsg+0xa0/0xc0 [ 423.346148][T10687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.346173][T10687] do_syscall_64+0x15f/0xf80 [ 423.346200][T10687] ? trace_irq_disable+0x3b/0x140 [ 423.346227][T10687] ? clear_bhb_loop+0x40/0x90 [ 423.346255][T10687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.346277][T10687] RIP: 0033:0x7f5b1ae8ce59 [ 423.346297][T10687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 423.346317][T10687] RSP: 002b:00007f5b190e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 423.346340][T10687] RAX: ffffffffffffffda RBX: 00007f5b1b105fa0 RCX: 00007f5b1ae8ce59 [ 423.346356][T10687] RDX: 0000000000000003 RSI: 00002000000008c0 RDI: 0000000000000003 [ 423.346371][T10687] RBP: 00007f5b190e6090 R08: 0000000000000000 R09: 0000000000000000 [ 423.346384][T10687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.346397][T10687] R13: 00007f5b1b106038 R14: 00007f5b1b105fa0 R15: 00007ffc69dffa98 [ 423.346431][T10687] [ 425.363241][T10707] FAULT_INJECTION: forcing a failure. [ 425.363241][T10707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.363298][T10707] CPU: 0 UID: 0 PID: 10707 Comm: syz.4.1898 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 425.363331][T10707] Tainted: [L]=SOFTLOCKUP [ 425.363340][T10707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 425.363353][T10707] Call Trace: [ 425.363362][T10707] [ 425.363376][T10707] dump_stack_lvl+0xe8/0x150 [ 425.363400][T10707] should_fail_ex+0x46b/0x600 [ 425.363431][T10707] _copy_to_user+0x31/0xb0 [ 425.363453][T10707] simple_read_from_buffer+0xe1/0x170 [ 425.363483][T10707] proc_fail_nth_read+0x1be/0x230 [ 425.363512][T10707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.363541][T10707] ? rw_verify_area+0x2ac/0x4e0 [ 425.363559][T10707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.363586][T10707] vfs_read+0x212/0xa80 [ 425.363610][T10707] ? __pfx_vfs_read+0x10/0x10 [ 425.363631][T10707] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 425.363653][T10707] ? lockdep_hardirqs_on+0x7a/0x110 [ 425.363675][T10707] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 425.363697][T10707] ? mutex_lock_nested+0x152/0x1d0 [ 425.363712][T10707] ? fdget_pos+0x252/0x320 [ 425.363733][T10707] ksys_read+0x156/0x270 [ 425.363754][T10707] ? __pfx_ksys_read+0x10/0x10 [ 425.363778][T10707] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.363795][T10707] do_syscall_64+0x15f/0xf80 [ 425.363818][T10707] ? clear_bhb_loop+0x40/0x90 [ 425.363838][T10707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.363854][T10707] RIP: 0033:0x7fe9972fd68e [ 425.363875][T10707] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 425.363889][T10707] RSP: 002b:00007fe99554bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 425.363906][T10707] RAX: ffffffffffffffda RBX: 00007fe99554c6c0 RCX: 00007fe9972fd68e [ 425.363918][T10707] RDX: 000000000000000f RSI: 00007fe99554c0a0 RDI: 0000000000000005 [ 425.363927][T10707] RBP: 00007fe99554c090 R08: 0000000000000000 R09: 0000000000000000 [ 425.363937][T10707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.363947][T10707] R13: 00007fe9975b6218 R14: 00007fe9975b6180 R15: 00007fff44619818 [ 425.363972][T10707] [ 426.014528][ T5737] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 427.928144][ T5737] usb 3-1: Using ep0 maxpacket: 32 [ 428.083239][ T5737] usb 3-1: device descriptor read/all, error -71 [ 428.495775][T10679] ================================================================== [ 428.495797][T10679] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60 [ 428.495826][T10679] Read of size 1 at addr ffff88805fbfc5f8 by task syz.4.1898/10679 [ 428.495840][T10679] [ 428.495857][T10679] CPU: 0 UID: 0 PID: 10679 Comm: syz.4.1898 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 428.495881][T10679] Tainted: [L]=SOFTLOCKUP [ 428.495886][T10679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 428.495899][T10679] Call Trace: [ 428.495906][T10679] [ 428.495912][T10679] dump_stack_lvl+0xe8/0x150 [ 428.495931][T10679] print_address_description+0x55/0x1e0 [ 428.495951][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.495970][T10679] print_report+0x58/0x70 [ 428.495986][T10679] kasan_report+0x117/0x150 [ 428.496006][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.496029][T10679] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 428.496045][T10679] __kasan_check_byte+0x2a/0x40 [ 428.496062][T10679] lock_acquire+0x84/0x350 [ 428.496084][T10679] ? preempt_schedule_common+0x82/0xd0 [ 428.496105][T10679] ? rcu_is_watching+0x15/0xb0 [ 428.496131][T10679] _raw_spin_lock_irqsave+0x40/0x60 [ 428.496151][T10679] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 428.496167][T10679] rt_mutex_slowunlock+0xbf/0x8b0 [ 428.496186][T10679] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 428.496204][T10679] ? __rcu_read_unlock+0x83/0xe0 [ 428.496223][T10679] ? rt_spin_unlock+0x160/0x200 [ 428.496240][T10679] proc_invalidate_siblings_dcache+0x3db/0x6c0 [ 428.496258][T10679] ? proc_invalidate_siblings_dcache+0x2b/0x6c0 [ 428.496277][T10679] release_task+0x1207/0x16f0 [ 428.496303][T10679] ? do_exit+0x1674/0x22c0 [ 428.496325][T10679] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 428.496341][T10679] ? __pfx_release_task+0x10/0x10 [ 428.496364][T10679] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 428.496381][T10679] ? lockdep_hardirqs_on+0x7a/0x110 [ 428.496402][T10679] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 428.496423][T10679] ? rt_write_unlock+0x190/0x230 [ 428.496441][T10679] do_exit+0x1674/0x22c0 [ 428.496469][T10679] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 428.496492][T10679] ? __pfx_do_exit+0x10/0x10 [ 428.496511][T10679] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 428.496528][T10679] ? reacquire_held_locks+0x104/0x190 [ 428.496552][T10679] ? rt_spin_lock+0x1e0/0x400 [ 428.496572][T10679] do_group_exit+0x21b/0x2d0 [ 428.496594][T10679] ? rt_spin_unlock+0x160/0x200 [ 428.496611][T10679] get_signal+0x1284/0x1330 [ 428.496635][T10679] arch_do_signal_or_restart+0xbc/0x840 [ 428.496663][T10679] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 428.496688][T10679] ? do_sys_openat2+0x14c/0x200 [ 428.496721][T10679] exit_to_user_mode_loop+0x8c/0x4d0 [ 428.496741][T10679] ? rcu_is_watching+0x15/0xb0 [ 428.496765][T10679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.496782][T10679] do_syscall_64+0x33e/0xf80 [ 428.496806][T10679] ? clear_bhb_loop+0x40/0x90 [ 428.496824][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.496844][T10679] RIP: 0033:0x7fe9972fd68e [ 428.496857][T10679] Code: Unable to access opcode bytes at 0x7fe9972fd664. [ 428.496866][T10679] RSP: 002b:00007fe99556cec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.496883][T10679] RAX: 0000000000000004 RBX: 00007fe99556d6c0 RCX: 00007fe9972fd68e [ 428.496894][T10679] RDX: 0000000000000002 RSI: 00007fe99556cf90 RDI: ffffffffffffff9c [ 428.496906][T10679] RBP: 00007fe9973d2d6f R08: 0000000000000000 R09: 0000000000000000 [ 428.496916][T10679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.496925][T10679] R13: 00007fe9975b6128 R14: 00007fe9975b6090 R15: 00007fff44619818 [ 428.496944][T10679] [ 428.496950][T10679] [ 428.496956][T10679] Allocated by task 10679: [ 428.496964][T10679] kasan_save_track+0x3e/0x80 [ 428.496977][T10679] __kasan_slab_alloc+0x6c/0x80 [ 428.496992][T10679] kmem_cache_alloc_lru_noprof+0x33c/0x680 [ 428.497008][T10679] __d_alloc+0x37/0x6f0 [ 428.497021][T10679] d_alloc_parallel+0xe6/0x1610 [ 428.497037][T10679] __lookup_slow+0x152/0x440 [ 428.497049][T10679] lookup_slow+0x53/0x70 [ 428.497062][T10679] link_path_walk+0x1273/0x18d0 [ 428.497085][T10679] path_openat+0x2d5/0x38a0 [ 428.497100][T10679] do_file_open+0x23e/0x4a0 [ 428.497115][T10679] do_sys_openat2+0x113/0x200 [ 428.497136][T10679] __x64_sys_openat+0x138/0x170 [ 428.497186][T10679] do_syscall_64+0x15f/0xf80 [ 428.497217][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.497231][T10679] [ 428.497234][T10679] Freed by task 28: [ 428.497240][T10679] kasan_save_track+0x3e/0x80 [ 428.497266][T10679] kasan_save_free_info+0x46/0x50 [ 428.497296][T10679] __kasan_slab_free+0x5c/0x80 [ 428.497316][T10679] kmem_cache_free+0x187/0x6c0 [ 428.497333][T10679] rcu_cpu_kthread+0x99e/0x1470 [ 428.497353][T10679] smpboot_thread_fn+0x541/0xa50 [ 428.497370][T10679] kthread+0x388/0x470 [ 428.497389][T10679] ret_from_fork+0x514/0xb70 [ 428.497405][T10679] ret_from_fork_asm+0x1a/0x30 [ 428.497423][T10679] [ 428.497426][T10679] Last potentially related work creation: [ 428.497432][T10679] kasan_save_stack+0x3e/0x60 [ 428.497445][T10679] kasan_record_aux_stack+0xbd/0xd0 [ 428.497471][T10679] call_rcu+0xee/0x890 [ 428.497493][T10679] __dentry_kill+0x4a9/0x690 [ 428.497510][T10679] shrink_kill+0xa9/0x2c0 [ 428.497523][T10679] shrink_dentry_list+0x2e3/0x5e0 [ 428.497536][T10679] shrink_dcache_tree+0xe9/0x5d0 [ 428.497550][T10679] d_invalidate+0xde/0x210 [ 428.497563][T10679] proc_invalidate_siblings_dcache+0x3d3/0x6c0 [ 428.497579][T10679] release_task+0x1207/0x16f0 [ 428.497598][T10679] wait_consider_task+0x1966/0x2e30 [ 428.497621][T10679] __do_wait+0x155/0x740 [ 428.497641][T10679] do_wait+0x1e7/0x510 [ 428.497661][T10679] kernel_wait4+0x232/0x2b0 [ 428.497681][T10679] __x64_sys_wait4+0x166/0x240 [ 428.497703][T10679] do_syscall_64+0x15f/0xf80 [ 428.497721][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.497736][T10679] [ 428.497739][T10679] The buggy address belongs to the object at ffff88805fbfc528 [ 428.497739][T10679] which belongs to the cache dentry of size 376 [ 428.497752][T10679] The buggy address is located 208 bytes inside of [ 428.497752][T10679] freed 376-byte region [ffff88805fbfc528, ffff88805fbfc6a0) [ 428.497768][T10679] [ 428.497772][T10679] The buggy address belongs to the physical page: [ 428.497787][T10679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805fbfd658 pfn:0x5fbfc [ 428.497804][T10679] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 428.497816][T10679] memcg:ffff88805fbfdef1 [ 428.497823][T10679] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 428.497841][T10679] page_type: f5(slab) [ 428.497855][T10679] raw: 0080000000000240 ffff88801b6af3c0 ffffea0000f5c590 ffffea0000f5e090 [ 428.497870][T10679] raw: ffff88805fbfd658 0000000800120011 00000000f5000000 ffff88805fbfdef1 [ 428.497885][T10679] head: 0080000000000240 ffff88801b6af3c0 ffffea0000f5c590 ffffea0000f5e090 [ 428.497899][T10679] head: ffff88805fbfd658 0000000800120011 00000000f5000000 ffff88805fbfdef1 [ 428.497914][T10679] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff [ 428.497927][T10679] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 [ 428.497936][T10679] page dumped because: kasan: bad access detected [ 428.497946][T10679] page_owner tracks the page as allocated [ 428.497952][T10679] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4962, tgid 4962 (udevd), ts 114157364340, free_ts 0 [ 428.497980][T10679] post_alloc_hook+0x231/0x280 [ 428.497996][T10679] get_page_from_freelist+0x27c8/0x2840 [ 428.498015][T10679] __alloc_frozen_pages_noprof+0x18d/0x380 [ 428.498034][T10679] allocate_slab+0x77/0x660 [ 428.498054][T10679] refill_objects+0x33c/0x3d0 [ 428.498074][T10679] __pcs_replace_empty_main+0x373/0x720 [ 428.498096][T10679] kmem_cache_alloc_lru_noprof+0x433/0x680 [ 428.498111][T10679] __d_alloc+0x37/0x6f0 [ 428.498124][T10679] d_alloc+0x4b/0x190 [ 428.498137][T10679] lookup_one_qstr_excl+0xd8/0x360 [ 428.498151][T10679] filename_unlinkat+0x2c0/0x610 [ 428.498169][T10679] __se_sys_unlink+0x2e/0x140 [ 428.498188][T10679] do_syscall_64+0x15f/0xf80 [ 428.498207][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.498221][T10679] page_owner free stack trace missing [ 428.498226][T10679] [ 428.498230][T10679] Memory state around the buggy address: [ 428.498237][T10679] ffff88805fbfc480: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 428.498248][T10679] ffff88805fbfc500: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [ 428.498259][T10679] >ffff88805fbfc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 428.498267][T10679] ^ [ 428.498276][T10679] ffff88805fbfc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 428.498287][T10679] ffff88805fbfc680: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb [ 428.498295][T10679] ================================================================== [ 428.498309][T10679] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 428.498322][T10679] CPU: 0 UID: 0 PID: 10679 Comm: syz.4.1898 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 428.498344][T10679] Tainted: [L]=SOFTLOCKUP [ 428.498350][T10679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 428.498359][T10679] Call Trace: [ 428.498365][T10679] [ 428.498371][T10679] vpanic+0x56c/0xa60 [ 428.498392][T10679] ? __pfx_vpanic+0x10/0x10 [ 428.498415][T10679] panic+0xc5/0xd0 [ 428.498433][T10679] ? __pfx_panic+0x10/0x10 [ 428.498453][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498479][T10679] ? rcu_is_watching+0x15/0xb0 [ 428.498503][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498524][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498544][T10679] check_panic_on_warn+0x89/0xb0 [ 428.498567][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498587][T10679] end_report+0x73/0x170 [ 428.498604][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498623][T10679] kasan_report+0x128/0x150 [ 428.498642][T10679] ? _raw_spin_lock_irqsave+0x40/0x60 [ 428.498665][T10679] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 428.498681][T10679] __kasan_check_byte+0x2a/0x40 [ 428.498698][T10679] lock_acquire+0x84/0x350 [ 428.498719][T10679] ? preempt_schedule_common+0x82/0xd0 [ 428.498739][T10679] ? rcu_is_watching+0x15/0xb0 [ 428.498764][T10679] _raw_spin_lock_irqsave+0x40/0x60 [ 428.498784][T10679] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 428.498800][T10679] rt_mutex_slowunlock+0xbf/0x8b0 [ 428.498819][T10679] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 428.498837][T10679] ? __rcu_read_unlock+0x83/0xe0 [ 428.498856][T10679] ? rt_spin_unlock+0x160/0x200 [ 428.498872][T10679] proc_invalidate_siblings_dcache+0x3db/0x6c0 [ 428.498890][T10679] ? proc_invalidate_siblings_dcache+0x2b/0x6c0 [ 428.498909][T10679] release_task+0x1207/0x16f0 [ 428.498934][T10679] ? do_exit+0x1674/0x22c0 [ 428.498956][T10679] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 428.498973][T10679] ? __pfx_release_task+0x10/0x10 [ 428.498995][T10679] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 428.499013][T10679] ? lockdep_hardirqs_on+0x7a/0x110 [ 428.499033][T10679] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 428.499054][T10679] ? rt_write_unlock+0x190/0x230 [ 428.499072][T10679] do_exit+0x1674/0x22c0 [ 428.499094][T10679] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 428.499117][T10679] ? __pfx_do_exit+0x10/0x10 [ 428.499137][T10679] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 428.499153][T10679] ? reacquire_held_locks+0x104/0x190 [ 428.499177][T10679] ? rt_spin_lock+0x1e0/0x400 [ 428.499197][T10679] do_group_exit+0x21b/0x2d0 [ 428.499219][T10679] ? rt_spin_unlock+0x160/0x200 [ 428.499235][T10679] get_signal+0x1284/0x1330 [ 428.499259][T10679] arch_do_signal_or_restart+0xbc/0x840 [ 428.499286][T10679] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 428.499311][T10679] ? do_sys_openat2+0x14c/0x200 [ 428.499343][T10679] exit_to_user_mode_loop+0x8c/0x4d0 [ 428.499362][T10679] ? rcu_is_watching+0x15/0xb0 [ 428.499386][T10679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.499403][T10679] do_syscall_64+0x33e/0xf80 [ 428.499423][T10679] ? clear_bhb_loop+0x40/0x90 [ 428.499442][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.499457][T10679] RIP: 0033:0x7fe9972fd68e [ 428.499475][T10679] Code: Unable to access opcode bytes at 0x7fe9972fd664. [ 428.499483][T10679] RSP: 002b:00007fe99556cec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.499499][T10679] RAX: 0000000000000004 RBX: 00007fe99556d6c0 RCX: 00007fe9972fd68e [ 428.499510][T10679] RDX: 0000000000000002 RSI: 00007fe99556cf90 RDI: ffffffffffffff9c [ 428.499521][T10679] RBP: 00007fe9973d2d6f R08: 0000000000000000 R09: 0000000000000000 [ 428.499531][T10679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.499541][T10679] R13: 00007fe9975b6128 R14: 00007fe9975b6090 R15: 00007fff44619818 [ 428.499560][T10679] [ 428.500305][T10679] Kernel Offset: disabled