last executing test programs: 6.879305348s ago: executing program 2 (id=476): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000130a81010000000600000000c27ffffe"], 0x14}, 0x1, 0x0, 0x0, 0xc085}, 0x40000c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) syz_io_uring_setup(0x133d, &(0x7f0000000540)={0x0, 0x5df3, 0x4, 0x3, 0x34d}, &(0x7f0000000600), &(0x7f0000000640), &(0x7f00000008c0)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) unshare(0x28040680) socket(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x9, 0x3c5b, 0x80000001, 0x24, 0xd, 0x6, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x88, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x2000312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0x3a, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x7ff, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x3031d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 6.73942389s ago: executing program 2 (id=479): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000680)={0x28, 0x7, 0x0, 0x0, &(0x7f0000000280)="04", 0x1, 0x1fffffffffffffd}) fchmod(0xffffffffffffffff, 0x20049549e2a2d659) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)=ANY=[@ANYBLOB="06004902000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 5.727550716s ago: executing program 1 (id=482): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000180012800b00010065727370606e000008000280f2040012"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32, @ANYBLOB="000000fb6fd3a019621ef3"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 5.678516988s ago: executing program 0 (id=483): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x1, 0x1, 0x2, 0x1a, 0xffff, 0x5}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xa) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = fsopen(&(0x7f0000000200)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b70300000000000085"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r3, r1, 0x25, 0x0, @val=@tcx={@void, @value=r3}}, 0x1c) syz_emit_ethernet(0x117, &(0x7f0000000480)=ANY=[], 0x0) 3.963780979s ago: executing program 3 (id=493): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x9) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r2, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_cache\x00') 3.879432358s ago: executing program 3 (id=494): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0x6, '\x00\x00\x00\x00\x00\x00'}, &(0x7f00000005c0)=0xfcca) io_setup(0x0, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000001640)=[&(0x7f0000001600)={0x0, 0x0, 0x0, 0x7, 0x4, r0, &(0x7f0000000600)="a888145fddf882e08f6198ac4ee39c39ed8fc94ca4b4fe16e3db64e20a6e87a60e0149ec83bc8f1da602c5a9022f96f52e2cb80434b37e233ecd0b58d26a669bdcddaf0880b19efc68d9016140649f33821cc799b32e503e11db5341844f50061412388da9882f901c64f116071f323db224dc1d32252070826f79ea59cca04acf9e81ba68e00a2d1ad4c7ca3b6d017aae7fd3679a23797557ab82cabb8d4d0a06ec80a19476c2941c1324fe61b285c7a06237354dae38e672853b994b104e70c171de51042351155c200bb4f4324a9174f2895e66a4a69219eb6381439f5f3788278c6b1ee7bb28940e00cf532438d8a9bd6f51be2b2c08f64118231e6804934c8983cdce6c71fd6c109bd5475595044d8436eecbb17b7aaf5660101a35df4c6e0aa127c5323213a691b9fb807a080781c3de28518cc085323cb8804fca22c70a5921fe18d348aa16a4f947c75599ac4f836f9fc222bfc2d00451b0d409177019403213b9f218ca9c94bc01132517c7c650ec979af92eca25f57d0cdd1a8462a99e34242132831879d2ff91372fca650e61382640346e4a5b9cfe2cc0f5efc9abd142798e9699bf02cbad086aecfa7d349055a77ee59ab65a9ec8961fabf7d1dc8c845b1c14316e2b6d8ee399b5ebdd96e08a18f9985fa0fd7ff237a4201e2a50c19ba303670e44442d4633db535908d6eba34cc3267183805b7fa65de89e387787a8a9d4cf6601f4285e1bab49f3e39d9cb335480fb60da95140f4ac54bd2731262431f8d82158689b782ab60abaf313ac37deef8f97b7c26ecf0e341360c50f9601fb20222be2f725124ef3f93a004a30e6d71da0a749de721a41a66fa2423564e24c9845034f2368b0a09471430500e38dd7c8b708fba50076c7709acb25c80f3c6f542a16d5cdeb9e7f3b730fb28e62a368d8a056c2e6842ad2fc9ecaa743be69b9d8de30d7245cfe3f915f2971e5726af5a7ded4aa9a560c3258baf30f8f6d1dff30ae76b61b4cb4cfb652e9aaf6b9a9b7813c84b3dea557e7af3a00ba7b179af2f903c57a74c4492da4a59accaa232835c77cdd65efc6f701c1295d60f4578d37c286bb8e96a45ae159e3af3e9baebdf6570db5d88630c1aa2bf9b9b4557cedb7599a25132eb5063427f6e53219ba848bd69f6b3a43cb1cbbc91642421ba01755c5abb82bc6c33d23336deb09827fe7bf264c2a21240f4931b7f78c868acdfeb4448e9e13597a4862963c73f0c76b53adfd13bfb2a68379cbd573beb20fa10b530afacaae8d5efcf74178a14de9a7388dfc14af4911856bed495e3a1a0bb061bb3c204a6d66e0cbf228954a1a2ab25e2cdb98a001db760cd349a8d043b1188623e8bfa8703f575820576f82b95f7c05b8f85f789bab985891ea3ab492492adecbea0455fe86dd378f177a9f0f1cb43eda27684d211773f00a22936e459eec9cb6cb603ce0319dcf62eebca692f14afe0b1c5c3d162c5e3b7a8c50b58bca1f0ad90a897be14615135a6017d74f94df95e64fb83a229320edaa54452135f3b45e87f2e5e4af678afff80e231e182ebfecdb7c362e388645699a0bd1a563912b28bb8f8d4d1f49832bf47babdb2a233d0347c4fa9b47659a6ef4b65463a516ec9d4c861e6b284e1ead30d68f67d25e4680fae2a1b18d1d5d6d300ba13eb1e3eaa258af27f7a76e24d45fe7845f854bf2887e5ce36a28df81217261cad87f7f0cfff671dee7c3698c16a0448cadd0263fef4fdaf1bb4e71b51ec8ba22944bc99beb59e20f3446864a189305f9ec43f5ec93b66b40c63b82b0b0332de121e2cd866d17b8583f717d15b2826a4c0454b808e24495a00bd6363ecf271de1cb36000e492eb992125862e12ef1cc75fbab4574d68b168f3d5a869efcc39560d252672fd28eea1533afe6dc4d914fef12cc581bea2504d04bd4765f8bc1226c83136fbcf6af6137c4c5dce126c37eba0f41124e2180c84465d44f0a2d57ee345f30a710f45ce1ea0ecafd6bce96eb9b867d609b7774ecf159aff36bda774618d28372769c45a69acc78505a81a09df7abc031caa9c9a5da481bb7b8558c56740ae95249a7cc0cfaf6c4a228e3b7afd5bb9febd2bafc0a31918e47e357eb14023ebd723192f94aa5a049ad6dad60415c707ef20228e76e925846ccf23861f14014f8f456a8cfd7b5ae2c1c4ea3d8c978fc4b952cb248af59591ae88ae8fb2a3a8fb66c3f2bca043d114b2d8e5e27979f9b2ab205c7418d322ebef1bb73182b800844d5233fc18f6c8dc338be2d143d3470ee07a60af9f738374a22d7e67024be35b0b8f5d2b68640b07d7146c1797ec9ff745d6dc7130b9f4df123185bb3133346da601c282c0a4426ace963658e6ec584f40f3df744151b0ca1eaea1523db0cd07932be226a59d0a1c139f364e99b653101425f52187cd5d353bdbaf58c71435a3ceb5a863856f2f9919fe2add037329f2d2656906cc7a8425c5e111c990b137ad18b891e401b7659e0adf5132e7b7cd49d04f22c759bfc32bda61a9db801800e5368955bd80e6539c76aa0511fe551c560eb7cd404b241dd8dad3dc104a3a1f87b5894222427971cc3a6fe2b2d88d80bb5f55c8e06bbbf8c82014c57194a2cea64c69d5fa950c278b508094e781218c4fd3069d9aa0256a71074e8f15bf65f173e7474bdc35136aab460d45950bd2912edb99a3967569116e6bb416dde5b49ffff83a69c80a61ef7b0d2520928280fde8b4e37a73fbb479ead4ae627faef4018ec24e1cce25a49caf37e387c6512eed829951ce3263aa5a41721c5b586551e78a0bd390eb450409ab034e47d734781846d8a0dda4e7dbcc6499ccc399c059762463e1ab27156d5723fc72da707359290da6d02fd0a3274254d4b876c5a474dff4613a038d2106774821728bb3bb0ad403f1e115e00b25681f17fc02ca893f03a18a99349e1fea90580b691f570da5e41e34e12912c55b82563a6feea402fc7957de68856d8ab5b0939efaeac9976baaadd67ef84ce3ca90845a8416b40b92611b853d938b060b083c35f17c1bad4f2abac6a27bd6c1caa50923f49d0848b4ce07f2de4653da567dc44751a68057ef674b2054ae729b3d5dde86b456a35a93053b4af8ef937ab490bd76b78fa652f5f2e20932edac31a9193ecca65a9a124479f911e67d36966ea22165ee33e334f5593d50e844d1a539e32bec8909791a68e5be589b33ae593a468afad025ba8618a8b7184365fc88d63775d2add508314060bc2988f6c57dbd3365f40b07108bf784e42a665b9b4a8e3bb313d0cb42c7e0be92c99a44ab5f3ace820d32d9163da331e606e3aff108940056391d22a01835430cd6c6d53aca2af98d358ba2d65bc0464997013fdf1d4dd19b0548d67ae19840e1273c2c79333767072e5fa6150917e87fc3528ddeaf13e3d3001201c655ccc6e03418c4ce404396df7906b76595c9702d6dbbcea21fd31eadd90cc33b231695b3a4f65f438ec2c8ae6f2babe7d4e6d2d841d8839fb8d52597fc05cd3f0c4469da29450f12cf9c446f4c124b666ca3735582c58cf2afb7dd1de57ccc29a7d4f54177caa05f3394a4f0411d2b8bfa0851aaa1d30f2f52c3151b396d4fd4ae87a77af535018ba115856f595a6426372ed2fa0df7cb6a7fc80eb5724f636c72637180c7bb4190af54293f015bb80fcae0378743a74f3c871b9f685ed0dc996fa3d795c7b21ac56e5fb80cd9039da5f93142f9dcf6a778521c8fce45bc51474b3bc4b783aa8e50e59496030d80fc8175b59c42d24d1c27aeab567f03212a3f541cb97308f7e09db94f6bef4c1f691f6c49db0bc15d2b9a29d299c14f67aaba520f214e95e3195957d066bd98c3c65a96ddb46c229d43330e1f47133275dfb77a45f26815d563899ab1016b8968117a8e26ff307ca52bd0ed64a57863d92a941b3aab6623d91967492d8c247f8c0d14090f1015a6264d4b8c81633ba4a7c0761f0f43ac93816679d3f3709bc2b903a2da9179a0ade2e13334ba545205a3f4766aa117f4e08b2e61d921e96493a6329861cba0d2690c8cf6ca927015b80ad4c268b09e901277459866cda69a48848b62b2186affe93daea3ab95c59aaaae1bcef659ed7c82d3cc1535957283d94cccdd3ec01fff1ddf35c8df1147a9d3d8c3c472345865dd16e87b526d3d53b1dc3767e285f2c066b8f8f921c9a5a50c6ecf7154bf46a1d29697f5c5135fdf5ce23e068aa858b85fc5c22697296b6bf67f3eb7e2e7ceeb985f16866a65166572d88ad8df62b5c5ba93b412ad7e94117d9b2e77475517235941637c1474442e7f1b3ec05d8b580921e27b293a67cb652132b7302a9eb2c51bf569cc0e453fd257508f955ce1e7958517211f5f098b7c919ff80fe7447ba2f5ad05a0df89299064510a5129de06aaba7d7dce19b63fced15fcfda6d671d189d196bc08b7f82b122e396dedaca5b406321a6a86b8bd8dff7885929ea69836024eab95fc921052ee51ed442edd953fb644e3e3bdd344af4c33cb93f40b050d7ba5f7fe52d085049058bd89ea4b9bb9c0d2c437f86f1d58c348e75a71bba2bba72818e6748e9c67ea89a14c8a297a923a87a1eea0254d1a58bae2989325f5fdc52de16a7bb3d2c68fcf300b46d8f2a9128b486b521b0e429969d07def588e5cebdab217d52196dd030e6aa9ab12250e88084eb8d4ebe45938629d590df7ed9edfc3b3bd2f9a1155428f79d4e0def0ae5626f2877eb45586248270809db5f59fd7ae8a0bbd0507514d4a31a7636e674f848218de31574f18d799ee5258bd5442a73c3d4c6eb95daaf5aee73c8e98d7cb33eda54e841feab3758e359a5de2e66eed1d9ab8a9bec17ab88fb3b23cb541a3143162dfe1a1d731ac2d9853ee405ce448692a0176dc698ee9b05d52b0af192c9e437564a779d2e1853ea5e414f4349de1342b4ba3d2d9c1e00bff127cf86aa04e8212529fd1e74712cc4690b2290042bf7748f547f84d8aae2488b6859524e6dbb98a6f5b902d70041c0b772e8b5e4f7b8112fe9225f1495f5de04ea54e8494c77b694533707be7a4ef0580f49f7d4338f187ab090ae8d9285c4206039283729a3be61d30c651d1bc367af7025ccca933478e592ed01badb4ad30fd77c911504913efb4e3a6461f2b0031a51cb4e19de39bb9d926769a360a8a86f42b0e3ee661cfefd1f2ea6fb0be2021e9e67ac4288a8a8a6533d81c10287e888b697c5c3fc05f2e8fa842758a94b710b126836f70fde58b6fd7733bde76bdd3abf1ceaa078b20450c9cdad957a4e6ae04282180a2fd34007e1b9fa4e50fbeab9291baa83bcffc9eb2036060d93a669e9db9152e6deffa170ee4b024d698ff10746d4869b787a35b06c88ca79abd79b87dc28aa39f8cd3b7dc40e194bec8c1a5f6c3ca451e2140b80b6db07eb49247b8520a480a2cbce061ded3d0d76670453c90a96f31b7cbdae028d0572440940bf4d52bf89048a07ca562d0038ce0a0ec41c1d0f506de357bb3e0743c12b516842b1f560525fd2bfb2ac4d67a83492d96aaddb842c26aa532538ec50acfd399a7e493ec18ad1daa158c1f6b0440b24037f502c8d6281a4e7d12081a895e419299fe26415e1c33ed4b6beb94b094c3d5c55f73208ed2f4f316c3bdc7268b1278650f2c6846115144c86cb4c6f984ce058b233c9cffedb490a283859d06531a73455909747828965869b44870c4db1869ed19da53fab8439e51daf8b0bce1d0043153ffb5ca2cb120b2a4d1e2321a914a1bcb692cdbb641e301375e5513c21afc6da6baeaf7672653", 0x1000, 0x9, 0x0, 0x2}]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000000)=0xa) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110037f1ce808000000a3f30a010203010902240001020010110904630702584200080905fe0f1000080009090502"], &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './file0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000001c00), 0x12) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) 3.674199711s ago: executing program 0 (id=495): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24}, 0x94) open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) (fail_nth: 1) 3.464017044s ago: executing program 0 (id=496): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000180)='syzkaller\x00') r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000001200010500"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000feffffff0000000000040002005c0001000058"], 0xac}}, 0x4000) r2 = socket$inet(0x10, 0x3, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\t\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf93", 0xa1}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xa, 0x99, '\x00', 0xe}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 3.431453569s ago: executing program 2 (id=497): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000180012800b00010065727370606e000008000280f2040012"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32, @ANYBLOB="000000fb6fd3a019621ef3"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 3.135536809s ago: executing program 4 (id=498): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x1, 0x1, 0x2, 0x1a, 0xffff, 0x5}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xa) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = fsopen(&(0x7f0000000200)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff}) fstat(r5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r6) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) r7 = shmget(0x2, 0x1000, 0x200, &(0x7f0000ffd000/0x1000)=nil) shmat(r7, &(0x7f0000ffd000/0x1000)=nil, 0x6000) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000900)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) openat$fuse(0xffffffffffffff9c, &(0x7f00000009c0), 0x42, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() 1.562140848s ago: executing program 2 (id=502): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="0000000000000000180012800b00010065727370606e000008000280f2040012"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32, @ANYBLOB="000000fb6fd3a019621ef3"], 0x50) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 1.403037144s ago: executing program 0 (id=503): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c"], 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000180012800b00010065727370606e000008000280f2040012000a"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="ff0700"/15, @ANYRES32, @ANYBLOB="000000fb6fd3a01962"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {0x0}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 1.020797429s ago: executing program 4 (id=504): r0 = socket(0x200000000000011, 0x2, 0xd) openat$kvm(0xffffffffffffff9c, 0x0, 0x80102, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b7030000000000008500000033"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r3, r1, 0x25, 0x0, @val=@tcx={@void, @value=r3}}, 0x1c) syz_emit_ethernet(0x117, &(0x7f0000000480)=ANY=[], 0x0) 917.65992ms ago: executing program 4 (id=505): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c"], 0x7c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000180012800b00010065727370606e000008000280f2040012000a"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e000000040000000800", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32, @ANYBLOB="000000fb6fd3a01962"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 693.952993ms ago: executing program 1 (id=506): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='memory.swap.current\x00', 0x0, 0x0) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, 0xd, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x4) ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000002c0)={&(0x7f0000000140)=[{0x8, 0x8200, 0x0, 0x0}], 0x1}) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="1e3e110b00010000000000a48272284100"], 0x14) r2 = syz_usb_connect$rtl8150(0x4, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$rtl8150(r2, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x20, 0x6, 0x2e, {0x2e, 0xb, "c5d3d49c5189accf99a3312a3a766d0ccadce40df29727e8a5948e5d5782d143b08cd254797b30ab157b0532"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x411}}}, &(0x7f0000000340)={0x2c, &(0x7f0000000500)=ANY=[@ANYBLOB="000e4500000011580e9ba907d027c83b94d49079b32d7a67eb01810165a3fd6799ba7ebbb78e82714d2b7fd5cadcf700139aa4d8f16b8312de3bdd2fd4569c8b8d805a44d73b7add5d7d0e99e8698ea0f5f4e7"], &(0x7f0000000200)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000280)={0xc0, 0x5, 0x4, "bbfc43d9"}, &(0x7f0000000300)={0x40, 0x5, 0x5, "d3e7ea42db"}}) 477.782256ms ago: executing program 3 (id=507): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) unshare(0xe060400) rt_sigqueueinfo(0x0, 0x21, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x36}, 0x0, [0x1688, 0x3, 0x0, 0x0, 0xdf3, 0x0, 0x0, 0xffbffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x4, 0x80000, 0xf, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x4, 0x7, 0x0, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x8000000000000000, 0x5, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x80000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffb, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0x0, 0xde4, 0x7, 0x0, 0x100000000]}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(r1) 352.637029ms ago: executing program 0 (id=508): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e000000040000000800000007000000000000", @ANYRES32, @ANYRES32, @ANYBLOB="000000fb6fd3a01962"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 301.798885ms ago: executing program 3 (id=509): bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0}) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32, @ANYBLOB="000000fb6fd3a019621ef3"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000048000000009aaa000018150000", @ANYRES32=r3], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b", 0x44}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 282.341777ms ago: executing program 2 (id=510): r0 = socket(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000040), &(0x7f0000000080)=@udp=r0}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000019000100fdffffff010000000a0020000000fd0a000b000008001e000002000008001700ffffffff"], 0x2c}, 0x1, 0x0, 0x0, 0x1880}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r3, 0x9) landlock_restrict_self(r3, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) r5 = landlock_create_ruleset(&(0x7f0000000200)={0x2081, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r5, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_cache\x00') 0s ago: executing program 2 (id=511): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x1, 0x1, 0x2, 0x1a, 0xffff, 0x5}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xa) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = fsopen(&(0x7f0000000200)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b [ 138.569825][ T6253] dump_stack_lvl+0xe8/0x150 [ 138.569877][ T6253] should_fail_ex+0x46b/0x600 [ 138.569913][ T6253] _copy_from_user+0x2d/0xb0 [ 138.569937][ T6253] ___sys_recvmsg+0x175/0x590 [ 138.569973][ T6253] ? __pfx____sys_recvmsg+0x10/0x10 [ 138.570027][ T6253] ? __fget_files+0x3a6/0x420 [ 138.570077][ T6253] __x64_sys_recvmsg+0x1c0/0x2a0 [ 138.570108][ T6253] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 138.570147][ T6253] ? __pfx_ksys_write+0x10/0x10 [ 138.570196][ T6253] do_syscall_64+0x14d/0xf80 [ 138.570220][ T6253] ? trace_irq_disable+0x3b/0x150 [ 138.570246][ T6253] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.570270][ T6253] ? clear_bhb_loop+0x40/0x90 [ 138.570298][ T6253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.570320][ T6253] RIP: 0033:0x7f976ba4c819 [ 138.570345][ T6253] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.570363][ T6253] RSP: 002b:00007f9769ca6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 138.570386][ T6253] RAX: ffffffffffffffda RBX: 00007f976bcc5fa0 RCX: 00007f976ba4c819 [ 138.570407][ T6253] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 138.570421][ T6253] RBP: 00007f9769ca6090 R08: 0000000000000000 R09: 0000000000000000 [ 138.570434][ T6253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.570447][ T6253] R13: 00007f976bcc6038 R14: 00007f976bcc5fa0 R15: 00007fffc400e638 [ 138.570481][ T6253] [ 138.646530][ T6254] loop6: detected capacity change from 0 to 7 [ 138.707770][ T6255] netlink: 'syz.4.104': attribute type 10 has an invalid length. [ 138.726209][ T6241] veth1: mtu less than device minimum [ 138.748808][ C0] blk_print_req_error: 10 callbacks suppressed [ 138.748831][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.748865][ C0] buffer_io_error: 10 callbacks suppressed [ 138.748877][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.758171][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 138.758231][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 138.758252][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 138.781651][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.781829][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.783548][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.783583][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.783934][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.784496][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.793490][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.793533][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.794091][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.794125][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.794449][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.794481][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.794564][ T6254] ldm_validate_partition_table(): Disk read failed. [ 138.794853][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.794959][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.795516][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.795739][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.798096][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 138.798205][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 138.798597][ T6254] Dev loop6: unable to read RDB block 0 [ 138.800544][ T6254] loop6: unable to read partition table [ 138.800782][ T6254] loop6: partition table beyond EOD, truncated [ 138.800823][ T6254] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 139.631809][ T9] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 139.890287][ T9] usb 4-1: USB disconnect, device number 5 [ 139.994117][ T6261] program syz.1.109 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.108088][ T6265] FAULT_INJECTION: forcing a failure. [ 140.108088][ T6265] name failslab, interval 1, probability 0, space 0, times 1 [ 140.108124][ T6265] CPU: 0 UID: 0 PID: 6265 Comm: syz.2.111 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 140.108148][ T6265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 140.108160][ T6265] Call Trace: [ 140.108168][ T6265] [ 140.108177][ T6265] dump_stack_lvl+0xe8/0x150 [ 140.108216][ T6265] should_fail_ex+0x46b/0x600 [ 140.108254][ T6265] should_failslab+0xa8/0x100 [ 140.108280][ T6265] __kvmalloc_node_noprof+0x170/0x8e0 [ 140.108307][ T6265] ? file_tty_write+0x2ed/0xa30 [ 140.108338][ T6265] ? _mutex_trylock_nest_lock+0x128/0x180 [ 140.108379][ T6265] file_tty_write+0x2ed/0xa30 [ 140.108420][ T6265] vfs_write+0x629/0xba0 [ 140.108464][ T6265] ? __pfx_vfs_write+0x10/0x10 [ 140.108511][ T6265] ? __fget_files+0x2a/0x420 [ 140.108551][ T6265] ksys_write+0x156/0x270 [ 140.108589][ T6265] ? __pfx_ksys_write+0x10/0x10 [ 140.108636][ T6265] do_syscall_64+0x14d/0xf80 [ 140.108660][ T6265] ? trace_irq_disable+0x3b/0x150 [ 140.108687][ T6265] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.108709][ T6265] ? clear_bhb_loop+0x40/0x90 [ 140.108737][ T6265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.108759][ T6265] RIP: 0033:0x7f6df4aec819 [ 140.108779][ T6265] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.108798][ T6265] RSP: 002b:00007f6df2d46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.108819][ T6265] RAX: ffffffffffffffda RBX: 00007f6df4d65fa0 RCX: 00007f6df4aec819 [ 140.108834][ T6265] RDX: 0000000000001006 RSI: 0000200000001300 RDI: 0000000000000004 [ 140.108846][ T6265] RBP: 00007f6df2d46090 R08: 0000000000000000 R09: 0000000000000000 [ 140.108858][ T6265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.108870][ T6265] R13: 00007f6df4d66038 R14: 00007f6df4d65fa0 R15: 00007fff13cbf758 [ 140.108905][ T6265] [ 140.256815][ T6266] netlink: 'syz.0.108': attribute type 1 has an invalid length. [ 140.287460][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 140.467452][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 140.469547][ T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 140.469576][ T9] usb 4-1: config 0 has no interface number 0 [ 140.476650][ T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 140.476692][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.476714][ T9] usb 4-1: Product: syz [ 140.476730][ T9] usb 4-1: Manufacturer: syz [ 140.476745][ T9] usb 4-1: SerialNumber: syz [ 140.544089][ T9] usb 4-1: config 0 descriptor?? [ 140.577045][ T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 140.774322][ T6257] netlink: 80 bytes leftover after parsing attributes in process `syz.3.107'. [ 140.814578][ T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 140.828552][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 140.875680][ T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 140.990118][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 140.996118][ T10] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 141.011880][ T6257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.012911][ T6257] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.033047][ T10] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 141.033270][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.033287][ T10] usb 3-1: Product: syz [ 141.033297][ T10] usb 3-1: Manufacturer: syz [ 141.033308][ T10] usb 3-1: SerialNumber: syz [ 141.158214][ T10] usb 3-1: config 0 descriptor?? [ 141.202521][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 141.203200][ T10] usb 3-1: setting power ON [ 141.203628][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 141.296596][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 141.298090][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 141.299627][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 141.299680][ T10] usb 3-1: media controller created [ 141.301228][ T31] usb 4-1: USB disconnect, device number 6 [ 141.320242][ T31] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 141.390696][ T31] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 141.391520][ T31] quatech2 4-1:0.51: device disconnected [ 141.412394][ T6272] dvb-usb: bulk message failed: -22 (3/0) [ 141.412421][ T6272] dvb-usb: bulk message failed: -22 (3/0) [ 141.413314][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 142.585720][ T10] usb 3-1: selecting invalid altsetting 6 [ 142.585746][ T10] usb 3-1: digital interface selection failed (-22) [ 142.585762][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 142.587673][ T10] usb 3-1: setting power OFF [ 142.587696][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 142.587715][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 142.587728][ T10] (NULL device *): no alternate interface [ 142.837081][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 142.881699][ T10] usb 3-1: USB disconnect, device number 5 [ 142.899607][ T6283] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.110968][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 143.317461][ T9] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 143.317494][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.317526][ T9] usb 5-1: Product: syz [ 143.317542][ T9] usb 5-1: Manufacturer: syz [ 143.317557][ T9] usb 5-1: SerialNumber: syz [ 144.166217][ T6302] ptrace attach of "./syz-executor exec"[5798] was attempted by "./syz-executor exec"[6302] [ 145.118884][ T31] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 145.251254][ T6310] netlink: 'syz.0.126': attribute type 1 has an invalid length. [ 145.290837][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64 [ 145.290874][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 145.296382][ T31] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 145.296422][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.296442][ T31] usb 4-1: Product: syz [ 145.296456][ T31] usb 4-1: Manufacturer: syz [ 145.296471][ T31] usb 4-1: SerialNumber: syz [ 145.360030][ T31] usb 4-1: config 0 descriptor?? [ 145.366601][ T6305] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 145.400695][ T31] port100 4-1:0.0: NFC: Could not get supported command types [ 145.527514][ T5880] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 145.677634][ T5880] usb 2-1: Using ep0 maxpacket: 32 [ 145.695115][ T5880] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 145.695160][ T5880] usb 2-1: config 0 has no interface number 0 [ 145.745956][ T5880] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 145.745980][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.745994][ T5880] usb 2-1: Product: syz [ 145.746075][ T5880] usb 2-1: Manufacturer: syz [ 145.746093][ T5880] usb 2-1: SerialNumber: syz [ 145.746419][ T10] usb 4-1: USB disconnect, device number 7 [ 145.842541][ T5880] usb 2-1: config 0 descriptor?? [ 145.883519][ T5880] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 146.063842][ T9] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 146.065772][ T9] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 146.065799][ T9] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 146.117592][ T6308] netlink: 80 bytes leftover after parsing attributes in process `syz.1.127'. [ 146.148179][ T9] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 146.236076][ T9] usb 5-1: USB disconnect, device number 3 [ 146.259458][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 146.385584][ T6308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.420683][ T6308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.469846][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 146.735154][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 146.740508][ T5880] usb 2-1: USB disconnect, device number 3 [ 146.818944][ T5880] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 146.841868][ T6316] FAULT_INJECTION: forcing a failure. [ 146.841868][ T6316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.841967][ T6316] CPU: 0 UID: 0 PID: 6316 Comm: syz.3.130 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 146.842033][ T6316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 146.842075][ T6316] Call Trace: [ 146.842098][ T6316] [ 146.842122][ T6316] dump_stack_lvl+0xe8/0x150 [ 146.842224][ T6316] should_fail_ex+0x46b/0x600 [ 146.842331][ T6316] _copy_from_user+0x2d/0xb0 [ 146.842389][ T6316] __sys_sendto+0x2bc/0x710 [ 146.842470][ T6316] ? __pfx___sys_sendto+0x10/0x10 [ 146.842606][ T6316] ? ksys_write+0x248/0x270 [ 146.842706][ T6316] ? __pfx_ksys_write+0x10/0x10 [ 146.842817][ T6316] __x64_sys_sendto+0xde/0x100 [ 146.842904][ T6316] do_syscall_64+0x14d/0xf80 [ 146.842985][ T6316] ? trace_irq_disable+0x3b/0x150 [ 146.843061][ T6316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.843118][ T6316] ? clear_bhb_loop+0x40/0x90 [ 146.843196][ T6316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.843254][ T6316] RIP: 0033:0x7fe2cd80c819 [ 146.843330][ T6316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.843376][ T6316] RSP: 002b:00007fe2cba66028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 146.843442][ T6316] RAX: ffffffffffffffda RBX: 00007fe2cda85fa0 RCX: 00007fe2cd80c819 [ 146.843486][ T6316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 146.843521][ T6316] RBP: 00007fe2cba66090 R08: 0000200000b63fe4 R09: 000000000000001c [ 146.843549][ T6316] R10: 0000000020004002 R11: 0000000000000246 R12: 0000000000000001 [ 146.843583][ T6316] R13: 00007fe2cda86038 R14: 00007fe2cda85fa0 R15: 00007ffeb97d2aa8 [ 146.843682][ T6316] [ 146.866032][ T5880] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 146.881690][ T5880] quatech2 2-1:0.51: device disconnected [ 147.538040][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 147.697795][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 147.700570][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 147.702119][ T10] usb 4-1: config 2 has an invalid interface number: 99 but max is 0 [ 147.702145][ T10] usb 4-1: config 2 has no interface number 0 [ 147.702189][ T10] usb 4-1: config 2 interface 99 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 147.702218][ T10] usb 4-1: config 2 interface 99 altsetting 7 endpoint 0x2 has invalid wMaxPacketSize 0 [ 147.702249][ T10] usb 4-1: config 2 interface 99 has no altsetting 0 [ 147.705082][ T10] usb 4-1: New USB device found, idVendor=0000, idProduct=a300, bcdDevice= a.f3 [ 147.705112][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.705133][ T10] usb 4-1: Product: syz [ 147.705148][ T10] usb 4-1: Manufacturer: syz [ 147.705163][ T10] usb 4-1: SerialNumber: syz [ 147.907430][ T5899] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 148.067440][ T5899] usb 1-1: Using ep0 maxpacket: 8 [ 148.071076][ T5899] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 148.077911][ T5899] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 148.077940][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.077960][ T5899] usb 1-1: Product: syz [ 148.077974][ T5899] usb 1-1: Manufacturer: syz [ 148.077989][ T5899] usb 1-1: SerialNumber: syz [ 148.115035][ T5899] usb 1-1: config 0 descriptor?? [ 148.147905][ T5899] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 148.147974][ T5899] usb 1-1: setting power ON [ 148.147995][ T5899] dvb-usb: bulk message failed: -22 (2/0) [ 148.181408][ T5899] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 148.187033][ T5899] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 148.187097][ T5899] usb 1-1: media controller created [ 148.238293][ T5899] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 148.313496][ T5899] usb 1-1: selecting invalid altsetting 6 [ 148.313522][ T5899] usb 1-1: digital interface selection failed (-22) [ 148.313539][ T5899] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 148.314525][ T5899] usb 1-1: setting power OFF [ 148.314547][ T5899] dvb-usb: bulk message failed: -22 (2/0) [ 148.314565][ T5899] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 148.314578][ T5899] (NULL device *): no alternate interface [ 148.332060][ T6327] dvb-usb: bulk message failed: -22 (3/0) [ 148.332088][ T6327] dvb-usb: bulk message failed: -22 (3/0) [ 148.518168][ T5899] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 148.542061][ T5899] usb 1-1: USB disconnect, device number 6 [ 148.561717][ T6002] udevd[6002]: setting mode of /dev/bus/usb/001/006 to 020664 failed: No such file or directory [ 148.561904][ T6002] udevd[6002]: setting owner of /dev/bus/usb/001/006 to uid=0, gid=0 failed: No such file or directory [ 149.217478][ T5880] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 149.401321][ T5880] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 149.402401][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.402426][ T5880] usb 5-1: Product: syz [ 149.402442][ T5880] usb 5-1: Manufacturer: syz [ 149.402457][ T5880] usb 5-1: SerialNumber: syz [ 149.472780][ T6339] netlink: 'syz.1.139': attribute type 1 has an invalid length. [ 151.685217][ T6350] ptrace attach of "./syz-executor exec"[5798] was attempted by "./syz-executor exec"[6350] [ 152.591503][ T6352] delete_channel: no stack [ 152.946996][ T10] usb 4-1: USB disconnect, device number 8 [ 153.581656][ T5880] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 153.581716][ T5880] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 153.581737][ T5880] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 153.622872][ T5880] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 153.637463][ T31] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 153.757574][ T5880] usb 5-1: USB disconnect, device number 4 [ 153.790717][ T31] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.790787][ T31] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.790815][ T31] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 153.790855][ T31] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 153.790882][ T31] usb 4-1: config 1 interface 1 has no altsetting 0 [ 153.793939][ T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.793967][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.793989][ T31] usb 4-1: Product: syz [ 153.794004][ T31] usb 4-1: Manufacturer: syz [ 153.794018][ T31] usb 4-1: SerialNumber: syz [ 154.132862][ T6358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.136444][ T6358] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.182639][ T31] usb 4-1: selecting invalid altsetting 0 [ 154.183416][ T31] usb 4-1: selecting invalid altsetting 0 [ 154.183490][ T31] cdc_ncm 4-1:1.0: bind() failure [ 154.358701][ T31] usb 4-1: selecting invalid altsetting 0 [ 154.358743][ T31] usbtest 4-1:1.1: probe with driver usbtest failed with error -22 [ 154.389785][ T31] usb 4-1: USB disconnect, device number 9 [ 155.407733][ T31] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 155.560649][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64 [ 155.560687][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 155.565649][ T31] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 155.565681][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.565702][ T31] usb 4-1: Product: syz [ 155.565717][ T31] usb 4-1: Manufacturer: syz [ 155.565738][ T31] usb 4-1: SerialNumber: syz [ 155.589405][ T31] usb 4-1: config 0 descriptor?? [ 155.596050][ T6373] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 155.640008][ T6379] netlink: 'syz.1.152': attribute type 1 has an invalid length. [ 155.697954][ T31] port100 4-1:0.0: NFC: Could not get supported command types [ 155.817180][ T5880] usb 4-1: USB disconnect, device number 10 [ 156.737914][ T5880] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 156.907900][ T5880] usb 5-1: No LPM exit latency info found, disabling LPM. [ 156.917957][ T5880] usb 5-1: config 3 has an invalid interface number: 46 but max is 3 [ 156.917987][ T5880] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 156.918007][ T5880] usb 5-1: config 3 has 1 interface, different from the descriptor's value: 4 [ 156.918028][ T5880] usb 5-1: config 3 has no interface number 0 [ 156.918075][ T5880] usb 5-1: config 3 interface 46 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 156.918096][ T5880] usb 5-1: config 3 interface 46 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 14 [ 156.918122][ T5880] usb 5-1: config 3 interface 46 has no altsetting 0 [ 156.921374][ T5880] usb 5-1: New USB device found, idVendor=12b8, idProduct=ec62, bcdDevice=c2.78 [ 156.921404][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.921424][ T5880] usb 5-1: Manufacturer: 䣡趉껈଺ࠣ烰᭞툜㼶夦䬩㋕챚饒Ň溶軋퓥 [ 156.921443][ T5880] usb 5-1: SerialNumber: 斣⍅ࠋ䡷췆㒹셓閞៳ [ 157.460445][ T5880] cp210x 5-1:3.46: cp210x converter detected [ 157.464826][ T5880] cp210x 5-1:3.46: failed to get vendor val 0x370b size 1: -71 [ 157.464874][ T5880] cp210x 5-1:3.46: querying part number failed [ 157.482325][ T5880] usb 5-1: cp210x converter now attached to ttyUSB0 [ 157.524708][ T5880] usb 5-1: USB disconnect, device number 5 [ 157.554649][ T5880] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 157.555449][ T5880] cp210x 5-1:3.46: device disconnected [ 157.994727][ T6406] FAULT_INJECTION: forcing a failure. [ 157.994727][ T6406] name failslab, interval 1, probability 0, space 0, times 0 [ 157.994767][ T6406] CPU: 0 UID: 0 PID: 6406 Comm: syz.3.160 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 157.994796][ T6406] Tainted: [L]=SOFTLOCKUP [ 157.994804][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 157.994817][ T6406] Call Trace: [ 157.994826][ T6406] [ 157.994835][ T6406] dump_stack_lvl+0xe8/0x150 [ 157.994875][ T6406] should_fail_ex+0x46b/0x600 [ 157.994922][ T6406] should_failslab+0xa8/0x100 [ 157.994948][ T6406] __kmalloc_noprof+0xdf/0x7b0 [ 157.994971][ T6406] ? ip_options_get+0x51/0x4c0 [ 157.995010][ T6406] ip_options_get+0x51/0x4c0 [ 157.995049][ T6406] do_ip_setsockopt+0x1e0f/0x2ea0 [ 157.995085][ T6406] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 157.995110][ T6406] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 157.995138][ T6406] ? lockdep_hardirqs_on+0x7a/0x110 [ 157.995179][ T6406] ? __fget_files+0x2a/0x420 [ 157.995214][ T6406] ip_setsockopt+0x66/0x110 [ 157.995238][ T6406] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 157.995276][ T6406] do_sock_setsockopt+0x17c/0x1b0 [ 157.995306][ T6406] __x64_sys_setsockopt+0x143/0x1b0 [ 157.995339][ T6406] do_syscall_64+0x14d/0xf80 [ 157.995364][ T6406] ? trace_irq_disable+0x3b/0x150 [ 157.995392][ T6406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.995415][ T6406] ? clear_bhb_loop+0x40/0x90 [ 157.995443][ T6406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.995465][ T6406] RIP: 0033:0x7fe2cd80c819 [ 157.995486][ T6406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.995504][ T6406] RSP: 002b:00007fe2cba45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 157.995526][ T6406] RAX: ffffffffffffffda RBX: 00007fe2cda86090 RCX: 00007fe2cd80c819 [ 157.995542][ T6406] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 157.995554][ T6406] RBP: 00007fe2cba45090 R08: 0000000000000000 R09: 0000000000000000 [ 157.995567][ T6406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.995579][ T6406] R13: 00007fe2cda86128 R14: 00007fe2cda86090 R15: 00007ffeb97d2aa8 [ 157.995613][ T6406] [ 158.720651][ T6418] block nbd2: shutting down sockets [ 159.575111][ T5809] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 160.411186][ T5809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 64 [ 160.411225][ T5809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 160.414729][ T5809] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 160.414762][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.414782][ T5809] usb 2-1: Product: syz [ 160.414797][ T5809] usb 2-1: Manufacturer: syz [ 160.414812][ T5809] usb 2-1: SerialNumber: syz [ 160.472371][ T5809] usb 2-1: config 0 descriptor?? [ 160.558448][ T6421] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 160.649824][ T5809] port100 2-1:0.0: NFC: Could not get supported command types [ 160.823761][ T5887] usb 2-1: USB disconnect, device number 4 [ 161.217454][ T5880] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 161.367418][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 161.368446][ T5880] usb 1-1: no configurations [ 161.368464][ T5880] usb 1-1: can't read configurations, error -22 [ 161.547512][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 161.699192][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 161.701728][ T5880] usb 1-1: no configurations [ 161.701747][ T5880] usb 1-1: can't read configurations, error -22 [ 161.702382][ T5880] usb usb1-port1: attempt power cycle [ 161.937354][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 162.023496][ T6440] program syz.3.174 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 162.602682][ T6443] veth1: mtu less than device minimum [ 162.618342][ T6443] option changes via remount are deprecated (pid=6441 comm=syz.3.175) [ 162.620342][ T6443] netlink: 32 bytes leftover after parsing attributes in process `syz.3.175'. [ 162.690876][ T6448] netlink: 20 bytes leftover after parsing attributes in process `syz.3.175'. [ 162.738041][ T5880] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 162.763015][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 162.763628][ T5880] usb 1-1: no configurations [ 162.763643][ T5880] usb 1-1: can't read configurations, error -22 [ 162.887456][ T5880] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 162.916195][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 162.919442][ T5880] usb 1-1: no configurations [ 162.919461][ T5880] usb 1-1: can't read configurations, error -22 [ 162.920284][ T5880] usb usb1-port1: unable to enumerate USB device [ 163.796483][ T6456] FAULT_INJECTION: forcing a failure. [ 163.796483][ T6456] name failslab, interval 1, probability 0, space 0, times 0 [ 163.796524][ T6456] CPU: 0 UID: 0 PID: 6456 Comm: syz.1.180 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 163.796555][ T6456] Tainted: [L]=SOFTLOCKUP [ 163.796563][ T6456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 163.796577][ T6456] Call Trace: [ 163.796585][ T6456] [ 163.796595][ T6456] dump_stack_lvl+0xe8/0x150 [ 163.796634][ T6456] should_fail_ex+0x46b/0x600 [ 163.796671][ T6456] should_failslab+0xa8/0x100 [ 163.796697][ T6456] __kmalloc_noprof+0xdf/0x7b0 [ 163.796718][ T6456] ? kfree+0x4d/0x6c0 [ 163.796749][ T6456] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.796786][ T6456] tomoyo_realpath_from_path+0xe3/0x5d0 [ 163.796828][ T6456] ? tomoyo_path_number_perm+0x219/0x630 [ 163.796852][ T6456] tomoyo_path_number_perm+0x246/0x630 [ 163.796879][ T6456] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 163.796906][ T6456] ? __lock_acquire+0x6b5/0x2cf0 [ 163.796966][ T6456] ? __fget_files+0x2a/0x420 [ 163.797000][ T6456] ? __fget_files+0x2a/0x420 [ 163.797028][ T6456] ? __fget_files+0x3a6/0x420 [ 163.797056][ T6456] ? __fget_files+0x2a/0x420 [ 163.797091][ T6456] security_file_ioctl+0xc3/0x2a0 [ 163.797118][ T6456] __se_sys_ioctl+0x47/0x170 [ 163.797144][ T6456] do_syscall_64+0x14d/0xf80 [ 163.797169][ T6456] ? trace_irq_disable+0x3b/0x150 [ 163.797205][ T6456] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.797228][ T6456] ? clear_bhb_loop+0x40/0x90 [ 163.797258][ T6456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.797284][ T6456] RIP: 0033:0x7f976ba4c819 [ 163.797303][ T6456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 163.797321][ T6456] RSP: 002b:00007f9769ca6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.797344][ T6456] RAX: ffffffffffffffda RBX: 00007f976bcc5fa0 RCX: 00007f976ba4c819 [ 163.797360][ T6456] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 163.797373][ T6456] RBP: 00007f9769ca6090 R08: 0000000000000000 R09: 0000000000000000 [ 163.797385][ T6456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.797424][ T6456] R13: 00007f976bcc6038 R14: 00007f976bcc5fa0 R15: 00007fffc400e638 [ 163.797461][ T6456] [ 163.831429][ T6456] ERROR: Out of memory at tomoyo_realpath_from_path. [ 165.552815][ T6472] program syz.2.185 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 166.524329][ T6482] veth1: mtu less than device minimum [ 166.545288][ T6482] option changes via remount are deprecated (pid=6481 comm=syz.4.189) [ 166.563497][ T6482] netlink: 32 bytes leftover after parsing attributes in process `syz.4.189'. [ 166.616285][ T6485] netlink: 20 bytes leftover after parsing attributes in process `syz.4.189'. [ 166.867425][ T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 167.017475][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 167.018613][ T10] usb 3-1: no configurations [ 167.018631][ T10] usb 3-1: can't read configurations, error -22 [ 167.147425][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 167.297468][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 167.298524][ T10] usb 3-1: no configurations [ 167.298541][ T10] usb 3-1: can't read configurations, error -22 [ 167.302862][ T10] usb usb3-port1: attempt power cycle [ 168.327645][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 168.350044][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 168.350880][ T10] usb 3-1: no configurations [ 168.350896][ T10] usb 3-1: can't read configurations, error -22 [ 168.494968][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 168.514889][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 168.522718][ T10] usb 3-1: no configurations [ 168.522738][ T10] usb 3-1: can't read configurations, error -22 [ 168.523474][ T10] usb usb3-port1: unable to enumerate USB device [ 168.850040][ T6507] FAULT_INJECTION: forcing a failure. [ 168.850040][ T6507] name failslab, interval 1, probability 0, space 0, times 0 [ 168.850082][ T6507] CPU: 0 UID: 0 PID: 6507 Comm: syz.3.197 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 168.850112][ T6507] Tainted: [L]=SOFTLOCKUP [ 168.850120][ T6507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 168.850133][ T6507] Call Trace: [ 168.850142][ T6507] [ 168.850150][ T6507] dump_stack_lvl+0xe8/0x150 [ 168.850192][ T6507] should_fail_ex+0x46b/0x600 [ 168.850230][ T6507] should_failslab+0xa8/0x100 [ 168.850255][ T6507] kmem_cache_alloc_noprof+0x87/0x680 [ 168.850292][ T6507] ? do_getname+0x2e/0x250 [ 168.850321][ T6507] do_getname+0x2e/0x250 [ 168.850345][ T6507] ? getname_flags+0x11/0x20 [ 168.850374][ T6507] do_sys_openat2+0xca/0x200 [ 168.850407][ T6507] ? __pfx_do_sys_openat2+0x10/0x10 [ 168.850442][ T6507] ? __x64_sys_openat+0x10d/0x170 [ 168.850477][ T6507] __x64_sys_openat+0x138/0x170 [ 168.850512][ T6507] do_syscall_64+0x14d/0xf80 [ 168.850539][ T6507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.850563][ T6507] ? clear_bhb_loop+0x40/0x90 [ 168.850591][ T6507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.850614][ T6507] RIP: 0033:0x7fe2cd7cd04e [ 168.850634][ T6507] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 168.850652][ T6507] RSP: 002b:00007fe2cba23b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 168.850674][ T6507] RAX: ffffffffffffffda RBX: 00007fe2cba246c0 RCX: 00007fe2cd7cd04e [ 168.850689][ T6507] RDX: 0000000000080101 RSI: 00007fe2cba23c00 RDI: ffffffffffffff9c [ 168.850704][ T6507] RBP: 00007fe2cba23c00 R08: 0000000000000000 R09: 0000000000000000 [ 168.850717][ T6507] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 168.850730][ T6507] R13: 00007fe2cda86218 R14: 00007fe2cda86180 R15: 00007ffeb97d2aa8 [ 168.850764][ T6507] [ 168.956648][ T6508] program syz.1.196 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 169.908020][ T6517] veth1: mtu less than device minimum [ 169.929044][ T6517] option changes via remount are deprecated (pid=6516 comm=syz.0.202) [ 169.949533][ T6517] netlink: 32 bytes leftover after parsing attributes in process `syz.0.202'. [ 170.002302][ T6519] netlink: 20 bytes leftover after parsing attributes in process `syz.0.202'. [ 170.027414][ T5809] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 170.434925][ T5809] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 170.434958][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 170.434979][ T5809] usb 4-1: Product: syz [ 170.434993][ T5809] usb 4-1: Manufacturer: syz [ 170.435008][ T5809] usb 4-1: SerialNumber: syz [ 170.472866][ T5809] usb 4-1: config 0 descriptor?? [ 170.665927][ T6528] FAULT_INJECTION: forcing a failure. [ 170.665927][ T6528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 170.665961][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz.0.206 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 170.665987][ T6528] Tainted: [L]=SOFTLOCKUP [ 170.665994][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 170.666005][ T6528] Call Trace: [ 170.666012][ T6528] [ 170.666020][ T6528] dump_stack_lvl+0xe8/0x150 [ 170.666064][ T6528] should_fail_ex+0x46b/0x600 [ 170.666096][ T6528] _copy_from_user+0x2d/0xb0 [ 170.666115][ T6528] ___sys_sendmsg+0x1c6/0x360 [ 170.666144][ T6528] ? __pfx____sys_sendmsg+0x10/0x10 [ 170.666206][ T6528] ? __fget_files+0x2a/0x420 [ 170.666236][ T6528] ? __fget_files+0x3a6/0x420 [ 170.666276][ T6528] __x64_sys_sendmsg+0x1c3/0x2a0 [ 170.666306][ T6528] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 170.666344][ T6528] ? __pfx_ksys_write+0x10/0x10 [ 170.666391][ T6528] do_syscall_64+0x14d/0xf80 [ 170.666416][ T6528] ? trace_irq_disable+0x3b/0x150 [ 170.666443][ T6528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.666466][ T6528] ? clear_bhb_loop+0x40/0x90 [ 170.666493][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.666514][ T6528] RIP: 0033:0x7fc87216c819 [ 170.666534][ T6528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.666551][ T6528] RSP: 002b:00007fc8703be028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.666577][ T6528] RAX: ffffffffffffffda RBX: 00007fc8723e5fa0 RCX: 00007fc87216c819 [ 170.666592][ T6528] RDX: 0000000000000050 RSI: 0000200000000100 RDI: 0000000000000006 [ 170.666605][ T6528] RBP: 00007fc8703be090 R08: 0000000000000000 R09: 0000000000000000 [ 170.666618][ T6528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.666630][ T6528] R13: 00007fc8723e6038 R14: 00007fc8723e5fa0 R15: 00007ffc1dc57158 [ 170.666663][ T6528] [ 171.544434][ T5809] usb 4-1: USB disconnect, device number 11 [ 171.830506][ T6002] udevd[6002]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.320076][ T6537] program syz.4.209 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 172.704348][ T6542] FAULT_INJECTION: forcing a failure. [ 172.704348][ T6542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.704390][ T6542] CPU: 1 UID: 0 PID: 6542 Comm: syz.4.211 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 172.704418][ T6542] Tainted: [L]=SOFTLOCKUP [ 172.704425][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 172.704437][ T6542] Call Trace: [ 172.704445][ T6542] [ 172.704454][ T6542] dump_stack_lvl+0xe8/0x150 [ 172.704493][ T6542] should_fail_ex+0x46b/0x600 [ 172.704529][ T6542] _copy_from_user+0x2d/0xb0 [ 172.704553][ T6542] ucma_write+0x166/0x2f0 [ 172.704586][ T6542] ? __pfx_ucma_write+0x10/0x10 [ 172.704620][ T6542] ? rw_verify_area+0x25b/0x4e0 [ 172.704658][ T6542] vfs_writev+0x4c6/0x9a0 [ 172.704686][ T6542] ? __pfx_ucma_write+0x10/0x10 [ 172.704722][ T6542] ? __pfx_vfs_writev+0x10/0x10 [ 172.704764][ T6542] ? __fget_files+0x2a/0x420 [ 172.704799][ T6542] ? __fget_files+0x3a6/0x420 [ 172.704827][ T6542] ? __fget_files+0x2a/0x420 [ 172.704865][ T6542] do_writev+0x15a/0x2e0 [ 172.704894][ T6542] ? __pfx_do_writev+0x10/0x10 [ 172.704932][ T6542] do_syscall_64+0x14d/0xf80 [ 172.704958][ T6542] ? trace_irq_disable+0x3b/0x150 [ 172.704992][ T6542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.705016][ T6542] ? clear_bhb_loop+0x40/0x90 [ 172.705045][ T6542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.705067][ T6542] RIP: 0033:0x7f868206c819 [ 172.705087][ T6542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.705104][ T6542] RSP: 002b:00007f86802c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 172.705127][ T6542] RAX: ffffffffffffffda RBX: 00007f86822e5fa0 RCX: 00007f868206c819 [ 172.705142][ T6542] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 172.705154][ T6542] RBP: 00007f86802c6090 R08: 0000000000000000 R09: 0000000000000000 [ 172.705167][ T6542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.705179][ T6542] R13: 00007f86822e6038 R14: 00007f86822e5fa0 R15: 00007ffcf57376c8 [ 172.705214][ T6542] [ 173.312546][ T6547] loop6: detected capacity change from 0 to 7 [ 173.345472][ C0] blk_print_req_error: 10 callbacks suppressed [ 173.345493][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 173.345525][ C0] buffer_io_error: 10 callbacks suppressed [ 173.345538][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.317651][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.317692][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.378610][ T6550] netlink: 'syz.0.210': attribute type 10 has an invalid length. [ 174.379372][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.379410][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.379689][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.379719][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.379968][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.379998][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.385495][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.385543][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.427618][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.427719][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.466312][ T6547] ldm_validate_partition_table(): Disk read failed. [ 174.491620][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.491725][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.530847][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.530887][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.547637][ T5899] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 174.589939][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 174.589978][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.620768][ T6547] Dev loop6: unable to read RDB block 0 [ 174.697536][ T6554] capability: warning: `syz.1.214' uses deprecated v2 capabilities in a way that may be insecure [ 174.719480][ T6554] ucma_write: process 142 (syz.1.214) changed security contexts after opening file descriptor, this is not allowed. [ 174.737836][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 174.741359][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 174.743494][ T5899] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 128, changing to 7 [ 174.747679][ T6547] loop6: unable to read partition table [ 174.748319][ T6547] loop6: partition table beyond EOD, truncated [ 174.748458][ T6547] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 174.758486][ T5899] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 174.758565][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.758623][ T5899] usb 3-1: Product: syz [ 174.758665][ T5899] usb 3-1: Manufacturer: syz [ 174.758700][ T5899] usb 3-1: SerialNumber: syz [ 175.365364][ T5114] Bluetooth: hci4: link tx timeout [ 175.367080][ T5114] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 175.406861][ T6557] veth1: mtu less than device minimum [ 175.421198][ T6557] option changes via remount are deprecated (pid=6555 comm=syz.3.216) [ 175.425362][ T6557] netlink: 32 bytes leftover after parsing attributes in process `syz.3.216'. [ 175.477030][ T6559] netlink: 20 bytes leftover after parsing attributes in process `syz.3.216'. [ 176.305526][ T5899] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 176.317897][ T5899] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 176.593309][ T5899] usb 3-1: USB disconnect, device number 10 [ 176.716557][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.040232][ T6570] program syz.2.221 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 177.628926][ T5114] Bluetooth: hci4: command 0x0406 tx timeout [ 178.047522][ T31] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 178.204419][ T31] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 178.204451][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.216282][ T31] usb 2-1: config 0 descriptor?? [ 178.225459][ T31] cp210x 2-1:0.0: cp210x converter detected [ 178.357456][ T5880] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 178.507421][ T5880] usb 5-1: Using ep0 maxpacket: 32 [ 178.512583][ T5880] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 178.512626][ T5880] usb 5-1: config 0 has no interface number 0 [ 178.545248][ T5880] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 178.545280][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.545301][ T5880] usb 5-1: Product: syz [ 178.545384][ T5880] usb 5-1: Manufacturer: syz [ 178.545401][ T5880] usb 5-1: SerialNumber: syz [ 178.587630][ T5880] usb 5-1: config 0 descriptor?? [ 178.610838][ T5880] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 178.765429][ T31] usb 2-1: cp210x converter now attached to ttyUSB0 [ 178.935144][ T5809] usb 2-1: USB disconnect, device number 5 [ 178.978487][ T5880] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 178.994146][ T5809] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 178.996430][ T5880] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2 [ 179.011808][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.054029][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.132536][ T5809] cp210x 2-1:0.0: device disconnected [ 179.459358][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 179.460462][ T5809] usb 5-1: USB disconnect, device number 6 [ 179.496031][ T5809] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 179.535903][ T5809] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2 [ 179.544354][ T5809] quatech2 5-1:0.51: device disconnected [ 180.049027][ T6607] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 180.246296][ T6611] netlink: 24 bytes leftover after parsing attributes in process `syz.4.237'. [ 180.788660][ T36] audit: type=1326 audit(1775980523.674:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.788716][ T36] audit: type=1326 audit(1775980523.684:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.788762][ T36] audit: type=1326 audit(1775980523.684:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.799016][ T36] audit: type=1326 audit(1775980523.684:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.799121][ T36] audit: type=1326 audit(1775980523.684:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.799182][ T36] audit: type=1326 audit(1775980523.694:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.799361][ T36] audit: type=1326 audit(1775980523.694:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.801397][ T36] audit: type=1326 audit(1775980523.694:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.803838][ T36] audit: type=1326 audit(1775980523.694:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.813657][ T36] audit: type=1326 audit(1775980523.694:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6604 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2cd80c819 code=0x7ffc0000 [ 180.817418][ T5887] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 180.924358][ T6605] tmpfs: Bad value for 'mpol' [ 181.055213][ T5887] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 181.055244][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 181.055265][ T5887] usb 3-1: Product: syz [ 181.055280][ T5887] usb 3-1: Manufacturer: syz [ 181.055294][ T5887] usb 3-1: SerialNumber: syz [ 181.060935][ T5887] usb 3-1: config 0 descriptor?? [ 182.177633][ T5899] usb 3-1: USB disconnect, device number 11 [ 183.767337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 183.978273][ T6637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.249'. [ 183.978315][ T6637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.249'. [ 184.006500][ T6637] dummy0: entered promiscuous mode [ 184.017143][ T6637] team0: entered promiscuous mode [ 184.017167][ T6637] team_slave_0: entered promiscuous mode [ 184.018004][ T6637] team_slave_1: entered promiscuous mode [ 184.018624][ T6637] team0: left promiscuous mode [ 184.018680][ T6637] team_slave_0: left promiscuous mode [ 184.019348][ T6637] team_slave_1: left promiscuous mode [ 184.077689][ T6637] dummy0: left promiscuous mode [ 185.262055][ T6662] program syz.1.258 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 187.634337][ T6691] program syz.1.269 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 188.268660][ T6696] FAULT_INJECTION: forcing a failure. [ 188.268660][ T6696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.268699][ T6696] CPU: 1 UID: 0 PID: 6696 Comm: syz.1.270 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 188.268728][ T6696] Tainted: [L]=SOFTLOCKUP [ 188.268736][ T6696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 188.268762][ T6696] Call Trace: [ 188.268771][ T6696] [ 188.268781][ T6696] dump_stack_lvl+0xe8/0x150 [ 188.268820][ T6696] should_fail_ex+0x46b/0x600 [ 188.268858][ T6696] _copy_to_user+0x31/0xb0 [ 188.268883][ T6696] simple_read_from_buffer+0xe1/0x170 [ 188.268925][ T6696] proc_fail_nth_read+0x1be/0x230 [ 188.268958][ T6696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.268990][ T6696] ? rw_verify_area+0x2ac/0x4e0 [ 188.269029][ T6696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.269059][ T6696] vfs_read+0x212/0xa80 [ 188.269104][ T6696] ? __pfx_vfs_read+0x10/0x10 [ 188.269141][ T6696] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 188.269169][ T6696] ? lockdep_hardirqs_on+0x7a/0x110 [ 188.269195][ T6696] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 188.269222][ T6696] ? mutex_lock_nested+0x152/0x1d0 [ 188.269252][ T6696] ? fdget_pos+0x252/0x320 [ 188.269291][ T6696] ksys_read+0x156/0x270 [ 188.269329][ T6696] ? __pfx_ksys_read+0x10/0x10 [ 188.269374][ T6696] do_syscall_64+0x14d/0xf80 [ 188.269400][ T6696] ? trace_irq_disable+0x3b/0x150 [ 188.269427][ T6696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.269450][ T6696] ? clear_bhb_loop+0x40/0x90 [ 188.269478][ T6696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.269500][ T6696] RIP: 0033:0x7f976ba0d04e [ 188.269521][ T6696] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 188.269540][ T6696] RSP: 002b:00007f9769c84fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 188.269562][ T6696] RAX: ffffffffffffffda RBX: 00007f9769c856c0 RCX: 00007f976ba0d04e [ 188.269578][ T6696] RDX: 000000000000000f RSI: 00007f9769c850a0 RDI: 0000000000000005 [ 188.269591][ T6696] RBP: 00007f9769c85090 R08: 0000000000000000 R09: 0000000000000000 [ 188.269604][ T6696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.269616][ T6696] R13: 00007f976bcc6128 R14: 00007f976bcc6090 R15: 00007fffc400e638 [ 188.269651][ T6696] [ 189.227766][ T6702] loop6: detected capacity change from 0 to 7 [ 189.268587][ T6703] netlink: 'syz.2.272': attribute type 10 has an invalid length. [ 189.280684][ T6703] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.283612][ T6703] bond0: (slave team0): Enslaving as an active interface with an up link [ 189.694687][ C0] blk_print_req_error: 10 callbacks suppressed [ 189.694734][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.694849][ C0] buffer_io_error: 10 callbacks suppressed [ 189.694887][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.902956][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.902996][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.919577][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.919620][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.927698][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.927740][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.928165][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.928196][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.928508][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.928538][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.928907][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.928936][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.929020][ T6702] ldm_validate_partition_table(): Disk read failed. [ 189.929219][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.929247][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.929507][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.929536][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.929803][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 189.929832][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 189.930159][ T6702] Dev loop6: unable to read RDB block 0 [ 189.931186][ T6702] loop6: unable to read partition table [ 189.931412][ T6702] loop6: partition table beyond EOD, truncated [ 189.931442][ T6702] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 191.927993][ T5809] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 192.035654][ T6721] sctp: [Deprecated]: syz.2.281 (pid 6721) Use of int in max_burst socket option. [ 192.035654][ T6721] Use struct sctp_assoc_value instead [ 192.327368][ T5809] usb 2-1: Using ep0 maxpacket: 8 [ 192.329445][ T5809] usb 2-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 192.329478][ T5809] usb 2-1: config 1 interface 0 has no altsetting 0 [ 192.332939][ T5809] usb 2-1: string descriptor 0 read error: -22 [ 192.333078][ T5809] usb 2-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.40 [ 192.333104][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.604271][ T6727] program syz.0.280 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.251458][ T6736] netlink: 'syz.0.283': attribute type 1 has an invalid length. [ 194.905542][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.905624][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.122869][ T5809] input: HID 0458:5012 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/0003:0458:5012.0003/input/input15 [ 195.170968][ T5809] input: HID 0458:5012 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/0003:0458:5012.0003/input/input16 [ 195.288375][ T5809] kye 0003:0458:5012.0003: input,hiddev0,hidraw0: USB HID v0.d0 Device [HID 0458:5012] on usb-dummy_hcd.1-1/input0 [ 195.327858][ T5809] usb 2-1: USB disconnect, device number 6 [ 195.571593][ T6747] fido_id[6747]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 195.970140][ T6755] FAULT_INJECTION: forcing a failure. [ 195.970140][ T6755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.970180][ T6755] CPU: 0 UID: 0 PID: 6755 Comm: syz.1.291 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 195.970220][ T6755] Tainted: [L]=SOFTLOCKUP [ 195.970227][ T6755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 195.970241][ T6755] Call Trace: [ 195.970249][ T6755] [ 195.970259][ T6755] dump_stack_lvl+0xe8/0x150 [ 195.970294][ T6755] should_fail_ex+0x46b/0x600 [ 195.970328][ T6755] _copy_from_user+0x2d/0xb0 [ 195.970352][ T6755] ___sys_sendmsg+0x1c6/0x360 [ 195.970385][ T6755] ? __pfx____sys_sendmsg+0x10/0x10 [ 195.970447][ T6755] ? __fget_files+0x2a/0x420 [ 195.970484][ T6755] ? __fget_files+0x3a6/0x420 [ 195.970523][ T6755] __x64_sys_sendmsg+0x1c3/0x2a0 [ 195.970553][ T6755] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 195.970590][ T6755] ? __pfx_ksys_write+0x10/0x10 [ 195.970636][ T6755] do_syscall_64+0x14d/0xf80 [ 195.970661][ T6755] ? trace_irq_disable+0x3b/0x150 [ 195.970687][ T6755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.970711][ T6755] ? clear_bhb_loop+0x40/0x90 [ 195.970738][ T6755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.970761][ T6755] RIP: 0033:0x7f976ba4c819 [ 195.970780][ T6755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.970799][ T6755] RSP: 002b:00007f9769ca6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.970821][ T6755] RAX: ffffffffffffffda RBX: 00007f976bcc5fa0 RCX: 00007f976ba4c819 [ 195.970837][ T6755] RDX: 0000000004044084 RSI: 00002000000017c0 RDI: 0000000000000005 [ 195.970850][ T6755] RBP: 00007f9769ca6090 R08: 0000000000000000 R09: 0000000000000000 [ 195.970863][ T6755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.970874][ T6755] R13: 00007f976bcc6038 R14: 00007f976bcc5fa0 R15: 00007fffc400e638 [ 195.970913][ T6755] [ 197.030492][ T6767] netlink: 'syz.3.293': attribute type 10 has an invalid length. [ 197.038787][ T6767] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.041661][ T6767] bond0: (slave team0): Enslaving as an active interface with an up link [ 197.911986][ T6769] program syz.1.294 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 199.697470][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 199.848104][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 199.988850][ T10] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 199.995058][ T10] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 199.995089][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.995110][ T10] usb 3-1: Product: syz [ 199.995126][ T10] usb 3-1: Manufacturer: syz [ 199.995140][ T10] usb 3-1: SerialNumber: syz [ 200.031742][ T10] usb 3-1: config 0 descriptor?? [ 200.170440][ T6803] program syz.3.310 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 200.834676][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 200.834734][ T10] usb 3-1: setting power ON [ 200.834755][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 200.971918][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 201.017831][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 201.017893][ T10] usb 3-1: media controller created [ 201.058534][ T6796] dvb-usb: bulk message failed: -22 (3/0) [ 201.058561][ T6796] dvb-usb: bulk message failed: -22 (3/0) [ 201.114939][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 201.171833][ T10] usb 3-1: selecting invalid altsetting 6 [ 201.171856][ T10] usb 3-1: digital interface selection failed (-22) [ 201.171872][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 201.172710][ T10] usb 3-1: setting power OFF [ 201.172732][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 201.172750][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 201.172762][ T10] (NULL device *): no alternate interface [ 201.305294][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 201.338072][ T10] usb 3-1: USB disconnect, device number 12 [ 202.463083][ T6837] program syz.1.324 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 203.702240][ T6847] loop6: detected capacity change from 0 to 7 [ 203.740323][ T6848] netlink: 'syz.0.328': attribute type 10 has an invalid length. [ 204.434776][ C1] blk_print_req_error: 5 callbacks suppressed [ 204.434795][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 204.434825][ C1] buffer_io_error: 5 callbacks suppressed [ 204.434836][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 204.436839][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 204.436882][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.347786][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.347824][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.355687][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.355730][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.355999][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.356030][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.356494][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.356525][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.356853][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.356885][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.356973][ T6847] ldm_validate_partition_table(): Disk read failed. [ 205.357189][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.357219][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.358542][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.358586][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.360419][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 205.360452][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.361322][ T6847] Dev loop6: unable to read RDB block 0 [ 205.362454][ T6847] loop6: unable to read partition table [ 205.362685][ T6847] loop6: partition table beyond EOD, truncated [ 205.362721][ T6847] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 205.467335][ T6855] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 207.358315][ T6869] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 208.247449][ T10] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 208.410389][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 208.411136][ T10] usb 5-1: not running at top speed; connect to a high speed hub [ 208.412765][ T10] usb 5-1: config 1 has an invalid interface number: 171 but max is 0 [ 208.412791][ T10] usb 5-1: config 1 has no interface number 0 [ 208.412838][ T10] usb 5-1: config 1 interface 171 altsetting 15 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 208.412867][ T10] usb 5-1: config 1 interface 171 has no altsetting 0 [ 208.417474][ T10] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=d0.5e [ 208.417499][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.417518][ T10] usb 5-1: Product: syz [ 208.417532][ T10] usb 5-1: Manufacturer: syz [ 208.417546][ T10] usb 5-1: SerialNumber: syz [ 208.702839][ T6873] loop5: detected capacity change from 0 to 7 [ 208.730385][ T6002] Dev loop5: unable to read RDB block 7 [ 208.730440][ T6002] loop5: unable to read partition table [ 208.730696][ T6002] loop5: partition table beyond EOD, truncated [ 208.802056][ T6873] Dev loop5: unable to read RDB block 7 [ 208.802234][ T6873] loop5: unable to read partition table [ 208.802481][ T6873] loop5: partition table beyond EOD, truncated [ 208.806190][ T6873] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 208.836495][ T10] usb 5-1: bad CDC descriptors [ 208.837705][ T10] cdc_acm 5-1:1.171: Zero length descriptor references [ 208.837751][ T10] cdc_acm 5-1:1.171: probe with driver cdc_acm failed with error -22 [ 208.925707][ T10] usb 5-1: USB disconnect, device number 7 [ 209.569048][ T5887] IPVS: starting estimator thread 0... [ 209.657930][ T6894] IPVS: using max 7 ests per chain, 16800 per kthread [ 209.847518][ T5887] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 210.007426][ T5887] usb 5-1: Using ep0 maxpacket: 8 [ 210.009792][ T5887] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 210.009818][ T5887] usb 5-1: config 179 has no interface number 0 [ 210.009865][ T5887] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 210.009893][ T5887] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 210.009920][ T5887] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 210.009943][ T5887] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 210.009971][ T5887] usb 5-1: config 179 interface 65 has no altsetting 0 [ 210.010005][ T5887] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 210.010028][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.337710][ T98] usb 5-1: USB disconnect, device number 8 [ 210.589659][ T5887] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 210.737411][ T5887] usb 2-1: Using ep0 maxpacket: 8 [ 210.740328][ T5887] usb 2-1: unable to get BOS descriptor or descriptor too short [ 210.741999][ T5887] usb 2-1: config 2 has an invalid interface number: 99 but max is 0 [ 210.742024][ T5887] usb 2-1: config 2 has no interface number 0 [ 210.742069][ T5887] usb 2-1: config 2 interface 99 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 210.742099][ T5887] usb 2-1: config 2 interface 99 altsetting 7 endpoint 0x2 has invalid wMaxPacketSize 0 [ 210.742122][ T5887] usb 2-1: config 2 interface 99 has no altsetting 0 [ 210.746199][ T5887] usb 2-1: New USB device found, idVendor=0000, idProduct=a300, bcdDevice= a.f3 [ 210.746229][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.746251][ T5887] usb 2-1: Product: syz [ 210.746266][ T5887] usb 2-1: Manufacturer: syz [ 210.746281][ T5887] usb 2-1: SerialNumber: syz [ 211.147346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 211.227347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 211.373054][ T6910] netlink: 'syz.2.346': attribute type 1 has an invalid length. [ 212.965948][ T6909] program syz.0.348 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.011380][ T5887] usb 2-1: USB disconnect, device number 7 [ 215.765865][ T6940] FAULT_INJECTION: forcing a failure. [ 215.765865][ T6940] name failslab, interval 1, probability 0, space 0, times 0 [ 215.765904][ T6940] CPU: 0 UID: 0 PID: 6940 Comm: syz.1.357 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 215.765935][ T6940] Tainted: [L]=SOFTLOCKUP [ 215.765943][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 215.765956][ T6940] Call Trace: [ 215.765965][ T6940] [ 215.765974][ T6940] dump_stack_lvl+0xe8/0x150 [ 215.766013][ T6940] should_fail_ex+0x46b/0x600 [ 215.766050][ T6940] should_failslab+0xa8/0x100 [ 215.766076][ T6940] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 215.766112][ T6940] ? __alloc_skb+0x1d0/0x7d0 [ 215.766148][ T6940] ? lockdep_hardirqs_on+0x7a/0x110 [ 215.766180][ T6940] __alloc_skb+0x1d0/0x7d0 [ 215.766206][ T6940] netlink_sendmsg+0x5d4/0xb40 [ 215.766250][ T6940] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.766286][ T6940] ? __fget_files+0x2a/0x420 [ 215.766320][ T6940] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 215.766355][ T6940] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.766390][ T6940] __sys_sendto+0x67f/0x710 [ 215.766420][ T6940] ? __pfx___sys_sendto+0x10/0x10 [ 215.766470][ T6940] ? ksys_write+0x248/0x270 [ 215.766506][ T6940] ? __pfx_ksys_write+0x10/0x10 [ 215.766546][ T6940] __x64_sys_sendto+0xde/0x100 [ 215.766580][ T6940] do_syscall_64+0x14d/0xf80 [ 215.766606][ T6940] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.766630][ T6940] ? clear_bhb_loop+0x40/0x90 [ 215.766657][ T6940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.766678][ T6940] RIP: 0033:0x7f976ba4c819 [ 215.766698][ T6940] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.766716][ T6940] RSP: 002b:00007f9769c85028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 215.766737][ T6940] RAX: ffffffffffffffda RBX: 00007f976bcc6090 RCX: 00007f976ba4c819 [ 215.766752][ T6940] RDX: 000000000000004c RSI: 0000200000000080 RDI: 0000000000000004 [ 215.766765][ T6940] RBP: 00007f9769c85090 R08: 0000000000000000 R09: 0000000000000000 [ 215.766777][ T6940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.766789][ T6940] R13: 00007f976bcc6128 R14: 00007f976bcc6090 R15: 00007fffc400e638 [ 215.766822][ T6940] [ 215.847855][ T6937] binder: 6935:6937 ioctl 4018620d 0 returned -22 [ 215.850044][ T6937] binder: 6935:6937 ioctl 4018620d 0 returned -22 [ 215.850210][ T6937] binder: 6935:6937 ioctl c0306201 0 returned -14 [ 216.756867][ T6946] loop6: detected capacity change from 0 to 7 [ 216.817334][ T6951] netlink: 'syz.0.360': attribute type 10 has an invalid length. [ 216.874091][ C0] blk_print_req_error: 5 callbacks suppressed [ 216.874112][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.874147][ C0] buffer_io_error: 5 callbacks suppressed [ 216.874160][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.886411][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.886454][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.893019][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.893068][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.893430][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.893462][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.893830][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.893862][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.894233][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.894265][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.894554][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.894585][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.894673][ T6946] ldm_validate_partition_table(): Disk read failed. [ 216.894911][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.894942][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.895301][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.895332][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.895618][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 216.895649][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.895993][ T6946] Dev loop6: unable to read RDB block 0 [ 216.897819][ T6946] loop6: unable to read partition table [ 216.898054][ T6946] loop6: partition table beyond EOD, truncated [ 216.898081][ T6946] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 217.155624][ T5806] Bluetooth: hci1: command 0x0406 tx timeout [ 217.155665][ T5806] Bluetooth: hci2: command 0x0406 tx timeout [ 217.155855][ T5806] Bluetooth: hci3: command 0x0406 tx timeout [ 217.155881][ T5806] Bluetooth: hci0: command 0x0406 tx timeout [ 217.755789][ T5114] Bluetooth: hci2: ACL packet for unknown connection handle 3707 [ 218.566182][ T6937] syz.3.358 (6937): drop_caches: 2 [ 218.939084][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 219.087477][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 219.091965][ T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 219.091997][ T10] usb 5-1: config 0 has no interface number 0 [ 219.095854][ T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 219.095887][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.095910][ T10] usb 5-1: Product: syz [ 219.095933][ T10] usb 5-1: Manufacturer: syz [ 219.095950][ T10] usb 5-1: SerialNumber: syz [ 219.171193][ T10] usb 5-1: config 0 descriptor?? [ 219.179387][ T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 219.436856][ T6976] program syz.3.370 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 219.513817][ T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 219.569121][ T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 219.692276][ T6972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.694098][ T6972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.078179][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 220.079118][ T98] usb 5-1: USB disconnect, device number 9 [ 220.170118][ T6982] loop6: detected capacity change from 0 to 7 [ 220.211558][ T6983] netlink: 'syz.1.372': attribute type 10 has an invalid length. [ 220.746968][ T6982] ldm_validate_partition_table(): Disk read failed. [ 220.785532][ T6982] Dev loop6: unable to read RDB block 0 [ 220.825236][ T6982] loop6: unable to read partition table [ 220.829390][ T6982] loop6: partition table beyond EOD, truncated [ 220.829508][ T6982] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 220.941143][ T98] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 220.954014][ T6983] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.956862][ T6983] bond0: (slave team0): Enslaving as an active interface with an up link [ 221.026467][ T98] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 221.041283][ T98] quatech2 5-1:0.51: device disconnected [ 221.083932][ T6989] FAULT_INJECTION: forcing a failure. [ 221.083932][ T6989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.083974][ T6989] CPU: 0 UID: 0 PID: 6989 Comm: syz.2.373 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 221.084005][ T6989] Tainted: [L]=SOFTLOCKUP [ 221.084012][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 221.084026][ T6989] Call Trace: [ 221.084035][ T6989] [ 221.084044][ T6989] dump_stack_lvl+0xe8/0x150 [ 221.084084][ T6989] should_fail_ex+0x46b/0x600 [ 221.084122][ T6989] _copy_from_user+0x2d/0xb0 [ 221.084145][ T6989] __x64_sys_epoll_ctl+0x128/0x1b0 [ 221.084180][ T6989] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 221.084223][ T6989] do_syscall_64+0x14d/0xf80 [ 221.084250][ T6989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.084273][ T6989] ? clear_bhb_loop+0x40/0x90 [ 221.084301][ T6989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.084324][ T6989] RIP: 0033:0x7f6df4aec819 [ 221.084344][ T6989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.084364][ T6989] RSP: 002b:00007f6df2d46028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 221.084388][ T6989] RAX: ffffffffffffffda RBX: 00007f6df4d65fa0 RCX: 00007f6df4aec819 [ 221.084403][ T6989] RDX: 0000000000000004 RSI: 0000000000000003 RDI: 0000000000000005 [ 221.084415][ T6989] RBP: 00007f6df2d46090 R08: 0000000000000000 R09: 0000000000000000 [ 221.084428][ T6989] R10: 0000200000000c40 R11: 0000000000000246 R12: 0000000000000001 [ 221.084442][ T6989] R13: 00007f6df4d66038 R14: 00007f6df4d65fa0 R15: 00007fff13cbf758 [ 221.084476][ T6989] [ 227.427311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 228.255712][ T7051] program syz.3.393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 229.333799][ T7058] FAULT_INJECTION: forcing a failure. [ 229.333799][ T7058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.333830][ T7058] CPU: 0 UID: 0 PID: 7058 Comm: syz.0.397 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 229.333852][ T7058] Tainted: [L]=SOFTLOCKUP [ 229.333858][ T7058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 229.333868][ T7058] Call Trace: [ 229.333873][ T7058] [ 229.333880][ T7058] dump_stack_lvl+0xe8/0x150 [ 229.333908][ T7058] should_fail_ex+0x46b/0x600 [ 229.333934][ T7058] _copy_from_user+0x2d/0xb0 [ 229.333951][ T7058] do_semtimedop+0x235/0x3a0 [ 229.333972][ T7058] ? __pfx_do_semtimedop+0x10/0x10 [ 229.334016][ T7058] ? __pfx_ksys_write+0x10/0x10 [ 229.334051][ T7058] do_syscall_64+0x14d/0xf80 [ 229.334069][ T7058] ? trace_irq_disable+0x3b/0x150 [ 229.334089][ T7058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.334105][ T7058] ? clear_bhb_loop+0x40/0x90 [ 229.334125][ T7058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.334140][ T7058] RIP: 0033:0x7fc87216c819 [ 229.334155][ T7058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.334169][ T7058] RSP: 002b:00007fc8703be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000041 [ 229.334185][ T7058] RAX: ffffffffffffffda RBX: 00007fc8723e5fa0 RCX: 00007fc87216c819 [ 229.334197][ T7058] RDX: 0000000000000001 RSI: 0000200000001480 RDI: 0000000000000000 [ 229.334207][ T7058] RBP: 00007fc8703be090 R08: 0000000000000000 R09: 0000000000000000 [ 229.334217][ T7058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.334226][ T7058] R13: 00007fc8723e6038 R14: 00007fc8723e5fa0 R15: 00007ffc1dc57158 [ 229.334251][ T7058] [ 229.777493][ T98] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 229.938512][ T98] usb 1-1: Using ep0 maxpacket: 8 [ 229.955565][ T98] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 229.984491][ T98] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 229.984524][ T98] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.984545][ T98] usb 1-1: Product: syz [ 229.984560][ T98] usb 1-1: Manufacturer: syz [ 229.984581][ T98] usb 1-1: SerialNumber: syz [ 230.012185][ T98] usb 1-1: config 0 descriptor?? [ 230.031445][ T98] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 230.031515][ T98] usb 1-1: setting power ON [ 230.031535][ T98] dvb-usb: bulk message failed: -22 (2/0) [ 230.551063][ T98] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 230.553263][ T98] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 230.553322][ T98] usb 1-1: media controller created [ 230.588343][ T7061] dvb-usb: bulk message failed: -22 (3/0) [ 230.588370][ T7061] dvb-usb: bulk message failed: -22 (3/0) [ 230.613580][ T98] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 230.735677][ T98] usb 1-1: selecting invalid altsetting 6 [ 230.735703][ T98] usb 1-1: digital interface selection failed (-22) [ 230.735719][ T98] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 230.739614][ T98] usb 1-1: setting power OFF [ 230.739639][ T98] dvb-usb: bulk message failed: -22 (2/0) [ 230.739657][ T98] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 230.739670][ T98] (NULL device *): no alternate interface [ 231.819397][ T98] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 231.870452][ T98] usb 1-1: USB disconnect, device number 11 [ 233.473079][ T7098] loop6: detected capacity change from 0 to 7 [ 233.528711][ T7100] netlink: 'syz.4.409': attribute type 10 has an invalid length. [ 233.627711][ C0] blk_print_req_error: 20 callbacks suppressed [ 233.627815][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 233.627898][ C0] buffer_io_error: 20 callbacks suppressed [ 233.627935][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 233.823987][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 233.824103][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 233.955517][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 233.955563][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.042498][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.043492][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.141033][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.141214][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.173492][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.173535][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.175507][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.175543][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.175652][ T7098] ldm_validate_partition_table(): Disk read failed. [ 234.188239][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.188279][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.208984][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.209019][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.287089][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 234.287131][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 234.287386][ T7098] Dev loop6: unable to read RDB block 0 [ 234.291667][ T7098] loop6: unable to read partition table [ 234.291900][ T7098] loop6: partition table beyond EOD, truncated [ 234.291934][ T7098] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 234.663130][ T5114] Bluetooth: hci3: ACL packet for unknown connection handle 3707 [ 234.897372][ T5989] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 235.287899][ T5989] usb 2-1: Using ep0 maxpacket: 8 [ 236.267837][ T5989] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 236.285048][ T5989] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 236.285082][ T5989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.285102][ T5989] usb 2-1: Product: syz [ 236.285114][ T5989] usb 2-1: Manufacturer: syz [ 236.285130][ T5989] usb 2-1: SerialNumber: syz [ 236.291662][ T5989] usb 2-1: config 0 descriptor?? [ 236.337930][ T5989] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 236.337999][ T5989] usb 2-1: setting power ON [ 236.338139][ T5989] dvb-usb: bulk message failed: -22 (2/0) [ 236.378979][ T5989] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 236.384961][ T5989] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 236.385029][ T5989] usb 2-1: media controller created [ 236.459817][ T5989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 236.507018][ T7109] dvb-usb: bulk message failed: -22 (3/0) [ 236.507048][ T7109] dvb-usb: bulk message failed: -22 (3/0) [ 236.573587][ T5989] usb 2-1: selecting invalid altsetting 6 [ 236.573610][ T5989] usb 2-1: digital interface selection failed (-22) [ 236.573633][ T5989] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 236.574371][ T5989] usb 2-1: setting power OFF [ 236.574391][ T5989] dvb-usb: bulk message failed: -22 (2/0) [ 236.574407][ T5989] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 236.574421][ T5989] (NULL device *): no alternate interface [ 236.987015][ T5989] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 236.995773][ T5989] usb 2-1: USB disconnect, device number 8 [ 237.347443][ T930] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 237.498428][ T930] usb 5-1: Using ep0 maxpacket: 8 [ 237.505289][ T930] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 237.505321][ T930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.505341][ T930] usb 5-1: Product: syz [ 237.505356][ T930] usb 5-1: Manufacturer: syz [ 237.505370][ T930] usb 5-1: SerialNumber: syz [ 237.546359][ T930] usb 5-1: config 0 descriptor?? [ 237.567957][ T930] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 238.175235][ T930] gspca_sonixj: reg_r err -32 [ 238.216003][ T930] sonixj 5-1:0.0: probe with driver sonixj failed with error -32 [ 240.603399][ T5989] usb 5-1: USB disconnect, device number 10 [ 240.819057][ T7159] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input17 [ 241.254577][ T7172] FAULT_INJECTION: forcing a failure. [ 241.254577][ T7172] name failslab, interval 1, probability 0, space 0, times 0 [ 241.254624][ T7172] CPU: 1 UID: 0 PID: 7172 Comm: syz.0.438 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 241.254694][ T7172] Tainted: [L]=SOFTLOCKUP [ 241.254703][ T7172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 241.254717][ T7172] Call Trace: [ 241.254726][ T7172] [ 241.254736][ T7172] dump_stack_lvl+0xe8/0x150 [ 241.254776][ T7172] should_fail_ex+0x46b/0x600 [ 241.254814][ T7172] should_failslab+0xa8/0x100 [ 241.254840][ T7172] __kmalloc_noprof+0xdf/0x7b0 [ 241.254860][ T7172] ? kfree+0x4d/0x6c0 [ 241.254891][ T7172] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 241.254928][ T7172] tomoyo_realpath_from_path+0xe3/0x5d0 [ 241.254970][ T7172] ? tomoyo_path_number_perm+0x219/0x630 [ 241.254996][ T7172] tomoyo_path_number_perm+0x246/0x630 [ 241.255025][ T7172] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 241.255053][ T7172] ? __lock_acquire+0x6b5/0x2cf0 [ 241.255113][ T7172] ? __fget_files+0x2a/0x420 [ 241.255148][ T7172] ? __fget_files+0x2a/0x420 [ 241.255177][ T7172] ? __fget_files+0x3a6/0x420 [ 241.255207][ T7172] ? __fget_files+0x2a/0x420 [ 241.255241][ T7172] security_file_ioctl+0xc3/0x2a0 [ 241.255270][ T7172] __se_sys_ioctl+0x47/0x170 [ 241.255297][ T7172] do_syscall_64+0x14d/0xf80 [ 241.255324][ T7172] ? trace_irq_disable+0x3b/0x150 [ 241.255352][ T7172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.255375][ T7172] ? clear_bhb_loop+0x40/0x90 [ 241.255403][ T7172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.255426][ T7172] RIP: 0033:0x7fc87216c819 [ 241.255447][ T7172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.255472][ T7172] RSP: 002b:00007fc8703be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 241.255497][ T7172] RAX: ffffffffffffffda RBX: 00007fc8723e5fa0 RCX: 00007fc87216c819 [ 241.255519][ T7172] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000004 [ 241.255534][ T7172] RBP: 00007fc8703be090 R08: 0000000000000000 R09: 0000000000000000 [ 241.255548][ T7172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.255560][ T7172] R13: 00007fc8723e6038 R14: 00007fc8723e5fa0 R15: 00007ffc1dc57158 [ 241.255596][ T7172] [ 241.278864][ T7172] ERROR: Out of memory at tomoyo_realpath_from_path. [ 241.932247][ T5114] Bluetooth: hci1: ACL packet for unknown connection handle 3707 [ 242.671133][ T5989] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 242.785139][ T7198] 9p: Bad value for 'source' [ 242.827389][ T5989] usb 5-1: Using ep0 maxpacket: 8 [ 242.839516][ T5989] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 242.839547][ T5989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.839656][ T5989] usb 5-1: Product: syz [ 242.839673][ T5989] usb 5-1: Manufacturer: syz [ 242.839687][ T5989] usb 5-1: SerialNumber: syz [ 242.909412][ T5989] usb 5-1: config 0 descriptor?? [ 242.920988][ T5989] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 243.359831][ T7207] netlink: 'syz.2.451': attribute type 1 has an invalid length. [ 243.444837][ T5989] gspca_sonixj: reg_w1 err -110 [ 243.449234][ T5989] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 243.826675][ T5114] Bluetooth: hci2: ACL packet for unknown connection handle 3707 [ 243.987234][ T7212] 9p: Bad value for 'rfdno' [ 244.009203][ T5114] Bluetooth: hci2: unexpected event for opcode 0x0c12 [ 245.318609][ T7235] loop6: detected capacity change from 0 to 7 [ 245.374281][ T7236] netlink: 'syz.2.462': attribute type 10 has an invalid length. [ 245.406775][ C0] blk_print_req_error: 5 callbacks suppressed [ 245.407138][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.429560][ C0] buffer_io_error: 5 callbacks suppressed [ 245.429886][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.472860][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.475315][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.579510][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.579631][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.671443][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.672087][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.703859][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.703994][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.709538][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.709653][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.939039][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.939156][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 245.940595][ T7235] ldm_validate_partition_table(): Disk read failed. [ 245.985084][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 245.985251][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 246.042705][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 246.042750][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 246.046335][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1 [ 246.046372][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 246.049375][ T7235] Dev loop6: unable to read RDB block 0 [ 246.053924][ T7235] loop6: unable to read partition table [ 246.054162][ T7235] loop6: partition table beyond EOD, truncated [ 246.054207][ T7235] loop_reread_partitions: partition scan of loop6 (-ý? %`{5 FLQk݊A) failed (rc=-5) [ 246.256626][ T5114] Bluetooth: hci4: ACL packet for unknown connection handle 3707 [ 246.309379][ T31] usb 5-1: USB disconnect, device number 11 [ 246.418709][ T7242] veth1: mtu less than device minimum [ 246.435092][ T7242] option changes via remount are deprecated (pid=7238 comm=syz.0.465) [ 246.447774][ T7242] netlink: 32 bytes leftover after parsing attributes in process `syz.0.465'. [ 246.500125][ T7246] netlink: 20 bytes leftover after parsing attributes in process `syz.0.465'. [ 248.287934][ T31] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 248.377808][ T7272] netlink: 'syz.4.478': attribute type 1 has an invalid length. [ 248.447443][ T31] usb 3-1: Using ep0 maxpacket: 8 [ 248.456315][ T31] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 248.456348][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.456368][ T31] usb 3-1: Product: syz [ 248.456489][ T31] usb 3-1: Manufacturer: syz [ 248.456505][ T31] usb 3-1: SerialNumber: syz [ 248.501330][ T31] usb 3-1: config 0 descriptor?? [ 248.523599][ T31] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 248.862888][ T7293] veth1: mtu less than device minimum [ 248.884728][ T7293] option changes via remount are deprecated (pid=7287 comm=syz.0.483) [ 248.887960][ T7293] netlink: 32 bytes leftover after parsing attributes in process `syz.0.483'. [ 248.940907][ T7296] netlink: 20 bytes leftover after parsing attributes in process `syz.0.483'. [ 248.947562][ T31] gspca_sonixj: reg_r err -32 [ 248.947633][ T31] sonixj 3-1:0.0: probe with driver sonixj failed with error -32 [ 250.676799][ T7319] FAULT_INJECTION: forcing a failure. [ 250.676799][ T7319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.676840][ T7319] CPU: 0 UID: 0 PID: 7319 Comm: syz.0.495 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 250.676870][ T7319] Tainted: [L]=SOFTLOCKUP [ 250.676878][ T7319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 250.676892][ T7319] Call Trace: [ 250.676908][ T7319] [ 250.676917][ T7319] dump_stack_lvl+0xe8/0x150 [ 250.676954][ T7319] should_fail_ex+0x46b/0x600 [ 250.676992][ T7319] _copy_from_user+0x2d/0xb0 [ 250.677015][ T7319] keyctl_dh_compute+0xd4/0x180 [ 250.677053][ T7319] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 250.677094][ T7319] ? do_raw_spin_lock+0x12b/0x2f0 [ 250.677131][ T7319] __se_sys_keyctl+0x44c/0x9e0 [ 250.677159][ T7319] ? __pfx___se_sys_keyctl+0x10/0x10 [ 250.677188][ T7319] ? lockdep_hardirqs_on+0x7a/0x110 [ 250.677215][ T7319] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 250.677241][ T7319] ? rt_mutex_slowunlock+0x1cb/0x300 [ 250.677273][ T7319] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 250.677318][ T7319] ? fput+0xa0/0xd0 [ 250.677345][ T7319] ? ksys_write+0x248/0x270 [ 250.677381][ T7319] ? __pfx_ksys_write+0x10/0x10 [ 250.677422][ T7319] ? __x64_sys_keyctl+0x20/0xc0 [ 250.677451][ T7319] do_syscall_64+0x14d/0xf80 [ 250.677477][ T7319] ? trace_irq_disable+0x3b/0x150 [ 250.677504][ T7319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.677527][ T7319] ? clear_bhb_loop+0x40/0x90 [ 250.677555][ T7319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.677577][ T7319] RIP: 0033:0x7fc87216c819 [ 250.677596][ T7319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 250.677615][ T7319] RSP: 002b:00007fc8703be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 250.677638][ T7319] RAX: ffffffffffffffda RBX: 00007fc8723e5fa0 RCX: 00007fc87216c819 [ 250.677655][ T7319] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000017 [ 250.677668][ T7319] RBP: 00007fc8703be090 R08: 0000200000000280 R09: 0000000000000000 [ 250.677682][ T7319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.677694][ T7319] R13: 00007fc8723e6038 R14: 00007fc8723e5fa0 R15: 00007ffc1dc57158 [ 250.677728][ T7319] [ 250.727398][ T5880] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 250.877433][ T5880] usb 4-1: Using ep0 maxpacket: 8 [ 250.891653][ T5880] usb 4-1: unable to get BOS descriptor or descriptor too short [ 250.894646][ T5809] usb 3-1: USB disconnect, device number 13 [ 250.906381][ T5880] usb 4-1: config 2 has an invalid interface number: 99 but max is 0 [ 250.906412][ T5880] usb 4-1: config 2 has no interface number 0 [ 250.906456][ T5880] usb 4-1: config 2 interface 99 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 250.906485][ T5880] usb 4-1: config 2 interface 99 altsetting 7 endpoint 0x2 has invalid wMaxPacketSize 0 [ 250.906520][ T5880] usb 4-1: config 2 interface 99 has no altsetting 0 [ 250.914332][ T5880] usb 4-1: New USB device found, idVendor=0000, idProduct=a300, bcdDevice= a.f3 [ 250.914364][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.914386][ T5880] usb 4-1: Product: syz [ 250.914402][ T5880] usb 4-1: Manufacturer: syz [ 250.914418][ T5880] usb 4-1: SerialNumber: syz [ 251.472497][ T7332] veth1: mtu less than device minimum [ 251.486264][ T7332] option changes via remount are deprecated (pid=7326 comm=syz.4.498) [ 251.498688][ T7332] netlink: 32 bytes leftover after parsing attributes in process `syz.4.498'. [ 251.551679][ T7331] netlink: 20 bytes leftover after parsing attributes in process `syz.4.498'. [ 253.807801][ T5880] usb 4-1: USB disconnect, device number 12 [ 253.917509][ T31] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 254.067343][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 254.073078][ T31] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 254.075979][ T31] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 254.076010][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.076032][ T31] usb 2-1: Product: syz [ 254.076047][ T31] usb 2-1: Manufacturer: syz [ 254.076062][ T31] usb 2-1: SerialNumber: syz [ 254.126303][ T31] usb 2-1: config 0 descriptor?? [ 254.155051][ T31] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 254.155117][ T31] usb 2-1: setting power ON [ 254.155136][ T31] dvb-usb: bulk message failed: -22 (2/0) [ 254.182182][ T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 254.183429][ T31] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 254.183497][ T31] usb 2-1: media controller created [ 254.231175][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 254.265604][ T31] usb 2-1: selecting invalid altsetting 6 [ 254.265628][ T31] usb 2-1: digital interface selection failed (-22) [ 254.265644][ T31] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 254.266964][ T31] usb 2-1: setting power OFF [ 254.266985][ T31] dvb-usb: bulk message failed: -22 (2/0) [ 254.267004][ T31] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 254.267017][ T31] (NULL device *): no alternate interface [ 254.383975][ T7352] ------------[ cut here ]------------ [ 254.383989][ T7352] refcount_t: addition on 0; use-after-free. [ 254.384001][ T7352] WARNING: lib/refcount.c:25 at refcount_warn_saturate+0x9f/0x110, CPU#0: syz.1.506/7352 [ 254.384030][ T7352] Modules linked in: [ 254.384047][ T7352] CPU: 0 UID: 0 PID: 7352 Comm: syz.1.506 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 254.384069][ T7352] Tainted: [L]=SOFTLOCKUP [ 254.384075][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 254.384085][ T7352] RIP: 0010:refcount_warn_saturate+0x9f/0x110 [ 254.384102][ T7352] Code: eb 66 85 db 74 3e 83 fb 01 75 4c e8 bb d6 25 fd 48 8d 3d 84 01 d6 0a 67 48 0f b9 3a eb 4a e8 a8 d6 25 fd 48 8d 3d 81 01 d6 0a <67> 48 0f b9 3a eb 37 e8 95 d6 25 fd 48 8d 3d 7e 01 d6 0a 67 48 0f [ 254.384117][ T7352] RSP: 0018:ffffc9001ca9f6d8 EFLAGS: 00010283 [ 254.384130][ T7352] RAX: ffffffff849eaa68 RBX: 0000000000000002 RCX: 0000000000080000 [ 254.384142][ T7352] RDX: ffffc90006421000 RSI: 00000000000006c7 RDI: ffffffff8f74abf0 [ 254.384154][ T7352] RBP: 0000000000000000 R08: ffff888020331e80 R09: 0000000000000005 [ 254.384164][ T7352] R10: 0000000000000100 R11: 0000000000000004 R12: ffffffff8c04a688 [ 254.384175][ T7352] R13: dffffc0000000000 R14: ffff88803b531188 R15: dffffc0000000000 [ 254.384188][ T7352] FS: 00007f9769ca66c0(0000) GS:ffff888126332000(0000) knlGS:0000000000000000 [ 254.384203][ T7352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.384213][ T7352] CR2: 00007f6df4ab1d80 CR3: 00000000348d0000 CR4: 00000000003526f0 [ 254.384229][ T7352] Call Trace: [ 254.384235][ T7352] [ 254.384243][ T7352] kobject_get+0xfa/0x120 [ 254.384266][ T7352] i2c_get_adapter+0x6d/0xa0 [ 254.384284][ T7352] i2cdev_open+0x48/0x190 [ 254.384302][ T7352] chrdev_open+0x4d0/0x5f0 [ 254.384322][ T7352] ? __pfx_chrdev_open+0x10/0x10 [ 254.384341][ T7352] ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0 [ 254.384370][ T7352] ? __pfx_chrdev_open+0x10/0x10 [ 254.384387][ T7352] do_dentry_open+0x83d/0x13e0 [ 254.384416][ T7352] vfs_open+0x3b/0x350 [ 254.384436][ T7352] ? path_openat+0x2e2b/0x38a0 [ 254.384463][ T7352] path_openat+0x2e43/0x38a0 [ 254.384513][ T7352] ? __pfx_path_openat+0x10/0x10 [ 254.384540][ T7352] ? __lock_acquire+0x6b5/0x2cf0 [ 254.384558][ T7352] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 254.384589][ T7352] ? do_raw_spin_lock+0x12b/0x2f0 [ 254.384619][ T7352] do_file_open+0x23e/0x4a0 [ 254.384644][ T7352] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 254.384667][ T7352] ? __pfx_do_file_open+0x10/0x10 [ 254.384697][ T7352] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 254.384739][ T7352] ? alloc_fd+0x64e/0x6c0 [ 254.384769][ T7352] do_sys_openat2+0x113/0x200 [ 254.384789][ T7352] ? __se_sys_futex+0x3a8/0x450 [ 254.384806][ T7352] ? __pfx_do_sys_openat2+0x10/0x10 [ 254.384832][ T7352] ? rcu_is_watching+0x15/0xb0 [ 254.384854][ T7352] __x64_sys_openat+0x138/0x170 [ 254.384879][ T7352] do_syscall_64+0x14d/0xf80 [ 254.384897][ T7352] ? trace_irq_disable+0x3b/0x150 [ 254.384917][ T7352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.384963][ T7352] ? clear_bhb_loop+0x40/0x90 [ 254.384991][ T7352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.385015][ T7352] RIP: 0033:0x7f976ba0d04e [ 254.385035][ T7352] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 254.385054][ T7352] RSP: 002b:00007f9769ca5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 254.385081][ T7352] RAX: ffffffffffffffda RBX: 00007f9769ca66c0 RCX: 00007f976ba0d04e [ 254.385093][ T7352] RDX: 0000000000000402 RSI: 00007f9769ca5c00 RDI: ffffffffffffff9c [ 254.385105][ T7352] RBP: 00007f9769ca5c00 R08: 0000000000000000 R09: 0000000000000000 [ 254.385115][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 254.385125][ T7352] R13: 00007f976bcc6038 R14: 00007f976bcc5fa0 R15: 00007fffc400e638 [ 254.385151][ T7352] [ 254.385159][ T7352] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 254.385174][ T7352] CPU: 0 UID: 0 PID: 7352 Comm: syz.1.506 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 254.385195][ T7352] Tainted: [L]=SOFTLOCKUP [ 254.385201][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 254.385211][ T7352] Call Trace: [ 254.385217][ T7352] [ 254.385223][ T7352] vpanic+0x56c/0xa60 [ 254.385249][ T7352] ? __pfx__printk+0x10/0x10 [ 254.385267][ T7352] ? __pfx_vpanic+0x10/0x10 [ 254.385290][ T7352] ? is_bpf_text_address+0x292/0x2b0 [ 254.385314][ T7352] ? is_bpf_text_address+0x26/0x2b0 [ 254.385345][ T7352] panic+0xc5/0xd0 [ 254.385369][ T7352] ? __pfx_panic+0x10/0x10 [ 254.385406][ T7352] __warn+0x315/0x4f0 [ 254.385430][ T7352] ? refcount_warn_saturate+0x9f/0x110 [ 254.385448][ T7352] ? refcount_warn_saturate+0x9f/0x110 [ 254.385465][ T7352] __report_bug+0x29a/0x540 [ 254.385483][ T7352] ? rt_mutex_slowlock_block+0x56c/0x680 [ 254.385511][ T7352] ? refcount_warn_saturate+0x9f/0x110 [ 254.385527][ T7352] ? __pfx___report_bug+0x10/0x10 [ 254.385550][ T7352] ? rt_mutex_slowlock+0x420/0x7b0 [ 254.385576][ T7352] ? rt_mutex_slowlock+0x1fd/0x7b0 [ 254.385603][ T7352] report_bug_entry+0x19a/0x290 [ 254.385621][ T7352] ? refcount_warn_saturate+0x9f/0x110 [ 254.385636][ T7352] ? refcount_warn_saturate+0xa4/0x110 [ 254.385651][ T7352] handle_bug+0xce/0x200 [ 254.385674][ T7352] exc_invalid_op+0x1a/0x50 [ 254.385702][ T7352] asm_exc_invalid_op+0x1a/0x20 [ 254.385718][ T7352] RIP: 0010:refcount_warn_saturate+0x9f/0x110 [ 254.385734][ T7352] Code: eb 66 85 db 74 3e 83 fb 01 75 4c e8 bb d6 25 fd 48 8d 3d 84 01 d6 0a 67 48 0f b9 3a eb 4a e8 a8 d6 25 fd 48 8d 3d 81 01 d6 0a <67> 48 0f b9 3a eb 37 e8 95 d6 25 fd 48 8d 3d 7e 01 d6 0a 67 48 0f [ 254.385747][ T7352] RSP: 0018:ffffc9001ca9f6d8 EFLAGS: 00010283 [ 254.385761][ T7352] RAX: ffffffff849eaa68 RBX: 0000000000000002 RCX: 0000000000080000 [ 254.385772][ T7352] RDX: ffffc90006421000 RSI: 00000000000006c7 RDI: ffffffff8f74abf0 [ 254.385785][ T7352] RBP: 0000000000000000 R08: ffff888020331e80 R09: 0000000000000005 [ 254.385796][ T7352] R10: 0000000000000100 R11: 0000000000000004 R12: ffffffff8c04a688 [ 254.385807][ T7352] R13: dffffc0000000000 R14: ffff88803b531188 R15: dffffc0000000000 [ 254.385825][ T7352] ? refcount_warn_saturate+0x98/0x110 [ 254.385845][ T7352] ? refcount_warn_saturate+0x98/0x110 [ 254.385861][ T7352] kobject_get+0xfa/0x120 [ 254.385883][ T7352] i2c_get_adapter+0x6d/0xa0 [ 254.385935][ T7352] i2cdev_open+0x48/0x190 [ 254.385967][ T7352] chrdev_open+0x4d0/0x5f0 [ 254.385995][ T7352] ? __pfx_chrdev_open+0x10/0x10 [ 254.386021][ T7352] ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0 [ 254.386061][ T7352] ? __pfx_chrdev_open+0x10/0x10 [ 254.386078][ T7352] do_dentry_open+0x83d/0x13e0 [ 254.386131][ T7352] vfs_open+0x3b/0x350 [ 254.386158][ T7352] ? path_openat+0x2e2b/0x38a0 [ 254.386198][ T7352] path_openat+0x2e43/0x38a0 [ 254.386259][ T7352] ? __pfx_path_openat+0x10/0x10 [ 254.386285][ T7352] ? __lock_acquire+0x6b5/0x2cf0 [ 254.386303][ T7352] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 254.386335][ T7352] ? do_raw_spin_lock+0x12b/0x2f0 [ 254.386365][ T7352] do_file_open+0x23e/0x4a0 [ 254.386390][ T7352] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 254.386412][ T7352] ? __pfx_do_file_open+0x10/0x10 [ 254.386437][ T7352] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 254.386480][ T7352] ? alloc_fd+0x64e/0x6c0 [ 254.386509][ T7352] do_sys_openat2+0x113/0x200 [ 254.386530][ T7352] ? __se_sys_futex+0x3a8/0x450 [ 254.386548][ T7352] ? __pfx_do_sys_openat2+0x10/0x10 [ 254.386573][ T7352] ? rcu_is_watching+0x15/0xb0 [ 254.386595][ T7352] __x64_sys_openat+0x138/0x170 [ 254.386620][ T7352] do_syscall_64+0x14d/0xf80 [ 254.386638][ T7352] ? trace_irq_disable+0x3b/0x150 [ 254.386657][ T7352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.386674][ T7352] ? clear_bhb_loop+0x40/0x90 [ 254.386702][ T7352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.386718][ T7352] RIP: 0033:0x7f976ba0d04e [ 254.386732][ T7352] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 254.386746][ T7352] RSP: 002b:00007f9769ca5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 254.386763][ T7352] RAX: ffffffffffffffda RBX: 00007f9769ca66c0 RCX: 00007f976ba0d04e [ 254.386775][ T7352] RDX: 0000000000000402 RSI: 00007f9769ca5c00 RDI: ffffffffffffff9c [ 254.386786][ T7352] RBP: 00007f9769ca5c00 R08: 0000000000000000 R09: 0000000000000000 [ 254.386797][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 254.386807][ T7352] R13: 00007f976bcc6038 R14: 00007f976bcc5fa0 R15: 00007fffc400e638 [ 254.386833][ T7352] [ 254.387434][ T7352] Kernel Offset: disabled