last executing test programs: 2m37.531838453s ago: executing program 4 (id=21): r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000300000000002604fdffff02000016010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_xfrm(0x10, 0x3, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0) write(r3, &(0x7f0000000240)="94", 0x1) tee(r2, r6, 0x8f5, 0x100000000000000) write$cgroup_type(r6, &(0x7f0000000180), 0x9) write(r4, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r7}, 0x10) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x3e}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) timer_create(0x5, &(0x7f0000000300)={0x0, 0x36, 0x4, @thr={&(0x7f0000000180)="d2", &(0x7f00000002c0)="59f2b916bec06c6ff65a28dc0d815ef39620b4099f996f7c68365fc2d209bd40705505e9e27e11dbe1a5"}}, &(0x7f0000000380)) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000032c0), 0x40140, 0x0) ioctl$PTP_PEROUT_REQUEST(r8, 0x40043d14, 0x0) syz_usb_connect(0x3, 0x43, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x92, 0x91, 0x82, 0x40, 0x6f8, 0x300c, 0x3964, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x31, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x49, 0x0, 0x0, 0xe, 0x1, 0x0, 0x0, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, 'ic'}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x1ff, 0x7f, 0xd}, {0x6, 0x24, 0x1a, 0x401, 0x24}}]}}]}}]}}, 0x0) 2m30.747933653s ago: executing program 2 (id=31): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xf}}}, 0x50}}, 0x0) (fail_nth: 2) 2m30.708500347s ago: executing program 4 (id=32): r0 = socket$rds(0x15, 0x5, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000300)={0x20, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x8, 0x74, &(0x7f0000000680)={{0x12, 0x1, 0x140, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x5, 0xc0, 0xf, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "cf"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x4, 0x101, 0x3}, {0x6, 0x24, 0x1a, 0x1ff, 0x2}, [@obex={0x5, 0x24, 0x15, 0x6}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0x1, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xff, 0x6, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x3, 0x7, 0x4}}}}}}}]}}, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x1001}}, {0xb0, &(0x7f0000000900)=@string={0xb0, 0x3, "b2978ec46313ee03538ee2a0d5bbdb76a53a524a0349dd5b17255d66f3ddac51ef39f2fc6819c9da04a09a1cfbe8195e50e34b56cb5afb8b0ed21a39f437cda212bd093969181dcd0d14ec1d7c5044b4619a56c21d5b50bc45ee23d51447e7efcf550de2f194b5fdd18e96ff006a5aa8da812a6b460768ea7004871e2f21cfa338122e9fe0959121fdaea231b2f3ac6c2e7c1e532d4e934e5d1117d99aac6ffcfc692987e8feec2435221bef653e"}}]}) syz_usb_control_io$printer(r1, 0x0, &(0x7f00000004c0)={0x34, &(0x7f00000005c0)={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0}) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x70) sendmsg$rds(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@zcopy_cookie={0x10, 0x114, 0xc, 0x3}, @cswp={0x58, 0x114, 0x7, {{0x2b41, 0xd}, 0x0, 0x0, 0x4, 0x1, 0x8, 0x9, 0x2, 0x7}}], 0x68, 0x40041}, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000280)={0x14, &(0x7f0000000080)={0x40, 0xb, 0x25, {0x25, 0xd, "a87d7a1016a5fa0746e2253c6da425a3742f261f4caf93534654849e86ead01da34ed7"}}, &(0x7f0000000180)={0x0, 0x3, 0xb4, @string={0xb4, 0x3, "18db0edba253f1f0dd0942fbd871988df5a43bdf260469e1b13d4f355d5b19cb8974d1170a844a0cf26ff1df329c3a104da08f29d04d48a6449fabcad2ff058d71fe54c35e5384d53994cb558cd67107070c93ca76a2e1bba5997e144901ffae529bd9441c91eeb982fb8e2cd8cd19132d9be9cad93f9fde3332e8f92cd3a9bc34b487fb1f64b91192f911f08fb931d00633230f1933d26772a9d8e15ef40d92db11905eeb8a149ec505bd895426b7328fe2"}}, &(0x7f00000000c0)={0x0, 0x22, 0xe, {[@local=@item_4={0x3, 0x2, 0x0, "db7e42b4"}, @main=@item_012={0x2, 0x0, 0xa, "9fa6"}, @local=@item_012={0x0, 0x2, 0x9}, @local=@item_4={0x3, 0x2, 0x0, "43629ba8"}]}}, &(0x7f0000000240)={0x0, 0x21, 0x9, {0x9, 0x21, 0x7fff, 0x0, 0x1, {0x22, 0x27c}}}}, &(0x7f0000000640)={0x18, &(0x7f0000000340)={0x0, 0xe, 0x97, "5bd17f6a54e46fff4c693d6ed81cf5dd01b9503e19c813bf64be979142db383be2a050be41b76f770108dcc53cd227a24548fe169b48c9a467696e1f442b05fcb86b239318db946c461f950819c23e78cbdf74414f82b44ea28a2aaf971053e4cc1464f44b85a3028a10c2309ab7999b1ca8097ccc53bab7c406d616b90be8643888c6bbb7441b4de3ed80c103ff58383a459e5fbf8913"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000500)={0x20, 0x1, 0x59, "4c87ec884ddc95476dd6b5e88c3faffd8159ca100eb5d34016f7adc68c10327c3eb81875ebb7ed4c6c1c49a9c153cb638c67f9bf2057a1fc2038aaf4a36e5ea5924198d62e90d08aa32bcb653e3a00c829752f6ddf2af0b64f"}, &(0x7f0000000600)={0x20, 0x3, 0x1}}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={0xffffffffffffffff, 0x0, 0x3a, 0x0, &(0x7f0000000040)="c1dfb080cd21d308098e000081ac568186ddec28661225026c1c75213fd89fcb10c9054b0f01907039f2742c3313dd7fd22832f3d6af1a39f4c2", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7f000000}, 0x4c) 2m29.819577728s ago: executing program 2 (id=35): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x5, 0x80000000, 0x1, 0x0, [0x0], [0x0, 0xfffffffd, 0x0, 0xfffffffe], [0x8], [0xa, 0x0, 0x7]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2, r4], [0x88ffff, 0x800, 0x0, 0xfffffffe], [0x0, 0x0, 0x20008, 0x4], [0x6, 0x0, 0x200]}) (fail_nth: 2) 2m28.441635839s ago: executing program 2 (id=36): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100005, 0x5, 0x5, 0x1}, 0x50) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file0\x00', 0x1000001, &(0x7f0000000780)=ANY=[@ANYBLOB="00d77fbe9e57a434f929f74bee5a910c10f9cecfc3ead3b77b247312d0ad8ba2674f257f47c684e0aec5cb300973a5028bd4f70eef4b274a5c38fec4079e5f43b598a9e97e460422eae305e57a885fa6957858a8b0377854b8190607303abd6aee330a8caac51797b7a15b53acc98e0d526b12f36eb277aead8d55f85523364369522d5f49efa95367a99d00d2c3049e41e7d9ffffffd7a5af9bb021ff2474356bb2c975e3e8f87f1064a983db4d47057c94053fbf53a474536fe59f83bfc1843bd6449160b0c4842dbbeef31ac9bd265bf70f693c8c0c0b783b82271433a5d3d3bcd4c7f801004830262a3c414bfb000000000000000410239dd2f2bbc049000000000028f16a210101000000000092675a0b4430360148a763030694149b66a254a61956fb1b6bcd6cfc49f4f84694e73ed9c4b4d6b47fc89f36d8e5fd41d863a5bdb87562aa6e346b0b210786e00300000020870ccd9657e2d7639d2d2bc46706950fc40406f22ac773d5043bddfe88faba3a973a67a0a8c64c95ba285267c76a7a31636f1e09ea085c771b3aae335b25fcb6b11358349c0f04abad13df1d0a2f732b059707f13b539692c4fc930ccae68178bd95cfea76185a8146ff5521b2d65edb3f89f2fd4112fa45eaaee3ad02b5f2ff9c85453a6af8f4a408bc729aec69f33404b61ad21da92b8c813ca3de184e899a596543ca6d9be9f93840870ccda17746cd6461ad770ab337102b891bcd84c1596a60db767d62f38f12b17636d1478ccb6dc3bf80474432a6123cdaf8a02bc6ac95c722c79aae41084a61bdc51f288b399f9898b1d302e48efd6bde23391c1867f9ae6c744f28ebe7027e1bc4e07a606691ccb47fe3ef3aa065b459734209ebacefaab29152ff79d6ed6b9bc9c638eab2c1a712053b50b19f7fab000000000000df821c1f071af464fbc301e8282fd80dd61a80920b738a1c99fb4352a73c9e411b038d31ccf463a2d7edc5c339744e0f5052f275809bdba24f2a82b9f49101ed541031052095536b302f6ce49714d02563d5e1c80507c988489a64e870e3c05beab9c57ba463e75365cf405cb72e6d078bae8621000000000000000be1f7aa9619e108fbc27e013e105a6835f203b1e593cda72a29e07ce9d3059c6488197b8a41d4989cb6981a5c83feb86347e975"], 0x1, 0xf01, &(0x7f0000002d40)="$eJzs3U9oHNf9APA3q3+2pVirJL9flKSx1aSpE7eVXdmH9FQHTAshhFx6T3CsxFRJTZ0eEmIs9+RCDykhl5QeUpJbwT0UmlAooVDonxx67im0l5bigiGXGqwtkt9brZ413dVImtVqPx/46unNG833O16xnjfafRuAodVY+3r69GwRwrsfv3P221dWfr267Wh7j7m1r0XsNUMIYx39IjveZ3HD7ZtvnVttV7K2CAtrX9N4eO5G+2cnQwjLYS58Eprh6PHm59dGnl388L1Pj12++Mwru3T6AAAwVK7/aemvT/7jj1+duXX9yJkw0d6ers+bsT8Zr/tPxuv7dN3fCBv7RUd0Gs/2G4nRyPYbyfYbzfKMluQby44zVrLfeJd8Ix3bNjtPAAAAGESNOMdthqIx3zHPbYZGY37+zrx/1WfT48X8axeWFi/1sVgAAACgks+vrL3oVgghhBBiiONWq9Xqdw1CCCHE7kZrut93IAAAAIBhk9YdaK8PllvOVxbYnvbRmr3lv/F0Y/Ofhx1Q9++//IOV/4OrnnEAAKhuv15NpvNK19FpHYN8HcGR7Oe2ev3fyI4zusU6y9YVHJT1BsvqzP9d96qy+rf6OPZLWf35eph7VVn9+Tqde1VZ/RM111FVWf0Haq6jqrL6D9ZcR1Vl9R+quY6qyuqfrLmOqsrqn6q5jqrK6r+n5jqqKqv/cM11VFVW/6C8rLas/mbNdVRVVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXfX3Md/fJIbNO/w5FsvHP+nM/pBmWOBwAAAMPuP31b/++bfV/7YNhi7W/Ce6AOIYTY9Vg1twfqEEIIsUnEFcj6XofYwbi6B2oQPcSVft58AAAAAPaE9L6A9K73VpTGR7qMj3YZH+syPt5lfKLLOAAAABDCb64tPvh2sf4+/+2uh5fWjUrrL211HaN8PcKt5t/uumfbzT8o65YBAAAwXIpvfbJy/Oz7r8/cun7kTMfsdyXOd9M6oKPx3sBHsZ9eFzCV9Ys0hz6zMU+jZL/8/sA9Zcd7fpsnCgAAAEMszd+boWjMd8y7m6HRmJ9fn4/PhrFi8cLS+ZOxnz6f5Q/TYxOr279ec90AAABA79bn+5vP/9Pn+M6G8WL+tQtLi5fu9Kfa28canfcFpte3F533BZrZ9oWS7adiP31+5yvTB9e2z5/73tJLO33yAAAAMCQuvfHmd19cWjr/fd/4xje+aX/T72cmAABgp33493f+/INTU7+98/7/9fXv0vv/52K/Gdf2+0vcIb1OIL0P4K7367+wMc902X4XN+7XzPYbiTGR1X2g4zihY73B9HMzG/oj6/s2Nx5nvCTfZJZvKsuXr1Mwmu2fzu9wtj1fnzDtN51tz9dhHM1yFFn+RwMAAACUO/H6qxdPXHrjza9dePXFl8+/fP61UycXvrHw1MLC6YUTa6/rP9H56n4AAABgEK2/6LfflQAAAAAAAAAAAAAAAAAAAMDwquPjxPp9jgAAADDs/n0lhLAshBBC1Bdrn3G6B+oQQgghxODHhOuKnqPVyj9pHgAAAGB33b751rnYXt10h+ViR/O1j9YM4UDH9pVYx+8f/9njq5G233h64/2SQztaDcOu4/f/3KY77PDvv/yDlf+Dqzubv/2c17zTpOe98ue/xsYDnKmW98s/+ecTnfkfGu0xf37+z1fLfyzLfyz0lr/1fpb/hWr5n8jyH+ox/13nf7Fa/idj/tlUz2O95t/4+E/ENp3HwR7zH8/O/6XQa/7s/Js9Jsx8JeYHgGHU6HcBuyRdJaTr6MnYT+cbLzdD/uqHrV7/N7LjjG678o3HTddBD8R+ul6ayvImW61/MjvePRXrzA3Kq0rK6t+px3G3ldU/VnMdVZXVP15zHVWV1T9Rcx1VldV/oOY6qiqrv9d5aL+V1T8o95XL6p+suY6qyuqfqrmOqsrq3+r/4/1SVv/hmuuoqqz+6ZrrqKqs/oq31WpXVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXff/emQbkk2pKHY1s2H07zz+k4lvrNrD+xyb/lfr23AAAAAIPmX9b/E0IIIYQQQggh9n20Wv2+A0E/7e67mQHYqzz/DzeP/3Dz+A83jz//S3oNf5H1k5Eu46Ndxse6jI9n4/nv60SX8fuy47aiNH5/l/H/6zJ+uMv4A13GZ7uMP9hl/KEu4w93GQcAAGA4/H9szQ8BAABg/7r8i49+/KtjL9ycuXX9yJkwfte68ydjfyL+bf1a7Ofr3idj8W/+P4z9n8f2d7H9W7a/158AAADA7kufE+Pv/wAAALB/pc8pNf8HAACA/Wsmtub/AAAAsH/dG1vzfwAAANjHigObb45tui/waGx7XdcPANj7vhDbR2J7JLZHY/vF2KbrgMdi+6Wa6gMAds5Pv/Ojp94u1tf7P5WN347bU3uX5Tt3CorGxpX8D8b2UGwf77Ge/PMAes2fHO4xz27ln95mfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg/2isfT19erYI4d2P3zk7ffnsy6vbjrb3mFv7WsReM4Qw1v65NLre/2Xc8fbNt86ttiuxbcW2CAuhCEV7PDx3o51pMoSwHObCJ6EZjh5vfn5t5NnFD9/79Njli8+8sov/BAAAALDv/TcAAP//vcAp6A==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 2m25.474953307s ago: executing program 4 (id=41): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x106f) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r4, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) io_destroy(r4) fcntl$setstatus(r1, 0x4, 0x42800) read$FUSE(r0, &(0x7f00000011c0)={0x2020}, 0x2020) 2m25.401757704s ago: executing program 2 (id=42): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x21a501b, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4}, 0x50) mount$bind(&(0x7f0000000540)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0x8) 2m24.365515428s ago: executing program 4 (id=43): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x21a501b, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000540)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0x8) (fail_nth: 2) 2m23.399530425s ago: executing program 2 (id=45): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4010, &(0x7f0000000200)=ANY=[], 0xfe, 0x4db, &(0x7f0000000640)="$eJzs20tsG9UXx/Hf8Tiu46b/f/ogbVHVRgKJ0NI2j5K2ChL0QQSiL9IGRMVDoXFKaB5VnEJTtbRLYMeiS5ZsWLBghdiiSiwRC1SEukAq3bDxirID3fGMZ+wmsd0ktkO+H0TvzPjYufccz8y9li0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdfflId481uhcAAKCeTp0d6u7j/g8AwJpyjvU/AADAWmLy9JtMey/l7aS/X5A+MT515erw8cH5n9ZqMiXk+fHu/3RPb9+B5/sPHgrbxZ+/3Lbr9NlzRzqPTU9ensnmctnRzuGp8QvTo9mqX2Gpzy+3209A5+SlK6NjY7nO3n19JQ9fbX+wbn1H+0D/O8dSYezw8cHBs7GYZMtj//VHLDTDT8nTszJ9+N03dkpSQkvPRYX3zkpr9Qex2x/E8PFBfyAT4yNTs+5BSwRRidKcpMIc1aEWS5KQXL8stTxrthZ5+l6mo/vzdlqSF+Zhj//BcFX9aYSkW7pK6tIqqFkTWydP78l0Z3+7zgR59eufkq43unNYccng/J+2vL3uXw/c+eQumyfe6Hx1amw6FmuJ4IxqqvtDzSd567L82Wo1+bUpLU+n/TM+b0Pa1ejuoM5a5WlSptQXH/nzCvnz0v8PHNy563B8hrG1wuu42H3ByVXNPbklmDpYwv23/ONCddLm6Q+ZHv6a9ve7oivqLVtw1SDp9zp1ECvLPE3I9PeNvFnZutSLre+LmureX7PWFe5/a/rY9OW5mfGLH8zO+3gmfeT93OzMyIX5Hy6sXb34kUrr2HKJ2pZkGSus+D79OF98XrAG2FDYi3rz1fXovdBV1obi759qtqtexdYwj3J9MvN0X6axd7cV7jPK1JybtcDVf1CmXP4nCysd1D9Z2IvV/4Uof2krbYv82v6v8LlWOJfYfn7LQsdXov6uT67+b8l09K9twWcahfp7ZbEurkOmt2/vCOISKReXDIdTeMWx8Ylst4v9R6ZNP4ax8mMzQezmKLbHxeZk+uxOaez6IHZLFNvrYu/KdO+X+WOfiGL7XOycq9e9zjA242J3BrEdUey+C9MTowulM0ybq3+vTG/efMXCMS9Y/9j5f6usLXqk5otvL1f922PHbgV1PR/UP1mh/p/LNPfnjnDcfu7D/Gz0/43q7+bK394ujQ0XlJui2J5qh9Vorv4bZXrw4t3imIOxBbtRheL1fzJZ2hbzupT6JxfpaIX6b4wdaw/6lXqMfKw1ublrl0YmJrIzbJRtfL1BaoJusFH7xpnm6Mbq3mj0lQn14O7/Q+6u3u9ZOI8J7v9thb1oxvTwk+j+PyC9FLSlGjT/2xQ7NhDMWlqSUnp28nLLVimdm7u2d3xy5GL2Ynaq70B/d+/hA919h1pS4eQu2qolfaueq/8emW788HNxHVM6/5t//p8pa4saVP/N8TGVzGuqTsWa5OrfJlP//bvF9eZi8/9w/d/1VGlbPP8aVP8tsWPtQb/aaswFAAAAAAAAAAAAAAAAAKwmGfP0tExXh56z8DdE1Xz/b7SsLSr5ntdrwWss6ftfhR8mV/j+V0fs2GidftdQfZYBAAAAAAAAAADqJyFPX8r0jPJ20x1ok07GW/yn/RsAAP//ywhE8A==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="fb", 0x1}], 0x1, 0xe7f, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$F2FS_IOC_GET_FEATURES(r2, 0x8004f50c, &(0x7f0000000000)) pwrite64(r0, &(0x7f0000000140)='Q', 0x1, 0x200980) 2m23.305409998s ago: executing program 4 (id=46): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x10, 0x3, 0x0) pipe2(&(0x7f00000003c0), 0x0) mkdir(&(0x7f0000000380)='./file1\x00', 0xa) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {0x7}}, './file1\x00'}) (fail_nth: 2) 2m22.89083341s ago: executing program 2 (id=47): r0 = syz_io_uring_setup(0x116, &(0x7f0000000100)={0x0, 0xf5a, 0x2, 0x0, 0xf3}, &(0x7f0000000000), &(0x7f00000000c0)) io_uring_enter(r0, 0xf3, 0x80ffff, 0x49, 0x0, 0x40) 2m18.921982256s ago: executing program 32 (id=47): r0 = syz_io_uring_setup(0x116, &(0x7f0000000100)={0x0, 0xf5a, 0x2, 0x0, 0xf3}, &(0x7f0000000000), &(0x7f00000000c0)) io_uring_enter(r0, 0xf3, 0x80ffff, 0x49, 0x0, 0x40) 2m18.159737026s ago: executing program 4 (id=52): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x20, 0x0, 0x2, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (fail_nth: 2) 2m18.159469333s ago: executing program 33 (id=52): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x20, 0x0, 0x2, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (fail_nth: 2) 45.700184927s ago: executing program 1 (id=208): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) r4 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) openat(0xffffffffffffff9c, &(0x7f0000002000)='./file1\x00', 0x42, 0x1ff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)) landlock_restrict_self(r4, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 43.715096936s ago: executing program 1 (id=213): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f00000002c0)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@usrjquota}, {@acl}, {@grpjquota}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") (async) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) fstatfs(r0, &(0x7f0000000100)=""/96) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r1, 0x400, 0x1) (async, rerun: 64) syz_usb_connect$cdc_ecm(0x2, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024700010100800309040007ff02020000052406000005240000000d240f010000000000000000000424130903240702042413"], 0x0) (async, rerun: 64) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 42.351796779s ago: executing program 1 (id=217): r0 = openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x20000, 0x12) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x100, 0x0) fstatfs(r0, &(0x7f0000000080)=""/228) r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x20002000}) write$binfmt_register(r2, &(0x7f0000000500)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, '[p!!]-+', 0x3a, '\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3a, './file0', 0x3a, [0x4f]}, 0x3d) 41.496216794s ago: executing program 1 (id=219): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) unshare(0x20000400) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1f1090, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000202505a1a4400000000101090248000101002000090400000302020000052412"], 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x121f408, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000151401"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r2, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) getsockname$inet(r2, 0x0, &(0x7f0000001240)) r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x686c, 0x101000) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0485510, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="620fc4ff00000000711087000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x94) 40.287950609s ago: executing program 0 (id=221): ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(0xffffffffffffffff, 0x400c4152, &(0x7f0000001640)={0x0, &(0x7f0000001600)=[&(0x7f0000000200)="94176f1dbafb32423c8ebb611c0a631ce9b73d59e7c9ddd34a82a18cc86a6afaa6c1275e06fab2515cab19ebc7b00147abfd7171b449d4f9101740902c68ba9a597d93b338588a1f5ffba1384f47aee448dec766dcf6b25f2f9c44beb0c7603a6f14544483351cda159900eb454de908d49b048da8df6966edbc833f9ddab10f82a644f5a1e6bbdb5dee7ca51dbb60ff5d78a186434054a38507b3151b25ab7c0931f850d3a8e11feaa94642bddbf204e99c4a4998e5da49ec2b4fdcbb718885ab63a8a71710f87c39f4eec57c78d34a00a933b0b16ffb97fff774305f7ef053ac25df88eb9494925a27ed64d960637020a4f5bab038ebc7f94f7af067604794502cc2778efdc3bf69"], 0x4}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x80a0000, 0xdddd1000, 0xa, 0x0, 0x8, 0x8, 0x1, 0x2, 0x0, 0x4, 0x9, 0x10}, {0x8080000, 0x0, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xe, 0x7, 0x0, 0xfb}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0x8}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0xfffffffffffffffa, 0xd]}) (fail_nth: 1) 37.764075321s ago: executing program 0 (id=225): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0xfffffffffffffed8, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/12, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0) r1 = io_uring_setup(0x6dde, &(0x7f00000002c0)={0x0, 0xd612, 0x1, 0x0, 0x28b}) write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0xfffffffffffffffe, 0x0, {{0x0, 0xfffffffffffe}}}, 0x28) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xffffffff00000000}], &(0x7f0000000100), 0x7}, 0x20) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000880)={0x34, 0x9, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_ADT={0x4}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x10000004}, 0x80) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x2}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) recvmsg$can_bcm(r3, &(0x7f0000000780)={&(0x7f0000000400)=@xdp, 0x80, &(0x7f0000000640)=[{&(0x7f0000000340)=""/33, 0x21}, {&(0x7f0000000480)=""/191, 0xbf}, {&(0x7f0000000580)=""/95, 0x5f}, {&(0x7f0000000600)=""/13, 0xd}], 0x4, &(0x7f0000000680)=""/199, 0xc7}, 0x60) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x6}}, @NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}}, @NFT_MSG_DELTABLE={0x3c, 0x2, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_USERDATA={0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0xc0}}, 0xc0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r6, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8844}, 0x2400c040) ioctl$TUNSETLINK(r2, 0x400454cd, 0x30a) 36.893830066s ago: executing program 1 (id=226): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000), 0x0) listen(r0, 0x2) setsockopt$inet_buf(r0, 0x0, 0x11, 0x0, 0x0) 36.086949401s ago: executing program 1 (id=230): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 2) 32.384041401s ago: executing program 34 (id=230): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 2) 32.333727007s ago: executing program 0 (id=232): socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x10) 31.732786486s ago: executing program 0 (id=236): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) unshare(0x20000400) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1f1090, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000202505a1a4400000000101090248000101002000090400000302020000052412"], 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x121f408, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000151401"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r2, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) getsockname$inet(r2, 0x0, &(0x7f0000001240)) 28.83722798s ago: executing program 0 (id=240): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000), 0x0) listen(r0, 0x2) setsockopt$inet_buf(r0, 0x0, 0x11, 0x0, 0x0) 27.53112479s ago: executing program 0 (id=244): prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc)) (fail_nth: 2) 24.864355461s ago: executing program 35 (id=244): prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc)) (fail_nth: 2) 6.720075101s ago: executing program 3 (id=280): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000340)) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000004c0)={0x0, 0x0, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)) 6.464780272s ago: executing program 5 (id=281): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net\x00') getdents64(r1, &(0x7f0000002580)=""/78, 0x98) 5.59617977s ago: executing program 6 (id=282): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$unix(r0, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e24}, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 5.198269167s ago: executing program 3 (id=283): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f00000003c0)) landlock_restrict_self(0xffffffffffffffff, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 5.055843392s ago: executing program 5 (id=284): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000700)={0x80, 0x3, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2006}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3}, @CTA_PROTOINFO={0x0, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x0, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_STATE, @CTA_PROTOINFO_SCTP_STATE={0x0, 0x1, 0x1}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x0, 0x2, 0x1, 0x0, 0xb65}]}}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x62f6}]}, @CTA_LABELS={0x14, 0x16, 0x1, 0x0, [0x7, 0x2, 0xffff, 0x96]}, @CTA_SYNPROXY={0x68, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xb}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x800}, @CTA_SYNPROXY_ITS={0x0, 0x2, 0x1, 0x0, 0xffff}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x4001811) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000280)=0x5, 0x4) sendmmsg$inet(r2, &(0x7f0000002080)=[{{&(0x7f00000012c0)={0x2, 0x4e22, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000000000007000000b9bad54068fa0ca19b5697195f40a15992b4fe1dabb62ea1c3a76f6091c426473cd17551408ddfe2a913eb912ca7c015790989a2efcea24c9c0b97203489a17925b7099f5328"], 0x10}}], 0x1, 0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000680)={0x80000000, 0x0}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={r4, 0x2}, 0xc) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) vmsplice(r1, &(0x7f0000000480)=[{&(0x7f00000002c0)="1704a8ca02f7c34429e33b320b614c3c7fef55cf812a1a40b5ba6287af99bb4ae902ed16c3eba8a0c6af05ad8f4f4ee4fd656403e5b4d03f988e5ea8d3bcfd8e1db253083c916f9dc6b5cbd17267db01a313c6fd45a1e25d2afd6f6a3d1d99897ee2d27133a86ba19c0a564efce7e2dc6e08152de0d88ffaaf45143b42d5397609760cc96cd57802c50d8d813add004cd2c8d199cd4c5491605df79b95d1bbe3340dcaad9bc78068c3ef1a68e6307d6aed4e23ade3f0ccf02140620ba7", 0xbd}, {&(0x7f0000000380)="41772fb612f5973533b53fc9788ace3d22bd8dd2a520f4cbb2c9fcfce2c6a2ffcf08ebaae87cfc76f7afe0e972ecb4c568c52f6f2b8985b93baa15bdf5c798c935a8d138ff7f2b22b5f9afc5712135c6f711dd15218bfa81c335291a1135c30d4c12d283092aaf185f2a6fd3", 0x6c}, {&(0x7f0000000400)="6f82177c0a4efa5c67d316843709fbee7e7d9379e967bd469e4e5f3c241ae4bae217be6487b8a2d1ddd58991586e98c079a43c1f703b5763a5de1aa9f9f8b334a9c918ddd8ff", 0x46}, {&(0x7f0000000500)="bf79b7ec839154da28dbfdf443abf99e481842bc0bfa843d7b9a0f0a9bfa597ebdd006bddb07fb3f629763335f99672363340eff1944efba1902412550432c7049037d9fae8b9145df35697dbd734c9cfca7854de8748f026ff0b8bb8b5783d982c7f58c2a33f39df1c9b09ed89a0a73805ef6fcbec38e942209ed7d3aeeb3aed2810c88afad1b8bbac1ba1fd383cfdc10a4cd1994fb33b83e0dbd43768fc6b5f44e443797df0dcf0d249d0df511eefb00f9518fdf065bd8173171db92beae6370553aa7ac5c5fe0e450680b04d2d709041e8110ff4b39c3784a6c92ce393b34aa", 0xe1}], 0x4, 0xc) sendto$inet6(r3, &(0x7f0000000240)=':', 0xfffffdfe, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c) sendto$inet6(r3, &(0x7f0000000040)='R', 0x1, 0x20000080, 0x0, 0x0) preadv2(r1, &(0x7f0000000280)=[{&(0x7f00000008c0)=""/211, 0xd3}], 0x1, 0x0, 0x0, 0x0) 4.34845336s ago: executing program 6 (id=285): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)="5202c6e3d6b12c56945090d6888c41", 0xf) listen(r0, 0x2) setsockopt$inet_buf(r0, 0x0, 0x11, 0x0, 0x0) 4.129076338s ago: executing program 5 (id=286): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x1, &(0x7f0000000300)=[{0x50, 0xff, 0x0, 0x6}]}) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000700)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r3, 0x40047211, &(0x7f00000000c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYRES32=r0, @ANYBLOB="f2721512ae7b7a4dc2945f7636a0f635f9b12fcefdc856dd7a597794cf066de501d124afc634d72a25969442255cb909ad5956c9ba832f81e9975dfcee9fba20207b5e833f6982b9f5fd1a497857512d132c6301329827bf323506390d9aa498596d8e6e58fbdf2ef4c8ac5cc44a6a2587e46f8d6c3657fbf744022434e0164fba1fdb9aa7e6070c544d8f500084bd60d65703fccdd3214a4541d8e57ccb13345ebd5b95ed88185f6c92c73a91029bac12aac6ea2378ced38edee5fcba26aed2cf3165588913d0333361df2c9999fade46fcb411d49145d87b39e19bbb113e1802c9e4bc850bff6de76799970541dd8b4d5967d1df36c7b485810bf14ad967d8a304ff9e49d19b2b4fb135939549123a90ba373ada3bcd2e7153ffd0a2f101c1a8282ed362f9e4e2962f2a3edac27fb71921c30b52100b8c54ce6ff75c831583794c6a1ce94331ecf9f01a25466491ea1fe7a644546eb4bc4239ceb53c0ffe2706eb59250e2c7cdcee265cf58d8d2379408c6a0e87d523069d488a4ab34d3696e940b1afcbdb4eaf66f85c6331a7b93630cce2046124b3aa682a659f19ba661207c9ab35ab868bd315ffaaf4cee6f73fabcc460af09b645816d315add62b6b189c30ef3ec51d5c25ad7867ed3768fac2b6f1403d52464d9960d1259756e8bf5bbfb1aa142c307afdabdb54d8382591e1cb30e6bccb79cd2bec6d85e48ffe986a41459ffce57b843c6af5008cd2041baa9bd3491997fa912775128adafb35762b0bf4d08f5c771ac5a22ab28549df6492136d487c4b45ce1362345420ed5a53df1fd5172ee46b914dd0a7014c2f7222ca5d32e509cb8c7299a943781f4743ca835c35fa55c0cfbb7650a2af04563344f8d935b957ee650af63666bb2bfcfb72244b653b31425eff499c328ab0a76c57e4f03f096b33fb5d3846c4f54b03ecc7dab28f4f226de3dea9a78374ddf66be7793e6bcaddcdd245be091c38b78e727e51ad3a3b9f05cfca5920c230d9f74150f2fc0bbe5c751d19546aaf9c9bcd4db7b5e2918ce7235952a2e6ef22251c144895b3c3ad77e84d7bc03e83c1d1a34b59ef9f26c6d445e3d839beb3a717e62aaaaa14082fc375b44f121a50f1bbb380d7eadb012bd22c672ec489543e2473f613bc28bf06a421a14f95ff83c56e9788f8665bf829ce884ab3b67afccc5a61cbe6a13886a7f665ac2017cedb994c25964ac5cf5cd12fda66b8c14aded60e695a7d5a3e9370d5908dfe2cca4f7351f657f4ec2108081c50d247a02661a496ed7cb28c450f718e424deb54170c29e734bcefd1315a5bf3af64e7562861e93baf94d6e7c258d3a49122a021e27638b1ecf593ed659890d90a49af33e56512c644b2ecbfdd1848c27529d567a1ab0ce3272ed83932aeba8a37c3cc804dc613cd428784e781c596ed0cd703bbcc4c8e3cdf8326505e5ef859fe742090bfe9788fb89b8b05bce630b670a93bee0dd3607d43524346da0446f5e1d2dafc8a813d2923ae438edc1b3e7d187a018e96aeec950c3252d36ed3d432d59b9ffb71535cfd942869c39742b4f54755769f2300e15b58f93528e6d7838c72e9e88b0ccf686b514041e6981876682a6c8e2dd3d5b8d243df86884e0e22cd4caa53a0577cd5bc315be9085a698453611ee6aad57a8192f1415bd2615c3e55f9d49abbfc1858595a56864d031763267f21fe909aa180317e7918321dbcad93734d98f1c3927b8fe431ed6c221fef7f3e1440e59aa0910ec2b7d63725194a8a20747272992c5bb34f7e12c8793c1aee8594fb1344421116ba0a623676d1e803d1ea81ab3e412985a7c7fc65bb293cc52b43322aadf8a0070137ed393ff78536853a035bb13dac58bf934540529860bc13fb2744ac271c0b76db64261f690361d76b1ce87eb8d409a954c805961c4bbd7f515cde7e32240049ed1809ea5d17f9d8208e3453ca18c88603a34a30169bf941c2fb02dbfe8a1cec282a1ce8c3eaa2d05830178212f92cc8579cae4854b3436e9c3f52231ceb6c4529c2450084370c9e15d561a7a1d5e25dd7e393580953a3021aeb699796657ef0a51c56aad5463e8d37e2486f70afe98cfcd356c68e913e217279624136e371e6d81d0e742b3b405186b566463e377f8b75431b4696a78dd80bc98a7fc31390703f504322d52fc9536deb23742e7ec0ab90f2248e4a767926720b632177f2157a3ab461fe4c02460fdb77178fbfbfe5b9edf6cb5287b9fa605ba1a506be20d48697cd78ee0d22987fe07b750bc0f55f93fac2e6ebb6560f39da26e9340cf4b48cd0a527648f754931a0e21bc7f7c1dd9bd4f3d4ef1b1487a3140f9b08b3485b1ac94a7e4f770b7ccb1bbf86841927aecb30b607372641031dd1e7c6c56fa8055f1a2a0a811c8689df0d97b1a67f1a7f94aeed5987b4797f6214b4f86189fc2edb92ffc96bdc96c58ceaa5f8380001b6be318cb46e203e71aa1b65b61e2843f2c912852164e95bdde87412d1df16f314ccd0e07878f97f9c5f37308ae1c8d028c1e647a57884eca16172c7c5a3d71c6ee6f68d545a86fbafea51fe85c4f560fd3ac3c310e03cdee9c6be63cef69c06d64767a6d781eecb415b4fc011b821ce819c8f251ce49c12d96fd3cd3bd162717053985f47b409fba82c7bf3c0b71dd6af6af63039b7d3b928f9ba86642a5d919b7b89356051a155a18c63ca8f1467fec314890d32cb745199c1a66fc0d9b50c08ef60099c17af331f78f35f6bada1259e893057d6703b88186e3ab9657f9a78525a2820c127ccd905da3beb16e3cb7f636dadb8d7b79ead519ff04907c37a5182327fdd30df07d5d78788ed81f6c31deedee94d747859c30ecadb32e7c917550b4966c1cd76172cca7a28c735eecb83383e8f15e1fcb0051db13498d82cb6aa2d00a47a9faecc28eebc4ddc5e5c08550d13034c3729a1c588e7cd9a6df674dfecf90d1a899e717aff5c4021a405d90eedaf64761b03bc2e1cc710b60750efa059f6e0ab6cb28c2aeae5395d4cffe5f2e1b0a3dc821ce4d24e15179f68ef36de823f5c1bbf842d4de09a051ea8dc1d730cd630eb34ac54e7647c047a5a4ed34db8b10b5460ba856fb2f4634b767efa89929fbdd8f8a93a47b3fff3686b2ca200b9984c16428cc74ac2f39423ed72744f0522ff4f84519c150aa6bc57b20da5a81b376081a7f2cb265165af8c51bb0cd66c4c7dfd2ca8eb84a1f3460e719b1e72e91f95f0859bba5ce0e0b1a2f856711db426747143e9fda00cd712d96db5084b18e72be89d9575306832662dfa6128e586c0006de67c4592b4d96245155f5ebe143ea0b7bb57671370a44c83b8953966a8ff7e2f7e72fa4f63746e1101bbf8eedbbe90ddee1482598d54f89b97cf211861403d8524f19f2d8c5dacff01241c53d9d83df737091793bda0149d645d4f331845026dfbfc6317139efed31445e3f3ba747c086c22789543b43c16337b1d54ea47d62738fdcd5fde85c29f1dd9f06adc2bff048d01a5e2742ff2b3208803516bb0c986cd1646ef447c7af94e4b040fca8e5860a025a63da26e704b6b1a0c68bca445934d1c4464e8f7d56f6606c714c5cc561a14dcdb0afc9553b2bc13c1bcfc19766b61c024d3cb1b9a162293cfc378dd4636980fc3037b47c328bc38356bb8c59f039f3c43c7cf597b6ef075b2ab17059e304ded511c193dc6e43cd87c4c9dfd8c1430141b76dd4bd6344dd0ea45b00fc04ba6969fc4ca8b3ba4ffcc3e302c6ad371d99f1a9f0bc2edd0c74d794e1805badd34f0198de9d9390b5b097a2967dc257521d9cea07a8b3a8193d83c3c2c26608c0c6d76637353c0a3d9ee54d0a21fea970b2850955d536a4466221b764acaf342dac427b74417e30e9e02cbd21b7f08822071d4f4f88cce5aa256668591c8cb890afb64268a499a22d56bbe10e6fb798c0df40d0bb9a7e9ca9a3e68c419c7f8a54dd28bf7594b434cee60905ab482a44fc44e248f09effdbede5f147b55482fb9f8280be6c7603e888996e2d4e5782dcb873425cea9379f763662e051a3194746f66a62942d7fe5cd29fc4b1ef89403cad83971f310604b387f5b4b666c32ed11afeb71fc578eeecf8bbeee9f6b24800335a337ab9cdc65a95a07175717585271074fcf82d271efe831ef32000f1873a0597982cd664c1e4e6bb9c88e670794e0cd88ec3f44c70ff217cd3fe53bab55dffe06bdd9d7e165c15ed1dc2f8e32fcd9ac8e81dee955ef0113873b7cb7874f173479f2b315f116e532ba56a5ab58773f8b380592940c2933b8f2897ecb9335c6856d1377c5881caf68b85e79846203e6ae858a51bff6bd1c46b792520cf0ee31a31a31697d1bea6025decb6c85b3873250693198befca31d46e1b07f2b1fcffdd03e184f6241598dd38da6ac633ed8cdf12d72c83c19830a9143ca9df6e8ac94623bcf4a8c03ee4cd4f11111eb4eae17a7b4436d886313084b4118477fe29e4fd2d4be3d17f1a510625b81667cb25a1813f8a6b2f35f0522e18f73d01cb65cf2ad4a179fdb4edfdf5de49b4a05ad49c08eab969c0a2d305b27e706658bf31cc5f5e8ffc98b1bfb5cc20112eff4fcf7fc759ecb87651386658d9d01099a62a4d679c62d8ca0d725b64f8dd65382716484084d07dc8c4ffc72eeade3be82d0ce98185ad97f1dce8dbd0bf52eb6a42b204134fbd186cb852bf59dbc8901986ffa0f0eff1ae7a52a3a243f622edd1cff33c9f6cad27681612a8963f1b1e6ec8d36a7a3255d29248d574673ad674147f6a8daf93465a398fd642ff8929d8ca8ddcbe5c2ff382b7025e41d49f907e364ef8efa67ed322996d04fddac644bc594909d7266cb434d5d8521f2675fbc6d90ae9c9678ddba869d56792ea7443067dfa97de14d39c750ea93d53c84c2e116ea63fd525d10df451ec11c09dca90293de087821f9ff9ea6fd5666afb6734d72987905ccb067e4565879ea871ab1a17e1374002c9fad4a6764cbbce06da5f41961edd3ab25484900fd8fbf57a6828de66bf512befd8b1a6e28ab9e672bb73b4ac516b19b2104991e462cc1a48a4ada6a61fa0a1f48f1d5a86831468ac779eb17349549a69d8fdd043d942c4eac7adfe5656c176743e87ee76798465d43b9975c3f64cdc1e0a9b8f1354ec01039fd2c32d57cbd2d480cac2a2bb5accde7570b22efabc3796b4d50f8212d422ad5dc4b14d4532031159857af45813075bb77d1d0791bc2eedb9763024a01a368d418dfe78d60ac6cd5902c1dc8f7e34dbb4df193a5b7776f0fbf0203696d9d667f4e5fd7ff97f8608e2c5b6c480d0df0faedbbeee28d201fd63d6d2709115eb1f1cebbcd5537c9d7a06fa4fb47fd8a4ce29c171d306e8d132546603ec76aed9e70e07611d0bddf80f63de8244edd6f1d3b41cc9394b4b6a1699327259c5806c64f311dc73ee2dca78320ce2439428984a69d39cf6758f780bd13793bbcee96d427c982867ad86bc26dcb1c7ddb624a7cdc83cd6157c9f020b44ac50a36640a350a2677192d0dfde61cb928d5c0c30bcb0568b3d15df6bef129199377af57ab49897159a392e9bbd1798534f5235c52818c03b96713071d17fce70ed9106f0a94676c5dbe5eafc3661439c1888fa14717153b5926de353aa5a03a33c51a2c26dcdf59d99971709d3a6e47ea72294e8be75f8732c4c68e925f4ec056f13d98eaba5545b34f7e80ff86eb1a8bcaac2a04c611ad3c4c7cf1cd41b55af54252c12c31911203f7c7ae50da4dec964bd19da7716051f76174ce103c91d68206e66ae64cc73ed5ab9c0cd6afa0", @ANYRES8=r2], 0x58}}, 0x0) 3.673283073s ago: executing program 3 (id=287): syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0x6, 0x2, 0x1, 0x0, '/\x00'}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0xe4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x78}}, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x2, 0x7fffffff], 0x80a0000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2], [0x80ffff], [], [0x400000000000000]}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$nl_route(0x10, 0x3, 0x0) splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="030000000000000044090000000000000000000000000000f80b0000000000000b00000000000000000300000000000004000000000000006222b2b01b0fce106df7a37918f16106ec8b7c91275621cf33e2b215e89242ad424f9da5af8333c710dd9840dc158432b1b33c2c4ce7d1183f9606802afea44b55544c47eca4ee243ab5bd920a129564c9d391836e1116beb1911afba11c9b3a25e7d7f0fa78227c2725"]) 2.999901593s ago: executing program 6 (id=288): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x10, 0x0, r0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x3, 0x2, 0x1, 0x4, {0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x7}}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000d00)="d4c717811837dbf3f1290b21ea303657ca64d0576766f10d123bbc62c942c4348e6ecebf8744fda9e6e633364ebbdc8d56b38232c1523970201d1a3f10641d5de6c8857fe271a51fa15b7e9fbe4633bdfccd21694bb379bda344bc4a9186b1c1a1434d72655e5929dd9e786262404d3bf21fe25b8efcaad5d573be96bbf6ace5b017f0f381fb566d866a373ef90daddc2d557f72fd88f15f0e5faed57c8c2bf084be60f28b1c7b3254bf3fc9ca04026cb020e97ffbce06ea14281058f86e6c6da9760665b57513e167a29e2933326fa2be1325e2ddf9421dc5c881", 0xdb}, {&(0x7f0000000e00)="085d891cb3f4800faeb63624aceffc97718972a5bf0f5c14406db1147db27cc56182e25ba46ea066a2133bff8eed62be1e555ca6c079194e6d1fa71ce8a199d72432e76a98651801c580896d25a9d5470acc0d76c79d60bf38eed6b300515ada31504fd1924cb2e321a313a810eef612fe202cfe1a3378efab4525294716da0f9085a06978531a655a5b8d8793db49", 0x8f}, {&(0x7f0000000ec0)="f48389a46ee5b9a4bb13df3290edf9f41d698cf17120cab85d18d05c475d72f4135df907ca08a063cb13ca65eeeee5f05d129466567e503a20612bb28159334e26cdc0f869cd85c4d2d684a4fd5e589413b7dab4909ccab8e7b16023b11aa62190120dfa9035679542e2b7a45e9e4b0f6dcdd459cf85d7358058339c0d57f197bd1832e744cbe32492e545e4adaf581a933e3b624b7bfd7447fb24b5d16575d6a88627b440038f149daa496e5e1eff7d698aa6cca774", 0xb6}, {&(0x7f0000000f80)="578056294dea2797889d29c9436fe1ebb8b414304026ae86875d2583a1ad6ef6f786302cb4b164ebe1ac8648400e09201776f93f16eed3e84380336a53e29c6e314b324611675aea71c1e0b90b726d9749e95c1d0ee25a24c34210e86c8ea08bef492eee6d7a50a7a09b4e43aa91ebd57857e1c064ba59bc99dddb79702741be49b288ac21abe1be7e7be01ad03cf37fddacbd39321ad491743f2557c2f762634b39e6e54b994ab3f61369b03b72a02ca5481b195e00563980068ef6e7a3ee007921b1b20b7a7965ed3fd1e2c0e5e5942f2db029384776551e0abe", 0xdb}, {&(0x7f0000001080)="37e3d1ae10e8b01b093b7dbe37315265129d58531d243dd21f4caeebdd2953e5f6b63bd47ca0cdc1bd908f6c84c6e992a6af5d3782e632ab73434b7d1d3878faa60698a7b0aba2ca98534596b939c40f5e8373a902f68e3794c08f504decea544909ae05d8b85d6c4b7aa9bd9a81d87289b957d2e4096b434ec583d7dae27f8cfcdabcf3bfa428dbefd0ec61a2d0215b65538b41a4091fbdca213aec4d31654ea493e6664df3bf84e757d6cc55ca24b54d6b065f8d983ca74c4b37d19545742bc97a13b8f66b05e80f571b18ae0b1067b376437ecad4df3fb7b440e784897af3cfb8fd018f798c5214b43287d197964a6e01cbdf0f9f98fcd78bfa5396", 0xfd}, {&(0x7f0000001180)="0646c0e1ae0a5c866e431616748b8984d00e6776ac6f41442fc015314ed4fb0a4dc4fd7b0538ca5f62315aa97b1391e928d96ee0321becdd2e8b64e93b0a9d1e12ffe3f945d9d8c9688c7533c1e91c9c8d8b4b7c555f04bc5ed78fa8e13537395659a8297b686b64e01ae84491517cfef1f4521c63f7b7dad5d52075640f62bf4ee13aadfb32f492dbd662aca11e526177b48fd024ffcad761762e11e5447d90515cdabc6d59ba84a8accec0348e3f6f6ebc09dfa564e2926d2ad80a37a8acc1237eb638a69eff9691be0d188ba1b8e1c313646fd6054d600dd2992b001a9ab0f2a2bf716c374e2fe757508e2a2e1a66c9470fdec2f334e50ead91", 0xfb}, {&(0x7f0000001280)="bed809b7b4538b304b7abb5506da6d678d267be4f37d1be1243018e2833c6e3683ece81b484e5bf7088bf725d37ee18a469c37f20c199563382198e338e89f63b7", 0x41}, {&(0x7f0000001300)="fa20923e9566431ccb36ccfcf082b3422c94237d214e1e8797333781e654805f3a5c65057b0df7db95c6da349b49d6aeacc54db93a8ab18f06c66ee43672b52cc9cfbd31b8756a6542a53b4da1096fab19bc942edd68d526537fe51919f867105b3f7bc6c9632ba70de74aa953dc13c506ddb2fb914e4538fd1bad1fe289781dc1e29802d02d0c16e7728b0f1b357a7a519b4211e24d5b1595e8fa0a2db4bc7f0623", 0xa2}, {&(0x7f00000013c0)="3d31f9333cfb2176ff047ee4647b8cf5195122449ebf907cbffaafae5dd282781b3ce57ae7d725f60b430f1741ecc7d898c6f2279c20e29357a08e9ce9e821c9348733fa31477e9e36622b9a12223b36c03f370d58085c7d155434f49b9321b54cd6ca6b0a7f35ad2581b5810ac02a3b6df23e6f6286fff8f7c97324db9e7f048f92349e0bbfc106b762e7d5e6cba649abcd0d0de49ad63fe80ed42ab2fd18199dbc0b3882daffce5f4c240cfceaaa0fe701ce4f7eafd86bb40853a55e956df746f44b5a156802b6a684b38cb19f8083273aba50ef1d82e2aa35bbee81451e5f", 0xe0}, {&(0x7f0000000280)="7c8e6d2a1ed37eca3a24da50dda6032d8b4b81eecf6917b4284dcd36a4bd24bec136064c6ca5684b4f2b22ded6", 0x2d}, {&(0x7f00000015c0)="d8bb1066776f86cc7a8be407705a5430e5e1d00de7d02c75215fb378b1b0f6797e76d7e973593ab88c6377e05b49cf42126257bbf1ca1dd3200be089bf4b65f80f0f613c33344e00f90288772177a93b1a7c89cc26bf296cd4921e412aa11688e7d0bbc64e722c952cc1d187cc4e0665a55606b6a0eafc2ffe0a7064230421f58641a6473fe71fbacbf535ce71b290a8921d88c15d95b1edd8cf8ad213994fab461c2d0da3c9ac0f0cc2ef4bf1", 0xad}, {&(0x7f0000000380)="6c448ae79df1285105d54481627a4b55e2def80d2eae132f9059145ce6ae2d", 0x1f}], 0xc, &(0x7f0000001540)=[{0x44, 0x11, 0x101, "109ec51fe3792cffffeb7b048f54c2b414e54515efb28f83e61a8afa48bde0eb5e6956d30ab23dd9c4566a04fe73ee3682d706215ffb"}], 0x44}, 0x0, 0x2bd414e19fbd3496, 0x1}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 2.579054938s ago: executing program 5 (id=289): socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x10) 2.146379416s ago: executing program 6 (id=290): eventfd(0xffffffff) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40106e80, &(0x7f0000000080)={@desc={0x40002, 0x0, @desc1}}) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0105502, &(0x7f0000000200)={{{0x0, 0x1}}, 0x87, 0x8, &(0x7f0000000140)="5c156283051d989998fd89acdc9301f7bd848a124f6731eb33c771239cbfc0e102b4bf9160950473171c7a95714d8ac5213fc61a147d563cbb5c70618f436cd217242453e840d8825d1517cdc3d416a1065a366f69b024385376f33360f6e9a30bc1eefd4b81954c52dbd85f2ab3a459ec012a11f1a57b2eb382b445cb3b0a23e4eef35fb71e74"}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x82801, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e060f240c"], 0x7) 1.732806118s ago: executing program 3 (id=291): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FIOCLEX(r0, 0x5451) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB="001000008000000008000f002000"], 0xe8}}, 0x0) 1.698475649s ago: executing program 5 (id=292): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000304fc0400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000240012800b0001006272696467650000140002800500190006000000050018"], 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 1.254086817s ago: executing program 6 (id=293): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$unix(r0, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e24}, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 1.03308434s ago: executing program 3 (id=294): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8) 760.417651ms ago: executing program 5 (id=295): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCGNPMODE(r3, 0xc008744c, &(0x7f00000000c0)={0x29}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r4 = socket$inet6_icmp(0xa, 0x2, 0x3a) r5 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x100) ioctl$SNDRV_PCM_IOCTL_HWSYNC(r5, 0x4122, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="64000000020601036c0000000000000000000000050005000a000000050001000600000005000400000000000900020063797a320000000015000300686173683a69702c706f72742c6e65740000000014000780080012400000000008000840000000da"], 0x64}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r4, &(0x7f0000000140)={0xa0002006}) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0)={0x7b7306ca40510a6}) epoll_pwait(r8, &(0x7f0000000000)=[{}, {}], 0x2, 0x200, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) write$char_usb(r2, &(0x7f0000000340)="550b4d1f1365c43c2052d0ca5c687fb1a901e430eb00a098b38671f77665c14b712ccffcd471f38e3c8d0c3fb6311f577faeb79fa72317bdc2fd92d140b8e10320a05dc8be65d41ed59b8a181f991505cf095cf9dd195805c250ff61253c2d3aec8f164a481e545d639936cb6d06912296f1995efaabc217fd4203fc04f39e0081ac653673afc6bcce963fd4d74e957929d9ac649d76a9344249197a5b9ccce173ab9c3f05ac7bc72321e36b8de45c266b8341e9c3ea4f6aa17ffd99b3e03a8a1ffa83793ee9b1790e7ccea728c760137c6be0aac38c4cafe65f2bc5da31316b05f825417c7b1d30b0e62fc66f76151b5d0b835c853c96f855", 0xf9) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0xfb, 0x6ad, &(0x7f0000000b00)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOFXixCVS4cCF3npDPiIhcSkHwoVFMztrr3fXm3Wb+AU+n2j2eZt55je/mdk3K9oA/7eunE3zQYpcOfvKatlevz+7tH5/9lan/mozyVSStaSsNpIU/2q32x8ll5NiY5qirxzw/uLc6598uv63TqtZL9X6jVHb9anXW+vrXuv2TSeZqMvPYct8Vz/3fMVG5JeTnKlL2HOHkrS3+NGfn94Y6dEatvXhXYkReLKKzuvmgGPJkfpGL98HdF95G7sb3XgmukGOof8dBAAAABw01Wfg5kD3lp4vPszDrBZHdzEsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONDWksn65/OLeml069Mpur//P1n3pa7vLy/sbPUHTyoOAAAAAAAAANhFLzzMw6zmaLfdLqq/+b9YNU5Wj0/l7dzJQpZzLquZz0pWspwLSY71TDS5Or+yMtVtjdry4rAtly8+ItDu1K3HcNAAAAAAAAAA8L/nZ7my+fd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYD4pkolOkuNfTfSyNZpLDSSbLjrXk4279IHuw1wEAAADALphKHmY1R7vtdpGTSZ6tvgM4nLdzOytZzEqWspBr1fcCnU/9jfX7s0vr92dvlcvgvN/5x47CqGZM57uH4Xs+Xa3RyvUsVj3ncjVvZinX0qi2LJ2u4+nO2hfXvTKm4tu1l8eL7Fpdlkf+Xl0OuLujg93ODr9MOVZl5FAnIxPJTB1bmY3j3TMz/Azt8Oxs2VMWciGNjWBP9u1pcuvBbM355pSNUfs7Upfl8fxqu5zviU4m/tPuWMjFnqvv2dE5T776+9/9cKau759DGs9EXbarx9bgNTHbk4nnxsnEjaXbN29cv3P2oGViwEyViVMb7Sv5fn6Qs5nOa1nOYn6c+axkIdP5XlWbr09+0XPLb5Opy1tarz0qksn6Cu2crJ3F9GK17dEs5tW8mWtZyEvVv4u5kJdzKZcy13OGT40+w9Vd3xi86yvtLwwN/szX6korya/rchd9uP1XwWVej/fkdfOqn6nyfXxLT52lopkTY2RpyHPjKM0v15VyHz9/1BPprurPxIWe6+WZ0Zn4TfW0cmfp9s3lG/Nvjbe7E+/VlfI++mUyvX+eSMrr5UR5sqrW1Jaroxx7ZmNsa77KsZMbY42BsVP5Q5rN7l4Ws7btnTpZv4cbnOliNfbc0LHZaux0z9iw91sA7HtHvn5ksvX31l9aH7R+0brReuXwd6e+OfX8ZA798dC3mjMTX2k8X3yYD/LTzc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAZ3fnnXdvzi8tLSz3Vdrt9t2Phw+NWen+Xs1n3Ly/0v1VqDFWzvRfnypXHTI0kfbdbYaeVOVLTye7ta/9W/l3u92ue4pt1vntn/oTNZU9Sl39O3/tfZG6EZXDj+/+Gqjs2VMSsEvOr9x66/ydd979xuKt+TcW3li4PXfp0tzM3KWXZs9fX1xamOk87nWUwJOw+aK/15EAAAAAAAAAAAAA43rM/2dgbdjQXh8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLBdOZvmgxS5MHNupmyv359dKpdufXPNZpJGkuInSfFRcjmdJcd6piu228/7i3Ovf/Lp+j/bHfV81fqNUduNZ61eMp1kolPee1zzXa3LkYpRh1BsHGGZsDPdxMFe+28AAAD//8faEAQ=") socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r10, &(0x7f0000000140)='2', 0xfdef, 0xfecc) link(&(0x7f0000000ac0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r9, 0x0, 0x4ffe6, 0x0) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 128.991235ms ago: executing program 3 (id=296): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)="5202c6e3d6b12c5694", 0x9) listen(r0, 0x2) setsockopt$inet_buf(r0, 0x0, 0x11, 0x0, 0x0) 0s ago: executing program 6 (id=297): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x282, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x402c5839, &(0x7f00000004c0)={0x20, 0x1, 0x0, 0x400}) kernel console output (not intermixed with test programs): cted cc 0x1001 length: 249 > 9 [ 272.291338][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 272.307870][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 272.439832][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.828529][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.057074][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.231867][ T3086] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 273.272320][ T3086] usb 4-1: USB disconnect, device number 2 [ 273.345336][ T5113] Bluetooth: hci0: command tx timeout [ 273.951131][ T6265] 8021q: VLANs not supported on caif0 [ 273.957478][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.57'. [ 273.977161][ T6260] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.542925][ T5113] Bluetooth: hci2: command tx timeout [ 274.579760][ T35] bridge_slave_1: left allmulticast mode [ 274.585847][ T35] bridge_slave_1: left promiscuous mode [ 274.592838][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.708008][ T35] bridge_slave_0: left allmulticast mode [ 274.714278][ T35] bridge_slave_0: left promiscuous mode [ 274.721944][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.834412][ T6273] FAULT_INJECTION: forcing a failure. [ 274.834412][ T6273] name failslab, interval 1, probability 0, space 0, times 0 [ 274.848014][ T6273] CPU: 1 UID: 0 PID: 6273 Comm: syz.0.62 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 274.848192][ T6273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 274.848294][ T6273] Call Trace: [ 274.848353][ T6273] [ 274.848419][ T6273] __dump_stack+0x26/0x30 [ 274.848628][ T6273] dump_stack_lvl+0x1df/0x270 [ 274.848836][ T6273] dump_stack+0x1e/0x25 [ 274.849013][ T6273] should_fail_ex+0x7dc/0x8a0 [ 274.849248][ T6273] should_failslab+0x15b/0x200 [ 274.849445][ T6273] __kmalloc_node_noprof+0x18b/0x1300 [ 274.849638][ T6273] ? vfs_readv+0x931/0xf30 [ 274.849759][ T6273] ? alloc_slab_obj_exts+0xa2/0x2f0 [ 274.849949][ T6273] ? do_fast_syscall_32+0x38/0x80 [ 274.850136][ T6273] ? do_SYSENTER_32+0x1f/0x30 [ 274.850320][ T6273] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 274.850554][ T6273] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 274.850738][ T6273] ? kmsan_get_metadata+0xfb/0x160 [ 274.850915][ T6273] ? kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 274.851111][ T6273] alloc_slab_obj_exts+0xa2/0x2f0 [ 274.851328][ T6273] __memcg_slab_post_alloc_hook+0x9f3/0x1270 [ 274.851559][ T6273] ? kmsan_get_metadata+0xfb/0x160 [ 274.851792][ T6273] __kvmalloc_node_noprof+0xea8/0x1530 [ 274.852012][ T6273] ? traverse+0x10c/0xa90 [ 274.852208][ T6273] traverse+0x10c/0xa90 [ 274.852376][ T6273] ? kmsan_get_metadata+0xfb/0x160 [ 274.852559][ T6273] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 274.852762][ T6273] seq_read_iter+0x2f2/0x2200 [ 274.852930][ T6273] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 274.853111][ T6273] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 274.853309][ T6273] ? kmsan_get_metadata+0xfb/0x160 [ 274.853517][ T6273] seq_read+0x592/0x670 [ 274.853718][ T6273] ? __pfx_seq_read+0x10/0x10 [ 274.853866][ T6273] proc_reg_read+0x244/0x4b0 [ 274.854080][ T6273] ? __pfx_proc_reg_read+0x10/0x10 [ 274.854266][ T6273] vfs_readv+0x931/0xf30 [ 274.854478][ T6273] ? kmsan_get_metadata+0xfb/0x160 [ 274.854661][ T6273] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 274.854864][ T6273] __ia32_compat_sys_preadv+0x2da/0x540 [ 274.855118][ T6273] ia32_sys_call+0x28d3/0x4310 [ 274.855277][ T6273] __do_fast_syscall_32+0xb0/0x150 [ 274.855505][ T6273] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 274.855709][ T6273] do_fast_syscall_32+0x38/0x80 [ 274.855910][ T6273] do_SYSENTER_32+0x1f/0x30 [ 274.856105][ T6273] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 274.856308][ T6273] RIP: 0023:0xf7f57539 [ 274.856437][ T6273] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 274.856570][ T6273] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 000000000000014d [ 274.856720][ T6273] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280 [ 274.856824][ T6273] RDX: 0000000000000001 RSI: 000000000000004c RDI: 0000000000000003 [ 274.856916][ T6273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 274.857008][ T6273] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 274.857102][ T6273] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 274.857217][ T6273] [ 275.504271][ T5113] Bluetooth: hci0: command tx timeout [ 276.014380][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.063910][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 276.081190][ T35] bond0 (unregistering): Released all slaves [ 276.350145][ T6241] chnl_net:caif_netlink_parms(): no params data found [ 276.621577][ T5113] Bluetooth: hci2: command tx timeout [ 277.198682][ T6290] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 277.220985][ T35] hsr_slave_0: left promiscuous mode [ 277.250076][ T35] hsr_slave_1: left promiscuous mode [ 277.267020][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.275195][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.351327][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.365276][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.533285][ T35] veth1_macvtap: left promiscuous mode [ 277.539081][ T35] veth0_macvtap: left promiscuous mode [ 277.545209][ T35] veth1_vlan: left promiscuous mode [ 277.551012][ T35] veth0_vlan: left promiscuous mode [ 277.589865][ T5113] Bluetooth: hci0: command tx timeout [ 278.091541][ T5896] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 278.321302][ T5896] usb 1-1: Using ep0 maxpacket: 8 [ 278.384951][ T5896] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 278.394624][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.403418][ T5896] usb 1-1: Product: syz [ 278.407819][ T5896] usb 1-1: Manufacturer: syz [ 278.413053][ T5896] usb 1-1: SerialNumber: syz [ 278.455913][ T5896] usb 1-1: config 0 descriptor?? [ 278.651558][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 278.701191][ T5113] Bluetooth: hci2: command tx timeout [ 278.733551][ T5896] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 278.831269][ T35] team0 (unregistering): Port device team_slave_1 removed [ 278.869140][ T35] team0 (unregistering): Port device team_slave_0 removed [ 279.202439][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 279.208554][ T6247] chnl_net:caif_netlink_parms(): no params data found [ 279.282489][ T6297] netlink: 'syz.3.69': attribute type 2 has an invalid length. [ 279.343805][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 279.429872][ T24] usb 4-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 279.595961][ T24] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 279.606482][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.620802][ T24] usb 4-1: Product: syz [ 279.625190][ T24] usb 4-1: Manufacturer: syz [ 279.629999][ T24] usb 4-1: SerialNumber: syz [ 279.697532][ T5113] Bluetooth: hci0: command tx timeout [ 280.147007][ T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 280.459181][ T24] snd-usb-audio 4-1:12.0: probe with driver snd-usb-audio failed with error -2 [ 280.522574][ T24] usb 4-1: USB disconnect, device number 3 [ 280.782578][ T5113] Bluetooth: hci2: command tx timeout [ 280.807108][ T5896] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 280.815521][ T6040] udevd[6040]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:12.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 280.848148][ T5896] usb 1-1: USB disconnect, device number 2 [ 281.121297][ T6309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.71'. [ 281.141271][ T6309] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.211362][ T6241] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.219311][ T6241] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.230589][ T6241] bridge_slave_0: entered allmulticast mode [ 281.240724][ T6241] bridge_slave_0: entered promiscuous mode [ 281.397518][ T6241] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.407679][ T6241] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.415687][ T6241] bridge_slave_1: entered allmulticast mode [ 281.425813][ T6241] bridge_slave_1: entered promiscuous mode [ 281.842098][ T6241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.965612][ T6241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.527911][ T6241] team0: Port device team_slave_0 added [ 282.528552][ T6316] loop3: detected capacity change from 0 to 4096 [ 282.543572][ T6247] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.551675][ T6247] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.559620][ T6247] bridge_slave_0: entered allmulticast mode [ 282.645343][ T6247] bridge_slave_0: entered promiscuous mode [ 282.669781][ T6241] team0: Port device team_slave_1 added [ 282.735683][ T6321] loop1: detected capacity change from 0 to 4096 [ 282.809416][ T6247] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.819482][ T6247] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.827547][ T6247] bridge_slave_1: entered allmulticast mode [ 282.838016][ T6247] bridge_slave_1: entered promiscuous mode [ 282.909700][ T6322] loop0: detected capacity change from 0 to 4096 [ 283.083269][ T6316] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 283.146327][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.1.73'. [ 283.155892][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.1.73'. [ 283.262552][ T6241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.270983][ T6241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.297950][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.306403][ T6241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.341311][ T6321] dummy0: entered promiscuous mode [ 283.353823][ T6321] team0: entered promiscuous mode [ 283.359407][ T6321] team_slave_0: entered promiscuous mode [ 283.366887][ T6321] team_slave_1: entered promiscuous mode [ 283.632412][ T6330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.74'. [ 283.642075][ T6330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.74'. [ 283.702460][ T6247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.783711][ T6241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.791355][ T6241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.818225][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.827412][ T6241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.862772][ T6330] dummy0: entered promiscuous mode [ 283.876265][ T6330] team0: entered promiscuous mode [ 283.881828][ T6330] team_slave_0: entered promiscuous mode [ 283.889023][ T6330] team_slave_1: entered promiscuous mode [ 283.904967][ T6330] debugfs: 'hsr1' already exists in 'hsr' [ 283.911208][ T6330] Cannot create hsr debugfs directory [ 283.946226][ T6247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.644807][ T6247] team0: Port device team_slave_0 added [ 284.707064][ T6247] team0: Port device team_slave_1 added [ 285.039845][ T6336] loop1: detected capacity change from 0 to 16 [ 285.095514][ T6337] loop3: detected capacity change from 0 to 128 [ 285.101497][ T6336] erofs: Bad value for 'cache_strategy' [ 285.328585][ T6337] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 285.337664][ T6247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.349583][ T6247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.361812][ T6337] ext4 filesystem being mounted at /17/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 285.377829][ T6247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.431424][ T6241] hsr_slave_0: entered promiscuous mode [ 285.442681][ T6241] hsr_slave_1: entered promiscuous mode [ 285.832096][ T6247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.839270][ T6247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.871968][ T6247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.912242][ T6342] loop0: detected capacity change from 0 to 1024 [ 285.934482][ T6342] hfsplus: Unknown parameter '$$S@؂]Z6oi$8Sv3` KLR_*Y*{.E; [ 285.934482][ T6342] #_t' [ 285.990491][ T5824] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 286.851227][ T6247] hsr_slave_0: entered promiscuous mode [ 286.948875][ T6247] hsr_slave_1: entered promiscuous mode [ 286.958471][ T6247] debugfs: 'hsr0' already exists in 'hsr' [ 286.964681][ T6247] Cannot create hsr debugfs directory [ 287.066925][ T6349] loop1: detected capacity change from 0 to 1024 [ 287.234718][ T6349] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.534105][ T6349] FAULT_INJECTION: forcing a failure. [ 287.534105][ T6349] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.547750][ T6349] CPU: 1 UID: 0 PID: 6349 Comm: syz.1.80 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 287.547929][ T6349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 287.548021][ T6349] Call Trace: [ 287.548079][ T6349] [ 287.548133][ T6349] __dump_stack+0x26/0x30 [ 287.548328][ T6349] dump_stack_lvl+0x1df/0x270 [ 287.548532][ T6349] dump_stack+0x1e/0x25 [ 287.548710][ T6349] should_fail_ex+0x7dc/0x8a0 [ 287.548967][ T6349] should_fail+0x2a/0x40 [ 287.549168][ T6349] should_fail_usercopy+0x2e/0x40 [ 287.549324][ T6349] strncpy_from_user+0x38/0x470 [ 287.549519][ T6349] ? kmsan_get_metadata+0xfb/0x160 [ 287.549704][ T6349] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 287.549920][ T6349] getname_flags+0x179/0xac0 [ 287.550146][ T6349] do_sys_openat2+0xaa/0x2f0 [ 287.550325][ T6349] __ia32_compat_sys_openat+0x238/0x300 [ 287.550532][ T6349] ia32_sys_call+0x3210/0x4310 [ 287.550685][ T6349] __do_fast_syscall_32+0xb0/0x150 [ 287.550898][ T6349] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 287.551098][ T6349] do_fast_syscall_32+0x38/0x80 [ 287.551296][ T6349] do_SYSENTER_32+0x1f/0x30 [ 287.551487][ T6349] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 287.551687][ T6349] RIP: 0023:0xf7f14539 [ 287.551798][ T6349] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 287.551936][ T6349] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 287.552082][ T6349] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 287.552191][ T6349] RDX: 0000000000515401 RSI: 0000000000000408 RDI: 0000000000000000 [ 287.552286][ T6349] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.552377][ T6349] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 287.552469][ T6349] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.552599][ T6349] [ 288.112604][ T5907] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 288.248846][ T6241] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 288.323493][ T5907] usb 4-1: Using ep0 maxpacket: 8 [ 288.363535][ T5814] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.374734][ T5907] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 288.377475][ T6241] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 288.384585][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.399529][ T5907] usb 4-1: Product: syz [ 288.404364][ T5907] usb 4-1: Manufacturer: syz [ 288.409216][ T5907] usb 4-1: SerialNumber: syz [ 288.483081][ T5907] usb 4-1: config 0 descriptor?? [ 288.670401][ T6241] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 288.708187][ T5907] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 288.874926][ T6241] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 289.133210][ T6364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'. [ 289.357222][ T6247] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 289.456291][ T6247] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 289.534702][ T6247] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 289.635435][ T6247] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 289.964280][ T6360] loop0: detected capacity change from 0 to 4096 [ 290.282509][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.85'. [ 290.356689][ T6372] FAULT_INJECTION: forcing a failure. [ 290.356689][ T6372] name failslab, interval 1, probability 0, space 0, times 0 [ 290.376917][ T6372] CPU: 1 UID: 0 PID: 6372 Comm: syz.1.85 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 290.377097][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 290.377188][ T6372] Call Trace: [ 290.377245][ T6372] [ 290.377302][ T6372] __dump_stack+0x26/0x30 [ 290.377500][ T6372] dump_stack_lvl+0x1df/0x270 [ 290.377702][ T6372] dump_stack+0x1e/0x25 [ 290.377880][ T6372] should_fail_ex+0x7dc/0x8a0 [ 290.378162][ T6372] should_failslab+0x15b/0x200 [ 290.378353][ T6372] kmem_cache_alloc_node_noprof+0xf3/0xf00 [ 290.378563][ T6372] ? __alloc_skb+0x1e0/0x7d0 [ 290.378726][ T6372] ? kmsan_get_metadata+0xfb/0x160 [ 290.378902][ T6372] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 290.379108][ T6372] __alloc_skb+0x1e0/0x7d0 [ 290.379281][ T6372] netlink_alloc_large_skb+0xa5/0x280 [ 290.379457][ T6372] netlink_sendmsg+0xaea/0x1250 [ 290.379667][ T6372] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.379839][ T6372] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.380018][ T6372] __sock_sendmsg+0x333/0x3d0 [ 290.380243][ T6372] ____sys_sendmsg+0x7e0/0xd80 [ 290.380467][ T6372] ___sys_sendmsg+0x271/0x3b0 [ 290.380659][ T6372] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 290.380857][ T6372] ? __rcu_read_unlock+0x6d/0xd0 [ 290.381022][ T6372] ? __fget_files+0x3b4/0x4a0 [ 290.381259][ T6372] ? __fget_files+0x3b9/0x4a0 [ 290.381468][ T6372] ? kmsan_get_metadata+0xfb/0x160 [ 290.381646][ T6372] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 290.381845][ T6372] __sys_sendmsg+0x1aa/0x300 [ 290.382062][ T6372] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 290.382272][ T6372] ia32_sys_call+0x3f6c/0x4310 [ 290.382427][ T6372] __do_fast_syscall_32+0xb0/0x150 [ 290.382627][ T6372] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 290.382826][ T6372] do_fast_syscall_32+0x38/0x80 [ 290.383019][ T6372] do_SYSENTER_32+0x1f/0x30 [ 290.383217][ T6372] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 290.383406][ T6372] RIP: 0023:0xf7f14539 [ 290.383513][ T6372] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 290.383647][ T6372] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 290.383790][ T6372] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140 [ 290.383892][ T6372] RDX: 0000000000004004 RSI: 0000000000000000 RDI: 0000000000000000 [ 290.383985][ T6372] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 290.384076][ T6372] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 290.384174][ T6372] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 290.384302][ T6372] [ 290.414323][ T5907] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 290.964674][ T6361] netlink: 28 bytes leftover after parsing attributes in process `syz.0.84'. [ 290.974257][ T6361] netlink: 28 bytes leftover after parsing attributes in process `syz.0.84'. [ 291.198300][ T5907] usb 4-1: USB disconnect, device number 4 [ 291.542684][ T6241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.854126][ T6241] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.942940][ T6377] loop1: detected capacity change from 0 to 4096 [ 292.044313][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.052298][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.232132][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.239732][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.713041][ T6247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.804743][ T30] audit: type=1804 audit(1755355620.003:5): pid=6377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.86" name="/newroot/22/file0/file0" dev="loop1" ino=0 res=1 errno=0 [ 292.836262][ T6377] FAULT_INJECTION: forcing a failure. [ 292.836262][ T6377] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.851260][ T6377] CPU: 1 UID: 0 PID: 6377 Comm: syz.1.86 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 292.851434][ T6377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.851525][ T6377] Call Trace: [ 292.851579][ T6377] [ 292.851636][ T6377] __dump_stack+0x26/0x30 [ 292.851831][ T6377] dump_stack_lvl+0x1df/0x270 [ 292.852034][ T6377] dump_stack+0x1e/0x25 [ 292.852229][ T6377] should_fail_ex+0x7dc/0x8a0 [ 292.852466][ T6377] should_fail+0x2a/0x40 [ 292.852669][ T6377] should_fail_usercopy+0x2e/0x40 [ 292.852823][ T6377] strncpy_from_user+0x38/0x470 [ 292.853010][ T6377] ? kmsan_get_metadata+0xfb/0x160 [ 292.853201][ T6377] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 292.853405][ T6377] getname_flags+0x179/0xac0 [ 292.853668][ T6377] __ia32_sys_unlink+0x49/0xa0 [ 292.853859][ T6377] ia32_sys_call+0x1d40/0x4310 [ 292.854023][ T6377] __do_fast_syscall_32+0xb0/0x150 [ 292.854235][ T6377] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 292.854431][ T6377] do_fast_syscall_32+0x38/0x80 [ 292.854642][ T6377] do_SYSENTER_32+0x1f/0x30 [ 292.854836][ T6377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 292.855033][ T6377] RIP: 0023:0xf7f14539 [ 292.855153][ T6377] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 292.855287][ T6377] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 292.855434][ T6377] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000000 [ 292.855537][ T6377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 292.855628][ T6377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 292.855719][ T6377] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 292.855811][ T6377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 292.855939][ T6377] [ 293.135012][ T6247] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.312937][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.320803][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.521457][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.529142][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.014402][ T6381] loop3: detected capacity change from 0 to 4096 [ 294.674506][ T6388] loop0: detected capacity change from 0 to 4096 [ 294.945391][ T30] audit: type=1804 audit(1755355622.143:6): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.87" name="/newroot/20/file0/file0" dev="loop3" ino=0 res=1 errno=0 [ 294.995355][ T6395] loop1: detected capacity change from 0 to 1024 [ 295.145343][ T6395] hfsplus: Unknown parameter '$$S@؂]Z6oi$8Sv3` KLR_*Y*{.E; [ 295.145343][ T6395] #_t' [ 295.547759][ T30] audit: type=1804 audit(1755355622.733:7): pid=6388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.88" name="/newroot/19/file0/file0" dev="loop0" ino=0 res=1 errno=0 [ 296.217737][ T6241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.384592][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.391748][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 297.147462][ T6405] loop3: detected capacity change from 0 to 1024 [ 297.255518][ T6247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.485373][ T6417] process 'syz.0.91' launched '/dev/fd/4' with NULL argv: empty string added [ 298.656084][ T6427] loop1: detected capacity change from 0 to 128 [ 299.241050][ T5896] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 299.490800][ T5896] usb 1-1: Using ep0 maxpacket: 8 [ 299.571646][ T5896] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 299.582288][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.591874][ T5896] usb 1-1: Product: syz [ 299.596286][ T5896] usb 1-1: Manufacturer: syz [ 299.601489][ T5896] usb 1-1: SerialNumber: syz [ 299.745478][ T5896] usb 1-1: config 0 descriptor?? [ 299.998596][ T5896] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 300.411207][ T6241] veth0_vlan: entered promiscuous mode [ 300.584803][ T6241] veth1_vlan: entered promiscuous mode [ 301.144037][ T6241] veth0_macvtap: entered promiscuous mode [ 301.259348][ T6241] veth1_macvtap: entered promiscuous mode [ 301.280300][ T6443] loop1: detected capacity change from 0 to 4096 [ 301.329503][ T6450] netlink: 'syz.3.98': attribute type 1 has an invalid length. [ 301.339840][ T6450] netlink: 216 bytes leftover after parsing attributes in process `syz.3.98'. [ 301.350212][ T6450] NCSI netlink: No device for ifindex 0 [ 301.502300][ T6450] program syz.3.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 301.608207][ T5896] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 301.648161][ T6247] veth0_vlan: entered promiscuous mode [ 301.696422][ T5896] usb 1-1: USB disconnect, device number 3 [ 301.791522][ T6241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.864672][ T6247] veth1_vlan: entered promiscuous mode [ 301.894348][ T6241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.006830][ T6458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.96'. [ 302.016958][ T6458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.96'. [ 302.239986][ T755] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.346471][ T755] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.441002][ T755] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.505051][ T755] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.784485][ T6247] veth0_macvtap: entered promiscuous mode [ 302.955795][ T6247] veth1_macvtap: entered promiscuous mode [ 303.287444][ T6247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.422228][ T6247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 303.579889][ T6467] loop0: detected capacity change from 0 to 1024 [ 303.627009][ T2988] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.696923][ T6467] hfsplus: Unknown parameter '$$S@؂]Z6oi$8Sv3` KLR_*Y*{.E; [ 303.696923][ T6467] #_t' [ 303.719783][ T2988] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.821326][ T2988] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.871059][ T2988] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.212230][ T6475] netlink: 104 bytes leftover after parsing attributes in process `syz.3.102'. [ 305.324860][ T6486] FAULT_INJECTION: forcing a failure. [ 305.324860][ T6486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.338644][ T6486] CPU: 1 UID: 0 PID: 6486 Comm: syz.1.105 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 305.338816][ T6486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 305.338906][ T6486] Call Trace: [ 305.338963][ T6486] [ 305.339020][ T6486] __dump_stack+0x26/0x30 [ 305.339217][ T6486] dump_stack_lvl+0x1df/0x270 [ 305.339419][ T6486] dump_stack+0x1e/0x25 [ 305.339596][ T6486] should_fail_ex+0x7dc/0x8a0 [ 305.339848][ T6486] should_fail+0x2a/0x40 [ 305.340046][ T6486] should_fail_usercopy+0x2e/0x40 [ 305.340198][ T6486] _copy_from_iter+0x1ba/0x3350 [ 305.340409][ T6486] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 305.340584][ T6486] ? kmsan_get_metadata+0xfb/0x160 [ 305.340767][ T6486] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 305.340965][ T6486] ? __kmalloc_noprof+0x9c8/0x1310 [ 305.341162][ T6486] ? kernfs_fop_write_iter+0x29d/0x9e0 [ 305.341390][ T6486] kernfs_fop_write_iter+0x36e/0x9e0 [ 305.341625][ T6486] vfs_write+0xbe2/0x15d0 [ 305.341839][ T6486] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 305.342055][ T6486] __ia32_sys_write+0x1f9/0x4d0 [ 305.342259][ T6486] ia32_sys_call+0x35bc/0x4310 [ 305.342409][ T6486] __do_fast_syscall_32+0xb0/0x150 [ 305.342626][ T6486] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 305.342827][ T6486] do_fast_syscall_32+0x38/0x80 [ 305.343025][ T6486] do_SYSENTER_32+0x1f/0x30 [ 305.343209][ T6486] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.343413][ T6486] RIP: 0023:0xf7f14539 [ 305.343527][ T6486] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 305.343671][ T6486] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 305.343814][ T6486] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000100 [ 305.343915][ T6486] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000000 [ 305.344005][ T6486] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.344095][ T6486] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 305.344187][ T6486] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.344324][ T6486] [ 305.359290][ T6484] loop3: detected capacity change from 0 to 512 [ 306.078155][ T5896] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 306.315711][ T5896] usb 4-1: Using ep0 maxpacket: 16 [ 306.410386][ T5896] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.422031][ T5896] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.432338][ T5896] usb 4-1: config 0 interface 0 has no altsetting 0 [ 306.439347][ T5896] usb 4-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 306.450480][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.453156][ T6495] FAULT_INJECTION: forcing a failure. [ 306.453156][ T6495] name failslab, interval 1, probability 0, space 0, times 0 [ 306.473441][ T6495] CPU: 1 UID: 0 PID: 6495 Comm: syz.1.107 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 306.473635][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 306.473735][ T6495] Call Trace: [ 306.473792][ T6495] [ 306.473850][ T6495] __dump_stack+0x26/0x30 [ 306.474047][ T6495] dump_stack_lvl+0x1df/0x270 [ 306.474255][ T6495] dump_stack+0x1e/0x25 [ 306.474437][ T6495] should_fail_ex+0x7dc/0x8a0 [ 306.474691][ T6495] should_failslab+0x15b/0x200 [ 306.474885][ T6495] kmem_cache_alloc_node_noprof+0xf3/0xf00 [ 306.475086][ T6495] ? __alloc_skb+0x1e0/0x7d0 [ 306.475249][ T6495] ? kmsan_get_metadata+0xfb/0x160 [ 306.475432][ T6495] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 306.475617][ T6495] __alloc_skb+0x1e0/0x7d0 [ 306.475799][ T6495] netlink_alloc_large_skb+0xa5/0x280 [ 306.475973][ T6495] netlink_sendmsg+0xaea/0x1250 [ 306.476184][ T6495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.476398][ T6495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.476580][ T6495] __sock_sendmsg+0x333/0x3d0 [ 306.476808][ T6495] ____sys_sendmsg+0x7e0/0xd80 [ 306.477170][ T6495] ___sys_sendmsg+0x271/0x3b0 [ 306.477386][ T6495] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 306.477589][ T6495] ? __rcu_read_unlock+0x6d/0xd0 [ 306.477759][ T6495] ? __fget_files+0x3b4/0x4a0 [ 306.477957][ T6495] ? __fget_files+0x3b9/0x4a0 [ 306.478161][ T6495] ? kmsan_get_metadata+0xfb/0x160 [ 306.478332][ T6495] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 306.478529][ T6495] __sys_sendmsg+0x1aa/0x300 [ 306.478746][ T6495] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 306.478991][ T6495] ia32_sys_call+0x3f6c/0x4310 [ 306.479149][ T6495] __do_fast_syscall_32+0xb0/0x150 [ 306.479357][ T6495] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 306.479558][ T6495] do_fast_syscall_32+0x38/0x80 [ 306.479766][ T6495] do_SYSENTER_32+0x1f/0x30 [ 306.479968][ T6495] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 306.480176][ T6495] RIP: 0023:0xf7f14539 [ 306.480289][ T6495] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 306.480424][ T6495] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 306.480571][ T6495] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 306.480670][ T6495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.480761][ T6495] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 306.480853][ T6495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 306.480952][ T6495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 306.481078][ T6495] [ 306.772827][ T5896] usb 4-1: config 0 descriptor?? [ 307.351384][ T5896] usbhid 4-1:0.0: can't add hid device: -71 [ 307.358198][ T5896] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 307.444758][ T5896] usb 4-1: USB disconnect, device number 5 [ 307.812743][ T5907] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 308.093411][ T5907] usb 1-1: Using ep0 maxpacket: 8 [ 308.202584][ T5907] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 308.212356][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.224118][ T5907] usb 1-1: Product: syz [ 308.228543][ T5907] usb 1-1: Manufacturer: syz [ 308.234161][ T5907] usb 1-1: SerialNumber: syz [ 308.351871][ T5907] usb 1-1: config 0 descriptor?? [ 308.432313][ T6507] loop1: detected capacity change from 0 to 4096 [ 308.583947][ T5907] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 308.671356][ T6513] loop3: detected capacity change from 0 to 128 [ 308.825649][ T6514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.109'. [ 308.835833][ T6514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.109'. [ 310.193229][ T5907] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 310.270725][ T5907] usb 1-1: USB disconnect, device number 4 [ 310.506175][ T6524] loop3: detected capacity change from 0 to 1024 [ 310.574062][ T6524] hfsplus: Unknown parameter '$$S@؂]Z6oi$8Sv3` KLR_*Y*{.E; [ 310.574062][ T6524] #_t' [ 311.499103][ T6539] FAULT_INJECTION: forcing a failure. [ 311.499103][ T6539] name failslab, interval 1, probability 0, space 0, times 0 [ 311.512945][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: syz.0.114 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 311.513119][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 311.513211][ T6539] Call Trace: [ 311.513268][ T6539] [ 311.513323][ T6539] __dump_stack+0x26/0x30 [ 311.513540][ T6539] dump_stack_lvl+0x1df/0x270 [ 311.513755][ T6539] dump_stack+0x1e/0x25 [ 311.513934][ T6539] should_fail_ex+0x7dc/0x8a0 [ 311.514176][ T6539] should_failslab+0x15b/0x200 [ 311.514363][ T6539] __kmalloc_noprof+0x182/0x1310 [ 311.514561][ T6539] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 311.514766][ T6539] ? tomoyo_path_number_perm+0xf1/0x7d0 [ 311.514994][ T6539] ? filter_irq_stacks+0x49/0x190 [ 311.515215][ T6539] ? kmsan_get_metadata+0xfb/0x160 [ 311.515410][ T6539] tomoyo_realpath_from_path+0xeb/0x9f0 [ 311.515621][ T6539] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 311.515822][ T6539] ? __srcu_read_lock+0x5e/0xd0 [ 311.516018][ T6539] tomoyo_path_number_perm+0x1d0/0x7d0 [ 311.516256][ T6539] ? stack_depot_save_flags+0x35/0x7b0 [ 311.516494][ T6539] ? kmsan_get_metadata+0xfb/0x160 [ 311.516683][ T6539] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 311.516934][ T6539] tomoyo_file_ioctl+0x3d/0x50 [ 311.517127][ T6539] security_file_ioctl_compat+0x141/0x590 [ 311.517368][ T6539] __ia32_compat_sys_ioctl+0x150/0x1270 [ 311.517561][ T6539] ? kmsan_get_metadata+0xfb/0x160 [ 311.517831][ T6539] ? kmsan_get_metadata+0xfb/0x160 [ 311.518031][ T6539] ia32_sys_call+0x2d5f/0x4310 [ 311.518188][ T6539] __do_fast_syscall_32+0xb0/0x150 [ 311.518407][ T6539] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 311.518751][ T6539] do_fast_syscall_32+0x38/0x80 [ 311.518995][ T6539] do_SYSENTER_32+0x1f/0x30 [ 311.519206][ T6539] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 311.519411][ T6539] RIP: 0023:0xf7f57539 [ 311.519523][ T6539] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 311.519656][ T6539] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 311.519815][ T6539] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 311.519960][ T6539] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 311.520056][ T6539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 311.520144][ T6539] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 311.520235][ T6539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 311.520373][ T6539] [ 311.520434][ T6539] ERROR: Out of memory at tomoyo_realpath_from_path. [ 312.117267][ T6542] loop3: detected capacity change from 0 to 512 [ 312.131070][ T6542] ext4: Unknown parameter '" xdf' [ 313.007217][ T6552] FAULT_INJECTION: forcing a failure. [ 313.007217][ T6552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.022056][ T6552] CPU: 0 UID: 0 PID: 6552 Comm: syz.0.117 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 313.022240][ T6552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 313.022330][ T6552] Call Trace: [ 313.022386][ T6552] [ 313.022443][ T6552] __dump_stack+0x26/0x30 [ 313.022659][ T6552] dump_stack_lvl+0x1df/0x270 [ 313.022862][ T6552] dump_stack+0x1e/0x25 [ 313.023042][ T6552] should_fail_ex+0x7dc/0x8a0 [ 313.023281][ T6552] should_fail+0x2a/0x40 [ 313.023465][ T6552] should_fail_usercopy+0x2e/0x40 [ 313.023630][ T6552] _copy_to_user+0x35/0x120 [ 313.023795][ T6552] sk_getsockopt+0x242b/0x3a80 [ 313.024002][ T6552] ? aa_sock_opt_perm+0x268/0x2a0 [ 313.024179][ T6552] ? kmsan_get_metadata+0xfb/0x160 [ 313.024363][ T6552] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 313.024564][ T6552] do_sock_getsockopt+0x2c3/0x580 [ 313.024747][ T6552] ? kmsan_save_stack_with_flags+0x30/0x60 [ 313.025004][ T6552] __ia32_sys_getsockopt+0x32c/0x520 [ 313.025184][ T6552] ? kmsan_save_stack_with_flags+0x30/0x60 [ 313.025434][ T6552] ? kmsan_save_stack_with_flags+0x30/0x60 [ 313.025694][ T6552] ia32_sys_call+0x33f0/0x4310 [ 313.025848][ T6552] __do_fast_syscall_32+0xb0/0x150 [ 313.026055][ T6552] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 313.026251][ T6552] do_fast_syscall_32+0x38/0x80 [ 313.026449][ T6552] do_SYSENTER_32+0x1f/0x30 [ 313.026648][ T6552] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 313.026843][ T6552] RIP: 0023:0xf7f57539 [ 313.026956][ T6552] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 313.027092][ T6552] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 313.027241][ T6552] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001 [ 313.027342][ T6552] RDX: 0000000000000042 RSI: 0000000000000000 RDI: 00000000800028c0 [ 313.027439][ T6552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 313.027539][ T6552] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 313.027632][ T6552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 313.027762][ T6552] [ 313.250730][ C0] vkms_vblank_simulate: vblank timer overrun [ 313.704159][ T6557] loop3: detected capacity change from 0 to 64 [ 314.720974][ T6566] loop1: detected capacity change from 0 to 1024 [ 315.286501][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.295271][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.391038][ T6570] loop3: detected capacity change from 0 to 1024 [ 315.415745][ T6570] EXT4-fs: Ignoring removed oldalloc option [ 315.422763][ T6570] EXT4-fs: Ignoring removed orlov option [ 315.492599][ T6570] EXT4-fs (loop3): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 315.590425][ T6573] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 315.670737][ T6570] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.745482][ T5907] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 315.830780][ T3684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.838939][ T3684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.009485][ T5907] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 316.022155][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 316.033720][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 115, changing to 10 [ 316.045395][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 26623, setting to 1024 [ 316.062241][ T30] audit: type=1800 audit(1755355643.173:8): pid=6570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.121" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 316.203480][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.212699][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.405046][ T5907] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 316.414810][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.423389][ T5907] usb 2-1: Product: syz [ 316.427778][ T5907] usb 2-1: Manufacturer: syz [ 316.432748][ T5907] usb 2-1: SerialNumber: syz [ 316.568277][ T5907] usb 2-1: config 0 descriptor?? [ 316.583811][ T6572] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 316.654373][ T6570] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 316.845268][ T3684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.853855][ T3684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.880829][ T6570] EXT4-fs (loop3): Remounting filesystem read-only [ 317.226193][ T6584] loop0: detected capacity change from 0 to 1024 [ 317.293728][ T6584] hfsplus: Unknown parameter '$$S@؂]Z6oi$8Sv3` KLR_*Y*{.E; [ 317.293728][ T6584] #_t' [ 317.759620][ T6587] loop5: detected capacity change from 0 to 2048 [ 318.107478][ T6587] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 318.292106][ T6593] tmpfs: Bad value for 'mpol' [ 318.608477][ T6595] netlink: 28 bytes leftover after parsing attributes in process `syz.6.58'. [ 318.619008][ T6595] netlink: 28 bytes leftover after parsing attributes in process `syz.6.58'. [ 318.642404][ T6592] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 318.661535][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.413779][ T4333] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 319.429656][ T4333] EXT4-fs (loop5): This should not happen!! Data will be lost [ 319.429656][ T4333] [ 319.439795][ T4333] EXT4-fs (loop5): Total free blocks count 0 [ 319.453592][ T4333] EXT4-fs (loop5): Free/Dirty block details [ 319.459748][ T4333] EXT4-fs (loop5): free_blocks=66060288 [ 319.468056][ T4333] EXT4-fs (loop5): dirty_blocks=16 [ 319.473553][ T4333] EXT4-fs (loop5): Block reservation details [ 319.480332][ T4333] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 319.874562][ T6241] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.949747][ T6602] loop3: detected capacity change from 0 to 2048 [ 321.068828][ T6606] loop6: detected capacity change from 0 to 1024 [ 321.337078][ T6602] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 321.475018][ T6602] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 321.483348][ T6602] UDF-fs: Scanning with blocksize 512 failed [ 321.601958][ T5896] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 321.693540][ T5173] udevd[5173]: worker [6040] terminated by signal 33 (Unknown signal 33) [ 321.794635][ T6602] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 321.887914][ T5173] udevd[5173]: worker [6040] failed while handling '/devices/virtual/block/loop3' [ 321.976237][ T6602] comedi comedi0: comedi_config --init_data is deprecated [ 322.050993][ T5896] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 322.061136][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.070876][ T5896] usb 6-1: Product: syz [ 322.075397][ T5896] usb 6-1: Manufacturer: syz [ 322.080337][ T5896] usb 6-1: SerialNumber: syz [ 322.348878][ T5896] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 322.847409][ T3086] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 323.366491][ T6611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.377169][ T6611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.625386][ T6611] netlink: 256 bytes leftover after parsing attributes in process `syz.5.126'. [ 323.913756][ T3086] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 323.922571][ T3086] ath9k_htc: Failed to initialize the device [ 323.955549][ T6611] capability: warning: `syz.5.126' uses 32-bit capabilities (legacy support in use) [ 324.101380][ T6611] netlink: 8 bytes leftover after parsing attributes in process `syz.5.126'. [ 324.111155][ T6611] netlink: 12 bytes leftover after parsing attributes in process `syz.5.126'. [ 324.709318][ T3086] usb 6-1: ath9k_htc: USB layer deinitialized [ 325.418474][ T6633] input: syz0 as /devices/virtual/input/input6 [ 325.942119][ T6642] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 325.963578][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.974448][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.167233][ T6646] loop3: detected capacity change from 0 to 16 [ 326.245877][ T5872] usb 6-1: USB disconnect, device number 2 [ 326.469845][ T6640] loop6: detected capacity change from 0 to 1024 [ 326.606830][ T6640] EXT4-fs: Ignoring removed oldalloc option [ 326.621964][ T6640] EXT4-fs: Ignoring removed orlov option [ 326.677534][ T6643] loop1: detected capacity change from 0 to 2048 [ 326.796142][ T6640] EXT4-fs (loop6): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 327.094802][ T42] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 327.102357][ T6643] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 327.160221][ T6640] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.361617][ T5872] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 327.402729][ T42] usb 4-1: too many endpoints for config 0 interface 0 altsetting 185: 49, using maximum allowed: 30 [ 327.414289][ T42] usb 4-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 327.424703][ T42] usb 4-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 49 [ 327.444868][ T42] usb 4-1: config 0 interface 0 has no altsetting 0 [ 327.454063][ T42] usb 4-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00 [ 327.463564][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.601250][ T30] audit: type=1800 audit(1755355654.753:9): pid=6640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.135" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 327.672205][ T5872] usb 6-1: Using ep0 maxpacket: 8 [ 327.756446][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 327.766884][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 327.777166][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 327.787305][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 327.920388][ T42] usb 4-1: config 0 descriptor?? [ 328.108912][ T5872] usb 6-1: New USB device found, idVendor=0586, idProduct=1000, bcdDevice= 5.2a [ 328.118483][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.127279][ T5872] usb 6-1: Product: syz [ 328.132356][ T5872] usb 6-1: Manufacturer: syz [ 328.137352][ T5872] usb 6-1: SerialNumber: syz [ 328.292576][ T6640] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 328.424346][ T6640] EXT4-fs (loop6): Remounting filesystem read-only [ 328.476600][ T5872] usb 6-1: config 0 descriptor?? [ 328.554572][ T5872] omninet 6-1:0.0: ZyXEL - omni.net usb converter detected [ 328.856603][ T5872] usb 6-1: ZyXEL - omni.net usb converter now attached to ttyUSB0 [ 329.026161][ T4044] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 329.168323][ T4044] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 329.189267][ T4044] EXT4-fs (loop1): This should not happen!! Data will be lost [ 329.189267][ T4044] [ 329.202361][ T4044] EXT4-fs (loop1): Total free blocks count 0 [ 329.208847][ T4044] EXT4-fs (loop1): Free/Dirty block details [ 329.215637][ T4044] EXT4-fs (loop1): free_blocks=66060288 [ 329.221591][ T4044] EXT4-fs (loop1): dirty_blocks=16 [ 329.226915][ T4044] EXT4-fs (loop1): Block reservation details [ 329.233296][ T4044] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 329.395987][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.407079][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.682521][ T5814] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.184591][ T6247] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.964715][ T11] usb 4-1: USB disconnect, device number 6 [ 330.979780][ T6670] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 331.709743][ T5872] usb 6-1: USB disconnect, device number 3 [ 331.903307][ T5872] omninet ttyUSB0: ZyXEL - omni.net usb converter now disconnected from ttyUSB0 [ 331.916275][ T5872] omninet 6-1:0.0: device disconnected [ 331.988595][ T6675] loop3: detected capacity change from 0 to 136 [ 332.168590][ T6672] loop6: detected capacity change from 0 to 1024 [ 332.210850][ T6675] Attempt to read inode for relocated directory [ 332.428296][ T6675] syz.3.143 uses obsolete (PF_INET,SOCK_PACKET) [ 334.256463][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 334.264075][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 334.267920][ T5823] Bluetooth: hci4: command 0x0406 tx timeout [ 334.554372][ T30] audit: type=1326 audit(1755355661.753:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 334.692425][ T30] audit: type=1326 audit(1755355661.793:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=448 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 334.718751][ T30] audit: type=1326 audit(1755355661.793:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 334.745551][ T30] audit: type=1326 audit(1755355661.813:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 334.768846][ T30] audit: type=1326 audit(1755355661.813:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 334.876610][ T6692] loop6: detected capacity change from 0 to 512 [ 335.049817][ T6694] netlink: 152 bytes leftover after parsing attributes in process `syz.3.147'. [ 335.403758][ T6692] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.406213][ T30] audit: type=1326 audit(1755355662.153:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 335.612188][ T30] audit: type=1326 audit(1755355662.823:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 335.778704][ T30] audit: type=1326 audit(1755355662.993:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 335.832937][ T6690] loop3: detected capacity change from 0 to 2048 [ 335.967643][ T6700] tipc: Started in network mode [ 335.975926][ T6700] tipc: Node identity aa9a41c8decc, cluster identity 4711 [ 335.988623][ T6700] tipc: Enabled bearer , priority 0 [ 336.060722][ T30] audit: type=1326 audit(1755355663.043:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 336.084393][ T30] audit: type=1326 audit(1755355663.143:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 336.101233][ T6625] Alternate GPT is invalid, using primary GPT. [ 336.115143][ T6625] loop3: p1 p2 p3 [ 336.144374][ T6705] syzkaller0: entered promiscuous mode [ 336.154721][ T6705] syzkaller0: entered allmulticast mode [ 336.596855][ T6700] tipc: Resetting bearer [ 336.784614][ T6247] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.825129][ T6690] Alternate GPT is invalid, using primary GPT. [ 336.832535][ T6690] loop3: p1 p2 p3 [ 336.935970][ T6705] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551615) [ 337.043112][ T5872] tipc: Node number set to 1951809992 [ 337.182089][ T6710] loop0: detected capacity change from 0 to 512 [ 337.277902][ T5907] iguanair 2-1:0.0: failed to get version [ 337.292726][ T6695] tipc: Resetting bearer [ 337.303610][ T5907] iguanair 2-1:0.0: probe with driver iguanair failed with error -110 [ 337.402980][ T6695] tipc: Disabling bearer [ 337.472041][ T5907] usb 2-1: USB disconnect, device number 6 [ 337.628494][ T6710] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 338.116525][ T6719] loop6: detected capacity change from 0 to 1024 [ 338.412604][ T6719] hfsplus: extend alloc file! (16384,256,150995124) [ 338.773192][ T6717] loop5: detected capacity change from 0 to 4096 [ 338.814784][ T5907] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 338.872061][ T6728] FAULT_INJECTION: forcing a failure. [ 338.872061][ T6728] name failslab, interval 1, probability 0, space 0, times 0 [ 338.885566][ T6728] CPU: 1 UID: 0 PID: 6728 Comm: syz.1.156 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 338.885745][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 338.885838][ T6728] Call Trace: [ 338.885896][ T6728] [ 338.885954][ T6728] __dump_stack+0x26/0x30 [ 338.886161][ T6728] dump_stack_lvl+0x1df/0x270 [ 338.886369][ T6728] dump_stack+0x1e/0x25 [ 338.886550][ T6728] should_fail_ex+0x7dc/0x8a0 [ 338.886794][ T6728] should_failslab+0x15b/0x200 [ 338.886988][ T6728] kmem_cache_alloc_node_noprof+0xf3/0xf00 [ 338.887220][ T6728] ? __alloc_skb+0x1e0/0x7d0 [ 338.887388][ T6728] ? kmsan_get_metadata+0xfb/0x160 [ 338.887569][ T6728] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 338.887771][ T6728] __alloc_skb+0x1e0/0x7d0 [ 338.887950][ T6728] netlink_alloc_large_skb+0xa5/0x280 [ 338.888129][ T6728] netlink_sendmsg+0xaea/0x1250 [ 338.888350][ T6728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 338.888526][ T6728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 338.888709][ T6728] __sock_sendmsg+0x333/0x3d0 [ 338.888930][ T6728] ____sys_sendmsg+0x7e0/0xd80 [ 338.889162][ T6728] ___sys_sendmsg+0x271/0x3b0 [ 338.889357][ T6728] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 338.889548][ T6728] ? __rcu_read_unlock+0x6d/0xd0 [ 338.889698][ T6728] ? __fget_files+0x3b4/0x4a0 [ 338.889883][ T6728] ? __fget_files+0x3b9/0x4a0 [ 338.890082][ T6728] ? kmsan_get_metadata+0xfb/0x160 [ 338.890262][ T6728] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 338.890459][ T6728] __sys_sendmsg+0x1aa/0x300 [ 338.890678][ T6728] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 338.890878][ T6728] ia32_sys_call+0x3f6c/0x4310 [ 338.891036][ T6728] __do_fast_syscall_32+0xb0/0x150 [ 338.891251][ T6728] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 338.891452][ T6728] do_fast_syscall_32+0x38/0x80 [ 338.891652][ T6728] do_SYSENTER_32+0x1f/0x30 [ 338.891845][ T6728] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 338.892046][ T6728] RIP: 0023:0xf7f14539 [ 338.892166][ T6728] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 338.892302][ T6728] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 338.892449][ T6728] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000940 [ 338.892553][ T6728] RDX: 0000000030040004 RSI: 0000000000000000 RDI: 0000000000000000 [ 338.892650][ T6728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 338.892742][ T6728] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 338.892836][ T6728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 338.892967][ T6728] [ 339.030907][ T5907] usb 7-1: Using ep0 maxpacket: 32 [ 339.568408][ T5989] udevd[5989]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 339.602293][ T6734] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 339.627084][ T6044] udevd[6044]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 339.697916][ T6623] udevd[6623]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 339.779105][ T5907] usb 7-1: unable to get BOS descriptor or descriptor too short [ 339.789463][ T6735] loop3: detected capacity change from 0 to 128 [ 339.853859][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 339.854024][ T30] audit: type=1800 audit(1755355667.063:22): pid=6715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.154" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 339.952734][ T5907] usb 7-1: config 129 has an invalid interface number: 249 but max is 0 [ 339.961721][ T5907] usb 7-1: config 129 has no interface number 0 [ 339.968349][ T5907] usb 7-1: config 129 interface 249 altsetting 247 bulk endpoint 0x81 has invalid maxpacket 32 [ 339.981311][ T5907] usb 7-1: config 129 interface 249 altsetting 247 endpoint 0xA has invalid wMaxPacketSize 0 [ 339.992668][ T5907] usb 7-1: config 129 interface 249 has no altsetting 0 [ 340.257221][ T5907] usb 7-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=2e.38 [ 340.267291][ T5907] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.276726][ T5907] usb 7-1: Product: syz [ 340.281410][ T5907] usb 7-1: Manufacturer: syz [ 340.286233][ T5907] usb 7-1: SerialNumber: syz [ 340.533975][ T6719] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 340.727240][ T6101] udevd[6101]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 340.750243][ T6737] loop1: detected capacity change from 0 to 1024 [ 340.773491][ T6659] udevd[6659]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 340.797039][ T6623] udevd[6623]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 341.353551][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.417399][ T6742] FAULT_INJECTION: forcing a failure. [ 341.417399][ T6742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 341.431237][ T6742] CPU: 0 UID: 0 PID: 6742 Comm: syz.5.159 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 341.431412][ T6742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 341.431503][ T6742] Call Trace: [ 341.431568][ T6742] [ 341.431626][ T6742] __dump_stack+0x26/0x30 [ 341.431822][ T6742] dump_stack_lvl+0x1df/0x270 [ 341.432028][ T6742] dump_stack+0x1e/0x25 [ 341.432211][ T6742] should_fail_ex+0x7dc/0x8a0 [ 341.432445][ T6742] should_fail+0x2a/0x40 [ 341.432647][ T6742] should_fail_usercopy+0x2e/0x40 [ 341.432799][ T6742] _copy_to_user+0x35/0x120 [ 341.432950][ T6742] ? __se_sys_capget+0x6ac/0x850 [ 341.433133][ T6742] __se_sys_capget+0x6d6/0x850 [ 341.433313][ T6742] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 341.433512][ T6742] __ia32_sys_capget+0x76/0xb0 [ 341.433675][ T6742] ia32_sys_call+0x3274/0x4310 [ 341.433828][ T6742] __do_fast_syscall_32+0xb0/0x150 [ 341.434032][ T6742] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 341.434238][ T6742] do_fast_syscall_32+0x38/0x80 [ 341.434434][ T6742] do_SYSENTER_32+0x1f/0x30 [ 341.434635][ T6742] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 341.434843][ T6742] RIP: 0023:0xf705e539 [ 341.434955][ T6742] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 341.435087][ T6742] RSP: 002b:00000000f544e55c EFLAGS: 00000206 ORIG_RAX: 00000000000000b8 [ 341.435240][ T6742] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000080000340 [ 341.435348][ T6742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 341.435437][ T6742] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 341.435526][ T6742] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 341.435618][ T6742] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 341.435749][ T6742] [ 341.746364][ T5907] smsc95xx v2.0.0 [ 341.813123][ T5907] smsc95xx 7-1:129.249 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 341.824847][ T5907] smsc95xx 7-1:129.249: probe with driver smsc95xx failed with error -71 [ 341.865085][ T5907] usb 7-1: USB disconnect, device number 2 [ 342.730244][ T6753] loop3: detected capacity change from 0 to 512 [ 342.798556][ T6758] FAULT_INJECTION: forcing a failure. [ 342.798556][ T6758] name failslab, interval 1, probability 0, space 0, times 0 [ 342.813185][ T6758] CPU: 0 UID: 0 PID: 6758 Comm: syz.1.163 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 342.813361][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 342.813455][ T6758] Call Trace: [ 342.813511][ T6758] [ 342.813568][ T6758] __dump_stack+0x26/0x30 [ 342.813766][ T6758] dump_stack_lvl+0x1df/0x270 [ 342.813975][ T6758] dump_stack+0x1e/0x25 [ 342.814163][ T6758] should_fail_ex+0x7dc/0x8a0 [ 342.814407][ T6758] should_failslab+0x15b/0x200 [ 342.814603][ T6758] __kmalloc_noprof+0x182/0x1310 [ 342.814802][ T6758] ? tomoyo_encode+0x626/0xa10 [ 342.814980][ T6758] ? prepend_path+0xff2/0x10c0 [ 342.815195][ T6758] ? kmsan_get_metadata+0xfb/0x160 [ 342.815385][ T6758] ? kmsan_get_metadata+0xfb/0x160 [ 342.815584][ T6758] tomoyo_encode+0x626/0xa10 [ 342.815806][ T6758] tomoyo_realpath_from_path+0x92e/0x9f0 [ 342.816044][ T6758] tomoyo_path_number_perm+0x1d0/0x7d0 [ 342.816291][ T6758] ? stack_depot_save_flags+0x35/0x7b0 [ 342.816531][ T6758] ? kmsan_get_metadata+0xfb/0x160 [ 342.816712][ T6758] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 342.816958][ T6758] tomoyo_file_ioctl+0x3d/0x50 [ 342.817243][ T6758] security_file_ioctl_compat+0x141/0x590 [ 342.817482][ T6758] __ia32_compat_sys_ioctl+0x150/0x1270 [ 342.817676][ T6758] ? kmsan_get_metadata+0xfb/0x160 [ 342.817854][ T6758] ? kmsan_get_metadata+0xfb/0x160 [ 342.818056][ T6758] ia32_sys_call+0x2d5f/0x4310 [ 342.818221][ T6758] __do_fast_syscall_32+0xb0/0x150 [ 342.818426][ T6758] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 342.818626][ T6758] do_fast_syscall_32+0x38/0x80 [ 342.818827][ T6758] do_SYSENTER_32+0x1f/0x30 [ 342.819021][ T6758] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.819227][ T6758] RIP: 0023:0xf7f14539 [ 342.819340][ T6758] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 342.819473][ T6758] RSP: 002b:00000000f541555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 342.819634][ T6758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005437 [ 342.819738][ T6758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 342.819830][ T6758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.819921][ T6758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 342.820014][ T6758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.820154][ T6758] [ 342.820267][ T6758] ERROR: Out of memory at tomoyo_realpath_from_path. [ 343.206317][ T6753] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.221362][ T6753] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 344.748971][ T6779] loop0: detected capacity change from 0 to 16 [ 344.886709][ T6779] erofs (device loop0): mounted with root inode @ nid 36. [ 345.520987][ T5173] udevd[5173]: worker [6623] terminated by signal 33 (Unknown signal 33) [ 345.529823][ T5173] udevd[5173]: worker [6623] failed while handling '/devices/virtual/block/loop3' [ 345.621481][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.629911][ T5173] udevd[5173]: worker [6625] terminated by signal 33 (Unknown signal 33) [ 345.640923][ T5173] udevd[5173]: worker [6625] failed while handling '/devices/virtual/block/loop0' [ 346.577724][ T6791] loop0: detected capacity change from 0 to 1024 [ 346.598330][ T6795] loop3: detected capacity change from 0 to 512 [ 346.803781][ T6795] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 346.817538][ T6795] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 346.936145][ T6800] IPVS: set_ctl: invalid protocol: 135 172.30.1.7:20003 [ 347.404431][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.453431][ T6815] loop0: detected capacity change from 0 to 512 [ 348.689452][ T6815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 348.703149][ T6815] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 348.722338][ T5872] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 349.002248][ T5872] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 349.014004][ T5872] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 349.024469][ T5872] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 349.034082][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.419860][ T6825] FAULT_INJECTION: forcing a failure. [ 349.419860][ T6825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.434432][ T6825] CPU: 0 UID: 0 PID: 6825 Comm: syz.1.183 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 349.434641][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 349.434732][ T6825] Call Trace: [ 349.434789][ T6825] [ 349.434846][ T6825] __dump_stack+0x26/0x30 [ 349.435043][ T6825] dump_stack_lvl+0x1df/0x270 [ 349.435248][ T6825] dump_stack+0x1e/0x25 [ 349.435434][ T6825] should_fail_ex+0x7dc/0x8a0 [ 349.435675][ T6825] should_fail+0x2a/0x40 [ 349.435877][ T6825] should_fail_usercopy+0x2e/0x40 [ 349.436032][ T6825] _copy_from_user+0x33/0x100 [ 349.436196][ T6825] alg_setkey+0x16f/0x3b0 [ 349.436369][ T6825] alg_setsockopt+0x503/0x760 [ 349.436538][ T6825] ? __pfx_alg_setsockopt+0x10/0x10 [ 349.436688][ T6825] __sys_setsockopt+0x43b/0x580 [ 349.436891][ T6825] __ia32_sys_setsockopt+0xf3/0x1a0 [ 349.437093][ T6825] ia32_sys_call+0x24c2/0x4310 [ 349.437247][ T6825] __do_fast_syscall_32+0xb0/0x150 [ 349.437475][ T6825] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 349.437673][ T6825] do_fast_syscall_32+0x38/0x80 [ 349.437870][ T6825] do_SYSENTER_32+0x1f/0x30 [ 349.438061][ T6825] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 349.438265][ T6825] RIP: 0023:0xf7f14539 [ 349.438381][ T6825] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 349.438514][ T6825] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 349.438667][ T6825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 349.438769][ T6825] RDX: 0000000000000001 RSI: 0000000080000080 RDI: 0000000000000002 [ 349.438862][ T6825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 349.438950][ T6825] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 349.439042][ T6825] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 349.439172][ T6825] [ 349.897567][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 349.913821][ T6826] loop6: detected capacity change from 0 to 128 [ 350.031166][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 350.252937][ T24] usb 2-1: device descriptor read/64, error -71 [ 350.366114][ T6831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.383045][ T6831] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.467292][ T6832] netlink: 'syz.5.182': attribute type 5 has an invalid length. [ 350.592392][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 350.622549][ T5907] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 350.658463][ T6831] loop3: detected capacity change from 0 to 256 [ 350.771794][ T24] usb 2-1: device descriptor read/64, error -71 [ 350.919940][ T24] usb usb2-port1: attempt power cycle [ 350.942174][ T5907] usb 4-1: config 0 has an invalid interface number: 100 but max is 0 [ 350.951034][ T5907] usb 4-1: config 0 has an invalid interface number: 66 but max is 0 [ 350.959488][ T5907] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 350.969088][ T5907] usb 4-1: config 0 has no interface number 0 [ 350.975609][ T5907] usb 4-1: config 0 has no interface number 1 [ 350.982524][ T5907] usb 4-1: config 0 interface 100 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 350.996910][ T5907] usb 4-1: config 0 interface 100 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 351.011889][ T5907] usb 4-1: too many endpoints for config 0 interface 66 altsetting 153: 216, using maximum allowed: 30 [ 351.023759][ T5907] usb 4-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0x12, changing to 0x2 [ 351.035927][ T5907] usb 4-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0xE6, changing to 0x86 [ 351.048346][ T5907] usb 4-1: config 0 interface 66 altsetting 153 endpoint 0x86 has invalid maxpacket 34869, setting to 1024 [ 351.060250][ T5907] usb 4-1: config 0 interface 66 altsetting 153 bulk endpoint 0x86 has invalid maxpacket 1024 [ 351.071769][ T5907] usb 4-1: config 0 interface 66 altsetting 153 has 2 endpoint descriptors, different from the interface descriptor's value: 216 [ 351.089355][ T5907] usb 4-1: config 0 interface 66 has no altsetting 0 [ 351.380419][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 351.385137][ T5907] usb 4-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=3c.ad [ 351.389704][ T6831] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xae1d59f7, utbl_chksum : 0xe619d30d) [ 351.402254][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.402417][ T5907] usb 4-1: Product: syz [ 351.402532][ T5907] usb 4-1: Manufacturer: syz [ 351.402648][ T5907] usb 4-1: SerialNumber: syz [ 351.487878][ T5872] aiptek 6-1:17.0: Aiptek using 400 ms programming speed [ 351.509672][ T5872] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input7 [ 351.520731][ T5907] usb 4-1: config 0 descriptor?? [ 351.544264][ T5907] port100 4-1:0.100: NFC: Could not find bulk-in or bulk-out endpoint [ 351.565818][ T5907] port100 4-1:0.66: NFC: Could not find bulk-in or bulk-out endpoint [ 351.571496][ T24] usb 2-1: device descriptor read/8, error -71 [ 351.646183][ T6831] exFAT-fs (loop3): error, in sector 160, dentry 12 should be unused, but 0x85 [ 351.662851][ T5872] input: failed to attach handler kbd to device input7, error: -5 [ 351.848556][ T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 351.891585][ T6841] loop6: detected capacity change from 0 to 128 [ 351.917342][ T5872] usb 6-1: USB disconnect, device number 4 [ 351.962916][ T24] usb 2-1: device descriptor read/8, error -71 [ 352.004235][ T42] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 352.076927][ T6841] FAULT_INJECTION: forcing a failure. [ 352.076927][ T6841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.082133][ T24] usb usb2-port1: unable to enumerate USB device [ 352.092062][ T6841] CPU: 0 UID: 0 PID: 6841 Comm: syz.6.187 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 352.092247][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 352.092337][ T6841] Call Trace: [ 352.092391][ T6841] [ 352.092444][ T6841] __dump_stack+0x26/0x30 [ 352.092634][ T6841] dump_stack_lvl+0x1df/0x270 [ 352.092844][ T6841] dump_stack+0x1e/0x25 [ 352.093023][ T6841] should_fail_ex+0x7dc/0x8a0 [ 352.093255][ T6841] should_fail+0x2a/0x40 [ 352.093481][ T6841] should_fail_usercopy+0x2e/0x40 [ 352.093632][ T6841] strncpy_from_user+0x38/0x470 [ 352.093814][ T6841] ? kmsan_get_metadata+0xfb/0x160 [ 352.093988][ T6841] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 352.094186][ T6841] getname_flags+0x179/0xac0 [ 352.094410][ T6841] __ia32_sys_renameat2+0xc9/0x210 [ 352.094632][ T6841] ia32_sys_call+0x3490/0x4310 [ 352.094782][ T6841] __do_fast_syscall_32+0xb0/0x150 [ 352.094976][ T6841] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 352.095172][ T6841] do_fast_syscall_32+0x38/0x80 [ 352.095363][ T6841] do_SYSENTER_32+0x1f/0x30 [ 352.095544][ T6841] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.095731][ T6841] RIP: 0023:0xf7f62539 [ 352.095840][ T6841] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 352.095973][ T6841] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000161 [ 352.096125][ T6841] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000200 [ 352.096231][ T6841] RDX: 00000000ffffff9c RSI: 0000000080000280 RDI: 0000000000000002 [ 352.096330][ T6841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.096419][ T6841] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 352.096511][ T6841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.096644][ T6841] [ 352.552131][ T42] usb 1-1: Using ep0 maxpacket: 16 [ 352.668236][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 352.722858][ T42] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 352.739527][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.750305][ T42] usb 1-1: Product: syz [ 352.754827][ T42] usb 1-1: Manufacturer: syz [ 352.759656][ T42] usb 1-1: SerialNumber: syz [ 352.940460][ T5907] usb 4-1: USB disconnect, device number 7 [ 352.943202][ T42] usb 1-1: config 0 descriptor?? [ 353.076370][ T42] hub 1-1:0.0: bad descriptor, ignoring hub [ 353.082695][ T42] hub 1-1:0.0: probe with driver hub failed with error -5 [ 353.101287][ T42] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input8 [ 353.432337][ T42] usb 1-1: USB disconnect, device number 5 [ 353.958423][ T11] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 354.220014][ T11] usb 7-1: Using ep0 maxpacket: 16 [ 354.271719][ T11] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 354.405646][ T11] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 354.415731][ T11] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.424594][ T11] usb 7-1: Product: syz [ 354.429080][ T11] usb 7-1: Manufacturer: syz [ 354.434392][ T11] usb 7-1: SerialNumber: syz [ 354.609364][ T11] usb 7-1: config 0 descriptor?? [ 354.664268][ T11] hub 7-1:0.0: bad descriptor, ignoring hub [ 354.675317][ T11] hub 7-1:0.0: probe with driver hub failed with error -5 [ 354.809120][ T11] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input9 [ 354.829511][ T6864] loop3: detected capacity change from 0 to 512 [ 354.944661][ T6864] EXT4-fs: Ignoring removed bh option [ 354.986727][ T6863] loop0: detected capacity change from 0 to 256 [ 355.022449][ T6864] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 355.109423][ T6863] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 355.121359][ T6863] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 355.255409][ T6864] EXT4-fs (loop3): 1 truncate cleaned up [ 355.264996][ T6864] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 355.464810][ T6863] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 355.857243][ T30] audit: type=1800 audit(1755355683.073:23): pid=6863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.194" name="file1" dev="loop0" ino=1048625 res=0 errno=0 [ 355.915510][ T6875] loop1: detected capacity change from 0 to 256 [ 356.030397][ T6875] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 356.042378][ T6875] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 356.123521][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.287612][ T6875] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 356.501747][ T30] audit: type=1800 audit(1755355683.703:24): pid=6875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.196" name="file1" dev="loop1" ino=1048626 res=0 errno=0 [ 356.627000][ T11] input: failed to attach handler mousedev to device input9, error: -5 [ 357.349609][ T5872] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 357.419229][ T6882] syzkaller0: entered promiscuous mode [ 357.425356][ T6882] syzkaller0: entered allmulticast mode [ 357.601532][ T5872] usb 4-1: Using ep0 maxpacket: 16 [ 357.682156][ T5872] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 357.691354][ T5872] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.699918][ T5872] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.708865][ T5872] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 357.717498][ T5872] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 357.726891][ T5872] usb 4-1: config 0 has no interface number 0 [ 357.733564][ T5872] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 357.774317][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.774625][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 357.819149][ T5872] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 357.829674][ T5872] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 357.840102][ T5872] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 357.860295][ T5872] usb 4-1: config 0 interface 125 has no altsetting 2 [ 357.989138][ T6886] loop0: detected capacity change from 0 to 1024 [ 358.281954][ T5872] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 358.292581][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.301242][ T5872] usb 4-1: Product: syz [ 358.305653][ T5872] usb 4-1: Manufacturer: syz [ 358.310598][ T5872] usb 4-1: SerialNumber: syz [ 358.341435][ T6886] hfsplus: bad catalog entry type [ 358.591044][ T5158] usb 7-1: reset high-speed USB device number 3 using dummy_hcd [ 358.603691][ T5872] usb 4-1: config 0 descriptor?? [ 358.673865][ T5872] usb 4-1: selecting invalid altsetting 2 [ 358.838920][ T5158] usb 7-1: device firmware changed [ 358.887540][ T5872] usb 4-1: USB disconnect, device number 8 [ 358.906754][ T11] usb 7-1: USB disconnect, device number 3 [ 358.996293][ T35] hfsplus: b-tree write err: -5, ino 4 [ 359.283413][ T11] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 359.538096][ T11] usb 7-1: Using ep0 maxpacket: 16 [ 359.621806][ T11] usb 7-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 359.631681][ T11] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.640107][ T11] usb 7-1: Product: syz [ 359.644876][ T11] usb 7-1: Manufacturer: syz [ 359.649706][ T11] usb 7-1: SerialNumber: syz [ 359.661619][ T6898] loop5: detected capacity change from 0 to 1024 [ 359.863925][ T11] usb 7-1: config 0 descriptor?? [ 359.929421][ T11] ssu100 7-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 360.102076][ T6900] loop1: detected capacity change from 0 to 512 [ 360.196964][ T6900] EXT4-fs: inline encryption not supported [ 360.207322][ T6900] EXT4-fs: Ignoring removed mblk_io_submit option [ 360.230042][ T6896] loop0: detected capacity change from 0 to 2048 [ 360.292420][ T6896] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 360.312626][ T6898] hfsplus: bad catalog entry type [ 360.316762][ T6900] EXT4-fs (loop1): Test dummy encryption mode enabled [ 360.474481][ T6900] EXT4-fs (loop1): orphan cleanup on readonly fs [ 360.537232][ T6905] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 360.631011][ T6900] EXT4-fs error (device loop1): ext4_orphan_get:1392: comm syz.1.204: inode #13: comm syz.1.204: iget: illegal inode # [ 360.651972][ T30] audit: type=1800 audit(1755355687.843:25): pid=6896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.203" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 360.762829][ T11] ssu100 7-1:0.0: probe with driver ssu100 failed with error -110 [ 360.781892][ T6900] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.204: couldn't read orphan inode 13 (err -117) [ 360.795369][ T6896] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 360.886076][ T6896] Remounting filesystem read-only [ 360.899801][ T6900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 360.976751][ T6896] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 360.986584][ T6896] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 360.993353][ T6908] syzkaller0: entered promiscuous mode [ 360.996291][ T6896] NILFS (loop0): error -5 truncating bmap (ino=15) [ 361.001902][ T6908] syzkaller0: entered allmulticast mode [ 361.110395][ T6900] EXT4-fs: inline encryption not supported [ 361.111646][ T5113] Bluetooth: hci1: unexpected event for opcode 0x2012 [ 361.117183][ T6900] EXT4-fs: Ignoring removed mblk_io_submit option [ 361.194447][ T4044] hfsplus: b-tree write err: -5, ino 4 [ 361.249064][ T6900] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 361.411116][ T6900] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.204: Abort forced by user [ 361.486866][ T6900] EXT4-fs (loop1): Remounting filesystem read-only [ 361.495586][ T6900] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 362.245020][ T5814] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.435969][ T5872] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 362.569692][ T5828] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 362.721170][ T5872] usb 4-1: Using ep0 maxpacket: 32 [ 362.784308][ T5872] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 362.894558][ T5872] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 362.905344][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=8, SerialNumber=0 [ 362.916697][ T5872] usb 4-1: Product: syz [ 362.923634][ T5872] usb 4-1: Manufacturer: syz [ 362.995832][ T42] usb 7-1: USB disconnect, device number 4 [ 363.088570][ T5872] usb 4-1: config 0 descriptor?? [ 363.097407][ T6916] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 363.406476][ T6916] IPVS: set_ctl: invalid protocol: 135 172.30.1.4:20003 [ 363.462141][ T42] usb 4-1: USB disconnect, device number 9 [ 363.547391][ T6927] loop0: detected capacity change from 0 to 1024 [ 363.771163][ T5872] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 364.074382][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.086204][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.103381][ T5872] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 364.114972][ T5872] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.275676][ T5872] usb 7-1: config 0 descriptor?? [ 364.851698][ T6936] loop1: detected capacity change from 0 to 128 [ 365.161676][ T5872] usbhid 7-1:0.0: can't add hid device: -71 [ 365.168576][ T5872] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 365.280095][ T5872] usb 7-1: USB disconnect, device number 5 [ 365.494698][ T11] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 365.720831][ T11] usb 4-1: Using ep0 maxpacket: 16 [ 365.789892][ T11] usb 4-1: unable to get BOS descriptor or descriptor too short [ 365.854879][ T11] usb 4-1: config 13 has an invalid interface number: 50 but max is 0 [ 365.865385][ T11] usb 4-1: config 13 has no interface number 0 [ 365.872928][ T11] usb 4-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16 [ 365.883597][ T11] usb 4-1: config 13 interface 50 has no altsetting 0 [ 366.151864][ T11] usb 4-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 366.161922][ T11] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.170373][ T11] usb 4-1: Product: syz [ 366.175458][ T11] usb 4-1: Manufacturer: syz [ 366.181176][ T11] usb 4-1: SerialNumber: syz [ 366.199873][ T6944] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 367.298494][ T5872] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 367.542042][ T5872] usb 6-1: Using ep0 maxpacket: 16 [ 367.542077][ T5907] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 367.585865][ T5872] usb 6-1: too many configurations: 123, using maximum allowed: 8 [ 367.632596][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.756355][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.843052][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.902167][ T5907] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 367.913566][ T5907] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 367.917659][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.091602][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.146664][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.219444][ T5907] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 368.230403][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 368.239553][ T5907] usb 2-1: SerialNumber: syz [ 368.245481][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.332746][ T5872] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.383996][ T6969] FAULT_INJECTION: forcing a failure. [ 368.383996][ T6969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 368.405985][ T6969] CPU: 1 UID: 0 PID: 6969 Comm: syz.6.222 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 368.406179][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 368.406274][ T6969] Call Trace: [ 368.406338][ T6969] [ 368.406401][ T6969] __dump_stack+0x26/0x30 [ 368.406603][ T6969] dump_stack_lvl+0x1df/0x270 [ 368.406819][ T6969] dump_stack+0x1e/0x25 [ 368.407005][ T6969] should_fail_ex+0x7dc/0x8a0 [ 368.407256][ T6969] should_fail+0x2a/0x40 [ 368.407460][ T6969] should_fail_usercopy+0x2e/0x40 [ 368.407618][ T6969] _copy_from_user+0x33/0x100 [ 368.407797][ T6969] strndup_user+0x206/0x3e0 [ 368.407990][ T6969] __se_sys_mount+0x6f/0x7d0 [ 368.408188][ T6969] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 368.408433][ T6969] ? kmsan_get_metadata+0xfb/0x160 [ 368.408615][ T6969] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 368.408825][ T6969] __ia32_sys_mount+0xe2/0x150 [ 368.409045][ T6969] ia32_sys_call+0x2c16/0x4310 [ 368.409202][ T6969] __do_fast_syscall_32+0xb0/0x150 [ 368.409415][ T6969] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 368.409617][ T6969] do_fast_syscall_32+0x38/0x80 [ 368.409824][ T6969] do_SYSENTER_32+0x1f/0x30 [ 368.410017][ T6969] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 368.410218][ T6969] RIP: 0023:0xf7f62539 [ 368.410327][ T6969] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 368.410475][ T6969] RSP: 002b:00000000f546555c EFLAGS: 00000206 ORIG_RAX: 0000000000000015 [ 368.410623][ T6969] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800000c0 [ 368.410730][ T6969] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 00000000800021c0 [ 368.410840][ T6969] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 368.410935][ T6969] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 368.411029][ T6969] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 368.411160][ T6969] [ 368.766476][ T5872] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 368.776353][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 368.785122][ T5872] usb 6-1: SerialNumber: syz [ 368.797869][ T5872] usb 6-1: config 0 descriptor?? [ 368.833925][ T5872] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input10 [ 368.998509][ T6965] FAULT_INJECTION: forcing a failure. [ 368.998509][ T6965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 369.016489][ T6965] CPU: 0 UID: 0 PID: 6965 Comm: syz.0.221 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 369.016670][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 369.016766][ T6965] Call Trace: [ 369.016822][ T6965] [ 369.016883][ T6965] __dump_stack+0x26/0x30 [ 369.017091][ T6965] dump_stack_lvl+0x1df/0x270 [ 369.017298][ T6965] dump_stack+0x1e/0x25 [ 369.017482][ T6965] should_fail_ex+0x7dc/0x8a0 [ 369.017731][ T6965] should_fail+0x2a/0x40 [ 369.017931][ T6965] should_fail_usercopy+0x2e/0x40 [ 369.018096][ T6965] _copy_to_user+0x35/0x120 [ 369.018267][ T6965] simple_read_from_buffer+0x1b2/0x340 [ 369.018482][ T6965] proc_fail_nth_read+0x1e0/0x2d0 [ 369.018659][ T6965] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 369.018822][ T6965] vfs_read+0x279/0xf90 [ 369.018994][ T6965] ? stack_depot_save_flags+0x35/0x7b0 [ 369.019216][ T6965] ? kmsan_get_metadata+0xfb/0x160 [ 369.019397][ T6965] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 369.019584][ T6965] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 369.019800][ T6965] __ia32_sys_read+0x1f9/0x4d0 [ 369.020015][ T6965] ia32_sys_call+0x18b8/0x4310 [ 369.020178][ T6965] __do_fast_syscall_32+0xb0/0x150 [ 369.020385][ T6965] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 369.020589][ T6965] do_fast_syscall_32+0x38/0x80 [ 369.020780][ T6965] do_SYSENTER_32+0x1f/0x30 [ 369.020966][ T6965] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 369.021163][ T6965] RIP: 0023:0xf7f57539 [ 369.021275][ T6965] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 369.021419][ T6965] RSP: 002b:00000000f5476590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 369.021568][ T6965] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5476620 [ 369.021679][ T6965] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000 [ 369.021791][ T6965] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 369.021887][ T6965] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 369.021983][ T6965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 369.022124][ T6965] [ 369.243933][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.385866][ T6959] netlink: 40 bytes leftover after parsing attributes in process `syz.1.219'. [ 369.441846][ T11] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 369.449089][ T11] usb 4-1: MIDIStreaming interface descriptor not found [ 369.548721][ T11] usb 4-1: USB disconnect, device number 10 [ 369.656821][ T5158] bcm5974 6-1:0.0: could not read from device [ 369.741395][ T5158] bcm5974 6-1:0.0: could not read from device [ 369.757844][ T5872] usb 6-1: USB disconnect, device number 5 [ 369.793298][ T5158] bcm5974 6-1:0.0: could not read from device [ 370.353599][ T11] usb 2-1: USB disconnect, device number 11 [ 370.642747][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 370.993357][ T6982] netlink: 40 bytes leftover after parsing attributes in process `syz.0.225'. [ 371.766732][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.930075][ T6988] loop5: detected capacity change from 0 to 2048 [ 371.942855][ T6988] EXT4-fs: Ignoring removed mblk_io_submit option [ 371.950122][ T6988] EXT4-fs: Ignoring removed nobh option [ 372.064381][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.223880][ T6988] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 372.299654][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.479847][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.679286][ T5173] udevd[5173]: worker [6883] terminated by signal 33 (Unknown signal 33) [ 372.741666][ T5173] udevd[5173]: worker [6883] failed while handling '/devices/virtual/block/loop5' [ 373.078862][ T6241] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.492749][ T35] bridge_slave_1: left allmulticast mode [ 373.498747][ T35] bridge_slave_1: left promiscuous mode [ 373.508256][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.535423][ T5173] udevd[5173]: worker [6659] terminated by signal 33 (Unknown signal 33) [ 373.601905][ T35] bridge_slave_0: left allmulticast mode [ 373.607810][ T35] bridge_slave_0: left promiscuous mode [ 373.618598][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.675847][ T5173] udevd[5173]: worker [6659] failed while handling '/devices/virtual/block/loop5' [ 374.762744][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.812487][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.838047][ T35] bond0 (unregistering): Released all slaves [ 375.032757][ T35] tipc: Left network mode [ 375.391405][ T35] dummy0: left promiscuous mode [ 375.412123][ T35] team0: left promiscuous mode [ 375.417146][ T35] team_slave_0: left promiscuous mode [ 375.424985][ T35] team_slave_1: left promiscuous mode [ 375.478378][ T35] hsr_slave_0: left promiscuous mode [ 375.494036][ T35] hsr_slave_1: left promiscuous mode [ 375.503140][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 375.512614][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 375.535938][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 375.544149][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 375.592310][ T35] veth1_macvtap: left promiscuous mode [ 375.598358][ T35] veth0_macvtap: left promiscuous mode [ 375.607870][ T35] veth1_vlan: left promiscuous mode [ 375.632200][ T35] veth0_vlan: left promiscuous mode [ 376.211515][ T5872] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 376.504485][ T5872] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 376.514205][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.522674][ T5872] usb 6-1: Product: syz [ 376.527079][ T5872] usb 6-1: Manufacturer: syz [ 376.532069][ T5872] usb 6-1: SerialNumber: syz [ 376.666305][ T5872] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 376.843798][ T24] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 377.026668][ T5907] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 377.284354][ T5907] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 377.295217][ T5907] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 377.363295][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 377.375646][ T7008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.386180][ T7008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.416963][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 377.444440][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 377.475176][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 377.512718][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 377.539431][ T5907] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 377.549258][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 377.557992][ T5907] usb 1-1: SerialNumber: syz [ 377.637475][ T7008] netlink: 256 bytes leftover after parsing attributes in process `syz.5.233'. [ 377.895268][ T7008] netlink: 8 bytes leftover after parsing attributes in process `syz.5.233'. [ 377.905689][ T7008] netlink: 12 bytes leftover after parsing attributes in process `syz.5.233'. [ 377.920966][ T7012] netlink: 40 bytes leftover after parsing attributes in process `syz.0.236'. [ 377.969198][ T24] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 377.980806][ T24] ath9k_htc: Failed to initialize the device [ 378.155607][ T24] usb 6-1: ath9k_htc: USB layer deinitialized [ 378.857191][ T35] team0 (unregistering): Port device team_slave_1 removed [ 378.898782][ T5872] usb 1-1: USB disconnect, device number 6 [ 378.903552][ T35] team0 (unregistering): Port device team_slave_0 removed [ 379.842081][ T5815] Bluetooth: hci1: command tx timeout [ 380.005763][ T5907] usb 6-1: USB disconnect, device number 6 [ 380.953401][ T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 381.158552][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 381.201943][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 381.211171][ T24] usb 4-1: config 1 has an invalid descriptor of length 5, skipping remainder of the config [ 381.222113][ T24] usb 4-1: config 1 interface 1 has no altsetting 0 [ 381.288663][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 381.302739][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.313716][ T24] usb 4-1: Product: syz [ 381.318189][ T24] usb 4-1: Manufacturer: syz [ 381.323670][ T24] usb 4-1: SerialNumber: syz [ 381.449929][ T7014] chnl_net:caif_netlink_parms(): no params data found [ 381.626783][ T7029] tc_dump_action: action bad kind [ 381.755092][ T24] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 381.766142][ T24] usb 4-1: found format II with max.bitrate = 2418, frame size=7 [ 381.776770][ T24] usb 4-1: 2:1: All rates were zero [ 381.914557][ T5815] Bluetooth: hci1: command tx timeout [ 381.940172][ T24] usb 4-1: USB disconnect, device number 11 [ 382.122961][ T6101] udevd[6101]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 382.596943][ T7014] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.607390][ T7014] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.615610][ T7014] bridge_slave_0: entered allmulticast mode [ 382.634175][ T7014] bridge_slave_0: entered promiscuous mode [ 382.684317][ T7014] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.692503][ T7014] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.700380][ T7014] bridge_slave_1: entered allmulticast mode [ 382.714755][ T7014] bridge_slave_1: entered promiscuous mode [ 382.898246][ T7014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.970974][ T7014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 383.143092][ T7014] team0: Port device team_slave_0 added [ 383.221093][ T7014] team0: Port device team_slave_1 added [ 383.498699][ T7014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 383.506416][ T7014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 383.532829][ T7014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 383.669231][ T7014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 383.676720][ T7014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 383.703850][ T7014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 383.994535][ T5815] Bluetooth: hci1: command tx timeout [ 384.131092][ T7042] loop3: detected capacity change from 0 to 128 [ 384.276069][ T7014] hsr_slave_0: entered promiscuous mode [ 384.287184][ T7014] hsr_slave_1: entered promiscuous mode [ 384.297169][ T7014] debugfs: 'hsr0' already exists in 'hsr' [ 384.303334][ T7014] Cannot create hsr debugfs directory [ 384.329904][ T30] audit: type=1800 audit(1755355711.533:26): pid=7042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.247" name="file1" dev="loop3" ino=1048627 res=0 errno=0 [ 384.432638][ T7042] FAT-fs (loop3): error, invalid FAT chain (i_pos 548, last_block 8) [ 384.441852][ T7042] FAT-fs (loop3): Filesystem has been set read-only [ 384.448942][ T7042] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522) [ 384.676593][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 384.732759][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 384.755809][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 384.824155][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 384.854957][ T5113] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 384.974004][ T7053] loop5: detected capacity change from 0 to 512 [ 385.053871][ T7053] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 385.109626][ T7053] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.250: invalid indirect mapped block 2683928664 (level 1) [ 385.183774][ T7053] EXT4-fs (loop5): Remounting filesystem read-only [ 385.215488][ T7053] EXT4-fs (loop5): 1 truncate cleaned up [ 385.234495][ T7053] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.353271][ T5907] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 385.760315][ T5907] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 385.770012][ T5907] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.778850][ T5907] usb 7-1: Product: syz [ 385.783613][ T5907] usb 7-1: Manufacturer: syz [ 385.788521][ T5907] usb 7-1: SerialNumber: syz [ 385.862068][ T5872] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 385.948987][ T7014] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 385.977774][ T5907] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 386.061470][ T5815] Bluetooth: hci1: command tx timeout [ 386.078199][ T5872] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 386.090038][ T5872] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.100310][ T5872] usb 4-1: config 0 interface 0 has no altsetting 0 [ 386.112646][ T5872] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 386.123315][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.163437][ T11] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 386.173404][ T6241] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.222954][ T7014] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 386.320832][ T7014] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 386.394904][ T5872] usb 4-1: config 0 descriptor?? [ 386.501414][ T7014] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 386.655669][ T7054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.667395][ T7054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.964274][ T7054] netlink: 256 bytes leftover after parsing attributes in process `syz.6.251'. [ 387.041481][ T5815] Bluetooth: hci4: command tx timeout [ 387.152529][ T5872] hid-steam 0003:28DE:1102.0001: unknown main item tag 0x0 [ 387.160234][ T5872] hid-steam 0003:28DE:1102.0001: unknown main item tag 0x0 [ 387.190058][ T5872] hid-steam 0003:28DE:1102.0001: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0 [ 387.224754][ T7054] netlink: 8 bytes leftover after parsing attributes in process `syz.6.251'. [ 387.239526][ T7054] netlink: 12 bytes leftover after parsing attributes in process `syz.6.251'. [ 387.265452][ T11] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 387.276436][ T11] ath9k_htc: Failed to initialize the device [ 387.381935][ T5872] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' connected [ 387.396426][ T5872] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0001/input/input11 [ 387.628398][ T11] usb 7-1: ath9k_htc: USB layer deinitialized [ 387.855421][ T5872] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 387.863154][ T5872] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 388.033404][ T5872] hid-steam 0003:28DE:1102.0002: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0 [ 388.245170][ T5896] usb 7-1: USB disconnect, device number 6 [ 388.334173][ T7058] loop3: detected capacity change from 0 to 2048 [ 388.481474][ T5872] usb 4-1: reset full-speed USB device number 12 using dummy_hcd [ 388.547792][ T7058] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 388.584098][ T7048] chnl_net:caif_netlink_parms(): no params data found [ 389.111532][ T5815] Bluetooth: hci4: command tx timeout [ 389.953643][ T7014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 390.129841][ T24] usb 4-1: USB disconnect, device number 12 [ 390.253697][ T7079] FAULT_INJECTION: forcing a failure. [ 390.253697][ T7079] name failslab, interval 1, probability 0, space 0, times 0 [ 390.259899][ T24] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' disconnected [ 390.266989][ T7079] CPU: 0 UID: 0 PID: 7079 Comm: syz.6.257 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 390.267155][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 390.267245][ T7079] Call Trace: [ 390.267302][ T7079] [ 390.267358][ T7079] __dump_stack+0x26/0x30 [ 390.267554][ T7079] dump_stack_lvl+0x1df/0x270 [ 390.267747][ T7079] dump_stack+0x1e/0x25 [ 390.267918][ T7079] should_fail_ex+0x7dc/0x8a0 [ 390.268145][ T7079] should_failslab+0x15b/0x200 [ 390.268329][ T7079] kmem_cache_alloc_node_noprof+0xf3/0xf00 [ 390.268536][ T7079] ? __alloc_skb+0x1e0/0x7d0 [ 390.268693][ T7079] ? kmsan_get_metadata+0xfb/0x160 [ 390.268865][ T7079] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 390.269054][ T7079] __alloc_skb+0x1e0/0x7d0 [ 390.269218][ T7079] netlink_alloc_large_skb+0xa5/0x280 [ 390.269386][ T7079] netlink_sendmsg+0xaea/0x1250 [ 390.269590][ T7079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.269757][ T7079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.269927][ T7079] __sock_sendmsg+0x333/0x3d0 [ 390.270130][ T7079] ____sys_sendmsg+0x7e0/0xd80 [ 390.270342][ T7079] ___sys_sendmsg+0x271/0x3b0 [ 390.270538][ T7079] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 390.270726][ T7079] ? __rcu_read_unlock+0x6d/0xd0 [ 390.270879][ T7079] ? __fget_files+0x3b4/0x4a0 [ 390.271068][ T7079] ? __fget_files+0x3b9/0x4a0 [ 390.271258][ T7079] ? kmsan_get_metadata+0xfb/0x160 [ 390.271435][ T7079] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 390.271632][ T7079] __sys_sendmsg+0x1aa/0x300 [ 390.271837][ T7079] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 390.272025][ T7079] ia32_sys_call+0x3f6c/0x4310 [ 390.272175][ T7079] __do_fast_syscall_32+0xb0/0x150 [ 390.272392][ T7079] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 390.272585][ T7079] do_fast_syscall_32+0x38/0x80 [ 390.272771][ T7079] do_SYSENTER_32+0x1f/0x30 [ 390.272954][ T7079] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 390.273138][ T7079] RIP: 0023:0xf7f62539 [ 390.273247][ T7079] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 390.273381][ T7079] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 390.273535][ T7079] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 390.273637][ T7079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 390.273725][ T7079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 390.273813][ T7079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 390.273903][ T7079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 390.274026][ T7079] [ 390.346633][ T7014] 8021q: adding VLAN 0 to HW filter on device team0 [ 390.391220][ T7078] loop3: detected capacity change from 0 to 256 [ 390.401925][ T7078] exfat: Deprecated parameter 'namecase' [ 390.731361][ T7078] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7edfe654, utbl_chksum : 0xe619d30d) [ 390.773742][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.781887][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 390.948361][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.956283][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.201920][ T5815] Bluetooth: hci4: command tx timeout [ 391.964384][ T7048] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.976240][ T7048] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.984430][ T7048] bridge_slave_0: entered allmulticast mode [ 391.995284][ T7048] bridge_slave_0: entered promiscuous mode [ 392.041581][ T7088] loop6: detected capacity change from 0 to 1024 [ 392.133673][ T7088] hfsplus: Unknown parameter '00000000000000000000Q%wQaXQ<%ioқ#Zܛk>XV47%ThF' [ 392.181165][ T7048] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.189094][ T7048] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.198000][ T7048] bridge_slave_1: entered allmulticast mode [ 392.356865][ T7048] bridge_slave_1: entered promiscuous mode [ 392.388800][ T7088] Bluetooth: MGMT ver 1.23 [ 392.633089][ T7088] netlink: 200 bytes leftover after parsing attributes in process `syz.6.260'. [ 392.644848][ T7088] unsupported nla_type 16404 [ 392.853955][ T7048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.014375][ T7048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.281477][ T5815] Bluetooth: hci4: command tx timeout [ 393.387715][ T7048] team0: Port device team_slave_0 added [ 393.488665][ T7048] team0: Port device team_slave_1 added [ 393.928515][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 393.936109][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.963496][ T7048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 394.178009][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 394.186497][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 394.219007][ T7048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 394.397484][ T7014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.538938][ T7119] loop6: detected capacity change from 0 to 256 [ 394.593986][ T7119] exfat: Unknown parameter '' [ 394.853834][ T7048] hsr_slave_0: entered promiscuous mode [ 394.865201][ T7048] hsr_slave_1: entered promiscuous mode [ 394.874730][ T7048] debugfs: 'hsr0' already exists in 'hsr' [ 394.880959][ T7048] Cannot create hsr debugfs directory [ 395.391018][ T7127] FAULT_INJECTION: forcing a failure. [ 395.391018][ T7127] name failslab, interval 1, probability 0, space 0, times 0 [ 395.404274][ T7127] CPU: 1 UID: 0 PID: 7127 Comm: syz.6.268 Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 395.404458][ T7127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 395.404553][ T7127] Call Trace: [ 395.404611][ T7127] [ 395.404673][ T7127] __dump_stack+0x26/0x30 [ 395.404879][ T7127] dump_stack_lvl+0x1df/0x270 [ 395.405091][ T7127] dump_stack+0x1e/0x25 [ 395.405272][ T7127] should_fail_ex+0x7dc/0x8a0 [ 395.405515][ T7127] should_failslab+0x15b/0x200 [ 395.405723][ T7127] kmem_cache_alloc_node_noprof+0xf3/0xf00 [ 395.405941][ T7127] ? __alloc_skb+0x1e0/0x7d0 [ 395.406106][ T7127] ? kmsan_get_metadata+0xfb/0x160 [ 395.406291][ T7127] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 395.406495][ T7127] __alloc_skb+0x1e0/0x7d0 [ 395.406673][ T7127] netlink_alloc_large_skb+0xa5/0x280 [ 395.406863][ T7127] netlink_sendmsg+0xaea/0x1250 [ 395.407078][ T7127] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.407258][ T7127] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.407444][ T7127] __sock_sendmsg+0x333/0x3d0 [ 395.407663][ T7127] ____sys_sendmsg+0x7e0/0xd80 [ 395.407897][ T7127] ___sys_sendmsg+0x271/0x3b0 [ 395.408092][ T7127] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 395.408296][ T7127] ? __rcu_read_unlock+0x6d/0xd0 [ 395.408463][ T7127] ? __fget_files+0x3b4/0x4a0 [ 395.408667][ T7127] ? __fget_files+0x3b9/0x4a0 [ 395.408887][ T7127] ? kmsan_get_metadata+0xfb/0x160 [ 395.409069][ T7127] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 395.409275][ T7127] __sys_sendmsg+0x1aa/0x300 [ 395.409497][ T7127] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 395.409703][ T7127] ia32_sys_call+0x3f6c/0x4310 [ 395.409870][ T7127] __do_fast_syscall_32+0xb0/0x150 [ 395.410078][ T7127] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 395.410282][ T7127] do_fast_syscall_32+0x38/0x80 [ 395.410489][ T7127] do_SYSENTER_32+0x1f/0x30 [ 395.410677][ T7127] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.410887][ T7127] RIP: 0023:0xf7f62539 [ 395.410999][ T7127] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 395.411144][ T7127] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 395.411296][ T7127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 395.411406][ T7127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 395.411500][ T7127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.411594][ T7127] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 395.411693][ T7127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.411829][ T7127] [ 395.428976][ T7126] netlink: 32 bytes leftover after parsing attributes in process `syz.5.267'. [ 395.667697][ T49] Bluetooth: hci2: command 0x0406 tx timeout [ 395.711988][ T5823] Bluetooth: hci0: command 0x0406 tx timeout [ 397.420238][ T7048] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 397.558047][ T7048] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 397.663486][ T7048] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 397.748044][ T7048] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 398.310986][ T7014] veth0_vlan: entered promiscuous mode [ 398.486851][ T7014] veth1_vlan: entered promiscuous mode [ 398.951068][ T7014] veth0_macvtap: entered promiscuous mode [ 399.003366][ T7014] veth1_macvtap: entered promiscuous mode [ 399.259795][ T7014] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.378778][ T7014] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.500210][ T4222] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.538061][ T4222] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.619159][ T4222] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.686537][ T7048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.710721][ T4222] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.954677][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 400.074723][ T7048] 8021q: adding VLAN 0 to HW filter on device team0 [ 400.247417][ T24] usb 7-1: config 0 has an invalid interface number: 73 but max is 0 [ 400.256369][ T24] usb 7-1: config 0 has no interface number 0 [ 400.337491][ T4044] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.345194][ T4044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.407283][ T24] usb 7-1: New USB device found, idVendor=06f8, idProduct=300c, bcdDevice=39.64 [ 400.416905][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.425440][ T24] usb 7-1: Product: syz [ 400.429858][ T24] usb 7-1: Manufacturer: syz [ 400.435251][ T24] usb 7-1: SerialNumber: syz [ 400.518992][ T4044] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.526949][ T4044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.645501][ T7168] netlink: 32 bytes leftover after parsing attributes in process `syz.5.279'. [ 400.684992][ T24] usb 7-1: config 0 descriptor?? [ 402.324348][ T24] usb 7-1: Found UVC 0.00 device syz (06f8:300c) [ 402.331445][ T24] usb 7-1: No valid video chain found. [ 402.431503][ T24] usb 7-1: USB disconnect, device number 7 [ 403.390795][ T7048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 404.344901][ T7203] loop5: detected capacity change from 0 to 128 [ 406.133581][ T5113] Bluetooth: hci2: unexpected event for opcode 0x0c24 [ 406.624358][ T7228] bridge1: entered promiscuous mode [ 407.080354][ T7048] veth0_vlan: entered promiscuous mode [ 407.359597][ T7048] veth1_vlan: entered promiscuous mode [ 407.831632][ T7048] veth0_macvtap: entered promiscuous mode [ 407.893149][ T7048] veth1_macvtap: entered promiscuous mode [ 408.046570][ T7237] loop5: detected capacity change from 0 to 1024 [ 408.209712][ T7048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.447329][ T7048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.682489][ T35] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.759667][ T35] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.814465][ T35] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.827571][ T5998] ===================================================== [ 408.836419][ T5998] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0xf0e/0x33f0 [ 408.848955][ T5998] _copy_to_iter+0xf0e/0x33f0 [ 408.855441][ T5998] copy_page_to_iter+0x482/0x910 [ 408.860920][ T5998] filemap_read+0x1cda/0x2300 [ 408.865844][ T5998] blkdev_read_iter+0x89f/0xb00 [ 408.871159][ T5998] vfs_read+0x8ed/0xf90 [ 408.875531][ T5998] __x64_sys_read+0x1fb/0x4d0 [ 408.880421][ T5998] x64_sys_call+0x2f9c/0x3e20 [ 408.885592][ T5998] do_syscall_64+0xd9/0x210 [ 408.890608][ T5998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.896710][ T5998] [ 408.899124][ T5998] Uninit was stored to memory at: [ 408.904674][ T5998] copy_folio_from_iter_atomic+0x18f2/0x3c10 [ 408.911194][ T5998] generic_perform_write+0x8b1/0x1050 [ 408.914778][ T4044] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.916807][ T5998] shmem_file_write_iter+0x2b7/0x2f0 [ 408.931289][ T5998] lo_rw_aio+0x1268/0x1590 [ 408.935907][ T5998] loop_process_work+0xe30/0x1ec0 [ 408.945664][ T5998] loop_workfn+0x3e/0x60 [ 408.950125][ T5998] process_scheduled_works+0xb91/0x1d80 [ 408.962004][ T5998] worker_thread+0xedf/0x1590 [ 408.967084][ T5998] kthread+0xd59/0xf00 [ 408.972984][ T5998] ret_from_fork+0x1e3/0x310 [ 408.977793][ T5998] ret_from_fork_asm+0x1a/0x30 [ 408.983087][ T5998] [ 408.985514][ T5998] Uninit was stored to memory at: [ 408.991275][ T5998] hfsplus_bnode_write+0x290/0xa10 [ 408.996717][ T5998] hfsplus_brec_insert+0xaec/0x1540 [ 409.004286][ T5998] hfsplus_create_cat+0x1396/0x1910 [ 409.009810][ T5998] hfsplus_link+0x79e/0xc30 [ 409.014680][ T5998] vfs_link+0x8eb/0xb30 [ 409.019333][ T5998] do_linkat+0x4af/0x1040 [ 409.024141][ T5998] __ia32_sys_link+0xd7/0x140 [ 409.029052][ T5998] ia32_sys_call+0x3684/0x4310 [ 409.034096][ T5998] __do_fast_syscall_32+0xb0/0x150 [ 409.039527][ T5998] do_fast_syscall_32+0x38/0x80 [ 409.050873][ T5998] do_SYSENTER_32+0x1f/0x30 [ 409.055614][ T5998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.063544][ T5998] [ 409.065970][ T5998] Uninit was stored to memory at: [ 409.071444][ T5998] hfsplus_create_cat+0x1748/0x1910 [ 409.076859][ T5998] hfsplus_link+0x79e/0xc30 [ 409.081732][ T5998] vfs_link+0x8eb/0xb30 [ 409.086099][ T5998] do_linkat+0x4af/0x1040 [ 409.090791][ T5998] __ia32_sys_link+0xd7/0x140 [ 409.095686][ T5998] ia32_sys_call+0x3684/0x4310 [ 409.100766][ T5998] __do_fast_syscall_32+0xb0/0x150 [ 409.106141][ T5998] do_fast_syscall_32+0x38/0x80 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 409.111364][ T5998] do_SYSENTER_32+0x1f/0x30 [ 409.116610][ T5998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.123470][ T5998] [ 409.125893][ T5998] Uninit was created at: [ 409.130417][ T5998] __alloc_frozen_pages_noprof+0x689/0xf00 [ 409.137155][ T5998] alloc_pages_mpol+0x328/0x860 [ 409.142343][ T5998] alloc_frozen_pages_noprof+0xf7/0x200 [ 409.153022][ T5998] allocate_slab+0x24d/0x1220 [ 409.157921][ T5998] ___slab_alloc+0x1024/0x34e0 [ 409.165630][ T5998] kmem_cache_alloc_lru_noprof+0x922/0xed0 [ 409.171869][ T5998] hfsplus_alloc_inode+0x5a/0xd0 [ 409.177040][ T5998] alloc_inode+0x8a/0x4a0 [ 409.182371][ T5998] iget_locked+0x239/0x12d0 [ 409.187224][ T5998] hfsplus_iget+0x5c/0xb80 [ 409.191945][ T5998] hfsplus_btree_open+0x128/0x1cf0 [ 409.197327][ T5998] hfsplus_fill_super+0x1161/0x2730 [ 409.202931][ T5998] get_tree_bdev_flags+0x6e3/0x920 [ 409.208283][ T5998] get_tree_bdev+0x38/0x50 [ 409.213103][ T5998] hfsplus_get_tree+0x35/0x40 [ 409.217983][ T5998] vfs_get_tree+0xb0/0x5c0 [ 409.222841][ T5998] do_new_mount+0x733/0x1420 [ 409.227666][ T5998] path_mount+0x6db/0x1e90 [ 409.232405][ T5998] __se_sys_mount+0x6eb/0x7d0 [ 409.237350][ T5998] __ia32_sys_mount+0xe2/0x150 [ 409.242448][ T5998] ia32_sys_call+0x2c16/0x4310 [ 409.247421][ T5998] __do_fast_syscall_32+0xb0/0x150 [ 409.257708][ T5998] do_fast_syscall_32+0x38/0x80 [ 409.265784][ T5998] do_SYSENTER_32+0x1f/0x30 [ 409.271103][ T5998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 409.277863][ T5998] [ 409.280287][ T5998] Bytes 472-475 of 3072 are uninitialized [ 409.286473][ T5998] Memory access of size 3072 starts at ffff888046733000 [ 409.293685][ T5998] Data copied to user address 00007fb97e85b400 [ 409.299959][ T5998] [ 409.302529][ T5998] CPU: 1 UID: 0 PID: 5998 Comm: udevd Not tainted 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 409.314677][ T5998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.325124][ T5998] ===================================================== [ 409.332328][ T5998] Disabling lock debugging due to kernel taint [ 409.338615][ T5998] Kernel panic - not syncing: kmsan.panic set ... [ 409.345384][ T5998] CPU: 1 UID: 0 PID: 5998 Comm: udevd Tainted: G B 6.17.0-rc1-syzkaller-00199-gdfd4b508c8c6 #0 PREEMPT(none) [ 409.358818][ T5998] Tainted: [B]=BAD_PAGE [ 409.363089][ T5998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.373384][ T5998] Call Trace: [ 409.376866][ T5998] [ 409.379908][ T5998] __dump_stack+0x26/0x30 [ 409.384462][ T5998] dump_stack_lvl+0x53/0x270 [ 409.389366][ T5998] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 409.395616][ T5998] dump_stack+0x1e/0x25 [ 409.400016][ T5998] vpanic+0x361/0xc50 [ 409.404292][ T5998] panic+0x15d/0x160 [ 409.408470][ T5998] kmsan_report+0x31c/0x320 [ 409.413202][ T5998] ? kmsan_internal_check_memory+0x16c/0x230 [ 409.419391][ T5998] ? kmsan_copy_to_user+0xf1/0x190 [ 409.424733][ T5998] ? _copy_to_iter+0xf0e/0x33f0 [ 409.429825][ T5998] ? copy_page_to_iter+0x482/0x910 [ 409.435182][ T5998] ? filemap_read+0x1cda/0x2300 [ 409.440452][ T5998] ? blkdev_read_iter+0x89f/0xb00 [ 409.445717][ T5998] ? vfs_read+0x8ed/0xf90 [ 409.450260][ T5998] ? __x64_sys_read+0x1fb/0x4d0 [ 409.455959][ T5998] ? x64_sys_call+0x2f9c/0x3e20 [ 409.461057][ T5998] ? do_syscall_64+0xd9/0x210 [ 409.466149][ T5998] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.472633][ T5998] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 409.479017][ T5998] ? up_read+0x6a/0xf0 [ 409.483297][ T5998] ? do_user_addr_fault+0x1a1a/0x2560 [ 409.488933][ T5998] ? kmsan_get_metadata+0xfb/0x160 [ 409.494555][ T5998] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 409.500740][ T5998] kmsan_internal_check_memory+0x16c/0x230 [ 409.506792][ T5998] kmsan_copy_to_user+0xf1/0x190 [ 409.512084][ T5998] _copy_to_iter+0xf0e/0x33f0 [ 409.517029][ T5998] ? kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 409.523314][ T5998] ? filemap_get_pages+0x371e/0x3a60 [ 409.528906][ T5998] ? kmsan_get_metadata+0xfb/0x160 [ 409.534273][ T5998] copy_page_to_iter+0x482/0x910 [ 409.539486][ T5998] ? kmsan_get_metadata+0xfb/0x160 [ 409.544874][ T5998] filemap_read+0x1cda/0x2300 [ 409.549944][ T5998] ? kmsan_get_metadata+0xfb/0x160 [ 409.555290][ T5998] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 409.561366][ T5998] ? __rcu_read_unlock+0x6d/0xd0 [ 409.566521][ T5998] ? aa_file_perm+0x41c/0x2140 [ 409.571592][ T5998] ? aa_file_perm+0x549/0x2140 [ 409.576595][ T5998] ? kmsan_get_metadata+0xfb/0x160 [ 409.582006][ T5998] blkdev_read_iter+0x89f/0xb00 [ 409.587235][ T5998] vfs_read+0x8ed/0xf90 [ 409.591727][ T5998] ? __pfx_blkdev_read_iter+0x10/0x10 [ 409.597472][ T5998] __x64_sys_read+0x1fb/0x4d0 [ 409.602412][ T5998] x64_sys_call+0x2f9c/0x3e20 [ 409.607438][ T5998] do_syscall_64+0xd9/0x210 [ 409.612216][ T5998] ? clear_bhb_loop+0x40/0x90 [ 409.617104][ T5998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.623214][ T5998] RIP: 0033:0x7fb97e0a7407 [ 409.627876][ T5998] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 409.647706][ T5998] RSP: 002b:00007ffcd407f850 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 409.656334][ T5998] RAX: ffffffffffffffda RBX: 00007fb97e86b880 RCX: 00007fb97e0a7407 [ 409.664494][ T5998] RDX: 0000000000002000 RSI: 00007fb97e85a000 RDI: 0000000000000009 [ 409.672818][ T5998] RBP: 00005591997df0b0 R08: 0000000000000000 R09: 0000000000000000 [ 409.681047][ T5998] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 409.689535][ T5998] R13: 0000000000018c00 R14: 00005591997e0ef8 R15: 00007fb97e99239c [ 409.697724][ T5998] [ 409.701307][ T5998] Kernel Offset: disabled [ 409.705894][ T5998] Rebooting in 86400 seconds..