last executing test programs: 19.597169641s ago: executing program 2 (id=612): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000640)=ANY=[@ANYBLOB="2011040600"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 19.108871895s ago: executing program 3 (id=616): r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x1015c1, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) fchdir(r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, 0x1, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) bpf$PROG_LOAD(0x5, 0x0, 0xfffffe3f) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)="f10ec5575fa16c2b0000b918463f", 0xe}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) recvmmsg(r3, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}, 0xb}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0xfa17}], 0x2, 0x40002123, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000100)={0x980900, 0x3, @name="6c14f9104c575323652bb05c9764e27d0235e28510452c132c1eaa54d11e47a7"}) r5 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r5, r5, 0x0, 0x802000009) 18.348995644s ago: executing program 3 (id=617): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan1\x00', 0x0}) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r3, &(0x7f0000000400)=ANY=[@ANYBLOB="03040000b500000001008aea0000feffd0ca678811498b16af26b92fb45cd70263"], 0xc8) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x9}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0xd, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x40890) dup3(r4, r3, 0x0) syz_emit_ethernet(0xda, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x2c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x2a, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @timestamp={0x44, 0x14, 0xd5, 0x0, 0xb, [0xc477, 0x3, 0x6, 0x736c71ea]}, @cipso={0x86, 0x47, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x0, 0xc, "df61168c24ac88ad078c"}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0xb, "f7d11634eea26b75af"}, {0x0, 0x9, "02a20948fd7406"}, {0x0, 0x10, "ccf0294e2a3bdb4aa40b249e8e0c"}]}, @timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xd}, 0x54) sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd27, 0x25dfdc03, {0x2, 0x20, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@RTA_DST={0x8, 0x1, @remote}, @RTA_SRC={0x8, 0x2, @broadcast}]}, 0x2c}}, 0x4040000) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x3c, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}], @NL80211_ATTR_PREV_BSSID={0xa}]}, 0x3c}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x24, r1, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r1, 0x400, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x1, 0x54}}}}, [@NL80211_ATTR_DISABLE_HT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x8060040) 18.277689195s ago: executing program 0 (id=618): msgctl$MSG_STAT(0xffffffffffffffff, 0xb, &(0x7f0000000100)=""/65) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="02000000040000000400000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x10, 0x3, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r3, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000500)='./file0\x00', 0x2200810, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8, @ANYRESHEX, @ANYRESDEC, @ANYRES64], 0x5, 0x25d, &(0x7f0000000f40)="$eJzs2s9rnEUcB+Dvm6a0pqQbf9uCOOhBvbw0OXtokBTEBUEboQrSt+aNLnndDXmXwIrYnBQ89ezJs3j0IAjSo5dc/As86CmXHHsQX0k2adMY0WKzG/R5Ljsw82HmnZkd5jBbr9z6aGV5MpaLfkxkWUxcjo24k8VMTMS+jXj5xWs/PvvWtXden2+3F95M6cr81dm5lNL5535495Nvnr/dP/f2t+e/PxObM+9tbc/9svnU5oWt369+2KlTp07dXj8V6Uav1y9uVGVa6tQreUq3qrKoy9Tp1uXaffXLVW91dZCK7tL01OpaWdep6A7SSjlI/V7qrw1S8UHR6aY8z9P0VPBvLH59p2liuzl9PZqmeeSrOHc7pn+OVmSPpuzxy9mT17OnN7IL203TGvdQORbW///twKF+NqL6fH1xfXH4O6yfX45OVFHGpWjFb7GzTfYMy1deay9cSrtm4rPq5l7+5vriqd38F/v52WjFzNH52WE+3Z8/E1MH+5/77rF44s/5X0+1F+aOzJ+Nl144kM+jFT+9H72oYil2svf6/3Q2pVffaB/KX9xtBwDwX5Onu468v+X5X9UP8w9wPzx0v5qMi5Pj/XYi6sHHK0VVlWsjKezsqX/QuDeC8WR7E/D3jZ+ZGNn8jKfw5ckYxjEVhudY3F3vh9zFQ/0Tnd7bkPsH4zinbgyHESN3b9HHPRIAAAAAAAAAAAAexKFHf63jeHI47m8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOtj8CAAD//13bww4=") lsetxattr(0x0, 0x0, 0x0, 0x0, 0x3) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) bind$inet(r4, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='veno', 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='./file0/file1\x00') ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000480)={{0x2, 0x4e21, @broadcast}, {0x307, @random="fd88ea4142f3"}, 0x1c, {0x2, 0x4e24, @private=0xa010102}, 'veth0_to_bridge\x00'}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, 0x0) 17.229021522s ago: executing program 3 (id=620): prctl$PR_SCHED_CORE(0x3e, 0x3, 0xffffffffffffffff, 0x2, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000040), 0x4, 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000000)=0xc) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003c00)=[{{&(0x7f0000000340)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x80, 0x0}}], 0x1, 0x4000001) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r3, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005004e24000008000b"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0) prlimit64(r1, 0x1, &(0x7f0000000380)={0x1, 0x100008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) setpriority(0x1, r1, 0xf) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8003, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x3554000) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x18, 0x0, &(0x7f0000000100)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) getrlimit(0x3, &(0x7f0000000140)) fadvise64(0xffffffffffffffff, 0x85f5, 0x4000000005, 0x4) 16.676757324s ago: executing program 3 (id=621): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x1, 0x0, {0xa}}, 0x14}}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={0x0, 0xfffffffd, 0x10}, 0xc) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r3, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r4, 0x2, {0x2, 0xf0, 0x2}, 0x2}, 0x18) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) 15.261102517s ago: executing program 2 (id=624): syz_open_dev$usbfs(&(0x7f0000000040), 0xfffffffffffffffb, 0x48b01) syz_open_dev$loop(&(0x7f0000000240), 0x8, 0x88e80) r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000480)={0x0, 0x9cd4, 0x80, 0x0, 0x400034f}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0x3000000, 0x0, 0x0, 0x0) 15.159966749s ago: executing program 3 (id=625): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r4, @ANYBLOB="05", @ANYRES16=r4, @ANYRES64=r4], 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000900)={'team_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x60, r6, 0x1, 0x70bd30, 0x25dfdbff, {}, [{{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x400}, 0x4040894) r9 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', r10, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x7800, 0xfffffffc, 0xdc64}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000680)={'gre0\x00', &(0x7f0000000500)={'syztnl0\x00', r7, 0x8040, 0x718, 0x0, 0x5, {{0x49, 0x4, 0x0, 0x0, 0x124, 0x65, 0x0, 0x4, 0x29, 0x0, @multicast2, @multicast2, {[@noop, @noop, @timestamp_addr={0x44, 0x14, 0x8, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}]}, @rr={0x7, 0x17, 0x48, [@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_addr={0x44, 0x54, 0xb, 0x1, 0x2, [{@loopback, 0x4}, {@loopback, 0x6}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x2bc}, {@loopback, 0x6}, {@private=0xa010100, 0xa2}, {@local, 0x1000}, {@multicast1, 0xd4}, {@remote, 0x81}, {@empty}, {@dev={0xac, 0x14, 0x14, 0x31}, 0x6}]}, @timestamp_addr={0x44, 0x44, 0xc5, 0x1, 0xe, [{@multicast2, 0x933}, {@multicast1, 0xf8d75da}, {@broadcast, 0x3}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x6}, {@private=0xa010102, 0x1ff}, {@multicast1, 0xffffffff}, {@local, 0x1000}, {@empty, 0xaf}]}, @timestamp_addr={0x44, 0x3c, 0x1e, 0x1, 0xa, [{@local, 0x1}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x8}, {@remote, 0x8}, {@remote, 0x8}, {@rand_addr=0x64010101, 0xfffffffa}, {@local, 0x9}, {@private=0xa010101, 0x3}]}, @rr={0x7, 0xf, 0xbf, [@private=0xa010100, @private=0xa010100, @empty]}]}}}}}) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000940)={0x28c, r1, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_WOL_MODES={0x80, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xa, 0x5, "286ed0bf0f0e"}, @ETHTOOL_A_BITSET_SIZE={0x0, 0x2, 0x8001}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_WOL_MODES={0x1e6, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x41c3}, @ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_MASK={0xbc, 0x5, "863f6965461c909c27f77ffea9f6862fbaff568ce449c934a5017ebc8926aa922a820757d4ca8ae2f3d489a417530792fe98cdc144147c976a085ebb39cd35dce2974c8ce7beca014cc9e0d1cd8230951540c117cfda123567091bde0ce46d5d5cd6ff500a4af1036e1506cfb39ca4cbda03af2f45649e3ff44cb30431082269935d6a1a98f61845f3c2ed9a20cfda73ff9e69d2210903ebbed5ab238b28f78026d6e084744c16d5d29a9bdb75f67ae3b7b9d2d5ee45cbcf"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xd}, @ETHTOOL_A_BITSET_MASK={0xe4, 0x5, "35fee8f1bc63ade269f9d0198cadb4228ff39143e09b928dfac6e952bc2becc8f30fa58b436840a1cfccad66471e239b2bb3ced211c0a0a7ba4bc0031d1ef283b28aaa0d23096788abe9247a0a9bde052b1012fe5789e8910d433cb6f8a7234870a19ce83f99aa3dd5a6c30fd3f99a3879806cd3863c0b3f7bcc99145c1770ec1688d91970e9cea5448a75e806b200cbf746a24323b00ebb173b0f6814870ae3a7c1020a7edd2546ce4b19da34ca6d33997fd4870e35947e1cd47118b52e4a0bb23cdc434831b045696bfd0917a5e2839823955d0b6615b34880363e315fc589"}]}, @ETHTOOL_A_WOL_MODES={0x0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x0, 0x3, 0x0, 0x1, [{0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x0, 0x1, 0x2}]}, {0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x0, 0x2, '\x00'}]}, {0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x0, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x0, 0x2, '-!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x0, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX, @ETHTOOL_A_BITSET_BIT_VALUE]}]}]}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_WOL_HEADER={0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r12}]}, @ETHTOOL_A_WOL_HEADER={0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'veth0_virt_wifi\x00'}]}, @ETHTOOL_A_WOL_SOPASS={0x0, 0x3, "85f7d1ca9e1f51bfded403013f559a967ecdaab3c74df9e8e06d6e47648c3d404ad0a94a135d4ae95d60f8ec7bf99c90fd14179dc0b9de11ea3f10656a574f3afc2d095c52f06adf3db85962"}]}, 0x28c}, 0x1, 0x0, 0x0, 0x8000}, 0x14) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r14, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000ac0)={[{@shortname_winnt}, {@utf8no}, {@fat=@usefree}, {@fat=@discard}, {@shortname_winnt}, {@fat=@errors_continue}, {@fat=@check_normal}, {@shortname_lower}, {@shortname_winnt}]}, 0xfd, 0x2c4, &(0x7f00000007c0)="$eJzs3U1rE1scx/Ff06ZNUtpkcblwL1zuQTfqYmjjKwjSghhQaiPqQpjaiYaMScnESERsd27d+R6K4MadYH0D3bhzL26KILjpQjrSTMakNX2yramd7wfCnMw5/5kzDwn/GTInazefPygXPato1xVLGMWUWNK6lFFMoYH2NNYqD6vbks6Pfv3w3/Vbt6/k8vmpGWOmc7MXs8aY8f/fPnry8sy7+uiN1+NvRrSaubP2Jftx9e/Vf9Y2ZsOlV+vGNnPVat2ecx0zX/LKljHXXMf2HFOqeE5tS33RrS4sNI1dmR/zF4MFVJqm7DRNvWrqtaax79mlirEsy4ylFDWDB44oLEt27lg6g35I9ppZq+XswZ6Vm8cfAABEzc/5v35L/n+/5JmSZyp75f8x7ZD/pxZqjucZu1f+L0Un/7+wdIjgwvLMjL3RM2nE6RDfvADI2an253cr8n8AAAAAAAAAAAAAAAAAAAAAAP4E676f9n0/HU7D14ikhDYSQSs/3e9+4njsfvyl8H1XyEAfu4sj1vXgXkJynzUKjUIwDepzRZXkytFEXPrWOh/agvL05fzUhGnJaMVdbMe3HhIcCeNDmd7xk0G86YpfbBTiSnWvP6u0/uodn90WH5fUKAzr3NmueEtpvb+rqlzNt87rTvzTSWMuXc1vW3+y1Q4AAAAAgNPAMj9ktl7/BqNJWpYJhw3ZVh/M7NwfUHqP+wNGK8PqxA/p36H+bTcAAAAAAFHiNR+Xbdd1alEuJHXwqCjuOqv9c7BdG/t+8Ncs+1zyi6S0Q1VMO1YduvBq9zafJZ2AHX7UhU8PgwO4n8b9/FYCAAAAcBw6SX+/ewIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHTtd/CwsP2vjD3WtbrB/mwlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ8DwAA//8T/xQn") ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_kvm_setup_cpu$x86(r14, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="f00fbb0c66b820ef1b9a0f23d04f71f866351000000d0f23f86664d8f40f017cea0f20d86635080000000f22d80f01c5650f30970f78c400c4666526f3a7ea0f007a00", 0x43}], 0x1, 0x42, 0x0, 0x0) 14.205078463s ago: executing program 2 (id=627): r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x1015c1, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) fchdir(r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, 0x1, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) bpf$PROG_LOAD(0x5, 0x0, 0xfffffe3f) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)="f10ec5575fa16c2b0000b918463f", 0xe}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) recvmmsg(r3, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}, 0xb}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0xfa17}], 0x2, 0x40002123, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000240)='./bus\x00', 0x1800840, &(0x7f0000000180)={[{@numtail}, {@fat=@showexec}, {@shortname_win95}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '863'}}, {@rodir}, {@shortname_winnt}, {@shortname_win95}, {@fat=@discard}, {@fat=@dos1xfloppy}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}]}, 0x1, 0x368, &(0x7f0000000600)="$eJzs3U9om2UYAPAn+9KmHWztQRgKwqc3Qcv+4EFPHaODYS4qYepBDK5TaeqgwWB3WFYv4lHwqCcv4kEPHnYWQRFvHrw6QabiQXcbOHwlyZcmadKuE7JZ/P0O4cn7Ps/3vm/2rfn6tXn7ynKsXZiJizdv3oi5uVKUl88sx61SLEYWfVdj3OyENgDgYLiVUvyZevZZUprylACAKeu+/792ZPv5XLzz9V75ybs/ABx4xff/83vlzO3WcWkqUwIApmzs/v+jI92zoz/qLw/9VgAAcFA9/+JLz5yuRjyX53MR6++2aq1aPD3oP30x3ohGrMbxWIjbEb0Lhc5Dqft49lx15Xie5+34ZTFqnYpWLWK93ar1rhROZ936SpyIhVgs6ourjZRSdvaL6sqJvCsirra748d6qVWbicPF+D8ejtU4GXk8MFYfca66cjIvDlBb79e3I7YG9y0681+Khfj+1bgUjbgwfz5S6l/WVFeunMjzM6k6Ut+qVeLC9quw6x0QAAAAAAAAAAAAAAAAAAAAAAD4V5a2iiDPF7f3v0mD/XuWlvK+xdH9cXplxf5AW739gVIlRUp/vP1E7b0sRvYH2rk/T6tWjkP3b9kAAAAAAAAAAAAAAAAAAADwn9LcnI16o7G60dy8vDYctDeam4ciotPy5reffTUf4zl3CMrFGENdedF0ea2esn5yykZyiiDrDN5v+fTa9oyHcyrbq5g4jcruXY3GkUd+/nDQ8nDWP/Lfg5wsJi8w2zGN4WD9aG9Kd/NCXT5VBCfvkHw9pbTbca68PF4VpYjy3f/D7R2kTvDNjdcfPNU89mS35cvU89jjC+evf/Dxb2v1RmfkjsYnsxvN22mtXjyffLLtHmRD508pekFp+Ewo71W+NdpSz374/YWH3v9uf6On4Za3JuRkveV8vtHcLBX/U7pds72g07ajar5xLovYcZyZCSf/FIJjHy3Xr1356dd9JZcirg6+SNioAwAAAAAAAAAAAAAAAAAA7omhz4oXig/7zuxV9dSz058ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANw7g7//PxRsjbXsJ/irHeNdldWNZsTR+71MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+5/4JAAD//5bCao8=") ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc008561c, &(0x7f0000000100)={0x980900, 0x3, @name="6c14f9104c575323652bb05c9764e27d0235e28510452c132c1eaa54d11e47a7"}) r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r4, r4, 0x0, 0x802000009) 13.576467845s ago: executing program 4 (id=628): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) userfaultfd(0x80001) syz_usb_connect(0x2, 0x47, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000a3233910daa658744d2d010203010902350001080010000904df0003080662050c022032ca18ba86000606030905071000020102070824"], 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000000)={0x13, 0x1, 0x3, "df4832c305f700ffffffe10048400a000086008300", 0x37303250}) 13.227635321s ago: executing program 0 (id=629): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x949300, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x8, "f5fa18d84d6ee322eb45ad9fb792c88021aabe8bb79980af95ff3bd56cf79e86"}) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000280)=0x1003) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = fanotify_init(0x1, 0x1000) r2 = add_key$keyring(&(0x7f0000000640), &(0x7f0000000680)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)=@keyring={'key_or_keyring:', 0x0, 0x2}) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8) fanotify_mark(r1, 0x441, 0x4800001a, r3, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==") mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) chdir(&(0x7f0000000300)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x58) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x121000, 0x0) fcntl$notify(r4, 0x402, 0x91ea6c1af182532) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8100, 0x22) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r4, &(0x7f00000004c0)='./bus\x00', 0x5) r5 = socket$netlink(0x10, 0x3, 0x9) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 12.442166967s ago: executing program 2 (id=630): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x2000000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x72, &(0x7f0000000000)=""/114}, 0x94) 11.793694761s ago: executing program 0 (id=631): prctl$PR_SCHED_CORE(0x3e, 0x3, 0xffffffffffffffff, 0x2, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000040), 0x4, 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000000)=0xc) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003c00)=[{{&(0x7f0000000340)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x80, 0x0}}], 0x1, 0x4000001) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9400000010000100"/20, @ANYRES32=r3, @ANYBLOB="0006000000000000240012800b00010067656e657665000014000280060005004e24000008000b"], 0x94}, 0x1, 0x2, 0x0, 0x804}, 0x0) prlimit64(r1, 0x1, &(0x7f0000000380)={0x1, 0x100008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) setpriority(0x1, r1, 0xf) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8003, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x3554000) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x18, 0x0, &(0x7f0000000100)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) getrlimit(0x3, &(0x7f0000000140)) fadvise64(0xffffffffffffffff, 0x85f5, 0x4000000005, 0x4) 11.679702689s ago: executing program 2 (id=633): capset(0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000000c0)={0x36, 0x2, 0x0, "b42c00", 0x494e4f4b}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x5000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0x1f400, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) shutdown(r1, 0x0) capget(&(0x7f0000000000)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000040)={0x9, 0x1ff, 0x90e1, 0x38d6, 0x0, 0xa9b}) 11.545620877s ago: executing program 3 (id=634): socket$inet6(0xa, 0x1, 0x8010000000000084) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) pipe2$watch_queue(0x0, 0x80) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0xa2a00) ioctl$EVIOCGSW(r4, 0x8040451b, &(0x7f0000000040)=""/108) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x604000, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, 0x0) fsopen(&(0x7f00000003c0)='gfs2meta\x00', 0x1) r7 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000000)={0x3, 0x5, 0x1, 0x0, 0x2}) ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000040)={0x7, @win={{0xde, 0x2, 0x6, 0x9}, 0x7, 0x4, &(0x7f00000001c0)={{0xffffff07, 0x4, 0x7, 0x8}, &(0x7f0000000180)={{0xd, 0x7, 0xe, 0x6}, &(0x7f0000000140)={{0x8, 0x200, 0x3, 0x3c38}}}}, 0x5, &(0x7f00000002c0), 0x3}}) sendfile(r1, r0, 0x0, 0x23b) 11.21789977s ago: executing program 1 (id=635): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000002b80)={&(0x7f00000017c0)='W8op', &(0x7f0000001980)=""/4096, &(0x7f0000002980), &(0x7f0000002a80), 0x1, r0}, 0x38) 11.163040723s ago: executing program 4 (id=636): sendto(0xffffffffffffffff, &(0x7f0000000140)="63b85f4d2038f6c6251854ee8105d216e4390272bfd22d37b728f9c962346cb4", 0x20, 0x8000004, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) request_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0) 11.03782559s ago: executing program 2 (id=637): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmmsg$unix(r0, 0x0, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004ec0)=ANY=[@ANYBLOB="28000000400007012bbd700000080000017a0300"], 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000180)={{{@in=@private=0xa010102, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 0x4e20, 0x0, 0x2, 0xa0, 0x20, 0x73, 0x0, 0xee00}, {0x8, 0xf, 0x81, 0x3a4, 0x4, 0x8, 0x6, 0x1}, {0x0, 0xffffffffffff98c9, 0x3ff, 0xffff}, 0x0, 0x6e6bc0, 0x2, 0x0, 0x6, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d3, 0x32}, 0xa, @in=@multicast2, 0x3500, 0x2, 0x1, 0x6, 0x0, 0x1, 0x5}}, 0xe8) socket(0x10, 0x3, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000030000005800018044000400200001000a000000000000000000000000000000400000000000000000000000200002000a00000000000000fc"], 0x6c}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r4, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r7, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r7, {0x5, 0x10}, {0xfff1, 0x9}, {0x2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000100)={'syztnl0\x00', 0x0}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r9, 0x0, 0x0, 0x700, 0x0) sendfile(r8, 0xffffffffffffffff, 0x0, 0x578410eb) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0) 10.518170659s ago: executing program 1 (id=638): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) recvfrom$inet6(r0, &(0x7f0000000500)=""/149, 0x95, 0x10021, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 10.279049778s ago: executing program 0 (id=639): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)={0x34, r1, 0xb97534d5fe9704cf, 0x70bd3c, 0x25dfdbfb, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x1c}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40880}, 0xc808) 10.278444431s ago: executing program 4 (id=640): r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000280)={@local}, &(0x7f00000003c0)=0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) syz_open_dev$I2C(&(0x7f0000000000), 0x800, 0x442a40) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x9}, 0x8) sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r4, &(0x7f0000000780)=[{&(0x7f0000000080)=""/116, 0x74}], 0x1, 0x8, 0xfffffffe) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00'}, 0x94) 9.456365568s ago: executing program 0 (id=641): syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0) syz_open_dev$vbi(&(0x7f0000000480), 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) epoll_create1(0x80000) socket$inet_sctp(0x2, 0x1, 0x84) socket(0xa, 0x2, 0x0) inotify_init() socket$inet_sctp(0x2, 0x1, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x85b8, 0x10100, 0x1, 0x1ad}, 0x0, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x3, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) socket(0x2, 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x5, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4ea5, 0x9, @mcast1, 0x8}, r2, 0x8001}}, 0x48) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 8.341951639s ago: executing program 1 (id=642): r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080) sendmsg$inet(r0, &(0x7f00000010c0)={&(0x7f0000000f00)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000f40)='i', 0x1}], 0x1}, 0x8010) r1 = socket$inet_udp(0x2, 0x2, 0x0) unshare(0x20020480) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r6, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x4008800) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000ac0)={'nat\x00', 0x0, 0x0, 0x0, [0x4, 0x8, 0xfffffffd, 0x0, 0x9, 0x5], 0x0, 0x0}, 0x78) 4.929316167s ago: executing program 0 (id=643): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs$pagemap(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x100, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/time_for_children\x00') syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xffffffff, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 4.669153935s ago: executing program 1 (id=644): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x20000253) 4.639661102s ago: executing program 4 (id=645): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) 3.443195949s ago: executing program 4 (id=646): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="737461636b203aae86ad47aa0d9495e6d80f7bde2d18ffb36cf152aed2d408fb58e305fc8e2f2f7d91f81b621cc4214d4a27e1614fbee0beac8f4a045070b770212d46d4a2df096b791f2a4ba218e12cb76aa24945b70a7c9dd5edeac52b5a876f73cfbe66371a72f11f3d9544d6b59b4a5541dcef5cbf11ffff37dfd147c8a3e5098a207be806ea7167101f8c1b5c8fe41e170fd0c775dbc5be0b6d3ab625ab702e5b1dc15f9c4b3d09be812f340e681e0694f5badf640da3fdfc2f929b4c2beb9a592c577287b6021bfeec24146c7f95608bb60a736207a09d9f47e89c4044eadde57cdefd15f25b822d2eaf2205df0d6b71b63ee0b63cb598f26509af36983578f6f4198a0843cc1b1bd780015007ab9709cc6211e3b5c685b972b5c5e95f054a7a9fe149282f679c8466b9734e3850ec98419dd0c887715902f9e7802842085bc606f30c2654869e9e3701fd0fc69137fe165592689465eebd5cafad7c29de2adadec42a818d8ee389ca1fe33a1ef23617c89116a3a458b56612e4c36c43a9150d5331adbb0beb01a062b1f1349fc2ecea76cb7c40cdfe378185f3099b1d71414d0fda5a47f8593260cc0bd723a4cca81435f041321635f91bcb15aac48883a9617fb4e58c19b18cf3a7e1299a07f45325fcd05a7c30f47e77073dcc584f7e0516cb74c55a0a2a30dc9f3163868f7c233ad1fff87a3c2a30f1312c3ad0fb71cc6433e9bd7c3209de0cba9552f5c7c04f24eccf206bdb745564539dd62d655a33d40a507660668c30f7720280c86c104e58d30d6cb65814e00b55ff9a33f3ed375dfb4b47d89a599f31a0d612827a8f6e2a73eb376e11160ddbc0d79e3a11d5a99fa9c98f559efeb1e0a196d6da225f8c145334989fae4eafc05bbad0dc880e923d6b2ed2890eed8255bd2f8296b8d689762aa02e1399045bc0cbec07ec937f2e6dfac960460574e2e00dc39221a4a0c31dbbfa4973e8b056afe87bdfe6bc1405d9ae867d05316247465aceddf5c95825d73a9b119dab89ac982fff04e5d140a8391bd6f1831a9b7519ba86abc94993fe918a1b640d57e276027d9ef490065235935407f7eda36490d0c96a16d2"], 0x564) set_mempolicy(0x8006, 0x0, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendmsg$can_bcm(r1, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) sendmsg$can_bcm(r1, 0x0, 0x0) 2.949380622s ago: executing program 1 (id=647): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x7, 0x4) bind$inet(r0, 0x0, 0x0) close(r0) 2.252714404s ago: executing program 1 (id=648): socket$nl_generic(0x11, 0x3, 0x10) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$key(0xf, 0x3, 0x2) pipe2(&(0x7f00000002c0), 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x1ff, 0x0, 0xfffffe0000000001, 0xfa11}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x200301, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xf400000000000000) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x90) r3 = syz_open_dev$video(&(0x7f0000000040), 0x7f, 0x0) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x3, 0x40000043, 0x41595556, 0x8, 0x0, 0xfffffff3, 0xc, 0xfeedcafe, 0x2, 0x6, 0x2, 0x1}}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x6, 0x1) 0s ago: executing program 4 (id=649): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x180, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x8, 0x20916e, 0x334e8b}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x1, 0x2ea472, 0x2eb80c}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x1000000}) kernel console output (not intermixed with test programs): 378.555031][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.566791][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.583723][ T5842] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 378.596332][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.625104][ T30] audit: type=1800 audit(1769337987.315:9): pid=7594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.361" name="file1" dev="loop2" ino=1415 res=0 errno=0 [ 378.824856][ T5842] usb 2-1: config 0 descriptor?? [ 378.877811][ T5842] hub 2-1:0.0: USB hub found [ 379.055786][ T5842] hub 2-1:0.0: 1 port detected [ 379.225804][ T10] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 379.277463][ T797] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 379.479355][ T797] usb 5-1: Using ep0 maxpacket: 8 [ 379.485618][ T10] usb 1-1: config 8 has an invalid interface number: 223 but max is 0 [ 379.494711][ T10] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 379.506872][ T10] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 379.517982][ T10] usb 1-1: config 8 has no interface number 0 [ 379.554594][ T9] usb 3-1: USB disconnect, device number 19 [ 379.588842][ T797] usb 5-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=81.67 [ 379.598511][ T797] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.609247][ T797] usb 5-1: Product: syz [ 379.614521][ T797] usb 5-1: Manufacturer: syz [ 379.619299][ T797] usb 5-1: SerialNumber: syz [ 379.686567][ T5842] hub 2-1:0.0: activate --> -90 [ 379.728085][ T10] usb 1-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 379.739657][ T10] usb 1-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 379.797233][ T797] usb 5-1: config 0 descriptor?? [ 379.851498][ T797] ipw 5-1:0.0: IPWireless converter converter detected [ 379.955737][ T10] usb 1-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 379.965991][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.974379][ T10] usb 1-1: Product: syz [ 379.975501][ T7602] loop1: detected capacity change from 0 to 128 [ 379.978682][ T10] usb 1-1: Manufacturer: syz [ 379.978777][ T10] usb 1-1: SerialNumber: syz [ 380.135102][ T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 380.333415][ T9] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 380.345590][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.538394][ T9] usb 4-1: config 0 descriptor?? [ 380.567114][ T10] usb 1-1: USB disconnect, device number 19 [ 380.821645][ T7618] tipc: Started in network mode [ 380.827179][ T7618] tipc: Node identity bea534d0cddb, cluster identity 4711 [ 380.842204][ T7618] tipc: Enabled bearer , priority 0 [ 380.967212][ T7618] syzkaller0: entered promiscuous mode [ 380.976345][ T7618] syzkaller0: entered allmulticast mode [ 380.984747][ T5842] hub 2-1:0.0: hub_ext_port_status failed (err = -32) [ 381.072689][ T9] hackrf 4-1:0.0: Board ID: 00 [ 381.077768][ T9] hackrf 4-1:0.0: Firmware version: [ 381.138655][ T9] hackrf 4-1:0.0: Registered as swradio24 [ 381.150715][ T7620] tipc: Resetting bearer [ 381.194328][ T9] videodev: could not get a free minor [ 381.200084][ T9] hackrf 4-1:0.0: Failed to register as video device (-23) [ 381.275042][ T9] hackrf 4-1:0.0: probe with driver hackrf failed with error -23 [ 381.455261][ T9] usb 4-1: USB disconnect, device number 28 [ 381.590406][ T7615] tipc: Resetting bearer [ 381.664701][ T7615] tipc: Disabling bearer [ 381.835457][ T5842] usb 2-1: USB disconnect, device number 12 [ 382.149700][ T9] usb 5-1: USB disconnect, device number 15 [ 382.203892][ T9] ipw 5-1:0.0: device disconnected [ 382.540566][ T7636] loop4: detected capacity change from 0 to 64 [ 383.039988][ T7644] tipc: Enabling of bearer rejected, failed to enable media [ 383.043460][ T7645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'. [ 383.942532][ T7644] loop0: detected capacity change from 0 to 40427 [ 384.191424][ T7644] F2FS-fs (loop0): invalid crc value [ 384.248646][ T7648] loop2: detected capacity change from 0 to 32768 [ 384.261642][ T7648] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.377 (7648) [ 384.292821][ T7648] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 384.303344][ T7648] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 384.563146][ T7644] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 384.573574][ T7644] F2FS-fs (loop0): Start checkpoint disabled! [ 384.592150][ T7644] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 384.614403][ T7644] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 384.709086][ T7648] BTRFS info (device loop2): rebuilding free space tree [ 384.856758][ T7648] BTRFS info (device loop2): disabling free space tree [ 384.864186][ T7648] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 384.874235][ T7648] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 384.977642][ T7648] BTRFS info (device loop2): setting nodatasum [ 384.984198][ T7648] BTRFS info (device loop2): setting nodatacow [ 384.990526][ T7648] BTRFS info (device loop2): turning off barriers [ 384.997252][ T7648] BTRFS info (device loop2): force clearing of disk cache [ 385.862191][ T5842] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 386.038607][ T5842] usb 5-1: config 8 has an invalid interface number: 223 but max is 0 [ 386.047341][ T5842] usb 5-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 386.060840][ T5842] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 386.072682][ T5842] usb 5-1: config 8 has no interface number 0 [ 386.178221][ T5842] usb 5-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 386.189958][ T5842] usb 5-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 386.344680][ T5842] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 386.354305][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.366796][ T5842] usb 5-1: Product: syz [ 386.371148][ T5842] usb 5-1: Manufacturer: syz [ 386.377296][ T5842] usb 5-1: SerialNumber: syz [ 386.611057][ T5789] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 386.694569][ T7680] FAULT_INJECTION: forcing a failure. [ 386.694569][ T7680] name failslab, interval 1, probability 0, space 0, times 0 [ 386.707754][ T7680] CPU: 0 UID: 0 PID: 7680 Comm: syz.1.383 Not tainted syzkaller #0 PREEMPT(voluntary) [ 386.707886][ T7680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 386.707970][ T7680] Call Trace: [ 386.708018][ T7680] [ 386.708067][ T7680] __dump_stack+0x26/0x30 [ 386.708224][ T7680] dump_stack_lvl+0x14c/0x1c0 [ 386.708375][ T7680] dump_stack+0x1e/0x25 [ 386.708513][ T7680] should_fail_ex+0x7da/0x8a0 [ 386.708703][ T7680] should_failslab+0x158/0x200 [ 386.708835][ T7680] kmem_cache_alloc_noprof+0x14f/0x1730 [ 386.709016][ T7680] ? kmsan_get_metadata+0xf1/0x160 [ 386.709187][ T7680] ? security_inode_alloc+0x85/0x6c0 [ 386.709335][ T7680] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 386.709512][ T7680] ? kmsan_get_metadata+0xf1/0x160 [ 386.709688][ T7680] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 386.709870][ T7680] ? kmsan_get_metadata+0xf1/0x160 [ 386.710048][ T7680] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 386.710238][ T7680] security_inode_alloc+0x85/0x6c0 [ 386.710402][ T7680] inode_init_always_gfp+0x754/0x8a0 [ 386.710595][ T7680] alloc_inode+0x129/0x4a0 [ 386.710772][ T7680] __sock_create+0x203/0xec0 [ 386.710919][ T7680] __sys_socket+0x133/0x400 [ 386.711038][ T7680] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 386.711229][ T7680] __x64_sys_socket+0x95/0x100 [ 386.711364][ T7680] x64_sys_call+0x15f9/0x3e70 [ 386.711526][ T7680] do_syscall_64+0xc9/0xf80 [ 386.711686][ T7680] ? clear_bhb_loop+0x40/0x90 [ 386.711827][ T7680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.711960][ T7680] RIP: 0033:0x7fc52119acb9 [ 386.712055][ T7680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.712164][ T7680] RSP: 002b:00007fc52207e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 386.712291][ T7680] RAX: ffffffffffffffda RBX: 00007fc521415fa0 RCX: 00007fc52119acb9 [ 386.712382][ T7680] RDX: 0000000000000025 RSI: 0000000000000003 RDI: 0000000000000022 [ 386.712461][ T7680] RBP: 00007fc52207e090 R08: 0000000000000000 R09: 0000000000000000 [ 386.712543][ T7680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.712621][ T7680] R13: 00007fc521416038 R14: 00007fc521415fa0 R15: 00007ffe28df07e8 [ 386.712754][ T7680] [ 386.834704][ T5842] usb 5-1: USB disconnect, device number 16 [ 386.840109][ T7680] socket: no more sockets [ 387.373413][ T7683] netlink: 200 bytes leftover after parsing attributes in process `syz.2.382'. [ 387.953378][ T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 388.252517][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 388.306027][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.386'. [ 388.319879][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.331358][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.341564][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 388.350936][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.642142][ T9] usb 4-1: config 0 descriptor?? [ 388.729808][ T9] hub 4-1:0.0: USB hub found [ 388.942462][ T9] hub 4-1:0.0: 1 port detected [ 389.236920][ T7698] loop0: detected capacity change from 0 to 4096 [ 389.294573][ T7698] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 389.550940][ T9] hub 4-1:0.0: activate --> -90 [ 389.580024][ T7698] ntfs3(loop0): ino=1a, mi_enum_attr [ 389.622488][ T7698] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 389.835103][ T7686] loop3: detected capacity change from 0 to 128 [ 390.614122][ T13] ntfs3(loop0): ino=1e, ni_find_attr [ 390.876509][ T7706] loop2: detected capacity change from 0 to 32768 [ 390.911460][ T9] hub 4-1:0.0: hub_ext_port_status failed (err = -32) [ 391.302369][ T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 391.368750][ T7708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.486345][ T9] usb 5-1: device descriptor read/64, error -71 [ 391.494699][ T7718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.665754][ T5842] usb 4-1: USB disconnect, device number 29 [ 391.757229][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 391.942158][ T9] usb 5-1: device descriptor read/64, error -71 [ 392.063903][ T9] usb usb5-port1: attempt power cycle [ 392.423136][ T5842] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 392.442268][ T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 392.523855][ T9] usb 5-1: device descriptor read/8, error -71 [ 392.629439][ T5842] usb 3-1: config 8 has an invalid interface number: 223 but max is 0 [ 392.638079][ T5842] usb 3-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 392.647372][ T5842] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 392.657802][ T5842] usb 3-1: config 8 has no interface number 0 [ 392.742177][ T5914] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 392.761568][ T5842] usb 3-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 392.772987][ T5842] usb 3-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 392.782211][ T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 392.847624][ T7731] loop1: detected capacity change from 0 to 1024 [ 392.865604][ T5842] usb 3-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 392.865780][ T9] usb 5-1: device descriptor read/8, error -71 [ 392.875161][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.875285][ T5842] usb 3-1: Product: syz [ 392.875381][ T5842] usb 3-1: Manufacturer: syz [ 392.875472][ T5842] usb 3-1: SerialNumber: syz [ 392.897810][ T7731] ext4: Unknown parameter 'subj_type' [ 392.900344][ T5914] usb 4-1: device descriptor read/64, error -71 [ 392.984814][ T9] usb usb5-port1: unable to enumerate USB device [ 393.093996][ T7731] 9p: Bad value for 'rfdno' [ 393.152498][ T5914] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 393.304664][ T5842] usb 3-1: USB disconnect, device number 20 [ 393.331242][ T5914] usb 4-1: device descriptor read/64, error -71 [ 393.446082][ T5914] usb usb4-port1: attempt power cycle [ 393.846598][ T5914] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 393.908724][ T5914] usb 4-1: device descriptor read/8, error -71 [ 394.202419][ T5914] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 394.228972][ T7739] loop4: detected capacity change from 0 to 256 [ 394.300574][ T5914] usb 4-1: device descriptor read/8, error -71 [ 394.426313][ T5914] usb usb4-port1: unable to enumerate USB device [ 394.489806][ T7739] FAT-fs (loop4): Directory bread(block 64) failed [ 394.512253][ T7739] FAT-fs (loop4): Directory bread(block 65) failed [ 394.562760][ T7739] FAT-fs (loop4): Directory bread(block 66) failed [ 394.569577][ T7739] FAT-fs (loop4): Directory bread(block 67) failed [ 394.632234][ T7739] FAT-fs (loop4): Directory bread(block 68) failed [ 394.644767][ T7739] FAT-fs (loop4): Directory bread(block 69) failed [ 394.651714][ T7739] FAT-fs (loop4): Directory bread(block 70) failed [ 394.732422][ T7739] FAT-fs (loop4): Directory bread(block 71) failed [ 394.739378][ T7739] FAT-fs (loop4): Directory bread(block 72) failed [ 394.812521][ T7739] FAT-fs (loop4): Directory bread(block 73) failed [ 394.913938][ T30] audit: type=1800 audit(1769338003.595:10): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.399" name="file0" dev="loop4" ino=1048612 res=0 errno=0 [ 394.947221][ T7739] syz.4.399: attempt to access beyond end of device [ 394.947221][ T7739] loop4: rw=8912896, sector=1160, nr_sectors = 4 limit=256 [ 394.992717][ T30] audit: type=1800 audit(1769338003.605:11): pid=7739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.399" name="file0" dev="loop4" ino=1048612 res=0 errno=0 [ 395.802172][ T9] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 396.156797][ T7764] loop3: detected capacity change from 0 to 512 [ 396.285623][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 396.328229][ T9] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 396.336559][ T9] usb 3-1: can't read configurations, error -71 [ 396.447439][ T7764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.494174][ T7771] loop0: detected capacity change from 0 to 164 [ 396.527395][ T7764] ext4 filesystem being mounted at /76/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 396.678683][ T7771] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 396.697201][ T7764] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #15: comm syz.3.406: corrupted xattr block 33: invalid ea_ino [ 396.717363][ T797] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 396.761255][ T7774] netlink: 'syz.1.409': attribute type 1 has an invalid length. [ 396.794599][ T7764] EXT4-fs (loop3): Remounting filesystem read-only [ 396.918094][ T797] usb 5-1: Using ep0 maxpacket: 32 [ 396.962445][ T797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.974593][ T797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.985121][ T797] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 396.994488][ T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.219330][ T797] usb 5-1: config 0 descriptor?? [ 397.260904][ T797] hub 5-1:0.0: USB hub found [ 397.407315][ T13] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 397.418529][ T13] Quota error (device loop3): write_blk: dquota write failed [ 397.432777][ T13] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 397.444617][ T13] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 397.455533][ T13] Quota error (device loop3): write_blk: dquota write failed [ 397.463217][ T13] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 397.531056][ T13] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 397.542359][ T13] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 397.574615][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.884860][ T5914] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 398.157524][ T5914] usb 2-1: config 8 has an invalid interface number: 223 but max is 0 [ 398.166640][ T5914] usb 2-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 398.175876][ T5914] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 398.186452][ T5914] usb 2-1: config 8 has no interface number 0 [ 398.256166][ T7780] loop2: detected capacity change from 0 to 32768 [ 398.266286][ T797] hub 5-1:0.0: 1 port detected [ 398.386907][ T5914] usb 2-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 398.399557][ T5914] usb 2-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 398.478179][ T797] hub 5-1:0.0: activate --> -90 [ 398.530166][ T7787] loop0: detected capacity change from 0 to 8 [ 398.559869][ T5914] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 398.570743][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.579591][ T5914] usb 2-1: Product: syz [ 398.584102][ T5914] usb 2-1: Manufacturer: syz [ 398.588858][ T5914] usb 2-1: SerialNumber: syz [ 398.606910][ T7787] squashfs: Unknown parameter 'subj_type' [ 398.716569][ T7768] loop4: detected capacity change from 0 to 128 [ 399.077378][ T5914] usb 2-1: USB disconnect, device number 13 [ 399.213041][ T7796] loop2: detected capacity change from 0 to 512 [ 399.344613][ T7796] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 399.403446][ T7796] EXT4-fs (loop2): orphan cleanup on readonly fs [ 399.525281][ T7796] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 399.534907][ T7796] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 399.545105][ T7796] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.415: Failed to acquire dquot type 1 [ 399.668218][ T7796] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.415: bg 0: block 64: padding at end of block bitmap is not set [ 399.769582][ T7796] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 399.792146][ T797] hub 5-1:0.0: hub_ext_port_status failed (err = -32) [ 399.858601][ T7796] EXT4-fs (loop2): 1 truncate cleaned up [ 399.954406][ T7796] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 400.416034][ T797] usb 5-1: USB disconnect, device number 21 [ 400.607859][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.992244][ T797] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 401.244393][ T797] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 401.253918][ T797] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.262244][ T797] usb 1-1: Product: syz [ 401.266633][ T797] usb 1-1: Manufacturer: syz [ 401.271428][ T797] usb 1-1: SerialNumber: syz [ 401.460339][ T797] usb 1-1: config 0 descriptor?? [ 401.801455][ T797] usb-storage 1-1:0.0: USB Mass Storage device detected [ 402.038406][ T797] usb 1-1: USB disconnect, device number 20 [ 402.273239][ T5914] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 402.722143][ T7835] FAULT_INJECTION: forcing a failure. [ 402.722143][ T7835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 402.735759][ T7835] CPU: 1 UID: 0 PID: 7835 Comm: syz.4.423 Not tainted syzkaller #0 PREEMPT(voluntary) [ 402.735890][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 402.735967][ T7835] Call Trace: [ 402.736010][ T7835] [ 402.736055][ T7835] __dump_stack+0x26/0x30 [ 402.736199][ T7835] dump_stack_lvl+0x14c/0x1c0 [ 402.736343][ T7835] dump_stack+0x1e/0x25 [ 402.736481][ T7835] should_fail_ex+0x7da/0x8a0 [ 402.736664][ T7835] should_fail+0x2a/0x40 [ 402.736811][ T7835] should_fail_usercopy+0x2e/0x40 [ 402.736980][ T7835] _copy_from_user+0x33/0x100 [ 402.737142][ T7835] do_sys_poll+0x23f/0x20f0 [ 402.737316][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.737531][ T7835] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 402.737682][ T7835] ? dummy_timer+0x6fd5/0x7050 [ 402.737857][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.738033][ T7835] ? kstrtouint+0x58/0x190 [ 402.738150][ T7835] ? kstrtouint+0x58/0x190 [ 402.738297][ T7835] ? _parse_integer_limit+0x3dc/0x440 [ 402.738438][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.738620][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.738809][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.738984][ T7835] ? __se_sys_ppoll+0x3a8/0x510 [ 402.739152][ T7835] ? __msan_warning+0x1b/0x30 [ 402.739309][ T7835] ? filter_irq_stacks+0x13f/0x190 [ 402.739490][ T7835] ? stack_depot_save_flags+0x35/0x790 [ 402.739647][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.739824][ T7835] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 402.740013][ T7835] ? set_user_sigmask+0x3d/0x310 [ 402.740148][ T7835] ? __se_sys_ppoll+0x3a8/0x510 [ 402.740318][ T7835] ? set_user_sigmask+0xd4/0x310 [ 402.740462][ T7835] ? __se_sys_ppoll+0x68/0x510 [ 402.740621][ T7835] ? __x64_sys_ppoll+0xe4/0x150 [ 402.740790][ T7835] __se_sys_ppoll+0x427/0x510 [ 402.740956][ T7835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 402.741133][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.741307][ T7835] ? kmsan_get_metadata+0xf1/0x160 [ 402.741490][ T7835] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 402.741681][ T7835] __x64_sys_ppoll+0xe4/0x150 [ 402.741865][ T7835] x64_sys_call+0x2a60/0x3e70 [ 402.742019][ T7835] do_syscall_64+0xc9/0xf80 [ 402.742164][ T7835] ? clear_bhb_loop+0x40/0x90 [ 402.742297][ T7835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.742438][ T7835] RIP: 0033:0x7f462ef9acb9 [ 402.742533][ T7835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.742642][ T7835] RSP: 002b:00007f462d1f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 402.742758][ T7835] RAX: ffffffffffffffda RBX: 00007f462f216090 RCX: 00007f462ef9acb9 [ 402.742846][ T7835] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 402.742930][ T7835] RBP: 00007f462d1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 402.743008][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 402.743082][ T7835] R13: 00007f462f216128 R14: 00007f462f216090 R15: 00007ffeaa292338 [ 402.743204][ T7835] [ 403.893872][ T7841] loop4: detected capacity change from 0 to 128 [ 403.951055][ T7841] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 403.968411][ T7841] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 404.055201][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short [ 404.115609][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 404.123638][ T5914] usb 4-1: can't read configurations, error -71 [ 404.191723][ T5787] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 404.492944][ T797] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 404.704977][ T797] usb 3-1: config 8 has an invalid interface number: 223 but max is 0 [ 404.713881][ T797] usb 3-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 404.726869][ T797] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 404.738476][ T797] usb 3-1: config 8 has no interface number 0 [ 404.799580][ T797] usb 3-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 404.811357][ T797] usb 3-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 404.866804][ T797] usb 3-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 404.876466][ T797] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.886584][ T797] usb 3-1: Product: syz [ 404.890925][ T797] usb 3-1: Manufacturer: syz [ 404.896277][ T797] usb 3-1: SerialNumber: syz [ 405.016369][ T5914] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 405.213045][ T7855] loop1: detected capacity change from 0 to 256 [ 405.232090][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 405.252635][ T797] usb 3-1: USB disconnect, device number 23 [ 405.299851][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.315469][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.326971][ T5914] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 405.330640][ T7855] FAT-fs (loop1): Directory bread(block 64) failed [ 405.336344][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.351390][ T7855] FAT-fs (loop1): Directory bread(block 65) failed [ 405.358398][ T7855] FAT-fs (loop1): Directory bread(block 66) failed [ 405.365308][ T7855] FAT-fs (loop1): Directory bread(block 67) failed [ 405.372435][ T7855] FAT-fs (loop1): Directory bread(block 68) failed [ 405.379136][ T7855] FAT-fs (loop1): Directory bread(block 69) failed [ 405.386280][ T7855] FAT-fs (loop1): Directory bread(block 70) failed [ 405.393109][ T7855] FAT-fs (loop1): Directory bread(block 71) failed [ 405.400030][ T7855] FAT-fs (loop1): Directory bread(block 72) failed [ 405.406953][ T7855] FAT-fs (loop1): Directory bread(block 73) failed [ 405.459725][ T7855] syz.1.433: attempt to access beyond end of device [ 405.459725][ T7855] loop1: rw=8912896, sector=1160, nr_sectors = 4 limit=256 [ 405.460472][ T7858] loop0: detected capacity change from 0 to 128 [ 405.473827][ T7855] syz.1.433: attempt to access beyond end of device [ 405.473827][ T7855] loop1: rw=8388608, sector=1160, nr_sectors = 4 limit=256 [ 405.494427][ T30] audit: type=1800 audit(1769338014.165:12): pid=7855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.433" name="file1" dev="loop1" ino=1048613 res=0 errno=0 [ 405.554030][ T5914] usb 4-1: config 0 descriptor?? [ 405.599435][ T5914] hub 4-1:0.0: USB hub found [ 405.703838][ T7857] FAULT_INJECTION: forcing a failure. [ 405.703838][ T7857] name failslab, interval 1, probability 0, space 0, times 0 [ 405.722681][ T7857] CPU: 1 UID: 0 PID: 7857 Comm: syz.0.434 Not tainted syzkaller #0 PREEMPT(voluntary) [ 405.722811][ T7857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 405.722886][ T7857] Call Trace: [ 405.722930][ T7857] [ 405.722976][ T7857] __dump_stack+0x26/0x30 [ 405.723126][ T7857] dump_stack_lvl+0x14c/0x1c0 [ 405.723270][ T7857] dump_stack+0x1e/0x25 [ 405.723405][ T7857] should_fail_ex+0x7da/0x8a0 [ 405.723592][ T7857] should_failslab+0x158/0x200 [ 405.723727][ T7857] __kmalloc_noprof+0x1e4/0x1c00 [ 405.723853][ T7857] ? kmsan_get_metadata+0xf1/0x160 [ 405.724051][ T7857] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 405.724219][ T7857] ? tomoyo_path_number_perm+0x91/0x7d0 [ 405.724354][ T7857] ? kmsan_get_metadata+0xf1/0x160 [ 405.724551][ T7857] tomoyo_realpath_from_path+0xeb/0x9f0 [ 405.724717][ T7857] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.724908][ T7857] ? __srcu_read_lock+0x5e/0xd0 [ 405.725038][ T7857] tomoyo_path_number_perm+0x1d0/0x7d0 [ 405.725205][ T7857] ? kmsan_get_metadata+0xf1/0x160 [ 405.725380][ T7857] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 405.725612][ T7857] tomoyo_file_ioctl+0x3d/0x50 [ 405.725777][ T7857] security_file_ioctl+0x139/0x570 [ 405.725916][ T7857] __se_sys_ioctl+0xbb/0x400 [ 405.726099][ T7857] __x64_sys_ioctl+0x97/0xe0 [ 405.726253][ T7857] x64_sys_call+0x18a7/0x3e70 [ 405.726415][ T7857] do_syscall_64+0xc9/0xf80 [ 405.726577][ T7857] ? clear_bhb_loop+0x40/0x90 [ 405.726719][ T7857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.726856][ T7857] RIP: 0033:0x7fe88c59acb9 [ 405.726953][ T7857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 405.727062][ T7857] RSP: 002b:00007fe88d503028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 405.727189][ T7857] RAX: ffffffffffffffda RBX: 00007fe88c815fa0 RCX: 00007fe88c59acb9 [ 405.727276][ T7857] RDX: 0000200000000740 RSI: 000000004020aeb2 RDI: 0000000000000004 [ 405.727361][ T7857] RBP: 00007fe88d503090 R08: 0000000000000000 R09: 0000000000000000 [ 405.727438][ T7857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.727527][ T7857] R13: 00007fe88c816038 R14: 00007fe88c815fa0 R15: 00007ffdbbdbce38 [ 405.727654][ T7857] [ 405.729272][ T7857] ERROR: Out of memory at tomoyo_realpath_from_path. [ 405.990636][ T5914] hub 4-1:0.0: 1 port detected [ 406.650806][ T5914] hub 4-1:0.0: activate --> -90 [ 406.666274][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.436'. [ 406.684014][ T7860] loop1: detected capacity change from 0 to 4096 [ 406.688310][ T7866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.436'. [ 406.866403][ T7850] loop3: detected capacity change from 0 to 128 [ 407.300920][ T7876] loop2: detected capacity change from 0 to 128 [ 407.335155][ T7876] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 407.350547][ T7876] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 407.472834][ T5789] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 407.964115][ T5914] hub 4-1:0.0: hub_ext_port_status failed (err = -32) [ 408.019366][ T797] usb 4-1: USB disconnect, device number 35 [ 408.252564][ T7884] 9p: Unknown uid 00000000004294967295 [ 408.829965][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 408.837112][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 408.981175][ T7894] loop3: detected capacity change from 0 to 164 [ 409.170948][ T7894] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 409.186274][ T7897] loop4: detected capacity change from 0 to 128 [ 409.216606][ T7897] adfs: Unknown parameter 'smackfstransmute' [ 409.267222][ T7898] loop2: detected capacity change from 0 to 256 [ 409.417916][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 409.806696][ T7898] FAT-fs (loop2): Directory bread(block 64) failed [ 409.832476][ T7898] FAT-fs (loop2): Directory bread(block 65) failed [ 409.839634][ T7898] FAT-fs (loop2): Directory bread(block 66) failed [ 409.885086][ T7898] FAT-fs (loop2): Directory bread(block 67) failed [ 410.006416][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 410.032902][ T7898] FAT-fs (loop2): Directory bread(block 68) failed [ 410.039799][ T7898] FAT-fs (loop2): Directory bread(block 69) failed [ 410.164739][ T7898] FAT-fs (loop2): Directory bread(block 70) failed [ 410.177938][ T7898] FAT-fs (loop2): Directory bread(block 71) failed [ 410.255540][ T7898] FAT-fs (loop2): Directory bread(block 72) failed [ 410.300713][ T7898] FAT-fs (loop2): Directory bread(block 73) failed [ 410.309296][ T7900] loop0: detected capacity change from 0 to 4096 [ 410.383550][ T7900] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 410.418393][ T5792] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 410.490730][ T30] audit: type=1800 audit(1769338019.175:13): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.447" name="file0" dev="loop2" ino=1048627 res=0 errno=0 [ 410.527972][ T7898] syz.2.447: attempt to access beyond end of device [ 410.527972][ T7898] loop2: rw=8912896, sector=1160, nr_sectors = 4 limit=256 [ 410.567540][ T30] audit: type=1800 audit(1769338019.205:14): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.447" name="file0" dev="loop2" ino=1048627 res=0 errno=0 [ 410.816570][ T7909] loop4: detected capacity change from 0 to 128 [ 410.860806][ T7900] ntfs3(loop0): ino=1a, mi_enum_attr [ 410.901354][ T7909] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 410.912734][ T7900] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 410.922183][ T7909] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 411.013168][ T5787] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 412.352145][ T797] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 412.562707][ T797] usb 3-1: Using ep0 maxpacket: 32 [ 412.615571][ T797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.627206][ T797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.637617][ T797] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 412.647049][ T797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.758908][ T7931] loop4: detected capacity change from 0 to 256 [ 412.840103][ T797] usb 3-1: config 0 descriptor?? [ 412.901771][ T7931] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 412.927907][ T797] hub 3-1:0.0: USB hub found [ 413.092843][ T797] hub 3-1:0.0: 1 port detected [ 413.109860][ T7931] exFAT-fs (loop4): valid_size(150994954) is greater than size(10) [ 413.546463][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 413.691025][ T797] hub 3-1:0.0: activate --> -90 [ 413.740500][ T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 413.750297][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.780460][ T7940] loop4: detected capacity change from 0 to 128 [ 413.825862][ T7940] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 413.839294][ T7940] ext4 filesystem being mounted at /96/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 413.886702][ T9] usb 2-1: config 0 descriptor?? [ 413.927400][ T7921] loop2: detected capacity change from 0 to 128 [ 413.947032][ T7944] loop3: detected capacity change from 0 to 256 [ 413.957523][ T5787] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 414.000318][ T9] cp210x 2-1:0.0: cp210x converter detected [ 414.192931][ T7944] FAT-fs (loop3): Directory bread(block 64) failed [ 414.274885][ T7944] FAT-fs (loop3): Directory bread(block 65) failed [ 414.303085][ T7944] FAT-fs (loop3): Directory bread(block 66) failed [ 414.310223][ T7944] FAT-fs (loop3): Directory bread(block 67) failed [ 414.352344][ T7944] FAT-fs (loop3): Directory bread(block 68) failed [ 414.359240][ T7944] FAT-fs (loop3): Directory bread(block 69) failed [ 414.442824][ T9] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 414.465023][ T7944] FAT-fs (loop3): Directory bread(block 70) failed [ 414.494025][ T9] cp210x 2-1:0.0: GPIO initialisation failed: -524 [ 414.529142][ T7944] FAT-fs (loop3): Directory bread(block 71) failed [ 414.555060][ T9] usb 2-1: cp210x converter now attached to ttyUSB0 [ 414.584686][ T7944] FAT-fs (loop3): Directory bread(block 72) failed [ 414.654857][ T7944] FAT-fs (loop3): Directory bread(block 73) failed [ 414.712935][ T9] usb 2-1: USB disconnect, device number 14 [ 414.797415][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 414.884332][ T9] cp210x 2-1:0.0: device disconnected [ 414.967331][ T797] hub 3-1:0.0: hub_ext_port_status failed (err = -32) [ 415.317836][ T7950] kvm: kvm [7949]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xceb8 [ 415.366715][ T7950] kvm: kvm [7949]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x5659 [ 415.375445][ T5914] usb 3-1: USB disconnect, device number 24 [ 415.841655][ T7958] FAULT_INJECTION: forcing a failure. [ 415.841655][ T7958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 415.858359][ T7958] CPU: 0 UID: 0 PID: 7958 Comm: syz.1.465 Not tainted syzkaller #0 PREEMPT(voluntary) [ 415.858495][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 415.858571][ T7958] Call Trace: [ 415.858619][ T7958] [ 415.858661][ T7958] __dump_stack+0x26/0x30 [ 415.858817][ T7958] dump_stack_lvl+0x14c/0x1c0 [ 415.858965][ T7958] dump_stack+0x1e/0x25 [ 415.859104][ T7958] should_fail_ex+0x7da/0x8a0 [ 415.859286][ T7958] should_fail+0x2a/0x40 [ 415.859436][ T7958] should_fail_usercopy+0x2e/0x40 [ 415.859604][ T7958] _copy_to_user+0x35/0x120 [ 415.859772][ T7958] simple_read_from_buffer+0x1b2/0x340 [ 415.859963][ T7958] proc_fail_nth_read+0x1e0/0x2d0 [ 415.860135][ T7958] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 415.860297][ T7958] vfs_read+0x27c/0xf90 [ 415.860450][ T7958] ? stack_depot_save_flags+0x35/0x790 [ 415.860609][ T7958] ? kmsan_get_metadata+0xf1/0x160 [ 415.860792][ T7958] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 415.860975][ T7958] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 415.861167][ T7958] ksys_read+0x1d9/0x470 [ 415.861340][ T7958] __x64_sys_read+0x97/0xf0 [ 415.861507][ T7958] x64_sys_call+0x3123/0x3e70 [ 415.861669][ T7958] do_syscall_64+0xc9/0xf80 [ 415.861831][ T7958] ? clear_bhb_loop+0x40/0x90 [ 415.861965][ T7958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.862102][ T7958] RIP: 0033:0x7fc52115b58e [ 415.862205][ T7958] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 415.862316][ T7958] RSP: 002b:00007fc52207dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 415.862441][ T7958] RAX: ffffffffffffffda RBX: 00007fc52207e6c0 RCX: 00007fc52115b58e [ 415.862534][ T7958] RDX: 000000000000000f RSI: 00007fc52207e0a0 RDI: 0000000000000004 [ 415.862617][ T7958] RBP: 00007fc52207e090 R08: 0000000000000000 R09: 0000000000000000 [ 415.862710][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.862789][ T7958] R13: 00007fc521416038 R14: 00007fc521415fa0 R15: 00007ffe28df07e8 [ 415.862917][ T7958] [ 415.892215][ T5914] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 416.310931][ T7963] netlink: 60 bytes leftover after parsing attributes in process `syz.2.467'. [ 416.321488][ T7963] unsupported nlmsg_type 40 [ 416.358108][ T5914] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 416.370335][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.388290][ T7963] loop2: detected capacity change from 0 to 64 [ 416.439939][ T5914] usb 4-1: config 0 descriptor?? [ 416.445733][ T7963] MINIX-fs: bad superblock [ 416.475250][ T5914] cp210x 4-1:0.0: cp210x converter detected [ 416.503432][ T7963] af_packet: tpacket_rcv: packet too big, clamped from 124 to 4294967272. macoff=96 [ 416.718956][ T7956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.764462][ T7956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.875508][ T5914] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 416.889301][ T5914] cp210x 4-1:0.0: querying part number failed [ 416.930106][ T5914] usb 4-1: cp210x converter now attached to ttyUSB0 [ 417.114017][ T7969] netlink: 'syz.4.470': attribute type 1 has an invalid length. [ 417.311510][ T7972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.343674][ T7972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.454078][ T7972] loop3: detected capacity change from 0 to 512 [ 417.496652][ T7972] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 417.509446][ T5914] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 417.621016][ T7972] EXT4-fs (loop3): 1 truncate cleaned up [ 417.679956][ T7972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 417.743567][ T5914] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 417.753075][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.761285][ T5914] usb 3-1: Product: syz [ 417.766419][ T5914] usb 3-1: Manufacturer: syz [ 417.771255][ T5914] usb 3-1: SerialNumber: syz [ 417.848703][ T7972] EXT4-fs error (device loop3): __ext4_iget:5426: inode #12: block 2: comm syz.3.464: invalid block [ 417.886694][ T5914] usb 3-1: config 0 descriptor?? [ 417.936836][ T7972] EXT4-fs (loop3): Remounting filesystem read-only [ 418.179840][ T5914] usb-storage 3-1:0.0: USB Mass Storage device detected [ 419.054309][ T7987] loop1: detected capacity change from 0 to 32768 [ 419.148793][ T7987] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 419.178869][ T5914] usb 3-1: USB disconnect, device number 25 [ 419.482677][ T7987] XFS (loop1): Ending clean mount [ 419.628445][ T8003] loop2: detected capacity change from 0 to 1024 [ 419.666754][ T5914] usb 4-1: USB disconnect, device number 36 [ 419.676784][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 419.734217][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 419.794383][ T5914] cp210x 4-1:0.0: device disconnected [ 419.855762][ T797] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 419.901505][ T5783] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 420.072887][ T797] usb 1-1: Using ep0 maxpacket: 32 [ 420.115389][ T797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.126786][ T797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.137033][ T797] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 420.148808][ T797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.208277][ T30] audit: type=1326 audit(1769338028.895:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8006 comm="syz.3.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0855b9acb9 code=0x7ffc0000 [ 420.339722][ T797] usb 1-1: config 0 descriptor?? [ 420.372858][ T30] audit: type=1326 audit(1769338028.955:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8006 comm="syz.3.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f0855b9acb9 code=0x7ffc0000 [ 420.395641][ T30] audit: type=1326 audit(1769338028.955:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8006 comm="syz.3.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0855b9acb9 code=0x7ffc0000 [ 420.418291][ T30] audit: type=1326 audit(1769338028.955:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8006 comm="syz.3.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f0855b9acb9 code=0x7ffc0000 [ 420.440884][ T30] audit: type=1326 audit(1769338028.955:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8006 comm="syz.3.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0855b9acb9 code=0x7ffc0000 [ 420.498520][ T1111] hfsplus: b-tree write err: -5, ino 4 [ 420.546120][ T797] hub 1-1:0.0: USB hub found [ 420.757335][ T797] hub 1-1:0.0: 1 port detected [ 421.092741][ T8016] netlink: 'syz.2.480': attribute type 16 has an invalid length. [ 421.100662][ T8016] netlink: 'syz.2.480': attribute type 17 has an invalid length. [ 421.378880][ T797] hub 1-1:0.0: activate --> -90 [ 421.570173][ T8023] kAFS: unable to lookup cell 'syz1' [ 421.591741][ T8005] loop0: detected capacity change from 0 to 128 [ 421.920664][ T8016] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.942316][ T5914] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 422.011301][ T8016] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.147353][ T5914] usb 2-1: config 2 has an invalid interface number: 37 but max is 0 [ 422.156061][ T5914] usb 2-1: config 2 has no interface number 0 [ 422.239207][ T5914] usb 2-1: config 2 interface 37 altsetting 242 has an endpoint descriptor with address 0xD4, changing to 0x84 [ 422.251738][ T5914] usb 2-1: config 2 interface 37 has no altsetting 0 [ 422.344083][ T5914] usb 2-1: New USB device found, idVendor=17ef, idProduct=7214, bcdDevice=f3.f4 [ 422.353771][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.362264][ T5914] usb 2-1: Product: syz [ 422.366598][ T5914] usb 2-1: Manufacturer: syz [ 422.371425][ T5914] usb 2-1: SerialNumber: syz [ 422.518746][ T5914] r8152-cfgselector 2-1: Unknown version 0x0000 [ 422.656172][ T797] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 422.780887][ T5914] r8152 2-1:2.37: Expected endpoints are not found [ 422.865017][ T5914] r8152-cfgselector 2-1: USB disconnect, device number 15 [ 423.309285][ T797] usb 1-1: USB disconnect, device number 21 [ 424.484343][ T8037] loop1: detected capacity change from 0 to 40427 [ 424.536451][ T8037] F2FS-fs (loop1): invalid crc value [ 424.841541][ T8037] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 424.872270][ T8037] F2FS-fs (loop1): Start checkpoint disabled! [ 424.901693][ T8037] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 424.916698][ T8037] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 425.373691][ T8048] loop0: detected capacity change from 0 to 256 [ 425.386466][ T5842] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 425.430452][ T8048] exfat: Deprecated parameter 'namecase' [ 425.485811][ T8048] exfat: Deprecated parameter 'namecase' [ 425.606337][ T8048] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d) [ 425.700016][ T8048] exFAT-fs (loop0): start_clu is invalid cluster(0xff000008) [ 425.866332][ T8048] tipc: Started in network mode [ 425.871461][ T8048] tipc: Node identity 7f000001, cluster identity 4711 [ 425.965029][ T8048] tipc: Enabled bearer , priority 10 [ 426.066040][ T8051] 9p: Bad value for 'rfdno' [ 426.167319][ T8048] netlink: 104 bytes leftover after parsing attributes in process `syz.0.488'. [ 426.354407][ T797] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 426.514807][ T8050] loop2: detected capacity change from 0 to 40427 [ 426.525143][ T8050] f2fs: Unknown parameter 'checkp’int' [ 426.566263][ T5842] usb 5-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 426.575754][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.584727][ T5842] usb 5-1: Product: syz [ 426.589063][ T5842] usb 5-1: Manufacturer: syz [ 426.593987][ T5842] usb 5-1: SerialNumber: syz [ 426.595016][ T797] usb 2-1: Using ep0 maxpacket: 16 [ 426.713204][ T797] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 426.721785][ T797] usb 2-1: config 0 has no interface number 0 [ 426.817693][ T797] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 426.827224][ T797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.835723][ T797] usb 2-1: Product: syz [ 426.840051][ T797] usb 2-1: Manufacturer: syz [ 426.844922][ T797] usb 2-1: SerialNumber: syz [ 427.082094][ T10] tipc: Node number set to 2130706433 [ 427.093915][ T797] usb 2-1: config 0 descriptor?? [ 427.165852][ T5842] usb 5-1: config 0 descriptor?? [ 427.198502][ T797] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 427.321735][ T5842] comedi comedi5: This driver needs USB 2.0 to operate. Aborting... [ 427.336318][ T5842] usbduxfast 5-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 427.449596][ T5842] usb 5-1: USB disconnect, device number 22 [ 427.554116][ T8055] loop3: detected capacity change from 0 to 1024 [ 427.615541][ T8055] hfsplus: Unknown parameter 'nor' [ 427.720656][ T797] gspca_spca1528: reg_w err -71 [ 427.754136][ T797] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 427.823493][ T797] usb 2-1: USB disconnect, device number 16 [ 427.845692][ T8055] netlink: 368 bytes leftover after parsing attributes in process `syz.3.491'. [ 428.028869][ T8055] netlink: 200 bytes leftover after parsing attributes in process `syz.3.491'. [ 428.057174][ T8057] loop0: detected capacity change from 0 to 2048 [ 428.301344][ T8057] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 428.913603][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.511162][ T8070] loop3: detected capacity change from 0 to 4096 [ 429.547499][ T8070] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 429.684277][ T8071] loop2: detected capacity change from 0 to 40427 [ 429.734116][ T8071] F2FS-fs (loop2): invalid crc value [ 430.020912][ T8071] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 430.032111][ T8071] F2FS-fs (loop2): Start checkpoint disabled! [ 430.072226][ T8071] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 430.082664][ T8071] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 430.382904][ T1111] kworker/u8:8: attempt to access beyond end of device [ 430.382904][ T1111] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 430.399854][ T1111] CPU: 0 UID: 0 PID: 1111 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(voluntary) [ 430.399992][ T1111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 430.400113][ T1111] Workqueue: writeback wb_workfn (flush-7:2) [ 430.400301][ T1111] Call Trace: [ 430.400347][ T1111] [ 430.400396][ T1111] __dump_stack+0x26/0x30 [ 430.400552][ T1111] dump_stack_lvl+0x14c/0x1c0 [ 430.400706][ T1111] dump_stack+0x1e/0x25 [ 430.400842][ T1111] f2fs_handle_critical_error+0xa6f/0xc20 [ 430.401066][ T1111] f2fs_stop_checkpoint+0x65/0x80 [ 430.401196][ T1111] f2fs_write_end_io+0x101c/0x1bb0 [ 430.401381][ T1111] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 430.401513][ T1111] bio_endio+0xf92/0x10e0 [ 430.401663][ T1111] submit_bio_noacct+0x200a/0x2930 [ 430.401863][ T1111] submit_bio+0x57a/0x620 [ 430.402005][ T1111] f2fs_submit_write_bio+0x92/0x250 [ 430.402172][ T1111] __submit_merged_bio+0x16f/0x6a0 [ 430.402341][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.402535][ T1111] __submit_merged_write_cond+0x44a/0x990 [ 430.402732][ T1111] f2fs_write_data_pages+0x4d18/0x57a0 [ 430.402998][ T1111] ? update_misfit_status+0x32/0xa90 [ 430.403165][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.403355][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.403549][ T1111] ? __set_next_task_fair+0x29b/0x6d0 [ 430.403675][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.403849][ T1111] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 430.404030][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.404228][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.404413][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.404600][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.404774][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.404956][ T1111] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 430.405089][ T1111] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 430.405218][ T1111] do_writepages+0x3f2/0x860 [ 430.405356][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.405549][ T1111] ? writeback_sb_inodes+0x21/0x1f10 [ 430.405705][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.405906][ T1111] __writeback_single_inode+0x101/0x1180 [ 430.406076][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.406266][ T1111] writeback_sb_inodes+0xb2d/0x1f10 [ 430.406524][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.406729][ T1111] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 430.406921][ T1111] wb_writeback+0x4d0/0xc00 [ 430.407092][ T1111] ? queue_io+0x4c1/0x790 [ 430.407253][ T1111] wb_workfn+0x397/0x1910 [ 430.407473][ T1111] ? kmsan_get_metadata+0xf1/0x160 [ 430.407673][ T1111] ? __pfx_wb_workfn+0x10/0x10 [ 430.407804][ T1111] process_scheduled_works+0xb03/0x1da0 [ 430.407998][ T1111] worker_thread+0xede/0x1590 [ 430.408165][ T1111] kthread+0xd5a/0xf00 [ 430.408317][ T1111] ? __pfx_worker_thread+0x10/0x10 [ 430.408475][ T1111] ? __pfx_kthread+0x10/0x10 [ 430.408608][ T1111] ret_from_fork+0x207/0x6f0 [ 430.408726][ T1111] ? __switch_to+0x521/0x750 [ 430.408876][ T1111] ? __pfx_kthread+0x10/0x10 [ 430.409016][ T1111] ret_from_fork_asm+0x1a/0x30 [ 430.409209][ T1111] [ 430.712223][ T1111] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 431.072681][ T5842] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 431.602232][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 431.753014][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.764753][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.774971][ T5842] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 431.784438][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.897543][ T8082] loop3: detected capacity change from 0 to 32768 [ 432.148391][ T5842] usb 1-1: config 0 descriptor?? [ 432.198936][ T5842] hub 1-1:0.0: USB hub found [ 432.385639][ T5842] hub 1-1:0.0: 1 port detected [ 432.869755][ T8092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.502'. [ 433.006642][ T5842] hub 1-1:0.0: activate --> -90 [ 433.026322][ T8094] netlink: 16 bytes leftover after parsing attributes in process `syz.1.502'. [ 433.229625][ T8078] loop0: detected capacity change from 0 to 128 [ 433.430535][ T8092] loop1: detected capacity change from 0 to 512 [ 433.598628][ T8103] fuse: Bad value for 'user_id' [ 433.604029][ T8103] fuse: Bad value for 'user_id' [ 433.736936][ T8092] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.302141][ T5842] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 434.699407][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 435.906913][ T8112] loop2: detected capacity change from 0 to 40427 [ 436.662841][ T5914] usb 1-1: USB disconnect, device number 22 [ 437.218363][ T8121] FAULT_INJECTION: forcing a failure. [ 437.218363][ T8121] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 437.232324][ T8121] CPU: 1 UID: 0 PID: 8121 Comm: syz.0.509 Not tainted syzkaller #0 PREEMPT(voluntary) [ 437.232466][ T8121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 437.232544][ T8121] Call Trace: [ 437.232590][ T8121] [ 437.232636][ T8121] __dump_stack+0x26/0x30 [ 437.232791][ T8121] dump_stack_lvl+0x14c/0x1c0 [ 437.232945][ T8121] dump_stack+0x1e/0x25 [ 437.233086][ T8121] should_fail_ex+0x7da/0x8a0 [ 437.233270][ T8121] should_fail+0x2a/0x40 [ 437.233421][ T8121] should_fail_usercopy+0x2e/0x40 [ 437.233590][ T8121] _copy_from_user+0x33/0x100 [ 437.233755][ T8121] do_ipt_set_ctl+0x3ea/0x1d80 [ 437.233881][ T8121] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 437.234063][ T8121] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 437.234244][ T8121] ? kmsan_get_metadata+0xf1/0x160 [ 437.234418][ T8121] ? kmsan_get_metadata+0x10/0x160 [ 437.234588][ T8121] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 437.234704][ T8121] nf_setsockopt+0x4fb/0x550 [ 437.234854][ T8121] ip_setsockopt+0x1f2/0x210 [ 437.235030][ T8121] ipv6_setsockopt+0x2c2/0x300 [ 437.235183][ T8121] ? kmsan_get_metadata+0xf1/0x160 [ 437.235346][ T8121] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 437.235513][ T8121] ? __pfx_ipv6_setsockopt+0x10/0x10 [ 437.235663][ T8121] tcp_setsockopt+0x157/0x180 [ 437.235833][ T8121] ? __pfx_tcp_setsockopt+0x10/0x10 [ 437.235989][ T8121] sock_common_setsockopt+0xf5/0x140 [ 437.236120][ T8121] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 437.236294][ T8121] smc_setsockopt+0x2cc/0x1420 [ 437.236468][ T8121] ? __pfx_smc_setsockopt+0x10/0x10 [ 437.236618][ T8121] __sys_setsockopt+0x43e/0x580 [ 437.236780][ T8121] __x64_sys_setsockopt+0xf4/0x1a0 [ 437.236946][ T8121] x64_sys_call+0x28e3/0x3e70 [ 437.237111][ T8121] do_syscall_64+0xc9/0xf80 [ 437.237266][ T8121] ? clear_bhb_loop+0x40/0x90 [ 437.237403][ T8121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.237535][ T8121] RIP: 0033:0x7fe88c59acb9 [ 437.237636][ T8121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 437.237748][ T8121] RSP: 002b:00007fe88d503028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 437.237868][ T8121] RAX: ffffffffffffffda RBX: 00007fe88c815fa0 RCX: 00007fe88c59acb9 [ 437.237957][ T8121] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 437.238040][ T8121] RBP: 00007fe88d503090 R08: 0000000000000228 R09: 0000000000000000 [ 437.238124][ T8121] R10: 0000200000000e00 R11: 0000000000000246 R12: 0000000000000001 [ 437.238205][ T8121] R13: 00007fe88c816038 R14: 00007fe88c815fa0 R15: 00007ffdbbdbce38 [ 437.238329][ T8121] [ 438.360560][ T8128] loop2: detected capacity change from 0 to 32768 [ 438.397755][ T8128] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.511 (8128) [ 438.866023][ T8129] loop3: detected capacity change from 0 to 32768 [ 438.925027][ T8128] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 438.935607][ T8128] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 439.122989][ T5914] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 439.338005][ T5914] usb 1-1: Using ep0 maxpacket: 32 [ 439.487021][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.498678][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.512734][ T5914] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 439.544443][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.557291][ T8129] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 439.648707][ T8128] BTRFS info (device loop2): rebuilding free space tree [ 439.690900][ T8138] loop4: detected capacity change from 0 to 32768 [ 439.730578][ T8128] BTRFS info (device loop2): disabling free space tree [ 439.738559][ T8128] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 439.748703][ T8128] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 439.771676][ T5914] usb 1-1: config 0 descriptor?? [ 439.781616][ T8128] BTRFS info (device loop2): setting nodatasum [ 439.788384][ T8128] BTRFS info (device loop2): setting nodatacow [ 439.795148][ T8128] BTRFS info (device loop2): turning off barriers [ 439.801739][ T8128] BTRFS info (device loop2): force clearing of disk cache [ 439.847215][ T8138] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 440.342248][ T5914] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 440.571744][ T8174] random: crng reseeded on system resumption [ 440.877869][ T8171] loop1: detected capacity change from 0 to 40427 [ 440.927166][ T8171] F2FS-fs (loop1): invalid crc value [ 440.936907][ T8129] XFS (loop3): Ending clean mount [ 440.951402][ T8129] XFS (loop3): Quotacheck needed: Please wait. [ 441.025546][ T8129] XFS (loop3): Quotacheck: Done. [ 441.191462][ T5797] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 441.218970][ T797] usb 1-1: USB disconnect, device number 23 [ 441.247187][ T5789] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 441.330444][ T8171] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 441.348109][ T8171] F2FS-fs (loop1): Start checkpoint disabled! [ 441.379689][ T8173] fido_id[8173]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:1E7D:2D5A.0006/report_descriptor': No such device [ 441.394857][ T8171] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 441.419296][ T8171] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 441.571626][ T8138] XFS (loop4): Ending clean mount [ 441.590136][ T8138] XFS (loop4): Quotacheck needed: Please wait. [ 441.742987][ T8138] XFS (loop4): Quotacheck: Done. [ 441.754414][ T8138] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 442.747708][ T5914] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 443.146869][ T8181] loop4: detected capacity change from 0 to 32768 [ 443.162572][ T8181] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.520 (8181) [ 443.171043][ T5914] usb 4-1: config index 0 descriptor too short (expected 2066, got 18) [ 443.184434][ T5914] usb 4-1: config 0 has an invalid interface number: 229 but max is 0 [ 443.193046][ T5914] usb 4-1: config 0 has no interface number 0 [ 443.232386][ T8181] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 443.243038][ T8181] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 443.338789][ T5914] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19 [ 443.348556][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.423161][ T5842] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 443.514151][ T5914] usb 4-1: config 0 descriptor?? [ 443.575621][ T8181] BTRFS info (device loop4): rebuilding free space tree [ 443.613185][ T797] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 443.635955][ T8181] BTRFS info (device loop4): disabling free space tree [ 443.643688][ T8181] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 443.653682][ T8181] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 443.674041][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 443.684967][ T8181] BTRFS info (device loop4): setting nodatasum [ 443.691337][ T8181] BTRFS info (device loop4): setting nodatacow [ 443.697897][ T8181] BTRFS info (device loop4): turning off barriers [ 443.704914][ T8181] BTRFS info (device loop4): force clearing of disk cache [ 443.741675][ T5842] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.752525][ T5842] usb 1-1: config 0 has no interfaces? [ 443.758234][ T5842] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 443.767782][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.902361][ T797] usb 2-1: Using ep0 maxpacket: 32 [ 443.940971][ T5842] usb 1-1: config 0 descriptor?? [ 443.961328][ T797] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.975132][ T797] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.985316][ T797] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 443.994713][ T797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.225565][ T797] usb 2-1: config 0 descriptor?? [ 444.305029][ T797] hub 2-1:0.0: USB hub found [ 444.498881][ T797] hub 2-1:0.0: 1 port detected [ 444.744596][ T8182] loop3: detected capacity change from 0 to 4096 [ 444.808972][ T8182] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 444.927918][ T5787] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 444.990286][ T8206] netlink: 44 bytes leftover after parsing attributes in process `syz.0.521'. [ 445.033265][ T8206] IPVS: Unknown mcast interface: vetN1_macvtap [ 445.129095][ T797] hub 2-1:0.0: activate --> -90 [ 445.225832][ T8182] ntfs3(loop3): Failed to read $UpCase (-4). [ 445.388532][ T8186] loop1: detected capacity change from 0 to 128 [ 445.761727][ T5842] usb 4-1: USB disconnect, device number 37 [ 446.420848][ T797] hub 2-1:0.0: hub_ext_port_status failed (err = -32) [ 446.998188][ T797] usb 2-1: USB disconnect, device number 17 [ 447.591000][ T797] usb 1-1: USB disconnect, device number 24 [ 447.895153][ T8231] loop2: detected capacity change from 0 to 2048 [ 448.114982][ T8231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 449.468411][ T8243] loop1: detected capacity change from 0 to 32768 [ 449.563999][ T8252] loop3: detected capacity change from 0 to 40427 [ 449.580822][ T8231] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.525: pblk 93 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(4) [ 449.632853][ T8252] F2FS-fs (loop3): invalid crc value [ 449.652164][ T8243] gfs2: fsid=Ô±rÐÛ»ð_î [ 449.652164][ T8243] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 449.652164][ T8243] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 449.672307][ T8243] gfs2: fsid=Ô±rÐÛ»ð_î [ 449.672307][ T8243] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 449.814331][ T8243] gfs2: fsid=Ô±rÐÛ»ð_î [ 449.814331][ T8243] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 450.037131][ T8252] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 450.058903][ T8252] F2FS-fs (loop3): Start checkpoint disabled! [ 450.102187][ T8252] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 450.110730][ T8252] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 450.224138][ T8243] gfs2: fsid=Ô±rÐÛ»ð_î [ 450.224138][ T8243] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 450.470639][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.199039][ T8260] loop0: detected capacity change from 0 to 512 [ 451.422659][ T797] usb 4-1: new full-speed USB device number 38 using dummy_hcd [ 451.630348][ T8260] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.530: invalid block [ 451.728215][ T797] usb 4-1: config 8 has an invalid interface number: 223 but max is 0 [ 451.737003][ T797] usb 4-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 451.746052][ T797] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 451.756447][ T797] usb 4-1: config 8 has no interface number 0 [ 451.842286][ T8260] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.530: invalid indirect mapped block 4294967295 (level 1) [ 452.010832][ T8260] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.530: invalid indirect mapped block 4294967295 (level 1) [ 452.087097][ T797] usb 4-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 452.098565][ T797] usb 4-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 452.139375][ T8266] loop2: detected capacity change from 0 to 32768 [ 452.192357][ T8260] EXT4-fs (loop0): 2 truncates cleaned up [ 452.249713][ T8260] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 452.339414][ T8266] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 452.343122][ T797] usb 4-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 452.357601][ T797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.366679][ T797] usb 4-1: Product: syz [ 452.371024][ T797] usb 4-1: Manufacturer: syz [ 452.376058][ T797] usb 4-1: SerialNumber: syz [ 452.438524][ T8260] EXT4-fs (loop0): shut down requested (0) [ 452.628230][ T8260] netlink: 'syz.0.530': attribute type 2 has an invalid length. [ 452.636519][ T8260] netlink: 16 bytes leftover after parsing attributes in process `syz.0.530'. [ 452.743187][ T8281] netlink: 12 bytes leftover after parsing attributes in process `syz.0.530'. [ 452.856853][ T797] usb 4-1: USB disconnect, device number 38 [ 453.071197][ T8266] XFS (loop2): Ending clean mount [ 453.083412][ T8266] XFS (loop2): Quotacheck needed: Please wait. [ 453.225837][ T8266] XFS (loop2): Quotacheck: Done. [ 453.283525][ T8266] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 453.304055][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.114225][ T8285] netlink: 80 bytes leftover after parsing attributes in process `syz.3.538'. [ 454.364577][ T5842] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 454.552177][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 454.613430][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.625177][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.635590][ T5842] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 454.645006][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.654302][ T5914] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 454.834254][ T5842] usb 1-1: config 0 descriptor?? [ 454.893807][ T5914] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 454.904663][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.927124][ T5842] hub 1-1:0.0: USB hub found [ 455.016009][ T5914] usb 2-1: config 0 descriptor?? [ 455.039259][ T5914] cp210x 2-1:0.0: cp210x converter detected [ 455.062508][ T5842] hub 1-1:0.0: 1 port detected [ 455.675923][ T5842] hub 1-1:0.0: activate --> -90 [ 455.705996][ T5914] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 455.714617][ T5914] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 455.765056][ T5914] usb 2-1: cp210x converter now attached to ttyUSB0 [ 455.849391][ T5914] usb 2-1: USB disconnect, device number 18 [ 455.887417][ T8287] loop0: detected capacity change from 0 to 128 [ 455.890642][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 455.976104][ T5914] cp210x 2-1:0.0: device disconnected [ 456.364582][ T8297] loop3: detected capacity change from 0 to 1024 [ 456.717581][ T8305] FAULT_INJECTION: forcing a failure. [ 456.717581][ T8305] name failslab, interval 1, probability 0, space 0, times 0 [ 456.730986][ T8305] CPU: 1 UID: 0 PID: 8305 Comm: syz.4.544 Not tainted syzkaller #0 PREEMPT(voluntary) [ 456.731127][ T8305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 456.731203][ T8305] Call Trace: [ 456.731252][ T8305] [ 456.731298][ T8305] __dump_stack+0x26/0x30 [ 456.731453][ T8305] dump_stack_lvl+0x14c/0x1c0 [ 456.731613][ T8305] dump_stack+0x1e/0x25 [ 456.731751][ T8305] should_fail_ex+0x7da/0x8a0 [ 456.731924][ T8305] should_failslab+0x158/0x200 [ 456.732061][ T8305] __kmalloc_noprof+0x1e4/0x1c00 [ 456.732185][ T8305] ? kmsan_get_metadata+0xf1/0x160 [ 456.732363][ T8305] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 456.732537][ T8305] ? tomoyo_path_number_perm+0x91/0x7d0 [ 456.732682][ T8305] ? kmsan_get_metadata+0xf1/0x160 [ 456.732863][ T8305] tomoyo_realpath_from_path+0xeb/0x9f0 [ 456.733033][ T8305] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 456.733223][ T8305] ? __srcu_read_lock+0x5e/0xd0 [ 456.733356][ T8305] tomoyo_path_number_perm+0x1d0/0x7d0 [ 456.733518][ T8305] ? kmsan_get_metadata+0xf1/0x160 [ 456.733701][ T8305] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 456.733926][ T8305] tomoyo_file_ioctl+0x3d/0x50 [ 456.734091][ T8305] security_file_ioctl+0x139/0x570 [ 456.734229][ T8305] __se_sys_ioctl+0xbb/0x400 [ 456.734388][ T8305] __x64_sys_ioctl+0x97/0xe0 [ 456.734546][ T8305] x64_sys_call+0x18a7/0x3e70 [ 456.734712][ T8305] do_syscall_64+0xc9/0xf80 [ 456.734870][ T8305] ? clear_bhb_loop+0x40/0x90 [ 456.735009][ T8305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.735147][ T8305] RIP: 0033:0x7f462ef9acb9 [ 456.735245][ T8305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 456.735363][ T8305] RSP: 002b:00007f462fd6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 456.735485][ T8305] RAX: ffffffffffffffda RBX: 00007f462f215fa0 RCX: 00007f462ef9acb9 [ 456.735588][ T8305] RDX: 0000200000000140 RSI: 000000004040534e RDI: 0000000000000003 [ 456.735673][ T8305] RBP: 00007f462fd6e090 R08: 0000000000000000 R09: 0000000000000000 [ 456.735756][ T8305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 456.735834][ T8305] R13: 00007f462f216038 R14: 00007f462f215fa0 R15: 00007ffeaa292338 [ 456.735962][ T8305] [ 456.963537][ T8301] loop2: detected capacity change from 0 to 40427 [ 456.964489][ T8305] ERROR: Out of memory at tomoyo_realpath_from_path. [ 457.130166][ T8307] loop1: detected capacity change from 0 to 1024 [ 457.212175][ T8301] F2FS-fs (loop2): invalid crc value [ 457.220758][ T5842] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 457.350028][ T8297] process 'syz.3.542' launched '/dev/fd/8' with NULL argv: empty string added [ 457.434864][ T8298] hfsplus: bad catalog entry type [ 457.505921][ T8301] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 457.517618][ T8301] F2FS-fs (loop2): Start checkpoint disabled! [ 457.553149][ T8301] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 457.571633][ T8301] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 458.003933][ T5842] usb 1-1: USB disconnect, device number 25 [ 458.385890][ T195] hfsplus: b-tree write err: -5, ino 4 [ 458.518053][ T195] hfsplus: b-tree write err: -5, ino 4 [ 458.534706][ T5842] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 458.787954][ T5842] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 458.797434][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.805807][ T5842] usb 5-1: Product: syz [ 458.810157][ T5842] usb 5-1: Manufacturer: syz [ 458.815070][ T5842] usb 5-1: SerialNumber: syz [ 458.944286][ T5842] usb 5-1: config 0 descriptor?? [ 459.037998][ T5842] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 459.323095][ T8321] tipc: Enabling of bearer rejected, failed to enable media [ 459.424417][ T8326] loop2: detected capacity change from 0 to 512 [ 459.455603][ T8326] EXT4-fs: Ignoring removed i_version option [ 459.462285][ T8326] EXT4-fs: Ignoring removed bh option [ 459.652932][ T8326] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 459.754606][ T8322] loop1: detected capacity change from 0 to 4096 [ 459.772540][ T8326] ext4 filesystem being mounted at /113/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 459.852333][ T8322] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 460.079782][ T8332] netlink: 80 bytes leftover after parsing attributes in process `syz.3.552'. [ 460.163591][ T797] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 460.209483][ T8322] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 460.288585][ T8314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 460.330108][ T8314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 460.366108][ T797] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 460.378645][ T797] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 460.389415][ T797] usb 3-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 460.405039][ T797] usb 3-1: config 0 interface 0 has no altsetting 0 [ 460.412923][ T797] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 460.422464][ T797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.684497][ T797] usb 3-1: config 0 descriptor?? [ 460.746028][ T5842] gspca_stk1135: reg_w 0xf err -71 [ 460.752422][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.759104][ T5842] gspca_stk1135: Sensor write failed [ 460.765014][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.771490][ T5842] gspca_stk1135: Sensor write failed [ 460.777170][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.783850][ T5842] gspca_stk1135: Sensor read failed [ 460.789231][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.795928][ T5842] gspca_stk1135: Sensor read failed [ 460.801265][ T5842] gspca_stk1135: Detected sensor type unknown (0x0) [ 460.813038][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.821197][ T5842] gspca_stk1135: Sensor read failed [ 460.827084][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.833733][ T5842] gspca_stk1135: Sensor read failed [ 460.839210][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.845848][ T5842] gspca_stk1135: Sensor write failed [ 460.851331][ T5842] gspca_stk1135: serial bus timeout: status=0x00 [ 460.858049][ T5842] gspca_stk1135: Sensor write failed [ 460.863856][ T5842] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71 [ 461.174525][ T5842] usb 5-1: USB disconnect, device number 23 [ 461.245954][ T797] magicmouse 0003:05AC:0265.0007: hidraw0: USB HID v0.09 Device [HID 05ac:0265] on usb-dummy_hcd.2-1/input0 [ 461.263217][ T797] magicmouse 0003:05AC:0265.0007: magicmouse input not registered [ 461.323808][ T797] magicmouse 0003:05AC:0265.0007: probe with driver magicmouse failed with error -12 [ 461.339095][ T8326] EXT4-fs error (device loop2): ext4_resize_begin:60: comm syz.2.551: resize_inode disabled but reserved GDT blocks non-zero [ 462.649221][ T8346] loop3: detected capacity change from 0 to 32768 [ 462.687239][ T8348] loop4: detected capacity change from 0 to 32768 [ 462.719499][ T8346] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.556 (8346) [ 462.734460][ T8348] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 57e67083-bc11-40ce-aa3c-1fbc14758aef [ 462.746043][ T8348] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.557 (8348) [ 462.834877][ T8348] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 462.848855][ T8348] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 462.883626][ T8346] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 462.894468][ T8346] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 463.017058][ T797] usb 3-1: USB disconnect, device number 26 [ 463.106514][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 463.156112][ T8348] BTRFS info (device loop4): enabling ssd optimizations [ 463.169851][ T8348] BTRFS info (device loop4): turning on async discard [ 463.177004][ T8348] BTRFS info (device loop4): enabling free space tree [ 463.199032][ T8346] BTRFS info (device loop3): enabling ssd optimizations [ 463.206611][ T8346] BTRFS info (device loop3): turning on async discard [ 463.214095][ T8346] BTRFS info (device loop3): enabling free space tree [ 463.257713][ T30] audit: type=1326 audit(1769338071.945:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8344 comm="syz.3.556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0855b9acb9 code=0x0 [ 463.396153][ T8379] FAULT_INJECTION: forcing a failure. [ 463.396153][ T8379] name failslab, interval 1, probability 0, space 0, times 0 [ 463.409473][ T8379] CPU: 1 UID: 0 PID: 8379 Comm: syz.3.556 Not tainted syzkaller #0 PREEMPT(voluntary) [ 463.409609][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 463.409684][ T8379] Call Trace: [ 463.409734][ T8379] [ 463.409781][ T8379] __dump_stack+0x26/0x30 [ 463.409943][ T8379] dump_stack_lvl+0x14c/0x1c0 [ 463.410094][ T8379] dump_stack+0x1e/0x25 [ 463.410232][ T8379] should_fail_ex+0x7da/0x8a0 [ 463.410412][ T8379] should_failslab+0x158/0x200 [ 463.410548][ T8379] __kmalloc_noprof+0x1e4/0x1c00 [ 463.410673][ T8379] ? kmsan_get_metadata+0xf1/0x160 [ 463.410860][ T8379] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 463.411031][ T8379] ? tomoyo_path_number_perm+0x91/0x7d0 [ 463.411167][ T8379] ? kmsan_get_metadata+0xf1/0x160 [ 463.411358][ T8379] tomoyo_realpath_from_path+0xeb/0x9f0 [ 463.411528][ T8379] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 463.411718][ T8379] ? __srcu_read_lock+0x5e/0xd0 [ 463.411853][ T8379] tomoyo_path_number_perm+0x1d0/0x7d0 [ 463.412013][ T8379] ? kmsan_get_metadata+0xf1/0x160 [ 463.412190][ T8379] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 463.412413][ T8379] tomoyo_file_ioctl+0x3d/0x50 [ 463.412580][ T8379] security_file_ioctl+0x139/0x570 [ 463.412713][ T8379] __se_sys_ioctl+0xbb/0x400 [ 463.412879][ T8379] __x64_sys_ioctl+0x97/0xe0 [ 463.413036][ T8379] x64_sys_call+0x18a7/0x3e70 [ 463.413199][ T8379] do_syscall_64+0xc9/0xf80 [ 463.413352][ T8379] ? clear_bhb_loop+0x40/0x90 [ 463.413492][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.413626][ T8379] RIP: 0033:0x7f0855b9acb9 [ 463.413725][ T8379] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 463.413846][ T8379] RSP: 002b:00007f0853df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 463.413970][ T8379] RAX: ffffffffffffffda RBX: 00007f0855e16090 RCX: 00007f0855b9acb9 [ 463.414063][ T8379] RDX: 0000000000000000 RSI: 0000000040309410 RDI: 0000000000000004 [ 463.414143][ T8379] RBP: 00007f0853df6090 R08: 0000000000000000 R09: 0000000000000000 [ 463.414227][ T8379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.414304][ T8379] R13: 00007f0855e16128 R14: 00007f0855e16090 R15: 00007ffd38bc3058 [ 463.414435][ T8379] [ 463.643623][ T8379] ERROR: Out of memory at tomoyo_realpath_from_path. [ 464.304623][ T30] audit: type=1326 audit(1769338071.975:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8347 comm="syz.4.557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f462ef9acb9 code=0x0 [ 464.364291][ T8376] loop0: detected capacity change from 0 to 32768 [ 464.386603][ T5842] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 464.427382][ T8376] gfs2: fsid=Ô±rÐÛ»ð_î [ 464.427382][ T8376] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 464.427382][ T8376] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 464.448038][ T8376] gfs2: fsid=Ô±rÐÛ»ð_î [ 464.448038][ T8376] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 464.529503][ T8376] gfs2: fsid=Ô±rÐÛ»ð_î [ 464.529503][ T8376] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 464.624011][ T5787] BTRFS info (device loop4): last unmount of filesystem 57e67083-bc11-40ce-aa3c-1fbc14758aef [ 464.738009][ T5842] usb 2-1: Using ep0 maxpacket: 32 [ 464.807536][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 464.819192][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.829448][ T5842] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 464.838881][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.840234][ T8376] gfs2: fsid=Ô±rÐÛ»ð_î [ 464.840234][ T8376] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 465.055340][ T5842] usb 2-1: config 0 descriptor?? [ 465.070018][ T5842] hub 2-1:0.0: USB hub found [ 465.372283][ T5842] hub 2-1:0.0: 1 port detected [ 465.476430][ T5797] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 466.454217][ T8391] loop2: detected capacity change from 0 to 32768 [ 466.614984][ T8391] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 466.652006][ T5842] hub 2-1:0.0: activate --> -90 [ 466.920982][ T8394] loop0: detected capacity change from 0 to 32768 [ 467.010410][ T5842] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 467.026902][ T797] usb 2-1: USB disconnect, device number 19 [ 467.036327][ T8394] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 467.044837][ T8394] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 467.130193][ T8394] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 467.222729][ T8391] XFS (loop2): Ending clean mount [ 467.287298][ T8391] XFS (loop2): Quotacheck needed: Please wait. [ 467.343109][ T8394] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 467.459576][ T8391] XFS (loop2): Quotacheck: Done. [ 467.481714][ T8409] netlink: 80 bytes leftover after parsing attributes in process `syz.4.566'. [ 467.842460][ T5842] usb 3-1: new low-speed USB device number 27 using dummy_hcd [ 467.962089][ T797] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 468.033547][ T5842] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 468.044220][ T5842] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 468.109613][ T5842] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 468.121292][ T5842] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.131526][ T5842] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 468.141163][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.155147][ T797] usb 2-1: device descriptor read/64, error -71 [ 468.392530][ T5842] hub 3-1:1.0: bad descriptor, ignoring hub [ 468.398677][ T5842] hub 3-1:1.0: probe with driver hub failed with error -5 [ 468.412448][ T797] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 468.470167][ T5842] cdc_wdm 3-1:1.0: skipping garbage [ 468.476169][ T5842] cdc_wdm 3-1:1.0: skipping garbage [ 468.573776][ T5842] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 468.579896][ T5842] cdc_wdm 3-1:1.0: Unknown control protocol [ 468.604772][ T797] usb 2-1: device descriptor read/64, error -71 [ 468.739514][ T5842] usb 3-1: USB disconnect, device number 27 [ 468.746756][ T797] usb usb2-port1: attempt power cycle [ 469.149056][ T797] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 469.218511][ T797] usb 2-1: device descriptor read/8, error -71 [ 469.376084][ T8421] ip6erspan0: entered promiscuous mode [ 469.482241][ T797] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 469.592528][ T797] usb 2-1: device descriptor read/8, error -71 [ 469.693988][ T5789] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 469.746483][ T797] usb usb2-port1: unable to enumerate USB device [ 470.271014][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.277952][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 471.271723][ T8427] loop4: detected capacity change from 0 to 32768 [ 471.331224][ T8427] gfs2: fsid=Ô±rÐÛ»ð_î [ 471.331224][ T8427] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 471.331224][ T8427] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 471.351444][ T8427] gfs2: fsid=Ô±rÐÛ»ð_î [ 471.351444][ T8427] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 471.409349][ T8427] gfs2: fsid=Ô±rÐÛ»ð_î [ 471.409349][ T8427] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 471.589970][ T8427] gfs2: fsid=Ô±rÐÛ»ð_î [ 471.589970][ T8427] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 471.882364][ T5842] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 472.142309][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 472.203883][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 472.215391][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 472.225615][ T5842] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 472.235017][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.409574][ T5842] usb 1-1: config 0 descriptor?? [ 472.502708][ T5842] hub 1-1:0.0: USB hub found [ 472.616291][ T8438] loop1: detected capacity change from 0 to 32768 [ 472.716421][ T5842] hub 1-1:0.0: 1 port detected [ 472.728769][ T8438] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 472.737346][ T8438] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 472.837676][ T8438] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 473.002492][ T8438] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 473.030563][ T8447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.577'. [ 473.328174][ T5842] hub 1-1:0.0: activate --> -90 [ 473.346034][ T8450] netlink: 'syz.2.579': attribute type 83 has an invalid length. [ 473.374164][ T8451] netlink: 80 bytes leftover after parsing attributes in process `syz.4.578'. [ 473.618545][ T8436] loop0: detected capacity change from 0 to 128 [ 474.524977][ T8462] netlink: 20 bytes leftover after parsing attributes in process `syz.1.581'. [ 474.649191][ T5842] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 475.152512][ T797] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 475.212854][ T10] usb 1-1: USB disconnect, device number 26 [ 475.280506][ T8473] loop2: detected capacity change from 0 to 512 [ 475.352054][ T797] usb 5-1: device descriptor read/64, error -71 [ 475.622391][ T797] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 475.824485][ T797] usb 5-1: device descriptor read/64, error -71 [ 475.956923][ T797] usb usb5-port1: attempt power cycle [ 476.764652][ T5842] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 477.000089][ T5842] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 477.013933][ T5842] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 477.129322][ T5842] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 477.139120][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 477.147611][ T5842] usb 1-1: SerialNumber: syz [ 477.297347][ T797] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 477.310017][ T8480] loop3: detected capacity change from 0 to 32768 [ 477.329329][ T797] usb 5-1: device descriptor read/8, error -71 [ 477.353654][ T8480] gfs2: fsid=Ô±rÐÛ»ð_î [ 477.353654][ T8480] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 477.353654][ T8480] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 477.373688][ T8480] gfs2: fsid=Ô±rÐÛ»ð_î [ 477.373688][ T8480] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 477.486350][ T8480] gfs2: fsid=Ô±rÐÛ»ð_î [ 477.486350][ T8480] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 477.632110][ T797] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 477.730324][ T8480] gfs2: fsid=Ô±rÐÛ»ð_î [ 477.730324][ T8480] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 477.755740][ T797] usb 5-1: device descriptor read/8, error -71 [ 477.784861][ T8487] loop0: detected capacity change from 0 to 128 [ 477.828894][ T8489] netlink: 'syz.2.591': attribute type 3 has an invalid length. [ 477.873093][ T797] usb usb5-port1: unable to enumerate USB device [ 477.940823][ T8487] FAT-fs (loop0): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 478.033662][ T8487] FAT-fs (loop0): Directory bread(block 162) failed [ 478.040654][ T8487] FAT-fs (loop0): Directory bread(block 163) failed [ 478.175144][ T8487] FAT-fs (loop0): Directory bread(block 164) failed [ 478.232972][ T8487] FAT-fs (loop0): Directory bread(block 165) failed [ 478.239821][ T8487] FAT-fs (loop0): Directory bread(block 166) failed [ 478.316007][ T8487] FAT-fs (loop0): Directory bread(block 167) failed [ 478.347747][ T8487] FAT-fs (loop0): Directory bread(block 168) failed [ 478.373366][ T8487] FAT-fs (loop0): Directory bread(block 169) failed [ 478.631216][ T8489] loop2: detected capacity change from 0 to 4096 [ 478.677807][ T8489] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 478.687917][ T8489] ntfs3(loop2): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only. [ 478.701069][ T8493] netlink: 80 bytes leftover after parsing attributes in process `syz.4.594'. [ 478.774194][ T5842] usb 1-1: 0:2 : does not exist [ 478.888912][ T8495] Bluetooth: MGMT ver 1.23 [ 478.905109][ T5842] usb 1-1: USB disconnect, device number 27 [ 478.998090][ T8489] ntfs3(loop2): $Secure::$SDH is corrupted. [ 479.038396][ T8489] ntfs3(loop2): Failed to initialize $Secure (-22). [ 479.192237][ T5914] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 479.327917][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 479.483364][ T5914] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 479.493970][ T5914] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 479.595409][ T5914] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 479.605878][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 479.614339][ T5914] usb 4-1: SerialNumber: syz [ 480.001093][ T5914] usb 4-1: 0:2 : does not exist [ 480.187367][ T5914] usb 4-1: USB disconnect, device number 39 [ 480.312226][ T5842] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 480.566878][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 480.670709][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.686697][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.698048][ T5842] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 480.707440][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.791139][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 480.821425][ T8502] loop1: detected capacity change from 0 to 32768 [ 480.990739][ T8502] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 481.152236][ T10] usb 5-1: new low-speed USB device number 28 using dummy_hcd [ 481.471240][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 481.544027][ T10] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 481.553699][ T10] usb 5-1: config 1 has no interface number 1 [ 481.614568][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 481.696398][ T8502] XFS (loop1): Ending clean mount [ 481.745522][ T8502] XFS (loop1): Quotacheck needed: Please wait. [ 481.767079][ T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 179, changing to 4 [ 481.779094][ T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 0 [ 481.786687][ T8513] loop3: detected capacity change from 0 to 32768 [ 481.812823][ T5842] usb 1-1: config 0 descriptor?? [ 481.825689][ T5842] hub 1-1:0.0: USB hub found [ 481.890916][ T8502] XFS (loop1): Quotacheck: Done. [ 481.904463][ T8502] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 481.905531][ T8513] XFS (loop3): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 482.000612][ T10] usb 5-1: string descriptor 0 read error: -22 [ 482.017664][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 482.027167][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.058769][ T5842] hub 1-1:0.0: 1 port detected [ 482.098669][ T8524] loop2: detected capacity change from 0 to 256 [ 482.155155][ T10] usb 5-1: low speed audio streaming not supported [ 482.407299][ T8524] loop2: detected capacity change from 0 to 512 [ 482.570264][ T8529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.637311][ T8529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.673528][ T5842] hub 1-1:0.0: activate --> -90 [ 482.798022][ T8530] Can't find ip_set type bitmap:ip,mac [ 482.818742][ T8506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.916236][ T8506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.955707][ T8513] XFS (loop3): Starting recovery (logdev: internal) [ 482.959139][ T8504] loop0: detected capacity change from 0 to 128 [ 483.152719][ T8513] XFS (loop3): Ending recovery (logdev: internal) [ 483.319122][ T8534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.602'. [ 484.007197][ T5797] XFS (loop3): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 484.030913][ T5842] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 484.777595][ T5842] usb 1-1: USB disconnect, device number 28 [ 484.929779][ T5842] usb 5-1: USB disconnect, device number 28 [ 484.933155][ T8541] loop2: detected capacity change from 0 to 32768 [ 484.995706][ T8541] gfs2: fsid=Ô±rÐÛ»ð_î [ 484.995706][ T8541] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 484.995706][ T8541] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 485.017275][ T8541] gfs2: fsid=Ô±rÐÛ»ð_î [ 485.017275][ T8541] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 485.098817][ T8541] gfs2: fsid=Ô±rÐÛ»ð_î [ 485.098817][ T8541] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 485.378842][ T8541] gfs2: fsid=Ô±rÐÛ»ð_î [ 485.378842][ T8541] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 485.822446][ T8549] netlink: 80 bytes leftover after parsing attributes in process `syz.2.609'. [ 486.598232][ T8551] loop1: detected capacity change from 0 to 32768 [ 486.676343][ T8551] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 486.695974][ T5842] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 486.950320][ T5842] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 486.960887][ T5842] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 486.984557][ T8555] 9p: Bad value for 'rfdno' [ 487.013317][ T8551] XFS (loop1): Metadata corruption detected at xfs_inode_buf_verify+0x613/0x6b0, xfs_inode block 0x2280 xfs_inode_buf_verify [ 487.030777][ T8551] XFS (loop1): Unmount and run xfs_repair [ 487.037036][ T8551] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 487.044800][ T8551] 00000000: 49 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IN.............. [ 487.054156][ T8551] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.063313][ T8551] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.068437][ T5842] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 487.072540][ T8551] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.081775][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 487.090657][ T8551] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.098894][ T5842] usb 5-1: SerialNumber: syz [ 487.107734][ T8551] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.121579][ T8551] 00000060: ff ff ff ff 9a 99 4e 33 00 00 00 00 00 00 00 00 ......N3........ [ 487.133846][ T8551] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 487.143904][ T8551] XFS (loop1): metadata I/O error in "xfs_imap_to_bp+0x128/0x2e0" at daddr 0x2280 len 64 error 117 [ 487.155277][ T8551] XFS (loop1): Failed to read root inode 0x1140, error 117 [ 487.162904][ T8551] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 487.917443][ T10] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 487.957889][ T8555] loop0: detected capacity change from 0 to 32768 [ 488.209017][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 488.219858][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 488.505948][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 488.515735][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.524195][ T10] usb 4-1: Product: syz [ 488.525466][ T8565] loop2: detected capacity change from 0 to 4096 [ 488.528502][ T10] usb 4-1: Manufacturer: syz [ 488.528597][ T10] usb 4-1: SerialNumber: syz [ 488.552674][ T797] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 488.666144][ T8565] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 488.718262][ T8568] loop4: detected capacity change from 0 to 128 [ 488.751436][ T8568] FAT-fs (loop4): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 488.771252][ T797] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 488.780180][ T8568] FAT-fs (loop4): Directory bread(block 162) failed [ 488.780855][ T797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.799097][ T8568] FAT-fs (loop4): Directory bread(block 163) failed [ 488.879100][ T8568] FAT-fs (loop4): Directory bread(block 164) failed [ 488.889962][ T797] usb 2-1: config 0 descriptor?? [ 488.895539][ T8568] FAT-fs (loop4): Directory bread(block 165) failed [ 488.919371][ T797] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 488.926699][ T8568] FAT-fs (loop4): Directory bread(block 166) failed [ 489.028259][ T8568] FAT-fs (loop4): Directory bread(block 167) failed [ 489.073281][ T8568] FAT-fs (loop4): Directory bread(block 168) failed [ 489.080279][ T8568] FAT-fs (loop4): Directory bread(block 169) failed [ 489.271621][ T10] usb 4-1: cannot find UAC_HEADER [ 489.549375][ T8565] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 489.556506][ T8565] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 489.665999][ T8567] FAULT_INJECTION: forcing a failure. [ 489.665999][ T8567] name failslab, interval 1, probability 0, space 0, times 0 [ 489.679229][ T8567] CPU: 0 UID: 0 PID: 8567 Comm: syz.3.604 Not tainted syzkaller #0 PREEMPT(voluntary) [ 489.679373][ T8567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 489.679451][ T8567] Call Trace: [ 489.679499][ T8567] [ 489.679545][ T8567] __dump_stack+0x26/0x30 [ 489.679721][ T8567] dump_stack_lvl+0x14c/0x1c0 [ 489.679876][ T8567] dump_stack+0x1e/0x25 [ 489.680012][ T8567] should_fail_ex+0x7da/0x8a0 [ 489.680203][ T8567] should_failslab+0x158/0x200 [ 489.680337][ T8567] __kmalloc_noprof+0x1e4/0x1c00 [ 489.680474][ T8567] ? tomoyo_encode+0x60e/0xa00 [ 489.680626][ T8567] ? prepend_path+0xfc1/0x1090 [ 489.680753][ T8567] ? kmsan_get_metadata+0xf1/0x160 [ 489.680930][ T8567] ? kmsan_get_metadata+0xf1/0x160 [ 489.681124][ T8567] tomoyo_encode+0x60e/0xa00 [ 489.681309][ T8567] tomoyo_realpath_from_path+0x92e/0x9f0 [ 489.681506][ T8567] tomoyo_path_number_perm+0x1d0/0x7d0 [ 489.681669][ T8567] ? kmsan_get_metadata+0xf1/0x160 [ 489.681838][ T8567] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 489.682068][ T8567] tomoyo_file_ioctl+0x3d/0x50 [ 489.682226][ T8567] security_file_ioctl+0x139/0x570 [ 489.682359][ T8567] __se_sys_ioctl+0xbb/0x400 [ 489.682519][ T8567] __x64_sys_ioctl+0x97/0xe0 [ 489.682669][ T8567] x64_sys_call+0x18a7/0x3e70 [ 489.682830][ T8567] do_syscall_64+0xc9/0xf80 [ 489.682984][ T8567] ? clear_bhb_loop+0x40/0x90 [ 489.683127][ T8567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.683259][ T8567] RIP: 0033:0x7f0855b9acb9 [ 489.683357][ T8567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 489.683473][ T8567] RSP: 002b:00007f0856988028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.683593][ T8567] RAX: ffffffffffffffda RBX: 00007f0855e15fa0 RCX: 00007f0855b9acb9 [ 489.683687][ T8567] RDX: 0000200000000000 RSI: 000000000000541c RDI: 000000000000000c [ 489.683769][ T8567] RBP: 00007f0856988090 R08: 0000000000000000 R09: 0000000000000000 [ 489.683848][ T8567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.683926][ T8567] R13: 00007f0855e16038 R14: 00007f0855e15fa0 R15: 00007ffd38bc3058 [ 489.684061][ T8567] [ 489.903412][ T8567] ERROR: Out of memory at tomoyo_realpath_from_path. [ 490.099303][ T8565] ntfs3(loop2): ino=1e, mi_enum_attr [ 490.105665][ T8565] ntfs3(loop2): ino=1e, mi_enum_attr [ 490.214682][ T8565] ntfs3(loop2): ino=1e, "file1" mi_enum_attr [ 490.224863][ T797] gspca_cpia1: usb_control_msg 05, error -110 [ 490.252590][ T797] gspca_cpia1: usb_control_msg 01, error -32 [ 490.275353][ T8565] ntfs3(loop2): ino=1e, "file1" mi_enum_attr [ 490.282121][ T797] gspca_cpia1: usb_control_msg 01, error -32 [ 490.335661][ T10] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 490.366829][ T8565] ntfs3(loop2): ino=1e, "file1" mi_enum_attr [ 490.386193][ T797] gspca_cpia1: usb_control_msg 01, error -32 [ 490.440689][ T797] gspca_cpia1: usb_control_msg 01, error -32 [ 490.447759][ T797] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 490.463596][ T8565] ntfs3(loop2): ino=1e, "file1" mi_enum_attr [ 490.496079][ T10] usb 4-1: USB disconnect, device number 40 [ 490.542405][ T8565] ntfs3(loop2): ino=1e, "file1" ni_find_attr [ 490.602141][ T5842] usb 5-1: 0:2 : does not exist [ 490.807935][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 490.902842][ T5842] usb 5-1: USB disconnect, device number 29 [ 490.972900][ T10] usb 2-1: USB disconnect, device number 24 [ 491.483519][ T8583] netlink: 12 bytes leftover after parsing attributes in process `syz.0.614'. [ 491.580357][ T8583] vlan2: entered promiscuous mode [ 491.585892][ T8583] gretap0: entered promiscuous mode [ 491.620069][ T8584] loop1: detected capacity change from 0 to 1024 [ 491.704930][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 491.752341][ T5842] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 491.791243][ T5914] IPVS: starting estimator thread 0... [ 491.820661][ T8588] IPVS: nq: SCTP 172.20.20.187:0 - no destination available [ 491.896616][ T8590] IPVS: using max 240 ests per chain, 12000 per kthread [ 492.030016][ T5842] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 492.043736][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.178907][ T5842] usb 3-1: config 0 descriptor?? [ 492.232707][ T5914] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 492.264024][ T5842] cp210x 3-1:0.0: cp210x converter detected [ 492.511720][ T5914] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 492.520552][ T5914] usb 5-1: config 0 has no interface number 0 [ 492.536068][ T5914] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.547542][ T5914] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.561512][ T5914] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 492.572206][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.599570][ T5842] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 492.607890][ T5842] cp210x 3-1:0.0: querying part number failed [ 492.679842][ T5842] usb 3-1: cp210x converter now attached to ttyUSB0 [ 492.704729][ T5914] usb 5-1: config 0 descriptor?? [ 493.309920][ T5914] prodikeys 0003:041E:2801.0008: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.4-1/input1 [ 493.402882][ T5914] hid_prodikeys: hid-prodikeys: failed to find output report [ 493.402882][ T5914] [ 493.508584][ T5914] usb 5-1: USB disconnect, device number 30 [ 493.617148][ T8598] netlink: 80 bytes leftover after parsing attributes in process `syz.3.620'. [ 493.848123][ T8596] loop1: detected capacity change from 0 to 32768 [ 493.860745][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 493.875338][ T8596] gfs2: fsid=Ô±rÐÛ»ð_î [ 493.875338][ T8596] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 493.875338][ T8596] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§" [ 493.898196][ T8596] gfs2: fsid=Ô±rÐÛ»ð_î [ 493.898196][ T8596] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§: Now mounting FS (format 1801)... [ 493.942883][ T8596] gfs2: fsid=Ô±rÐÛ»ð_î [ 493.942883][ T8596] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: journal 0 mapped with 5 extents in 0ms [ 494.113296][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 494.220642][ T8596] gfs2: fsid=Ô±rÐÛ»ð_î [ 494.220642][ T8596] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§.s: first mount done, others may mount [ 494.239832][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.251738][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.262127][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 494.271379][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.288407][ T10] usb 1-1: config 0 descriptor?? [ 494.328856][ T10] hub 1-1:0.0: USB hub found [ 494.505638][ T10] hub 1-1:0.0: 1 port detected [ 494.639172][ T8602] fido_id[8602]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 494.867720][ T8607] FAULT_INJECTION: forcing a failure. [ 494.867720][ T8607] name failslab, interval 1, probability 0, space 0, times 0 [ 494.881053][ T8607] CPU: 0 UID: 0 PID: 8607 Comm: syz.1.623 Not tainted syzkaller #0 PREEMPT(voluntary) [ 494.881192][ T8607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 494.881273][ T8607] Call Trace: [ 494.881318][ T8607] [ 494.881364][ T8607] __dump_stack+0x26/0x30 [ 494.881514][ T8607] dump_stack_lvl+0x14c/0x1c0 [ 494.881660][ T8607] dump_stack+0x1e/0x25 [ 494.881797][ T8607] should_fail_ex+0x7da/0x8a0 [ 494.881969][ T8607] should_failslab+0x158/0x200 [ 494.882098][ T8607] __kmalloc_noprof+0x1e4/0x1c00 [ 494.882229][ T8607] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 494.882412][ T8607] ? genl_family_rcv_msg_attrs_parse+0x11b/0x460 [ 494.882569][ T8607] ? genl_family_rcv_msg_doit+0x41/0x3f0 [ 494.882712][ T8607] ? filter_irq_stacks+0x49/0x190 [ 494.882876][ T8607] ? kmsan_get_metadata+0xf1/0x160 [ 494.883063][ T8607] genl_family_rcv_msg_attrs_parse+0x11b/0x460 [ 494.883227][ T8607] ? genl_family_rcv_msg_doit+0x4d/0x3f0 [ 494.883374][ T8607] genl_family_rcv_msg_doit+0x77/0x3f0 [ 494.883513][ T8607] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 494.883709][ T8607] ? ns_capable+0x128/0x1c0 [ 494.883867][ T8607] genl_rcv_msg+0xac5/0xc00 [ 494.883993][ T8607] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 494.884213][ T8607] netlink_rcv_skb+0x54d/0x680 [ 494.884401][ T8607] ? __pfx_genl_rcv_msg+0x10/0x10 [ 494.884550][ T8607] genl_rcv+0x41/0x60 [ 494.884669][ T8607] ? __pfx_genl_rcv+0x10/0x10 [ 494.884798][ T8607] netlink_unicast+0xf04/0x12b0 [ 494.884979][ T8607] netlink_sendmsg+0x10b2/0x1250 [ 494.885173][ T8607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.885342][ T8607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.885510][ T8607] __sock_sendmsg+0x333/0x3d0 [ 494.885691][ T8607] ____sys_sendmsg+0x7f5/0xcf0 [ 494.885886][ T8607] ___sys_sendmsg+0x271/0x3b0 [ 494.886032][ T8607] ? kmsan_get_metadata+0xf1/0x160 [ 494.886233][ T8607] ? __rcu_read_unlock+0x6c/0xd0 [ 494.886396][ T8607] ? __fget_files+0x3b4/0x4a0 [ 494.886521][ T8607] ? __fget_files+0x3b9/0x4a0 [ 494.886649][ T8607] ? kmsan_get_metadata+0xf1/0x160 [ 494.886831][ T8607] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 494.887022][ T8607] __x64_sys_sendmsg+0x211/0x3e0 [ 494.887192][ T8607] ? kmsan_get_metadata+0xf1/0x160 [ 494.887378][ T8607] x64_sys_call+0x1c60/0x3e70 [ 494.887550][ T8607] do_syscall_64+0xc9/0xf80 [ 494.887708][ T8607] ? clear_bhb_loop+0x40/0x90 [ 494.887856][ T8607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.887991][ T8607] RIP: 0033:0x7fc52119acb9 [ 494.888088][ T8607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.888202][ T8607] RSP: 002b:00007fc52205d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 494.888330][ T8607] RAX: ffffffffffffffda RBX: 00007fc521416090 RCX: 00007fc52119acb9 [ 494.888419][ T8607] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000006 [ 494.888500][ T8607] RBP: 00007fc52205d090 R08: 0000000000000000 R09: 0000000000000000 [ 494.888581][ T8607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.888661][ T8607] R13: 00007fc521416128 R14: 00007fc521416090 R15: 00007ffe28df07e8 [ 494.888799][ T8607] [ 494.914906][ T5914] usb 3-1: USB disconnect, device number 28 [ 495.239723][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 495.250198][ T5914] cp210x 3-1:0.0: device disconnected [ 495.554677][ T10] hub 1-1:0.0: activate --> -90 [ 495.658189][ T8613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.804892][ T8594] loop0: detected capacity change from 0 to 128 [ 496.122287][ T5914] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 496.377814][ T5914] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.388871][ T5914] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 496.399699][ T10] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 496.412978][ T5842] usb 1-1: USB disconnect, device number 29 [ 496.478478][ T5914] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 496.488180][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 496.496612][ T5914] usb 4-1: SerialNumber: syz [ 496.516128][ T797] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 496.760249][ T797] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 496.768974][ T797] usb 2-1: config 0 has no interface number 0 [ 496.789366][ T8622] loop2: detected capacity change from 0 to 256 [ 496.847597][ T797] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 496.859502][ T797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.868868][ T797] usb 2-1: Product: syz [ 496.873692][ T797] usb 2-1: Manufacturer: syz [ 496.878471][ T797] usb 2-1: SerialNumber: syz [ 497.038729][ T797] usb 2-1: config 0 descriptor?? [ 497.068768][ T8623] loop3: detected capacity change from 0 to 128 [ 497.144948][ T8623] FAT-fs (loop3): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 497.161554][ T8622] FAT-fs (loop2): Directory bread(block 64) failed [ 497.189173][ T8622] FAT-fs (loop2): Directory bread(block 65) failed [ 497.232865][ T8623] FAT-fs (loop3): Directory bread(block 162) failed [ 497.240775][ T8622] FAT-fs (loop2): Directory bread(block 66) failed [ 497.259241][ T8623] FAT-fs (loop3): Directory bread(block 163) failed [ 497.281112][ T8622] FAT-fs (loop2): Directory bread(block 67) failed [ 497.324532][ T8623] FAT-fs (loop3): Directory bread(block 164) failed [ 497.331478][ T8623] FAT-fs (loop3): Directory bread(block 165) failed [ 497.362681][ T8622] FAT-fs (loop2): Directory bread(block 68) failed [ 497.378938][ T8623] FAT-fs (loop3): Directory bread(block 166) failed [ 497.388286][ T8622] FAT-fs (loop2): Directory bread(block 69) failed [ 497.400296][ T8623] FAT-fs (loop3): Directory bread(block 167) failed [ 497.431568][ T8623] FAT-fs (loop3): Directory bread(block 168) failed [ 497.441775][ T8622] FAT-fs (loop2): Directory bread(block 70) failed [ 497.449397][ T8622] FAT-fs (loop2): Directory bread(block 71) failed [ 497.480039][ T8623] FAT-fs (loop3): Directory bread(block 169) failed [ 497.494077][ T8622] FAT-fs (loop2): Directory bread(block 72) failed [ 497.512278][ T10] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 497.533533][ T8622] FAT-fs (loop2): Directory bread(block 73) failed [ 497.582365][ T8620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.652337][ T8620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.717261][ T10] usb 5-1: config 8 has an invalid interface number: 223 but max is 0 [ 497.725996][ T10] usb 5-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 497.735197][ T10] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 497.746212][ T10] usb 5-1: config 8 has no interface number 0 [ 497.766350][ T797] usb 2-1: Firmware: major: 27, minor: 85, hardware type: UNKNOWN (10) [ 497.807368][ T8622] syz.2.627: attempt to access beyond end of device [ 497.807368][ T8622] loop2: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 497.807390][ T30] audit: type=1800 audit(1769338106.485:22): pid=8622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.627" name="file1" dev="loop2" ino=1048631 res=0 errno=0 [ 497.828454][ T10] usb 5-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 497.853946][ T10] usb 5-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 497.881311][ T8627] loop0: detected capacity change from 0 to 512 [ 497.919234][ T10] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 497.929172][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.937614][ T10] usb 5-1: Product: syz [ 497.942107][ T10] usb 5-1: Manufacturer: syz [ 497.946985][ T10] usb 5-1: SerialNumber: syz [ 497.955884][ T797] usb 2-1: failed to fetch extended address, random address set [ 497.965394][ T797] usb 2-1: atusb_probe: initialization failed, error = -524 [ 498.040385][ T797] atusb 2-1:0.128: probe with driver atusb failed with error -524 [ 498.137343][ T8627] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.629: iget: bad extra_isize 90 (inode size 256) [ 498.176181][ T5914] usb 4-1: 0:2 : does not exist [ 498.199970][ T797] usb 2-1: USB disconnect, device number 25 [ 498.230246][ T5914] usb 4-1: USB disconnect, device number 41 [ 498.249905][ T8627] EXT4-fs (loop0): Remounting filesystem read-only [ 498.272853][ T8627] EXT4-fs warning (device loop0): ext4_evict_inode:256: couldn't mark inode dirty (err -30) [ 498.307246][ T8627] EXT4-fs (loop0): 1 orphan inode deleted [ 498.338939][ T8627] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 498.617875][ T6369] udevd[6369]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 498.663269][ T10] usb 5-1: USB disconnect, device number 31 [ 498.768388][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.170022][ T8637] netlink: 80 bytes leftover after parsing attributes in process `syz.0.631'. [ 499.181375][ T8636] capability: warning: `syz.2.633' uses deprecated v2 capabilities in a way that may be insecure [ 499.618016][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 499.720376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 500.027620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 500.131161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 500.189526][ T8650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.637'. [ 500.283330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 500.662081][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 500.881588][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 500.972686][ T10] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 500.981167][ T10] usb 3-1: config 179 has no interface number 0 [ 501.005933][ T10] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 501.018595][ T10] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 501.030603][ T10] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 501.042411][ T10] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 501.055720][ T10] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 501.069652][ T10] usb 3-1: config 179 interface 65 has no altsetting 0 [ 501.076808][ T10] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 501.086011][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.564905][ T797] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 501.639665][ T10] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input10 [ 501.963305][ T797] usb 1-1: Using ep0 maxpacket: 16 [ 501.995525][ T797] usb 1-1: config 0 has no interfaces? [ 502.150566][ T797] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 502.154604][ T5124] input input10: unable to receive magic message: -110 [ 502.163050][ T797] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.175738][ T797] usb 1-1: Product: syz [ 502.181170][ T797] usb 1-1: Manufacturer: syz [ 502.186159][ T797] usb 1-1: SerialNumber: syz [ 502.435667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 502.476666][ T797] usb 1-1: config 0 descriptor?? [ 502.574295][ T5124] input input10: unable to receive magic message: -32 [ 502.590887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 502.712391][ T5124] input input10: unable to receive magic message: -32 [ 503.013941][ T5124] input input10: unable to receive magic message: -32 [ 504.553092][ T797] usb 1-1: USB disconnect, device number 30 [ 504.717631][ T5124] input input10: unable to receive magic message: -32 [ 504.893113][ T5124] input input10: unable to receive magic message: -32 [ 505.130939][ T5124] input input10: unable to receive magic message: -32 [ 505.227084][ T5124] input input10: unable to receive magic message: -32 [ 507.636564][ T30] audit: type=1400 audit(1769338116.325:23): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 511.900092][ T8773] ===================================================== [ 512.000833][ T8773] BUG: KMSAN: uninit-value in iopt_pages_unfill_xarray+0xfe3/0x1660 [ 512.010747][ T8773] iopt_pages_unfill_xarray+0xfe3/0x1660 [ 512.016847][ T8773] iopt_area_remove_access+0x508/0x650 [ 512.022658][ T8773] iommufd_access_unpin_pages+0x637/0xa50 [ 512.028562][ T8773] iommufd_test_access_unmap+0x423/0x6b0 [ 512.034401][ T8773] iommufd_test_staccess_release+0x7f/0x140 [ 512.040462][ T8773] __fput+0x60e/0x1050 [ 512.044738][ T8773] ____fput+0x25/0x30 [ 512.048870][ T8773] task_work_run+0x208/0x2b0 [ 512.053732][ T8773] get_signal+0x136/0x2a10 [ 512.058256][ T8773] arch_do_signal_or_restart+0x53/0xc00 [ 512.064160][ T8773] exit_to_user_mode_loop+0x118/0x1b20 [ 512.069969][ T8773] do_syscall_64+0x1d7/0xf80 [ 512.074920][ T8773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.080978][ T8773] [ 512.083878][ T8773] Local variable batch created at: [ 512.089096][ T8773] iopt_pages_unfill_xarray+0x86/0x1660 [ 512.094926][ T8773] iopt_area_remove_access+0x508/0x650 [ 512.100562][ T8773] [ 512.103079][ T8773] CPU: 0 UID: 0 PID: 8773 Comm: syz.4.649 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 512.115947][ T8773] Tainted: [L]=SOFTLOCKUP [ 512.120311][ T8773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 512.130773][ T8773] ===================================================== [ 512.137860][ T8773] Disabling lock debugging due to kernel taint [ 512.144199][ T8773] Kernel panic - not syncing: kmsan.panic set ... [ 512.150673][ T8773] CPU: 0 UID: 0 PID: 8773 Comm: syz.4.649 Tainted: G B L syzkaller #0 PREEMPT(voluntary) [ 512.161978][ T8773] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 512.167548][ T8773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 512.177664][ T8773] Call Trace: [ 512.180978][ T8773] [ 512.183943][ T8773] __dump_stack+0x26/0x30 [ 512.188368][ T8773] dump_stack_lvl+0x50/0x1c0 [ 512.193154][ T8773] ? dump_stack+0x12/0x25 [ 512.197570][ T8773] dump_stack+0x1e/0x25 [ 512.201798][ T8773] vpanic+0x435/0xd40 [ 512.205933][ T8773] panic+0x15d/0x160 [ 512.209943][ T8773] kmsan_report+0x31a/0x320 [ 512.214640][ T8773] ? __msan_warning+0x1b/0x30 [ 512.219438][ T8773] ? iopt_pages_unfill_xarray+0xfe3/0x1660 [ 512.225343][ T8773] ? iopt_area_remove_access+0x508/0x650 [ 512.231086][ T8773] ? iommufd_access_unpin_pages+0x637/0xa50 [ 512.237068][ T8773] ? iommufd_test_access_unmap+0x423/0x6b0 [ 512.242954][ T8773] ? iommufd_test_staccess_release+0x7f/0x140 [ 512.249097][ T8773] ? __fput+0x60e/0x1050 [ 512.253420][ T8773] ? ____fput+0x25/0x30 [ 512.257642][ T8773] ? task_work_run+0x208/0x2b0 [ 512.262498][ T8773] ? get_signal+0x136/0x2a10 [ 512.267182][ T8773] ? arch_do_signal_or_restart+0x53/0xc00 [ 512.273081][ T8773] ? exit_to_user_mode_loop+0x118/0x1b20 [ 512.278815][ T8773] ? do_syscall_64+0x1d7/0xf80 [ 512.283715][ T8773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.289895][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.295197][ T8773] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.301148][ T8773] ? xas_load+0xcec/0xd70 [ 512.305598][ T8773] ? __xas_next+0x142/0x7a0 [ 512.310198][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.315441][ T8773] __msan_warning+0x1b/0x30 [ 512.320114][ T8773] iopt_pages_unfill_xarray+0xfe3/0x1660 [ 512.325915][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.331136][ T8773] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.337059][ T8773] ? interval_tree_remove+0x158e/0x1730 [ 512.342702][ T8773] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.348639][ T8773] iopt_area_remove_access+0x508/0x650 [ 512.354220][ T8773] iommufd_access_unpin_pages+0x637/0xa50 [ 512.360087][ T8773] iommufd_test_access_unmap+0x423/0x6b0 [ 512.365823][ T8773] iommufd_test_staccess_release+0x7f/0x140 [ 512.371796][ T8773] ? __pfx_iommufd_test_staccess_release+0x10/0x10 [ 512.378556][ T8773] __fput+0x60e/0x1050 [ 512.382744][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.387959][ T8773] ? __pfx_____fput+0x10/0x10 [ 512.392705][ T8773] ____fput+0x25/0x30 [ 512.396754][ T8773] task_work_run+0x208/0x2b0 [ 512.401452][ T8773] get_signal+0x136/0x2a10 [ 512.405937][ T8773] ? filter_irq_stacks+0x13f/0x190 [ 512.411241][ T8773] ? stack_depot_save_flags+0x35/0x790 [ 512.416802][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.422100][ T8773] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 512.428552][ T8773] ? arch_do_signal_or_restart+0x43/0xc00 [ 512.434799][ T8773] ? exit_to_user_mode_loop+0x118/0x1b20 [ 512.440531][ T8773] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.446445][ T8773] arch_do_signal_or_restart+0x53/0xc00 [ 512.452100][ T8773] ? iommufd_fops_ioctl+0x917/0x9e0 [ 512.457392][ T8773] ? kmsan_get_metadata+0xf1/0x160 [ 512.462606][ T8773] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 512.469059][ T8773] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 512.475332][ T8773] exit_to_user_mode_loop+0x118/0x1b20 [ 512.480894][ T8773] ? fput+0x113/0x160 [ 512.484947][ T8773] ? __se_sys_ioctl+0x396/0x400 [ 512.489903][ T8773] ? __x64_sys_ioctl+0x97/0xe0 [ 512.494787][ T8773] do_syscall_64+0x1d7/0xf80 [ 512.499483][ T8773] ? clear_bhb_loop+0x40/0x90 [ 512.504260][ T8773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.510240][ T8773] RIP: 0033:0x7f462ef9acb9 [ 512.514704][ T8773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 512.534401][ T8773] RSP: 002b:00007f462d1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.542926][ T8773] RAX: fffffffffffffffc RBX: 00007f462f216090 RCX: 00007f462ef9acb9 [ 512.550958][ T8773] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 512.558981][ T8773] RBP: 00007f462f008bf7 R08: 0000000000000000 R09: 0000000000000000 [ 512.567005][ T8773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 512.575024][ T8773] R13: 00007f462f216128 R14: 00007f462f216090 R15: 00007ffeaa292338 [ 512.583084][ T8773] [ 512.586583][ T8773] Kernel Offset: disabled [ 512.590949][ T8773] Rebooting in 86400 seconds..