last executing test programs: 4m25.766862029s ago: executing program 1 (id=817): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd16", 0x8}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20048000}], 0x1, 0x400c0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/67, 0x43}], 0x1}, 0x0) (fail_nth: 3) 4m25.495794069s ago: executing program 1 (id=818): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r1, 0x402, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r2, 0x402, 0x40000029) fcntl$notify(r0, 0x402, 0xc58100de3fc96e21) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 4m24.402304088s ago: executing program 1 (id=820): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc7) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) write$tun(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="143cede28499", @ANYRES64=r1], 0xb2) 4m24.113405964s ago: executing program 1 (id=823): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000840)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_COPY(r3, 0x3b83, &(0x7f0000000240)={0x28, 0x4, r4, r4, 0x0, 0x4, 0x5586000000}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCOUTQ(r6, 0x4bfb, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000005500)={0x2020}, 0x2020) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000400)) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000fcff00020000200900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}}, 0x0) 4m23.81004166s ago: executing program 1 (id=828): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd16", 0x8}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20048000}], 0x1, 0x400c0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/67, 0x43}], 0x1}, 0x0) 4m22.527522504s ago: executing program 1 (id=831): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc7) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) write$tun(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="143cede28499", @ANYRES64=r1], 0xb2) 4m22.196059414s ago: executing program 32 (id=831): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc7) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) write$tun(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="143cede28499", @ANYRES64=r1], 0xb2) 7.298441456s ago: executing program 4 (id=2943): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x8000, 0x0) 6.194948812s ago: executing program 4 (id=2949): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) poll(&(0x7f0000000340)=[{0xffffffffffffffff, 0x30}], 0x1, 0x9) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x600, 0x1000000}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) read$ublk_bdev(r4, &(0x7f0000000240)=""/37, 0x25) 6.043599911s ago: executing program 2 (id=2951): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_DEV={0x14, 0x3, 'bridge_slave_0\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x214, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xa54}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_USERDATA={0xac, 0xc, "93cec344d5eae2930ee28afab8429f98e24552fc767ee67ad3950ebe33ff7d4763c50b0d80a64a1f8ec5f1d9ff840f3212eec6781971f47d1b929b637dd1e2d5fbef4b82cb2b9639f44a6cbad01f0832b150eb3768c6fa848b0a135324c2f8fe96c0c787c8d5ca8384d8d6f8d39412ebb9e5d3014e5888427a43beeaca4ffa9cb4653a37d65739dd1afe35fd6c1bfa29eddeccbd4bce07f753e4188e682cc9bb9338253cf632725b"}, @NFTA_CHAIN_USERDATA={0x104, 0xc, "f1e869e6d2042ebb248b5c210d2576c830864396c28a4089afdb4aa1e1e13ce6830d90aa8b8b46cccf553e5945c54a8e01a48f5f0612675b309a28ede2e955f3fc86e7d497ec1819df15b9792c2475ec3ef80e7ec52184e090f5049848f7315c7990b29a30d408421b16042c3aa370f478213a0c724505c29be025e3c7d046ca79176f9fcc361e4a4343259a85651499dbd0d24538d0eeaf639163d6f3b38a3da471d795586e9b6be7207eb0108d94046d0de9b39af7bf8d8c6d4531d87da7b7d964fbdb5efddcc010e41e72323d9eff61e73b6c641c323039fb113bff2bbc3bf9ca57ff4e544686c369059269b253bce9eba36854d9a051357d45807e440d92"}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWTABLE={0x38, 0x0, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELFLOWTABLE={0x1ac, 0x18, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x70, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_macvtap\x00'}, {0x14, 0x1, 'vlan1\x00'}, {0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'vlan0\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x110, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x82d}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pim6reg1\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_FLOWTABLE_HOOK_DEVS={0xcc, 0x3, 0x0, 0x1, [{0x14, 0x1, 'tunl0\x00'}, {0x14, 0x1, 'bond0\x00'}, {0x14, 0x1, 'ip_vti0\x00'}, {0x14, 0x1, 'dvmrp0\x00'}, {0x14, 0x1, 'veth0_virt_wifi\x00'}, {0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'pimreg0\x00'}, {0x14, 0x1, 'virt_wifi0\x00'}, {0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'netpci0\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x320, 0x8, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x1cc, 0x4, 0x0, 0x1, [{0x6c, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x5c, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x12}, @NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}]}}}, {0x38, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xffffffffffffffff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xffffffff}]}}}, {0xc, 0x1, 0x0, 0x1, @ct={{0x7}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @ct={{0x7}, @void}}, {0x34, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xe}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x25}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x2}]}}}, {0x3c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x3e}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x36}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x50}, @NFTA_INNER_FLAGS={0x8}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x3f}]}}}, {0x70, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0xf8, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}, {0x4c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_TPROXY_REG_ADDR={0x8}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x17}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_TPROXY_REG_ADDR={0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0xfff7}]}}}, {0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}, {0xc, 0x1, 0x0, 0x1, @ct={{0x7}, @void}}, {0xc, 0x1, 0x0, 0x1, @osf={{0x8}, @void}}, {0x50, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xb0000000}]}}}]}]}, @NFT_MSG_NEWRULE={0x1c, 0x6, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7f0}}, 0x0) 5.863554226s ago: executing program 2 (id=2952): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, &(0x7f0000000200)) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0xfffffffd, 0x2bf7bffe3}, 0xc) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00') read$FUSE(r4, &(0x7f00000040c0)={0x2020}, 0x2020) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c01000016000100000000000000000000000000000000000000000000000000fc0200000000000000000000000000004e2000"/64, @ANYRES32=0x0, @ANYRES8=r3, @ANYRESHEX=r1], 0x11c}, 0x1, 0x0, 0x0, 0x1}, 0x4000090) r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) ioctl$DVB_DVR_DMX_EXPBUF(r0, 0xc00c6f3e, &(0x7f0000000040)={0x1, 0x80000, r5}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r6) close_range(r1, 0xffffffffffffffff, 0x200000000000000) 5.861042256s ago: executing program 2 (id=2953): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f00000007c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}], 0x1, 0x40800) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYBLOB='\a'], 0x0) bind$x25(r2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000fee000)=0x3fa, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x40400, 0x0) socket(0x10, 0x3, 0x0) ioctl$COMEDI_INSN(r3, 0x8028640c, &(0x7f0000022a00)={0x4000000, 0x92, 0x0, 0x0, 0x2}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) 5.548746297s ago: executing program 0 (id=2958): ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0], 0x2, 0x80800, 0x0, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000028c0)=[{{&(0x7f0000000080)=@tipc=@id, 0x80, &(0x7f0000001480)=[{&(0x7f0000000100)=""/60, 0x3c}, {&(0x7f0000000140)=""/52, 0x34}, {&(0x7f0000000180)=""/153, 0x99}, {&(0x7f0000000240)=""/239, 0xef}, {&(0x7f0000000340)=""/45, 0x2d}, {&(0x7f0000000380)=""/6, 0x6}, {&(0x7f00000003c0)=""/120, 0x78}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/58, 0x3a}], 0x9, &(0x7f0000001540)}, 0xe7}, {{&(0x7f0000001580)=@generic, 0x80, &(0x7f0000001880)=[{&(0x7f0000001600)=""/244, 0xf4}, {&(0x7f0000001700)=""/162, 0xa2}, {&(0x7f00000017c0)=""/154, 0x9a}], 0x3, &(0x7f00000018c0)=""/4096, 0x1000}, 0xffff}], 0x2, 0x100, &(0x7f0000002940)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002ac0)={0x44, 0x0, &(0x7f0000002980)=[@dead_binder_done, @increfs={0x40046304, 0x1}, @dead_binder_done, @acquire, @acquire_done, @decrefs], 0x83, 0x0, &(0x7f0000002a00)="7d079b539827da54dd9682b53e58086fe6911dffb578ec443756c0745fa15c5f51857df66ee406b226ed73d499788677dfd0ab41462e218b6b14cccdf015c6768844e2f7717b2fa4c61d0686c6d14957b138cb0c7e2e10d4c2de541f154e842ad5e83eee7ca82e084fde08fb9830b60b840b8d80e9e5f4ae35a69c2511b88ebc1f737f"}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r1, 0x4018aee3, &(0x7f0000002b40)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f0000002b00)={0x2, 0x6, 0x1}}) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000002b80)) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000002bc0)=0x9, 0x4) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000002c00)={0xf0, "1b75bfc7b09cf78acba6fafb147d0d3e03372508d22e926ec68cf81dcf63caa9a08ce13efbb2974c7c6203fe67dba536812fc700bedddff613d21de5cff478cff661b473af79fddd7f0b21bb40a31d59b6a33effcbdf432f77d9f45bd358bb1817a02edf62c66ac2a45e168ea247facc12a5d4df317ab14c3b899ffc6f11582840c4bcf0a8931ce589b9a53fdf83b2b9127b6ef565731c973f4a40e6c4bf2ea48edceac93c9a10ccf62d870743defe19185a9f948223cc7b3b68f51464117e98864a3bfd766a86f054279f2143cdecc16de4a0d3f6fb2e6f570dc5d0ebaae1bbee510b010e4bda377b8fa02ebc462d9b"}) ioctl$XFS_IOC_ERROR_CLEARALL(r1, 0x40085875) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x5) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000042c0)={0xfc, 0x0, &(0x7f0000004180)=[@enter_looper, @request_death={0x400c630e, 0x2}, @enter_looper, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002e00)={@ptr={0x70742a85, 0x0, &(0x7f0000002d00)=""/254, 0xfe, 0x0, 0x16}, @fda={0x66646185, 0x6, 0x1, 0xf}, @flat=@weak_binder={0x77622a85, 0x0, 0x1}}, &(0x7f0000002e80)={0x0, 0x28, 0x48}}}, @dead_binder_done, @acquire={0x40046305, 0x3}, @exit_looper, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002ec0)={@fda={0x66646185, 0x5, 0x0, 0x3c}, @fda={0x66646185, 0x4, 0x0, 0x31}, @fda={0x66646185, 0x0, 0x0, 0x6}}, &(0x7f0000002f40)={0x0, 0x20, 0x40}}}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f00000040c0)={@ptr={0x70742a85, 0x1, &(0x7f0000002f80)=""/4096, 0x1000, 0x1, 0x37}, @ptr={0x70742a85, 0x0, &(0x7f0000003f80)=""/27, 0x1b, 0x0, 0x19}, @ptr={0x70742a85, 0x0, &(0x7f0000003fc0)=""/246, 0xf6, 0x2, 0x1}}, &(0x7f0000004140)={0x0, 0x28, 0x50}}}], 0x36, 0x0, &(0x7f0000004280)="7fa478a38c63f33050c1d349f559802da51d29a228de714f86b8ec32def8376bc516d0ae67bd845e618cb8aff8c87241c987258eeb3e"}) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004340), r0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000004440)={&(0x7f0000004300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000004400)={&(0x7f0000004380)={0x50, r2, 0x2, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x10}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x4001) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000004480), 0x0, 0x0) write$uinput_user_dev(r3, &(0x7f00000044c0)={'syz0\x00', {0x3, 0x15c, 0x3, 0x5d9}, 0x13, [0x9, 0x7c, 0x1, 0x6, 0x3ff, 0x1, 0x3, 0xf7, 0x4, 0x81, 0x7, 0x1, 0x2, 0x81, 0x1, 0x8, 0x180000, 0x5, 0x2, 0x4, 0x134, 0x10001, 0x81, 0x80000001, 0xe5, 0x5c9, 0xffff, 0xe77, 0xffff, 0x1, 0x12, 0x3ff, 0x7f, 0xfffffffd, 0xffffffff, 0x4, 0x8, 0x200, 0x793, 0x2, 0x91dd, 0x3, 0x8, 0x1, 0x2, 0x7, 0x46f, 0x0, 0x3, 0x8, 0x0, 0x535a, 0x6d88f8a0, 0x800, 0x5, 0x116dd3ae, 0xd4, 0x8, 0x5, 0x4, 0x3, 0x9, 0x6acc, 0x8], [0x2, 0xffffffff, 0x7, 0x10000, 0xc, 0x0, 0x9, 0x4, 0x8000, 0x3, 0x1, 0xca1, 0x3, 0xdd, 0x0, 0x3eb53ddb, 0x4, 0x0, 0x101, 0x2, 0x10000, 0x1, 0x3, 0x6, 0x3, 0x1, 0x1, 0x7ff, 0x5, 0x3, 0xdd48, 0x4, 0x400, 0xd, 0x6, 0x2, 0xca, 0x2, 0x1, 0x2, 0xff440000, 0x200, 0x6, 0x13ae, 0x4, 0x5699, 0x1, 0x3, 0x1, 0x200, 0x9, 0x10, 0x2, 0x6, 0x6, 0xffffffff, 0xc4, 0x8, 0x5, 0x80000000, 0x1, 0x7, 0x1, 0xb], [0x7, 0x2, 0xc, 0x2bd, 0x2, 0x610, 0x4, 0x7, 0x5, 0x6, 0x8, 0x10000, 0x78, 0x2, 0x5, 0xdc16, 0x80000000, 0x8000, 0x10001, 0x0, 0x7fff, 0x8, 0x80, 0x3, 0x9, 0xe4, 0x7, 0x6, 0x3, 0x8, 0x735f, 0x10000, 0x7, 0x1f, 0x10001, 0x8, 0x10, 0x9, 0xe, 0x1000, 0x1ff, 0x3, 0x9, 0x44b, 0x5, 0x9, 0x800000, 0x7, 0x8, 0x9, 0x0, 0x5, 0x0, 0x2, 0x9, 0x1, 0x4, 0x7fff, 0x4, 0x3, 0xffffffff, 0x2, 0x40, 0x1], [0x10001, 0x5, 0x8, 0x6890a163, 0xfffffff8, 0x6, 0x4, 0x5, 0x8, 0x6, 0xe4e, 0x4, 0xfffff4c9, 0xf581, 0x2, 0x435, 0x2, 0xfffffffa, 0x7, 0xe79d, 0xfffffffa, 0x6, 0x3ff, 0x6, 0x400, 0xe6f, 0x40, 0x0, 0x7, 0x4, 0xb, 0x7ae, 0x7, 0x7, 0x8, 0x9, 0xfffffeff, 0x44b29a38, 0x100, 0x3, 0x10000, 0x2, 0x8, 0x3, 0x20000000, 0x7, 0xffffff19, 0x1, 0xe2f, 0x1ef, 0x8, 0x2, 0xfffffffa, 0x10001, 0x929e, 0xffff, 0xb, 0x7, 0x2, 0x5, 0x1000, 0x7, 0x2d]}, 0x45c) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000004940)={r0, 0x7fffffff, 0x71, 0x7}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004980)={0x73622a85, 0x1, 0x3}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000049c0)={0x73622a85, 0xb}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a00)={0x73622a85, 0x101, 0x1}) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r0, 0xf505, 0x0) ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000004a40)=0x7e) r5 = memfd_secret(0x80000) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000004b80)={0x24, 0x0, &(0x7f0000004a80)=[@request_death={0x400c630e, 0x2}, @exit_looper, @request_death={0x400c630e, 0x2}], 0xbb, 0x0, &(0x7f0000004ac0)="2b2831a4e36555ebc960f73fc0f8ec421efc6242ec12eb29ab499acba4247d17bb17bafd8fd0bc5b411f1ac17d5eab63b3ea28c0da7beaecd76e547aa961698acf9a2e33736b7f5406b47851b618c2e71cb4b1e3cdf32867af87c2bae5ee39de4cf2465f9f7da1b12205cdec5280a5a70df29a19641a14d6ada0011022674c59be8eb0cb304343fd3b587c079718b51cfe0c5fabeb9c0ba97b8b49722b210e93a8911f5e6a3fea89a184bb22292e6b0c14986a68d7256eb07c6959"}) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$XFS_IOC_SCRUB_METADATA(r6, 0xc040583c, &(0x7f0000004bc0)={0x3, 0x122, 0x5, 0x0, 0x2}) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(0xffffffffffffffff, 0x40046210, &(0x7f0000004c00)) writev(r4, &(0x7f0000005e80)=[{&(0x7f0000004c40)="23470772cac36149ae6cf05054cfd9958e9e1c96c52f81b5ed0613dbd09828b45a54fdb1558b2e837060ea0fdeaacc1bcd22b99197f72ed39ac7e5bd118e69bb86c508c3979f72babbaeac9fc736b433e41ecb0893aee2532c0fa960449ec8e3e2187ceff507fe564a4bbae068b014cd439ea14e32f54ad8ff7c6e02da05b4b97e0fe51467f227f83251196f2b9f58e55109f1bce03d8b3cd854ee6f45cc5cdef3e4d11817b4911176dbc4dedfcfb09b1a4d84c40a4a51072fcd184feaf643d08aa04099d05d82003b494968b20297b7adf57625a6e1342c9e54f5df835f6e527e48e4207bc636fdcff56f6abae68f182b75b26187091d70ec73defcda24c418b810d2c6e58041d035cd4058250376dd71aa972b46a42957050c3c6ac744f45601ac34e0f9244f310a3d6383c7f6776c0ea8eff8c1dfa3ffaf96c12b56fb85f6de04fc99600b8e2331461e671f6a201e7e93148d77bf34c95a360b869d51f2e05c16c3af6de89aabb4244f6a5931e0e7e0455a6901e031a9a0e5175e05e5c7d0e4fe9b301fee508bf8193dec61856967a4a7d0c09051deff6787cbc2d0952a2780803d6428609191f151a6a48708b47993a4c79f0b401b40983896a9cc19adfc8e60ac2442acfc740cfdba6bcf8f9e51c324b9a5b4e43330a03c5a6bcffe5c55465ec1a769eadf6f841a5c8cf7387b6c5eddf4cfbd866fb28819679b8bc87938aa4ad41ca07192bff4a796082a4631d9b12278aaeb5330be3a8f00fa32343e740257cc048bd057f7f473682ea9c6a946129d2e3c53bf67f3dc4f1a3db3f0e65b054128d3507afab2ea4b56762a3d8272c002314139fe40344761f9b59787a743658506df51d909e2364a87605577e7807e78ac88deef9e87b2c7ff1f0281e53b3bdef6b0f43063a10a8af4f509d10195f29d8f33284ec2ea52ddd74f7bca40ef2cac6b675f020c99ad132693f984c80f454b88d0130ab3bea19ab2eb4350ec97910f93bca60a96668b5319ff5ae1e6f19a2fafdf198d85fbf07bff947083481c60a9392197dbdd6681b9ab860b27e4ad5e371ba1e4f527b8c4738aa15954176f5130f50b834f97e58e4df8476a3c6494852e0fdf67f178c28c0df780ff6e17bc79f1bc48076e546b0783f7b2fdc9ebeb6a787c73e6bffdf54be953ec8e1818278ef6bea90289bd36e84cbad524430911d0b8a3afdc6eeae626c948319bef563a8292c817c17bce760287b91fb80e6518eefdb14c847a310eef72b54ea449cee82db358a6ac2e20a8c4164ac6157aedf4e32bd6b88f972f1337ccb54bf18fc7df99ef36f03eb771f3307145f7ba9be9bf824139e22793cc67d0b999c4e4eb65242509fbf6b9adb667e2f0040b1c2338cddceb79959dd7b3364ba2b11fe422b1cbef3660cfce69187d152e68611ad9ebedc33169c97376da45ee4d7c7b1b354f652d9c9b4302768618096a1811aa0dcdaa1319cf014b9f8f301e25f7c4601838f2f53253528b636585bf4778c60f9dbfdae03397702d3b9ef5a762efc7b1591e314a2c1fe65dc52f8210a7764a250a85760582c57b30713c45504fe7469e9d7bb35ba5d443216f2ddf8ebcd27377ccc9075dfa3cb46af23a09050381eb53f683676fba013d1ddb71258258a15f144d90e0855befab661421fdf7df54feb7fcd5f3360cfe27338a4a1a5f8d42e088740187e2cb3170ee7eecb8552a26dc7e61df4e4588208abc307502b15819ef3ccc6ce39dd291d9e55734682ee110068c025e73abd39c6dc50178bdc04098bbf1e6b7a4697f69881d90546b5aec7de32c5ac917992e99c9cb8010885915e07500e44595b1b56dae4db53428b3bc565b6296a45fbaa7d6760be2061b83382451a6470ad222a4126ddf105f5601bfdbe94a58ba208419542e4b0ba220ae53e8faef96067d6965cd04db857df4f59a49d09f3c79d6a7fa8e49cbc857cb9348975282023101e26b843c349a32baec853dd1e18e8942f819434423bf5e428cfdb67eb53fe2ede0ec2de7fc1bd1bd0fd54430772d751ed74305f235234b0a49b2b47842c00da6acd9bbdb951e7071e4a7beddd0deae831aabe2f3ecbdf5ef3f0f49deebe47acd4cf6d5a404ed3f657567a7be390ab49997f5783e0806fff97f79a825817af6429f828c2b05f515b089768b894ab8c651949f70a73f8e8484dc9fe4377f15194b58d311c05c98e7e141f3d9c56165096a9eacac265b041c1719b7c7727e9a64814b333c734ebe1852be355709745712f9088273e0d7f88d75846920f5c335457d52eee3c8a52550906d2bce04303efb341904a8d07a629e875f0eacf4dd6de78df077fbdae85af976f08a0df76bbaf5263436bd109f9a20f101644c4c6ea16969759089707fc1b406a47cc567d8d3712c1900d28bad2c9de1658620693bfda37ba19dbf356472699b5a31f85216be74694b801cdd4bc2fdff2eb61b35aa99e60c7e565f4de526c6fbf2c1fb9dd46e4be9874d33f37f7613c2bd17c6bc0bc9eb3af486a1de522a03f7d8d4785f21566e2c4e9ea9bfb5500f743dcc5614fe4c40a81cc5105e262c47d9ae037c63995e645fd4795dcdf1d29a98395be21691cd49a63c2f86917e906d4bf929be5475dd0e0f54e7a10274c77cd99256f048ef2cfb7b79720a91702b63e861024d4c508c4ddfacebb7ae48b5ada9a64ea1cee875d4adea86b3f685af8a5143b5690e8a82cca234c6ed07bcee767cae14dcb43e758d17cb46a39c20fff021b1dc4e96a528c2ed83cabed47b22e163598d76b4fedf50da92e704ae112a20937caf56bfa6b4d44b7530e68afebb3dfce4f1847a5548c056d4cfbd51777d7ce9846b87fdc433dbdf25c19b830c446953f9a840b0dcb75b2cd6b535300e5133229701473ee981e8c27efa78d6019d344da98d4cba202ffc1a060a793ede26c2f41cfcaa26f3acd05b53ffb8fd1b1b1b87e9f8e16747132cb055aa1d62bb30371000e0191c204666e09cb56d8e977e89ecc5a14e3fcf6b1fad92e013a7f78977064f1de03b01b57d901be9194a1ff4b04087463acd616ad8a6b2beab14462f96ef9c80140234f1e0725996ad0efaa2c7a3090b28e8a8ef0418d671393bc6d54134b1061e500b516e96993f267a94ae74758bd1d211cceba614db679263faccb34f8e2791a7f3f91369df3bb77f10afb17fa128a3342d8e42c4c2710acfe5f7312d87f2e8ef344b6ef48c91df5dec986f7e4ed0b7f69e2d9d516faf311a44c14a0dcfbe1018834ee3752ca940e25dac3298a9b86b833b8dfc8a5f3d2fdd486a398e7fa1df63799599479b22e7c501db25f0aa373254bfd9b94fb2b34c9e24e2170e48e495b6d592fdb4fe899d9dd8cef2f427c79c25e50b805b673d93c0b99b7661c03e0170963e986d4b3ba0c9f807feb5d3a531de88425e9a552b48407666ce5e4404a9d32cc6c9ac1f0f8c9de6e1c8cf4a7f96a6cf7d981ca2e0272c9e67eec0cdc85f9dc5b6fe58ff7873ae0342aed38ba24e0d7d07cce808a4d097a6f896d677d91e229d19ca53ff9315da19a776599d2ff6791dc7a7fef092313d2e9b01f5340a362eb7f930768aaf79c6be5c73e04263a62764c1633a3b302e005cddba205a9c675d1f611a211b2e84ad3d2624a39a46720ff7d329755c3157510c7d3fae47ff77113710d872ba46c82e9886671d7f031c35ab39eb6d1758745f437ec5a95b3234f6889bb8de104d3659e28d3510b68994716d31bed36933baacee0cf18af66f0585a7ceceff55e014955dede820ee0df922a092599e78c57a7eefbafc1ab27dcc248b589db29a0e29645c92edb856266bf0e658761f563d7247cd1ef2c8b0649bb7ec355e34d1106fbfaa2854b4621b072f08e5649039131f6b387a49fef16cde50c3fa97e8d222eff08c56391e1cb2a7808d75bf7c12aba75c09af9712d9b2322a6bfd3a00949ea12cdff63f0a005df2de1dbb1207e7c3eb3f9cff9025e661b4b278d357fd7a61aac3aed15246f22dae3348c676f688ae927e7af076b3cb2bed66090b3d08b014b06801befde0d6eb34a4a07ad49ae4c415ae25cab3ee1068f250801a2d78fff6b561f7b2fc147a1329d32325ed278e42687b1a2d9b04cec7a117c051a6eb7daa15175821a59a4261f24112a4582d3d85bd5d00967b67c1ce7072b739daf4c15f8a7b5a15aaa752e4d18cfe44a74f65e6ac4d4673a0369cebdd4183e30d74a9f4db4b16c012198f4c8981c36d91c57265d0285a208915f2638c9e6da153afccdadc187336301ca4224b66932195ec131a6265575bb47e22c585d3465622df8c9e488e3ed27ee2926f5801a8031adce0bcca4094cdb60cd360fab8951b14127f5b72ee824ad21cc8356e31b945bb60a14af851bc45a7ca1f11504b4c1219758a9e88ab26f04914e3c1a50b2db0092e9be251df0302b332ea0d19eb9ed1f05e4a5d8bd30a99aaf652b78f5612e35468a92ef6123eb2d357b1e17048353e47095512f0a5a23fd0354a41d699ebe9c7021cd5fc229597d0ed9aba722a51eb16137305b356e367b4fb6bde031baba3a7f14d36bfcdfa20bf06d986db5a28b623b89d9c408fda7b8357bf305d4b7241b776a863a0ca57084b088995d2304f916ce7a586fa2d1542407822eb862c30c63fcb754658cbd26f51e29a7047d7bf30d42ffb3d7ebff844130ba48eb66b2cbd76781cfee616ac309a2f462e2744370738ecec507b7468e8821827da8f039ef9ac4d259ec6aa69cc49c388a685322c512d8e82903b85a7f663c47cc692ddc10c8e2b2132fb925abd0322c615ec110867b09dcc3c0f30d5420db48fddec36a7b1d8d722359d27d29bbf91580669082a6ae0ceca54f1a5e391f8c6845f14b80eab35cfb7e7906a9518f39b6138a7dfa429f27816cc3dfde19278a7d8ce5f12a42685fbd889b4d9209755c5635e2e8435d91ca6e80397b780f6343919025afe8015ddb2fa05185bbc7580521e61481e9c182c3421bd7bf9ecfca28e697bd7e5d4a8bfa96c63e3fac491aa0246935d3d650bbb012b00c2b3e17d16a3c76bfc461c66803916a88ac432987baff781cf394e39321f6cf849fdd7bf4a2a7cd0afeab2c8ccab51bc78d595f1fe747cb478fca4f1a9792701b73ae19ae8ede6d40d1854c13e41a8e5f692e05b748589029ad934e3eb1bca69c03964d99f95921e1794142243915a977da3fe8b4ee01489968152bbc3573394241f72a5b887c6c637234de6ca8219c3a5aeea8b5c17d7d5ab61cb2821bf6e3f93b75adf2cd75d0743d58fad588e5a68ab410095c563b4f1bafee39484cf58635cbf72cb8da77cf3b441688a41c5d4df16d569534ee61b894b8f3dc71e33c4ebaaba9b8dabca93f5fa3308631b48091ee01090bcea3c48dca629d0ebbb33af20b9c662788c16e04aaf09e10cfd0937eacebdd3a083f02aa2c624fc401f1dd657376440b6ef3adf55cc427a05b0da820dc2a10522c7d3bf4e00ff7b1eaf72324cea8d18d66a206002e0a9c3e4bd1ec080cd89a9337c825d2eabcc4928f1397e27a4eed6f36718143f6dc696aa5c071ab0806c6aff08e6c3b9634e9b4d0f30e1d50ce58c80a476bba38d347bff09e8f6f93f8eebbb69402e4cf963747b744d1355484ca44d4fd9de69b26c6d5a5342f169d2ed755d02f3ed49184c3c404b24ca699881840e495441a12761afbc6ca705f58b2f5a315de5aee5fcdfac49590c19c684f9676119d3452f42593a7297d51b555540d28e290c033bd59e5dfbdb3215471cc1a30963c20ba8ef4a4f56e693bc63f9da5db73df0740fcfe5e2fdb3e5", 0x1000}, {&(0x7f0000005c40)="4eb308d99cf384a0463adaf21a22eeb3f4d9c0090e9b2773695ba73ad198fe06ae9ea7b1314f9734d5a73bc81cd51547ae1fc3d9b0b4be4046b57ee5e81e8333ae07c0d643ee5a74c733c96208e108ebd78652a25e99e379bcffc9c9c90064ad572cb52984b673a4151768f860ed5aaba1d78af5212a34a03126247830eaad332128d4a94f153c654d25b2bc1c3209e728a818d3d9db7842e75058751eacb2a337", 0xa1}, {&(0x7f0000005d00)="941104de2d6f80d2a5bc470c970cd2ef5dded7227a1d73139f3c2a15fed412b923ace5084ac576cb73cfbf746f84c379f1a8f1910d825b320515ae0cb01fff6686144610654cb589369ac1891c56686c18b3c6a7d3dfd4253ff718236ba5eb5fbae42951376f24c388c422a40aa202eef4263e14de0d580db605cda94e81858b9c03955b7bcc77f044ef780e976b88e4f90ef5c005c1626e783c8fdca927abdab9fb63c72253b2871dd3ed40074e8ab001e5b57f700752e73860196d2c8e768c82b46626f3c2afa34cd6c205b27af488e9d3b7732034c7db2badd7e7c47841ab55230bde6316e44339b1b737dd54a557077ec0", 0xf3}, {&(0x7f0000005e00)="17eb3a44d7f8be1b0f31e719483ed991ac608fce2c1f0e36d0fbb74e74537a7a7eb1b47bc82d9917b149ab006b0c9e79265c0a997bb800ba3e53e770a6497dc539c4dfc8170b18bdd49c585b5a5dfe67d69e246fe89c810d21f253d02c934da598da539f33420d2ba0bdadb9db28568f4c7b2b3583", 0x75}], 0x4) getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000005ec0)={'ah\x00'}, &(0x7f0000005f00)=0x1e) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000005f80), r0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000006140)={&(0x7f0000005f40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000006100)={&(0x7f0000005fc0)={0x10c, r7, 0x800, 0x70bd29, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x6b}, {0x8, 0x13, 0x6}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3ff}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x3}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x3}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x51632e29}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x6709}, {0x5, 0x14, 0x1}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) 5.483035315s ago: executing program 0 (id=2959): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000280)={r2, 0x7}, 0x8) mprotect(&(0x7f0000002000/0x3000)=nil, 0x3000, 0xb) unshare(0x100000) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x2) getdents64(r3, 0x0, 0x0) 5.383108068s ago: executing program 4 (id=2961): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x659f, 0x4) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) 5.223954546s ago: executing program 0 (id=2962): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r1, 0x7}, 0x8) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104a380102030109021b0001000010000904590201801e2a00090582"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x20000) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$uac3(r2, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300030d00000000070000fedbdf250200090040000000000000000005000002000100000000000000050200000000030005000000000002000100ac1414000000000000000000030006000000000002000000ac1414aa0000000000000000010029"], 0x68}, 0x1, 0x7}, 0x10) syz_usb_control_io$uac1(r2, 0x0, &(0x7f00000000c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x4, 0x10}, &(0x7f0000000340)=0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x38, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) r6 = socket(0xa, 0x3, 0x3a) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4090}, 0x20008000) setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc) ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000000040)={r4}) 5.223181611s ago: executing program 4 (id=2963): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x659f, 0x4) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) (fail_nth: 3) 4.731771682s ago: executing program 4 (id=2964): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x60000, 0xf000, 0x0, 0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1, 0xddccb000, 0xd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xdddd8000, 0x18, 0xe, 0x0, 0x4, 0x7f, 0x0, 0x80, 0xe, 0x2a, 0x6}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0xd, 0x0, 0x70, 0x80, 0x0, 0x0, 0xfd, 0x1c, 0x7, 0xa8}, {0x100026fff, 0x3000, 0xd, 0x4, 0x0, 0x8, 0x0, 0x0, 0x6, 0xfc, 0x86, 0x1}, {0x60000, 0x3000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x80, 0x0, 0x4}, {0xd000, 0x41000, 0x3, 0x82, 0xfe, 0x10, 0x4, 0xe}, {0x0, 0xfffe}, {0x1, 0xfffe}, 0x50011, 0x0, 0x0, 0x1, 0x1000000000000001, 0x0, 0x900, [0x0, 0x800000000, 0x2, 0x5]}) syz_usb_connect(0x2, 0x52, &(0x7f0000000140)=ANY=[@ANYBLOB="120100036ffa680863070120ff2c0102030109024000021109400c0904080601ff8bbd020a240107000d02010205240503"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x659f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000003a2a62c37b00000008001f"], 0x2c}], 0x1}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d3, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) r3 = socket$l2tp(0x2, 0x2, 0x73) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r6 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x100, 0x2, 0x1e5}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_ublk_add_dev(r6, r7, r8, r9, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x3, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, 0x0) listen(r4, 0x8) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r11 = accept$alg(r10, 0x0, 0x0) sendmsg$alg(r11, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r11, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) r12 = accept4(r4, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r12, 0x89f5, &(0x7f0000000140)={'sit0\x00', 0x0}) recvfrom$l2tp(r3, &(0x7f0000000000)=""/21, 0x15, 0x10, 0x0, 0x0) 3.899552647s ago: executing program 3 (id=2967): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x80043, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) ioctl$TCFLSH(r0, 0x540b, 0x8000000000000001) 3.608686167s ago: executing program 2 (id=2968): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x80043, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x34, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x14, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x34}, 0x1, 0x0, 0x0, 0x8009}, 0x4) flistxattr(r0, &(0x7f0000000040)=""/94, 0x5e) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) ioctl$TCFLSH(r0, 0x540b, 0x8000000000000001) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f00000000c0)) 3.57019811s ago: executing program 3 (id=2969): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) poll(&(0x7f0000000340)=[{0xffffffffffffffff, 0x30}], 0x1, 0x9) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x600, 0x1000000}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) read$ublk_bdev(r4, &(0x7f0000000240)=""/37, 0x25) 3.383834336s ago: executing program 2 (id=2970): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x82, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYBLOB='\a'], 0x0) 1.978557215s ago: executing program 3 (id=2971): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x82, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYBLOB='\a'], 0x0) 1.771191321s ago: executing program 2 (id=2972): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2204cc81}, 0x4810) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r4, &(0x7f00000002c0)={0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="c60009"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000001640)={0x24, 0x0, 0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB="002290"], 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x8000) syz_usb_disconnect(r4) r5 = socket$inet6_sctp(0xa, 0x0, 0x84) r6 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r6, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="01040200e0"], 0xa) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f00000002c0)={r8, 0x5}, 0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, &(0x7f00000003c0)={r8, @in={{0x2, 0x4e21, @rand_addr=0x64010101}}}, &(0x7f0000000480)=0x84) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009002420"], 0x0) r9 = dup(r0) r10 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r10, 0x5411, &(0x7f0000000240)) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r9) r11 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5403340861a22753635010203010902120001000000000904"], 0x0) syz_usb_control_io$sierra_net(r11, 0x0, &(0x7f00000011c0)={0x1c, &(0x7f0000000c80)=ANY=[@ANYBLOB="5b00000000609a00"], 0x0, 0x0}) fchownat(0xffffffffffffff9c, 0x0, 0xee01, 0xee00, 0x1000) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64=r10, @ANYBLOB="4b45dac30a90b18cc84c38b38d", @ANYRES8=r11, @ANYRESOCT=r11, @ANYRESHEX=r0, @ANYRES32=r10, @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x4040889}, 0x4000840) 1.349060506s ago: executing program 4 (id=2973): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000005c0)=ANY=[@ANYRESHEX=0x0], 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x62003, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) ioctl$TCSETS(r1, 0x404c4701, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000340)=0xb3) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ppoll(&(0x7f0000000e80)=[{r2}], 0x1, &(0x7f0000000ec0)={0x77359400}, 0x0, 0x0) syz_usb_control_io$uac3(r0, &(0x7f0000000540)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000304"]}, 0x0) 947.357215ms ago: executing program 0 (id=2974): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000040)={0x1, 0x396b}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) shutdown(r2, 0x2) sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000ac0)="fc4cf6210a5e", 0x6}], 0x1}}], 0x1, 0x4c040) 663.226313ms ago: executing program 0 (id=2975): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x24008818, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x0) shutdown(r0, 0x1) 449.599874ms ago: executing program 0 (id=2976): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f00000007c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}], 0x1, 0x40800) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYBLOB='\a'], 0x0) bind$x25(r2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000fee000)=0x3fa, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x40400, 0x0) socket(0x10, 0x3, 0x0) ioctl$COMEDI_INSN(r3, 0x8028640c, &(0x7f0000022a00)={0x4000000, 0x92, 0x0, 0x0, 0x2}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) 440.308089ms ago: executing program 3 (id=2977): socket$nl_generic(0x10, 0x3, 0x10) accept(0xffffffffffffffff, &(0x7f0000000040)=@caif=@dbg, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x40850) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x4c, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x7}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}]}, 0x4c}}, 0x48040) 156.110151ms ago: executing program 3 (id=2978): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_stats={0x19, 0x7, [0x10, 0xd, 0x9c11, 0x100, 0x73c, 0x2, 0x0]}}) 0s ago: executing program 3 (id=2979): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) poll(&(0x7f0000000340)=[{0xffffffffffffffff, 0x30}], 0x1, 0x9) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x600, 0x1000000}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) read$ublk_bdev(r4, &(0x7f0000000240)=""/37, 0x25) kernel console output (not intermixed with test programs): SYSCALL_64_after_hwframe+0x77/0x7f [ 460.810148][T13199] RIP: 0033:0x7f121740d68e [ 460.810166][T13199] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 460.810182][T13199] RSP: 002b:00007f121569dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 460.810203][T13199] RAX: ffffffffffffffda RBX: 00007f121569e6c0 RCX: 00007f121740d68e [ 460.810218][T13199] RDX: 000000000000000f RSI: 00007f121569e0a0 RDI: 0000000000000005 [ 460.810231][T13199] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 460.810244][T13199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.810256][T13199] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 460.810287][T13199] [ 460.941148][ T7117] Bluetooth: (null): Invalid header checksum [ 460.959585][ T6829] usb 1-1: config 0 interface 0 altsetting 187 has 1 endpoint descriptor, different from the interface descriptor's value: 20 [ 460.959620][ T6829] usb 1-1: config 0 interface 0 has no altsetting 0 [ 460.959655][ T6829] usb 1-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 460.959685][ T6829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.985693][ T6829] usb 1-1: config 0 descriptor?? [ 461.051255][ T69] Bluetooth: (null): Invalid header checksum [ 461.140320][ T69] Bluetooth: (null): Invalid header checksum [ 461.242323][ T7137] Bluetooth: (null): Invalid header checksum [ 461.370904][ T4923] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 461.411114][ T4923] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 461.426692][ T4923] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 461.428366][ T7117] Bluetooth: (null): Invalid header checksum [ 461.429448][ T4923] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 461.430359][ T4923] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 461.468413][ T69] Bluetooth: (null): Invalid header checksum [ 461.611544][ T4572] Bluetooth: (null): Invalid header checksum [ 461.729471][T13215] Invalid source name [ 461.729488][T13215] UBIFS error (pid: 13215): cannot open "/dev/sg0", error -22 [ 462.635736][T13240] FAULT_INJECTION: forcing a failure. [ 462.635736][T13240] name failslab, interval 1, probability 0, space 0, times 0 [ 462.635790][T13240] CPU: 1 UID: 0 PID: 13240 Comm: syz.3.2744 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 462.635811][T13240] Tainted: [L]=SOFTLOCKUP [ 462.635816][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 462.635826][T13240] Call Trace: [ 462.635832][T13240] [ 462.635838][T13240] dump_stack_lvl+0xe8/0x150 [ 462.635861][T13240] should_fail_ex+0x467/0x600 [ 462.635907][T13240] should_failslab+0xa8/0x100 [ 462.635928][T13240] __kmalloc_noprof+0xfb/0x790 [ 462.635945][T13240] ? tomoyo_realpath_from_path+0xef/0x640 [ 462.635968][T13240] ? tomoyo_realpath_from_path+0xef/0x640 [ 462.635994][T13240] tomoyo_realpath_from_path+0xef/0x640 [ 462.636024][T13240] ? tomoyo_path_number_perm+0x219/0x5f0 [ 462.636043][T13240] tomoyo_path_number_perm+0x246/0x5f0 [ 462.636073][T13240] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 462.636091][T13240] ? __lock_acquire+0x683/0x2ce0 [ 462.636123][T13240] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 462.636142][T13240] ? hook_file_ioctl+0x1f3/0x600 [ 462.636164][T13240] ? lockdep_hardirqs_on+0x7a/0x110 [ 462.636199][T13240] ? __fget_files+0x2a/0x420 [ 462.636219][T13240] ? __fget_files+0x2a/0x420 [ 462.636236][T13240] ? __fget_files+0x3a8/0x420 [ 462.636251][T13240] ? __fget_files+0x2a/0x420 [ 462.636269][T13240] security_file_ioctl+0xc3/0x2a0 [ 462.636288][T13240] __se_sys_ioctl+0x47/0x170 [ 462.636309][T13240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.636327][T13240] do_syscall_64+0x174/0x580 [ 462.636346][T13240] ? trace_irq_disable+0x3b/0x140 [ 462.636365][T13240] ? clear_bhb_loop+0x40/0x90 [ 462.636383][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.636398][T13240] RIP: 0033:0x7f121744ce59 [ 462.636413][T13240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.636426][T13240] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 462.636443][T13240] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 462.636454][T13240] RDX: 0000200000000240 RSI: 0000000040045108 RDI: 0000000000000003 [ 462.636464][T13240] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 462.636474][T13240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 462.636483][T13240] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 462.636508][T13240] [ 462.636515][T13240] ERROR: Out of memory at tomoyo_realpath_from_path. [ 462.822800][ T5617] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 462.992265][ T5617] usb 5-1: Using ep0 maxpacket: 16 [ 462.998922][ T5617] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 462.998947][ T5617] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 463.016379][ T5617] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 463.016408][ T5617] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.016428][ T5617] usb 5-1: Product: syz [ 463.016442][ T5617] usb 5-1: Manufacturer: syz [ 463.016456][ T5617] usb 5-1: SerialNumber: syz [ 463.078138][ T5617] usb 5-1: 0:2 : does not exist [ 463.103393][T13244] Invalid source name [ 463.103404][T13244] UBIFS error (pid: 13244): cannot open "/dev/sg0", error -22 [ 463.268203][T13246] FAULT_INJECTION: forcing a failure. [ 463.268203][T13246] name failslab, interval 1, probability 0, space 0, times 0 [ 463.268228][T13246] CPU: 0 UID: 0 PID: 13246 Comm: syz.3.2747 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 463.268244][T13246] Tainted: [L]=SOFTLOCKUP [ 463.268248][T13246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 463.268255][T13246] Call Trace: [ 463.268259][T13246] [ 463.268265][T13246] dump_stack_lvl+0xe8/0x150 [ 463.268282][T13246] should_fail_ex+0x467/0x600 [ 463.268310][T13246] should_failslab+0xa8/0x100 [ 463.268334][T13246] ? sctp_get_port_local+0x749/0x17a0 [ 463.268362][T13246] kmem_cache_alloc_noprof+0x9e/0x680 [ 463.268383][T13246] ? sctp_get_port_local+0x749/0x17a0 [ 463.268419][T13246] sctp_get_port_local+0x749/0x17a0 [ 463.268440][T13246] ? __pfx_sctp_get_port_local+0x10/0x10 [ 463.268456][T13246] ? sctp_bind_addr_match+0x28b/0x2b0 [ 463.268470][T13246] sctp_do_bind+0x4d9/0x9a0 [ 463.268489][T13246] sctp_bindx_add+0xa9/0x210 [ 463.268508][T13246] sctp_setsockopt_bindx+0x1c2/0x2b0 [ 463.268525][T13246] sctp_setsockopt+0x83b/0x12c0 [ 463.268537][T13246] ? sock_common_setsockopt+0x36/0xc0 [ 463.268549][T13246] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 463.268561][T13246] do_sock_setsockopt+0x17c/0x1b0 [ 463.268578][T13246] __x64_sys_setsockopt+0x143/0x1b0 [ 463.268592][T13246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.268604][T13246] do_syscall_64+0x174/0x580 [ 463.268619][T13246] ? clear_bhb_loop+0x40/0x90 [ 463.268632][T13246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.268643][T13246] RIP: 0033:0x7f121744ce59 [ 463.268654][T13246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 463.268663][T13246] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 463.268675][T13246] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 463.268683][T13246] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000003 [ 463.268689][T13246] RBP: 00007f121569e090 R08: 000000000000002c R09: 0000000000000000 [ 463.268696][T13246] R10: 00002000000011c0 R11: 0000000000000246 R12: 0000000000000001 [ 463.268702][T13246] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 463.268719][T13246] [ 463.547379][T13249] FAULT_INJECTION: forcing a failure. [ 463.547379][T13249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 463.547417][T13249] CPU: 1 UID: 0 PID: 13249 Comm: syz.3.2748 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 463.547444][T13249] Tainted: [L]=SOFTLOCKUP [ 463.547451][T13249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 463.547462][T13249] Call Trace: [ 463.547479][T13249] [ 463.547487][T13249] dump_stack_lvl+0xe8/0x150 [ 463.547514][T13249] should_fail_ex+0x467/0x600 [ 463.547548][T13249] _copy_to_user+0x31/0xb0 [ 463.547575][T13249] sctp_getsockopt_encap_port+0x262/0x450 [ 463.547604][T13249] ? __pfx_sctp_getsockopt_encap_port+0x10/0x10 [ 463.547647][T13249] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 463.547677][T13249] ? lockdep_hardirqs_on+0x7a/0x110 [ 463.547708][T13249] sctp_getsockopt+0xa15/0xb90 [ 463.547733][T13249] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 463.547756][T13249] do_sock_getsockopt+0x51d/0x7e0 [ 463.547788][T13249] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 463.547830][T13249] ? __fget_files+0x3a8/0x420 [ 463.547851][T13249] ? __fget_files+0x2a/0x420 [ 463.547880][T13249] __x64_sys_getsockopt+0x1aa/0x250 [ 463.547921][T13249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.547950][T13249] do_syscall_64+0x174/0x580 [ 463.547973][T13249] ? trace_irq_disable+0x3b/0x140 [ 463.547999][T13249] ? clear_bhb_loop+0x40/0x90 [ 463.548031][T13249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.548063][T13249] RIP: 0033:0x7f121744ce59 [ 463.548106][T13249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 463.548129][T13249] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 463.548161][T13249] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 463.548176][T13249] RDX: 0000000000000084 RSI: 0000000000000084 RDI: 0000000000000003 [ 463.548207][T13249] RBP: 00007f121569e090 R08: 0000200000000500 R09: 0000000000000000 [ 463.548221][T13249] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 463.548234][T13249] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 463.548267][T13249] [ 463.617783][ T9] usb 1-1: USB disconnect, device number 98 [ 463.694322][ T5620] Bluetooth: hci2: command tx timeout [ 464.259180][ T9] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 464.411418][ T5617] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 464.473210][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 464.473234][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.473244][ T9] usb 1-1: Product: syz [ 464.473253][ T9] usb 1-1: Manufacturer: syz [ 464.473260][ T9] usb 1-1: SerialNumber: syz [ 464.604394][ T5617] usb 5-1: USB disconnect, device number 82 [ 464.804721][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 464.924628][ T9] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 464.924662][ T9] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 464.925170][ T9] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 464.968381][ T9] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -32 [ 465.029366][T13260] FAULT_INJECTION: forcing a failure. [ 465.029366][T13260] name failslab, interval 1, probability 0, space 0, times 0 [ 465.029403][T13260] CPU: 1 UID: 0 PID: 13260 Comm: syz.3.2752 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 465.029430][T13260] Tainted: [L]=SOFTLOCKUP [ 465.029463][T13260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 465.029476][T13260] Call Trace: [ 465.029485][T13260] [ 465.029494][T13260] dump_stack_lvl+0xe8/0x150 [ 465.029536][T13260] should_fail_ex+0x467/0x600 [ 465.029570][T13260] should_failslab+0xa8/0x100 [ 465.029596][T13260] __kmalloc_noprof+0xfb/0x790 [ 465.029618][T13260] ? tomoyo_realpath_from_path+0xef/0x640 [ 465.029647][T13260] ? tomoyo_realpath_from_path+0xef/0x640 [ 465.029683][T13260] tomoyo_realpath_from_path+0xef/0x640 [ 465.029722][T13260] ? tomoyo_path_number_perm+0x219/0x5f0 [ 465.029747][T13260] tomoyo_path_number_perm+0x246/0x5f0 [ 465.029776][T13260] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 465.029801][T13260] ? __lock_acquire+0x683/0x2ce0 [ 465.029841][T13260] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 465.029866][T13260] ? hook_file_ioctl+0x1f3/0x600 [ 465.029890][T13260] ? lockdep_hardirqs_on+0x7a/0x110 [ 465.029934][T13260] ? __fget_files+0x2a/0x420 [ 465.029963][T13260] ? __fget_files+0x2a/0x420 [ 465.029983][T13260] ? __fget_files+0x3a8/0x420 [ 465.030003][T13260] ? __fget_files+0x2a/0x420 [ 465.030034][T13260] security_file_ioctl+0xc3/0x2a0 [ 465.030060][T13260] __se_sys_ioctl+0x47/0x170 [ 465.030088][T13260] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.030111][T13260] do_syscall_64+0x174/0x580 [ 465.030135][T13260] ? trace_irq_disable+0x3b/0x140 [ 465.030161][T13260] ? clear_bhb_loop+0x40/0x90 [ 465.030185][T13260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.030205][T13260] RIP: 0033:0x7f121744ce59 [ 465.030224][T13260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.030241][T13260] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 465.030262][T13260] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 465.030278][T13260] RDX: 0000200000000000 RSI: 0000000000001277 RDI: 0000000000000003 [ 465.030292][T13260] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 465.030311][T13260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.030324][T13260] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 465.030357][T13260] [ 465.030387][T13260] ERROR: Out of memory at tomoyo_realpath_from_path. [ 465.469256][ T5719] usb 1-1: USB disconnect, device number 99 [ 465.569820][T13268] Invalid source name [ 465.569838][T13268] UBIFS error (pid: 13268): cannot open "/dev/sg0", error -22 [ 465.599644][ T7137] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.772787][ T5620] Bluetooth: hci2: command tx timeout [ 466.175577][ T9] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 466.207259][ T7137] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.314254][ T9] usb 4-1: device descriptor read/64, error -71 [ 466.551855][ T9] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 466.656125][T13293] FAULT_INJECTION: forcing a failure. [ 466.656125][T13293] name failslab, interval 1, probability 0, space 0, times 0 [ 466.656148][T13293] CPU: 1 UID: 0 PID: 13293 Comm: syz.4.2765 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 466.656164][T13293] Tainted: [L]=SOFTLOCKUP [ 466.656168][T13293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 466.656175][T13293] Call Trace: [ 466.656180][T13293] [ 466.656185][T13293] dump_stack_lvl+0xe8/0x150 [ 466.656202][T13293] should_fail_ex+0x467/0x600 [ 466.656229][T13293] should_failslab+0xa8/0x100 [ 466.656244][T13293] __kmalloc_noprof+0xfb/0x790 [ 466.656256][T13293] ? tomoyo_realpath_from_path+0xef/0x640 [ 466.656273][T13293] ? tomoyo_realpath_from_path+0xef/0x640 [ 466.656292][T13293] tomoyo_realpath_from_path+0xef/0x640 [ 466.656312][T13293] ? tomoyo_path_number_perm+0x219/0x5f0 [ 466.656328][T13293] tomoyo_path_number_perm+0x246/0x5f0 [ 466.656343][T13293] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 466.656355][T13293] ? __lock_acquire+0x683/0x2ce0 [ 466.656377][T13293] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 466.656390][T13293] ? hook_file_ioctl+0x1f3/0x600 [ 466.656404][T13293] ? lockdep_hardirqs_on+0x7a/0x110 [ 466.656426][T13293] ? __fget_files+0x2a/0x420 [ 466.656440][T13293] ? __fget_files+0x2a/0x420 [ 466.656450][T13293] ? __fget_files+0x3a8/0x420 [ 466.656460][T13293] ? __fget_files+0x2a/0x420 [ 466.656473][T13293] security_file_ioctl+0xc3/0x2a0 [ 466.656490][T13293] __se_sys_ioctl+0x47/0x170 [ 466.656505][T13293] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.656517][T13293] do_syscall_64+0x174/0x580 [ 466.656530][T13293] ? trace_irq_disable+0x3b/0x140 [ 466.656545][T13293] ? clear_bhb_loop+0x40/0x90 [ 466.656557][T13293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.656568][T13293] RIP: 0033:0x7fd7e183ce59 [ 466.656578][T13293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 466.656588][T13293] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.656600][T13293] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 466.656608][T13293] RDX: 0000200000000080 RSI: 00000000c0085504 RDI: 0000000000000003 [ 466.656615][T13293] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 466.656621][T13293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 466.656628][T13293] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 466.656643][T13293] [ 466.656712][T13293] ERROR: Out of memory at tomoyo_realpath_from_path. [ 466.683036][ T9] usb 4-1: device descriptor read/64, error -71 [ 466.724518][ T7137] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.805635][ T9] usb usb4-port1: attempt power cycle [ 467.101246][ T7137] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.116688][T13299] Invalid source name [ 467.116700][T13299] UBIFS error (pid: 13299): cannot open "/dev/sg0", error -22 [ 467.190635][T13209] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.191035][T13209] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.191304][T13209] bridge_slave_0: entered allmulticast mode [ 467.193371][ T9] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 467.213360][ T9] usb 4-1: device descriptor read/8, error -71 [ 467.238375][T13209] bridge_slave_0: entered promiscuous mode [ 467.248393][T13209] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.248789][T13209] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.249087][T13209] bridge_slave_1: entered allmulticast mode [ 467.273525][T13209] bridge_slave_1: entered promiscuous mode [ 467.346283][T13209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.351400][T13209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.431959][T13209] team0: Port device team_slave_0 added [ 467.436539][T13209] team0: Port device team_slave_1 added [ 467.443780][T13304] FAULT_INJECTION: forcing a failure. [ 467.443780][T13304] name failslab, interval 1, probability 0, space 0, times 0 [ 467.443815][T13304] CPU: 0 UID: 0 PID: 13304 Comm: syz.4.2768 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 467.443842][T13304] Tainted: [L]=SOFTLOCKUP [ 467.443850][T13304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 467.443862][T13304] Call Trace: [ 467.443870][T13304] [ 467.443879][T13304] dump_stack_lvl+0xe8/0x150 [ 467.443906][T13304] should_fail_ex+0x467/0x600 [ 467.443940][T13304] should_failslab+0xa8/0x100 [ 467.443965][T13304] kmem_cache_alloc_node_noprof+0xac/0x660 [ 467.443987][T13304] ? __alloc_skb+0x1d7/0x7a0 [ 467.444008][T13304] ? __alloc_skb+0x1d7/0x7a0 [ 467.444035][T13304] __alloc_skb+0x1d7/0x7a0 [ 467.444061][T13304] tipc_msg_build+0x15f/0xf50 [ 467.444095][T13304] ? __pfx_tipc_msg_build+0x10/0x10 [ 467.444115][T13304] ? tipc_nametbl_lookup_mcast_nodes+0x2e/0xa00 [ 467.444148][T13304] ? tipc_nametbl_lookup_mcast_nodes+0x4c3/0xa00 [ 467.444176][T13304] ? tipc_nametbl_lookup_mcast_nodes+0x2e/0xa00 [ 467.444212][T13304] __tipc_sendmsg+0x1b6c/0x2ba0 [ 467.444245][T13304] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 467.444269][T13304] ? rt_mutex_slowunlock+0x4ee/0xa20 [ 467.444299][T13304] ? __pfx___tipc_sendmsg+0x10/0x10 [ 467.444334][T13304] ? __lock_acquire+0x683/0x2ce0 [ 467.444362][T13304] ? register_lock_class+0x31/0x2e0 [ 467.444393][T13304] ? __pfx_woken_wake_function+0x10/0x10 [ 467.444421][T13304] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 467.444450][T13304] ? do_raw_spin_lock+0x12b/0x2f0 [ 467.444476][T13304] ? __lock_acquire+0x683/0x2ce0 [ 467.444505][T13304] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 467.444529][T13304] ? lockdep_hardirqs_on+0x7a/0x110 [ 467.444573][T13304] ? __local_bh_enable+0x1e1/0x2f0 [ 467.444616][T13304] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 467.444644][T13304] ? lockdep_hardirqs_on+0x7a/0x110 [ 467.444672][T13304] tipc_sendmsg+0x55/0x70 [ 467.444695][T13304] ? __pfx_tipc_sendmsg+0x10/0x10 [ 467.444716][T13304] sock_sendmsg_nosec+0x13a/0x180 [ 467.444738][T13304] ____sys_sendmsg+0x565/0x870 [ 467.444771][T13304] ? __pfx_____sys_sendmsg+0x10/0x10 [ 467.444806][T13304] ? import_iovec+0x73/0xa0 [ 467.444832][T13304] ___sys_sendmsg+0x2a5/0x360 [ 467.444856][T13304] ? __lock_acquire+0x683/0x2ce0 [ 467.444884][T13304] ? __pfx____sys_sendmsg+0x10/0x10 [ 467.444943][T13304] ? __fget_files+0x2a/0x420 [ 467.444962][T13304] ? __fget_files+0x3a8/0x420 [ 467.444993][T13304] __x64_sys_sendmsg+0x1b7/0x290 [ 467.445021][T13304] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 467.445063][T13304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.445085][T13304] do_syscall_64+0x174/0x580 [ 467.445108][T13304] ? trace_irq_disable+0x3b/0x140 [ 467.445133][T13304] ? clear_bhb_loop+0x40/0x90 [ 467.445157][T13304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.445176][T13304] RIP: 0033:0x7fd7e183ce59 [ 467.445194][T13304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.445211][T13304] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 467.445233][T13304] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 467.445247][T13304] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005 [ 467.445260][T13304] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 467.445271][T13304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.445283][T13304] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 467.445314][T13304] [ 467.472344][ T9] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 467.499514][ T9] usb 4-1: device descriptor read/8, error -71 [ 467.602277][ T9] usb usb4-port1: unable to enumerate USB device [ 467.691345][T13209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 467.691364][T13209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 467.691389][T13209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 467.703470][T13309] FAULT_INJECTION: forcing a failure. [ 467.703470][T13309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 467.703492][T13309] CPU: 0 UID: 0 PID: 13309 Comm: syz.0.2769 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 467.703507][T13309] Tainted: [L]=SOFTLOCKUP [ 467.703511][T13309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 467.703522][T13309] Call Trace: [ 467.703529][T13309] [ 467.703536][T13309] dump_stack_lvl+0xe8/0x150 [ 467.703564][T13309] should_fail_ex+0x467/0x600 [ 467.703598][T13309] _copy_from_user+0x2d/0xb0 [ 467.703624][T13309] sock_do_ioctl+0x195/0x320 [ 467.703646][T13309] ? __pfx_sock_do_ioctl+0x10/0x10 [ 467.703662][T13309] ? hook_file_ioctl+0x1f3/0x600 [ 467.703702][T13309] sock_ioctl+0x57d/0x7f0 [ 467.703734][T13309] ? __pfx_sock_ioctl+0x10/0x10 [ 467.703763][T13309] ? __fget_files+0x2a/0x420 [ 467.703784][T13309] ? __fget_files+0x3a8/0x420 [ 467.703803][T13309] ? __fget_files+0x2a/0x420 [ 467.703827][T13309] ? bpf_lsm_file_ioctl+0x9/0x20 [ 467.703851][T13309] ? __pfx_sock_ioctl+0x10/0x10 [ 467.703878][T13309] __se_sys_ioctl+0xff/0x170 [ 467.703905][T13309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.703926][T13309] do_syscall_64+0x174/0x580 [ 467.703951][T13309] ? trace_irq_disable+0x3b/0x140 [ 467.703976][T13309] ? clear_bhb_loop+0x40/0x90 [ 467.703999][T13309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.704022][T13309] RIP: 0033:0x7f84fb75ce59 [ 467.704053][T13309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.704069][T13309] RSP: 002b:00007f84f99ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 467.704090][T13309] RAX: ffffffffffffffda RBX: 00007f84fb9d5fa0 RCX: 00007f84fb75ce59 [ 467.704104][T13309] RDX: 0000200000000540 RSI: 0000000000008946 RDI: 0000000000000003 [ 467.704118][T13309] RBP: 00007f84f99ae090 R08: 0000000000000000 R09: 0000000000000000 [ 467.704131][T13309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.704143][T13309] R13: 00007f84fb9d6038 R14: 00007f84fb9d5fa0 R15: 00007ffef36fd6f8 [ 467.704173][T13309] [ 467.733823][T13209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 467.733839][T13209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 467.733866][T13209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 467.852941][ T5620] Bluetooth: hci2: command tx timeout [ 467.951998][ T9] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 468.114108][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 468.117551][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 468.117576][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 468.132243][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 468.132273][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.132292][ T9] usb 5-1: Product: syz [ 468.132306][ T9] usb 5-1: Manufacturer: syz [ 468.132321][ T9] usb 5-1: SerialNumber: syz [ 468.167951][ T9] usb 5-1: 0:2 : does not exist [ 468.328483][T13209] hsr_slave_0: entered promiscuous mode [ 468.330656][T13209] hsr_slave_1: entered promiscuous mode [ 468.345014][T13209] debugfs: 'hsr0' already exists in 'hsr' [ 468.345049][T13209] Cannot create hsr debugfs directory [ 468.713561][T13318] Invalid source name [ 468.713579][T13318] UBIFS error (pid: 13318): cannot open "/dev/sg0", error -22 [ 468.995847][ T5620] Bluetooth: hci4: Malformed HCI Event: 0x22 [ 469.034931][T13322] befs: (loop3): No write support. Marking filesystem read-only [ 469.040473][T13322] befs: (loop3): unable to read superblock [ 469.077905][T13322] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2776'. [ 469.342758][ T5720] usb 4-1: new full-speed USB device number 73 using dummy_hcd [ 469.394715][ T9] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 469.502624][ T9] usb 5-1: USB disconnect, device number 83 [ 469.536100][ T5720] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 469.536130][ T5720] usb 4-1: config 0 has no interface number 0 [ 469.575826][ T5720] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 469.575854][ T5720] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.575873][ T5720] usb 4-1: Product: syz [ 469.575887][ T5720] usb 4-1: Manufacturer: syz [ 469.575900][ T5720] usb 4-1: SerialNumber: syz [ 469.663950][ T5720] usb 4-1: config 0 descriptor?? [ 469.886257][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 469.944454][ T5620] Bluetooth: hci2: command tx timeout [ 469.968698][ T7137] bridge_slave_1: left allmulticast mode [ 469.968733][ T7137] bridge_slave_1: left promiscuous mode [ 469.968984][ T7137] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.078850][T13337] Invalid source name [ 470.078867][T13337] UBIFS error (pid: 13337): cannot open "/dev/sg0", error -22 [ 470.193476][ T7137] bridge_slave_0: left allmulticast mode [ 470.200234][ T7137] bridge_slave_0: left promiscuous mode [ 470.200507][ T7137] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.274297][ T5720] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 470.274317][ T5720] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -61 [ 470.274492][ T5720] asix 4-1:0.251: probe with driver asix failed with error -61 [ 470.400923][T13341] FAULT_INJECTION: forcing a failure. [ 470.400923][T13341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.400968][T13341] CPU: 0 UID: 0 PID: 13341 Comm: syz.4.2783 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 470.400995][T13341] Tainted: [L]=SOFTLOCKUP [ 470.401002][T13341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 470.401013][T13341] Call Trace: [ 470.401022][T13341] [ 470.401030][T13341] dump_stack_lvl+0xe8/0x150 [ 470.401057][T13341] should_fail_ex+0x467/0x600 [ 470.401091][T13341] _copy_to_user+0x31/0xb0 [ 470.401116][T13341] simple_read_from_buffer+0xe1/0x170 [ 470.401144][T13341] proc_fail_nth_read+0x1be/0x230 [ 470.401169][T13341] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 470.401193][T13341] ? rw_verify_area+0x250/0x4d0 [ 470.401219][T13341] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 470.401240][T13341] vfs_read+0x219/0xa90 [ 470.401271][T13341] ? __pfx_vfs_read+0x10/0x10 [ 470.401297][T13341] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 470.401322][T13341] ? lockdep_hardirqs_on+0x7a/0x110 [ 470.401346][T13341] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 470.401370][T13341] ? mutex_lock_nested+0x152/0x1d0 [ 470.401399][T13341] ? fdget_pos+0x252/0x320 [ 470.401428][T13341] ksys_read+0x156/0x270 [ 470.401452][T13341] ? __pfx_ksys_read+0x10/0x10 [ 470.401484][T13341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.401506][T13341] do_syscall_64+0x174/0x580 [ 470.401529][T13341] ? trace_irq_disable+0x3b/0x140 [ 470.401555][T13341] ? clear_bhb_loop+0x40/0x90 [ 470.401579][T13341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.401599][T13341] RIP: 0033:0x7fd7e17fd68e [ 470.401617][T13341] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 470.401634][T13341] RSP: 002b:00007fd7dfa95fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 470.401659][T13341] RAX: ffffffffffffffda RBX: 00007fd7dfa966c0 RCX: 00007fd7e17fd68e [ 470.401671][T13341] RDX: 000000000000000f RSI: 00007fd7dfa960a0 RDI: 0000000000000003 [ 470.401683][T13341] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 470.401695][T13341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 470.401706][T13341] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 470.401735][T13341] [ 470.487877][ T5617] usb 4-1: USB disconnect, device number 73 [ 471.131943][ T38] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 471.263560][T13358] FAULT_INJECTION: forcing a failure. [ 471.263560][T13358] name failslab, interval 1, probability 0, space 0, times 0 [ 471.263595][T13358] CPU: 1 UID: 0 PID: 13358 Comm: syz.3.2786 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 471.263622][T13358] Tainted: [L]=SOFTLOCKUP [ 471.263630][T13358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 471.263642][T13358] Call Trace: [ 471.263650][T13358] [ 471.263659][T13358] dump_stack_lvl+0xe8/0x150 [ 471.263685][T13358] should_fail_ex+0x467/0x600 [ 471.263721][T13358] should_failslab+0xa8/0x100 [ 471.263746][T13358] kmem_cache_alloc_node_noprof+0xac/0x660 [ 471.263773][T13358] ? __alloc_skb+0x1d7/0x7a0 [ 471.263795][T13358] ? __alloc_skb+0x1d7/0x7a0 [ 471.263823][T13358] __alloc_skb+0x1d7/0x7a0 [ 471.263849][T13358] alloc_skb_with_frags+0xc6/0x760 [ 471.263875][T13358] ? rt_spin_unlock+0x163/0x200 [ 471.263898][T13358] ? save_netdev_trace_buffer+0x4ae/0x5e0 [ 471.263931][T13358] sock_alloc_send_pskb+0x884/0x9a0 [ 471.263965][T13358] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 471.264004][T13358] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 471.264037][T13358] ? dev_get_by_index+0x22/0x2e0 [ 471.264065][T13358] ? dev_get_by_index+0x22/0x2e0 [ 471.264098][T13358] packet_sendmsg+0x3265/0x5060 [ 471.264117][T13358] ? aa_label_sk_perm+0x532/0x6e0 [ 471.264153][T13358] ? try_to_take_rt_mutex+0x842/0xb00 [ 471.264173][T13358] ? up_write+0x5a/0x190 [ 471.264201][T13358] ? __lock_acquire+0x683/0x2ce0 [ 471.264228][T13358] ? __lock_acquire+0x683/0x2ce0 [ 471.264263][T13358] ? __pfx_packet_sendmsg+0x10/0x10 [ 471.264291][T13358] ? __lock_acquire+0x683/0x2ce0 [ 471.264323][T13358] ? __pfx_aa_sk_perm+0x10/0x10 [ 471.264350][T13358] ? aa_sock_msg_perm+0x122/0x200 [ 471.264382][T13358] ? __pfx_packet_sendmsg+0x10/0x10 [ 471.264399][T13358] sock_sendmsg_nosec+0x13a/0x180 [ 471.264421][T13358] ____sys_sendmsg+0x565/0x870 [ 471.264454][T13358] ? __pfx_____sys_sendmsg+0x10/0x10 [ 471.264488][T13358] ? import_iovec+0x73/0xa0 [ 471.264514][T13358] ___sys_sendmsg+0x2a5/0x360 [ 471.264538][T13358] ? __lock_acquire+0x683/0x2ce0 [ 471.264567][T13358] ? __pfx____sys_sendmsg+0x10/0x10 [ 471.264597][T13358] ? kstrtouint+0x6e/0xe0 [ 471.264649][T13358] ? __fget_files+0x2a/0x420 [ 471.264670][T13358] ? __fget_files+0x3a8/0x420 [ 471.264700][T13358] __sys_sendmmsg+0x279/0x4d0 [ 471.264731][T13358] ? __pfx___sys_sendmmsg+0x10/0x10 [ 471.264766][T13358] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 471.264797][T13358] ? ksys_write+0x248/0x270 [ 471.264823][T13358] ? __pfx_ksys_write+0x10/0x10 [ 471.264854][T13358] __x64_sys_sendmmsg+0xa0/0xc0 [ 471.264880][T13358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.264901][T13358] do_syscall_64+0x174/0x580 [ 471.264924][T13358] ? trace_irq_disable+0x3b/0x140 [ 471.264949][T13358] ? clear_bhb_loop+0x40/0x90 [ 471.264973][T13358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.264991][T13358] RIP: 0033:0x7f121744ce59 [ 471.265010][T13358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.265026][T13358] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 471.265048][T13358] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 471.265063][T13358] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000005 [ 471.265076][T13358] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 471.265088][T13358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.265100][T13358] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 471.265131][T13358] [ 471.385823][ T38] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 471.385852][ T38] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 471.544720][ T38] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 471.544738][ T38] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.544748][ T38] usb 5-1: Product: syz [ 471.544756][ T38] usb 5-1: Manufacturer: syz [ 471.544764][ T38] usb 5-1: SerialNumber: syz [ 471.616241][T13362] FAULT_INJECTION: forcing a failure. [ 471.616241][T13362] name failslab, interval 1, probability 0, space 0, times 0 [ 471.616276][T13362] CPU: 0 UID: 0 PID: 13362 Comm: syz.3.2788 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 471.616304][T13362] Tainted: [L]=SOFTLOCKUP [ 471.616312][T13362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 471.616324][T13362] Call Trace: [ 471.616332][T13362] [ 471.616340][T13362] dump_stack_lvl+0xe8/0x150 [ 471.616367][T13362] should_fail_ex+0x467/0x600 [ 471.616402][T13362] should_failslab+0xa8/0x100 [ 471.616427][T13362] __kmalloc_noprof+0xfb/0x790 [ 471.616449][T13362] ? tomoyo_realpath_from_path+0xef/0x640 [ 471.616478][T13362] ? tomoyo_realpath_from_path+0xef/0x640 [ 471.616513][T13362] tomoyo_realpath_from_path+0xef/0x640 [ 471.616551][T13362] ? tomoyo_path_number_perm+0x219/0x5f0 [ 471.616576][T13362] tomoyo_path_number_perm+0x246/0x5f0 [ 471.616603][T13362] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 471.616626][T13362] ? __lock_acquire+0x683/0x2ce0 [ 471.616666][T13362] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 471.616690][T13362] ? hook_file_ioctl+0x1f3/0x600 [ 471.616714][T13362] ? lockdep_hardirqs_on+0x7a/0x110 [ 471.616761][T13362] ? __fget_files+0x2a/0x420 [ 471.616786][T13362] ? __fget_files+0x2a/0x420 [ 471.616806][T13362] ? __fget_files+0x3a8/0x420 [ 471.616825][T13362] ? __fget_files+0x2a/0x420 [ 471.616850][T13362] security_file_ioctl+0xc3/0x2a0 [ 471.616875][T13362] __se_sys_ioctl+0x47/0x170 [ 471.616902][T13362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.616924][T13362] do_syscall_64+0x174/0x580 [ 471.616948][T13362] ? trace_irq_disable+0x3b/0x140 [ 471.616972][T13362] ? clear_bhb_loop+0x40/0x90 [ 471.616996][T13362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.617015][T13362] RIP: 0033:0x7f121744ce59 [ 471.617033][T13362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.617051][T13362] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 471.617072][T13362] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 471.617086][T13362] RDX: 0000200000000a00 RSI: 00000000c0306201 RDI: 0000000000000003 [ 471.617103][T13362] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 471.617116][T13362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.617128][T13362] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 471.617159][T13362] [ 471.617187][T13362] ERROR: Out of memory at tomoyo_realpath_from_path. [ 471.812660][ T7137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 471.872597][ T7137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 471.914998][ T7137] bond0 (unregistering): Released all slaves [ 471.921991][ T5617] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 471.991334][ T38] usb 5-1: config 0 descriptor?? [ 471.992544][T13355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 471.992658][T13355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 472.003144][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5 [ 472.104490][ T5617] usb 4-1: Using ep0 maxpacket: 16 [ 472.106537][ T5617] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 472.106561][ T5617] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 472.109191][ T5617] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 472.109217][ T5617] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.109237][ T5617] usb 4-1: Product: syz [ 472.109251][ T5617] usb 4-1: Manufacturer: syz [ 472.109265][ T5617] usb 4-1: SerialNumber: syz [ 472.163199][ T5617] usb 4-1: 0:2 : does not exist [ 472.200266][T13355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 472.200476][T13355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 472.319476][T13366] Invalid source name [ 472.319495][T13366] UBIFS error (pid: 13366): cannot open "/dev/sg0", error -22 [ 472.894472][ T5620] Bluetooth: hci4: command 0x0406 tx timeout [ 473.438182][ T5617] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 473.486834][ T5617] usb 4-1: USB disconnect, device number 74 [ 473.674897][ T6232] udevd[6232]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 473.998909][ T38] Error reading MAC address [ 474.044806][ T38] usb 5-1: USB disconnect, device number 84 [ 474.420930][T13381] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2795'. [ 474.565181][T13385] FAULT_INJECTION: forcing a failure. [ 474.565181][T13385] name failslab, interval 1, probability 0, space 0, times 0 [ 474.565217][T13385] CPU: 1 UID: 0 PID: 13385 Comm: syz.4.2796 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 474.565245][T13385] Tainted: [L]=SOFTLOCKUP [ 474.565252][T13385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 474.565264][T13385] Call Trace: [ 474.565272][T13385] [ 474.565281][T13385] dump_stack_lvl+0xe8/0x150 [ 474.565310][T13385] should_fail_ex+0x467/0x600 [ 474.565345][T13385] should_failslab+0xa8/0x100 [ 474.565369][T13385] ? anon_vma_clone+0x3e7/0x9e0 [ 474.565390][T13385] kmem_cache_alloc_noprof+0x9e/0x680 [ 474.565412][T13385] ? anon_vma_clone+0x3e7/0x9e0 [ 474.565439][T13385] anon_vma_clone+0x3e7/0x9e0 [ 474.565469][T13385] __split_vma+0x3a5/0xa40 [ 474.565502][T13385] ? mas_next_slot+0xc94/0xd70 [ 474.565530][T13385] ? __pfx___split_vma+0x10/0x10 [ 474.565564][T13385] ? mas_find+0xab1/0xcf0 [ 474.565593][T13385] vms_gather_munmap_vmas+0x4e3/0x1370 [ 474.565633][T13385] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 474.565669][T13385] ? mas_find+0xa23/0xcf0 [ 474.565700][T13385] mmap_region+0x914/0x2310 [ 474.565743][T13385] ? __lock_acquire+0x683/0x2ce0 [ 474.565769][T13385] ? __pfx_mmap_region+0x10/0x10 [ 474.565804][T13385] ? __lock_acquire+0x683/0x2ce0 [ 474.565897][T13385] ? __pfx_process_measurement+0x10/0x10 [ 474.565938][T13385] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 474.565974][T13385] ? apparmor_capable+0x126/0x170 [ 474.565998][T13385] ? bpf_lsm_capable+0x9/0x20 [ 474.566029][T13385] ? security_capable+0x7e/0x2c0 [ 474.566053][T13385] ? shmem_mapping+0xd/0x50 [ 474.566079][T13385] ? memfd_check_seals_mmap+0x16e/0x210 [ 474.566105][T13385] do_mmap+0xc1e/0x10b0 [ 474.566133][T13385] ? __pfx_do_mmap+0x10/0x10 [ 474.566150][T13385] ? rwbase_write_lock+0x550/0x720 [ 474.566189][T13385] vm_mmap_pgoff+0x275/0x4e0 [ 474.566226][T13385] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 474.566260][T13385] ? __fget_files+0x2a/0x420 [ 474.566280][T13385] ? __fget_files+0x3a8/0x420 [ 474.566300][T13385] ? __fget_files+0x2a/0x420 [ 474.566329][T13385] ksys_mmap_pgoff+0x4a6/0x720 [ 474.566353][T13385] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.566374][T13385] do_syscall_64+0x174/0x580 [ 474.566398][T13385] ? trace_irq_disable+0x3b/0x140 [ 474.566423][T13385] ? clear_bhb_loop+0x40/0x90 [ 474.566446][T13385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.566465][T13385] RIP: 0033:0x7fd7e183ce59 [ 474.566483][T13385] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 474.566499][T13385] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 474.566519][T13385] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 474.566535][T13385] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000 [ 474.566548][T13385] RBP: 00007fd7dfa96090 R08: 0000000000000005 R09: 0000000000000000 [ 474.566561][T13385] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000001 [ 474.566574][T13385] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 474.566604][T13385] [ 474.940964][T13390] Invalid source name [ 474.940983][T13390] UBIFS error (pid: 13390): cannot open "/dev/sg0", error -22 [ 475.199107][T13400] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 4, id = 0 [ 475.239738][T13399] JFS: discard option not supported on device [ 475.355873][T13399] Mount JFS Failure: -22 [ 475.355891][T13399] jfs_mount failed w/return code = -22 [ 475.359144][T13405] Bluetooth: MGMT ver 1.23 [ 475.755423][T13423] Invalid source name [ 475.755440][T13423] UBIFS error (pid: 13423): cannot open "/dev/sg0", error -22 [ 476.827795][T13445] Invalid source name [ 476.827812][T13445] UBIFS error (pid: 13445): cannot open "/dev/sg0", error -22 [ 476.847345][ T7137] hsr_slave_0: left promiscuous mode [ 476.883618][ T7137] hsr_slave_1: left promiscuous mode [ 476.895522][ T7137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 476.895548][ T7137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 476.933088][ T7137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 476.933115][ T7137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 476.970460][T13450] FAULT_INJECTION: forcing a failure. [ 476.970460][T13450] name failslab, interval 1, probability 0, space 0, times 0 [ 476.970524][T13450] CPU: 1 UID: 0 PID: 13450 Comm: syz.4.2813 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 476.970553][T13450] Tainted: [L]=SOFTLOCKUP [ 476.970561][T13450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 476.970573][T13450] Call Trace: [ 476.970582][T13450] [ 476.970591][T13450] dump_stack_lvl+0xe8/0x150 [ 476.970620][T13450] should_fail_ex+0x467/0x600 [ 476.970656][T13450] should_failslab+0xa8/0x100 [ 476.970681][T13450] ? __se_sys_mbind+0x82b/0x10e0 [ 476.970704][T13450] kmem_cache_alloc_noprof+0x9e/0x680 [ 476.970726][T13450] ? __se_sys_mbind+0x82b/0x10e0 [ 476.970755][T13450] __se_sys_mbind+0x82b/0x10e0 [ 476.970783][T13450] ? rt_mutex_slowunlock+0x219/0x460 [ 476.970805][T13450] ? __pfx___se_sys_mbind+0x10/0x10 [ 476.970839][T13450] ? fput+0xa0/0xd0 [ 476.970861][T13450] ? ksys_write+0x248/0x270 [ 476.970889][T13450] ? __pfx_ksys_write+0x10/0x10 [ 476.970919][T13450] ? __x64_sys_mbind+0x21/0xf0 [ 476.970941][T13450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.970963][T13450] do_syscall_64+0x174/0x580 [ 476.970988][T13450] ? trace_irq_disable+0x3b/0x140 [ 476.971015][T13450] ? clear_bhb_loop+0x40/0x90 [ 476.971039][T13450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.971060][T13450] RIP: 0033:0x7fd7e183ce59 [ 476.971078][T13450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 476.971096][T13450] RSP: 002b:00007fd7dfa75028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 476.971117][T13450] RAX: ffffffffffffffda RBX: 00007fd7e1ab6090 RCX: 00007fd7e183ce59 [ 476.971133][T13450] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000 [ 476.971147][T13450] RBP: 00007fd7dfa75090 R08: 0000000000000004 R09: 0000000000000002 [ 476.971160][T13450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.971173][T13450] R13: 00007fd7e1ab6128 R14: 00007fd7e1ab6090 R15: 00007fff47833698 [ 476.971205][T13450] [ 477.328393][ T7137] veth1_macvtap: left promiscuous mode [ 477.328459][ T7137] veth0_macvtap: left promiscuous mode [ 477.328651][ T7137] veth1_vlan: left promiscuous mode [ 477.328794][ T7137] veth0_vlan: left promiscuous mode [ 477.561488][T13462] FAULT_INJECTION: forcing a failure. [ 477.561488][T13462] name failslab, interval 1, probability 0, space 0, times 0 [ 477.561510][T13462] CPU: 0 UID: 0 PID: 13462 Comm: syz.4.2820 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 477.561526][T13462] Tainted: [L]=SOFTLOCKUP [ 477.561530][T13462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 477.561537][T13462] Call Trace: [ 477.561541][T13462] [ 477.561546][T13462] dump_stack_lvl+0xe8/0x150 [ 477.561563][T13462] should_fail_ex+0x467/0x600 [ 477.561583][T13462] should_failslab+0xa8/0x100 [ 477.561597][T13462] __kmalloc_noprof+0xfb/0x790 [ 477.561609][T13462] ? tomoyo_encode+0x2ad/0x570 [ 477.561624][T13462] ? tomoyo_encode+0x2ad/0x570 [ 477.561642][T13462] tomoyo_encode+0x2ad/0x570 [ 477.561670][T13462] tomoyo_realpath_from_path+0x5fa/0x640 [ 477.561703][T13462] ? tomoyo_path_number_perm+0x219/0x5f0 [ 477.561737][T13462] tomoyo_path_number_perm+0x246/0x5f0 [ 477.561762][T13462] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 477.561784][T13462] ? __lock_acquire+0x683/0x2ce0 [ 477.561808][T13462] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 477.561821][T13462] ? hook_file_ioctl+0x1f3/0x600 [ 477.561835][T13462] ? lockdep_hardirqs_on+0x7a/0x110 [ 477.561858][T13462] ? __fget_files+0x2a/0x420 [ 477.561871][T13462] ? __fget_files+0x2a/0x420 [ 477.561881][T13462] ? __fget_files+0x3a8/0x420 [ 477.561892][T13462] ? __fget_files+0x2a/0x420 [ 477.561905][T13462] security_file_ioctl+0xc3/0x2a0 [ 477.561919][T13462] __se_sys_ioctl+0x47/0x170 [ 477.561933][T13462] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.561944][T13462] do_syscall_64+0x174/0x580 [ 477.561957][T13462] ? trace_irq_disable+0x3b/0x140 [ 477.561971][T13462] ? clear_bhb_loop+0x40/0x90 [ 477.561984][T13462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.561994][T13462] RIP: 0033:0x7fd7e183ce59 [ 477.562005][T13462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 477.562015][T13462] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 477.562026][T13462] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 477.562034][T13462] RDX: 0000200000000100 RSI: 000000004014563c RDI: 0000000000000003 [ 477.562041][T13462] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 477.562047][T13462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.562054][T13462] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 477.562070][T13462] [ 477.567084][T13462] ERROR: Out of memory at tomoyo_realpath_from_path. [ 477.771980][ T5788] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 477.822064][T13466] Invalid source name [ 477.822081][T13466] UBIFS error (pid: 13466): cannot open "/dev/sg0", error -22 [ 477.915121][ T5788] usb 1-1: device descriptor read/64, error -71 [ 478.069627][ T9] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 478.161912][ T5788] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 478.232239][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 478.235111][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 478.237813][ T9] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 478.237839][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.237859][ T9] usb 5-1: Product: syz [ 478.237873][ T9] usb 5-1: Manufacturer: syz [ 478.237887][ T9] usb 5-1: SerialNumber: syz [ 478.247892][ T9] usb 5-1: config 0 descriptor?? [ 478.258484][ T9] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found [ 478.292054][ T5788] usb 1-1: device descriptor read/64, error -71 [ 478.404793][ T5788] usb usb1-port1: attempt power cycle [ 478.463048][T13464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 478.463690][T13464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 478.486460][ T9] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 478.491151][ T9] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 478.612309][ T7137] team0 (unregistering): Port device team_slave_1 removed [ 478.653554][ T7137] team0 (unregistering): Port device team_slave_0 removed [ 478.672913][ T9] usb 5-1: USB disconnect, device number 85 [ 478.744365][ T5788] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 478.765819][ T5788] usb 1-1: device descriptor read/8, error -71 [ 478.849120][T13475] befs: (loop3): No write support. Marking filesystem read-only [ 478.849263][T13475] befs: (loop3): unable to read superblock [ 478.850205][T13475] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2826'. [ 479.011839][ T5788] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 479.036814][ T5788] usb 1-1: device descriptor read/8, error -71 [ 479.154545][ T6829] usb 4-1: new full-speed USB device number 75 using dummy_hcd [ 479.176679][ T5788] usb usb1-port1: unable to enumerate USB device [ 479.394021][ T6829] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 479.394046][ T6829] usb 4-1: config 0 has no interface number 0 [ 479.401844][ T6829] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 479.401872][ T6829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.401889][ T6829] usb 4-1: Product: syz [ 479.401903][ T6829] usb 4-1: Manufacturer: syz [ 479.401916][ T6829] usb 4-1: SerialNumber: syz [ 479.414398][ T6829] usb 4-1: config 0 descriptor?? [ 479.601180][T13489] FAULT_INJECTION: forcing a failure. [ 479.601180][T13489] name failslab, interval 1, probability 0, space 0, times 0 [ 479.601225][T13489] CPU: 1 UID: 0 PID: 13489 Comm: syz.4.2828 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 479.601255][T13489] Tainted: [L]=SOFTLOCKUP [ 479.601263][T13489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 479.601274][T13489] Call Trace: [ 479.601282][T13489] [ 479.601290][T13489] dump_stack_lvl+0xe8/0x150 [ 479.601317][T13489] should_fail_ex+0x467/0x600 [ 479.601351][T13489] should_failslab+0xa8/0x100 [ 479.601376][T13489] kmem_cache_alloc_node_noprof+0xac/0x660 [ 479.601399][T13489] ? __alloc_skb+0x1d7/0x7a0 [ 479.601419][T13489] ? __alloc_skb+0x1d7/0x7a0 [ 479.601444][T13489] __alloc_skb+0x1d7/0x7a0 [ 479.601468][T13489] netlink_sendmsg+0x5d4/0xb40 [ 479.601500][T13489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.601530][T13489] ? aa_sock_msg_perm+0x122/0x200 [ 479.601562][T13489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.601587][T13489] sock_sendmsg_nosec+0x13a/0x180 [ 479.601609][T13489] ____sys_sendmsg+0x565/0x870 [ 479.601634][T13489] ? __might_fault+0xaf/0x130 [ 479.601659][T13489] ? __pfx_____sys_sendmsg+0x10/0x10 [ 479.601689][T13489] ? import_iovec+0x73/0xa0 [ 479.601713][T13489] ___sys_sendmsg+0x2a5/0x360 [ 479.601734][T13489] ? __lock_acquire+0x683/0x2ce0 [ 479.601757][T13489] ? __pfx____sys_sendmsg+0x10/0x10 [ 479.601800][T13489] ? __fget_files+0x2a/0x420 [ 479.601820][T13489] ? __fget_files+0x3a8/0x420 [ 479.601849][T13489] __x64_sys_sendmsg+0x1b7/0x290 [ 479.601877][T13489] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 479.601918][T13489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.601939][T13489] do_syscall_64+0x174/0x580 [ 479.601964][T13489] ? trace_irq_disable+0x3b/0x140 [ 479.601989][T13489] ? clear_bhb_loop+0x40/0x90 [ 479.602013][T13489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.602033][T13489] RIP: 0033:0x7fd7e183ce59 [ 479.602052][T13489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.602069][T13489] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 479.602091][T13489] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 479.602105][T13489] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000005 [ 479.602119][T13489] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 479.602132][T13489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.602144][T13489] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 479.602175][T13489] [ 480.028740][ T6829] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 480.028772][ T6829] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -61 [ 480.029058][ T6829] asix 4-1:0.251: probe with driver asix failed with error -61 [ 480.261262][ T5617] usb 4-1: USB disconnect, device number 75 [ 481.098860][ T7137] IPVS: stop unused estimator thread 0... [ 481.382596][T13209] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 481.470339][T13209] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 481.479871][T13209] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 481.589408][T13209] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 481.592629][T13209] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 481.648094][T13209] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 481.648959][T13209] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 481.661902][ T5618] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 481.687267][T13209] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 481.821802][ T5618] usb 5-1: Using ep0 maxpacket: 16 [ 481.823500][ T5618] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 481.823524][ T5618] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.823543][ T5618] usb 5-1: config 0 has no interface number 0 [ 481.829334][ T5618] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 481.829361][ T5618] usb 5-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 481.829380][ T5618] usb 5-1: Product: syz [ 481.829393][ T5618] usb 5-1: Manufacturer: syz [ 481.829408][ T5618] usb 5-1: SerialNumber: syz [ 481.900202][ T5618] usb 5-1: config 0 descriptor?? [ 481.930351][ T5618] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046c:14e8) [ 481.930831][ T5618] uvcvideo 5-1:0.105: Entity type for entity Output 1 was not initialized! [ 481.941782][ T6829] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 481.982606][ T5618] uvcvideo 5-1:0.105: Failed to create links for entity 1 [ 481.982630][ T5618] uvcvideo 5-1:0.105: Failed to register entities (-22). [ 482.100342][T13209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.127880][ T6829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.127919][ T6829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.127938][ T6829] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 482.127979][ T6829] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 482.128001][ T6829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.204410][T13530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.205063][T13530] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.206943][ T6829] usb 1-1: config 0 descriptor?? [ 482.265874][ T11] usb 5-1: USB disconnect, device number 86 [ 482.301524][T13209] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.337550][ T190] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.337693][ T190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.448322][ T190] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.448491][ T190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.567046][T13533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.567607][T13533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.673718][ T6829] usbhid 1-1:0.0: can't add hid device: -71 [ 482.673839][ T6829] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 482.707591][ T6829] usb 1-1: USB disconnect, device number 104 [ 482.895064][T13556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2838'. [ 483.512422][ T6829] usb 4-1: new full-speed USB device number 76 using dummy_hcd [ 483.612545][ T38] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 483.680197][T13570] syz.3.2841 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 483.697888][ T6829] usb 4-1: unable to get BOS descriptor or descriptor too short [ 483.699751][ T6829] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 483.699785][ T6829] usb 4-1: can't read configurations, error -71 [ 483.780008][ T38] usb 1-1: Using ep0 maxpacket: 16 [ 483.814160][ T38] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 483.814186][ T38] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 483.816798][ T38] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 483.816825][ T38] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.816844][ T38] usb 1-1: Product: syz [ 483.816858][ T38] usb 1-1: Manufacturer: syz [ 483.816872][ T38] usb 1-1: SerialNumber: syz [ 483.829865][T13209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.869824][ T38] usb 1-1: 0:2 : does not exist [ 484.116631][ T38] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 484.163128][T13209] veth0_vlan: entered promiscuous mode [ 484.316355][ T38] usb 1-1: USB disconnect, device number 105 [ 484.500363][T13209] veth1_vlan: entered promiscuous mode [ 484.500998][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 484.610777][T13209] veth0_macvtap: entered promiscuous mode [ 484.618767][T13209] veth1_macvtap: entered promiscuous mode [ 484.660233][T13209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.749730][T13209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.789755][ T7137] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.790012][ T7137] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.790049][ T7137] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.790085][ T7137] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.066531][T13598] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 4, id = 0 [ 485.461311][ T5340] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 485.641159][ T5340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.641192][ T5340] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 485.641234][ T5340] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 485.641258][ T5340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.652333][T13605] 9p: Bad value for 'rfdno' [ 485.728736][ T5340] usb 1-1: config 0 descriptor?? [ 486.022532][ T5788] usb 5-1: new full-speed USB device number 87 using dummy_hcd [ 486.215830][T13527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.215848][T13527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.286003][ T5788] usb 5-1: New USB device found, idVendor=046d, idProduct=0960, bcdDevice=97.b4 [ 486.286038][ T5788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.356072][ T5788] gspca_main: sunplus-2.14.0 probing 046d:0960 [ 486.634601][ T7137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.634622][ T7137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.729352][ T5788] gspca_sunplus: reg_w_riv err -71 [ 486.729472][ T5788] sunplus 5-1:8.0: probe with driver sunplus failed with error -71 [ 486.753715][ T5788] usb 5-1: USB disconnect, device number 87 [ 487.700517][T13635] FAULT_INJECTION: forcing a failure. [ 487.700517][T13635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.700553][T13635] CPU: 0 UID: 0 PID: 13635 Comm: syz.2.2861 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 487.700581][T13635] Tainted: [L]=SOFTLOCKUP [ 487.700588][T13635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 487.700601][T13635] Call Trace: [ 487.700609][T13635] [ 487.700618][T13635] dump_stack_lvl+0xe8/0x150 [ 487.700645][T13635] should_fail_ex+0x467/0x600 [ 487.700679][T13635] _copy_to_user+0x31/0xb0 [ 487.700704][T13635] simple_read_from_buffer+0xe1/0x170 [ 487.700731][T13635] proc_fail_nth_read+0x1be/0x230 [ 487.700756][T13635] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.700780][T13635] ? rw_verify_area+0x250/0x4d0 [ 487.700808][T13635] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 487.700828][T13635] vfs_read+0x219/0xa90 [ 487.700860][T13635] ? __pfx_vfs_read+0x10/0x10 [ 487.700886][T13635] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 487.700911][T13635] ? lockdep_hardirqs_on+0x7a/0x110 [ 487.700936][T13635] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 487.700961][T13635] ? mutex_lock_nested+0x152/0x1d0 [ 487.700989][T13635] ? fdget_pos+0x252/0x320 [ 487.701019][T13635] ksys_read+0x156/0x270 [ 487.701046][T13635] ? __pfx_ksys_read+0x10/0x10 [ 487.701068][T13635] ? fput+0xa0/0xd0 [ 487.701095][T13635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.701116][T13635] do_syscall_64+0x174/0x580 [ 487.701140][T13635] ? trace_irq_disable+0x3b/0x140 [ 487.701166][T13635] ? clear_bhb_loop+0x40/0x90 [ 487.701188][T13635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.701208][T13635] RIP: 0033:0x7fdfe31cd68e [ 487.701226][T13635] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 487.701242][T13635] RSP: 002b:00007fdfe145dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 487.701263][T13635] RAX: ffffffffffffffda RBX: 00007fdfe145e6c0 RCX: 00007fdfe31cd68e [ 487.701279][T13635] RDX: 000000000000000f RSI: 00007fdfe145e0a0 RDI: 0000000000000005 [ 487.701291][T13635] RBP: 00007fdfe145e090 R08: 0000000000000000 R09: 0000000000000000 [ 487.701303][T13635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.701315][T13635] R13: 00007fdfe3486038 R14: 00007fdfe3485fa0 R15: 00007ffe06c2f438 [ 487.701345][T13635] [ 488.063546][ T5340] usbhid 1-1:0.0: can't add hid device: -71 [ 488.063727][ T5340] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 488.068411][ T5340] usb 1-1: USB disconnect, device number 106 [ 488.150860][ T5617] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 488.318066][T13639] binder_alloc: 13638: binder_alloc_buf, no vma [ 488.336811][ T5617] usb 3-1: Using ep0 maxpacket: 16 [ 488.340890][ T5617] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 488.340906][ T5617] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 488.343567][ T5617] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 488.343596][ T5617] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.343614][ T5617] usb 3-1: Product: syz [ 488.343628][ T5617] usb 3-1: Manufacturer: syz [ 488.343643][ T5617] usb 3-1: SerialNumber: syz [ 488.415683][ T5617] usb 3-1: 0:2 : does not exist [ 488.683404][ T5617] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 488.770919][T13646] FAULT_INJECTION: forcing a failure. [ 488.770919][T13646] name failslab, interval 1, probability 0, space 0, times 0 [ 488.770951][T13646] CPU: 0 UID: 0 PID: 13646 Comm: syz.4.2866 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 488.770972][T13646] Tainted: [L]=SOFTLOCKUP [ 488.770978][T13646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 488.770987][T13646] Call Trace: [ 488.770994][T13646] [ 488.771001][T13646] dump_stack_lvl+0xe8/0x150 [ 488.771026][T13646] should_fail_ex+0x467/0x600 [ 488.771054][T13646] should_failslab+0xa8/0x100 [ 488.771074][T13646] __kmalloc_cache_noprof+0xa1/0x670 [ 488.771092][T13646] ? rdma_resolve_ip+0x69/0x6a0 [ 488.771114][T13646] ? rdma_resolve_ip+0x69/0x6a0 [ 488.771140][T13646] rdma_resolve_ip+0x69/0x6a0 [ 488.771168][T13646] ? __pfx_addr_handler+0x10/0x10 [ 488.771192][T13646] rdma_resolve_addr+0x6cd/0x21a0 [ 488.771215][T13646] ? __pfx_rdma_resolve_addr+0x10/0x10 [ 488.771236][T13646] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 488.771255][T13646] ? lockdep_hardirqs_on+0x7a/0x110 [ 488.771290][T13646] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 488.771307][T13646] ? mutex_lock_nested+0x152/0x1d0 [ 488.771329][T13646] ? ucma_resolve_ip+0x2fe/0x490 [ 488.771356][T13646] ucma_resolve_ip+0x336/0x490 [ 488.771379][T13646] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 488.771409][T13646] ucma_write+0x257/0x2f0 [ 488.771427][T13646] ? __pfx_ucma_write+0x10/0x10 [ 488.771442][T13646] ? security_file_permission+0x75/0x260 [ 488.771461][T13646] ? rw_verify_area+0x209/0x4d0 [ 488.771480][T13646] ? __pfx_ucma_write+0x10/0x10 [ 488.771496][T13646] vfs_write+0x29f/0xbb0 [ 488.771531][T13646] ? __pfx_vfs_write+0x10/0x10 [ 488.771551][T13646] ? __fget_files+0x2a/0x420 [ 488.771570][T13646] ? __fget_files+0x2a/0x420 [ 488.771584][T13646] ? __fget_files+0x3a8/0x420 [ 488.771600][T13646] ? __fget_files+0x2a/0x420 [ 488.771623][T13646] ksys_write+0x156/0x270 [ 488.771645][T13646] ? __pfx_ksys_write+0x10/0x10 [ 488.771673][T13646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.771692][T13646] do_syscall_64+0x174/0x580 [ 488.771714][T13646] ? trace_irq_disable+0x3b/0x140 [ 488.771733][T13646] ? clear_bhb_loop+0x40/0x90 [ 488.771751][T13646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.771764][T13646] RIP: 0033:0x7fd7e183ce59 [ 488.771779][T13646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 488.771792][T13646] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 488.771808][T13646] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 488.771819][T13646] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000003 [ 488.771828][T13646] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 488.771837][T13646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.771845][T13646] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 488.771868][T13646] [ 488.852265][ T5617] usb 3-1: USB disconnect, device number 59 [ 489.061358][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 489.440046][T13654] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 489.467604][T13661] netlink: 'syz.2.2871': attribute type 2 has an invalid length. [ 489.467624][T13661] netlink: 'syz.2.2871': attribute type 11 has an invalid length. [ 489.467637][T13661] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2871'. [ 489.616461][T13663] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2873'. [ 489.906054][T13672] FAULT_INJECTION: forcing a failure. [ 489.906054][T13672] name failslab, interval 1, probability 0, space 0, times 0 [ 489.906080][T13672] CPU: 1 UID: 0 PID: 13672 Comm: syz.0.2876 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 489.906096][T13672] Tainted: [L]=SOFTLOCKUP [ 489.906100][T13672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 489.906107][T13672] Call Trace: [ 489.906113][T13672] [ 489.906119][T13672] dump_stack_lvl+0xe8/0x150 [ 489.906138][T13672] should_fail_ex+0x467/0x600 [ 489.906159][T13672] should_failslab+0xa8/0x100 [ 489.906173][T13672] __kmalloc_cache_noprof+0xa1/0x670 [ 489.906186][T13672] ? __hw_addr_create+0x62/0x240 [ 489.906201][T13672] ? __hw_addr_create+0x62/0x240 [ 489.906217][T13672] __hw_addr_create+0x62/0x240 [ 489.906234][T13672] __hw_addr_add_ex+0x1ce/0x520 [ 489.906250][T13672] ? dev_mc_add+0x4e/0x140 [ 489.906263][T13672] dev_mc_add+0xab/0x140 [ 489.906280][T13672] packet_mc_add+0x735/0xb80 [ 489.906300][T13672] packet_setsockopt+0xd28/0x1510 [ 489.906315][T13672] ? __pfx_packet_setsockopt+0x10/0x10 [ 489.906348][T13672] ? aa_sk_perm+0x703/0x950 [ 489.906373][T13672] ? __fget_files+0x2a/0x420 [ 489.906397][T13672] ? __pfx_aa_sk_perm+0x10/0x10 [ 489.906422][T13672] ? aa_sock_opt_perm+0x131/0x1f0 [ 489.906456][T13672] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 489.906477][T13672] ? __pfx_packet_setsockopt+0x10/0x10 [ 489.906495][T13672] do_sock_setsockopt+0x17c/0x1b0 [ 489.906513][T13672] __x64_sys_setsockopt+0x143/0x1b0 [ 489.906527][T13672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.906539][T13672] do_syscall_64+0x174/0x580 [ 489.906554][T13672] ? trace_irq_disable+0x3b/0x140 [ 489.906568][T13672] ? clear_bhb_loop+0x40/0x90 [ 489.906582][T13672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.906592][T13672] RIP: 0033:0x7f84fb75ce59 [ 489.906604][T13672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 489.906613][T13672] RSP: 002b:00007f84f99ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 489.906625][T13672] RAX: ffffffffffffffda RBX: 00007f84fb9d5fa0 RCX: 00007f84fb75ce59 [ 489.906634][T13672] RDX: 0000000000000001 RSI: 0000000000000107 RDI: 0000000000000003 [ 489.906640][T13672] RBP: 00007f84f99ae090 R08: 0000000000000010 R09: 0000000000000000 [ 489.906647][T13672] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.906654][T13672] R13: 00007f84fb9d6038 R14: 00007f84fb9d5fa0 R15: 00007ffef36fd6f8 [ 489.906671][T13672] [ 490.030054][T13675] FAULT_INJECTION: forcing a failure. [ 490.030054][T13675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.030090][T13675] CPU: 1 UID: 0 PID: 13675 Comm: syz.0.2878 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 490.030117][T13675] Tainted: [L]=SOFTLOCKUP [ 490.030125][T13675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 490.030138][T13675] Call Trace: [ 490.030145][T13675] [ 490.030154][T13675] dump_stack_lvl+0xe8/0x150 [ 490.030182][T13675] should_fail_ex+0x467/0x600 [ 490.030216][T13675] _copy_from_user+0x2d/0xb0 [ 490.030240][T13675] video_usercopy+0x359/0x1430 [ 490.030264][T13675] ? hook_file_ioctl+0x1f3/0x600 [ 490.030293][T13675] ? __pfx___video_do_ioctl+0x10/0x10 [ 490.030314][T13675] ? __pfx_video_usercopy+0x10/0x10 [ 490.030350][T13675] ? __fget_files+0x2a/0x420 [ 490.030375][T13675] ? __fget_files+0x2a/0x420 [ 490.030394][T13675] ? __fget_files+0x3a8/0x420 [ 490.030418][T13675] v4l2_ioctl+0x190/0x1e0 [ 490.030448][T13675] ? __pfx_v4l2_ioctl+0x10/0x10 [ 490.030476][T13675] __se_sys_ioctl+0xff/0x170 [ 490.030502][T13675] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.030523][T13675] do_syscall_64+0x174/0x580 [ 490.030548][T13675] ? trace_irq_disable+0x3b/0x140 [ 490.030572][T13675] ? clear_bhb_loop+0x40/0x90 [ 490.030596][T13675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.030615][T13675] RIP: 0033:0x7f84fb75ce59 [ 490.030633][T13675] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.030650][T13675] RSP: 002b:00007f84f99ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 490.030672][T13675] RAX: ffffffffffffffda RBX: 00007f84fb9d5fa0 RCX: 00007f84fb75ce59 [ 490.030687][T13675] RDX: 00002000000003c0 RSI: 00000000c0405602 RDI: 0000000000000003 [ 490.030699][T13675] RBP: 00007f84f99ae090 R08: 0000000000000000 R09: 0000000000000000 [ 490.030712][T13675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 490.030724][T13675] R13: 00007f84fb9d6038 R14: 00007f84fb9d5fa0 R15: 00007ffef36fd6f8 [ 490.030755][T13675] [ 490.042192][ T38] usb 5-1: new full-speed USB device number 88 using dummy_hcd [ 490.134435][T13678] befs: (loop0): No write support. Marking filesystem read-only [ 490.136268][T13678] befs: (loop0): unable to read superblock [ 490.139093][T13678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2879'. [ 490.203075][ T38] usb 5-1: unable to get BOS descriptor or descriptor too short [ 490.204110][ T38] usb 5-1: not running at top speed; connect to a high speed hub [ 490.223309][ T38] usb 5-1: config 202 has an invalid interface number: 80 but max is 2 [ 490.223349][ T38] usb 5-1: config 202 has an invalid interface number: 141 but max is 2 [ 490.223380][ T38] usb 5-1: config 202 has an invalid descriptor of length 0, skipping remainder of the config [ 490.223400][ T38] usb 5-1: config 202 has 2 interfaces, different from the descriptor's value: 3 [ 490.223421][ T38] usb 5-1: config 202 has no interface number 0 [ 490.223437][ T38] usb 5-1: config 202 has no interface number 1 [ 490.223493][ T38] usb 5-1: config 202 interface 141 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 490.223516][ T38] usb 5-1: config 202 interface 141 altsetting 5 endpoint 0x82 has invalid wMaxPacketSize 0 [ 490.223540][ T38] usb 5-1: config 202 interface 141 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 15 [ 490.223566][ T38] usb 5-1: config 202 interface 80 has no altsetting 0 [ 490.223584][ T38] usb 5-1: config 202 interface 141 has no altsetting 0 [ 490.273309][ T38] usb 5-1: New USB device found, idVendor=0499, idProduct=1043, bcdDevice=9f.9f [ 490.273345][ T38] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.273365][ T38] usb 5-1: Product: syz [ 490.273379][ T38] usb 5-1: Manufacturer: syz [ 490.273393][ T38] usb 5-1: SerialNumber: syz [ 490.391853][ T5720] usb 1-1: new full-speed USB device number 107 using dummy_hcd [ 490.412448][ T4923] Bluetooth: hci0: command tx timeout [ 490.535032][ T38] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 490.540274][ T38] snd-usb-audio 5-1:202.80: probe with driver snd-usb-audio failed with error -2 [ 490.552300][ T5720] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 490.552337][ T5720] usb 1-1: config 0 has no interface number 0 [ 490.565587][ T5720] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 490.565616][ T5720] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.565635][ T5720] usb 1-1: Product: syz [ 490.565649][ T5720] usb 1-1: Manufacturer: syz [ 490.565663][ T5720] usb 1-1: SerialNumber: syz [ 490.581400][ T5720] usb 1-1: config 0 descriptor?? [ 490.613666][ T38] hub 5-1:202.141: Invalid hub with more than one config or interface [ 490.613941][ T38] hub 5-1:202.141: probe with driver hub failed with error -22 [ 490.643386][ T38] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 491.113805][ T38] snd-usb-audio 5-1:202.141: probe with driver snd-usb-audio failed with error -2 [ 491.131386][ T38] usb 5-1: USB disconnect, device number 88 [ 491.205195][ T5720] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 491.205226][ T5720] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -61 [ 491.205512][ T5720] asix 1-1:0.251: probe with driver asix failed with error -61 [ 491.358066][T13702] FAULT_INJECTION: forcing a failure. [ 491.358066][T13702] name failslab, interval 1, probability 0, space 0, times 0 [ 491.358097][T13702] CPU: 1 UID: 0 PID: 13702 Comm: syz.2.2889 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 491.358117][T13702] Tainted: [L]=SOFTLOCKUP [ 491.358123][T13702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 491.358132][T13702] Call Trace: [ 491.358139][T13702] [ 491.358146][T13702] dump_stack_lvl+0xe8/0x150 [ 491.358168][T13702] should_fail_ex+0x467/0x600 [ 491.358196][T13702] should_failslab+0xa8/0x100 [ 491.358216][T13702] __kmalloc_cache_node_noprof+0xac/0x670 [ 491.358234][T13702] ? __get_vm_area_node+0x136/0x300 [ 491.358256][T13702] ? __get_vm_area_node+0x136/0x300 [ 491.358277][T13702] ? ktime_expiry_to_cycles+0x4e/0x1e0 [ 491.358301][T13702] __get_vm_area_node+0x136/0x300 [ 491.358328][T13702] __vmalloc_node_range_noprof+0x358/0x1730 [ 491.358345][T13702] ? vc_uniscr_check+0x18f/0x7b0 [ 491.358360][T13702] ? ktime_expiry_to_cycles+0x4e/0x1e0 [ 491.358377][T13702] ? seqcount_lockdep_reader_access+0xd4/0x100 [ 491.358397][T13702] ? ktime_expiry_to_cycles+0x176/0x1e0 [ 491.358419][T13702] ? __lock_acquire+0x683/0x2ce0 [ 491.358449][T13702] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 491.358467][T13702] ? irqentry_exit+0x218/0x8f0 [ 491.358491][T13702] ? vc_uniscr_check+0x18f/0x7b0 [ 491.358505][T13702] vzalloc_noprof+0xb2/0xe0 [ 491.358521][T13702] ? vc_uniscr_check+0x18f/0x7b0 [ 491.358537][T13702] vc_uniscr_check+0x18f/0x7b0 [ 491.358553][T13702] ? atomic_notifier_call_chain+0x26/0x180 [ 491.358578][T13702] do_con_write+0xcb2/0x5540 [ 491.358640][T13702] ? __pfx_do_con_write+0x10/0x10 [ 491.358660][T13702] ? do_raw_spin_lock+0x12b/0x2f0 [ 491.358700][T13702] ? lockdep_hardirqs_on+0x7a/0x110 [ 491.358718][T13702] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 491.358739][T13702] con_write+0x31/0x2e0 [ 491.358758][T13702] n_tty_write+0xd4f/0x11e0 [ 491.358798][T13702] ? __pfx_n_tty_write+0x10/0x10 [ 491.358836][T13702] ? __pfx_woken_wake_function+0x10/0x10 [ 491.358856][T13702] ? rcu_is_watching+0x15/0xb0 [ 491.358878][T13702] ? kfree+0x4d/0x6c0 [ 491.358896][T13702] ? __pfx_n_tty_write+0x10/0x10 [ 491.358915][T13702] file_tty_write+0x50b/0x980 [ 491.358940][T13702] vfs_write+0x61e/0xbb0 [ 491.358967][T13702] ? __pfx_vfs_write+0x10/0x10 [ 491.358993][T13702] ? __fget_files+0x2a/0x420 [ 491.359017][T13702] ksys_write+0x156/0x270 [ 491.359038][T13702] ? __pfx_ksys_write+0x10/0x10 [ 491.359067][T13702] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.359085][T13702] do_syscall_64+0x174/0x580 [ 491.359105][T13702] ? trace_irq_disable+0x3b/0x140 [ 491.359126][T13702] ? clear_bhb_loop+0x40/0x90 [ 491.359148][T13702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.359164][T13702] RIP: 0033:0x7fdfe320ce59 [ 491.359183][T13702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.359198][T13702] RSP: 002b:00007fdfe145e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 491.359214][T13702] RAX: ffffffffffffffda RBX: 00007fdfe3485fa0 RCX: 00007fdfe320ce59 [ 491.359224][T13702] RDX: 0000000000001006 RSI: 00002000000015c0 RDI: 0000000000000004 [ 491.359234][T13702] RBP: 00007fdfe145e090 R08: 0000000000000000 R09: 0000000000000000 [ 491.359242][T13702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.359251][T13702] R13: 00007fdfe3486038 R14: 00007fdfe3485fa0 R15: 00007ffe06c2f438 [ 491.359275][T13702] [ 491.367991][T13702] syz.2.2889: vmalloc error: size 264, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 491.368128][T13702] CPU: 1 UID: 0 PID: 13702 Comm: syz.2.2889 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 491.368143][T13702] Tainted: [L]=SOFTLOCKUP [ 491.368147][T13702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 491.368154][T13702] Call Trace: [ 491.368159][T13702] [ 491.368164][T13702] dump_stack_lvl+0xe8/0x150 [ 491.368181][T13702] warn_alloc+0x24c/0x270 [ 491.368198][T13702] ? __pfx_warn_alloc+0x10/0x10 [ 491.368215][T13702] ? __get_vm_area_node+0x2af/0x300 [ 491.368235][T13702] __vmalloc_node_range_noprof+0x37d/0x1730 [ 491.368247][T13702] ? ktime_expiry_to_cycles+0x4e/0x1e0 [ 491.368261][T13702] ? seqcount_lockdep_reader_access+0xd4/0x100 [ 491.368275][T13702] ? ktime_expiry_to_cycles+0x176/0x1e0 [ 491.368292][T13702] ? __lock_acquire+0x683/0x2ce0 [ 491.368317][T13702] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 491.368331][T13702] ? irqentry_exit+0x218/0x8f0 [ 491.368348][T13702] ? vc_uniscr_check+0x18f/0x7b0 [ 491.368360][T13702] vzalloc_noprof+0xb2/0xe0 [ 491.368371][T13702] ? vc_uniscr_check+0x18f/0x7b0 [ 491.368381][T13702] vc_uniscr_check+0x18f/0x7b0 [ 491.368392][T13702] ? atomic_notifier_call_chain+0x26/0x180 [ 491.368410][T13702] do_con_write+0xcb2/0x5540 [ 491.368452][T13702] ? __pfx_do_con_write+0x10/0x10 [ 491.368467][T13702] ? do_raw_spin_lock+0x12b/0x2f0 [ 491.368495][T13702] ? lockdep_hardirqs_on+0x7a/0x110 [ 491.368508][T13702] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 491.368524][T13702] con_write+0x31/0x2e0 [ 491.368538][T13702] n_tty_write+0xd4f/0x11e0 [ 491.368567][T13702] ? __pfx_n_tty_write+0x10/0x10 [ 491.368583][T13702] ? __pfx_woken_wake_function+0x10/0x10 [ 491.368597][T13702] ? rcu_is_watching+0x15/0xb0 [ 491.368614][T13702] ? kfree+0x4d/0x6c0 [ 491.368627][T13702] ? __pfx_n_tty_write+0x10/0x10 [ 491.368641][T13702] file_tty_write+0x50b/0x980 [ 491.368659][T13702] vfs_write+0x61e/0xbb0 [ 491.368678][T13702] ? __pfx_vfs_write+0x10/0x10 [ 491.368698][T13702] ? __fget_files+0x2a/0x420 [ 491.368715][T13702] ksys_write+0x156/0x270 [ 491.368730][T13702] ? __pfx_ksys_write+0x10/0x10 [ 491.368748][T13702] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.368760][T13702] do_syscall_64+0x174/0x580 [ 491.368773][T13702] ? trace_irq_disable+0x3b/0x140 [ 491.368787][T13702] ? clear_bhb_loop+0x40/0x90 [ 491.368801][T13702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.368818][T13702] RIP: 0033:0x7fdfe320ce59 [ 491.368830][T13702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.368840][T13702] RSP: 002b:00007fdfe145e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 491.368851][T13702] RAX: ffffffffffffffda RBX: 00007fdfe3485fa0 RCX: 00007fdfe320ce59 [ 491.368859][T13702] RDX: 0000000000001006 RSI: 00002000000015c0 RDI: 0000000000000004 [ 491.368866][T13702] RBP: 00007fdfe145e090 R08: 0000000000000000 R09: 0000000000000000 [ 491.368872][T13702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.368879][T13702] R13: 00007fdfe3486038 R14: 00007fdfe3485fa0 R15: 00007ffe06c2f438 [ 491.368897][T13702] [ 491.368905][T13702] Mem-Info: [ 491.368913][T13702] active_anon:9351 inactive_anon:0 isolated_anon:0 [ 491.368913][T13702] active_file:0 inactive_file:58010 isolated_file:0 [ 491.368913][T13702] unevictable:768 dirty:289 writeback:0 [ 491.368913][T13702] slab_reclaimable:12114 slab_unreclaimable:99142 [ 491.368913][T13702] mapped:26113 shmem:4161 pagetables:1359 [ 491.368913][T13702] sec_pagetables:0 bounce:0 [ 491.368913][T13702] kernel_misc_reclaimable:0 [ 491.368913][T13702] free:1318589 free_pcp:883 free_cma:0 [ 491.368941][T13702] Node 0 active_anon:37404kB inactive_anon:0kB active_file:0kB inactive_file:231804kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104452kB dirty:1152kB writeback:0kB shmem:15108kB kernel_stack:14568kB pagetables:5296kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 491.368967][T13702] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:236kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 491.368990][T13702] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 491.369023][T13702] lowmem_reserve[]: 0 2492 2493 2493 2493 [ 491.369040][T13702] Node 0 DMA32 free:1322284kB boost:0kB min:3912kB low:6436kB high:8960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37404kB inactive_anon:0kB active_file:0kB inactive_file:231804kB unevictable:1536kB writepending:1152kB zspages:0kB present:3129332kB managed:2552060kB mlocked:0kB bounce:0kB free_pcp:3524kB local_pcp:1060kB free_cma:0kB [ 491.369071][T13702] lowmem_reserve[]: 0 0 0 0 0 [ 491.369087][T13702] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:864kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 491.369115][T13702] lowmem_reserve[]: 0 0 0 0 0 [ 491.369131][T13702] Node 1 Normal free:3936712kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:236kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 491.369161][T13702] lowmem_reserve[]: 0 0 0 0 0 [ 491.369177][T13702] Node 0 DMA: [ 491.399061][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:202.141/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 491.407320][T13702] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 491.407427][T13702] Node 0 DMA32: 1096*4kB (UME) 616*8kB (UME) 406*16kB (UME) 563*32kB (UME) 499*64kB (UME) 252*128kB (UME) 99*256kB (UME) 35*512kB (UME) 15*1024kB (UME) 11*2048kB (UME) 279*4096kB (UM) = 1321952kB [ 491.407581][T13702] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 491.407677][T13702] Node 1 Normal: 4*4kB (UM) 9*8kB (UM) 9*16kB (UM) 11*32kB (UM) 10*64kB (UM) 8*128kB (UM) 5*256kB (UM) 4*512kB (UM) 1*1024kB (M) 1*2048kB (U) 959*4096kB (M) = 3936712kB [ 491.407827][T13702] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 491.407844][T13702] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 491.407860][T13702] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 491.407876][T13702] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 491.407892][T13702] 62167 total pagecache pages [ 491.407914][T13702] 0 pages in swap cache [ 491.407921][T13702] Free swap = 124996kB [ 491.407929][T13702] Total swap = 124996kB [ 491.407937][T13702] 2097051 pages RAM [ 491.407943][T13702] 0 pages HighMem/MovableOnly [ 491.407949][T13702] 427206 pages reserved [ 491.407955][T13702] 0 pages cma reserved [ 491.430481][T13704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2890'. [ 491.430668][T13704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2890'. [ 491.432377][ T5720] usb 1-1: USB disconnect, device number 107 [ 491.865484][ T38] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 492.035139][ T38] usb 5-1: Using ep0 maxpacket: 16 [ 492.037717][ T38] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.037741][ T38] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 492.043190][ T38] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 492.043219][ T38] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.043239][ T38] usb 5-1: Product: syz [ 492.043253][ T38] usb 5-1: Manufacturer: syz [ 492.043266][ T38] usb 5-1: SerialNumber: syz [ 492.079908][ T38] usb 5-1: 0:2 : does not exist [ 492.923185][ T37] kauditd_printk_skb: 685 callbacks suppressed [ 492.923203][ T37] audit: type=1326 audit(1782774376.525:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13722 comm="syz.0.2898" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84fb75ce59 code=0x0 [ 493.045011][T13726] No source specified [ 493.352204][ T5617] usb 4-1: new full-speed USB device number 78 using dummy_hcd [ 493.378084][ T38] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 493.471416][T13737] befs: (loop2): No write support. Marking filesystem read-only [ 493.480822][T13737] befs: (loop2): unable to read superblock [ 493.488418][ T38] usb 5-1: USB disconnect, device number 89 [ 493.514968][ T5617] usb 4-1: not running at top speed; connect to a high speed hub [ 493.525157][ T5617] usb 4-1: config 0 has an invalid interface number: 44 but max is 0 [ 493.525181][ T5617] usb 4-1: config 0 has no interface number 0 [ 493.525210][ T5617] usb 4-1: config 0 interface 44 has no altsetting 0 [ 493.560863][ T5617] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04 [ 493.560895][ T5617] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.560914][ T5617] usb 4-1: Product: syz [ 493.560928][ T5617] usb 4-1: Manufacturer: syz [ 493.560942][ T5617] usb 4-1: SerialNumber: syz [ 493.608430][ T5617] usb 4-1: config 0 descriptor?? [ 493.731934][ T11] usb 3-1: new full-speed USB device number 60 using dummy_hcd [ 493.741622][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 493.847232][ T5617] go7007 4-1:0.44: probe with driver go7007 failed with error -12 [ 493.860761][ T5617] usb 4-1: USB disconnect, device number 78 [ 493.916035][ T11] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 493.916063][ T11] usb 3-1: config 0 has no interface number 0 [ 493.919214][ T11] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 493.919242][ T11] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.919262][ T11] usb 3-1: Product: syz [ 493.919277][ T11] usb 3-1: Manufacturer: syz [ 493.919291][ T11] usb 3-1: SerialNumber: syz [ 493.987979][ T11] usb 3-1: config 0 descriptor?? [ 494.431856][ T5788] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 494.582249][ T5788] usb 5-1: Using ep0 maxpacket: 16 [ 494.589160][ T5788] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 494.589187][ T5788] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 494.595123][ T5788] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 494.595363][ T5788] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.595384][ T5788] usb 5-1: Product: syz [ 494.595398][ T5788] usb 5-1: Manufacturer: syz [ 494.595413][ T5788] usb 5-1: SerialNumber: syz [ 494.598836][ T11] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 494.599894][ T11] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -61 [ 494.600202][ T11] asix 3-1:0.251: probe with driver asix failed with error -61 [ 494.641030][ T5788] usb 5-1: 0:2 : does not exist [ 494.803194][ T38] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 494.850186][ T11] usb 3-1: USB disconnect, device number 60 [ 494.853400][ T5788] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 494.911478][ T5788] usb 5-1: USB disconnect, device number 90 [ 494.950770][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 494.968168][ T38] usb 1-1: Using ep0 maxpacket: 16 [ 494.971271][ T38] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 494.971298][ T38] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 494.998636][ T38] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 494.998664][ T38] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.998684][ T38] usb 1-1: Product: syz [ 494.998698][ T38] usb 1-1: Manufacturer: syz [ 494.998713][ T38] usb 1-1: SerialNumber: syz [ 495.046585][ T38] usb 1-1: 0:2 : does not exist [ 495.603714][T13768] FAULT_INJECTION: forcing a failure. [ 495.603714][T13768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 495.603750][T13768] CPU: 0 UID: 0 PID: 13768 Comm: syz.4.2914 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 495.603778][T13768] Tainted: [L]=SOFTLOCKUP [ 495.603786][T13768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 495.603798][T13768] Call Trace: [ 495.603806][T13768] [ 495.603815][T13768] dump_stack_lvl+0xe8/0x150 [ 495.603844][T13768] should_fail_ex+0x467/0x600 [ 495.603879][T13768] _copy_from_user+0x2d/0xb0 [ 495.603903][T13768] autofs_dev_ioctl+0x172/0xab0 [ 495.603932][T13768] ? __fget_files+0x2a/0x420 [ 495.603956][T13768] ? __pfx_autofs_dev_ioctl+0x10/0x10 [ 495.603979][T13768] ? __fget_files+0x2a/0x420 [ 495.604001][T13768] ? __fget_files+0x2a/0x420 [ 495.604025][T13768] ? bpf_lsm_file_ioctl+0x9/0x20 [ 495.604048][T13768] ? __pfx_autofs_dev_ioctl+0x10/0x10 [ 495.604074][T13768] __se_sys_ioctl+0xff/0x170 [ 495.604101][T13768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.604124][T13768] do_syscall_64+0x174/0x580 [ 495.604149][T13768] ? trace_irq_disable+0x3b/0x140 [ 495.604175][T13768] ? clear_bhb_loop+0x40/0x90 [ 495.604200][T13768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.604220][T13768] RIP: 0033:0x7fd7e183ce59 [ 495.604238][T13768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 495.604256][T13768] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 495.604278][T13768] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 495.604293][T13768] RDX: 00002000000019c0 RSI: 00000000c018937e RDI: 0000000000000006 [ 495.604306][T13768] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 495.604319][T13768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 495.604331][T13768] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 495.604363][T13768] [ 496.077819][T13777] sctp: [Deprecated]: syz.4.2916 (pid 13777) Use of int in max_burst socket option deprecated. [ 496.077819][T13777] Use struct sctp_assoc_value instead [ 496.268192][ T38] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 496.384033][ T38] usb 1-1: USB disconnect, device number 108 [ 496.474520][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 496.533990][ T5788] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 496.636530][T13797] FAULT_INJECTION: forcing a failure. [ 496.636530][T13797] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.636554][T13797] CPU: 0 UID: 0 PID: 13797 Comm: syz.4.2925 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 496.636569][T13797] Tainted: [L]=SOFTLOCKUP [ 496.636573][T13797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 496.636580][T13797] Call Trace: [ 496.636584][T13797] [ 496.636589][T13797] dump_stack_lvl+0xe8/0x150 [ 496.636606][T13797] should_fail_ex+0x467/0x600 [ 496.636627][T13797] _copy_to_user+0x31/0xb0 [ 496.636641][T13797] simple_read_from_buffer+0xe1/0x170 [ 496.636656][T13797] proc_fail_nth_read+0x1be/0x230 [ 496.636670][T13797] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 496.636683][T13797] ? rw_verify_area+0x250/0x4d0 [ 496.636698][T13797] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 496.636716][T13797] vfs_read+0x219/0xa90 [ 496.636733][T13797] ? __pfx_vfs_read+0x10/0x10 [ 496.636747][T13797] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 496.636764][T13797] ? lockdep_hardirqs_on+0x7a/0x110 [ 496.636778][T13797] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 496.636791][T13797] ? mutex_lock_nested+0x152/0x1d0 [ 496.636806][T13797] ? fdget_pos+0x252/0x320 [ 496.636822][T13797] ksys_read+0x156/0x270 [ 496.636836][T13797] ? __pfx_ksys_read+0x10/0x10 [ 496.636853][T13797] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.636865][T13797] do_syscall_64+0x174/0x580 [ 496.636877][T13797] ? trace_irq_disable+0x3b/0x140 [ 496.636891][T13797] ? clear_bhb_loop+0x40/0x90 [ 496.636903][T13797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.636913][T13797] RIP: 0033:0x7fd7e17fd68e [ 496.636924][T13797] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 496.636934][T13797] RSP: 002b:00007fd7dfa95fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 496.636946][T13797] RAX: ffffffffffffffda RBX: 00007fd7dfa966c0 RCX: 00007fd7e17fd68e [ 496.636957][T13797] RDX: 000000000000000f RSI: 00007fd7dfa960a0 RDI: 0000000000000004 [ 496.636963][T13797] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 496.636970][T13797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.636976][T13797] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 496.636992][T13797] [ 496.681801][ T5788] usb 3-1: Using ep0 maxpacket: 16 [ 496.744113][ T5788] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.744140][ T5788] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 496.750550][ T5788] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 496.750578][ T5788] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.750597][ T5788] usb 3-1: Product: syz [ 496.750612][ T5788] usb 3-1: Manufacturer: syz [ 496.750626][ T5788] usb 3-1: SerialNumber: syz [ 496.800589][ T5788] usb 3-1: 0:2 : does not exist [ 496.986601][ T5788] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 497.128451][ T5788] usb 3-1: USB disconnect, device number 61 [ 497.349840][T13808] openvswitch: netlink: Actions may not be safe on all matching packets [ 497.412126][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 497.484970][T13814] FAULT_INJECTION: forcing a failure. [ 497.484970][T13814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.485006][T13814] CPU: 1 UID: 0 PID: 13814 Comm: syz.3.2932 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 497.485034][T13814] Tainted: [L]=SOFTLOCKUP [ 497.485044][T13814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 497.485056][T13814] Call Trace: [ 497.485065][T13814] [ 497.485073][T13814] dump_stack_lvl+0xe8/0x150 [ 497.485101][T13814] should_fail_ex+0x467/0x600 [ 497.485136][T13814] _copy_from_user+0x2d/0xb0 [ 497.485162][T13814] video_usercopy+0x359/0x1430 [ 497.485185][T13814] ? hook_file_ioctl+0x1f3/0x600 [ 497.485214][T13814] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 497.485240][T13814] ? __pfx_video_usercopy+0x10/0x10 [ 497.485269][T13814] ? __fget_files+0x2a/0x420 [ 497.485293][T13814] ? __fget_files+0x2a/0x420 [ 497.485314][T13814] ? __fget_files+0x3a8/0x420 [ 497.485338][T13814] v4l2_ioctl+0x190/0x1e0 [ 497.485369][T13814] ? __pfx_v4l2_ioctl+0x10/0x10 [ 497.485398][T13814] __se_sys_ioctl+0xff/0x170 [ 497.485425][T13814] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.485447][T13814] do_syscall_64+0x174/0x580 [ 497.485472][T13814] ? trace_irq_disable+0x3b/0x140 [ 497.485498][T13814] ? clear_bhb_loop+0x40/0x90 [ 497.485522][T13814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.485542][T13814] RIP: 0033:0x7f121744ce59 [ 497.485561][T13814] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 497.485579][T13814] RSP: 002b:00007f121569e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 497.485601][T13814] RAX: ffffffffffffffda RBX: 00007f12176c5fa0 RCX: 00007f121744ce59 [ 497.485615][T13814] RDX: 00002000000088c0 RSI: 00000000c0305602 RDI: 0000000000000003 [ 497.485629][T13814] RBP: 00007f121569e090 R08: 0000000000000000 R09: 0000000000000000 [ 497.485642][T13814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.485655][T13814] R13: 00007f12176c6038 R14: 00007f12176c5fa0 R15: 00007ffdf8e6f7e8 [ 497.485685][T13814] [ 498.091914][ T5720] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 498.111886][ T5788] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 498.241927][ T5788] usb 1-1: device descriptor read/64, error -71 [ 498.243419][ T5720] usb 3-1: Using ep0 maxpacket: 16 [ 498.245687][ T5720] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 498.245712][ T5720] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 498.247999][ T5720] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 498.248025][ T5720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.248044][ T5720] usb 3-1: Product: syz [ 498.248058][ T5720] usb 3-1: Manufacturer: syz [ 498.248072][ T5720] usb 3-1: SerialNumber: syz [ 498.294577][T13828] fuse: fd is not a fuse device [ 498.327711][ T5720] usb 3-1: 0:2 : does not exist [ 498.534019][ T5788] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 498.595819][T13830] FAULT_INJECTION: forcing a failure. [ 498.595819][T13830] name failslab, interval 1, probability 0, space 0, times 0 [ 498.595859][T13830] CPU: 1 UID: 0 PID: 13830 Comm: syz.4.2940 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 498.595887][T13830] Tainted: [L]=SOFTLOCKUP [ 498.595894][T13830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 498.595906][T13830] Call Trace: [ 498.595917][T13830] [ 498.595927][T13830] dump_stack_lvl+0xe8/0x150 [ 498.595956][T13830] should_fail_ex+0x467/0x600 [ 498.595991][T13830] should_failslab+0xa8/0x100 [ 498.596017][T13830] __kmalloc_cache_noprof+0xa1/0x670 [ 498.596041][T13830] ? do_remap_pfn_range+0x1000/0x1200 [ 498.596068][T13830] ? do_remap_pfn_range+0x1000/0x1200 [ 498.596102][T13830] do_remap_pfn_range+0x1000/0x1200 [ 498.596153][T13830] ? __pfx___schedule+0x10/0x10 [ 498.596176][T13830] ? __pfx_do_remap_pfn_range+0x10/0x10 [ 498.596203][T13830] ? lockdep_hardirqs_on+0x7a/0x110 [ 498.596235][T13830] ? irqentry_exit+0x218/0x8f0 [ 498.596258][T13830] ? lockdep_hardirqs_on+0x7a/0x110 [ 498.596282][T13830] ? irqentry_exit+0x218/0x8f0 [ 498.596304][T13830] ? trace_irq_disable+0x3b/0x140 [ 498.596333][T13830] ? remap_pfn_range+0xfa/0x1a0 [ 498.596365][T13830] system_heap_mmap+0x373/0x6b0 [ 498.596396][T13830] mmap_region+0x1a39/0x2310 [ 498.596438][T13830] ? __pfx_mmap_region+0x10/0x10 [ 498.596464][T13830] ? __lock_acquire+0x683/0x2ce0 [ 498.596494][T13830] ? __lock_acquire+0x683/0x2ce0 [ 498.596572][T13830] ? __lock_acquire+0x683/0x2ce0 [ 498.596635][T13830] ? cap_mmap_addr+0xaf/0x100 [ 498.596658][T13830] ? bpf_lsm_mmap_addr+0x9/0x50 [ 498.596679][T13830] ? security_mmap_addr+0x71/0x240 [ 498.596702][T13830] ? shmem_mapping+0xd/0x50 [ 498.596728][T13830] ? memfd_check_seals_mmap+0xcb/0x210 [ 498.596749][T13830] do_mmap+0xc1e/0x10b0 [ 498.596775][T13830] ? __pfx_do_mmap+0x10/0x10 [ 498.596792][T13830] ? rwbase_write_lock+0x550/0x720 [ 498.596830][T13830] vm_mmap_pgoff+0x275/0x4e0 [ 498.596866][T13830] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 498.596899][T13830] ? __fget_files+0x2a/0x420 [ 498.596919][T13830] ? __fget_files+0x3a8/0x420 [ 498.596937][T13830] ? __fget_files+0x2a/0x420 [ 498.596961][T13830] ksys_mmap_pgoff+0x4a6/0x720 [ 498.596980][T13830] ? __secure_computing+0xe7/0x2b0 [ 498.597004][T13830] ? __x64_sys_mmap+0x7f/0x140 [ 498.597028][T13830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.597051][T13830] do_syscall_64+0x174/0x580 [ 498.597074][T13830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.597095][T13830] ? clear_bhb_loop+0x40/0x90 [ 498.597119][T13830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.597138][T13830] RIP: 0033:0x7fd7e183ce59 [ 498.597156][T13830] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 498.597170][T13830] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 498.597191][T13830] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 498.597205][T13830] RDX: 000000000200000b RSI: 0000000000001000 RDI: 00000000fffff000 [ 498.597215][T13830] RBP: 00007fd7dfa96090 R08: 0000000000000004 R09: 0000000000004000 [ 498.597225][T13830] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 498.597235][T13830] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 498.597262][T13830] [ 498.682910][ T5788] usb 1-1: device descriptor read/64, error -71 [ 498.792110][ T5788] usb usb1-port1: attempt power cycle [ 499.115183][T13836] FAULT_INJECTION: forcing a failure. [ 499.115183][T13836] name failslab, interval 1, probability 0, space 0, times 0 [ 499.115223][T13836] CPU: 1 UID: 0 PID: 13836 Comm: syz.4.2942 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 499.115254][T13836] Tainted: [L]=SOFTLOCKUP [ 499.115261][T13836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 499.115274][T13836] Call Trace: [ 499.115282][T13836] [ 499.115291][T13836] dump_stack_lvl+0xe8/0x150 [ 499.115320][T13836] should_fail_ex+0x467/0x600 [ 499.115351][T13836] ? __d_alloc+0x37/0x6f0 [ 499.115376][T13836] should_failslab+0xa8/0x100 [ 499.115401][T13836] kmem_cache_alloc_lru_noprof+0xa2/0x670 [ 499.115422][T13836] ? save_trace+0x2c4/0x390 [ 499.115450][T13836] ? __d_alloc+0x37/0x6f0 [ 499.115478][T13836] __d_alloc+0x37/0x6f0 [ 499.115505][T13836] d_alloc_parallel+0xde/0x16c0 [ 499.115529][T13836] ? irqentry_exit+0x218/0x8f0 [ 499.115556][T13836] ? irqentry_exit+0x218/0x8f0 [ 499.115577][T13836] ? trace_irq_disable+0x3b/0x140 [ 499.115611][T13836] ? lookup_slow+0x46/0x70 [ 499.115635][T13836] ? __pfx_d_alloc_parallel+0x10/0x10 [ 499.115660][T13836] ? lock_acquire+0x221/0x350 [ 499.115690][T13836] ? down_read+0x156/0x200 [ 499.115715][T13836] ? __pfx_down_read+0x10/0x10 [ 499.115742][T13836] __lookup_slow+0x82/0x2f0 [ 499.115768][T13836] lookup_slow+0x53/0x70 [ 499.115790][T13836] path_lookupat+0x3f5/0x8c0 [ 499.115827][T13836] filename_lookup+0x265/0x5d0 [ 499.115852][T13836] ? __pfx_filename_lookup+0x10/0x10 [ 499.115898][T13836] ? strncpy_from_user+0x150/0x2c0 [ 499.115928][T13836] ? do_getname+0x151/0x250 [ 499.115949][T13836] user_path_at+0x40/0x160 [ 499.115975][T13836] __se_sys_mount+0x2dc/0x420 [ 499.116002][T13836] ? __pfx___se_sys_mount+0x10/0x10 [ 499.116036][T13836] ? __x64_sys_mount+0x20/0xc0 [ 499.116056][T13836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.116077][T13836] do_syscall_64+0x174/0x580 [ 499.116100][T13836] ? trace_irq_disable+0x3b/0x140 [ 499.116124][T13836] ? clear_bhb_loop+0x40/0x90 [ 499.116148][T13836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.116167][T13836] RIP: 0033:0x7fd7e183ce59 [ 499.116186][T13836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 499.116203][T13836] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 499.116224][T13836] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 499.116239][T13836] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000 [ 499.116251][T13836] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 499.116264][T13836] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 499.116277][T13836] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 499.116308][T13836] [ 499.181891][ T5788] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 499.203809][ T5788] usb 1-1: device descriptor read/8, error -71 [ 499.443979][ T5788] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 499.478018][ T5788] usb 1-1: device descriptor read/8, error -71 [ 499.547501][ T5720] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 499.585160][ T5788] usb usb1-port1: unable to enumerate USB device [ 499.604283][ T5720] usb 3-1: USB disconnect, device number 62 [ 499.693839][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 499.911922][ T5340] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 500.079361][ T5340] usb 4-1: unable to get BOS descriptor or descriptor too short [ 500.080905][ T5340] usb 4-1: config 129 has an invalid interface number: 49 but max is 0 [ 500.080932][ T5340] usb 4-1: config 129 has no interface number 0 [ 500.080964][ T5340] usb 4-1: config 129 interface 49 has no altsetting 0 [ 500.114113][ T5340] usb 4-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=8b.ac [ 500.114142][ T5340] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.114154][ T5340] usb 4-1: Product: syz [ 500.114161][ T5340] usb 4-1: Manufacturer: syz [ 500.114169][ T5340] usb 4-1: SerialNumber: syz [ 500.175805][T13845] No control pipe specified [ 500.242649][T13848] netlink: 'syz.2.2946': attribute type 11 has an invalid length. [ 500.313551][T13851] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 4, id = 0 [ 500.383707][ T5340] usb 4-1: USB disconnect, device number 79 [ 500.441472][T13853] netlink: 'syz.2.2948': attribute type 11 has an invalid length. [ 500.963264][ T5720] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 501.111845][ T5720] usb 3-1: Using ep0 maxpacket: 16 [ 501.115248][ T5720] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 501.115274][ T5720] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 501.133921][ T5720] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 501.133950][ T5720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.133970][ T5720] usb 3-1: Product: syz [ 501.133984][ T5720] usb 3-1: Manufacturer: syz [ 501.133998][ T5720] usb 3-1: SerialNumber: syz [ 501.240010][ T5720] usb 3-1: 0:2 : does not exist [ 501.459308][T13895] FAULT_INJECTION: forcing a failure. [ 501.459308][T13895] name failslab, interval 1, probability 0, space 0, times 0 [ 501.459343][T13895] CPU: 0 UID: 0 PID: 13895 Comm: syz.4.2963 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 501.459370][T13895] Tainted: [L]=SOFTLOCKUP [ 501.459376][T13895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 501.459388][T13895] Call Trace: [ 501.459396][T13895] [ 501.459405][T13895] dump_stack_lvl+0xe8/0x150 [ 501.459428][T13895] should_fail_ex+0x467/0x600 [ 501.459462][T13895] should_failslab+0xa8/0x100 [ 501.459487][T13895] kmem_cache_alloc_node_noprof+0xac/0x660 [ 501.459510][T13895] ? __alloc_skb+0x1d7/0x7a0 [ 501.459532][T13895] ? __alloc_skb+0x1d7/0x7a0 [ 501.459560][T13895] __alloc_skb+0x1d7/0x7a0 [ 501.459586][T13895] alloc_skb_with_frags+0xc6/0x760 [ 501.459610][T13895] ? __lock_acquire+0x683/0x2ce0 [ 501.459648][T13895] sock_alloc_send_pskb+0x884/0x9a0 [ 501.459691][T13895] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 501.459719][T13895] ? __lock_acquire+0x683/0x2ce0 [ 501.459746][T13895] ? ip6_dst_lookup_tail+0x11c4/0x1610 [ 501.459774][T13895] rawv6_send_hdrinc+0x268/0x1950 [ 501.459809][T13895] ? ip6_dst_hoplimit+0x65/0x3e0 [ 501.459835][T13895] ? __pfx_rawv6_send_hdrinc+0x10/0x10 [ 501.459866][T13895] ? ip6_dst_hoplimit+0x65/0x3e0 [ 501.459890][T13895] ? ip6_dst_hoplimit+0x65/0x3e0 [ 501.459925][T13895] rawv6_sendmsg+0x12fb/0x18c0 [ 501.459962][T13895] ? aa_file_perm+0x18b/0x1600 [ 501.459992][T13895] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 501.460048][T13895] ? sock_rps_record_flow+0x19/0x350 [ 501.460073][T13895] ? inet_sendmsg+0x298/0x320 [ 501.460096][T13895] ? __pfx_inet_sendmsg+0x10/0x10 [ 501.460117][T13895] sock_sendmsg_nosec+0x10e/0x180 [ 501.460139][T13895] sock_write_iter+0x2e4/0x3f0 [ 501.460170][T13895] ? __pfx_sock_write_iter+0x10/0x10 [ 501.460206][T13895] ? bpf_lsm_file_permission+0x9/0x20 [ 501.460229][T13895] ? security_file_permission+0x75/0x260 [ 501.460259][T13895] vfs_write+0x61e/0xbb0 [ 501.460292][T13895] ? __pfx_vfs_write+0x10/0x10 [ 501.460325][T13895] ? __fget_files+0x2a/0x420 [ 501.460355][T13895] ksys_write+0x156/0x270 [ 501.460382][T13895] ? __pfx_ksys_write+0x10/0x10 [ 501.460414][T13895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.460436][T13895] do_syscall_64+0x174/0x580 [ 501.460459][T13895] ? trace_irq_disable+0x3b/0x140 [ 501.460482][T13895] ? clear_bhb_loop+0x40/0x90 [ 501.460503][T13895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.460521][T13895] RIP: 0033:0x7fd7e183ce59 [ 501.460538][T13895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.460554][T13895] RSP: 002b:00007fd7dfa96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.460574][T13895] RAX: ffffffffffffffda RBX: 00007fd7e1ab5fa0 RCX: 00007fd7e183ce59 [ 501.460587][T13895] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 0000000000000003 [ 501.460600][T13895] RBP: 00007fd7dfa96090 R08: 0000000000000000 R09: 0000000000000000 [ 501.460612][T13895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 501.460624][T13895] R13: 00007fd7e1ab6038 R14: 00007fd7e1ab5fa0 R15: 00007fff47833698 [ 501.460650][T13895] [ 501.534615][ T1341] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.861842][ T5618] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 502.011818][ T5618] usb 1-1: Using ep0 maxpacket: 32 [ 502.014794][ T5618] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 502.014811][ T5618] usb 1-1: config 0 has no interface number 0 [ 502.014838][ T5618] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 502.014851][ T5618] usb 1-1: config 0 interface 89 has no altsetting 0 [ 502.019037][ T5618] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 502.019063][ T5618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.019074][ T5618] usb 1-1: Product: syz [ 502.019118][ T5618] usb 1-1: Manufacturer: syz [ 502.019126][ T5618] usb 1-1: SerialNumber: syz [ 502.049626][ T5618] usb 1-1: config 0 descriptor?? [ 502.111477][ T5618] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 502.111815][ T5618] em28xx 1-1:0.89: Video interface 89 found: [ 502.225556][ T5340] usb 5-1: new full-speed USB device number 91 using dummy_hcd [ 502.385438][ T5340] usb 5-1: unable to get BOS descriptor or descriptor too short [ 502.386011][ T5340] usb 5-1: not running at top speed; connect to a high speed hub [ 502.387111][ T5340] usb 5-1: config 17 has an invalid interface number: 8 but max is 1 [ 502.387135][ T5340] usb 5-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 502.387147][ T5340] usb 5-1: config 17 has no interface number 0 [ 502.387232][ T5340] usb 5-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid maxpacket 64768, setting to 64 [ 502.387247][ T5340] usb 5-1: config 17 interface 8 has no altsetting 0 [ 502.418178][ T5720] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 502.422607][ T5340] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 502.422635][ T5340] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.422655][ T5340] usb 5-1: Product: syz [ 502.422669][ T5340] usb 5-1: Manufacturer: syz [ 502.422731][ T5340] usb 5-1: SerialNumber: syz [ 502.593552][ T5720] usb 3-1: USB disconnect, device number 63 [ 502.682379][T13903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2964'. [ 502.729635][ T5618] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 502.810183][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 503.103266][T13915] binder: BINDER_SET_CONTEXT_MGR already set [ 503.103280][T13915] binder: 13914:13915 ioctl 4018620d 200000004a80 returned -16 [ 503.601891][ T11] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 503.637165][ T5618] em28xx 1-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64) [ 503.651085][ T5618] em28xx 1-1:0.89: board has no eeprom [ 503.781777][ T11] usb 3-1: Using ep0 maxpacket: 16 [ 503.789469][ T11] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 503.789494][ T11] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 503.811593][ T11] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 503.811624][ T11] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.812233][ T11] usb 3-1: Product: syz [ 503.812251][ T11] usb 3-1: Manufacturer: syz [ 503.812266][ T11] usb 3-1: SerialNumber: syz [ 503.887118][ T11] usb 3-1: 0:2 : does not exist [ 504.082444][ T11] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 504.216775][T13899] pim6reg: entered allmulticast mode [ 504.230923][ T11] usb 3-1: USB disconnect, device number 64 [ 504.373877][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 504.811854][ T5618] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 504.812018][ T5618] em28xx 1-1:0.89: analog set to bulk mode. [ 504.900730][ T38] em28xx 1-1:0.89: Registering V4L2 extension [ 504.973295][ T11] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 505.134112][ T5340] usb 5-1: selecting invalid altsetting 0 [ 505.149457][ T11] usb 4-1: Using ep0 maxpacket: 16 [ 505.157077][ T11] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.157101][ T11] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 505.230729][ T11] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 505.230760][ T11] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.230780][ T11] usb 4-1: Product: syz [ 505.230794][ T11] usb 4-1: Manufacturer: syz [ 505.230809][ T11] usb 4-1: SerialNumber: syz [ 505.291759][ T5618] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 505.347486][ T38] em28xx 1-1:0.89: reading from i2c device at 0x4a failed (error=-5) [ 505.355087][ T38] em28xx 1-1:0.89: reading from i2c device at 0x48 failed (error=-5) [ 505.369486][ T38] em28xx 1-1:0.89: reading from i2c device at 0x42 failed (error=-5) [ 505.371309][ T38] em28xx 1-1:0.89: reading from i2c device at 0x40 failed (error=-5) [ 505.415348][ T11] usb 4-1: 0:2 : does not exist [ 505.436021][ T5340] usb 5-1: USB disconnect, device number 91 [ 505.442996][ T5618] usb 3-1: Using ep0 maxpacket: 32 [ 505.445831][ T5618] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.445862][ T5618] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.445899][ T5618] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 505.445928][ T5618] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.485960][ T5618] usb 3-1: config 0 descriptor?? [ 505.510868][ T5618] hub 3-1:0.0: USB hub found [ 505.531401][ T11] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 505.541447][ T38] em28xx 1-1:0.89: Config register raw data: 0xfffffffb [ 505.545207][ T5720] usb 1-1: USB disconnect, device number 113 [ 505.577806][ T38] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 505.577827][ T38] em28xx 1-1:0.89: No AC97 audio processor [ 505.609748][ T5720] em28xx 1-1:0.89: Disconnecting em28xx [ 505.684888][ T11] usb 4-1: USB disconnect, device number 80 [ 505.697934][ T5618] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 506.004988][ T6232] udevd[6232]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 506.139681][ T5618] hid_parser_main: 7 callbacks suppressed [ 506.139703][ T5618] hid-generic 0003:046D:C31C.0027: unknown main item tag 0x0 [ 506.205564][ T6224] udevd[6224]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 506.361075][ T5340] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 506.437196][ T38] usb 1-1: Decoder not found [ 506.437218][ T38] em28xx 1-1:0.89: failed to create media graph [ 506.437333][ T38] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 506.491810][ T5340] usb 5-1: device descriptor read/64, error -71 [ 506.546308][ T5618] hid-generic 0003:046D:C31C.0027: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.2-1/input0 [ 506.573523][T13954] ================================================================== [ 506.573607][T13954] BUG: KASAN: use-after-free in v4l2_open+0x39a/0x3a0 [ 506.573648][T13954] Read of size 4 at addr ffff88805ef309d0 by task v4l_id/13954 [ 506.573664][T13954] [ 506.573714][T13954] CPU: 1 UID: 0 PID: 13954 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 506.573741][T13954] Tainted: [L]=SOFTLOCKUP [ 506.573748][T13954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 506.573760][T13954] Call Trace: [ 506.573768][T13954] [ 506.573777][T13954] dump_stack_lvl+0xe8/0x150 [ 506.573801][T13954] print_address_description+0x55/0x1e0 [ 506.573827][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.573852][T13954] print_report+0x58/0x70 [ 506.573875][T13954] kasan_report+0x117/0x150 [ 506.573900][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.573929][T13954] v4l2_open+0x39a/0x3a0 [ 506.573958][T13954] chrdev_open+0x4dc/0x600 [ 506.573986][T13954] ? __pfx_chrdev_open+0x10/0x10 [ 506.574012][T13954] ? fsnotify_open_perm_and_set_mode+0x13b/0x6c0 [ 506.574040][T13954] ? __pfx_chrdev_open+0x10/0x10 [ 506.574067][T13954] do_dentry_open+0x849/0x1420 [ 506.574090][T13954] vfs_open+0x3b/0x350 [ 506.574105][T13954] ? path_openat+0x2e49/0x3850 [ 506.574130][T13954] path_openat+0x2e60/0x3850 [ 506.574157][T13954] ? kmem_cache_alloc_noprof+0x358/0x680 [ 506.574178][T13954] ? __x64_sys_openat+0x138/0x170 [ 506.574197][T13954] ? do_syscall_64+0x174/0x580 [ 506.574221][T13954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.574250][T13954] do_file_open+0x23e/0x4a0 [ 506.574272][T13954] ? lockdep_hardirqs_on+0x7a/0x110 [ 506.574294][T13954] ? __pfx_do_file_open+0x10/0x10 [ 506.574326][T13954] ? alloc_fd+0x654/0x6d0 [ 506.574349][T13954] do_sys_openat2+0x115/0x200 [ 506.574367][T13954] ? __pfx_do_sys_openat2+0x10/0x10 [ 506.574384][T13954] ? exc_page_fault+0x6a/0xc0 [ 506.574405][T13954] ? do_user_addr_fault+0xc4a/0x1340 [ 506.574426][T13954] __x64_sys_openat+0x138/0x170 [ 506.574445][T13954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.574462][T13954] do_syscall_64+0x174/0x580 [ 506.574483][T13954] ? trace_irq_disable+0x3b/0x140 [ 506.574513][T13954] ? clear_bhb_loop+0x40/0x90 [ 506.574533][T13954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.574551][T13954] RIP: 0033:0x7fcd3b908407 [ 506.574569][T13954] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 506.574586][T13954] RSP: 002b:00007ffe8cfbe7f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 506.574606][T13954] RAX: ffffffffffffffda RBX: 00007fcd3b81a880 RCX: 00007fcd3b908407 [ 506.574621][T13954] RDX: 0000000000000000 RSI: 00007ffe8cfbff1c RDI: ffffffffffffff9c [ 506.574635][T13954] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 506.574646][T13954] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 506.574659][T13954] R13: 00007ffe8cfbea40 R14: 00007fcd3c09e000 R15: 000055ad8a9674d8 [ 506.574681][T13954] [ 506.574688][T13954] [ 506.574694][T13954] The buggy address belongs to the physical page: [ 506.574748][T13954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805ef31000 pfn:0x5ef30 [ 506.574771][T13954] flags: 0x80000000000000(node=0|zone=1) [ 506.574792][T13954] raw: 0080000000000000 ffffea0000fff208 ffff8880b8742fc0 0000000000000000 [ 506.574807][T13954] raw: ffff88805ef31000 0000000000000000 00000000ffffffff 0000000000000000 [ 506.574817][T13954] page dumped because: kasan: bad access detected [ 506.574832][T13954] page_owner tracks the page as freed [ 506.574839][T13954] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 38, tgid 38 (kworker/1:1), ts 505009126424 [ 506.574866][T13954] post_alloc_hook+0x1f9/0x250 [ 506.574883][T13954] get_page_from_freelist+0x264c/0x26c0 [ 506.574905][T13954] __alloc_frozen_pages_noprof+0x1a6/0x390 [ 506.574924][T13954] alloc_pages_mpol+0xce/0x280 [ 506.574943][T13954] ___kmalloc_large_node+0x4c/0x120 [ 506.574959][T13954] __kmalloc_large_noprof+0x1a/0x90 [ 506.574974][T13954] em28xx_v4l2_init+0xda/0x3270 [ 506.574991][T13954] em28xx_init_extension+0x120/0x1d0 [ 506.575016][T13954] process_one_work+0x93a/0x12b0 [ 506.575039][T13954] worker_thread+0xb05/0x10d0 [ 506.575063][T13954] kthread+0x388/0x470 [ 506.575081][T13954] ret_from_fork+0x514/0xb70 [ 506.575102][T13954] ret_from_fork_asm+0x1a/0x30 [ 506.575122][T13954] page last free pid 38 tgid 38 ts 506564788029 stack trace: [ 506.575136][T13954] __free_frozen_pages+0x10de/0x11c0 [ 506.575154][T13954] em28xx_v4l2_init+0x1884/0x3270 [ 506.575171][T13954] em28xx_init_extension+0x120/0x1d0 [ 506.575196][T13954] process_one_work+0x93a/0x12b0 [ 506.575221][T13954] worker_thread+0xb05/0x10d0 [ 506.575246][T13954] kthread+0x388/0x470 [ 506.575265][T13954] ret_from_fork+0x514/0xb70 [ 506.575283][T13954] ret_from_fork_asm+0x1a/0x30 [ 506.575304][T13954] [ 506.575309][T13954] Memory state around the buggy address: [ 506.575320][T13954] ffff88805ef30880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 506.575334][T13954] ffff88805ef30900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 506.575347][T13954] >ffff88805ef30980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 506.575357][T13954] ^ [ 506.575368][T13954] ffff88805ef30a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 506.575381][T13954] ffff88805ef30a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 506.575391][T13954] ================================================================== [ 506.578238][T13954] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 506.578259][T13954] CPU: 1 UID: 0 PID: 13954 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 506.578286][T13954] Tainted: [L]=SOFTLOCKUP [ 506.578296][T13954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 506.578306][T13954] Call Trace: [ 506.578313][T13954] [ 506.578321][T13954] vpanic+0x56c/0xa60 [ 506.578351][T13954] ? __pfx_vpanic+0x10/0x10 [ 506.578382][T13954] panic+0xc5/0xd0 [ 506.578405][T13954] ? __pfx_panic+0x10/0x10 [ 506.578431][T13954] ? preempt_schedule_thunk+0x16/0x40 [ 506.578458][T13954] ? preempt_schedule_thunk+0x16/0x40 [ 506.578484][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.578519][T13954] check_panic_on_warn+0x89/0xb0 [ 506.578542][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.578567][T13954] end_report+0x73/0x170 [ 506.578588][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.578612][T13954] kasan_report+0x128/0x150 [ 506.578635][T13954] ? v4l2_open+0x39a/0x3a0 [ 506.578663][T13954] v4l2_open+0x39a/0x3a0 [ 506.578692][T13954] chrdev_open+0x4dc/0x600 [ 506.578718][T13954] ? __pfx_chrdev_open+0x10/0x10 [ 506.578745][T13954] ? fsnotify_open_perm_and_set_mode+0x13b/0x6c0 [ 506.578771][T13954] ? __pfx_chrdev_open+0x10/0x10 [ 506.578796][T13954] do_dentry_open+0x849/0x1420 [ 506.578820][T13954] vfs_open+0x3b/0x350 [ 506.578835][T13954] ? path_openat+0x2e49/0x3850 [ 506.578856][T13954] path_openat+0x2e60/0x3850 [ 506.578881][T13954] ? kmem_cache_alloc_noprof+0x358/0x680 [ 506.578900][T13954] ? __x64_sys_openat+0x138/0x170 [ 506.578917][T13954] ? do_syscall_64+0x174/0x580 [ 506.578938][T13954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.578965][T13954] do_file_open+0x23e/0x4a0 [ 506.578988][T13954] ? lockdep_hardirqs_on+0x7a/0x110 [ 506.579012][T13954] ? __pfx_do_file_open+0x10/0x10 [ 506.579046][T13954] ? alloc_fd+0x654/0x6d0 [ 506.579068][T13954] do_sys_openat2+0x115/0x200 [ 506.579089][T13954] ? __pfx_do_sys_openat2+0x10/0x10 [ 506.579107][T13954] ? exc_page_fault+0x6a/0xc0 [ 506.579131][T13954] ? do_user_addr_fault+0xc4a/0x1340 [ 506.579155][T13954] __x64_sys_openat+0x138/0x170 [ 506.579175][T13954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.579194][T13954] do_syscall_64+0x174/0x580 [ 506.579217][T13954] ? trace_irq_disable+0x3b/0x140 [ 506.579240][T13954] ? clear_bhb_loop+0x40/0x90 [ 506.579262][T13954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.579281][T13954] RIP: 0033:0x7fcd3b908407 [ 506.579299][T13954] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 506.579317][T13954] RSP: 002b:00007ffe8cfbe7f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 506.579337][T13954] RAX: ffffffffffffffda RBX: 00007fcd3b81a880 RCX: 00007fcd3b908407 [ 506.579353][T13954] RDX: 0000000000000000 RSI: 00007ffe8cfbff1c RDI: ffffffffffffff9c [ 506.579367][T13954] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 506.579379][T13954] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 506.579391][T13954] R13: 00007ffe8cfbea40 R14: 00007fcd3c09e000 R15: 000055ad8a9674d8 [ 506.579413][T13954] [ 506.579696][T13954] Kernel Offset: disabled