last executing test programs: 6m12.303389379s ago: executing program 1 (id=68): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000500)={0x7, 'ipvlan1\x00', {0x2}}) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x17, 0x0, &(0x7f00000001c0)) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r1, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10, 0x0}, 0x20048055) r2 = socket$kcm(0x29, 0x2, 0x0) close(r2) sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYRES16], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x2a382) memfd_create(0x0, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000780)={0x0, 0x3ff, 0x0, 'queue1\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) r4 = eventfd2(0x3, 0x80800) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r4, 0x7fc, 0x2, r4}) 6m8.815630691s ago: executing program 1 (id=73): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) 6m6.047359665s ago: executing program 4 (id=78): socket$kcm(0xa, 0x2, 0x0) r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'sed\x00', 0x1, 0xa7e, 0x70}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x6, 0x4d, 0x4, 0xdd, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x8, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x28, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x1000, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1000000b, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0xfffffffc, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea2, 0xffffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f30, 0xd, 0x4e2, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x4, 0x3, 0x303c, 0x3e7, 0xf, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800001, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x4, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x4, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb3e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2ed1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) 6m2.263996027s ago: executing program 1 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5m57.188363844s ago: executing program 4 (id=83): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000500)={0x7, 'ipvlan1\x00', {0x2}}) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x17, 0x0, &(0x7f00000001c0)) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r1, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10, 0x0}, 0x20048055) r2 = socket$kcm(0x29, 0x2, 0x0) close(r2) sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYRES16], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x2a382) memfd_create(0x0, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000780)={0x0, 0x3ff, 0x0, 'queue1\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) r4 = eventfd2(0x3, 0x80800) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000240)={r4, 0x7fc, 0x2, r4}) 5m56.735269867s ago: executing program 1 (id=85): r0 = socket$kcm(0x10, 0x2, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1}, 0xe4880) socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 5m50.131319754s ago: executing program 4 (id=90): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$KVM_GET_MSRS_sys(r4, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xc0000081}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000005180)={0x2020}, 0x2020) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="08150000000511040000000000000000010000055402010000000000000000"], 0x1508}}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r6, r6, 0x3, 0x0, &(0x7f0000000100), 0x9, 0xb, 0x5, 0x5508, 0xc336, 0x1, 0xb, 'syz0\x00'}) 5m45.864369814s ago: executing program 1 (id=91): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xc0000081}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000005180)={0x2020}, 0x2020) sendmsg$OSF_MSG_ADD(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="08150000000511040000000000000000010000055402010000000000000000"], 0x1508}}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r6, r6, 0x3, 0x0, &(0x7f0000000100), 0x9, 0xb, 0x5, 0x5508, 0xc336, 0x1, 0xb, 'syz0\x00'}) 5m45.763353981s ago: executing program 4 (id=92): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) semop(0x0, &(0x7f0000000440)=[{0x3, 0xffff, 0x1000}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5m42.114676462s ago: executing program 1 (id=95): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'sed\x00', 0x1, 0xa7e, 0x70}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x6, 0x4d, 0x4, 0xdd, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x8, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x28, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x1000, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1000000b, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0xfffffffc, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea2, 0xffffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f30, 0xd, 0x4e2, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x4, 0x3, 0x303c, 0x3e7, 0xf, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800001, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x4, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x4, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb3e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2ed1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) setns(0xffffffffffffffff, 0x24020000) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, 0x0, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 5m41.078204866s ago: executing program 4 (id=99): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5m38.702291176s ago: executing program 4 (id=103): socket$kcm(0xa, 0x2, 0x0) r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'sed\x00', 0x1, 0xa7e, 0x70}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x6, 0x4d, 0x4, 0xdd, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x8, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x28, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x1000, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1000000b, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0xfffffffc, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea2, 0xffffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f30, 0xd, 0x4e2, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x4, 0x3, 0x303c, 0x3e7, 0xf, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800001, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x4, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x4, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb3e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2ed1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 5m26.72126045s ago: executing program 32 (id=95): r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'sed\x00', 0x1, 0xa7e, 0x70}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x6, 0x4d, 0x4, 0xdd, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x8, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x28, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x1000, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1000000b, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0xfffffffc, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea2, 0xffffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f30, 0xd, 0x4e2, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x4, 0x3, 0x303c, 0x3e7, 0xf, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800001, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x4, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x4, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb3e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2ed1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) setns(0xffffffffffffffff, 0x24020000) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, 0x0, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 5m22.337212056s ago: executing program 33 (id=103): socket$kcm(0xa, 0x2, 0x0) r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'sed\x00', 0x1, 0xa7e, 0x70}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x6, 0x4d, 0x4, 0xdd, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x8, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x28, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x1000, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1000000b, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0xfffffffc, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea2, 0xffffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f30, 0xd, 0x4e2, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x4, 0x3, 0x303c, 0x3e7, 0xf, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800001, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x4, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x4, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb3e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2ed1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 12.730547112s ago: executing program 0 (id=576): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000006c0)=""/107, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 10.889478592s ago: executing program 0 (id=578): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000280)={0x0, 0xa0}}, 0x0) 9.53705828s ago: executing program 0 (id=579): r0 = socket$kcm(0x10, 0x2, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1}, 0xe4880) socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.026801861s ago: executing program 0 (id=583): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x17, 0x0, &(0x7f00000001c0)) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$kcm(0x2, 0x1, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) close(r1) memfd_create(0x0, 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000780)={0x0, 0x3ff, 0x0, 'queue1\x00', 0x48}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "71a19060009f0000000000005c4100a0200010040400", 0x800000, 0x40}) write$sndseq(r4, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) eventfd2(0x3, 0x80800) 6.466102474s ago: executing program 0 (id=586): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000006c0)=""/107, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 6.013280493s ago: executing program 3 (id=587): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000280)={0x0, 0xa0}}, 0x0) 5.923801784s ago: executing program 0 (id=588): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 5.46097438s ago: executing program 3 (id=590): read$char_usb(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/unix\x00') ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000080)={0xfffffffffffffff7, 0x5}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000104c05d5030000000000010902240001000000000904000002030000000921000000012205000905810300f9"], 0x0) syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "a6ea31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 4.779973068s ago: executing program 2 (id=591): r0 = socket$kcm(0x10, 0x2, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1}, 0xe4880) socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 3.800124352s ago: executing program 2 (id=592): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a3100000000080002400000000120000000000a03000000000000000000070000000900010073a27a310000000028000000000a030000000000000000000200000008000240000000000900010073797a31"], 0x98}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000380)=0x9, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x2006}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0x4c}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10) sendmmsg$inet(r1, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000880)="9064533a7837407e683a09e451dd472e5f7aeef50aee94ac12f9fb32a0cce1fb5e534ad5d374dc00e818a685571957e1bef09c120c39c2396ef3d7e15f5877581d9e44c9fd79d22cc28ed899e4acffa42b5ce1a83273afc139a4acfbef126c783af5507886f6120404799e82fd9c52f23b9ac4076af50dccfc24f0ce35ed34e194f14cf1823788f09292f3cd0789e2f2d9556d63cdb77a059cd4bcf71980ba7da4440c217345cc49be28e49f9df1735aff9a53436d899ce9dcd18054a2a6995150ffd252d5a93136bd744f5d5b05af436ac730639dd83ab03250ba9b1dfbc54fc14c3575b462627a3ea50ceddabab31ec9a9f82f22b9dae044f75ecd687ccdaea93206958e72b7d8ca0f69bb1731e953639af370fb2b09949073b08abcb99ac0e2ebf8ccb6640894d2a1871ad1a8684b4148a3b28f5a97788586a643297e9a9479a2ad4cc4f2cb71e0f6241a16e953724d370a6c8c8c4931cf7dfc65eec03aaa3ab2fc8e99cefeb08b8e12f38450d51080e3978822b5fee62584c49ba2cf32a332c0824bfecda9ae17734b72a937eafcb123bb003d5ca94c2c68548bd6403f7b26c556efdd5ccb14e340a117872faf52efed1728243d17ce070c6bf611303ea5133097435721ee7d17d7aff64cfb2b38910c8a67dd00639c24b85f8f660995e4a1fe06b72f436ef0236a9431a3cae5bf79a22bd04220308119480c2b4e39a42b3458a834c0f3efa164c36e6025bc9d50db0654cac13c4fb15070ed57056a6e293f5e341a48249d4ddf78c38ddbc62f80a56b93615f2dd8c57f841c357576a0c3ab902dae463eb9c85a5a82a1ae9d6d338fcfc78893044b2c105e9ea039a5c3e4d7a07283a4cd0bb26cd8614d4236ef9a2528a7067c2d7a11a986c0b3c0654b3363cab96afdfeb6e6fecc091bb4f9b0f093ced28f84c10718a1ee55abca218f079bf5ecb8790f886bdb04023938d5e56bd7086e88638c1e05b98f3c9129f3a7e9483f659d1f37411b48a68e689363237940d737023865eeeba207a5e5e381ddc029ddfd0c9e66f1f62f1786661848fb6f3a0f62d46eaa490bc4e062aeb25d478a0385c39f150e69eeaafde7a91dc193a4c5889b16bd5cdccc73e4171007be0eee4fad582973f2730c269fcd495db4aed9f170c2d1f382d4cf9e9913e188a016f0ccdae047c4c2a7176b8b71f6f028956a6ca3c05068211ffdc0b828ea1e7b4c1765966555fb4bdd153c7a19b6d223f9277eca106eaeae629b251c621e06dcf7d1851df55d6b85c14cb231a1925b28b18c7c067d48c594773b6da50f329a4e8e2993411b96815032e80ec6096c951e94dd3fa6627945c24057e9d76af0fa72801f1dd4970756", 0x3c5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000700)='n', 0x1}], 0x1}}], 0x2, 0x119e75c40673edef) r2 = socket$netlink(0x10, 0x3, 0x8000000004) sendto$inet6(r1, &(0x7f00000003c0)="6c96485edeacf11741b64b9bc12a6936b4d3e05e1d791ee41c970661692a73f148ff68fe82584c007ed8a6048b91000634257b436b970bb822a4d7580fe479d4485a83f76b2b503dcba12422f3315fb7725a0ee0e2a22d6d4b5d88a6bb09cc196d368f365d5c66f8be8a9bbcba3abeef94ac3776542ef945c05f26ee43b0f508f4004d08b6fed3675580806ef1d5e1e901afcb2af9d25cef034ee1a316fb5eb92d509865e262a3ccc769ed1f26d10168d70f02d367", 0xb5, 0x804, &(0x7f0000000340)={0xa, 0x4e23, 0xfffffffd, @empty, 0xa}, 0x1c) writev(r2, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e220e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bind$phonet(0xffffffffffffffff, &(0x7f0000000300)={0x23, 0xa, 0x8, 0x7}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x20, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xd, 0x7}, {0x6, 0xe}, {0xb, 0x3}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000101}, 0x44) 3.175973482s ago: executing program 2 (id=593): r0 = creat(&(0x7f00000006c0)='./file0\x00', 0x2) newfstatat(0xffffffffffffff9c, &(0x7f0000001040)='./file0\x00', &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setreuid(r1, 0x0) socket$nl_route(0x10, 0x3, 0x0) io_uring_setup(0x479, &(0x7f0000000ac0)={0x0, 0xfffefffe, 0x2, 0x2, 0x4800020}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000500)={0x0, @in6={{0xa, 0x4e22, 0x2, @private0, 0x49}}, 0x7, 0x5, 0x81, 0x0, 0x1000}, &(0x7f00000002c0)=0x98) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000300)={r2, 0x4}, &(0x7f00000003c0)=0x8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x1800, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x100, 0x0) 2.965899824s ago: executing program 3 (id=594): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0xfffffffb}) 2.769640432s ago: executing program 3 (id=595): socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) socket(0x10, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48) open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe) openat$sysfs(0xffffffffffffff9c, &(0x7f0000001300)='/sys/kernel/address_bits', 0x288000, 0x4) r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000001340)='blkio.bfq.time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000012c0)=ANY=[@ANYRES8=r2], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 1.744685791s ago: executing program 2 (id=596): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, 0x0, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 1.708798433s ago: executing program 3 (id=597): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fremovexattr(0xffffffffffffffff, &(0x7f0000000040)=@known='system.posix_acl_default\x00') r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) creat(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x800000, &(0x7f0000000200)=ANY=[@ANYBLOB='mpol=interleave:3-5:9A']) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) 1.104428522s ago: executing program 2 (id=598): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[], 0xa0}}, 0x0) 506.200487ms ago: executing program 2 (id=599): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="001002cce88fc3000000bc2e575b68f2c7a9bf17423938f2f0692875b5c0182ecba8648a75207662dae7ed054db4843957a0f9156f87e04e2d016b3325b307bbfec25b4628f20dc02d703e0580f1784cd162557574e827d9d6e903c170a4"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x5, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x8, 0x1, 0x1, 0x0, 0x8, 0x5, 0x6, 0x6, 0x7, 0x3, '\x00', 0x6, 0xe1}) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x4) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200881f, &(0x7f00000000c0)={[{@sysvgroups}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}]}, 0xfe, 0x4e6, &(0x7f0000000380)="$eJzs3VFrHFsdAPD/THa9TZvr5qoP14JtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xAwgiKviiT74IfgBB+hFEKOi7qChFW33woTqyu7MxTXeTlG52vdnfD07mnLOz+z8nw56dMzPMBDC0LkTEZERkWZZdjohSXp/mKXZaqbHei+ePFhopiSy7/bckkryu/Vnv5Msz+dsKEfH1r0R8K3k97sbW9sp8tVpZz8tT9dXkZZZtX1lenV+qLFXWZmdnrs/dmLs2N92Tfo5HxM0v/fmH3/v5l2/++jMP/nDnr5PfbnWwZW8/eqnV9WKc2lPX+L+sH0ewASk0e9hybcBtAQDgYI39/Y9ExCcj4nKUYqS5NwcAAACcJNnnx+Jl0jr/BwAAAJxMaUSMRZKW8+t9xyJNy+XWNbwfi9NptbZR/3RW2j1eMB7F9O5ytTKdXzswHsWkUZ7Jr7Ftl6/uK89GxHsR8YPSaLNcXqhVFwd65AMAAACGx5l98/9/llrzfwAAAOCEGR90AwAAAIBjZ/4PAAAAJ5/5PwAAAJxoX711q5Gy9vOvF+9vba7U7l9ZrGyslFc3F8oLtfV75aVabal5z77Vwz6vWqvd+2ysbT6cqlc26lMbW9t3Vmuba/U7y688AhsAAADoo/fOP/l9EhE7nxtNIyJL9rxWjMhG9q5c6H/7gOOTvsnKfzq+dgD9NzLoBgADY5cehldx0A0ABu6wcaDrxTu/6X1bAACA4zHx8d3z/80EDI8nz5qLJBl0Q4C+c/4fhpfzfzC8igftAZgUwImXHuGr/vbn/7PsjRoFAAD03FgzJWk5nweMRZqWyxHvNh8LUEzuLlcr0xHx4Yj4Xan4TqM803xn4vAAAAAAAAAAAAAAAAAAAAAAAAAAABxRliWRdTG6uw4AAADwQRaR/iXJn/81Ubo0tv/4wIeSf5Way4h48JPbP3o4X6+vzzTq/75bX/9xXn+130cvAAAAgE7a8/T2PB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeunF80cL7dTPuM++GBHjneIX4lRzeSqKEXH6H0kU9rwviYiRHsTfeRwR73eKnzSaFeN5K/bHTyNidMDxz/QgPgyzJ43x5wudvn9pXGguO3//Cnl6W93Hv3R3/BvpMv692+kD09erzj795VTX+I8jzhY6jz/t+EmX+BeP2MdvfmN7u9tr2c8iJjr+/iSvxJpKCvemNra2ryyvzi9Vliprs7Mz1+duzF2bm566u1yt5H87xvj+J371n4P6f7pL/PFD+n/piP3/99OHzz/ayhb3vVSMn2bZ5MXO2//9LvHbv32fyjd3ozzRzu+08nud+8Vvz50/oP+LXfp/2PafPGL/L3/tu3884qoAQB9sbG2vzFerlXUZmWPLjEYfg87HQeu0d2L70J7v5KH+LzbBG2cGOCgBAADH4n87/YNuCQAAAAAAAAAAAAAAAAAAAAyvw24DFj24ndj+mDuD6SoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIH+GwAA///kdMzk") bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={0x0}, 0x18) sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1}, 0x3e8) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x40, 0x0) r8 = syz_io_uring_setup(0x6f25, &(0x7f00000010c0)={0x0, 0x6f0f, 0x4000, 0x0, 0x2c8}, &(0x7f00000002c0), &(0x7f0000000000)) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x132, 0xffffffffffffffff, 0xffffd000) preadv(0xffffffffffffffff, 0x0, 0x0, 0x3f, 0x6a76) io_uring_register$IORING_REGISTER_BUFFERS2(r8, 0xf, &(0x7f0000001580)={0xf2, 0x1, 0x0, 0x0, &(0x7f0000000200)}, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) 0s ago: executing program 3 (id=600): socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) socket(0x10, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1"], 0x48) open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe) openat$sysfs(0xffffffffffffff9c, &(0x7f0000001300)='/sys/kernel/address_bits', 0x288000, 0x4) socket$inet6(0xa, 0x2, 0x0) r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000001340)='blkio.bfq.time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000012c0)=ANY=[@ANYRES8=r2], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) kernel console output (not intermixed with test programs): ed [ 480.791284][ T7086] team0: Port device team_slave_1 added [ 482.462979][ T7086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.492684][ T7086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.639781][ T7086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.674970][ T7086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.682123][ T7086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.786551][ T7086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.863975][ T7117] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.896306][ T7117] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.904202][ T7117] bridge_slave_0: entered allmulticast mode [ 482.987362][ T7117] bridge_slave_0: entered promiscuous mode [ 483.087307][ T6498] bridge_slave_1: left allmulticast mode [ 483.093199][ T6498] bridge_slave_1: left promiscuous mode [ 483.135891][ T6498] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.219601][ T6498] bridge_slave_0: left allmulticast mode [ 483.233401][ T6498] bridge_slave_0: left promiscuous mode [ 483.248355][ T6498] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.312297][ T7256] kvm: kvm [7253]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xc880 [ 483.322462][ T7256] kvm: kvm [7253]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 483.373896][ T7256] kvm: kvm [7253]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa088 [ 483.416359][ T7256] kvm: kvm [7253]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xd1a8 [ 483.463606][ T7256] kvm: kvm [7253]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 483.907901][ T7265] FAULT_INJECTION: forcing a failure. [ 483.907901][ T7265] name failslab, interval 1, probability 0, space 0, times 1 [ 484.115050][ T7265] CPU: 0 UID: 0 PID: 7265 Comm: syz.2.285 Not tainted syzkaller #0 PREEMPT(full) [ 484.115209][ T7265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 484.115320][ T7265] Call Trace: [ 484.115378][ T7265] [ 484.115432][ T7265] __dump_stack+0x26/0x30 [ 484.115844][ T7265] dump_stack_lvl+0x14c/0x1c0 [ 484.116022][ T7265] dump_stack+0x1e/0x25 [ 484.116189][ T7265] should_fail_ex+0x7e2/0x8c0 [ 484.116444][ T7265] should_failslab+0x158/0x200 [ 484.116647][ T7265] kmem_cache_alloc_noprof+0x146/0x1270 [ 484.116832][ T7265] ? do_getname+0x4a/0x530 [ 484.117003][ T7265] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 484.117236][ T7265] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 484.117434][ T7265] do_getname+0x4a/0x530 [ 484.117584][ T7265] __se_sys_mkdirat+0x3f/0x330 [ 484.117806][ T7265] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 484.118029][ T7265] __x64_sys_mkdirat+0x97/0xe0 [ 484.118242][ T7265] x64_sys_call+0x37fc/0x3ea0 [ 484.118432][ T7265] do_syscall_64+0x134/0xf80 [ 484.118649][ T7265] ? clear_bhb_loop+0x50/0xa0 [ 484.118811][ T7265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.118977][ T7265] RIP: 0033:0x7f294fd9b607 [ 484.119111][ T7265] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 484.119237][ T7265] RSP: 002b:00007f2950cdde58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 484.119387][ T7265] RAX: ffffffffffffffda RBX: 00007f2950cddee0 RCX: 00007f294fd9b607 [ 484.119493][ T7265] RDX: 00000000000001ff RSI: 0000200000000080 RDI: 00000000ffffff9c [ 484.119589][ T7265] RBP: 0000200000000040 R08: 00002000000000c0 R09: 0000000000000000 [ 484.119686][ T7265] R10: 0000200000000040 R11: 0000000000000246 R12: 0000200000000080 [ 484.119785][ T7265] R13: 00007f2950cddea0 R14: 0000000000000000 R15: 0000000000000000 [ 484.119916][ T7265] [ 484.377266][ T6498] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 484.409500][ T6498] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 484.430991][ T6498] bond0 (unregistering): Released all slaves [ 484.500536][ T7117] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.538343][ T7117] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.620528][ T7117] bridge_slave_1: entered allmulticast mode [ 484.704941][ T7117] bridge_slave_1: entered promiscuous mode [ 485.024691][ T5823] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 485.229857][ T5823] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 485.268595][ T5823] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 485.307422][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.317669][ T5823] usb 3-1: Product: syz [ 485.322066][ T5823] usb 3-1: Manufacturer: 򘡻 [ 485.335958][ T6498] hsr_slave_0: left promiscuous mode [ 485.341849][ T5823] usb 3-1: SerialNumber: syz [ 485.358602][ T6498] hsr_slave_1: left promiscuous mode [ 485.397849][ T6498] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 485.412010][ T6498] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.698262][ T7267] loop2: detected capacity change from 0 to 1024 [ 485.795900][ T7267] hfsplus: failed to load extents file [ 486.002162][ T7276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.058082][ T7276] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.202610][ T5823] usb 3-1: USB disconnect, device number 5 [ 486.318256][ T7278] FAULT_INJECTION: forcing a failure. [ 486.318256][ T7278] name failslab, interval 1, probability 0, space 0, times 0 [ 486.361859][ T7278] CPU: 1 UID: 0 PID: 7278 Comm: syz.0.289 Not tainted syzkaller #0 PREEMPT(full) [ 486.362037][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 486.362131][ T7278] Call Trace: [ 486.362190][ T7278] [ 486.362247][ T7278] __dump_stack+0x26/0x30 [ 486.362436][ T7278] dump_stack_lvl+0x14c/0x1c0 [ 486.362630][ T7278] dump_stack+0x1e/0x25 [ 486.362806][ T7278] should_fail_ex+0x7e2/0x8c0 [ 486.363024][ T7278] should_failslab+0x158/0x200 [ 486.363193][ T7278] __kmalloc_cache_noprof+0x125/0x1260 [ 486.363375][ T7278] ? __se_sys_memfd_create+0x55c/0xb10 [ 486.363641][ T7278] ? kmsan_get_metadata+0xf1/0x160 [ 486.363876][ T7278] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 486.364122][ T7278] ? kmsan_get_metadata+0xf1/0x160 [ 486.364369][ T7278] __se_sys_memfd_create+0x55c/0xb10 [ 486.364565][ T7278] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 486.364820][ T7278] __x64_sys_memfd_create+0x78/0xb0 [ 486.365030][ T7278] x64_sys_call+0x256c/0x3ea0 [ 486.365242][ T7278] do_syscall_64+0x134/0xf80 [ 486.365403][ T7278] ? clear_bhb_loop+0x50/0xa0 [ 486.365585][ T7278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.365762][ T7278] RIP: 0033:0x7f893c59c799 [ 486.365909][ T7278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 486.366051][ T7278] RSP: 002b:00007f893d42ae08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 486.366205][ T7278] RAX: ffffffffffffffda RBX: 0000000000000140 RCX: 00007f893c59c799 [ 486.366316][ T7278] RDX: 00007f893d42aee0 RSI: 0000000000000000 RDI: 00007f893c632db9 [ 486.366430][ T7278] RBP: 0000200000000200 R08: 00000000ffffffff R09: 0000000000000000 [ 486.366537][ T7278] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000180 [ 486.366638][ T7278] R13: 00007f893d42aee0 R14: 00007f893d42aea0 R15: 00002000000001c0 [ 486.366796][ T7278] [ 486.560926][ T6498] team0 (unregistering): Port device team_slave_1 removed [ 486.699727][ T6498] team0 (unregistering): Port device team_slave_0 removed [ 488.862773][ T7117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.972144][ T7117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.206638][ T7086] hsr_slave_0: entered promiscuous mode [ 489.253283][ T7086] hsr_slave_1: entered promiscuous mode [ 489.818491][ T7117] team0: Port device team_slave_0 added [ 489.862226][ T7117] team0: Port device team_slave_1 added [ 490.139903][ T7295] FAULT_INJECTION: forcing a failure. [ 490.139903][ T7295] name failslab, interval 1, probability 0, space 0, times 0 [ 490.178451][ T7295] CPU: 0 UID: 0 PID: 7295 Comm: syz.3.294 Not tainted syzkaller #0 PREEMPT(full) [ 490.178611][ T7295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 490.178696][ T7295] Call Trace: [ 490.178748][ T7295] [ 490.178800][ T7295] __dump_stack+0x26/0x30 [ 490.178966][ T7295] dump_stack_lvl+0x14c/0x1c0 [ 490.179141][ T7295] dump_stack+0x1e/0x25 [ 490.179302][ T7295] should_fail_ex+0x7e2/0x8c0 [ 490.179482][ T7295] should_failslab+0x158/0x200 [ 490.179639][ T7295] __kmalloc_cache_noprof+0x125/0x1260 [ 490.179817][ T7295] ? __se_sys_memfd_create+0x55c/0xb10 [ 490.179987][ T7295] ? kmsan_get_metadata+0xf1/0x160 [ 490.180194][ T7295] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.180403][ T7295] ? kmsan_get_metadata+0xf1/0x160 [ 490.180627][ T7295] __se_sys_memfd_create+0x55c/0xb10 [ 490.180792][ T7295] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 490.181007][ T7295] __x64_sys_memfd_create+0x78/0xb0 [ 490.181185][ T7295] x64_sys_call+0x256c/0x3ea0 [ 490.181364][ T7295] do_syscall_64+0x134/0xf80 [ 490.181516][ T7295] ? clear_bhb_loop+0x50/0xa0 [ 490.181679][ T7295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.181836][ T7295] RIP: 0033:0x7ffac8d9c799 [ 490.181945][ T7295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.182070][ T7295] RSP: 002b:00007ffac9b9ae08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 490.182205][ T7295] RAX: ffffffffffffffda RBX: 0000000000000177 RCX: 00007ffac8d9c799 [ 490.182310][ T7295] RDX: 00007ffac9b9aee0 RSI: 0000000000000000 RDI: 00007ffac8e32db9 [ 490.182408][ T7295] RBP: 0000200000000240 R08: 00000000ffffffff R09: 0000000000000000 [ 490.182509][ T7295] R10: 0000000000000001 R11: 0000000000000202 R12: 00002000000001c0 [ 490.182600][ T7295] R13: 00007ffac9b9aee0 R14: 00007ffac9b9aea0 R15: 0000200000000200 [ 490.182742][ T7295] [ 490.885057][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.892215][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 490.939285][ T7117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.998526][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 491.024796][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 491.126401][ T7117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.639546][ T7309] SQUASHFS error: Failed to read block 0x0: -5 [ 491.663262][ T7309] unable to read squashfs_super_block [ 492.161188][ T7117] hsr_slave_0: entered promiscuous mode [ 492.189971][ T7117] hsr_slave_1: entered promiscuous mode [ 492.200059][ T7117] debugfs: 'hsr0' already exists in 'hsr' [ 492.208240][ T7117] Cannot create hsr debugfs directory [ 492.796199][ T7325] FAULT_INJECTION: forcing a failure. [ 492.796199][ T7325] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 492.894503][ T7325] CPU: 0 UID: 0 PID: 7325 Comm: syz.2.302 Not tainted syzkaller #0 PREEMPT(full) [ 492.894651][ T7325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 492.894734][ T7325] Call Trace: [ 492.894793][ T7325] [ 492.894846][ T7325] __dump_stack+0x26/0x30 [ 492.895020][ T7325] dump_stack_lvl+0x14c/0x1c0 [ 492.895198][ T7325] dump_stack+0x1e/0x25 [ 492.895343][ T7325] should_fail_ex+0x7e2/0x8c0 [ 492.895528][ T7325] should_fail+0x2a/0x40 [ 492.895666][ T7325] should_fail_usercopy+0x2e/0x40 [ 492.895913][ T7325] _copy_from_user+0x33/0x100 [ 492.896108][ T7325] ucma_write+0x155/0x5c0 [ 492.896332][ T7325] ? kmsan_get_metadata+0xf1/0x160 [ 492.896547][ T7325] ? __pfx_ucma_write+0x10/0x10 [ 492.896683][ T7325] vfs_write+0x48a/0x15c0 [ 492.896900][ T7325] ? stack_depot_save_flags+0x35/0x790 [ 492.897067][ T7325] ? kmsan_get_metadata+0xf1/0x160 [ 492.897269][ T7325] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 492.897467][ T7325] ? kmsan_get_metadata+0xf1/0x160 [ 492.897686][ T7325] ksys_write+0x1d9/0x470 [ 492.897888][ T7325] __x64_sys_write+0x97/0xf0 [ 492.898088][ T7325] x64_sys_call+0x2ff0/0x3ea0 [ 492.898274][ T7325] do_syscall_64+0x134/0xf80 [ 492.898415][ T7325] ? clear_bhb_loop+0x50/0xa0 [ 492.898576][ T7325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.898733][ T7325] RIP: 0033:0x7f294fd9c799 [ 492.898848][ T7325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 492.898971][ T7325] RSP: 002b:00007f2950cde028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 492.899106][ T7325] RAX: ffffffffffffffda RBX: 00007f2950015fa0 RCX: 00007f294fd9c799 [ 492.899210][ T7325] RDX: 0000000000000118 RSI: 0000200000000240 RDI: 0000000000000003 [ 492.899302][ T7325] RBP: 00007f2950cde090 R08: 0000000000000000 R09: 0000000000000000 [ 492.899392][ T7325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 492.899493][ T7325] R13: 00007f2950016038 R14: 00007f2950015fa0 R15: 00007ffd27c889b8 [ 492.899633][ T7325] [ 493.534540][ T5823] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 493.695104][ T5823] usb 4-1: Using ep0 maxpacket: 32 [ 493.732102][ T5823] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 493.745434][ T7337] netlink: 'syz.0.305': attribute type 28 has an invalid length. [ 493.758694][ T5823] usb 4-1: config 0 has no interface number 0 [ 493.801749][ T5823] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 493.838069][ T5823] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 493.855617][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.883630][ T5823] usb 4-1: Product: syz [ 493.901621][ T5823] usb 4-1: Manufacturer: syz [ 493.909524][ T7330] kvm_intel: kvm [7329]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xa25a [ 493.919951][ T5823] usb 4-1: SerialNumber: syz [ 493.942003][ T5823] usb 4-1: config 0 descriptor?? [ 493.951022][ T7330] kvm: kvm [7329]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa25a [ 493.972894][ T7328] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 494.005563][ T7330] kvm: kvm [7329]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x933e [ 494.057423][ T7330] kvm_intel: kvm [7329]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x90af [ 494.256269][ T7086] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 494.482765][ T7086] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 494.506663][ T7328] loop3: detected capacity change from 0 to 164 [ 494.663928][ T7086] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 494.862162][ T7086] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 494.877499][ T7328] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 495.179087][ T5823] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 495.205884][ T5823] asix 4-1:0.188: probe with driver asix failed with error -61 [ 495.289862][ T7343] loop0: detected capacity change from 0 to 4096 [ 495.362658][ T7343] ======================================================= [ 495.362658][ T7343] WARNING: The mand mount option has been deprecated and [ 495.362658][ T7343] and is ignored by this kernel. Remove the mand [ 495.362658][ T7343] option from the mount to silence this warning. [ 495.362658][ T7343] ======================================================= [ 495.553418][ T7343] nilfs2: Unknown parameter '' [ 495.864852][ T5823] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 495.979945][ T7117] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 496.054207][ T5823] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 496.091574][ T5823] usb 1-1: config 0 has no interface number 0 [ 496.101573][ T7117] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 496.123507][ T5823] usb 1-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 496.187049][ T5823] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 496.207333][ T7117] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 496.217888][ T5823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.254499][ T5823] usb 1-1: Product: syz [ 496.285930][ T5823] usb 1-1: Manufacturer: syz [ 496.290785][ T5823] usb 1-1: SerialNumber: syz [ 496.342459][ T5823] usb 1-1: config 0 descriptor?? [ 496.377697][ T7117] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 496.392929][ T7343] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 496.639480][ T5823] plusb 1-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 76:52:e0:8e:9a:78 [ 496.784019][ T5823] usb 1-1: USB disconnect, device number 6 [ 496.827730][ T5823] plusb 1-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 497.446873][ T24] usb 4-1: USB disconnect, device number 6 [ 497.624034][ T7086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 497.762976][ T7086] 8021q: adding VLAN 0 to HW filter on device team0 [ 497.890262][ T7366] FAULT_INJECTION: forcing a failure. [ 497.890262][ T7366] name failslab, interval 1, probability 0, space 0, times 0 [ 497.990691][ T7366] CPU: 0 UID: 0 PID: 7366 Comm: syz.0.310 Not tainted syzkaller #0 PREEMPT(full) [ 497.990836][ T7366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 497.990918][ T7366] Call Trace: [ 497.990970][ T7366] [ 497.991021][ T7366] __dump_stack+0x26/0x30 [ 497.991194][ T7366] dump_stack_lvl+0x14c/0x1c0 [ 497.991372][ T7366] dump_stack+0x1e/0x25 [ 497.991537][ T7366] should_fail_ex+0x7e2/0x8c0 [ 497.991723][ T7366] should_failslab+0x158/0x200 [ 497.991870][ T7366] __kmalloc_noprof+0x1e0/0x1680 [ 497.992020][ T7366] ? kfree+0x20/0x1130 [ 497.992287][ T7366] ? tomoyo_file_ioctl+0x3d/0x50 [ 497.992537][ T7366] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 497.992704][ T7366] ? __msan_warning+0x1b/0x30 [ 497.992880][ T7366] ? filter_irq_stacks+0x13f/0x190 [ 497.993110][ T7366] ? kmsan_get_metadata+0xf1/0x160 [ 497.993310][ T7366] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 497.993540][ T7366] tomoyo_realpath_from_path+0xeb/0x9f0 [ 497.993720][ T7366] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 497.993941][ T7366] ? __srcu_read_lock+0x5e/0xd0 [ 497.994140][ T7366] tomoyo_path_number_perm+0x1d0/0x7d0 [ 497.994391][ T7366] ? kmsan_get_metadata+0xf1/0x160 [ 497.994653][ T7366] tomoyo_file_ioctl+0x3d/0x50 [ 497.994823][ T7366] security_file_ioctl+0x139/0x570 [ 497.995076][ T7366] __se_sys_ioctl+0xbb/0x400 [ 497.995278][ T7366] __x64_sys_ioctl+0x97/0xe0 [ 497.995482][ T7366] x64_sys_call+0x1975/0x3ea0 [ 497.995671][ T7366] do_syscall_64+0x134/0xf80 [ 497.995812][ T7366] ? clear_bhb_loop+0x50/0xa0 [ 497.995973][ T7366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.996131][ T7366] RIP: 0033:0x7f893c59c799 [ 497.996241][ T7366] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 497.996366][ T7366] RSP: 002b:00007f893d42b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 497.996511][ T7366] RAX: ffffffffffffffda RBX: 00007f893c815fa0 RCX: 00007f893c59c799 [ 497.996617][ T7366] RDX: 00002000000000c0 RSI: 00000000c0106407 RDI: 0000000000000003 [ 497.996711][ T7366] RBP: 00007f893d42b090 R08: 0000000000000000 R09: 0000000000000000 [ 497.996801][ T7366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.996887][ T7366] R13: 00007f893c816038 R14: 00007f893c815fa0 R15: 00007ffcf7ad95c8 [ 497.997029][ T7366] [ 498.252064][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'. [ 498.300823][ T7366] ERROR: Out of memory at tomoyo_realpath_from_path. [ 498.523443][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.531122][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 498.617818][ T7375] FAULT_INJECTION: forcing a failure. [ 498.617818][ T7375] name failslab, interval 1, probability 0, space 0, times 0 [ 498.706143][ T7375] CPU: 0 UID: 0 PID: 7375 Comm: syz.3.312 Not tainted syzkaller #0 PREEMPT(full) [ 498.706301][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 498.706384][ T7375] Call Trace: [ 498.706437][ T7375] [ 498.706488][ T7375] __dump_stack+0x26/0x30 [ 498.706660][ T7375] dump_stack_lvl+0x14c/0x1c0 [ 498.706832][ T7375] dump_stack+0x1e/0x25 [ 498.706990][ T7375] should_fail_ex+0x7e2/0x8c0 [ 498.707173][ T7375] should_failslab+0x158/0x200 [ 498.707327][ T7375] kmem_cache_alloc_node_noprof+0x14c/0x12d0 [ 498.707481][ T7375] ? kmsan_get_metadata+0xf1/0x160 [ 498.707690][ T7375] ? __alloc_skb+0x744/0x1190 [ 498.708007][ T7375] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 498.708226][ T7375] __alloc_skb+0x744/0x1190 [ 498.708450][ T7375] ? __alloc_skb+0x35e/0x1190 [ 498.708626][ T7375] ? netlink_autobind+0x3b0/0x430 [ 498.708831][ T7375] netlink_alloc_large_skb+0xa5/0x290 [ 498.709067][ T7375] netlink_sendmsg+0xae9/0x1250 [ 498.709254][ T7375] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.709408][ T7375] sock_write_iter+0x728/0x7e0 [ 498.709628][ T7375] ? __pfx_sock_write_iter+0x10/0x10 [ 498.709784][ T7375] do_iter_readv_writev+0x9e0/0xc10 [ 498.710013][ T7375] ? __pfx_sock_write_iter+0x10/0x10 [ 498.710171][ T7375] vfs_writev+0x52a/0x1500 [ 498.710358][ T7375] ? __pfx_do_writev+0x1/0x10 [ 498.710503][ T7375] ? filter_irq_stacks+0x49/0x190 [ 498.710716][ T7375] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 498.710916][ T7375] ? kmsan_get_metadata+0xf1/0x160 [ 498.711159][ T7375] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 498.711395][ T7375] do_writev+0x235/0x5d0 [ 498.711566][ T7375] __x64_sys_writev+0x99/0xf0 [ 498.711775][ T7375] x64_sys_call+0x2182/0x3ea0 [ 498.711970][ T7375] do_syscall_64+0x134/0xf80 [ 498.712113][ T7375] ? clear_bhb_loop+0x50/0xa0 [ 498.712283][ T7375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.712442][ T7375] RIP: 0033:0x7ffac8d9c799 [ 498.712551][ T7375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 498.712675][ T7375] RSP: 002b:00007ffac9b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 498.712811][ T7375] RAX: ffffffffffffffda RBX: 00007ffac9015fa0 RCX: 00007ffac8d9c799 [ 498.712915][ T7375] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000003 [ 498.713006][ T7375] RBP: 00007ffac9b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 498.713095][ T7375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 498.713181][ T7375] R13: 00007ffac9016038 R14: 00007ffac9015fa0 R15: 00007ffdda50e568 [ 498.713331][ T7375] [ 499.291183][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.298882][ T5989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.587317][ T7383] x_tables: duplicate underflow at hook 1 [ 499.813048][ T7385] kvm_intel: kvm [7384]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xa25a [ 499.846931][ T7385] kvm: kvm [7384]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa25a [ 499.857339][ T7385] kvm: kvm [7384]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x933e [ 499.910136][ T7385] kvm_intel: kvm [7384]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x90af [ 499.929166][ T7117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 500.381421][ T7117] 8021q: adding VLAN 0 to HW filter on device team0 [ 500.440056][ T7393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.316'. [ 500.529587][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.537275][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 500.818779][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.826713][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 500.888785][ T7395] loop2: detected capacity change from 0 to 8 [ 502.778551][ T7419] loop2: detected capacity change from 0 to 128 [ 503.474181][ T7086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 504.050835][ T7434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'. [ 504.115135][ T7431] loop0: detected capacity change from 0 to 128 [ 504.258180][ T7431] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 504.364747][ T7431] hpfs: filesystem error: improperly stopped [ 504.371047][ T7431] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 504.441557][ T7117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 504.452283][ T7431] hpfs: You really don't want any checks? You are crazy... [ 504.480608][ T7431] hpfs: hpfs_map_sector(): read error [ 504.514648][ T7431] hpfs: code page support is disabled [ 504.521113][ T7431] hpfs: hpfs_map_4sectors(): unaligned read [ 504.638238][ T7431] hpfs: hpfs_map_4sectors(): unaligned read [ 504.674824][ T7431] hpfs: filesystem error: unable to find root dir [ 505.837982][ T7450] tmpfs: Bad value for 'mpol' [ 506.129934][ T7452] FAULT_INJECTION: forcing a failure. [ 506.129934][ T7452] name failslab, interval 1, probability 0, space 0, times 0 [ 506.180247][ T7452] CPU: 1 UID: 0 PID: 7452 Comm: syz.0.330 Not tainted syzkaller #0 PREEMPT(full) [ 506.180398][ T7452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 506.180483][ T7452] Call Trace: [ 506.180535][ T7452] [ 506.180587][ T7452] __dump_stack+0x26/0x30 [ 506.180772][ T7452] dump_stack_lvl+0x14c/0x1c0 [ 506.180950][ T7452] dump_stack+0x1e/0x25 [ 506.181110][ T7452] should_fail_ex+0x7e2/0x8c0 [ 506.181296][ T7452] should_failslab+0x158/0x200 [ 506.181447][ T7452] __kmalloc_noprof+0x1e0/0x1680 [ 506.181598][ T7452] ? kfree+0x20/0x1130 [ 506.181794][ T7452] ? tomoyo_file_ioctl+0x3d/0x50 [ 506.181963][ T7452] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 506.182132][ T7452] ? __msan_warning+0x1b/0x30 [ 506.182315][ T7452] ? filter_irq_stacks+0x13f/0x190 [ 506.182501][ T7452] ? kmsan_get_metadata+0xf1/0x160 [ 506.182714][ T7452] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 506.182937][ T7452] tomoyo_realpath_from_path+0xeb/0x9f0 [ 506.183116][ T7452] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 506.183338][ T7452] ? __srcu_read_lock+0x5e/0xd0 [ 506.183493][ T7452] tomoyo_path_number_perm+0x1d0/0x7d0 [ 506.183742][ T7452] ? kmsan_get_metadata+0xf1/0x160 [ 506.184003][ T7452] tomoyo_file_ioctl+0x3d/0x50 [ 506.184179][ T7452] security_file_ioctl+0x139/0x570 [ 506.184384][ T7452] __se_sys_ioctl+0xbb/0x400 [ 506.184586][ T7452] __x64_sys_ioctl+0x97/0xe0 [ 506.184802][ T7452] x64_sys_call+0x1975/0x3ea0 [ 506.184982][ T7452] do_syscall_64+0x134/0xf80 [ 506.185119][ T7452] ? clear_bhb_loop+0x50/0xa0 [ 506.185276][ T7452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.185428][ T7452] RIP: 0033:0x7f893c59c799 [ 506.185542][ T7452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 506.185627][ T7452] RSP: 002b:00007f893d42b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 506.185727][ T7452] RAX: ffffffffffffffda RBX: 00007f893c815fa0 RCX: 00007f893c59c799 [ 506.185797][ T7452] RDX: 00002000000001c0 RSI: 000000004008ae9c RDI: 0000000000000005 [ 506.185859][ T7452] RBP: 00007f893d42b090 R08: 0000000000000000 R09: 0000000000000000 [ 506.185920][ T7452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 506.185977][ T7452] R13: 00007f893c816038 R14: 00007f893c815fa0 R15: 00007ffcf7ad95c8 [ 506.186072][ T7452] [ 506.584840][ T7452] ERROR: Out of memory at tomoyo_realpath_from_path. [ 507.407240][ T7086] veth0_vlan: entered promiscuous mode [ 507.915310][ T7086] veth1_vlan: entered promiscuous mode [ 508.227081][ T7476] netlink: 16 bytes leftover after parsing attributes in process `syz.2.334'. [ 508.567036][ T7472] netlink: 60 bytes leftover after parsing attributes in process `syz.0.333'. [ 508.693727][ T7479] netlink: 60 bytes leftover after parsing attributes in process `syz.0.333'. [ 508.740055][ T7478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.333'. [ 508.970784][ T7086] veth0_macvtap: entered promiscuous mode [ 509.069939][ T7086] veth1_macvtap: entered promiscuous mode [ 509.083350][ T7117] veth0_vlan: entered promiscuous mode [ 509.215783][ T7117] veth1_vlan: entered promiscuous mode [ 509.278013][ T7086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 509.358210][ T7086] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 509.483519][ T77] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.497372][ T77] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.674709][ T6498] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.712190][ T6498] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 510.115973][ T7483] netlink: 60 bytes leftover after parsing attributes in process `syz.2.335'. [ 510.190597][ T7117] veth0_macvtap: entered promiscuous mode [ 510.332944][ T7117] veth1_macvtap: entered promiscuous mode [ 510.461294][ T7489] FAULT_INJECTION: forcing a failure. [ 510.461294][ T7489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 510.561634][ T7489] CPU: 0 UID: 0 PID: 7489 Comm: syz.0.337 Not tainted syzkaller #0 PREEMPT(full) [ 510.561782][ T7489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 510.561866][ T7489] Call Trace: [ 510.561919][ T7489] [ 510.561971][ T7489] __dump_stack+0x26/0x30 [ 510.562153][ T7489] dump_stack_lvl+0x14c/0x1c0 [ 510.562332][ T7489] dump_stack+0x1e/0x25 [ 510.562489][ T7489] should_fail_ex+0x7e2/0x8c0 [ 510.562675][ T7489] should_fail+0x2a/0x40 [ 510.562818][ T7489] should_fail_usercopy+0x2e/0x40 [ 510.562988][ T7489] _copy_from_user+0x33/0x100 [ 510.563156][ T7489] __sys_bpf+0x2c8/0xee0 [ 510.563478][ T7489] __x64_sys_bpf+0xa4/0xf0 [ 510.563628][ T7489] x64_sys_call+0x13d0/0x3ea0 [ 510.563820][ T7489] do_syscall_64+0x134/0xf80 [ 510.563963][ T7489] ? clear_bhb_loop+0x50/0xa0 [ 510.564132][ T7489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.564280][ T7489] RIP: 0033:0x7f893c59c799 [ 510.564383][ T7489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.564501][ T7489] RSP: 002b:00007f893d42b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 510.564633][ T7489] RAX: ffffffffffffffda RBX: 00007f893c815fa0 RCX: 00007f893c59c799 [ 510.564735][ T7489] RDX: 0000000000000020 RSI: 0000200000000340 RDI: 0000000000000009 [ 510.564825][ T7489] RBP: 00007f893d42b090 R08: 0000000000000000 R09: 0000000000000000 [ 510.564911][ T7489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.564990][ T7489] R13: 00007f893c816038 R14: 00007f893c815fa0 R15: 00007ffcf7ad95c8 [ 510.565137][ T7489] [ 510.911560][ T7117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 510.950497][ T7117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 511.190366][ T5989] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.209250][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.216417][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.248880][ T5989] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.277671][ T5989] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.445529][ T1133] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.320696][ T7509] FAULT_INJECTION: forcing a failure. [ 512.320696][ T7509] name failslab, interval 1, probability 0, space 0, times 0 [ 512.384602][ T7509] CPU: 1 UID: 0 PID: 7509 Comm: syz.3.341 Not tainted syzkaller #0 PREEMPT(full) [ 512.384768][ T7509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 512.384859][ T7509] Call Trace: [ 512.384917][ T7509] [ 512.384975][ T7509] __dump_stack+0x26/0x30 [ 512.385167][ T7509] dump_stack_lvl+0x14c/0x1c0 [ 512.385368][ T7509] dump_stack+0x1e/0x25 [ 512.385545][ T7509] should_fail_ex+0x7e2/0x8c0 [ 512.385746][ T7509] should_failslab+0x158/0x200 [ 512.385904][ T7509] __kmalloc_noprof+0x1e0/0x1680 [ 512.386063][ T7509] ? kfree+0x20/0x1130 [ 512.386263][ T7509] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 512.386465][ T7509] ? tomoyo_path_number_perm+0x71/0x7d0 [ 512.386690][ T7509] ? filter_irq_stacks+0x49/0x190 [ 512.386891][ T7509] ? kmsan_get_metadata+0xf1/0x160 [ 512.387126][ T7509] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.387385][ T7509] tomoyo_realpath_from_path+0xeb/0x9f0 [ 512.387578][ T7509] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 512.387830][ T7509] ? __srcu_read_lock+0x5e/0xd0 [ 512.388005][ T7509] tomoyo_path_number_perm+0x1d0/0x7d0 [ 512.388275][ T7509] ? kmsan_get_metadata+0xf1/0x160 [ 512.388574][ T7509] tomoyo_file_ioctl+0x3d/0x50 [ 512.388767][ T7509] security_file_ioctl+0x139/0x570 [ 512.388997][ T7509] __se_sys_ioctl+0xbb/0x400 [ 512.389223][ T7509] __x64_sys_ioctl+0x97/0xe0 [ 512.389451][ T7509] x64_sys_call+0x1975/0x3ea0 [ 512.389665][ T7509] do_syscall_64+0x134/0xf80 [ 512.389824][ T7509] ? clear_bhb_loop+0x50/0xa0 [ 512.390005][ T7509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.390184][ T7509] RIP: 0033:0x7ffac8d9c799 [ 512.390306][ T7509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 512.390454][ T7509] RSP: 002b:00007ffac9b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.390607][ T7509] RAX: ffffffffffffffda RBX: 00007ffac9015fa0 RCX: 00007ffac8d9c799 [ 512.390724][ T7509] RDX: 00002000000003c0 RSI: 00000000400454d9 RDI: 0000000000000003 [ 512.390830][ T7509] RBP: 00007ffac9b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 512.390932][ T7509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.391028][ T7509] R13: 00007ffac9016038 R14: 00007ffac9015fa0 R15: 00007ffdda50e568 [ 512.391186][ T7509] [ 512.391247][ T7509] ERROR: Out of memory at tomoyo_realpath_from_path. [ 513.236719][ T7516] loop2: detected capacity change from 0 to 512 [ 515.163129][ T7539] netlink: 60 bytes leftover after parsing attributes in process `syz.0.346'. [ 515.315111][ T5831] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 515.504534][ T5831] usb 3-1: device descriptor read/64, error -71 [ 515.747953][ T7543] FAULT_INJECTION: forcing a failure. [ 515.747953][ T7543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.762080][ T5831] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 515.844972][ T7543] CPU: 1 UID: 0 PID: 7543 Comm: syz.3.347 Not tainted syzkaller #0 PREEMPT(full) [ 515.845134][ T7543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 515.845219][ T7543] Call Trace: [ 515.845271][ T7543] [ 515.845323][ T7543] __dump_stack+0x26/0x30 [ 515.845499][ T7543] dump_stack_lvl+0x14c/0x1c0 [ 515.845677][ T7543] dump_stack+0x1e/0x25 [ 515.845836][ T7543] should_fail_ex+0x7e2/0x8c0 [ 515.846030][ T7543] should_fail+0x2a/0x40 [ 515.846178][ T7543] should_fail_usercopy+0x2e/0x40 [ 515.846349][ T7543] _copy_to_user+0x35/0x120 [ 515.846520][ T7543] simple_read_from_buffer+0x1b2/0x340 [ 515.846882][ T7543] proc_fail_nth_read+0x1e0/0x2d0 [ 515.847088][ T7543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 515.847240][ T7543] vfs_read+0x27c/0xf90 [ 515.847412][ T7543] ? stack_depot_save_flags+0x35/0x790 [ 515.847564][ T7543] ? kmsan_get_metadata+0xf1/0x160 [ 515.847774][ T7543] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 515.847985][ T7543] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 515.848216][ T7543] ksys_read+0x1d9/0x470 [ 515.848416][ T7543] __x64_sys_read+0x97/0xf0 [ 515.848608][ T7543] x64_sys_call+0x311c/0x3ea0 [ 515.848796][ T7543] do_syscall_64+0x134/0xf80 [ 515.848938][ T7543] ? clear_bhb_loop+0x50/0xa0 [ 515.849109][ T7543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.849267][ T7543] RIP: 0033:0x7ffac8d5cfce [ 515.849375][ T7543] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 515.849499][ T7543] RSP: 002b:00007ffac9b9afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 515.849637][ T7543] RAX: ffffffffffffffda RBX: 00007ffac9b9b6c0 RCX: 00007ffac8d5cfce [ 515.849742][ T7543] RDX: 000000000000000f RSI: 00007ffac9b9b0a0 RDI: 0000000000000004 [ 515.849832][ T7543] RBP: 00007ffac9b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 515.849922][ T7543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.850007][ T7543] R13: 00007ffac9016038 R14: 00007ffac9015fa0 R15: 00007ffdda50e568 [ 515.850154][ T7543] [ 516.210217][ T5831] usb 3-1: device descriptor read/64, error -71 [ 516.325904][ T5831] usb usb3-port1: attempt power cycle [ 516.504152][ T7552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.348'. [ 516.704503][ T5831] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 516.772584][ T5831] usb 3-1: device descriptor read/8, error -71 [ 517.065222][ T5831] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 517.106533][ T5831] usb 3-1: device descriptor read/8, error -71 [ 517.236706][ T5831] usb usb3-port1: unable to enumerate USB device [ 517.394151][ T7560] FAULT_INJECTION: forcing a failure. [ 517.394151][ T7560] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.464132][ T7560] CPU: 0 UID: 0 PID: 7560 Comm: syz.0.350 Not tainted syzkaller #0 PREEMPT(full) [ 517.464281][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 517.464362][ T7560] Call Trace: [ 517.464413][ T7560] [ 517.464473][ T7560] __dump_stack+0x26/0x30 [ 517.464647][ T7560] dump_stack_lvl+0x14c/0x1c0 [ 517.464823][ T7560] dump_stack+0x1e/0x25 [ 517.464981][ T7560] should_fail_ex+0x7e2/0x8c0 [ 517.465166][ T7560] should_fail+0x2a/0x40 [ 517.465310][ T7560] should_fail_usercopy+0x2e/0x40 [ 517.465489][ T7560] _copy_from_user+0x33/0x100 [ 517.465652][ T7560] snd_rawmidi_kernel_write1+0x674/0xd50 [ 517.466006][ T7560] snd_rawmidi_write+0x9cb/0x1780 [ 517.466235][ T7560] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 517.466413][ T7560] vfs_writev+0xb34/0x1500 [ 517.466609][ T7560] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 517.466814][ T7560] ? kmsan_get_metadata+0xf1/0x160 [ 517.467021][ T7560] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 517.467244][ T7560] do_writev+0x235/0x5d0 [ 517.467409][ T7560] __x64_sys_writev+0x99/0xf0 [ 517.467622][ T7560] x64_sys_call+0x2182/0x3ea0 [ 517.467808][ T7560] do_syscall_64+0x134/0xf80 [ 517.467948][ T7560] ? clear_bhb_loop+0x50/0xa0 [ 517.468103][ T7560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.468256][ T7560] RIP: 0033:0x7f893c59c799 [ 517.468363][ T7560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.468489][ T7560] RSP: 002b:00007f893d42b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 517.468616][ T7560] RAX: ffffffffffffffda RBX: 00007f893c815fa0 RCX: 00007f893c59c799 [ 517.468716][ T7560] RDX: 0000000000000001 RSI: 0000200000000840 RDI: 0000000000000003 [ 517.468804][ T7560] RBP: 00007f893d42b090 R08: 0000000000000000 R09: 0000000000000000 [ 517.468892][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.468973][ T7560] R13: 00007f893c816038 R14: 00007f893c815fa0 R15: 00007ffcf7ad95c8 [ 517.469112][ T7560] [ 518.113036][ T5070] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 518.141908][ T5070] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 518.204506][ T5070] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 518.233338][ T5070] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 518.257404][ T5070] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 518.325900][ T7565] netlink: 36 bytes leftover after parsing attributes in process `syz.2.352'. [ 518.704551][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 518.769470][ T7574] 9p: Bad value for 'wfdno' [ 518.881963][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 518.910664][ T7565] syzkaller0: entered promiscuous mode [ 518.916853][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 518.955900][ T7565] syzkaller0: entered allmulticast mode [ 518.976054][ T24] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 519.002042][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.035255][ T24] usb 1-1: Product: syz [ 519.039679][ T24] usb 1-1: Manufacturer: syz [ 519.143625][ T24] usb 1-1: SerialNumber: syz [ 519.226081][ T24] usb 1-1: config 0 descriptor?? [ 519.501338][ T7571] loop0: detected capacity change from 0 to 256 [ 519.576502][ T7571] FAT-fs (loop0): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 519.990610][ T7571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.038886][ T7571] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.165854][ T5773] Bluetooth: hci0: unknown advertising packet type: 0x64 [ 520.166042][ T5773] Bluetooth: hci0: Dropping invalid advertising data [ 520.182752][ T24] usb 1-1: USB disconnect, device number 7 [ 520.195919][ T5773] Bluetooth: hci0: Malformed LE Event: 0x02 [ 520.352404][ T5773] Bluetooth: hci3: command tx timeout [ 521.349142][ T5978] FAT-fs (loop0): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 522.337322][ T7602] netlink: 60 bytes leftover after parsing attributes in process `syz.0.356'. [ 522.434629][ T5773] Bluetooth: hci3: command tx timeout [ 522.653657][ T1133] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.793203][ T5070] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 522.804090][ T5070] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 522.828661][ T5070] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 522.871503][ T5070] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 522.883076][ T5070] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 523.208209][ T1133] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.622290][ T1133] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.029021][ T1133] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 524.114744][ T7619] overlay: ./file0 is not a directory [ 524.504669][ T5070] Bluetooth: hci3: command tx timeout [ 524.697781][ T7626] netlink: 824 bytes leftover after parsing attributes in process `syz.3.362'. [ 524.754829][ T7626] netlink: 824 bytes leftover after parsing attributes in process `syz.3.362'. [ 524.855461][ T7626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.362'. [ 524.985078][ T5070] Bluetooth: hci5: command tx timeout [ 525.150104][ T7561] chnl_net:caif_netlink_parms(): no params data found [ 525.702178][ T7640] netlink: 40 bytes leftover after parsing attributes in process `syz.3.366'. [ 525.855365][ T1133] bridge_slave_1: left allmulticast mode [ 525.871494][ T1133] bridge_slave_1: left promiscuous mode [ 525.900965][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.975832][ T1133] bridge_slave_0: left allmulticast mode [ 525.981729][ T1133] bridge_slave_0: left promiscuous mode [ 526.005483][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.331055][ T7648] FAULT_INJECTION: forcing a failure. [ 526.331055][ T7648] name failslab, interval 1, probability 0, space 0, times 0 [ 526.406772][ T7648] CPU: 0 UID: 0 PID: 7648 Comm: syz.2.368 Not tainted syzkaller #0 PREEMPT(full) [ 526.406923][ T7648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 526.407008][ T7648] Call Trace: [ 526.407061][ T7648] [ 526.407114][ T7648] __dump_stack+0x26/0x30 [ 526.407290][ T7648] dump_stack_lvl+0x14c/0x1c0 [ 526.407469][ T7648] dump_stack+0x1e/0x25 [ 526.407639][ T7648] should_fail_ex+0x7e2/0x8c0 [ 526.407827][ T7648] should_failslab+0x158/0x200 [ 526.407977][ T7648] kmem_cache_alloc_noprof+0x146/0x1270 [ 526.408131][ T7648] ? do_getname+0x4a/0x530 [ 526.408269][ T7648] ? __msan_warning+0x1b/0x30 [ 526.408476][ T7648] do_getname+0x4a/0x530 [ 526.408620][ T7648] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 526.408825][ T7648] user_path_at+0x47/0x330 [ 526.408997][ T7648] ? bpf_obj_get+0x28a/0x2e0 [ 526.409151][ T7648] ? bpf_get_file_flag+0xb5/0xe0 [ 526.409344][ T7648] bpf_obj_get_user+0xb5/0x860 [ 526.409633][ T7648] ? kmsan_get_metadata+0xf1/0x160 [ 526.409840][ T7648] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 526.410065][ T7648] bpf_obj_get+0x28a/0x2e0 [ 526.410237][ T7648] __sys_bpf+0xc06/0xee0 [ 526.410441][ T7648] __x64_sys_bpf+0xa4/0xf0 [ 526.410593][ T7648] x64_sys_call+0x13d0/0x3ea0 [ 526.410790][ T7648] do_syscall_64+0x134/0xf80 [ 526.410933][ T7648] ? clear_bhb_loop+0x50/0xa0 [ 526.411096][ T7648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.411254][ T7648] RIP: 0033:0x7f294fd9c799 [ 526.411363][ T7648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 526.411487][ T7648] RSP: 002b:00007f2950cde028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 526.411634][ T7648] RAX: ffffffffffffffda RBX: 00007f2950015fa0 RCX: 00007f294fd9c799 [ 526.411739][ T7648] RDX: 0000000000000018 RSI: 0000200000000140 RDI: 0000000000000007 [ 526.411831][ T7648] RBP: 00007f2950cde090 R08: 0000000000000000 R09: 0000000000000000 [ 526.411922][ T7648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 526.412008][ T7648] R13: 00007f2950016038 R14: 00007f2950015fa0 R15: 00007ffd27c889b8 [ 526.412149][ T7648] [ 526.585601][ T5070] Bluetooth: hci3: command tx timeout [ 527.067488][ T5070] Bluetooth: hci5: command tx timeout [ 527.603570][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.796684][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 527.841069][ T1133] bond0 (unregistering): Released all slaves [ 528.038828][ T7657] loop0: detected capacity change from 0 to 512 [ 528.471799][ T7657] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 528.593606][ T7657] ext4 filesystem being mounted at /105/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 528.727342][ T7671] FAULT_INJECTION: forcing a failure. [ 528.727342][ T7671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.792716][ T7671] CPU: 1 UID: 0 PID: 7671 Comm: syz.2.372 Not tainted syzkaller #0 PREEMPT(full) [ 528.792865][ T7671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 528.792951][ T7671] Call Trace: [ 528.793003][ T7671] [ 528.793055][ T7671] __dump_stack+0x26/0x30 [ 528.793225][ T7671] dump_stack_lvl+0x14c/0x1c0 [ 528.793407][ T7671] dump_stack+0x1e/0x25 [ 528.793560][ T7671] should_fail_ex+0x7e2/0x8c0 [ 528.793747][ T7671] should_fail+0x2a/0x40 [ 528.793894][ T7671] should_fail_usercopy+0x2e/0x40 [ 528.794062][ T7671] strncpy_from_user+0x38/0x4b0 [ 528.794269][ T7671] ? __msan_memcpy+0x105/0x1c0 [ 528.794469][ T7671] __se_sys_memfd_create+0x5d6/0xb10 [ 528.794644][ T7671] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 528.794867][ T7671] __x64_sys_memfd_create+0x78/0xb0 [ 528.795048][ T7671] x64_sys_call+0x256c/0x3ea0 [ 528.795238][ T7671] do_syscall_64+0x134/0xf80 [ 528.795390][ T7671] ? clear_bhb_loop+0x50/0xa0 [ 528.795552][ T7671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.795707][ T7671] RIP: 0033:0x7f294fd9c799 [ 528.795816][ T7671] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 528.795941][ T7671] RSP: 002b:00007f2950cdde08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 528.796094][ T7671] RAX: ffffffffffffffda RBX: 0000000000000140 RCX: 00007f294fd9c799 [ 528.796194][ T7671] RDX: 00007f2950cddee0 RSI: 0000000000000000 RDI: 00007f294fe32db9 [ 528.796290][ T7671] RBP: 0000200000000200 R08: 00000000ffffffff R09: 0000000000000000 [ 528.796389][ T7671] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000180 [ 528.796482][ T7671] R13: 00007f2950cddee0 R14: 00007f2950cddea0 R15: 00002000000001c0 [ 528.796623][ T7671] [ 529.170500][ T5070] Bluetooth: hci5: command tx timeout [ 529.324118][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.332848][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.199216][ T7655] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 530.373279][ T7655] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 531.284806][ T5070] Bluetooth: hci5: command tx timeout [ 533.009439][ T1133] hsr_slave_0: left promiscuous mode [ 533.041995][ T1133] hsr_slave_1: left promiscuous mode [ 533.079728][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.087633][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.112043][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.121990][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 533.122083][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 533.191108][ T1133] veth1_macvtap: left promiscuous mode [ 533.231552][ T1133] veth0_macvtap: left promiscuous mode [ 533.247331][ T1133] veth1_vlan: left promiscuous mode [ 533.261274][ T1133] veth0_vlan: left promiscuous mode [ 536.392512][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 536.435525][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 537.187279][ T5989] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.373702][ T5989] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.440626][ T5989] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.451867][ T7716] loop3: detected capacity change from 0 to 512 [ 537.607495][ T5989] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.676104][ T7716] EXT4-fs error (device loop3): ext4_iget_extra_inode:5025: inode #15: comm syz.3.382: corrupted in-inode xattr: e_value size too large [ 537.754517][ T7716] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 537.762463][ T7716] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.382: couldn't read orphan inode 15 (err -117) [ 537.772231][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 537.772329][ C1] EXT4-fs (loop3): initial error at time 1772781470: ext4_iget_extra_inode:5025: inode 15 [ 537.772503][ C1] EXT4-fs (loop3): last error at time 1772781470: ext4_iget_extra_inode:5025: inode 15 [ 537.913571][ T7716] loop3: lost filesystem error report for type 5 error -117 [ 537.945903][ T7716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 538.315605][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.476109][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.514958][ T7561] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.524158][ T7561] bridge_slave_0: entered allmulticast mode [ 538.608171][ T7561] bridge_slave_0: entered promiscuous mode [ 538.697653][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.720730][ T7561] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.760615][ T7561] bridge_slave_1: entered allmulticast mode [ 538.795746][ T7561] bridge_slave_1: entered promiscuous mode [ 538.917464][ T7607] chnl_net:caif_netlink_parms(): no params data found [ 539.462250][ T7561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.771324][ T1133] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.824039][ T7561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.159783][ T1133] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.420364][ T7561] team0: Port device team_slave_0 added [ 540.460491][ T7748] 8021q: VLANs not supported on caif0 [ 540.622173][ T1133] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.682731][ T7561] team0: Port device team_slave_1 added [ 540.913249][ T1133] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.043990][ T7751] loop0: detected capacity change from 0 to 4096 [ 541.198885][ T7751] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 541.278769][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.357447][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 541.474819][ T7561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.896108][ T7561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.946546][ T7561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 542.059682][ T7561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 542.198220][ T7607] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.243890][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.284104][ T7607] bridge_slave_0: entered allmulticast mode [ 542.305443][ T7607] bridge_slave_0: entered promiscuous mode [ 542.371332][ T7607] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.388852][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.400460][ T7607] bridge_slave_1: entered allmulticast mode [ 542.448912][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.478969][ T7607] bridge_slave_1: entered promiscuous mode [ 543.356284][ T7607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 543.458738][ T7607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.591398][ T7561] hsr_slave_0: entered promiscuous mode [ 543.655062][ T7561] hsr_slave_1: entered promiscuous mode [ 543.711019][ T1133] bridge_slave_1: left allmulticast mode [ 543.736092][ T1133] bridge_slave_1: left promiscuous mode [ 543.742788][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.774077][ T1133] bridge_slave_0: left allmulticast mode [ 543.788163][ T1133] bridge_slave_0: left promiscuous mode [ 543.804402][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.854623][ T24] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 544.040337][ T24] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 544.051021][ T24] usb 3-1: config 0 has no interface number 0 [ 544.094590][ T24] usb 3-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 544.201122][ T24] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 544.221929][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.242707][ T24] usb 3-1: Product: syz [ 544.253172][ T24] usb 3-1: Manufacturer: syz [ 544.300649][ T24] usb 3-1: SerialNumber: syz [ 544.361210][ T24] usb 3-1: config 0 descriptor?? [ 544.395616][ T7778] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 545.421338][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 545.492900][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 545.545979][ T1133] bond0 (unregistering): Released all slaves [ 546.022856][ T24] plusb 3-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, c2:52:2b:1a:f4:0c [ 546.073932][ T7607] team0: Port device team_slave_0 added [ 546.117541][ T24] usb 3-1: USB disconnect, device number 10 [ 546.137415][ T24] plusb 3-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 546.169005][ T7607] team0: Port device team_slave_1 added [ 546.279884][ T1133] hsr_slave_0: left promiscuous mode [ 546.327137][ T1133] hsr_slave_1: left promiscuous mode [ 546.336031][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 546.343614][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 546.383687][ T7794] SQUASHFS error: Failed to read block 0x0: -5 [ 546.433028][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 546.445401][ T7794] unable to read squashfs_super_block [ 546.483364][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 546.626926][ T1133] veth1_macvtap: left promiscuous mode [ 546.659356][ T1133] veth0_macvtap: left promiscuous mode [ 546.692840][ T1133] veth1_vlan: left promiscuous mode [ 546.722556][ T1133] veth0_vlan: left promiscuous mode [ 547.046789][ T7800] FAULT_INJECTION: forcing a failure. [ 547.046789][ T7800] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 547.130049][ T7801] loop2: detected capacity change from 0 to 16 [ 547.130168][ T7800] CPU: 0 UID: 0 PID: 7800 Comm: syz.0.402 Not tainted syzkaller #0 PREEMPT(full) [ 547.130545][ T7800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 547.130734][ T7800] Call Trace: [ 547.130850][ T7800] [ 547.130974][ T7800] __dump_stack+0x26/0x30 [ 547.131358][ T7800] dump_stack_lvl+0x14c/0x1c0 [ 547.131781][ T7800] dump_stack+0x1e/0x25 [ 547.132153][ T7800] should_fail_ex+0x7e2/0x8c0 [ 547.132562][ T7800] should_fail+0x2a/0x40 [ 547.132905][ T7800] should_fail_usercopy+0x2e/0x40 [ 547.133328][ T7800] strncpy_from_user+0x38/0x4b0 [ 547.133813][ T7800] ? __msan_memcpy+0x105/0x1c0 [ 547.134278][ T7800] __se_sys_memfd_create+0x5d6/0xb10 [ 547.134713][ T7800] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 547.135187][ T7800] __x64_sys_memfd_create+0x78/0xb0 [ 547.135568][ T7800] x64_sys_call+0x256c/0x3ea0 [ 547.136025][ T7800] do_syscall_64+0x134/0xf80 [ 547.136341][ T7800] ? clear_bhb_loop+0x50/0xa0 [ 547.136529][ T7800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.136686][ T7800] RIP: 0033:0x7f893c59c799 [ 547.136947][ T7800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.137217][ T7800] RSP: 002b:00007f893d42ae08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 547.137530][ T7800] RAX: ffffffffffffffda RBX: 00000000000001b4 RCX: 00007f893c59c799 [ 547.137773][ T7800] RDX: 00007f893d42aee0 RSI: 0000000000000000 RDI: 00007f893c632db9 [ 547.137992][ T7800] RBP: 0000200000000280 R08: 00000000ffffffff R09: 0000000000000000 [ 547.138218][ T7800] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000200 [ 547.138444][ T7800] R13: 00007f893d42aee0 R14: 00007f893d42aea0 R15: 0000200000000240 [ 547.138775][ T7800] [ 549.636688][ T1133] team0 (unregistering): Port device team_slave_1 removed [ 549.710251][ T1133] team0 (unregistering): Port device team_slave_0 removed [ 549.750915][ T7826] loop0: detected capacity change from 0 to 512 [ 549.792161][ T7826] msdos: Unknown parameter 'msdos' [ 550.697393][ T7834] netlink: 'syz.2.409': attribute type 11 has an invalid length. [ 550.726399][ T7834] netlink: 36 bytes leftover after parsing attributes in process `syz.2.409'. [ 551.622486][ T7607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 551.679896][ T7607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 551.855878][ T7607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.723355][ T7607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.765143][ T7607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 554.083177][ T7607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 554.213700][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 554.815341][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 554.958777][ T24] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 554.967665][ T24] usb 1-1: config 0 has no interface number 0 [ 554.973893][ T24] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 555.025629][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 555.035927][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.045814][ T24] usb 1-1: Product: syz [ 555.050195][ T24] usb 1-1: Manufacturer: syz [ 555.064473][ T24] usb 1-1: SerialNumber: syz [ 555.089415][ T24] usb 1-1: config 0 descriptor?? [ 555.151726][ T7849] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 555.367072][ T7852] loop3: detected capacity change from 0 to 512 [ 555.482233][ T7849] loop0: detected capacity change from 0 to 164 [ 555.530732][ T7852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 555.659070][ T7852] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 555.715987][ T24] asix 1-1:0.188: probe with driver asix failed with error -71 [ 555.763329][ T24] usb 1-1: USB disconnect, device number 8 [ 556.010207][ T7607] hsr_slave_0: entered promiscuous mode [ 556.068304][ T7607] hsr_slave_1: entered promiscuous mode [ 556.093882][ T7607] debugfs: 'hsr0' already exists in 'hsr' [ 556.100809][ T7607] Cannot create hsr debugfs directory [ 556.347045][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.386153][ T7868] netlink: 16 bytes leftover after parsing attributes in process `syz.0.418'. [ 559.494618][ T7561] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 559.593146][ T7561] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 559.708008][ T7561] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 559.857269][ T7561] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 559.914830][ T5823] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 560.094775][ T5823] usb 3-1: Using ep0 maxpacket: 32 [ 560.132074][ T5823] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 560.159988][ T5823] usb 3-1: config 0 has no interface number 0 [ 560.197962][ T5823] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 560.253068][ T5823] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 560.253232][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.253369][ T5823] usb 3-1: Product: syz [ 560.253472][ T5823] usb 3-1: Manufacturer: syz [ 560.253576][ T5823] usb 3-1: SerialNumber: syz [ 560.288479][ T5823] usb 3-1: config 0 descriptor?? [ 560.307297][ T7897] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 560.350539][ T7905] tmpfs: Bad value for 'mpol' [ 560.682421][ T7897] loop2: detected capacity change from 0 to 164 [ 560.877133][ T5823] asix 3-1:0.188: probe with driver asix failed with error -71 [ 561.066138][ T5823] usb 3-1: USB disconnect, device number 11 [ 561.481330][ T7607] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 561.625338][ T7607] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 561.762401][ T7915] netlink: 16 bytes leftover after parsing attributes in process `syz.0.431'. [ 561.770378][ T7914] tmpfs: Bad value for 'mpol' [ 561.803376][ T7607] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 561.983474][ T7607] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 562.903529][ T7561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 563.167316][ T7561] 8021q: adding VLAN 0 to HW filter on device team0 [ 563.174617][ T5823] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 563.326162][ T995] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.333950][ T995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 563.354340][ T5823] usb 3-1: Using ep0 maxpacket: 16 [ 563.396376][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 563.457707][ T5823] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 563.511533][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.526986][ T5823] usb 3-1: Product: syz [ 563.542346][ T5823] usb 3-1: Manufacturer: syz [ 563.562985][ T5823] usb 3-1: SerialNumber: syz [ 563.596400][ T5823] usb 3-1: config 0 descriptor?? [ 563.638798][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.646504][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 563.767170][ T5823] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 563.872228][ T7936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.436'. [ 564.377965][ T9] usb 3-1: USB disconnect, device number 12 [ 564.456439][ T56] usb 3-1: Failed to submit usb control message: -71 [ 564.575628][ T56] usb 3-1: unable to send the bmi data to the device: -71 [ 564.655702][ T56] usb 3-1: unable to get target info from device [ 564.662288][ T56] usb 3-1: could not get target info (-71) [ 564.751793][ T56] usb 3-1: could not probe fw (-71) [ 566.246130][ T7607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.552464][ T7607] 8021q: adding VLAN 0 to HW filter on device team0 [ 566.645794][ T7628] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 566.683800][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.691463][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.763195][ T7955] netlink: 16 bytes leftover after parsing attributes in process `syz.2.442'. [ 566.865648][ T7628] usb 4-1: Using ep0 maxpacket: 32 [ 566.907579][ T7628] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 566.919919][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.927588][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.962441][ T7628] usb 4-1: config 0 has no interface number 0 [ 567.003569][ T7628] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 567.032148][ T7628] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 567.081641][ T7628] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.113017][ T7628] usb 4-1: Product: syz [ 567.141666][ T7628] usb 4-1: Manufacturer: syz [ 567.154568][ T7628] usb 4-1: SerialNumber: syz [ 567.224508][ T7628] usb 4-1: config 0 descriptor?? [ 567.236875][ T7949] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 567.553497][ T7960] tmpfs: Bad value for 'mpol' [ 567.599507][ T7628] asix 4-1:0.188: probe with driver asix failed with error -71 [ 567.724111][ T7628] usb 4-1: USB disconnect, device number 7 [ 568.614673][ T7970] xt_TCPMSS: Only works on TCP SYN packets [ 568.791672][ T7561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 568.814921][ T7970] futex_wake_op: syz.2.445 tries to shift op by 32; fix this program [ 568.925669][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.445'. [ 568.947273][ T7970] netlink: 'syz.2.445': attribute type 2 has an invalid length. [ 569.382224][ T7981] loop0: detected capacity change from 0 to 512 [ 569.684668][ T7981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 569.745224][ T7981] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 570.454893][ T9] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 570.750673][ T9] usb 1-1: not running at top speed; connect to a high speed hub [ 570.874090][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 570.991663][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 571.180600][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 571.283286][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.384712][ T9] usb 1-1: Product: ᠁ [ 571.399008][ T7607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 571.408566][ T9] usb 1-1: Manufacturer: 俇褐ꎱ㲲잠ⲅ歹婠۠䆷龜ᘥ㉛ᧈᲜ荹ï縝䈃₶苳뤀迓夜裖苬掱ꬔ필졡좺⿇娽촭簙뷀쩱⚋孃ɳ쬤わ訙證後쥍圗㪙 [ 571.550581][ T9] usb 1-1: SerialNumber: syz [ 571.658702][ T9] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 571.751139][ T9] usb 1-1: no configuration chosen from 1 choice [ 572.483343][ T7628] usb 1-1: USB disconnect, device number 9 [ 572.699551][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.707273][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.737254][ T8014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.452'. [ 572.808953][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 573.583364][ T7561] veth0_vlan: entered promiscuous mode [ 573.736496][ T7561] veth1_vlan: entered promiscuous mode [ 573.764694][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 573.773418][ T7628] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 573.949690][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 573.965066][ T7628] usb 4-1: Using ep0 maxpacket: 32 [ 573.987458][ T7628] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 574.027196][ T7628] usb 4-1: config 0 has no interface number 0 [ 574.031710][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 574.033529][ T7628] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 574.103451][ T7628] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 574.154525][ T7628] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.177007][ T9] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 574.185757][ T7628] usb 4-1: Product: syz [ 574.190565][ T7628] usb 4-1: Manufacturer: syz [ 574.200541][ T7561] veth0_macvtap: entered promiscuous mode [ 574.234741][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.253765][ T7628] usb 4-1: SerialNumber: syz [ 574.282319][ T9] usb 1-1: Product: syz [ 574.302425][ T8027] tmpfs: Bad value for 'mpol' [ 574.308721][ T9] usb 1-1: Manufacturer: syz [ 574.313542][ T9] usb 1-1: SerialNumber: syz [ 574.320367][ T7628] usb 4-1: config 0 descriptor?? [ 574.333813][ T7561] veth1_macvtap: entered promiscuous mode [ 574.370473][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 574.441338][ T9] usb 1-1: config 0 descriptor?? [ 574.495081][ T9] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 574.757087][ T7628] asix 4-1:0.188: probe with driver asix failed with error -71 [ 574.946435][ T995] usb 1-1: Failed to submit usb control message: -71 [ 574.950219][ T9] usb 1-1: USB disconnect, device number 10 [ 574.957824][ T7628] usb 4-1: USB disconnect, device number 8 [ 574.991133][ T995] usb 1-1: unable to send the bmi data to the device: -71 [ 575.037417][ T995] usb 1-1: unable to get target info from device [ 575.094951][ T995] usb 1-1: could not get target info (-71) [ 575.101040][ T995] usb 1-1: could not probe fw (-71) [ 575.155913][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 575.383414][ T7561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 575.517602][ T6005] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.555382][ T6498] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.749713][ T6498] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.771286][ T6498] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.043265][ T7607] veth0_vlan: entered promiscuous mode [ 576.239611][ T7607] veth1_vlan: entered promiscuous mode [ 577.223848][ T7607] veth0_macvtap: entered promiscuous mode [ 577.508597][ T7607] veth1_macvtap: entered promiscuous mode [ 578.375026][ T7607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.646516][ T7607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.893393][ T5978] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.941255][ T5978] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.041536][ T5978] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.104985][ T5978] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.859342][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 579.880241][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 579.897112][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 579.936887][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 579.970987][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 581.378556][ T7908] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 581.579088][ T7908] usb 3-1: Using ep0 maxpacket: 32 [ 582.104732][ T5773] Bluetooth: hci1: command tx timeout [ 582.545024][ T7908] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 582.553477][ T7908] usb 3-1: config 0 has no interface number 0 [ 582.563956][ T7908] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 582.584125][ T7908] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 582.989514][ T7908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.004424][ T7908] usb 3-1: Product: syz [ 583.008851][ T7908] usb 3-1: Manufacturer: syz [ 583.013673][ T7908] usb 3-1: SerialNumber: syz [ 583.029284][ T7908] usb 3-1: config 0 descriptor?? [ 583.038784][ T8081] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 583.385605][ T7908] asix 3-1:0.188: probe with driver asix failed with error -71 [ 583.450514][ T57] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.494047][ T7908] usb 3-1: USB disconnect, device number 13 [ 583.911955][ T57] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 584.117402][ T8071] chnl_net:caif_netlink_parms(): no params data found [ 584.185683][ T5773] Bluetooth: hci1: command tx timeout [ 585.127799][ T8100] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 585.133963][ T8100] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 586.155411][ T8100] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 586.162120][ T8100] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 586.220138][ T57] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.267992][ T5773] Bluetooth: hci1: command tx timeout [ 586.484482][ T8100] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 586.510179][ T8100] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 586.690480][ T57] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.640512][ T8100] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 587.655258][ T8100] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 587.825159][ T5070] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 587.845589][ T5070] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 587.855091][ T5070] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 587.879748][ T5070] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 587.910546][ T5070] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 588.012015][ T8121] loop2: detected capacity change from 0 to 4096 [ 588.030181][ T8121] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 588.082997][ T5773] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 588.125477][ T5773] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 588.166298][ T5773] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 588.184997][ T5773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 588.220864][ T5773] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 588.554618][ T8121] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 588.621822][ T8121] ntfs3(loop2): ino=19, mi_enum_attr [ 588.726709][ T8121] ntfs3(loop2): failed to convert "c46c" to macinuit [ 588.789740][ T8121] ntfs3(loop2): ino=20, mi_enum_attr [ 588.878493][ T8131] tmpfs: Bad value for 'mpol' [ 588.940494][ T8071] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.008286][ T8071] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.066822][ T8071] bridge_slave_0: entered allmulticast mode [ 589.191212][ T8071] bridge_slave_0: entered promiscuous mode [ 589.318400][ T57] bridge_slave_1: left allmulticast mode [ 589.343080][ T57] bridge_slave_1: left promiscuous mode [ 589.372588][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.502278][ T57] bridge_slave_0: left allmulticast mode [ 589.554877][ T57] bridge_slave_0: left promiscuous mode [ 589.593552][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.865544][ T7628] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 590.114106][ T7628] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 590.148540][ T7628] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 590.198795][ T7628] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 590.239641][ T7628] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.257231][ T8146] loop3: detected capacity change from 0 to 164 [ 590.259281][ T7628] usb 3-1: Product: syz [ 590.303934][ T7628] usb 3-1: Manufacturer: syz [ 590.324143][ T7628] usb 3-1: SerialNumber: syz [ 590.344675][ T5773] Bluetooth: hci3: command tx timeout [ 590.387574][ T7628] usb 3-1: config 0 descriptor?? [ 590.662733][ T8139] loop2: detected capacity change from 0 to 256 [ 590.768917][ T8139] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 591.188694][ T7628] usb 3-1: USB disconnect, device number 14 [ 591.490114][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 591.572112][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.691710][ T57] bond0 (unregistering): Released all slaves [ 591.755121][ T8071] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.807714][ T8071] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.839162][ T8071] bridge_slave_1: entered allmulticast mode [ 591.878479][ T8071] bridge_slave_1: entered promiscuous mode [ 592.380530][ T6005] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 592.758082][ T5773] Bluetooth: hci3: command tx timeout [ 594.455518][ T8071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 594.610310][ T8071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 594.827198][ T5773] Bluetooth: hci3: command tx timeout [ 594.892620][ T57] hsr_slave_0: left promiscuous mode [ 594.972848][ T57] hsr_slave_1: left promiscuous mode [ 595.017813][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 595.055380][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 595.087192][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 595.142307][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 595.237253][ T57] veth1_macvtap: left promiscuous mode [ 595.243023][ T57] veth0_macvtap: left promiscuous mode [ 595.283249][ T57] veth1_vlan: left promiscuous mode [ 595.299598][ T57] veth0_vlan: left promiscuous mode [ 595.457866][ T8172] loop0: detected capacity change from 0 to 4096 [ 595.517980][ T8172] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 595.848433][ T8172] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 595.888313][ T8172] ntfs3(loop0): ino=19, mi_enum_attr [ 595.966655][ T8172] ntfs3(loop0): failed to convert "c46c" to macinuit [ 595.985866][ T8172] ntfs3(loop0): ino=20, mi_enum_attr [ 596.560647][ T8184] loop3: detected capacity change from 0 to 64 [ 596.864931][ T8188] loop2: detected capacity change from 0 to 164 [ 596.912416][ T5773] Bluetooth: hci3: command tx timeout [ 597.662595][ T8199] loop0: detected capacity change from 0 to 128 [ 597.892002][ T57] team0 (unregistering): Port device team_slave_1 removed [ 598.097952][ T57] team0 (unregistering): Port device team_slave_0 removed [ 600.606677][ T8219] xt_TCPMSS: Only works on TCP SYN packets [ 600.815972][ T8220] futex_wake_op: syz.3.495 tries to shift op by 32; fix this program [ 601.014082][ T8071] team0: Port device team_slave_0 added [ 601.102933][ T8071] team0: Port device team_slave_1 added [ 601.523253][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 601.535074][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 601.586671][ T8224] loop0: detected capacity change from 0 to 4096 [ 601.602657][ T8071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 601.641524][ T8232] FAULT_INJECTION: forcing a failure. [ 601.641524][ T8232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.671150][ T8232] CPU: 1 UID: 0 PID: 8232 Comm: syz.2.498 Not tainted syzkaller #0 PREEMPT(full) [ 601.671314][ T8232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 601.671404][ T8232] Call Trace: [ 601.671460][ T8232] [ 601.671512][ T8232] __dump_stack+0x26/0x30 [ 601.671695][ T8232] dump_stack_lvl+0x14c/0x1c0 [ 601.671884][ T8232] dump_stack+0x1e/0x25 [ 601.672046][ T8232] should_fail_ex+0x7e2/0x8c0 [ 601.672238][ T8232] should_fail+0x2a/0x40 [ 601.672386][ T8232] should_fail_usercopy+0x2e/0x40 [ 601.672561][ T8232] _copy_to_user+0x35/0x120 [ 601.672727][ T8232] simple_read_from_buffer+0x1b2/0x340 [ 601.672976][ T8232] proc_fail_nth_read+0x1e0/0x2d0 [ 601.673147][ T8232] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.673302][ T8232] vfs_read+0x27c/0xf90 [ 601.673478][ T8232] ? stack_depot_save_flags+0x35/0x790 [ 601.673632][ T8232] ? kmsan_get_metadata+0xf1/0x160 [ 601.673844][ T8232] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 601.674064][ T8232] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.674279][ T8232] ksys_read+0x1d9/0x470 [ 601.674485][ T8232] __x64_sys_read+0x97/0xf0 [ 601.674681][ T8232] x64_sys_call+0x311c/0x3ea0 [ 601.674877][ T8232] do_syscall_64+0x134/0xf80 [ 601.675023][ T8232] ? clear_bhb_loop+0x50/0xa0 [ 601.675187][ T8232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.675349][ T8232] RIP: 0033:0x7f294fd5cfce [ 601.675472][ T8232] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 601.675603][ T8232] RSP: 002b:00007f2950cddfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 601.675749][ T8232] RAX: ffffffffffffffda RBX: 00007f2950cde6c0 RCX: 00007f294fd5cfce [ 601.675860][ T8232] RDX: 000000000000000f RSI: 00007f2950cde0a0 RDI: 0000000000000005 [ 601.675955][ T8232] RBP: 00007f2950cde090 R08: 0000000000000000 R09: 0000000000000000 [ 601.676048][ T8232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.676136][ T8232] R13: 00007f2950016038 R14: 00007f2950015fa0 R15: 00007ffd27c889b8 [ 601.676282][ T8232] [ 601.910028][ T8224] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 602.391522][ T8237] mmap: syz.2.500 (8237) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 602.422371][ T8237] overlayfs: missing 'workdir' [ 602.991246][ T8224] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 603.095726][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 603.140109][ T8224] ntfs3(loop0): ino=19, mi_enum_attr [ 603.183329][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 603.365442][ T8224] ntfs3(loop0): failed to convert "c46c" to macinuit [ 603.372596][ T8071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.436267][ T8224] ntfs3(loop0): ino=20, mi_enum_attr [ 604.614067][ T8071] hsr_slave_0: entered promiscuous mode [ 604.646549][ T8071] hsr_slave_1: entered promiscuous mode [ 605.030477][ T57] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.513471][ T57] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.822271][ T57] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.894686][ T10] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 606.076982][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 606.093716][ T57] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.134614][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 606.171842][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 57600, setting to 1024 [ 606.194964][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 606.208557][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 606.218296][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.314859][ T10] usb 3-1: config 0 descriptor?? [ 606.579273][ T8105] chnl_net:caif_netlink_parms(): no params data found [ 606.951446][ T10] input: HID 054c:03d5 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:03D5.0001/input/input14 [ 607.140738][ T10] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.2-1/input0 [ 607.271465][ T10] usb 3-1: USB disconnect, device number 15 [ 607.720884][ T8279] netlink: 16 bytes leftover after parsing attributes in process `syz.3.509'. [ 608.432843][ T8278] fido_id[8278]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 608.459334][ T30] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 608.704936][ T30] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 608.739677][ T30] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 608.792697][ T30] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 608.834441][ T30] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.842614][ T57] bridge_slave_1: left allmulticast mode [ 608.842712][ T30] usb 3-1: Product: syz [ 608.842870][ T30] usb 3-1: Manufacturer: syz [ 608.888162][ T57] bridge_slave_1: left promiscuous mode [ 608.908412][ T8286] loop0: detected capacity change from 0 to 4096 [ 608.922323][ T30] usb 3-1: SerialNumber: syz [ 608.935577][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.976378][ T30] usb 3-1: config 0 descriptor?? [ 609.020949][ T8286] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 609.069854][ T57] bridge_slave_0: left allmulticast mode [ 609.090824][ T57] bridge_slave_0: left promiscuous mode [ 609.127687][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.356267][ T8286] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 609.402257][ T8286] ntfs3(loop0): ino=19, mi_enum_attr [ 609.434945][ T8285] loop2: detected capacity change from 0 to 256 [ 609.513891][ T8285] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 609.572973][ T8286] ntfs3(loop0): failed to convert "c46c" to macinuit [ 609.686890][ T8286] ntfs3(loop0): ino=20, mi_enum_attr [ 609.979568][ T8285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.013874][ T8285] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.130331][ T7908] usb 3-1: USB disconnect, device number 16 [ 611.236464][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 611.303596][ T5978] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 611.385905][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 611.419201][ T57] bond0 (unregistering): Released all slaves [ 612.011972][ T57] hsr_slave_0: left promiscuous mode [ 612.060287][ T57] hsr_slave_1: left promiscuous mode [ 612.078367][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 612.109565][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 612.140880][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.179784][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.232190][ T57] veth1_macvtap: left promiscuous mode [ 612.238607][ T57] veth0_macvtap: left promiscuous mode [ 612.255316][ T57] veth1_vlan: left promiscuous mode [ 612.261217][ T57] veth0_vlan: left promiscuous mode [ 615.175720][ T8327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 615.196301][ T8327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 615.314739][ T30] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 615.535472][ T30] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 615.543830][ T30] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 615.574426][ T30] usb 1-1: config 0 has no interface number 0 [ 615.591249][ T30] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 615.635110][ T57] team0 (unregistering): Port device team_slave_1 removed [ 615.650751][ T30] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.684561][ T30] usb 1-1: Product: syz [ 615.688999][ T30] usb 1-1: Manufacturer: syz [ 615.693805][ T30] usb 1-1: SerialNumber: syz [ 615.722091][ T57] team0 (unregistering): Port device team_slave_0 removed [ 615.756386][ T30] usb 1-1: config 0 descriptor?? [ 615.795081][ T30] uvcvideo 1-1:0.64: probe with driver uvcvideo failed with error -22 [ 615.987073][ T7908] usb 1-1: USB disconnect, device number 11 [ 617.277403][ T8105] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.299634][ T8105] bridge0: port 1(bridge_slave_0) entered disabled state [ 617.326348][ T8105] bridge_slave_0: entered allmulticast mode [ 617.365298][ T8105] bridge_slave_0: entered promiscuous mode [ 617.594379][ T8105] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.602123][ T8105] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.704891][ T8105] bridge_slave_1: entered allmulticast mode [ 617.713660][ T8105] bridge_slave_1: entered promiscuous mode [ 617.896372][ T8343] FAULT_INJECTION: forcing a failure. [ 617.896372][ T8343] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 617.912975][ T8343] CPU: 1 UID: 0 PID: 8343 Comm: syz.2.524 Not tainted syzkaller #0 PREEMPT(full) [ 617.913131][ T8343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 617.913219][ T8343] Call Trace: [ 617.913271][ T8343] [ 617.913329][ T8343] __dump_stack+0x26/0x30 [ 617.913510][ T8343] dump_stack_lvl+0x14c/0x1c0 [ 617.913692][ T8343] dump_stack+0x1e/0x25 [ 617.913856][ T8343] should_fail_ex+0x7e2/0x8c0 [ 617.914043][ T8343] should_fail_alloc_page+0x222/0x240 [ 617.914205][ T8343] __alloc_frozen_pages_noprof+0x374/0x1020 [ 617.914511][ T8343] alloc_pages_mpol+0x328/0x860 [ 617.914778][ T8343] alloc_pages_noprof+0x101/0x280 [ 617.915001][ T8343] pte_alloc_one+0x3c/0x350 [ 617.915263][ T8343] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 617.915493][ T8343] do_pte_missing+0x2050/0x73d0 [ 617.915742][ T8343] ? __thp_vma_allowable_orders+0xdf8/0x12a0 [ 617.915984][ T8343] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 617.916216][ T8343] handle_mm_fault+0x2d96/0x6fc0 [ 617.916525][ T8343] do_user_addr_fault+0xfd1/0x2510 [ 617.916776][ T8343] exc_page_fault+0x70/0xb0 [ 617.917015][ T8343] asm_exc_page_fault+0x2b/0x30 [ 617.917163][ T8343] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 617.917361][ T8343] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 3d 75 05 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 617.917494][ T8343] RSP: 0018:ffff888119ee7ca0 EFLAGS: 00050212 [ 617.917628][ T8343] RAX: 00007ffffffff000 RBX: ffff888046648bb8 RCX: 0000000000000010 [ 617.917741][ T8343] RDX: ffff888046248b94 RSI: 0000200000004ff0 RDI: ffff888119ee7ce0 [ 617.917858][ T8343] RBP: ffff888119ee7cd0 R08: ffffea000000000f R09: 0000000000000000 [ 617.917969][ T8343] R10: ffff888123e0fd70 R11: 0000000000000000 R12: 0000200000004ff0 [ 617.918071][ T8343] R13: ffff88812460fcc0 R14: 0000000000000010 R15: ffff888119ee7ce0 [ 617.918213][ T8343] ? _copy_from_user+0x94/0x100 [ 617.918386][ T8343] __sys_sendto+0x2e9/0xae0 [ 617.918619][ T8343] ? vfs_write+0x13df/0x15c0 [ 617.918805][ T8343] ? kmsan_get_metadata+0xf1/0x160 [ 617.919014][ T8343] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 617.919241][ T8343] ? fput+0x113/0x160 [ 617.919384][ T8343] ? kmsan_get_metadata+0xf1/0x160 [ 617.919608][ T8343] __x64_sys_sendto+0x130/0x200 [ 617.919838][ T8343] x64_sys_call+0x39a0/0x3ea0 [ 617.920031][ T8343] do_syscall_64+0x134/0xf80 [ 617.920175][ T8343] ? clear_bhb_loop+0x50/0xa0 [ 617.920337][ T8343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.920497][ T8343] RIP: 0033:0x7f294fd9c799 [ 617.920605][ T8343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 617.920743][ T8343] RSP: 002b:00007f2950cde028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 617.920893][ T8343] RAX: ffffffffffffffda RBX: 00007f2950015fa0 RCX: 00007f294fd9c799 [ 617.921003][ T8343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 617.921097][ T8343] RBP: 00007f2950cde090 R08: 0000200000004ff0 R09: 0000000000000010 [ 617.921200][ T8343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.921296][ T8343] R13: 00007f2950016038 R14: 00007f2950015fa0 R15: 00007ffd27c889b8 [ 617.921439][ T8343] [ 618.847914][ T8105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.940883][ T8105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.437925][ T8105] team0: Port device team_slave_0 added [ 619.503313][ T8105] team0: Port device team_slave_1 added [ 619.831452][ T8105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.842224][ T8105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 619.870349][ T8105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.917145][ T8105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.927483][ T8105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 619.972896][ T8105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.214039][ T8071] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 620.400634][ T8071] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 620.456062][ T8366] loop0: detected capacity change from 0 to 64 [ 620.568587][ T8366] hfs: hfs: Invalid key length: 94 [ 620.605056][ T8366] capability: warning: `syz.0.531' uses 32-bit capabilities (legacy support in use) [ 620.650121][ T8071] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 621.007559][ T8071] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 621.823662][ T8105] hsr_slave_0: entered promiscuous mode [ 621.835932][ T8105] hsr_slave_1: entered promiscuous mode [ 621.846006][ T8105] debugfs: 'hsr0' already exists in 'hsr' [ 621.851942][ T8105] Cannot create hsr debugfs directory [ 622.105693][ T30] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 622.314565][ T30] usb 1-1: Using ep0 maxpacket: 8 [ 622.343931][ T30] usb 1-1: too many configurations: 187, using maximum allowed: 8 [ 622.397444][ T30] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 622.424730][ T30] usb 1-1: can't read configurations, error -61 [ 622.564711][ T30] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 622.746067][ T30] usb 1-1: Using ep0 maxpacket: 8 [ 622.757907][ T30] usb 1-1: too many configurations: 187, using maximum allowed: 8 [ 622.812173][ T30] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 622.837572][ T30] usb 1-1: can't read configurations, error -61 [ 622.860734][ T30] usb usb1-port1: attempt power cycle [ 622.913501][ T8381] FAULT_INJECTION: forcing a failure. [ 622.913501][ T8381] name failslab, interval 1, probability 0, space 0, times 0 [ 622.960364][ T8381] CPU: 1 UID: 0 PID: 8381 Comm: syz.3.535 Not tainted syzkaller #0 PREEMPT(full) [ 622.960523][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 622.960628][ T8381] Call Trace: [ 622.960684][ T8381] [ 622.960734][ T8381] __dump_stack+0x26/0x30 [ 622.960913][ T8381] dump_stack_lvl+0x14c/0x1c0 [ 622.961092][ T8381] dump_stack+0x1e/0x25 [ 622.961254][ T8381] should_fail_ex+0x7e2/0x8c0 [ 622.961431][ T8381] should_failslab+0x158/0x200 [ 622.961566][ T8381] kmem_cache_alloc_noprof+0x146/0x1270 [ 622.961703][ T8381] ? kmsan_get_metadata+0xf1/0x160 [ 622.961906][ T8381] ? security_inode_alloc+0x85/0x6c0 [ 622.962071][ T8381] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 622.962272][ T8381] security_inode_alloc+0x85/0x6c0 [ 622.962426][ T8381] inode_init_always_gfp+0x755/0x890 [ 622.962718][ T8381] alloc_inode+0x129/0x4a0 [ 622.962859][ T8381] __sock_create+0x203/0xec0 [ 622.963041][ T8381] __sys_socket+0x133/0x400 [ 622.963198][ T8381] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 622.963402][ T8381] __x64_sys_socket+0x95/0x100 [ 622.963578][ T8381] x64_sys_call+0x154c/0x3ea0 [ 622.963761][ T8381] do_syscall_64+0x134/0xf80 [ 622.963892][ T8381] ? clear_bhb_loop+0x50/0xa0 [ 622.964036][ T8381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.964181][ T8381] RIP: 0033:0x7ffac8d9c799 [ 622.964288][ T8381] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 622.964419][ T8381] RSP: 002b:00007ffac9b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 622.964561][ T8381] RAX: ffffffffffffffda RBX: 00007ffac9015fa0 RCX: 00007ffac8d9c799 [ 622.964669][ T8381] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 622.964765][ T8381] RBP: 00007ffac9b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 622.964858][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.964949][ T8381] R13: 00007ffac9016038 R14: 00007ffac9015fa0 R15: 00007ffdda50e568 [ 622.965093][ T8381] [ 623.306203][ T8381] socket: no more sockets [ 623.534587][ T30] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 623.984143][ T30] usb 1-1: device descriptor read/8, error -71 [ 624.132725][ T5769] hfs: node 4:3 still has 1 user(s)! [ 624.355272][ T8071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 624.768497][ T8071] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.883342][ T8105] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 624.988456][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.996161][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.063090][ T8105] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 625.158534][ T8105] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 625.345106][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.352660][ T5978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.408183][ T8105] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 628.345358][ T8427] FAULT_INJECTION: forcing a failure. [ 628.345358][ T8427] name failslab, interval 1, probability 0, space 0, times 0 [ 628.364910][ T8427] CPU: 1 UID: 0 PID: 8427 Comm: syz.3.544 Not tainted syzkaller #0 PREEMPT(full) [ 628.365063][ T8427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 628.365152][ T8427] Call Trace: [ 628.365203][ T8427] [ 628.365257][ T8427] __dump_stack+0x26/0x30 [ 628.365429][ T8427] dump_stack_lvl+0x14c/0x1c0 [ 628.365607][ T8427] dump_stack+0x1e/0x25 [ 628.365765][ T8427] should_fail_ex+0x7e2/0x8c0 [ 628.365964][ T8427] should_failslab+0x158/0x200 [ 628.366160][ T8427] __kmalloc_noprof+0x1e0/0x1680 [ 628.366311][ T8427] ? tomoyo_encode+0x603/0x9f0 [ 628.366497][ T8427] ? kmsan_get_metadata+0xf1/0x160 [ 628.366706][ T8427] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 628.366941][ T8427] tomoyo_encode+0x603/0x9f0 [ 628.367134][ T8427] tomoyo_realpath_from_path+0x92e/0x9f0 [ 628.367314][ T8427] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 628.367556][ T8427] tomoyo_path_number_perm+0x1d0/0x7d0 [ 628.367808][ T8427] ? kmsan_get_metadata+0xf1/0x160 [ 628.368069][ T8427] tomoyo_file_ioctl+0x3d/0x50 [ 628.368237][ T8427] security_file_ioctl+0x139/0x570 [ 628.368434][ T8427] __se_sys_ioctl+0xbb/0x400 [ 628.368627][ T8427] __x64_sys_ioctl+0x97/0xe0 [ 628.368824][ T8427] x64_sys_call+0x1975/0x3ea0 [ 628.369008][ T8427] do_syscall_64+0x134/0xf80 [ 628.369150][ T8427] ? clear_bhb_loop+0x50/0xa0 [ 628.369310][ T8427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.369468][ T8427] RIP: 0033:0x7ffac8d9c799 [ 628.369578][ T8427] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.369710][ T8427] RSP: 002b:00007ffac9b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 628.369856][ T8427] RAX: ffffffffffffffda RBX: 00007ffac9015fa0 RCX: 00007ffac8d9c799 [ 628.369967][ T8427] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 628.370056][ T8427] RBP: 00007ffac9b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 628.370151][ T8427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.370243][ T8427] R13: 00007ffac9016038 R14: 00007ffac9015fa0 R15: 00007ffdda50e568 [ 628.370385][ T8427] [ 628.370488][ T8427] ERROR: Out of memory at tomoyo_realpath_from_path. [ 628.475959][ T7908] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 628.756414][ T8427] kvm: kvm [8426]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3000 [ 628.766177][ T7908] usb 1-1: device descriptor read/64, error -71 [ 629.015516][ T7908] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 629.130795][ T8105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 629.174671][ T7908] usb 1-1: device descriptor read/64, error -71 [ 629.291680][ T7908] usb usb1-port1: attempt power cycle [ 629.418506][ T8105] 8021q: adding VLAN 0 to HW filter on device team0 [ 629.535520][ T6005] bridge0: port 1(bridge_slave_0) entered blocking state [ 629.543089][ T6005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 629.685862][ T7908] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 629.703134][ T6005] bridge0: port 2(bridge_slave_1) entered blocking state [ 629.710856][ T6005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 629.739716][ T7908] usb 1-1: device descriptor read/8, error -71 [ 629.824562][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 629.989356][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 630.019365][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 630.042294][ T7908] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 630.059087][ T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 630.087067][ T7908] usb 1-1: device descriptor read/8, error -71 [ 630.116157][ T10] usb 4-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 630.145399][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.174623][ T10] usb 4-1: Product: syz [ 630.179057][ T10] usb 4-1: Manufacturer: syz [ 630.216699][ T7908] usb usb1-port1: unable to enumerate USB device [ 630.223756][ T10] usb 4-1: SerialNumber: syz [ 630.274697][ T10] usb 4-1: config 0 descriptor?? [ 630.360550][ T8071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.283061][ T8105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.702027][ T7908] usb 4-1: USB disconnect, device number 9 [ 633.291252][ T8071] veth0_vlan: entered promiscuous mode [ 634.052489][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.152218][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.427130][ T8071] veth1_vlan: entered promiscuous mode [ 634.700345][ T8483] tipc: Failed to remove unknown binding: 66,1,1/0:350573615/350573617 [ 634.747300][ T8483] tipc: Failed to remove unknown binding: 66,1,1/0:350573615/350573617 [ 634.948859][ T8071] veth0_macvtap: entered promiscuous mode [ 635.080136][ T8071] veth1_macvtap: entered promiscuous mode [ 635.424866][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 635.578963][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 635.851350][ T5989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.937008][ T5978] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.143418][ T5989] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.252949][ T5989] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.578451][ T7628] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 636.764628][ T7628] usb 4-1: device descriptor read/64, error -71 [ 637.045682][ T7628] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 637.079908][ T8509] loop2: detected capacity change from 0 to 2048 [ 637.165548][ T8509] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 637.195596][ T8509] NILFS (loop2): mounting unchecked fs [ 637.204905][ T7628] usb 4-1: device descriptor read/64, error -71 [ 637.227745][ T8509] NILFS (loop2): recovery required for readonly filesystem [ 637.270305][ T8509] NILFS (loop2): write access will be enabled during recovery [ 637.306278][ T8509] NILFS (loop2): invalid segment: Checksum error in super root [ 637.315375][ T7628] usb usb4-port1: attempt power cycle [ 637.364666][ T8509] NILFS (loop2): error -22 while loading super root [ 637.452424][ T8129] udevd[8129]: incorrect nilfs2 checksum on /dev/loop2 [ 637.570702][ T8105] veth0_vlan: entered promiscuous mode [ 637.714745][ T7628] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 637.756656][ T8105] veth1_vlan: entered promiscuous mode [ 637.782435][ T8509] loop2: detected capacity change from 0 to 1024 [ 637.789619][ T7628] usb 4-1: device descriptor read/8, error -71 [ 638.072695][ T7628] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 638.115772][ T8509] netlink: 16 bytes leftover after parsing attributes in process `syz.2.559'. [ 638.133599][ T7628] usb 4-1: device descriptor read/8, error -71 [ 638.276178][ T7628] usb usb4-port1: unable to enumerate USB device [ 638.421315][ T8105] veth0_macvtap: entered promiscuous mode [ 638.454598][ T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 638.549217][ T8105] veth1_macvtap: entered promiscuous mode [ 638.667502][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 638.708407][ T10] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 638.747964][ T10] usb 3-1: config 0 has no interface number 0 [ 638.800583][ T10] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 638.838359][ T8105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 638.863454][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.916205][ T10] usb 3-1: Product: syz [ 638.920636][ T10] usb 3-1: Manufacturer: syz [ 638.954575][ T10] usb 3-1: SerialNumber: syz [ 638.977185][ T10] usb 3-1: config 0 descriptor?? [ 639.071393][ T8105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 639.169861][ T8522] FAULT_INJECTION: forcing a failure. [ 639.169861][ T8522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 639.271594][ T8522] CPU: 1 UID: 0 PID: 8522 Comm: syz.0.560 Not tainted syzkaller #0 PREEMPT(full) [ 639.271759][ T8522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 639.271849][ T8522] Call Trace: [ 639.271901][ T8522] [ 639.271953][ T8522] __dump_stack+0x26/0x30 [ 639.272131][ T8522] dump_stack_lvl+0x14c/0x1c0 [ 639.272313][ T8522] dump_stack+0x1e/0x25 [ 639.272472][ T8522] should_fail_ex+0x7e2/0x8c0 [ 639.272665][ T8522] should_fail+0x2a/0x40 [ 639.272822][ T8522] should_fail_usercopy+0x2e/0x40 [ 639.272996][ T8522] strncpy_from_user+0x38/0x4b0 [ 639.273202][ T8522] ? kmsan_get_metadata+0xf1/0x160 [ 639.273415][ T8522] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 639.273632][ T8522] do_getname+0xc7/0x530 [ 639.273790][ T8522] getname_flags+0x36/0x50 [ 639.273930][ T8522] do_sys_openat2+0xb2/0x380 [ 639.274103][ T8522] __x64_sys_openat+0x240/0x300 [ 639.274290][ T8522] x64_sys_call+0x2445/0x3ea0 [ 639.274471][ T8522] do_syscall_64+0x134/0xf80 [ 639.274613][ T8522] ? clear_bhb_loop+0x50/0xa0 [ 639.274774][ T8522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.274932][ T8522] RIP: 0033:0x7f893c55cfce [ 639.275045][ T8522] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 639.275174][ T8522] RSP: 002b:00007f893d428ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 639.275305][ T8522] RAX: ffffffffffffffda RBX: 00007f893d42b6c0 RCX: 00007f893c55cfce [ 639.275409][ T8522] RDX: 0000000000000002 RSI: 00007f893c631ed0 RDI: ffffffffffffff9c [ 639.275511][ T8522] RBP: 00007f893d42b090 R08: 0000000000000000 R09: 0000000000000000 [ 639.275600][ T8522] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005e [ 639.275696][ T8522] R13: 0000200000000140 R14: 0000000000000002 R15: 00007ffcf7ad95c8 [ 639.275837][ T8522] [ 639.651386][ T10] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 639.678351][ T5978] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.689924][ T5978] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.720506][ T5978] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 639.730083][ T10] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 639.822592][ T5978] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.329962][ T10] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 640.405988][ T10] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 640.566582][ T10] usb 3-1: USB disconnect, device number 17 [ 640.761250][ T5070] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 640.770813][ T5070] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 640.782528][ T5070] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 640.800414][ T5070] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 640.836513][ T5070] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 640.990362][ T8534] tmpfs: Bad value for 'mpol' [ 642.991114][ T5773] Bluetooth: hci5: command tx timeout [ 643.121291][ T56] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.522490][ T8532] chnl_net:caif_netlink_parms(): no params data found [ 643.691027][ T5070] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 643.700504][ T5070] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 643.711319][ T5070] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 643.725086][ T5070] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 643.840234][ T5070] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 644.091954][ T56] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.064483][ T5773] Bluetooth: hci5: command tx timeout [ 645.231420][ T56] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.343535][ T8584] loop2: detected capacity change from 0 to 128 [ 645.426324][ T8584] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 645.496682][ T8584] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 645.522617][ T56] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.949753][ T5773] Bluetooth: hci1: command tx timeout [ 646.067420][ T8592] IPVS: sed: FWM 3 0x00000003 - no destination available [ 646.252247][ T8593] tmpfs: Bad value for 'mpol' [ 646.390818][ T8598] SQUASHFS error: Failed to read block 0x0: -5 [ 646.435348][ T8598] unable to read squashfs_super_block [ 647.144751][ T5773] Bluetooth: hci5: command tx timeout [ 647.664659][ T8532] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.672295][ T8532] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.756206][ T8532] bridge_slave_0: entered allmulticast mode [ 647.811132][ T8532] bridge_slave_0: entered promiscuous mode [ 647.880779][ T8532] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.929749][ T8532] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.951223][ T8532] bridge_slave_1: entered allmulticast mode [ 647.981460][ T8532] bridge_slave_1: entered promiscuous mode [ 648.035308][ T5773] Bluetooth: hci1: command tx timeout [ 648.148503][ T56] bridge_slave_1: left allmulticast mode [ 648.163834][ T56] bridge_slave_1: left promiscuous mode [ 648.195492][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.135801][ T56] bridge_slave_0: left allmulticast mode [ 649.141691][ T56] bridge_slave_0: left promiscuous mode [ 649.195440][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.224919][ T5773] Bluetooth: hci5: command tx timeout [ 649.311612][ T8606] loop2: detected capacity change from 0 to 4096 [ 649.376430][ T8606] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 650.105133][ T5773] Bluetooth: hci1: command tx timeout [ 650.625873][ T8606] ntfs3(loop2): Failed to read $UpCase (-4). [ 651.912575][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.962578][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 652.005564][ T56] bond0 (unregistering): Released all slaves [ 652.185178][ T5773] Bluetooth: hci1: command tx timeout [ 652.304032][ T8532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.349678][ T8532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 652.416316][ T8637] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 652.434962][ T8637] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 652.511560][ T8637] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 652.592427][ T8637] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 652.687817][ T8637] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 652.936658][ T8637] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 652.999919][ T56] hsr_slave_0: left promiscuous mode [ 653.144448][ T56] hsr_slave_1: left promiscuous mode [ 653.153627][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 653.175831][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 653.235050][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 653.242671][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 653.316057][ T8646] tmpfs: Bad value for 'mpol' [ 653.415121][ T56] veth1_macvtap: left promiscuous mode [ 653.420891][ T56] veth0_macvtap: left promiscuous mode [ 653.454864][ T56] veth1_vlan: left promiscuous mode [ 653.460463][ T56] veth0_vlan: left promiscuous mode [ 653.704652][ T5773] Bluetooth: hci5: command 0x0c1a tx timeout [ 654.664749][ T5773] Bluetooth: hci1: command 0x0c1a tx timeout [ 654.845908][ T8660] FAULT_INJECTION: forcing a failure. [ 654.845908][ T8660] name failslab, interval 1, probability 0, space 0, times 0 [ 654.874691][ T8660] CPU: 0 UID: 0 PID: 8660 Comm: syz.2.589 Not tainted syzkaller #0 PREEMPT(full) [ 654.874853][ T8660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 654.874939][ T8660] Call Trace: [ 654.874992][ T8660] [ 654.875045][ T8660] __dump_stack+0x26/0x30 [ 654.875219][ T8660] dump_stack_lvl+0x14c/0x1c0 [ 654.875399][ T8660] dump_stack+0x1e/0x25 [ 654.875561][ T8660] should_fail_ex+0x7e2/0x8c0 [ 654.875748][ T8660] should_failslab+0x158/0x200 [ 654.875906][ T8660] kmem_cache_alloc_lru_noprof+0x14d/0x1280 [ 654.876071][ T8660] ? shmem_alloc_inode+0x5a/0xd0 [ 654.876311][ T8660] ? kmsan_get_metadata+0xf1/0x160 [ 654.876527][ T8660] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 654.876742][ T8660] shmem_alloc_inode+0x5a/0xd0 [ 654.876898][ T8660] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 654.877061][ T8660] alloc_inode+0x8a/0x4a0 [ 654.877192][ T8660] ? kmsan_get_metadata+0xf1/0x160 [ 654.877399][ T8660] new_inode+0x38/0x460 [ 654.877539][ T8660] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 654.877738][ T8660] shmem_get_inode+0x675/0x1c80 [ 654.877906][ T8660] ? memfd_check_seals_mmap+0x2b1/0x350 [ 654.878107][ T8660] __shmem_file_setup+0x264/0x5f0 [ 654.878273][ T8660] shmem_file_setup+0x7f/0xb0 [ 654.878421][ T8660] memfd_alloc_file+0x94/0x990 [ 654.878611][ T8660] __se_sys_memfd_create+0x855/0xb10 [ 654.878798][ T8660] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 654.879015][ T8660] __x64_sys_memfd_create+0x78/0xb0 [ 654.879192][ T8660] x64_sys_call+0x256c/0x3ea0 [ 654.879380][ T8660] do_syscall_64+0x134/0xf80 [ 654.879528][ T8660] ? clear_bhb_loop+0x50/0xa0 [ 654.879692][ T8660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.879862][ T8660] RIP: 0033:0x7f294fd9c799 [ 654.879974][ T8660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 654.880107][ T8660] RSP: 002b:00007f2950cdde08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 654.880246][ T8660] RAX: ffffffffffffffda RBX: 0000000000020b8c RCX: 00007f294fd9c799 [ 654.880349][ T8660] RDX: 00007f2950cddee0 RSI: 0000000000000000 RDI: 00007f294fe32db9 [ 654.880448][ T8660] RBP: 0000200000020c80 R08: 00000000ffffffff R09: 0000000000000000 [ 654.880544][ T8660] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000020c00 [ 654.880638][ T8660] R13: 00007f2950cddee0 R14: 00007f2950cddea0 R15: 0000200000020c40 [ 654.880788][ T8660] [ 655.005459][ T7628] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 655.594728][ T7628] usb 4-1: Using ep0 maxpacket: 16 [ 655.600118][ T56] team0 (unregistering): Port device team_slave_1 removed [ 655.628380][ T7628] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 655.665891][ T7628] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 57600, setting to 1024 [ 655.699502][ T7628] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 655.716115][ T56] team0 (unregistering): Port device team_slave_0 removed [ 655.744583][ T7628] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 655.780821][ T7628] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.796826][ T5773] Bluetooth: hci5: command 0x0c1a tx timeout [ 655.825352][ T7628] usb 4-1: config 0 descriptor?? [ 656.317015][ T7628] usbhid 4-1:0.0: can't add hid device: -71 [ 656.323675][ T7628] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 656.360475][ T7628] usb 4-1: USB disconnect, device number 14 [ 656.744455][ T5773] Bluetooth: hci1: command 0x0c1a tx timeout [ 657.060086][ T8532] team0: Port device team_slave_0 added [ 657.185328][ T8532] team0: Port device team_slave_1 added [ 657.481129][ T8532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.518979][ T8532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 657.602621][ T8532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.693849][ T8532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.718699][ T8532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 657.747990][ T8532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.880144][ T56] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.972050][ T56] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.994772][ T8563] chnl_net:caif_netlink_parms(): no params data found [ 658.040557][ T8672] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 658.070385][ T8672] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 658.225020][ T56] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.659757][ T56] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.720211][ T8684] tmpfs: Bad value for 'mpol' [ 658.901819][ T8532] hsr_slave_0: entered promiscuous mode [ 658.939123][ T8532] hsr_slave_1: entered promiscuous mode [ 659.305349][ T5773] Bluetooth: hci5: command 0x0c1a tx timeout [ 660.106742][ T5773] Bluetooth: hci1: command 0x0c1a tx timeout [ 660.327348][ T8696] loop2: detected capacity change from 0 to 512 [ 660.365968][ T56] bridge_slave_1: left allmulticast mode [ 660.394557][ T56] bridge_slave_1: left promiscuous mode [ 660.401159][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.477604][ T8696] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 660.535757][ T8696] EXT4-fs (loop2): failed to open journal device unknown-block(128,0) -6 [ 660.555150][ T56] bridge_slave_0: left allmulticast mode [ 660.595732][ T56] bridge_slave_0: left promiscuous mode [ 660.602362][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.678481][ C1] ===================================================== [ 660.685993][ C1] BUG: KMSAN: uninit-value in eth_type_trans+0x7d5/0x9b0 [ 660.693239][ C1] eth_type_trans+0x7d5/0x9b0 [ 660.698297][ C1] ip_tunnel_rcv+0x215f/0x29c0 [ 660.703401][ C1] gre_rcv+0x1ca4/0x20f0 [ 660.708042][ C1] gre_rcv+0x285/0x380 [ 660.712296][ C1] ip_protocol_deliver_rcu+0xb3d/0x13d0 [ 660.718283][ C1] ip_local_deliver_finish+0x409/0x720 [ 660.723995][ C1] ip_local_deliver+0x228/0x4a0 [ 660.729269][ C1] ip_rcv_finish+0x4d7/0x560 [ 660.734293][ C1] ip_rcv+0xcb/0x370 [ 660.738417][ C1] process_backlog+0x8d7/0x1500 [ 660.743544][ C1] __napi_poll+0xdc/0x950 [ 660.748129][ C1] net_rx_action+0xa5b/0x1c70 [ 660.753052][ C1] handle_softirqs+0x171/0x7e0 [ 660.758245][ C1] __do_softirq+0x14/0x1b [ 660.762879][ C1] do_softirq+0x58/0x90 [ 660.767382][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 660.772632][ C1] __dev_queue_xmit+0x384a/0x5980 [ 660.778150][ C1] neigh_resolve_output+0x9c3/0xaf0 [ 660.783610][ C1] ip_finish_output2+0x1afd/0x1e00 [ 660.789017][ C1] ip_finish_output+0x288/0x860 [ 660.794072][ C1] ip_mc_output+0x58a/0x8c0 [ 660.798935][ C1] __ip_queue_xmit+0x201e/0x20b0 [ 660.804073][ C1] sctp_v4_xmit+0x713/0x1200 [ 660.809034][ C1] sctp_packet_transmit+0x42b2/0x4600 [ 660.814832][ C1] sctp_packet_singleton+0x2e3/0x440 [ 660.820747][ C1] sctp_outq_flush+0x708/0x6e20 [ 660.826077][ C1] sctp_outq_uncork+0x9e/0xc0 [ 660.830942][ C1] sctp_do_sm+0x9028/0x9b30 [ 660.835787][ C1] sctp_primitive_ASSOCIATE+0xd4/0x100 [ 660.841491][ C1] sctp_sendmsg_to_asoc+0x1a63/0x2240 [ 660.847190][ C1] sctp_sendmsg+0x38b2/0x5270 [ 660.852076][ C1] inet_sendmsg+0x265/0x290 [ 660.856928][ C1] ____sys_sendmsg+0xd27/0xfd0 [ 660.861869][ C1] ___sys_sendmsg+0x271/0x3b0 [ 660.866805][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 660.871923][ C1] x64_sys_call+0x1e20/0x3ea0 [ 660.876978][ C1] do_syscall_64+0x134/0xf80 [ 660.881755][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.887942][ C1] [ 660.890361][ C1] Uninit was stored to memory at: [ 660.895902][ C1] pskb_expand_head+0x4a0/0x1fb0 [ 660.901023][ C1] skb_expand_head+0x41c/0x870 [ 660.906080][ C1] ip_finish_output2+0xe38/0x1e00 [ 660.911363][ C1] ip_finish_output+0x288/0x860 [ 660.916570][ C1] ip_mc_output+0x58a/0x8c0 [ 660.921260][ C1] __ip_queue_xmit+0x201e/0x20b0 [ 660.926471][ C1] sctp_v4_xmit+0x713/0x1200 [ 660.931271][ C1] sctp_packet_transmit+0x42b2/0x4600 [ 660.937034][ C1] sctp_packet_singleton+0x2e3/0x440 [ 660.942546][ C1] sctp_outq_flush+0x708/0x6e20 [ 660.947781][ C1] sctp_outq_uncork+0x9e/0xc0 [ 660.952643][ C1] sctp_do_sm+0x9028/0x9b30 [ 660.957499][ C1] sctp_primitive_ASSOCIATE+0xd4/0x100 [ 660.963202][ C1] sctp_sendmsg_to_asoc+0x1a63/0x2240 [ 660.968900][ C1] sctp_sendmsg+0x38b2/0x5270 [ 660.973796][ C1] inet_sendmsg+0x265/0x290 [ 660.978547][ C1] ____sys_sendmsg+0xd27/0xfd0 [ 660.983491][ C1] ___sys_sendmsg+0x271/0x3b0 [ 660.988487][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 660.993609][ C1] x64_sys_call+0x1e20/0x3ea0 [ 660.998661][ C1] do_syscall_64+0x134/0xf80 [ 661.003437][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.009713][ C1] [ 661.012149][ C1] Uninit was created at: [ 661.016781][ C1] __kmalloc_node_track_caller_noprof+0x4f6/0x1750 [ 661.023505][ C1] __alloc_skb+0x90d/0x1190 [ 661.028346][ C1] sctp_packet_transmit+0x44b/0x4600 [ 661.033895][ C1] sctp_packet_singleton+0x2e3/0x440 [ 661.039474][ C1] sctp_outq_flush+0x708/0x6e20 [ 661.044762][ C1] sctp_outq_uncork+0x9e/0xc0 [ 661.049633][ C1] sctp_do_sm+0x9028/0x9b30 [ 661.054459][ C1] sctp_primitive_ASSOCIATE+0xd4/0x100 [ 661.060200][ C1] sctp_sendmsg_to_asoc+0x1a63/0x2240 [ 661.065916][ C1] sctp_sendmsg+0x38b2/0x5270 [ 661.070806][ C1] inet_sendmsg+0x265/0x290 [ 661.075638][ C1] ____sys_sendmsg+0xd27/0xfd0 [ 661.080590][ C1] ___sys_sendmsg+0x271/0x3b0 [ 661.085539][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 661.090663][ C1] x64_sys_call+0x1e20/0x3ea0 [ 661.095662][ C1] do_syscall_64+0x134/0xf80 [ 661.100443][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.106747][ C1] [ 661.109209][ C1] CPU: 1 UID: 0 PID: 8696 Comm: syz.2.599 Not tainted syzkaller #0 PREEMPT(full) [ 661.118757][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 661.129137][ C1] ===================================================== [ 661.136281][ C1] Disabling lock debugging due to kernel taint [ 661.142580][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 661.149180][ C1] CPU: 1 UID: 0 PID: 8696 Comm: syz.2.599 Tainted: G B syzkaller #0 PREEMPT(full) [ 661.160174][ C1] Tainted: [B]=BAD_PAGE [ 661.164447][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 661.174660][ C1] Call Trace: [ 661.178166][ C1] [ 661.181131][ C1] __dump_stack+0x26/0x30 [ 661.185686][ C1] dump_stack_lvl+0x50/0x1c0 [ 661.190481][ C1] ? dump_stack+0x12/0x25 [ 661.195024][ C1] dump_stack+0x1e/0x25 [ 661.199398][ C1] vpanic+0x7b4/0x1430 [ 661.203709][ C1] panic+0x15d/0x160 [ 661.208072][ C1] kmsan_report+0x31a/0x320 [ 661.212837][ C1] ? __msan_warning+0x1b/0x30 [ 661.217736][ C1] ? eth_type_trans+0x7d5/0x9b0 [ 661.222772][ C1] ? ip_tunnel_rcv+0x215f/0x29c0 [ 661.227939][ C1] ? gre_rcv+0x1ca4/0x20f0 [ 661.232570][ C1] ? gre_rcv+0x285/0x380 [ 661.236999][ C1] ? ip_protocol_deliver_rcu+0xb3d/0x13d0 [ 661.242994][ C1] ? ip_local_deliver_finish+0x409/0x720 [ 661.248917][ C1] ? ip_local_deliver+0x228/0x4a0 [ 661.254207][ C1] ? ip_rcv_finish+0x4d7/0x560 [ 661.259204][ C1] ? ip_rcv+0xcb/0x370 [ 661.263474][ C1] ? process_backlog+0x8d7/0x1500 [ 661.268679][ C1] ? __napi_poll+0xdc/0x950 [ 661.273346][ C1] ? net_rx_action+0xa5b/0x1c70 [ 661.278373][ C1] ? handle_softirqs+0x171/0x7e0 [ 661.283508][ C1] ? __do_softirq+0x14/0x1b [ 661.288228][ C1] ? do_softirq+0x58/0x90 [ 661.292737][ C1] ? __local_bh_enable_ip+0xa1/0xb0 [ 661.298125][ C1] ? __dev_queue_xmit+0x384a/0x5980 [ 661.303554][ C1] ? neigh_resolve_output+0x9c3/0xaf0 [ 661.309106][ C1] ? ip_finish_output2+0x1afd/0x1e00 [ 661.314589][ C1] ? ip_finish_output+0x288/0x860 [ 661.319783][ C1] ? ip_mc_output+0x58a/0x8c0 [ 661.324642][ C1] ? __ip_queue_xmit+0x201e/0x20b0 [ 661.329926][ C1] ? sctp_v4_xmit+0x713/0x1200 [ 661.334864][ C1] ? sctp_packet_transmit+0x42b2/0x4600 [ 661.340626][ C1] ? sctp_packet_singleton+0x2e3/0x440 [ 661.346270][ C1] ? sctp_outq_flush+0x708/0x6e20 [ 661.351610][ C1] ? sctp_outq_uncork+0x9e/0xc0 [ 661.356622][ C1] ? sctp_do_sm+0x9028/0x9b30 [ 661.361465][ C1] ? sctp_primitive_ASSOCIATE+0xd4/0x100 [ 661.367336][ C1] ? sctp_sendmsg_to_asoc+0x1a63/0x2240 [ 661.373081][ C1] ? sctp_sendmsg+0x38b2/0x5270 [ 661.378125][ C1] ? inet_sendmsg+0x265/0x290 [ 661.382962][ C1] ? ____sys_sendmsg+0xd27/0xfd0 [ 661.388137][ C1] ? ___sys_sendmsg+0x271/0x3b0 [ 661.393150][ C1] ? __x64_sys_sendmsg+0x211/0x3e0 [ 661.398512][ C1] ? x64_sys_call+0x1e20/0x3ea0 [ 661.403572][ C1] ? do_syscall_64+0x134/0xf80 [ 661.408493][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.414741][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.420075][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 661.426621][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.431953][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 661.438503][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.443836][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.449186][ C1] __msan_warning+0x1b/0x30 [ 661.453891][ C1] eth_type_trans+0x7d5/0x9b0 [ 661.458759][ C1] ip_tunnel_rcv+0x215f/0x29c0 [ 661.463756][ C1] gre_rcv+0x1ca4/0x20f0 [ 661.468273][ C1] ? __rcu_read_unlock+0x46/0xd0 [ 661.473501][ C1] ? raw_local_deliver+0x368/0x15b0 [ 661.479033][ C1] ? __pfx_gre_rcv+0x10/0x10 [ 661.483821][ C1] gre_rcv+0x285/0x380 [ 661.488057][ C1] ? __pfx_gre_rcv+0x10/0x10 [ 661.493012][ C1] ip_protocol_deliver_rcu+0xb3d/0x13d0 [ 661.498818][ C1] ip_local_deliver_finish+0x409/0x720 [ 661.504536][ C1] ip_local_deliver+0x228/0x4a0 [ 661.509653][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 661.515954][ C1] ? __pfx_ip_local_deliver+0x10/0x10 [ 661.521542][ C1] ip_rcv_finish+0x4d7/0x560 [ 661.526384][ C1] ip_rcv+0xcb/0x370 [ 661.530480][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 661.535808][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 661.540514][ C1] process_backlog+0x8d7/0x1500 [ 661.545574][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.551647][ C1] ? filter_irq_stacks+0x49/0x190 [ 661.556902][ C1] ? __pfx_process_backlog+0x10/0x10 [ 661.562363][ C1] __napi_poll+0xdc/0x950 [ 661.566865][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.572937][ C1] net_rx_action+0xa5b/0x1c70 [ 661.577819][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.583863][ C1] ? sched_clock_cpu+0x59/0xa70 [ 661.589029][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 661.595361][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 661.600655][ C1] handle_softirqs+0x171/0x7e0 [ 661.605653][ C1] __do_softirq+0x14/0x1b [ 661.610196][ C1] do_softirq+0x58/0x90 [ 661.614533][ C1] [ 661.617558][ C1] [ 661.620604][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 661.625852][ C1] __dev_queue_xmit+0x384a/0x5980 [ 661.631099][ C1] ? __local_bh_enable_ip+0x75/0xb0 [ 661.636494][ C1] ? _raw_spin_unlock_bh+0x2d/0x40 [ 661.641814][ C1] ? ___neigh_create+0x3511/0x3bf0 [ 661.647087][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.652422][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.657763][ C1] ? __dev_queue_xmit+0x27a/0x5980 [ 661.663127][ C1] neigh_resolve_output+0x9c3/0xaf0 [ 661.668554][ C1] ? __pfx_neigh_resolve_output+0x10/0x10 [ 661.674452][ C1] ip_finish_output2+0x1afd/0x1e00 [ 661.679791][ C1] ip_finish_output+0x288/0x860 [ 661.684824][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.690878][ C1] ip_mc_output+0x58a/0x8c0 [ 661.695553][ C1] ? __pfx_ip_finish_output+0x10/0x10 [ 661.701117][ C1] ? __pfx_ip_mc_output+0x10/0x10 [ 661.706322][ C1] __ip_queue_xmit+0x201e/0x20b0 [ 661.711441][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.716774][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.722102][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 661.728690][ C1] sctp_v4_xmit+0x713/0x1200 [ 661.733466][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.738829][ C1] ? __pfx_sctp_v4_xmit+0x10/0x10 [ 661.744037][ C1] sctp_packet_transmit+0x42b2/0x4600 [ 661.749732][ C1] sctp_packet_singleton+0x2e3/0x440 [ 661.755218][ C1] ? kmsan_get_metadata+0xe0/0x160 [ 661.760609][ C1] sctp_outq_flush+0x708/0x6e20 [ 661.765701][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 661.771985][ C1] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 661.778020][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.784093][ C1] sctp_outq_uncork+0x9e/0xc0 [ 661.788947][ C1] sctp_do_sm+0x9028/0x9b30 [ 661.793613][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.798963][ C1] ? sctp_stream_init_ext+0x65/0x2f0 [ 661.804512][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.809847][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.815891][ C1] ? should_fail_ex+0x45/0x8c0 [ 661.820821][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.826230][ C1] sctp_primitive_ASSOCIATE+0xd4/0x100 [ 661.831917][ C1] sctp_sendmsg_to_asoc+0x1a63/0x2240 [ 661.837499][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.842829][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.848905][ C1] sctp_sendmsg+0x38b2/0x5270 [ 661.853783][ C1] ? kmsan_save_stack_with_flags+0x10/0x60 [ 661.859799][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.865185][ C1] ? __pfx_sctp_sendmsg+0x10/0x10 [ 661.870406][ C1] inet_sendmsg+0x265/0x290 [ 661.875070][ C1] ? __pfx_inet_sendmsg+0x10/0x10 [ 661.880270][ C1] ____sys_sendmsg+0xd27/0xfd0 [ 661.885230][ C1] ___sys_sendmsg+0x271/0x3b0 [ 661.890061][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.895418][ C1] ? __rcu_read_unlock+0x6c/0xd0 [ 661.900560][ C1] ? __fget_files+0x3b4/0x4a0 [ 661.905471][ C1] ? __fget_files+0x3b9/0x4a0 [ 661.910347][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.915685][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 661.921724][ C1] __x64_sys_sendmsg+0x211/0x3e0 [ 661.926845][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 661.932196][ C1] x64_sys_call+0x1e20/0x3ea0 [ 661.937077][ C1] do_syscall_64+0x134/0xf80 [ 661.941841][ C1] ? clear_bhb_loop+0x50/0xa0 [ 661.946702][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.952767][ C1] RIP: 0033:0x7f294fd9c799 [ 661.957311][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.977093][ C1] RSP: 002b:00007f2950cde028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 661.985701][ C1] RAX: ffffffffffffffda RBX: 00007f2950015fa0 RCX: 00007f294fd9c799 [ 661.993814][ C1] RDX: 00000000000003e8 RSI: 00002000000004c0 RDI: 0000000000000006 [ 662.001922][ C1] RBP: 00007f294fe32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 662.010026][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.018307][ C1] R13: 00007f2950016038 R14: 00007f2950015fa0 R15: 00007ffd27c889b8 [ 662.026459][ C1] [ 662.030212][ C1] Kernel Offset: disabled [ 662.034608][ C1] Rebooting in 86400 seconds..