last executing test programs: 1m28.828252516s ago: executing program 0 (id=1062): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='oom_adj\x00') preadv(r0, 0x0, 0x0, 0xaee1, 0x4) 1m28.020367962s ago: executing program 0 (id=1064): socket$inet_udp(0x2, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffff7fd}, [@call={0x85, 0x0, 0x0, 0x30}]}, 0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x94) openat$ptp0(0xffffffffffffff9c, 0x0, 0x60442, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x2) r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='-c'], 0x5) write$cgroup_subtree(r6, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x800, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m27.48245591s ago: executing program 0 (id=1066): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x4, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xc, 0x2, [@TCA_CGROUP_EMATCHES={0x8, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1m22.392326899s ago: executing program 0 (id=1072): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x501001, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x100) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = epoll_create1(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x4000, &(0x7f00000002c0)='cache=none') epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)={0x20000002}) pselect6(0x40, &(0x7f0000000240)={0x0, 0x1, 0x1ff, 0x2, 0xa000000000000, 0x5, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x40000, 0x9, 0x1, 0xf, 0x8a8}, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="240000001d00070f000200000000000007000000", @ANYRES32=r3, @ANYBLOB='\x00\x00g\x00\b\x00\b\x00', @ANYRES8=r3], 0x24}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@dev, @private, 0x0}, &(0x7f0000000300)=0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=@mpls_delroute={0x38, 0x19, 0x800, 0x70bd29, 0x25dfdbfe, {0x1c, 0x14, 0x10, 0x10, 0x1, 0x2, 0xfe, 0x9}, [@RTA_MULTIPATH={0xc, 0x9, {0x50, 0x34, 0xf9, r3}}, @RTA_DST={0x8, 0x1, {0x8}}, @RTA_OIF={0x8, 0x4, r4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r5, 0xffffffffffffffff, 0x0) r6 = openat$vcs(0xffffff9c, &(0x7f0000000140), 0x20041, 0x0) ioctl$VIDIOC_DBG_G_CHIP_INFO(r6, 0xc0c85666, &(0x7f00000003c0)={{0x3, @addr=0x3}, "4be1ac0009732d6882a7a73d121fd7921e3196408ec3a9501cf52e1529e0280d", 0x2}) 1m21.760992445s ago: executing program 0 (id=1074): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='oom_adj\x00') preadv(r0, &(0x7f0000000040), 0x0, 0xaee1, 0x4) 1m21.144481549s ago: executing program 0 (id=1076): socket$inet_udp(0x2, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffff7fd}, [@call={0x85, 0x0, 0x0, 0x30}]}, 0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x94) openat$ptp0(0xffffffffffffff9c, 0x0, 0x60442, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x2) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[@ANYBLOB='-c'], 0x5) write$cgroup_subtree(r5, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x800, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m3.928317047s ago: executing program 32 (id=1076): socket$inet_udp(0x2, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffff7fd}, [@call={0x85, 0x0, 0x0, 0x30}]}, 0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x94) openat$ptp0(0xffffffffffffff9c, 0x0, 0x60442, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x2) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[@ANYBLOB='-c'], 0x5) write$cgroup_subtree(r5, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x800, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 13.738773378s ago: executing program 5 (id=1238): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xff, 0xfc}, {0x2000, 0x8080000, 0xc, 0x0, 0x7, 0xc6, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x7, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0xb, 0x0, 0xfd, 0x4, 0x0, 0x0, 0x0, 0x3f}, {0x100000, 0x0, 0x0, 0x78, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xdddd1000, 0xeeee0000, 0xa, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0xffffffffffffffff]}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000000c0)={0x26000, 0x40000, 0x8, 0x10}) 12.403478691s ago: executing program 5 (id=1244): getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xb}}]}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0xff73) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000040)={r2}, &(0x7f00000000c0)=0x8) 11.526416806s ago: executing program 5 (id=1247): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() setsockopt(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 6.108958145s ago: executing program 1 (id=1272): r0 = creat(&(0x7f0000000200)='./file0\x00', 0x109) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x50) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5.641012387s ago: executing program 4 (id=1274): r0 = creat(&(0x7f0000000040)='./file0\x00', 0xc4) close(r0) r1 = io_uring_setup(0x39b0, &(0x7f0000000100)={0x0, 0xf0ce, 0x3481, 0x0, 0x22a}) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x8402, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 5.371787869s ago: executing program 1 (id=1275): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}}) lgetxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@known='system.advise\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpgid(0x0) r3 = syz_pidfd_open(r2, 0x0) r4 = pidfd_getfd(r3, r3, 0x0) setns(r4, 0x66020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 5.171689445s ago: executing program 2 (id=1277): set_mempolicy(0x3, &(0x7f0000000040)=0x800000ffe, 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.701353835s ago: executing program 4 (id=1278): socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f0000006180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x80000001, 0x0, 0x0, 0x10000004, {0x40, 0xd08, 0x0, 0xfe, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) ioctl$TIOCGPTPEER(r2, 0x40140921, 0x200000000005) 4.543780736s ago: executing program 3 (id=1279): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e24}, @IFLA_IPTUN_ENCAP_LIMIT={0x5}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x8}]}}}]}, 0x4c}, 0x1, 0xba01}, 0x8014) 4.329089038s ago: executing program 1 (id=1280): r0 = syz_io_uring_setup(0x7131, &(0x7f00000001c0)={0x0, 0x5770, 0x2, 0x3, 0x3d7}, &(0x7f0000000500), &(0x7f0000000380)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0)="c2cc", 0x2, r0}, 0x68) 4.312519051s ago: executing program 2 (id=1281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010"], 0x3c}}, 0x40000) mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="7b87f20f"], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.951932158s ago: executing program 3 (id=1282): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={0x0, 0xa}, &(0x7f00000000c0)=0x8) 3.871519583s ago: executing program 4 (id=1283): prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3) 3.338005855s ago: executing program 1 (id=1284): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=r2, @ANYBLOB="460609"], 0x44}, 0x1, 0x0, 0x0, 0x690}, 0x20048040) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) 3.33263656s ago: executing program 3 (id=1285): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setresuid(0x0, 0xee00, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)) 3.150991833s ago: executing program 2 (id=1286): msgsnd(0x0, 0x0, 0x0, 0x800) msgsnd(0x0, &(0x7f0000000800)={0x1}, 0x8, 0x0) msgrcv(0x0, &(0x7f0000000dc0)={0x0, ""/78}, 0x56, 0x2, 0x3000) 2.82581295s ago: executing program 4 (id=1287): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000340)={0x1, 0x0, [{0x2b2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0x41000, 0x8, 0x6f, 0x3, 0x7f, 0x40, 0x29, 0x0, 0x2e, 0x19}, {0xd000, 0x1, 0xc, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x58, 0x3, 0x3, 0xc0}, {0xdddd1000, 0x10000, 0xe, 0x9, 0x3, 0x8, 0xfe, 0x9, 0x5, 0xab, 0x5, 0x81}, {0x3000, 0x26000, 0x3, 0x5d, 0x4, 0x42, 0x9, 0xff, 0x6, 0x7, 0xe}, {0x0, 0x9000, 0x9, 0x3, 0x7, 0x7, 0xab, 0x7f, 0x9e, 0x9, 0xf7, 0x83}, {0x1000, 0x80a0000, 0x10, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0x11, 0x40}, {0xeeed4004, 0x2, 0x0, 0x5, 0x7, 0x2, 0xb, 0x0, 0x3, 0x81, 0xff, 0x70}, {0x5000, 0x1000, 0x8, 0x5, 0xf, 0x7, 0xff, 0x18, 0x2, 0x3, 0x7, 0x9}, {0x4000, 0x30}, {0x10000, 0x86}, 0x80000031, 0x0, 0x70000, 0x242101, 0xb, 0x0, 0xa000, [0x6840000000000000, 0x4, 0x5c, 0x100]}) 2.541533981s ago: executing program 3 (id=1288): memfd_create(&(0x7f0000000000)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\x04\x00\x00\x00\x00\x00\x00\x00\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xb0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\x14\x16\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd75\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ\xa2K\xa1\xb3\xce\x1e\x96{%\xa8\xc7\x93\xdb\x80v+o\xb8\xe8\x1b\x06\xfbwb\x11\xb7\x9fu\xf3\xd3\x7f\x04k\xa0B\xa5\xc9\xb1\xec\xb1\xf6\x11\xc1O\xecG\xe6q5\x97u\x0fl\x90\x9b\x9f\xaf\xfb\xdf\x12^\xc9\x92|\x11\"\xd7\xb5\xf0\xdc\\\f\xec\xfd\xa1\xfdVZ*\xeb\xde\x14\xe0\x8b\x1c\x820b\x89\xbd\xd7\x0e\x9b\xf2\xe9A\xfb\x89\xc6\x84\x14b\xd4\x7f\xdf.\x05\x00S\xf5\x19\xb4fE\x87\xd4E\xc8>\x8f\x05Bg\x15\xe1\x8c\x94ERT\xac\xb4\x00\x00\x00\x00\x00\x00\x00\xc4\x0f\xc1\x9e\xf6#f\x03\xb0\xe4\xb6\xf5\x04z+Pa\xbc\x12a7z\xad6\xf7\xeb\xa7\x88\"\xcf\xf6\xcfP\x12\a;h\x95\x90\x83\x06\xdf\xbd}.\xa6$2D\xf1T\xc9\x8aG\x12\xe51', 0x3) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r2], 0x44}}, 0x884) 2.260256112s ago: executing program 2 (id=1289): socket$packet(0x11, 0x3, 0x300) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x40032, 0xffffffffffffffff, 0x40000000) madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x64) 1.736772276s ago: executing program 4 (id=1290): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="2c0000000f14010029bd0600fbdbdf251100450069625f6d"], 0x2c}, 0x1, 0x0, 0x0, 0xc4d0950e45681200}, 0x800) 1.691693295s ago: executing program 5 (id=1291): timer_create(0x0, 0x0, &(0x7f0000000380)=0x0) timer_settime(r0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}}, &(0x7f0000000200)) 1.408996841s ago: executing program 3 (id=1292): dup2(0xffffffffffffffff, 0xffffffffffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) iopl(0x40) 1.248005193s ago: executing program 2 (id=1293): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0xc0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x100}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @loopback}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xc0}}, 0x0) 1.247821185s ago: executing program 1 (id=1294): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x400000000000047, 0x0) 874.38513ms ago: executing program 5 (id=1295): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, 0x0, 0x0) write(r0, &(0x7f0000000480)="0e", 0x1) write(r0, &(0x7f0000000400), 0x700) 563.10791ms ago: executing program 3 (id=1296): ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[], 0x0) 438.823307ms ago: executing program 1 (id=1297): writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000a40)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) recvfrom(r1, 0x0, 0x0, 0x3, 0x0, 0x0) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000180)=0x40, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) write(r2, &(0x7f0000001500)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a", 0x41) r3 = mq_open(&(0x7f0000000200)='#@\x00', 0x50f7bb45f81a15a, 0x120, 0x0) r4 = gettid() mq_notify(r3, &(0x7f0000000280)={0x0, 0x17, 0x0, @tid=r4}) mq_timedsend(r3, 0x0, 0x0, 0x240, 0x0) 438.53718ms ago: executing program 4 (id=1298): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0xc010) shutdown(r0, 0x1) 365.369702ms ago: executing program 2 (id=1299): unshare(0x22020600) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) fcntl$setsig(r0, 0xa, 0x800016) 0s ago: executing program 5 (id=1300): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x923004, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) kernel console output (not intermixed with test programs): _compat_after_hwframe+0x84/0x8e [ 551.922273][ T7960] RIP: 0023:0xf6ffef6c [ 551.922372][ T7960] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 551.922485][ T7960] RSP: 002b:00000000f53cc50c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 551.922606][ T7960] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000084 [ 551.922689][ T7960] RDX: 0000000000000006 RSI: 0000000080000100 RDI: 0000000000000084 [ 551.922768][ T7960] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 551.922853][ T7960] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 551.922926][ T7960] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 551.923031][ T7960] [ 552.761793][ T5828] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 552.981456][ T5828] usb 4-1: Using ep0 maxpacket: 32 [ 553.034370][ T5828] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 553.067049][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.088029][ T5828] usb 4-1: Product: syz [ 553.120180][ T5828] usb 4-1: Manufacturer: syz [ 553.132941][ T5828] usb 4-1: SerialNumber: syz [ 553.162048][ T7961] bond1: entered allmulticast mode [ 553.172261][ T5828] usb 4-1: config 0 descriptor?? [ 553.487354][ T5828] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 004 [ 556.262892][ T5828] usb 4-1: USB disconnect, device number 4 [ 556.463593][ T5827] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 556.659612][ T5827] usb 2-1: config 13 has an invalid interface number: 195 but max is 0 [ 556.698709][ T5827] usb 2-1: config 13 has no interface number 0 [ 556.730168][ T5827] usb 2-1: config 13 interface 195 has no altsetting 0 [ 556.795720][ T5827] usb 2-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=cd.4a [ 556.821833][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.857864][ T5827] usb 2-1: Product: syz [ 556.885246][ T5827] usb 2-1: Manufacturer: syz [ 556.898040][ T5827] usb 2-1: SerialNumber: syz [ 557.551378][ T8003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 557.906607][ T8007] loop0: detected capacity change from 0 to 64 [ 558.021699][ T8007] hfs: invalid btree extent records [ 558.079887][ T8007] hfs: unable to open extent tree [ 558.152947][ T8007] hfs: can't find a HFS filesystem on dev loop0 [ 558.737049][ T5827] usb 2-1: USB disconnect, device number 3 [ 558.933379][ T7907] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 559.201808][ T7907] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 559.240404][ T7907] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 16 [ 559.281968][ T7907] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 559.338312][ T7907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.383156][ T7907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 559.426258][ T7907] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 559.490851][ T7907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 559.577092][ T7907] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 559.605908][ T7907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.634354][ T7907] usb 3-1: Product: syz [ 559.665790][ T7907] usb 3-1: Manufacturer: syz [ 559.670634][ T7907] usb 3-1: SerialNumber: syz [ 559.749622][ T7907] usb 3-1: config 0 descriptor?? [ 562.941375][ T8028] netlink: 12 bytes leftover after parsing attributes in process `syz.1.514'. [ 563.400694][ T8029] netlink: 12 bytes leftover after parsing attributes in process `syz.1.514'. [ 565.407527][ T8015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.192161][ T7907] usb 3-1: ucan: probing device on interface #0 [ 567.199806][ T7907] usb 3-1: ucan: invalid endpoint configuration [ 567.236945][ T7907] usb 3-1: ucan: probe failed; try to update the device firmware [ 567.834168][ T8015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.307958][ T5827] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 570.741089][ T5842] usb 3-1: USB disconnect, device number 8 [ 570.860954][ T8038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'. [ 570.956337][ T8038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'. [ 571.126545][ T8048] FAULT_INJECTION: forcing a failure. [ 571.126545][ T8048] name failslab, interval 1, probability 0, space 0, times 0 [ 571.221640][ T8048] CPU: 1 UID: 0 PID: 8048 Comm: syz.2.521 Tainted: G L syzkaller #0 PREEMPT(full) [ 571.221834][ T8048] Tainted: [L]=SOFTLOCKUP [ 571.221887][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 571.221975][ T8048] Call Trace: [ 571.222029][ T8048] [ 571.222079][ T8048] __dump_stack+0x26/0x30 [ 571.222257][ T8048] dump_stack_lvl+0x14c/0x1c0 [ 571.222431][ T8048] dump_stack+0x1e/0x25 [ 571.222582][ T8048] should_fail_ex+0x7e2/0x8c0 [ 571.222785][ T8048] should_failslab+0x158/0x200 [ 571.222935][ T8048] __kmalloc_noprof+0x1e0/0x1680 [ 571.223076][ T8048] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 571.223270][ T8048] ? l2tp_session_create+0x60/0x1540 [ 571.223551][ T8048] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 571.223750][ T8048] ? __local_bh_enable_ip+0x75/0xb0 [ 571.223995][ T8048] l2tp_session_create+0x60/0x1540 [ 571.224149][ T8048] ? kmsan_get_metadata+0xf1/0x160 [ 571.224358][ T8048] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 571.224585][ T8048] pppol2tp_connect+0x127e/0x1d80 [ 571.224795][ T8048] __sys_connect+0x519/0x680 [ 571.224940][ T8048] ? fput+0x113/0x160 [ 571.225054][ T8048] ? kmsan_get_metadata+0xf1/0x160 [ 571.225232][ T8048] ? __pfx_pppol2tp_connect+0x10/0x10 [ 571.225409][ T8048] __ia32_sys_connect+0x95/0x100 [ 571.225561][ T8048] ia32_sys_call+0x36df/0x4360 [ 571.225698][ T8048] __do_fast_syscall_32+0x17f/0x3f0 [ 571.225891][ T8048] do_fast_syscall_32+0x37/0x80 [ 571.226049][ T8048] do_SYSENTER_32+0x1f/0x30 [ 571.226209][ T8048] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 571.226383][ T8048] RIP: 0023:0xf708ef6c [ 571.226483][ T8048] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 571.226610][ T8048] RSP: 002b:00000000f547d50c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 571.226751][ T8048] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840 [ 571.226850][ T8048] RDX: 000000000000003a RSI: 0000000000000000 RDI: 0000000000000000 [ 571.226934][ T8048] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 571.227015][ T8048] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 571.227092][ T8048] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 571.227201][ T8048] [ 571.584547][ T8041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 571.622158][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 571.629429][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.508260][ T8066] Bluetooth: MGMT ver 1.23 [ 572.656876][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.524'. [ 572.808431][ T8070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.527'. [ 572.940534][ T8062] loop0: detected capacity change from 0 to 1024 [ 572.954853][ T8070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.527'. [ 573.007803][ T8065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 573.217505][ T8062] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 573.367621][ T8070] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 574.274007][ T8085] 9p: Bad value for 'rfdno' [ 574.599725][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.443959][ T7907] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 575.665294][ T7907] usb 3-1: Using ep0 maxpacket: 32 [ 577.591839][ T7907] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 577.679900][ T7907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.794767][ T7907] usb 3-1: Product: syz [ 577.850952][ T7907] usb 3-1: Manufacturer: syz [ 577.917408][ T7907] usb 3-1: SerialNumber: syz [ 578.043960][ T8093] loop1: detected capacity change from 0 to 4096 [ 578.414160][ T7907] usb 3-1: config 0 descriptor?? [ 578.690971][ T8095] bond2: entered allmulticast mode [ 579.805004][ T8098] ip6gretap2: entered promiscuous mode [ 580.322362][ T7907] usb 3-1: can't set config #0, error -71 [ 580.343578][ T7907] usb 3-1: USB disconnect, device number 9 [ 580.907501][ T8101] loop1: detected capacity change from 0 to 4096 [ 581.103022][ T8101] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 581.200751][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.534'. [ 581.308672][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.534'. [ 581.379906][ T8123] netlink: 32 bytes leftover after parsing attributes in process `syz.1.534'. [ 581.959171][ T5842] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 582.044589][ T8131] netlink: 12 bytes leftover after parsing attributes in process `syz.0.541'. [ 582.130472][ T8131] netlink: 12 bytes leftover after parsing attributes in process `syz.0.541'. [ 582.168183][ T5842] usb 3-1: Using ep0 maxpacket: 16 [ 582.185686][ T5842] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 582.247372][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0 [ 582.287939][ T5842] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 582.320367][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.362810][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.392509][ T5842] usb 3-1: Product: syz [ 582.421554][ T5842] usb 3-1: Manufacturer: syz [ 582.487540][ T5842] usb 3-1: SerialNumber: syz [ 582.508499][ T5842] usb 3-1: config 0 descriptor?? [ 582.723556][ T8131] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 583.462147][ T5842] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input7 [ 583.905338][ C1] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 584.157518][ T5842] rc_core: IR keymap rc-imon-pad not found [ 584.163568][ T5842] Registered IR keymap rc-empty [ 584.206631][ T5842] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 584.246043][ T5842] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 584.297592][ T5842] imon:send_packet: packet tx failed (-71) [ 584.318221][ T5842] imon 3-1:0.0: remote input dev register failed [ 584.325412][ T5842] imon 3-1:0.0: imon_init_intf0: rc device setup failed [ 584.351406][ T8147] FAULT_INJECTION: forcing a failure. [ 584.351406][ T8147] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.400534][ T8148] CIFS mount error: No usable UNC path provided in device string! [ 584.400534][ T8148] [ 584.410817][ T8148] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 584.601226][ T8147] CPU: 0 UID: 0 PID: 8147 Comm: syz.1.544 Tainted: G L syzkaller #0 PREEMPT(full) [ 584.601408][ T8147] Tainted: [L]=SOFTLOCKUP [ 584.601461][ T8147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 584.601542][ T8147] Call Trace: [ 584.601609][ T8147] [ 584.601659][ T8147] __dump_stack+0x26/0x30 [ 584.601829][ T8147] dump_stack_lvl+0x14c/0x1c0 [ 584.602002][ T8147] dump_stack+0x1e/0x25 [ 584.602158][ T8147] should_fail_ex+0x7e2/0x8c0 [ 584.602354][ T8147] should_fail+0x2a/0x40 [ 584.602509][ T8147] should_fail_usercopy+0x2e/0x40 [ 584.602693][ T8147] strncpy_from_user+0x38/0x4b0 [ 584.602839][ T8147] ? kmsan_get_metadata+0xf1/0x160 [ 584.603041][ T8147] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.603252][ T8147] do_getname+0xc7/0x530 [ 584.603395][ T8147] __se_sys_renameat2+0x46/0x5b0 [ 584.603532][ T8147] ? kmsan_get_metadata+0xf1/0x160 [ 584.603735][ T8147] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.603978][ T8147] __ia32_sys_renameat2+0xe2/0x150 [ 584.604149][ T8147] ia32_sys_call+0x2cdb/0x4360 [ 584.604288][ T8147] __do_fast_syscall_32+0x17f/0x3f0 [ 584.604472][ T8147] do_fast_syscall_32+0x37/0x80 [ 584.604651][ T8147] do_SYSENTER_32+0x1f/0x30 [ 584.604818][ T8147] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 584.605004][ T8147] RIP: 0023:0xf6ffef6c [ 584.605110][ T8147] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 584.605231][ T8147] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000161 [ 584.605367][ T8147] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000780 [ 584.605464][ T8147] RDX: 00000000ffffff9c RSI: 0000000080000000 RDI: 0000000000000000 [ 584.605554][ T8147] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 584.605644][ T8147] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 584.605727][ T8147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 584.605855][ T8147] [ 584.896852][ T5842] imon 3-1:0.0: unable to initialize intf0, err 0 [ 584.951508][ T5842] imon:imon_probe: failed to initialize context! [ 585.018299][ T5842] imon 3-1:0.0: unable to register, err -19 [ 585.124718][ T5842] usb 3-1: USB disconnect, device number 10 [ 585.225772][ T8149] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 585.488712][ T8149] usb 5-1: Using ep0 maxpacket: 32 [ 587.721016][ T8149] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 587.789230][ T8149] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.849856][ T8149] usb 5-1: Product: syz [ 587.997658][ T8149] usb 5-1: Manufacturer: syz [ 588.095681][ T8149] usb 5-1: SerialNumber: syz [ 591.272162][ T8165] 9p: Bad value for 'rfdno' [ 591.800734][ T8149] usb 5-1: config 0 descriptor?? [ 591.807544][ T8149] usb 5-1: can't set config #0, error -71 [ 591.825858][ T8149] usb 5-1: USB disconnect, device number 10 [ 592.521137][ T8177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 592.677810][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 593.070234][ T8165] loop1: detected capacity change from 0 to 4096 [ 593.350804][ T8165] ntfs3: Unknown parameter 'W' [ 593.440633][ T8188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.556'. [ 593.718453][ T8190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.556'. [ 594.080219][ T8193] 9p: Bad value for 'rfdno' [ 594.180087][ T8188] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 596.904566][ T8202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 597.637462][ T8149] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 598.985252][ T8149] usb 4-1: unable to get BOS descriptor or descriptor too short [ 599.027513][ T8149] usb 4-1: not running at top speed; connect to a high speed hub [ 599.118541][ T8149] usb 4-1: config 14 has an invalid interface number: 169 but max is 0 [ 599.149686][ T8149] usb 4-1: config 14 has no interface number 0 [ 599.182192][ T8149] usb 4-1: config 14 interface 169 has no altsetting 0 [ 599.253067][ T8149] usb 4-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice=e4.82 [ 599.283740][ T8149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.306334][ T8149] usb 4-1: Product: syz [ 599.310750][ T8149] usb 4-1: Manufacturer: syz [ 599.346419][ T8149] usb 4-1: SerialNumber: syz [ 599.475921][ T7907] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 599.703120][ T8149] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:14.169/input/input9 [ 599.739732][ T7907] usb 5-1: Using ep0 maxpacket: 8 [ 599.799963][ T7907] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 599.815749][ T5120] bcm5974 4-1:14.169: could not read from device [ 599.855902][ T7907] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 599.915389][ T7907] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 599.943483][ T5120] bcm5974 4-1:14.169: could not read from device [ 599.962239][ T7907] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 599.972875][ T8149] usb 4-1: USB disconnect, device number 5 [ 600.010733][ T7907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.079757][ T7907] usbtmc 5-1:16.0: bulk endpoints not found [ 600.147559][ T5842] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 600.445223][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 600.547480][ T7907] usb 5-1: USB disconnect, device number 11 [ 600.562201][ T5842] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 602.310327][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.954791][ T5842] usb 1-1: Product: syz [ 603.959214][ T5842] usb 1-1: Manufacturer: syz [ 604.297274][ T5842] usb 1-1: SerialNumber: syz [ 604.308587][ T5842] usb 1-1: config 0 descriptor?? [ 604.643170][ T5842] usb 1-1: can't set config #0, error -71 [ 604.713621][ T5842] usb 1-1: USB disconnect, device number 14 [ 605.132535][ T5842] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 605.340052][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 605.381174][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.405882][ T5842] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 605.422707][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.440110][ T5842] usb 2-1: config 0 descriptor?? [ 607.499722][ T8236] bond1: entered allmulticast mode [ 607.952069][ T8248] ip6gretap1: entered promiscuous mode [ 608.804437][ T5842] usbhid 2-1:0.0: can't add hid device: -71 [ 608.852997][ T5842] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 608.937172][ T5842] usb 2-1: USB disconnect, device number 4 [ 609.044459][ T2143] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 609.264486][ T2143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 609.287421][ T2143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.310780][ T2143] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 609.346157][ T8265] bond3: entered allmulticast mode [ 609.351639][ T2143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.385541][ T2143] usb 1-1: config 0 descriptor?? [ 609.519002][ T8270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 609.609226][ T8268] ip6gretap3: entered promiscuous mode [ 609.871654][ T8276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 609.879573][ C1] hrtimer: interrupt took 798551 ns [ 612.004917][ T8286] netlink: 12 bytes leftover after parsing attributes in process `syz.3.577'. [ 612.085114][ T2143] usbhid 1-1:0.0: can't add hid device: -71 [ 612.092338][ T8290] netlink: 12 bytes leftover after parsing attributes in process `syz.3.577'. [ 612.109765][ T2143] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 612.119408][ T5827] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 612.137944][ T2143] usb 1-1: USB disconnect, device number 15 [ 612.304445][ T8291] loop1: detected capacity change from 0 to 4096 [ 612.359766][ T5827] usb 5-1: Using ep0 maxpacket: 32 [ 612.417503][ T5827] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 612.458229][ T8292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 612.482483][ T8291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 612.495574][ T5827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.521941][ T5827] usb 5-1: Product: syz [ 612.526362][ T5827] usb 5-1: Manufacturer: syz [ 612.553818][ T5827] usb 5-1: SerialNumber: syz [ 612.622041][ T8291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'. [ 612.660703][ T5827] usb 5-1: config 0 descriptor?? [ 613.769850][ T8305] netlink: 32 bytes leftover after parsing attributes in process `syz.1.579'. [ 614.062854][ T8291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'. [ 614.224226][ T5827] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 012 [ 616.883411][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.151734][ T5827] usb 5-1: USB disconnect, device number 12 [ 617.603424][ T8320] bridge0: port 3(syz_tun) entered blocking state [ 617.838980][ T8320] bridge0: port 3(syz_tun) entered disabled state [ 618.234310][ T8320] syz_tun: entered allmulticast mode [ 618.313785][ T8320] syz_tun: entered promiscuous mode [ 618.375167][ T8320] bridge0: port 3(syz_tun) entered blocking state [ 618.382120][ T8320] bridge0: port 3(syz_tun) entered forwarding state [ 619.028717][ T8331] 9p: Bad value for 'rfdno' [ 619.544087][ T8344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 619.781387][ T8334] bond4: entered allmulticast mode [ 619.894275][ T8349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 619.991568][ T8341] ip6gretap4: entered promiscuous mode [ 620.688656][ T8338] loop4: detected capacity change from 0 to 4096 [ 620.763183][ T8338] ntfs3: Unknown parameter 'W' [ 627.191205][ T5827] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 627.362186][ T8374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.597'. [ 627.460387][ T8376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.597'. [ 627.859654][ T8374] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 628.131500][ T8386] XFS (nbd3): no-recovery mounts must be read-only. [ 629.955721][ T8393] loop3: detected capacity change from 0 to 4096 [ 630.070462][ T8393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.148096][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.604'. [ 630.211041][ T8410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 630.253068][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.604'. [ 630.266717][ T8415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 630.307572][ T8393] netlink: 32 bytes leftover after parsing attributes in process `syz.3.604'. [ 630.488326][ T8402] bond2: entered allmulticast mode [ 630.671809][ T8413] ip6gretap2: entered promiscuous mode [ 630.788874][ T8421] 9p: Bad value for 'wfdno' [ 630.939322][ T8422] loop4: detected capacity change from 0 to 512 [ 631.046830][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.208560][ T8422] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 631.466894][ T8422] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 631.658756][ T8422] ext4 filesystem being mounted at /121/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 632.099449][ T8421] EXT4-fs error (device loop4): ext4_lookup:1785: inode #12: comm syz.4.608: iget: bad i_size value: 2533274857506816 [ 632.188279][ T5827] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 632.199091][ T2143] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 632.368254][ T5827] usb 4-1: Using ep0 maxpacket: 32 [ 632.403119][ T5827] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 632.418841][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.437371][ T5827] usb 4-1: Product: syz [ 632.442290][ T5827] usb 4-1: Manufacturer: syz [ 632.448850][ T2143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 632.459263][ T5827] usb 4-1: SerialNumber: syz [ 632.478433][ T5827] usb 4-1: config 0 descriptor?? [ 632.484801][ T2143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.518878][ T2143] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 632.547085][ T2143] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.575269][ T8436] IPVS: set_ctl: invalid protocol: 98 224.0.0.1:20004 [ 632.586916][ T2143] usb 3-1: config 0 descriptor?? [ 632.728012][ T5827] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 006 [ 633.013569][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 633.020764][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.566046][ T5781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.634626][ T8450] loop1: detected capacity change from 0 to 512 [ 634.680221][ T8450] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 634.784152][ T2143] usbhid 3-1:0.0: can't add hid device: -71 [ 634.798928][ T2143] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 634.871345][ T2143] usb 3-1: USB disconnect, device number 11 [ 635.200039][ T2143] usb 4-1: USB disconnect, device number 6 [ 635.697367][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.620'. [ 635.756913][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.620'. [ 635.877135][ T8461] FAULT_INJECTION: forcing a failure. [ 635.877135][ T8461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 636.008402][ T8461] CPU: 1 UID: 0 PID: 8461 Comm: syz.4.621 Tainted: G L syzkaller #0 PREEMPT(full) [ 636.008588][ T8461] Tainted: [L]=SOFTLOCKUP [ 636.008644][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 636.008739][ T8461] Call Trace: [ 636.008794][ T8461] [ 636.008849][ T8461] __dump_stack+0x26/0x30 [ 636.009022][ T8461] dump_stack_lvl+0x14c/0x1c0 [ 636.009207][ T8461] dump_stack+0x1e/0x25 [ 636.009368][ T8461] should_fail_ex+0x7e2/0x8c0 [ 636.009566][ T8461] should_fail+0x2a/0x40 [ 636.009736][ T8461] should_fail_usercopy+0x2e/0x40 [ 636.009925][ T8461] _copy_from_user+0x33/0x100 [ 636.010107][ T8461] kstrtouint_from_user+0x75/0x140 [ 636.010256][ T8461] ? kmsan_get_metadata+0xf1/0x160 [ 636.010470][ T8461] ? proc_fail_nth_write+0x43/0x300 [ 636.010620][ T8461] ? vfs_write+0x48a/0x15c0 [ 636.010811][ T8461] proc_fail_nth_write+0x61/0x300 [ 636.010962][ T8461] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 636.011175][ T8461] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 636.011336][ T8461] vfs_write+0x48a/0x15c0 [ 636.011516][ T8461] ? stack_depot_save_flags+0x35/0x790 [ 636.011681][ T8461] ? kmsan_get_metadata+0xf1/0x160 [ 636.011892][ T8461] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 636.012098][ T8461] ? kmsan_get_metadata+0xf1/0x160 [ 636.012311][ T8461] ksys_write+0x1d9/0x470 [ 636.012506][ T8461] __ia32_sys_write+0x9a/0xf0 [ 636.012699][ T8461] ia32_sys_call+0x37a7/0x4360 [ 636.012844][ T8461] do_int80_emulation+0x15a/0x330 [ 636.013012][ T8461] ? clear_bhb_loop+0x50/0xa0 [ 636.013155][ T8461] ? clear_bhb_loop+0x50/0xa0 [ 636.013312][ T8461] asm_int80_emulation+0x1f/0x30 [ 636.013453][ T8461] RIP: 0023:0xf7115cab [ 636.013559][ T8461] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 636.013693][ T8461] RSP: 002b:00000000f53cd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 636.013838][ T8461] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f53cd5d0 [ 636.013941][ T8461] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 636.014023][ T8461] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 636.014109][ T8461] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 636.014196][ T8461] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 636.014325][ T8461] [ 636.354920][ T8459] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 637.514170][ T8471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 637.955364][ T8472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 641.145587][ T8484] CIFS mount error: No usable UNC path provided in device string! [ 641.145587][ T8484] [ 641.155830][ T8484] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 641.965654][ T8492] loop1: detected capacity change from 0 to 512 [ 642.059823][ T8492] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 642.405396][ T8498] FAULT_INJECTION: forcing a failure. [ 642.405396][ T8498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.697120][ T8498] CPU: 1 UID: 0 PID: 8498 Comm: syz.3.633 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.697305][ T8498] Tainted: [L]=SOFTLOCKUP [ 642.697361][ T8498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 642.697449][ T8498] Call Trace: [ 642.697499][ T8498] [ 642.697554][ T8498] __dump_stack+0x26/0x30 [ 642.697732][ T8498] dump_stack_lvl+0x14c/0x1c0 [ 642.697907][ T8498] dump_stack+0x1e/0x25 [ 642.698061][ T8498] should_fail_ex+0x7e2/0x8c0 [ 642.698261][ T8498] should_fail+0x2a/0x40 [ 642.698419][ T8498] should_fail_usercopy+0x2e/0x40 [ 642.698603][ T8498] _copy_from_user+0x33/0x100 [ 642.698785][ T8498] kstrtouint_from_user+0x75/0x140 [ 642.698927][ T8498] ? kmsan_get_metadata+0xf1/0x160 [ 642.699160][ T8498] ? proc_fail_nth_write+0x43/0x300 [ 642.699310][ T8498] ? vfs_write+0x48a/0x15c0 [ 642.699497][ T8498] proc_fail_nth_write+0x61/0x300 [ 642.699649][ T8498] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 642.699877][ T8498] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 642.700037][ T8498] vfs_write+0x48a/0x15c0 [ 642.700221][ T8498] ? stack_depot_save_flags+0x35/0x790 [ 642.700387][ T8498] ? kmsan_get_metadata+0xf1/0x160 [ 642.700596][ T8498] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 642.700808][ T8498] ? kmsan_get_metadata+0xf1/0x160 [ 642.701028][ T8498] ksys_write+0x1d9/0x470 [ 642.701235][ T8498] __ia32_sys_write+0x9a/0xf0 [ 642.701434][ T8498] ia32_sys_call+0x37a7/0x4360 [ 642.701576][ T8498] do_int80_emulation+0x15a/0x330 [ 642.701757][ T8498] ? clear_bhb_loop+0x50/0xa0 [ 642.701911][ T8498] ? clear_bhb_loop+0x50/0xa0 [ 642.702070][ T8498] asm_int80_emulation+0x1f/0x30 [ 642.702214][ T8498] RIP: 0023:0xf7135cab [ 642.702319][ T8498] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 642.702455][ T8498] RSP: 002b:00000000f53ed4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 642.702593][ T8498] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f53ed5d0 [ 642.702698][ T8498] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 642.702787][ T8498] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 642.702873][ T8498] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 642.702961][ T8498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 642.703089][ T8498] [ 644.878430][ T8507] CIFS mount error: No usable UNC path provided in device string! [ 644.878430][ T8507] [ 644.888829][ T8507] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 645.822493][ T8520] loop0: detected capacity change from 0 to 8 [ 645.965326][ T8520] SQUASHFS error: zlib decompression failed, data probably corrupt [ 646.003666][ T8520] SQUASHFS error: Failed to read block 0x9b: -5 [ 646.010150][ T8520] SQUASHFS error: Unable to read metadata cache entry [99] [ 646.032352][ T8525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 646.081811][ T8520] SQUASHFS error: Unable to read inode 0x127 [ 646.199801][ T8520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.638'. [ 646.229676][ T8528] CIFS mount error: No usable UNC path provided in device string! [ 646.229676][ T8528] [ 646.240063][ T8528] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 646.281812][ T8529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 646.891511][ T8517] bond1: entered allmulticast mode [ 652.300389][ T8541] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 653.648958][ T2143] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 653.844098][ T2143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 653.887069][ T2143] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.927172][ T2143] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 653.972581][ T2143] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.042329][ T2143] usb 3-1: config 0 descriptor?? [ 654.108720][ T8574] CIFS mount error: No usable UNC path provided in device string! [ 654.108720][ T8574] [ 654.119032][ T8574] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 654.128640][ T5842] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 654.339362][ T5842] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 654.406634][ T5842] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.452617][ T5842] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 654.478897][ T5842] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.527126][ T5842] usb 4-1: config 0 descriptor?? [ 656.104453][ T2143] usbhid 3-1:0.0: can't add hid device: -71 [ 656.113116][ T2143] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 656.225919][ T8593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 656.244577][ T2143] usb 3-1: USB disconnect, device number 12 [ 656.564752][ T5842] usbhid 4-1:0.0: can't add hid device: -71 [ 656.584586][ T5842] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 656.736107][ T5842] usb 4-1: USB disconnect, device number 7 [ 657.532713][ T8609] loop1: detected capacity change from 0 to 2048 [ 657.952580][ T8609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 658.015461][ T8609] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 658.035685][ T8618] 9p: Bad value for 'rfdno' [ 658.185097][ T8603] fscrypt (loop1, inode 14): Error -61 getting encryption context [ 658.836565][ T8622] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 658.866999][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 660.394193][ T8635] 9p: Bad value for 'rfdno' [ 660.449750][ T8623] loop4: detected capacity change from 0 to 4096 [ 660.594468][ T8623] ntfs3: Unknown parameter 'W' [ 661.520243][ T8644] bond2: entered allmulticast mode [ 661.751648][ T8638] loop3: detected capacity change from 0 to 4096 [ 661.796798][ T8638] ntfs3: Unknown parameter 'W' [ 662.044275][ T5827] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 662.282168][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 662.332511][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 662.362674][ T5827] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 662.372006][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.465143][ T5827] usb 5-1: config 0 descriptor?? [ 663.049774][ T8658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 663.074430][ T8662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 663.208757][ T8658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 663.268851][ T8666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 664.537414][ T5827] usbhid 5-1:0.0: can't add hid device: -71 [ 664.565149][ T5827] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 664.608887][ T5827] usb 5-1: USB disconnect, device number 13 [ 664.902141][ T5842] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 665.134564][ T5842] usb 4-1: config 0 has an invalid interface number: 18 but max is 0 [ 665.174715][ T5842] usb 4-1: config 0 has no interface number 0 [ 665.210199][ T5842] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 665.247687][ T5842] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.281508][ T5827] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 665.293981][ T5842] usb 4-1: config 0 descriptor?? [ 665.328080][ T5842] usb 4-1: bad CDC descriptors [ 665.595056][ T5827] usb 1-1: New USB device found, idVendor=0582, idProduct=0145, bcdDevice= 0.40 [ 665.620989][ T5827] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.663370][ T5827] usb 1-1: Product: syz [ 665.671750][ T5827] usb 1-1: Manufacturer: syz [ 665.676578][ T5827] usb 1-1: SerialNumber: syz [ 665.726119][ T8674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.787660][ T8688] netlink: 40 bytes leftover after parsing attributes in process `syz.4.679'. [ 665.837083][ T8674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.884697][ T8681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 665.982116][ T8674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.001454][ T8689] Invalid ELF header magic: != ELF [ 666.049691][ T8674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 666.191017][ T5827] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 666.211824][ T5827] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 666.231139][ T5827] usb 1-1: 2:1 : unsupported sample bitwidth 4 in 6 bytes [ 666.473393][ T5842] usb 4-1: USB disconnect, device number 8 [ 666.752631][ T5827] usb 1-1: USB disconnect, device number 16 [ 666.771710][ T8692] loop2: detected capacity change from 0 to 4096 [ 666.892468][ T8692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 666.953389][ T8692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.680'. [ 666.975838][ T8692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.680'. [ 666.992189][ T8696] 9p: Bad value for 'rfdno' [ 667.052157][ T8692] netlink: 32 bytes leftover after parsing attributes in process `syz.2.680'. [ 667.065425][ T7222] udevd[7222]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 667.333086][ T8695] loop1: detected capacity change from 0 to 4096 [ 667.631781][ T8695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 667.702576][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.681'. [ 667.733364][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.681'. [ 667.832792][ T8695] netlink: 32 bytes leftover after parsing attributes in process `syz.1.681'. [ 668.092687][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 668.798673][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 669.309383][ T8717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 670.573841][ T8730] syzkaller0: entered promiscuous mode [ 670.919985][ T8734] loop0: detected capacity change from 0 to 64 [ 671.418452][ T8736] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 671.816298][ T8744] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap3 [ 671.963319][ T8744] ip6gretap3: entered promiscuous mode [ 671.984546][ T8748] loop3: detected capacity change from 0 to 512 [ 672.056089][ T8748] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 672.288291][ T8751] evm: overlay not supported [ 672.293296][ T29] audit: type=1800 audit(1775211476.134:4): pid=8751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.696" name="file1" dev="overlay" ino=712 res=0 errno=0 [ 672.460591][ T8749] loop1: detected capacity change from 0 to 512 [ 672.618187][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.4.698'. [ 672.826652][ T8752] loop0: detected capacity change from 0 to 4096 [ 673.051785][ T8752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 673.072857][ T8752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.695'. [ 673.118016][ T8752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.695'. [ 673.157555][ T8752] netlink: 32 bytes leftover after parsing attributes in process `syz.0.695'. [ 673.938263][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 674.916718][ T8780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 674.933407][ T8779] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 675.983072][ T8787] syzkaller0: entered promiscuous mode [ 681.451395][ T8811] 9p: Bad value for 'rfdno' [ 681.533178][ T2143] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 681.724748][ T2143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 681.749856][ T5828] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 681.778951][ T2143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 681.810513][ T2143] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 681.843630][ T2143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.870424][ T2143] usb 1-1: config 0 descriptor?? [ 681.973812][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 682.025902][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.082957][ T5828] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 682.113013][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.254807][ T5828] usb 4-1: config 0 descriptor?? [ 683.102676][ T8814] loop1: detected capacity change from 0 to 4096 [ 683.157634][ T8814] ntfs3: Unknown parameter 'W' [ 684.097288][ T8835] CIFS mount error: No usable UNC path provided in device string! [ 684.097288][ T8835] [ 684.108160][ T8835] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 684.193152][ T2143] usbhid 1-1:0.0: can't add hid device: -71 [ 684.199859][ T2143] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 684.468703][ T2143] usb 1-1: USB disconnect, device number 17 [ 684.728243][ T8836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 685.545368][ T5828] usbhid 4-1:0.0: can't add hid device: -71 [ 685.621295][ T5828] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 685.656469][ T5828] usb 4-1: USB disconnect, device number 9 [ 685.993803][ T8845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.721'. [ 686.338329][ T8849] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 686.411975][ T8849] ip6gretap1: entered promiscuous mode [ 687.427588][ T8864] openvswitch: netlink: Message has 4 unknown bytes. [ 687.459493][ T8856] bond2: entered allmulticast mode [ 688.042607][ T8871] 9p: Bad value for 'rfdno' [ 688.953022][ T8874] syzkaller0: entered promiscuous mode [ 689.524526][ T8887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.735'. [ 689.806871][ T8879] loop2: detected capacity change from 0 to 4096 [ 689.880181][ T8879] ntfs3: Unknown parameter 'W' [ 689.932400][ T8891] loop4: detected capacity change from 0 to 8 [ 690.043863][ T8889] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 690.101578][ T8891] SQUASHFS error: xz decompression failed, data probably corrupt [ 690.148745][ T8891] SQUASHFS error: Failed to read block 0x108: -5 [ 690.155221][ T8891] SQUASHFS error: Unable to read metadata cache entry [106] [ 690.214766][ T8891] SQUASHFS error: Unable to read inode 0x11f [ 690.411035][ T8892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 690.473723][ T8896] hsr0: entered allmulticast mode [ 690.574703][ T8896] hsr_slave_0: entered allmulticast mode [ 690.580598][ T8896] hsr_slave_1: entered allmulticast mode [ 690.591088][ T8891] loop4: detected capacity change from 0 to 2048 [ 690.625377][ T8891] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 690.733099][ T8896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.738'. [ 690.813700][ T8896] hsr_slave_0: left promiscuous mode [ 690.945473][ T8896] hsr_slave_1: left promiscuous mode [ 691.175218][ T8899] loop0: detected capacity change from 0 to 512 [ 691.288869][ T8899] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 691.393394][ T8899] EXT4-fs (loop0): 1 truncate cleaned up [ 691.460180][ T8899] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 691.980888][ T8907] openvswitch: netlink: IP tunnel dst address not specified [ 692.268281][ T8899] EXT4-fs error (device loop0): ext4_lookup:1785: inode #14: comm syz.0.739: invalid fast symlink length 39 [ 692.362745][ T8899] EXT4-fs (loop0): Remounting filesystem read-only [ 692.672591][ T8913] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap5 [ 692.782580][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 692.866224][ T8913] ip6gretap5: entered promiscuous mode [ 694.310248][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.512240][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 695.013219][ T8926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.747'. [ 695.069882][ T8928] syzkaller0: entered promiscuous mode [ 695.176977][ T8928] 0: reclassify loop, rule prio 0, protocol 800 [ 695.652012][ T8933] 9p: Bad value for 'rfdno' [ 695.912027][ T8938] binder: 8937:8938 ioctl 40046205 0 returned -22 [ 696.190009][ T8936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 696.719390][ T8950] openvswitch: netlink: IP tunnel dst address not specified [ 697.180499][ T8939] loop1: detected capacity change from 0 to 4096 [ 697.234969][ T8939] ntfs3: Unknown parameter 'W' [ 697.665083][ T5828] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 697.907063][ T5828] usb 3-1: Using ep0 maxpacket: 32 [ 697.956865][ T5828] usb 3-1: config 0 has an invalid interface number: 119 but max is 0 [ 698.008788][ T5828] usb 3-1: config 0 has no interface number 0 [ 698.045634][ T5828] usb 3-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 698.147916][ T5828] usb 3-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 698.260083][ T5828] usb 3-1: config 0 interface 119 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 698.436737][ T5828] usb 3-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 698.600998][ T5828] usb 3-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 698.659666][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.719817][ T5828] usb 3-1: Product: syz [ 698.724233][ T5828] usb 3-1: Manufacturer: syz [ 698.760395][ T5828] usb 3-1: SerialNumber: syz [ 698.807241][ T5828] usb 3-1: config 0 descriptor?? [ 698.840246][ T8973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.762'. [ 698.894398][ T8962] bond2: entered allmulticast mode [ 698.950673][ T5828] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.119/input/input10 [ 699.190585][ T5828] usb 3-1: USB disconnect, device number 13 [ 699.191123][ C1] bcm5974 3-1:0.119: trackpad urb failed: -19 [ 699.304039][ T8967] ip6gretap1: entered promiscuous mode [ 699.359568][ T8975] FAULT_INJECTION: forcing a failure. [ 699.359568][ T8975] name failslab, interval 1, probability 0, space 0, times 0 [ 699.446783][ T8975] CPU: 1 UID: 0 PID: 8975 Comm: syz.1.763 Tainted: G L syzkaller #0 PREEMPT(full) [ 699.446913][ T8975] Tainted: [L]=SOFTLOCKUP [ 699.446954][ T8975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 699.447012][ T8975] Call Trace: [ 699.447047][ T8975] [ 699.447085][ T8975] __dump_stack+0x26/0x30 [ 699.447208][ T8975] dump_stack_lvl+0x14c/0x1c0 [ 699.447325][ T8975] dump_stack+0x1e/0x25 [ 699.447430][ T8975] should_fail_ex+0x7e2/0x8c0 [ 699.447573][ T8975] should_failslab+0x158/0x200 [ 699.447676][ T8975] kmem_cache_alloc_node_noprof+0x14c/0x12d0 [ 699.447783][ T8975] ? kmsan_get_metadata+0xf1/0x160 [ 699.447919][ T8975] ? __alloc_skb+0x744/0x1190 [ 699.448065][ T8975] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 699.448212][ T8975] __alloc_skb+0x744/0x1190 [ 699.448345][ T8975] ? __alloc_skb+0x35e/0x1190 [ 699.448479][ T8975] ? netlink_autobind+0x3b0/0x430 [ 699.448680][ T8975] netlink_alloc_large_skb+0xa5/0x290 [ 699.448787][ T8975] netlink_sendmsg+0xae9/0x1250 [ 699.448921][ T8975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 699.449030][ T8975] ____sys_sendmsg+0xf37/0xfd0 [ 699.449170][ T8975] ___sys_sendmsg+0x271/0x3b0 [ 699.449270][ T8975] ? kmsan_get_metadata+0xf1/0x160 [ 699.449413][ T8975] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 699.449568][ T8975] ? __rcu_read_unlock+0x6c/0xd0 [ 699.449738][ T8975] ? __fget_files+0x3b4/0x4a0 [ 699.449900][ T8975] ? __fget_files+0x3b9/0x4a0 [ 699.450052][ T8975] ? kmsan_get_metadata+0xf1/0x160 [ 699.450250][ T8975] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 699.450399][ T8975] __sys_sendmsg+0x1aa/0x300 [ 699.450536][ T8975] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 699.450689][ T8975] ia32_sys_call+0x1e4a/0x4360 [ 699.450783][ T8975] __do_fast_syscall_32+0x17f/0x3f0 [ 699.450917][ T8975] do_fast_syscall_32+0x37/0x80 [ 699.451029][ T8975] do_SYSENTER_32+0x1f/0x30 [ 699.451139][ T8975] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 699.451263][ T8975] RIP: 0023:0xf6ffef6c [ 699.451334][ T8975] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 699.451421][ T8975] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 699.451519][ T8975] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 699.451586][ T8975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 699.451643][ T8975] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 699.451700][ T8975] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 699.451758][ T8975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 699.451842][ T8975] [ 699.859725][ T8967] bond2: (slave ip6gretap1): making interface the new active one [ 699.926586][ T8967] ip6gretap1: entered allmulticast mode [ 699.995693][ T8967] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 707.385482][ T9001] 9p: Bad value for 'rfdno' [ 707.443800][ T8999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 707.570650][ T9002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 708.919893][ T9013] FAULT_INJECTION: forcing a failure. [ 708.919893][ T9013] name failslab, interval 1, probability 0, space 0, times 0 [ 709.004704][ T9013] CPU: 0 UID: 0 PID: 9013 Comm: syz.4.774 Tainted: G L syzkaller #0 PREEMPT(full) [ 709.004873][ T9013] Tainted: [L]=SOFTLOCKUP [ 709.004926][ T9013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 709.005008][ T9013] Call Trace: [ 709.005062][ T9013] [ 709.005123][ T9013] __dump_stack+0x26/0x30 [ 709.005279][ T9013] dump_stack_lvl+0x14c/0x1c0 [ 709.005449][ T9013] dump_stack+0x1e/0x25 [ 709.005595][ T9013] should_fail_ex+0x7e2/0x8c0 [ 709.005791][ T9013] should_failslab+0x158/0x200 [ 709.005932][ T9013] __kmalloc_noprof+0x1e0/0x1680 [ 709.006082][ T9013] ? tomoyo_encode+0x603/0x9f0 [ 709.006376][ T9013] ? kmsan_get_metadata+0xf1/0x160 [ 709.006580][ T9013] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 709.006801][ T9013] tomoyo_encode+0x603/0x9f0 [ 709.007010][ T9013] tomoyo_realpath_from_path+0x92e/0x9f0 [ 709.007209][ T9013] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 709.007443][ T9013] tomoyo_path_number_perm+0x1d0/0x7d0 [ 709.007637][ T9013] ? kmsan_get_metadata+0xf1/0x160 [ 709.007888][ T9013] tomoyo_file_ioctl+0x3d/0x50 [ 709.008071][ T9013] security_file_ioctl_compat+0x139/0x570 [ 709.008347][ T9013] __ia32_compat_sys_ioctl+0x150/0x1270 [ 709.008558][ T9013] ? ksys_write+0x35b/0x470 [ 709.008736][ T9013] ? kmsan_get_metadata+0xf1/0x160 [ 709.008953][ T9013] ia32_sys_call+0x2854/0x4360 [ 709.009105][ T9013] __do_fast_syscall_32+0x17f/0x3f0 [ 709.009298][ T9013] do_fast_syscall_32+0x37/0x80 [ 709.009469][ T9013] do_SYSENTER_32+0x1f/0x30 [ 709.009635][ T9013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 709.009817][ T9013] RIP: 0023:0xf6fdef6c [ 709.009921][ T9013] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 709.010048][ T9013] RSP: 002b:00000000f53cd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 709.010188][ T9013] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008933 [ 709.010295][ T9013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 709.010380][ T9013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 709.010465][ T9013] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 709.010548][ T9013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 709.010667][ T9013] [ 709.010775][ T9013] ERROR: Out of memory at tomoyo_realpath_from_path. [ 709.028431][ T9008] loop1: detected capacity change from 0 to 4096 [ 709.662454][ T9008] ntfs3: Unknown parameter 'W' [ 711.187437][ T9028] netlink: 'syz.4.778': attribute type 21 has an invalid length. [ 711.222394][ T9028] netlink: 156 bytes leftover after parsing attributes in process `syz.4.778'. [ 711.660621][ T9023] comedi comedi2: reset error (fatal) [ 711.719154][ T9037] openvswitch: netlink: IP tunnel dst address not specified [ 711.956914][ T9030] bond5: entered allmulticast mode [ 712.188232][ T9034] ip6gretap5: entered promiscuous mode [ 714.214928][ T9034] bond5: (slave ip6gretap5): making interface the new active one [ 714.322591][ T9034] ip6gretap5: entered allmulticast mode [ 714.720809][ T9034] bond5: (slave ip6gretap5): Enslaving as an active interface with an up link [ 718.871893][ T9063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 720.304128][ T9073] loop4: detected capacity change from 0 to 4096 [ 720.558943][ T9073] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 720.658565][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz.4.789'. [ 720.748481][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz.4.789'. [ 720.835421][ T9087] netlink: 32 bytes leftover after parsing attributes in process `syz.4.789'. [ 720.860900][ T9086] openvswitch: netlink: IP tunnel dst address not specified [ 721.053737][ T2143] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 721.272552][ T2143] usb 4-1: Using ep0 maxpacket: 8 [ 721.323645][ T2143] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.0a [ 721.383222][ T2143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.493865][ T2143] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 721.575371][ T2143] input: xirlink-cit as /devices/platform/dummy_hcd.3/usb4/4-1/input/input11 [ 724.569650][ T5781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.715939][ T9103] netlink: 20 bytes leftover after parsing attributes in process `syz.1.796'. [ 725.031229][ T5828] usb 4-1: USB disconnect, device number 10 [ 725.126425][ T9106] loop1: detected capacity change from 0 to 1024 [ 725.290402][ T9106] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 725.311230][ T2143] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 725.361907][ T9106] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 725.451827][ T9106] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 725.516781][ T9106] EXT4-fs (loop1): orphan cleanup on readonly fs [ 725.534963][ T2143] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 725.589063][ T2143] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 725.620327][ T9106] EXT4-fs error (device loop1): ext4_free_blocks:6724: comm syz.1.796: Freeing blocks not in datazone - block = 0, count = 4096 [ 725.635585][ T2143] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.685934][ T2143] usb 1-1: Product: syz [ 725.725892][ T2143] usb 1-1: Manufacturer: syz [ 725.730730][ T2143] usb 1-1: SerialNumber: syz [ 725.733298][ T9106] loop1: lost filesystem error report for type 5 error -117 [ 725.751085][ T9106] EXT4-fs (loop1): 1 orphan inode deleted [ 725.758986][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 725.759086][ C0] EXT4-fs (loop1): initial error at time 1775735818: ext4_free_blocks:6724 [ 725.759214][ C0] EXT4-fs (loop1): last error at time 1775735818: ext4_free_blocks:6724 [ 725.818404][ T2143] usb 1-1: config 0 descriptor?? [ 725.964714][ T9106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 726.186721][ T9105] loop0: detected capacity change from 0 to 128 [ 726.217081][ T9105] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 726.418393][ T9105] netlink: 512 bytes leftover after parsing attributes in process `syz.0.797'. [ 726.446477][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 726.543547][ T2143] usb 1-1: USB disconnect, device number 18 [ 726.943500][ T9118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 727.260292][ T9118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 728.381335][ T9132] openvswitch: netlink: IP tunnel dst address not specified [ 729.228561][ T9138] loop2: detected capacity change from 0 to 512 [ 729.235888][ T9142] loop0: detected capacity change from 0 to 128 [ 729.803066][ T2143] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 730.171513][ T2143] usb 5-1: Using ep0 maxpacket: 32 [ 730.194077][ T2143] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 730.207449][ T2143] usb 5-1: config 0 has no interface number 0 [ 730.240471][ T9138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 730.264302][ T2143] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 730.310992][ T2143] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.319236][ T2143] usb 5-1: Product: syz [ 730.347397][ T2143] usb 5-1: Manufacturer: syz [ 730.408293][ T2143] usb 5-1: SerialNumber: syz [ 730.441279][ T2143] usb 5-1: config 0 descriptor?? [ 730.479810][ T2143] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 730.642418][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 730.662525][ T9156] FAULT_INJECTION: forcing a failure. [ 730.662525][ T9156] name failslab, interval 1, probability 0, space 0, times 0 [ 730.699956][ T9156] CPU: 0 UID: 0 PID: 9156 Comm: syz.0.813 Tainted: G L syzkaller #0 PREEMPT(full) [ 730.700143][ T9156] Tainted: [L]=SOFTLOCKUP [ 730.700201][ T9156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 730.700289][ T9156] Call Trace: [ 730.700340][ T9156] [ 730.700394][ T9156] __dump_stack+0x26/0x30 [ 730.700577][ T9156] dump_stack_lvl+0x14c/0x1c0 [ 730.700763][ T9156] dump_stack+0x1e/0x25 [ 730.700921][ T9156] should_fail_ex+0x7e2/0x8c0 [ 730.701133][ T9156] should_failslab+0x158/0x200 [ 730.701284][ T9156] kmem_cache_alloc_lru_noprof+0x14d/0x1280 [ 730.701451][ T9156] ? shmem_alloc_inode+0x5a/0xd0 [ 730.701614][ T9156] ? kmsan_get_metadata+0xf1/0x160 [ 730.701848][ T9156] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 730.702076][ T9156] shmem_alloc_inode+0x5a/0xd0 [ 730.702234][ T9156] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 730.702397][ T9156] alloc_inode+0x8a/0x4a0 [ 730.702530][ T9156] ? kmsan_get_metadata+0xf1/0x160 [ 730.702747][ T9156] new_inode+0x38/0x460 [ 730.702896][ T9156] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 730.703095][ T9156] shmem_get_inode+0x675/0x1c80 [ 730.703257][ T9156] ? memfd_check_seals_mmap+0x2e1/0x350 [ 730.703456][ T9156] __shmem_file_setup+0x264/0x5f0 [ 730.703621][ T9156] shmem_file_setup+0x7f/0xb0 [ 730.703779][ T9156] memfd_alloc_file+0x94/0x990 [ 730.703963][ T9156] __se_sys_memfd_create+0x855/0xb10 [ 730.704141][ T9156] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 730.704367][ T9156] __ia32_sys_memfd_create+0x76/0xb0 [ 730.704551][ T9156] ia32_sys_call+0x1ca8/0x4360 [ 730.704700][ T9156] __do_fast_syscall_32+0x17f/0x3f0 [ 730.704899][ T9156] do_fast_syscall_32+0x37/0x80 [ 730.705072][ T9156] do_SYSENTER_32+0x1f/0x30 [ 730.705239][ T9156] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 730.705426][ T9156] RIP: 0023:0xf7f37f6c [ 730.705532][ T9156] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 730.705663][ T9156] RSP: 002b:00000000f53f631c EFLAGS: 00000206 ORIG_RAX: 0000000000000164 [ 730.705808][ T9156] RAX: ffffffffffffffda RBX: 00000000f7200025 RCX: 0000000000000000 [ 730.705910][ T9156] RDX: 00000000f71239ce RSI: 00000000f53f63c0 RDI: 0000000000000040 [ 730.706009][ T9156] RBP: 0000000080000600 R08: 0000000000000000 R09: 0000000000000000 [ 730.706102][ T9156] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 730.706190][ T9156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 730.706341][ T9156] [ 731.306171][ T2143] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 731.451255][ T2143] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 732.102809][ T9173] loop1: detected capacity change from 0 to 64 [ 732.610090][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 732.614233][ T5828] usb 5-1: USB disconnect, device number 14 [ 732.805749][ T5828] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 732.940852][ T5828] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 733.032354][ T5828] quatech2 5-1:0.51: device disconnected [ 733.460757][ T9179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 733.563419][ T9183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 733.740667][ T9181] loop1: detected capacity change from 0 to 2048 [ 733.752448][ T9184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 734.103423][ T9189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.821'. [ 734.177513][ T9190] netlink: 12 bytes leftover after parsing attributes in process `syz.4.822'. [ 734.266041][ T9190] netlink: 12 bytes leftover after parsing attributes in process `syz.4.822'. [ 735.445183][ T9190] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 737.178571][ T9211] CIFS mount error: No usable UNC path provided in device string! [ 737.178571][ T9211] [ 737.188894][ T9211] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 738.173870][ T5828] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 738.414756][ T5828] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 738.445360][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.482710][ T5828] usb 5-1: Product: syz [ 738.487150][ T5828] usb 5-1: Manufacturer: syz [ 738.523797][ T5828] usb 5-1: SerialNumber: syz [ 738.572207][ T5828] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 738.725017][ T5827] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 739.385802][ T2143] usb 5-1: USB disconnect, device number 15 [ 739.637871][ T9238] loop2: detected capacity change from 0 to 512 [ 739.820490][ T5827] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 739.832432][ T9238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 739.846375][ T5827] ath9k_htc: Failed to initialize the device [ 739.856442][ T9238] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 739.859129][ T2143] usb 5-1: ath9k_htc: USB layer deinitialized [ 740.969597][ T5827] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 741.131382][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 741.188574][ T5827] usb 5-1: unable to get BOS descriptor or descriptor too short [ 741.224449][ T5827] usb 5-1: not running at top speed; connect to a high speed hub [ 741.245841][ T5827] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 741.264531][ T9269] bond3: entered allmulticast mode [ 741.296342][ T5827] usb 5-1: config 1 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 741.355072][ T5827] usb 5-1: config 1 interface 0 has no altsetting 0 [ 741.391903][ T5827] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 741.431878][ T5827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.465895][ T5827] usb 5-1: Product: syz [ 741.485019][ T9274] ip6gretap1: entered promiscuous mode [ 741.495827][ T5827] usb 5-1: Manufacturer: syz [ 741.516841][ T5827] usb 5-1: SerialNumber: syz [ 741.570593][ T9274] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 741.662692][ T9274] bond3: (slave ip6gretap1): making interface the new active one [ 741.718083][ T9274] ip6gretap1: entered allmulticast mode [ 741.747342][ T9274] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 741.804813][ T9281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.845'. [ 741.814576][ T5827] usb 5-1: bad CDC descriptors [ 741.868803][ T5827] usb 5-1: USB disconnect, device number 16 [ 741.891419][ T9290] netlink: 12 bytes leftover after parsing attributes in process `syz.3.845'. [ 742.133935][ T9293] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 742.628188][ T9349] loop1: detected capacity change from 0 to 64 [ 743.176079][ T9364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.852'. [ 743.380193][ T9367] loop1: detected capacity change from 0 to 64 [ 745.241320][ T9402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.861'. [ 745.294921][ T9402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.861'. [ 745.634533][ T9402] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 745.849054][ T9411] netlink: 52 bytes leftover after parsing attributes in process `syz.1.862'. [ 745.864706][ T9411] tipc: Invalid UDP bearer configuration [ 745.866074][ T9411] tipc: Enabling of bearer rejected, failed to enable media [ 746.639653][ T9449] loop2: detected capacity change from 0 to 64 [ 747.517989][ T9449] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 747.939156][ T9491] bond6: entered allmulticast mode [ 748.379116][ T9491] ip6gretap6: entered promiscuous mode [ 748.515859][ T9491] bond6: (slave ip6gretap6): making interface the new active one [ 748.538521][ T9491] ip6gretap6: entered allmulticast mode [ 748.556795][ T9491] bond6: (slave ip6gretap6): Enslaving as an active interface with an up link [ 749.048860][ T9543] netlink: 12 bytes leftover after parsing attributes in process `syz.4.876'. [ 749.110545][ T9547] netlink: 12 bytes leftover after parsing attributes in process `syz.4.876'. [ 749.271326][ T9550] netlink: 16 bytes leftover after parsing attributes in process `syz.1.877'. [ 749.442946][ T9543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 749.795650][ T9557] loop2: detected capacity change from 0 to 512 [ 749.888631][ T9557] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 750.185201][ T9566] netlink: 96 bytes leftover after parsing attributes in process `syz.3.881'. [ 750.252651][ T9566] netlink: 96 bytes leftover after parsing attributes in process `syz.3.881'. [ 751.047578][ T9586] loop3: detected capacity change from 0 to 128 [ 751.130790][ T9586] ext2: Unknown parameter 'subj_user' [ 751.497358][ T9607] netlink: 16 bytes leftover after parsing attributes in process `syz.2.890'. [ 751.755452][ T9592] bond3: entered allmulticast mode [ 752.007432][ T9595] ip6gretap1: entered promiscuous mode [ 752.687208][ T9595] bond3: (slave ip6gretap1): making interface the new active one [ 752.711724][ T9595] ip6gretap1: entered allmulticast mode [ 752.720266][ T9595] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 753.054259][ T9649] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 753.118736][ T9643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.892'. [ 753.180958][ T9647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.892'. [ 753.956693][ T9668] CIFS mount error: No usable UNC path provided in device string! [ 753.956693][ T9668] [ 753.967016][ T9668] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 754.993369][ T9688] 9p: Bad value for 'rfdno' [ 755.242562][ T9695] 9p: Bad value for 'rfdno' [ 755.356112][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.377541][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 755.697915][ T9693] bond4: entered allmulticast mode [ 755.819180][ T9698] ip6gretap2: entered promiscuous mode [ 755.926387][ T9698] bond4: (slave ip6gretap2): making interface the new active one [ 755.963105][ T9698] ip6gretap2: entered allmulticast mode [ 756.001574][ T9698] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link [ 756.120824][ T9738] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 756.166522][ T9694] loop3: detected capacity change from 0 to 4096 [ 756.205976][ T9694] ntfs3: Unknown parameter 'W' [ 756.740711][ T9757] loop0: detected capacity change from 0 to 16 [ 756.805798][ T9757] erofs (device loop0): mounted with root inode @ nid 36. [ 758.499158][ T9798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.918'. [ 758.561360][ T9799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.919'. [ 759.220103][ T9802] bond5: entered allmulticast mode [ 759.267526][ T9802] ip6gretap3: entered promiscuous mode [ 761.300159][ T9880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 761.995492][ T5842] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 762.075565][ T9879] loop3: detected capacity change from 0 to 4096 [ 762.134454][ T9879] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 762.234548][ T5842] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 762.293115][ T5842] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 65535, setting to 8 [ 762.362418][ T5842] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 762.394224][ T9889] bond3: entered allmulticast mode [ 762.412405][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.487641][ T9890] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 762.616335][ T9895] ip6gretap3: entered promiscuous mode [ 762.639447][ T9879] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 762.727780][ T9895] bond3: (slave ip6gretap3): making interface the new active one [ 762.808405][ T9895] ip6gretap3: entered allmulticast mode [ 762.867817][ T9895] bond3: (slave ip6gretap3): Enslaving as an active interface with an up link [ 763.465225][ T9948] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 766.510134][ T5842] usb 2-1: string descriptor 0 read error: -71 [ 766.535038][ T5842] hub 2-1:32.0: USB hub found [ 766.624453][ T5842] hub 2-1:32.0: config failed, can't read hub descriptor (err -22) [ 766.768423][ T9989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.947'. [ 767.380451][ T9999] 9p: Bad value for 'rfdno' [ 767.506055][ T5842] usb 2-1: USB disconnect, device number 6 [ 767.511622][ T5827] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 767.684905][ T7222] udevd[7222]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 767.890956][ T5827] usb 5-1: unable to get BOS descriptor or descriptor too short [ 767.975631][ T5827] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 767.997293][ T5827] usb 5-1: can't read configurations, error -71 [ 768.139866][T10004] loop3: detected capacity change from 0 to 4096 [ 768.170200][T10005] bond4: entered allmulticast mode [ 768.288226][T10004] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 768.339049][T10018] ip6gretap2: entered promiscuous mode [ 768.348945][T10006] loop0: detected capacity change from 0 to 4096 [ 768.359994][T10006] ntfs3: Unknown parameter 'W' [ 768.475187][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.951'. [ 768.497950][T10018] bond4: (slave ip6gretap2): making interface the new active one [ 768.518291][T10018] ip6gretap2: entered allmulticast mode [ 768.766140][T10018] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link [ 769.045908][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.951'. [ 769.246432][T10067] netlink: 32 bytes leftover after parsing attributes in process `syz.3.951'. [ 769.794373][T10072] netlink: 48 bytes leftover after parsing attributes in process `syz.0.953'. [ 769.860016][T10072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.953'. [ 769.928270][T10072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.953'. [ 770.028711][T10075] openvswitch: netlink: ERSPAN option length err (len 1620, max 255). [ 770.221706][ T5827] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 770.427613][ T5827] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 770.459642][ T5827] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 770.484264][ T5827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.530158][ T5827] usb 5-1: Product: syz [ 770.534590][ T5827] usb 5-1: Manufacturer: syz [ 770.552207][ T5827] usb 5-1: SerialNumber: syz [ 770.578342][ T5827] usb 5-1: config 0 descriptor?? [ 770.736799][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 770.844180][T10074] loop4: detected capacity change from 0 to 128 [ 770.912426][T10074] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 771.114683][ T5827] usb 5-1: USB disconnect, device number 19 [ 772.395514][T10126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.962'. [ 773.167864][ T5842] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 773.249311][T10141] netlink: 8 bytes leftover after parsing attributes in process `syz.3.965'. [ 773.436368][ T5842] usb 1-1: unable to get BOS descriptor or descriptor too short [ 773.478887][ T5842] usb 1-1: not running at top speed; connect to a high speed hub [ 773.524282][ T5842] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 773.567994][ T5842] usb 1-1: config 0 has no interfaces? [ 773.593708][ T5842] usb 1-1: language id specifier not provided by device, defaulting to English [ 773.670898][ T5842] usb 1-1: New USB device found, idVendor=0525, idProduct=aba1, bcdDevice= 0.40 [ 773.745422][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.807247][ T5842] usb 1-1: Product: syz [ 773.822320][ T5842] usb 1-1: Manufacturer: syz [ 773.865997][ T5842] usb 1-1: SerialNumber: syz [ 774.035286][ T5842] usb 1-1: config 0 descriptor?? [ 774.361553][ T5842] usb 1-1: USB disconnect, device number 19 [ 774.802642][T10148] loop1: detected capacity change from 0 to 4096 [ 774.948416][T10148] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 775.108464][T10148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.967'. [ 775.151720][T10148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.967'. [ 775.181330][T10148] netlink: 32 bytes leftover after parsing attributes in process `syz.1.967'. [ 775.828938][T10178] CIFS mount error: No usable UNC path provided in device string! [ 775.828938][T10178] [ 775.839155][T10178] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 776.241505][T10176] loop4: detected capacity change from 0 to 64 [ 776.389951][T10176] syz.4.972: attempt to access beyond end of device [ 776.389951][T10176] loop4: rw=8388608, sector=268435468, nr_sectors = 2 limit=64 [ 776.440702][T10176] Buffer I/O error on dev loop4, logical block 134217734, async page read [ 776.515808][ T5827] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 776.622749][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 776.845239][ T5827] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 776.896020][ T5827] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 776.909912][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.961770][ T5827] usb 3-1: Product: syz [ 776.971564][ T5827] usb 3-1: Manufacturer: syz [ 776.995098][ T5827] usb 3-1: SerialNumber: syz [ 777.105597][ T5842] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 777.120648][ T5827] usb 3-1: config 0 descriptor?? [ 777.307852][ T5842] usb 1-1: Using ep0 maxpacket: 16 [ 777.399473][ T5842] usb 1-1: unable to get BOS descriptor or descriptor too short [ 777.479571][ T5842] usb 1-1: config 1 has an invalid descriptor of length 135, skipping remainder of the config [ 777.494231][T10183] loop2: detected capacity change from 0 to 128 [ 777.511180][T10213] netlink: 8 bytes leftover after parsing attributes in process `syz.4.977'. [ 777.555342][ T5842] usb 1-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 777.576418][T10183] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 777.605093][ T5842] usb 1-1: config 1 interface 0 has no altsetting 0 [ 777.659911][ T5842] usb 1-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 777.679037][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.702349][ T2143] usb 3-1: USB disconnect, device number 14 [ 777.739709][ T5842] usb 1-1: Product: syz [ 777.759890][ T5842] usb 1-1: Manufacturer: syz [ 777.782559][ T5842] usb 1-1: SerialNumber: syz [ 777.863393][T10224] FAULT_INJECTION: forcing a failure. [ 777.863393][T10224] name failslab, interval 1, probability 0, space 0, times 0 [ 777.916454][T10224] CPU: 1 UID: 0 PID: 10224 Comm: syz.3.978 Tainted: G L syzkaller #0 PREEMPT(full) [ 777.916656][T10224] Tainted: [L]=SOFTLOCKUP [ 777.916709][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 777.916813][T10224] Call Trace: [ 777.916870][T10224] [ 777.916923][T10224] __dump_stack+0x26/0x30 [ 777.917097][T10224] dump_stack_lvl+0x14c/0x1c0 [ 777.917276][T10224] dump_stack+0x1e/0x25 [ 777.917441][T10224] should_fail_ex+0x7e2/0x8c0 [ 777.917650][T10224] should_failslab+0x158/0x200 [ 777.917797][T10224] kmem_cache_alloc_noprof+0x146/0x1270 [ 777.917947][T10224] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 777.918161][T10224] ? do_getname+0x4a/0x530 [ 777.918304][T10224] ? strncpy_from_user+0x25e/0x4b0 [ 777.918475][T10224] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 777.918692][T10224] do_getname+0x4a/0x530 [ 777.918845][T10224] __se_sys_renameat2+0x74/0x5b0 [ 777.919028][T10224] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 777.919254][T10224] __ia32_sys_renameat2+0xe2/0x150 [ 777.919435][T10224] ia32_sys_call+0x2cdb/0x4360 [ 777.919580][T10224] __do_fast_syscall_32+0x17f/0x3f0 [ 777.919772][T10224] do_fast_syscall_32+0x37/0x80 [ 777.919946][T10224] do_SYSENTER_32+0x1f/0x30 [ 777.920111][T10224] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 777.920294][T10224] RIP: 0023:0xf6ffef6c [ 777.920410][T10224] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 777.920543][T10224] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000161 [ 777.920682][T10224] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000780 [ 777.920784][T10224] RDX: 00000000ffffff9c RSI: 0000000080000000 RDI: 0000000000000000 [ 777.920877][T10224] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 777.920965][T10224] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 777.921054][T10224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 777.921185][T10224] [ 778.302516][ T5842] usb 1-1: USB disconnect, device number 20 [ 779.011203][T10249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.981'. [ 781.902967][T10269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 782.104869][T10277] CIFS mount error: No usable UNC path provided in device string! [ 782.104869][T10277] [ 782.115128][T10277] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 782.768428][T10274] loop4: detected capacity change from 0 to 4096 [ 782.982431][T10274] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 783.106248][T10274] netlink: 4 bytes leftover after parsing attributes in process `syz.4.986'. [ 783.176221][T10280] loop0: detected capacity change from 0 to 4096 [ 783.213378][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.986'. [ 783.238482][T10280] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 783.624528][T10280] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 783.847183][ T5781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 783.963962][T10305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.991'. [ 784.188599][T10299] loop2: detected capacity change from 0 to 4096 [ 784.417147][T10299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 784.623180][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'. [ 784.785349][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'. [ 784.855311][T10319] netlink: 32 bytes leftover after parsing attributes in process `syz.2.990'. [ 785.330642][ T5827] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 785.555177][ T5827] usb 1-1: Using ep0 maxpacket: 8 [ 785.723468][ T5827] usb 1-1: unable to get BOS descriptor or descriptor too short [ 785.916949][ T5827] usb 1-1: config 6 has an invalid interface number: 236 but max is 0 [ 785.965584][ T5827] usb 1-1: config 6 has no interface number 0 [ 785.997243][ T5827] usb 1-1: config 6 interface 236 has no altsetting 0 [ 786.066959][ T5827] usb 1-1: New USB device found, idVendor=0af0, idProduct=d157, bcdDevice=e4.e9 [ 786.536104][ T5827] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.545680][ T5827] usb 1-1: Product: syz [ 786.552368][ T5827] usb 1-1: Manufacturer: syz [ 786.557501][ T5827] usb 1-1: SerialNumber: syz [ 786.858850][ T5827] usb 1-1: USB disconnect, device number 21 [ 787.035482][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 787.769920][T10361] bond3: entered allmulticast mode [ 787.966879][T10377] ip6gretap2: entered promiscuous mode [ 788.067938][T10377] bond3: (slave ip6gretap2): making interface the new active one [ 788.143637][T10377] ip6gretap2: entered allmulticast mode [ 788.251762][T10377] bond3: (slave ip6gretap2): Enslaving as an active interface with an up link [ 788.269046][ T5827] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 788.465145][ T5827] usb 1-1: Using ep0 maxpacket: 32 [ 788.512607][ T5827] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 788.548079][T10419] 9p: Bad value for 'rfdno' [ 788.548473][ T5827] usb 1-1: config 0 has no interface number 0 [ 788.640211][ T5827] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 788.672654][T10414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 788.692075][ T5827] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.705722][ T5827] usb 1-1: Product: syz [ 788.721471][ T5827] usb 1-1: Manufacturer: syz [ 788.726663][ T5827] usb 1-1: SerialNumber: syz [ 788.761040][ T5827] usb 1-1: config 0 descriptor?? [ 788.841724][ T5827] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 789.552536][ T5827] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 789.580686][ T5827] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 789.803500][ T5831] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 790.060924][ T5831] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 790.148021][ T5831] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 790.218276][ T5831] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.281407][ T5831] usb 5-1: Product: syz [ 790.285980][ T5831] usb 5-1: Manufacturer: syz [ 790.332437][ T5831] usb 5-1: SerialNumber: syz [ 790.343911][T10421] loop3: detected capacity change from 0 to 4096 [ 790.404943][T10421] ntfs3: Unknown parameter 'W' [ 790.453851][ T5831] usb 5-1: config 0 descriptor?? [ 790.792684][T10427] loop4: detected capacity change from 0 to 128 [ 790.900499][T10427] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 790.926236][T10427] netlink: 512 bytes leftover after parsing attributes in process `syz.4.1005'. [ 791.011040][ T5831] usb 5-1: USB disconnect, device number 20 [ 791.125846][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 791.149404][ T5842] usb 1-1: USB disconnect, device number 22 [ 791.208955][ T5842] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 791.348882][T10455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 791.382333][ T5842] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 791.480571][ T5842] quatech2 1-1:0.51: device disconnected [ 793.017772][T10488] 9p: Bad value for 'rfdno' [ 793.575335][T10497] overlayfs: failed to resolve './file0': -2 [ 795.004587][T10519] bond4: entered allmulticast mode [ 795.154317][T10555] 9p: Bad value for 'rfdno' [ 795.190934][T10559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 795.251536][T10526] ip6gretap3: entered promiscuous mode [ 795.395132][T10525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 795.411740][T10526] bond4: (slave ip6gretap3): making interface the new active one [ 795.437822][T10526] ip6gretap3: entered allmulticast mode [ 795.486444][T10526] bond4: (slave ip6gretap3): Enslaving as an active interface with an up link [ 796.315990][ T5831] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 796.427076][T10560] loop0: detected capacity change from 0 to 4096 [ 796.506481][T10560] ntfs3: Unknown parameter 'W' [ 796.529798][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 796.573700][ T5831] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 796.639920][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 796.665432][ T5831] usb 4-1: Product: syz [ 796.694072][ T5831] usb 4-1: Manufacturer: syz [ 796.712328][ T5831] usb 4-1: SerialNumber: syz [ 796.768378][ T5831] usb 4-1: config 0 descriptor?? [ 797.102452][T10568] loop3: detected capacity change from 0 to 128 [ 797.224119][T10568] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 797.349975][T10568] netlink: 512 bytes leftover after parsing attributes in process `syz.3.1020'. [ 797.481564][ T5831] usb 4-1: USB disconnect, device number 11 [ 797.512025][T10596] 9p: Bad value for 'rfdno' [ 798.513579][T10616] 9p: Bad value for 'rfdno' [ 798.599256][T10610] loop0: detected capacity change from 0 to 4096 [ 798.618136][T10610] ntfs3: Unknown parameter 'W' [ 798.923101][ T5842] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 799.123200][ T5842] usb 4-1: Using ep0 maxpacket: 8 [ 799.171445][ T5842] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 799.212771][ T5842] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 799.273802][ T5842] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 799.319057][ T5842] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 799.371770][T10624] loop4: detected capacity change from 0 to 4096 [ 799.392903][ T5842] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 799.451788][ T5842] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.465424][T10624] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 799.565921][ T5842] usbtmc 4-1:16.0: bulk endpoints not found [ 799.781321][ T5831] usb 4-1: USB disconnect, device number 12 [ 799.994174][T10624] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 800.810359][T10664] 9p: Bad value for 'rfdno' [ 800.905430][T10667] FAULT_INJECTION: forcing a failure. [ 800.905430][T10667] name failslab, interval 1, probability 0, space 0, times 0 [ 800.992046][T10667] CPU: 1 UID: 0 PID: 10667 Comm: syz.3.1036 Tainted: G L syzkaller #0 PREEMPT(full) [ 800.992226][T10667] Tainted: [L]=SOFTLOCKUP [ 800.992279][T10667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 800.992371][T10667] Call Trace: [ 800.992420][T10667] [ 800.992505][T10667] __dump_stack+0x26/0x30 [ 800.992684][T10667] dump_stack_lvl+0x14c/0x1c0 [ 800.992864][T10667] dump_stack+0x1e/0x25 [ 800.993017][T10667] should_fail_ex+0x7e2/0x8c0 [ 800.993218][T10667] should_failslab+0x158/0x200 [ 800.993388][T10667] __kmalloc_noprof+0x1e0/0x1680 [ 800.993537][T10667] ? kfree+0x20/0x1130 [ 800.993838][T10667] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 800.994014][T10667] ? tomoyo_path_number_perm+0xa1/0x7d0 [ 800.994154][T10667] ? filter_irq_stacks+0x49/0x190 [ 800.994331][T10667] ? kmsan_get_metadata+0xf1/0x160 [ 800.994540][T10667] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 800.994755][T10667] tomoyo_realpath_from_path+0xeb/0x9f0 [ 800.994933][T10667] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 800.995140][T10667] ? __srcu_read_lock+0x5e/0xd0 [ 800.995289][T10667] tomoyo_path_number_perm+0x1d0/0x7d0 [ 800.995472][T10667] ? kmsan_get_metadata+0xf1/0x160 [ 800.995756][T10667] tomoyo_file_ioctl+0x3d/0x50 [ 800.995939][T10667] security_file_ioctl_compat+0x139/0x570 [ 800.996182][T10667] __ia32_compat_sys_ioctl+0x150/0x1270 [ 800.996388][T10667] ? ksys_write+0x3ac/0x470 [ 800.996566][T10667] ? kmsan_get_metadata+0xf1/0x160 [ 800.996790][T10667] ia32_sys_call+0x2854/0x4360 [ 800.996939][T10667] __do_fast_syscall_32+0x17f/0x3f0 [ 800.997132][T10667] do_fast_syscall_32+0x37/0x80 [ 800.997299][T10667] do_SYSENTER_32+0x1f/0x30 [ 800.997455][T10667] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 800.997626][T10667] RIP: 0023:0xf6ffef6c [ 800.997726][T10667] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 800.997848][T10667] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 800.997978][T10667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f2 [ 800.998072][T10667] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 800.998156][T10667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 800.998229][T10667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 800.998305][T10667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 800.998429][T10667] [ 801.357180][T10667] ERROR: Out of memory at tomoyo_realpath_from_path. [ 801.402058][T10662] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 801.947748][T10670] loop1: detected capacity change from 0 to 4096 [ 802.054652][T10670] ntfs3: Unknown parameter 'W' [ 803.676080][T10706] 9p: Bad value for 'rfdno' [ 803.800775][ T2143] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 804.638147][ T2143] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 804.780085][ T2143] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 804.832043][ T2143] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.870409][ T2143] usb 5-1: Product: syz [ 804.874766][ T2143] usb 5-1: Manufacturer: syz [ 804.897748][ T2143] usb 5-1: SerialNumber: syz [ 804.951861][ T2143] usb 5-1: config 0 descriptor?? [ 805.023488][T10711] loop2: detected capacity change from 0 to 4096 [ 805.062187][T10711] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 805.214406][T10694] loop4: detected capacity change from 0 to 128 [ 805.300165][T10694] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 805.374409][T10711] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 805.374639][T10694] netlink: 512 bytes leftover after parsing attributes in process `syz.4.1040'. [ 805.623555][ T5831] usb 5-1: USB disconnect, device number 21 [ 806.008639][T10732] syz.1.1045 uses obsolete (PF_INET,SOCK_PACKET) [ 806.087812][T10732] tmpfs: Bad value for 'mpol' [ 806.893358][T10742] loop3: detected capacity change from 0 to 4096 [ 807.004899][T10742] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 807.026134][T10743] bond6: entered allmulticast mode [ 807.163297][T10748] ip6gretap4: entered promiscuous mode [ 807.258646][T10742] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 807.365202][T10748] bond6: (slave ip6gretap4): making interface the new active one [ 807.409059][T10748] ip6gretap4: entered allmulticast mode [ 807.445132][T10748] bond6: (slave ip6gretap4): Enslaving as an active interface with an up link [ 807.957162][T10804] 9p: Bad value for 'rfdno' [ 809.302256][T10820] 9p: Bad value for 'rfdno' [ 809.417586][ T5831] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 809.598155][T10810] loop2: detected capacity change from 0 to 4096 [ 809.638590][T10810] ntfs3: Unknown parameter 'W' [ 809.687441][ T5831] usb 2-1: Using ep0 maxpacket: 32 [ 809.712914][ T5831] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 809.734074][ T5831] usb 2-1: config 0 has no interface number 0 [ 809.786029][ T5831] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 809.826533][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.860247][ T5831] usb 2-1: Product: syz [ 809.899590][ T5831] usb 2-1: Manufacturer: syz [ 809.918591][ T5831] usb 2-1: SerialNumber: syz [ 809.961739][ T5831] usb 2-1: config 0 descriptor?? [ 810.003165][ T5831] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 810.618079][T10831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 810.811209][ T5831] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 810.952606][ T5831] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 811.467195][ T2143] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 811.756837][ T2143] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 811.792476][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 811.796463][ T5842] usb 2-1: USB disconnect, device number 7 [ 811.869783][ T2143] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 811.898563][ T5842] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 811.913072][ T2143] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.944016][ T2143] usb 3-1: Product: syz [ 811.974050][ T2143] usb 3-1: Manufacturer: syz [ 811.981470][ T5842] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 811.999887][ T2143] usb 3-1: SerialNumber: syz [ 812.037705][ T2143] usb 3-1: config 0 descriptor?? [ 812.050662][ T5842] quatech2 2-1:0.51: device disconnected [ 812.310928][T10846] loop3: detected capacity change from 0 to 4096 [ 812.324317][T10848] loop2: detected capacity change from 0 to 128 [ 812.335018][T10848] omfs: Unknown parameter 'þ;Òµ8Mv•Iƒ#ýÀ:¿i†œ)Âô“»œ¬ß0•_ôGG"‹Ô{ÚÒsVõ|ÔwÃÞ&Ø' [ 812.400823][T10846] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 812.464090][T10848] netlink: 512 bytes leftover after parsing attributes in process `syz.2.1059'. [ 812.517132][ T5831] usb 3-1: USB disconnect, device number 15 [ 812.577734][T10863] loop4: detected capacity change from 0 to 4096 [ 812.795982][T10863] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 812.853930][T10846] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 812.918901][T10863] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1061'. [ 813.655760][ T5781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 814.022204][T10900] bond5: entered allmulticast mode [ 814.151708][T10906] ip6gretap3: entered promiscuous mode [ 814.181844][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1067'. [ 814.243861][T10906] bond5: (slave ip6gretap3): making interface the new active one [ 814.287100][T10906] ip6gretap3: entered allmulticast mode [ 814.375580][T10906] bond5: (slave ip6gretap3): Enslaving as an active interface with an up link [ 816.738064][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 816.745243][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 818.907829][T10977] 9p: Bad value for 'rfdno' [ 819.184781][T10982] CIFS mount error: No usable UNC path provided in device string! [ 819.184781][T10982] [ 819.195089][T10982] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 819.582278][ T5842] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 819.776460][ T5842] usb 4-1: Using ep0 maxpacket: 32 [ 819.810668][ T5842] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 819.856841][ T5842] usb 4-1: config 0 has no interface number 0 [ 819.893690][ T5842] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 819.916318][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 819.932936][ T5842] usb 4-1: Product: syz [ 819.937350][ T5842] usb 4-1: Manufacturer: syz [ 819.969464][ T5842] usb 4-1: SerialNumber: syz [ 820.005564][ T5842] usb 4-1: config 0 descriptor?? [ 820.042939][T10981] loop4: detected capacity change from 0 to 4096 [ 820.067268][ T5842] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 820.108791][T10981] ntfs3: Unknown parameter 'W' [ 821.452944][ T5842] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 821.578158][ T5842] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 823.486996][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 823.557388][ T5842] usb 4-1: USB disconnect, device number 13 [ 823.672762][ T5842] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 823.748079][ T5842] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 823.807418][ T5842] quatech2 4-1:0.51: device disconnected [ 828.665355][T11080] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1084'. [ 828.850063][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1085'. [ 828.999685][T11082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 829.604489][T11080] loop1: detected capacity change from 0 to 4096 [ 829.634617][T11080] ntfs3: Unknown parameter 'À' [ 830.428739][T11103] 9p: Bad value for 'rfdno' [ 831.199087][T11110] loop4: detected capacity change from 0 to 4096 [ 831.219615][T11110] ntfs3: Unknown parameter 'W' [ 831.796146][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'. [ 832.552580][T11129] loop2: detected capacity change from 0 to 4096 [ 832.612660][T11129] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 832.795852][T11134] loop4: detected capacity change from 0 to 4096 [ 832.844382][T11134] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 832.963513][T11129] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 833.577603][T11134] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 838.454688][T11161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 838.889784][ T8803] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 838.910937][ T8803] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 838.921785][ T8803] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 838.939226][ T8803] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 838.953728][ T8803] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 840.203638][T11212] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1104'. [ 840.340788][T11219] 9p: Bad value for 'rfdno' [ 841.041463][ T5073] Bluetooth: hci5: command tx timeout [ 841.377091][T11238] loop3: detected capacity change from 0 to 4096 [ 841.405300][T11238] ntfs3: Unknown parameter 'W' [ 841.506755][T11257] 9p: Bad value for 'rfdno' [ 841.510143][T11177] chnl_net:caif_netlink_parms(): no params data found [ 842.395696][T11270] loop1: detected capacity change from 0 to 4096 [ 842.685450][T11270] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 843.100480][ T5073] Bluetooth: hci5: command tx timeout [ 845.189487][ T5073] Bluetooth: hci5: command tx timeout [ 847.258397][ T5073] Bluetooth: hci5: command tx timeout [ 847.311881][T11319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 847.861856][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 848.079714][T11177] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.087351][T11177] bridge0: port 1(bridge_slave_0) entered disabled state [ 848.199415][T11177] bridge_slave_0: entered allmulticast mode [ 848.248441][T11177] bridge_slave_0: entered promiscuous mode [ 848.422095][ T1097] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 848.628314][T11177] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.678679][T11177] bridge0: port 2(bridge_slave_1) entered disabled state [ 848.745243][T11177] bridge_slave_1: entered allmulticast mode [ 848.796629][T11177] bridge_slave_1: entered promiscuous mode [ 849.209330][ T1097] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.359571][T11177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 849.380030][T11387] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1118'. [ 849.442400][T11177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 849.549018][ T1097] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.620883][T11394] 9p: Bad value for 'rfdno' [ 850.362058][ T1097] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 850.498165][T11419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 850.742680][T11177] team0: Port device team_slave_0 added [ 850.915657][T11177] team0: Port device team_slave_1 added [ 850.961282][T11392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 851.211124][T11177] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 851.238307][T11414] loop1: detected capacity change from 0 to 4096 [ 851.244870][T11177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 851.274353][T11414] ntfs3: Unknown parameter 'W' [ 851.326805][T11177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 851.829413][T11177] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 851.880273][T11177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 851.966563][T11177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 852.507425][T11467] loop3: detected capacity change from 0 to 4096 [ 852.588860][T11467] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 852.863554][T11467] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 852.894566][T11177] hsr_slave_0: entered promiscuous mode [ 853.011575][T11177] hsr_slave_1: entered promiscuous mode [ 853.078870][T11177] debugfs: 'hsr0' already exists in 'hsr' [ 853.084842][T11177] Cannot create hsr debugfs directory [ 853.164114][ T1097] bridge_slave_1: left allmulticast mode [ 853.209195][ T1097] bridge_slave_1: left promiscuous mode [ 853.250391][ T1097] bridge0: port 2(bridge_slave_1) entered disabled state [ 853.313443][ T1097] bridge_slave_0: left allmulticast mode [ 853.365424][ T1097] bridge_slave_0: left promiscuous mode [ 853.372142][ T1097] bridge0: port 1(bridge_slave_0) entered disabled state [ 853.431897][ T1097] batman_adv: batadv0: Interface deactivated: gretap1 [ 853.594398][T11489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 854.220889][T11521] 9p: Bad value for 'rfdno' [ 854.384384][ T1097] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface [ 854.393151][ T1097] ip6gretap1 (unregistering): left allmulticast mode [ 854.525148][ T1097] bond4 (unregistering): (slave ip6gretap2): Releasing backup interface [ 854.533752][ T1097] ip6gretap2 (unregistering): left allmulticast mode [ 854.679851][ T1097] bond6 (unregistering): (slave ip6gretap4): Releasing backup interface [ 854.696688][ T1097] ip6gretap4 (unregistering): left allmulticast mode [ 855.083757][ T1097] batman_adv: batadv0: Removing interface: gretap1 [ 855.474419][ T1097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.546532][ T1097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 855.613605][ T1097] bond0 (unregistering): Released all slaves [ 855.712795][ T1097] bond1 (unregistering): Released all slaves [ 855.772154][ T1097] bond2 (unregistering): Released all slaves [ 855.852224][ T1097] bond3 (unregistering): Released all slaves [ 855.955207][ T1097] bond4 (unregistering): Released all slaves [ 856.064075][ T1097] bond5 (unregistering): Released all slaves [ 856.539499][ T1097] bond6 (unregistering): Released all slaves [ 857.322842][ T1097] tipc: Left network mode [ 857.685250][T11588] 9p: Bad value for 'rfdno' [ 858.533673][T11621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1139'. [ 858.673728][T11621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1139'. [ 858.834484][T11601] loop3: detected capacity change from 0 to 4096 [ 858.843621][ T1097] hsr_slave_0: left promiscuous mode [ 858.877006][T11601] ntfs3: Unknown parameter 'W' [ 858.884896][ T1097] hsr_slave_1: left promiscuous mode [ 858.904925][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 858.974256][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 858.981870][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 859.162419][ T29] audit: type=1326 audit(1775735951.604:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.219466][ T1097] veth1_macvtap: left promiscuous mode [ 859.238524][ T29] audit: type=1326 audit(1775735951.604:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.253408][ T1097] veth0_macvtap: left promiscuous mode [ 859.333498][ T1097] veth1_vlan: left promiscuous mode [ 859.346870][ T1097] veth0_vlan: left promiscuous mode [ 859.392251][ T29] audit: type=1326 audit(1775735951.604:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.468392][ T29] audit: type=1326 audit(1775735951.604:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.554534][ T29] audit: type=1326 audit(1775735951.604:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.729913][ T29] audit: type=1326 audit(1775735951.614:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.843451][ T29] audit: type=1326 audit(1775735951.614:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 859.965045][ T29] audit: type=1326 audit(1775735951.614:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 860.047807][ T29] audit: type=1326 audit(1775735951.654:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 860.182866][ T29] audit: type=1326 audit(1775735951.685:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 861.210806][T11666] kernel profiling enabled (shift: 9) [ 861.765184][ T1097] team0 (unregistering): Port device team_slave_1 removed [ 861.877290][ T1097] team0 (unregistering): Port device team_slave_0 removed [ 863.893219][T11177] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 864.014747][T11177] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 864.106538][T11177] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 864.192665][T11177] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 864.912350][T11724] mmap: syz.1.1153 (11724) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 865.931573][T11177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 866.221450][T11177] 8021q: adding VLAN 0 to HW filter on device team0 [ 866.293421][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 866.301129][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 866.491505][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 866.499335][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 868.853097][T11793] netlink: 'syz.4.1170': attribute type 12 has an invalid length. [ 868.867816][T11793] netlink: 'syz.4.1170': attribute type 29 has an invalid length. [ 868.913917][T11793] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1170'. [ 869.208367][T11177] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 869.700751][T11809] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1174'. [ 870.673250][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 870.673333][ T29] audit: type=1326 audit(1775735963.120:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 870.846699][ T29] audit: type=1326 audit(1775735963.160:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 870.931149][ T29] audit: type=1326 audit(1775735963.190:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.047769][ T29] audit: type=1326 audit(1775735963.210:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.209063][ T29] audit: type=1326 audit(1775735963.210:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.336535][ T29] audit: type=1326 audit(1775735963.210:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.507657][ T29] audit: type=1326 audit(1775735963.210:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.649343][ T29] audit: type=1326 audit(1775735963.210:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.698943][T11850] overlayfs: missing 'lowerdir' [ 871.786252][ T29] audit: type=1326 audit(1775735963.220:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 871.889188][ T29] audit: type=1326 audit(1775735963.220:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11832 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 872.628969][T11177] veth0_vlan: entered promiscuous mode [ 872.815312][T11177] veth1_vlan: entered promiscuous mode [ 873.314618][T11177] veth0_macvtap: entered promiscuous mode [ 873.455011][T11177] veth1_macvtap: entered promiscuous mode [ 873.798254][T11177] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 874.024062][T11177] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 874.321410][ T1028] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.373755][ T1028] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.516162][ T1028] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.542122][ T1028] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 875.596776][T11904] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 875.637764][T11904] block device autoloading is deprecated and will be removed. [ 876.554921][T11924] loop2: detected capacity change from 0 to 256 [ 876.656720][T11930] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 877.839427][T11951] loop4: detected capacity change from 0 to 128 [ 877.933948][T11951] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 878.144260][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 878.152497][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 881.240420][T12006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1211'. [ 881.349850][T12009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1211'. [ 881.473924][T12006] erspan0: entered promiscuous mode [ 881.479717][T12006] macvtap1: entered promiscuous mode [ 881.592659][T12006] macvtap1: entered allmulticast mode [ 881.612350][T12006] erspan0: entered allmulticast mode [ 881.681986][T12009] macvtap1: left promiscuous mode [ 881.688008][T12009] macvtap1: left allmulticast mode [ 881.728195][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 881.728279][ T29] audit: type=1326 audit(1775735974.176:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 881.782456][T12009] erspan0: left allmulticast mode [ 881.854148][ T29] audit: type=1326 audit(1775735974.176:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 881.973524][ T29] audit: type=1326 audit(1775735974.176:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.080976][ T29] audit: type=1326 audit(1775735974.226:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.190862][ T29] audit: type=1326 audit(1775735974.226:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.340383][ T29] audit: type=1326 audit(1775735974.226:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf71c5cab code=0x7ffc0000 [ 882.434724][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.450703][ T29] audit: type=1326 audit(1775735974.226:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.494371][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.556465][ T29] audit: type=1326 audit(1775735974.246:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.656023][ T29] audit: type=1326 audit(1775735974.256:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.680070][ T29] audit: type=1326 audit(1775735974.266:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 882.867126][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.920095][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 886.991094][T12142] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 887.097144][T12149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 887.431021][T12151] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 892.057170][T12230] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1256'. [ 892.156419][T12230] ip6gre1: entered promiscuous mode [ 892.175985][T12230] ip6gre1: entered allmulticast mode [ 892.307859][T12238] bridge0: port 2(bridge_slave_1) entered disabled state [ 892.316744][T12238] bridge0: port 1(bridge_slave_0) entered disabled state [ 892.411807][T12238] bridge0: entered allmulticast mode [ 894.566221][T12280] sctp: [Deprecated]: syz.1.1267 (pid 12280) Use of struct sctp_assoc_value in delayed_ack socket option. [ 894.566221][T12280] Use struct sctp_sack_info instead [ 895.311564][T12292] loop3: detected capacity change from 0 to 128 [ 895.425663][ T5842] kernel write not supported for file bpf-map (pid: 5842 comm: kworker/1:5) [ 895.898840][T12303] 9p: Bad value for 'wfdno' [ 898.245444][T12352] netlink: 'syz.1.1284': attribute type 1 has an invalid length. [ 898.342127][T12356] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1284'. [ 898.855677][T12352] 8021q: adding VLAN 0 to HW filter on device bond6 [ 899.016092][T12356] bond6: entered allmulticast mode [ 899.161338][T12403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1288'. [ 899.248075][T12358] bond6: (slave ip6gretap4): making interface the new active one [ 899.264882][T12358] ip6gretap4: entered allmulticast mode [ 899.297317][T12358] bond6: (slave ip6gretap4): Enslaving as an active interface with an up link [ 899.869748][T12416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1290'. [ 901.138592][T12440] ===================================================== [ 901.146211][T12440] BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a97/0x20d0 [ 901.154702][T12440] bpf_prog_run_generic_xdp+0x1a97/0x20d0 [ 901.160655][T12440] do_xdp_generic+0xe07/0x17f0 [ 901.165821][T12440] tun_get_user+0x525a/0x7830 [ 901.170811][T12440] tun_chr_write_iter+0x3e9/0x5c0 [ 901.173288][T12441] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 901.176145][T12440] vfs_write+0xbe1/0x15c0 [ 901.188206][T12440] ksys_write+0x1d9/0x470 [ 901.192875][T12440] __ia32_sys_write+0x9a/0xf0 [ 901.197825][T12440] ia32_sys_call+0x37a7/0x4360 [ 901.202952][T12440] do_int80_emulation+0x15a/0x330 [ 901.208236][T12440] asm_int80_emulation+0x1f/0x30 [ 901.213497][T12440] [ 901.215935][T12440] Uninit was stored to memory at: [ 901.221511][T12440] pskb_expand_head+0x4a0/0x1fb0 [ 901.226656][T12440] do_xdp_generic+0xb30/0x17f0 [ 901.231844][T12440] tun_get_user+0x525a/0x7830 [ 901.236749][T12440] tun_chr_write_iter+0x3e9/0x5c0 [ 901.242390][T12440] vfs_write+0xbe1/0x15c0 [ 901.246970][T12440] ksys_write+0x1d9/0x470 [ 901.251670][T12440] __ia32_sys_write+0x9a/0xf0 [ 901.256608][T12440] ia32_sys_call+0x37a7/0x4360 [ 901.261796][T12440] do_int80_emulation+0x15a/0x330 [ 901.267041][T12440] asm_int80_emulation+0x1f/0x30 [ 901.272286][T12440] [ 901.274719][T12440] Uninit was created at: [ 901.279253][T12440] __kmalloc_node_track_caller_noprof+0x4f6/0x1750 [ 901.286165][T12440] __alloc_skb+0x90d/0x1190 [ 901.291057][T12440] alloc_skb_with_frags+0xc5/0xa60 [ 901.296459][T12440] sock_alloc_send_pskb+0xacb/0xc60 [ 901.302125][T12440] tun_get_user+0xcfc/0x7830 [ 901.306904][T12440] tun_chr_write_iter+0x3e9/0x5c0 [ 901.312344][T12440] vfs_write+0xbe1/0x15c0 [ 901.316899][T12440] ksys_write+0x1d9/0x470 [ 901.321560][T12440] __ia32_sys_write+0x9a/0xf0 [ 901.326483][T12440] ia32_sys_call+0x37a7/0x4360 [ 901.331785][T12440] do_int80_emulation+0x15a/0x330 [ 901.337035][T12440] asm_int80_emulation+0x1f/0x30 [ 901.342342][T12440] [ 901.344810][T12440] CPU: 0 UID: 0 PID: 12440 Comm: syz.3.1296 Tainted: G L syzkaller #0 PREEMPT(full) [ 901.356137][T12440] Tainted: [L]=SOFTLOCKUP [ 901.360603][T12440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 901.371094][T12440] ===================================================== [ 901.378157][T12440] Disabling lock debugging due to kernel taint [ 901.384569][T12440] Kernel panic - not syncing: kmsan.panic set ... [ 901.391159][T12440] CPU: 0 UID: 0 PID: 12440 Comm: syz.3.1296 Tainted: G B L syzkaller #0 PREEMPT(full) [ 901.402317][T12440] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 901.407969][T12440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 901.418168][T12440] Call Trace: [ 901.421554][T12440] [ 901.424602][T12440] __dump_stack+0x26/0x30 [ 901.429160][T12440] dump_stack_lvl+0x50/0x1c0 [ 901.433976][T12440] ? dump_stack+0x12/0x25 [ 901.438529][T12440] dump_stack+0x1e/0x25 [ 901.442883][T12440] vpanic+0x7b4/0x1430 [ 901.447180][T12440] panic+0x15d/0x160 [ 901.451324][T12440] kmsan_report+0x31a/0x320 [ 901.456051][T12440] ? __msan_warning+0x1b/0x30 [ 901.460934][T12440] ? bpf_prog_run_generic_xdp+0x1a97/0x20d0 [ 901.467032][T12440] ? do_xdp_generic+0xe07/0x17f0 [ 901.472149][T12440] ? tun_get_user+0x525a/0x7830 [ 901.477244][T12440] ? tun_chr_write_iter+0x3e9/0x5c0 [ 901.482632][T12440] ? vfs_write+0xbe1/0x15c0 [ 901.487348][T12440] ? ksys_write+0x1d9/0x470 [ 901.492085][T12440] ? __ia32_sys_write+0x9a/0xf0 [ 901.497141][T12440] ? ia32_sys_call+0x37a7/0x4360 [ 901.502237][T12440] ? do_int80_emulation+0x15a/0x330 [ 901.507635][T12440] ? asm_int80_emulation+0x1f/0x30 [ 901.512931][T12440] ? ___bpf_prog_run+0xea23/0xeb60 [ 901.518369][T12440] ? __bpf_prog_run32+0xc2/0xf0 [ 901.523434][T12440] ? kmsan_get_metadata+0xf1/0x160 [ 901.528810][T12440] __msan_warning+0x1b/0x30 [ 901.533528][T12440] bpf_prog_run_generic_xdp+0x1a97/0x20d0 [ 901.539446][T12440] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 901.545555][T12440] do_xdp_generic+0xe07/0x17f0 [ 901.550570][T12440] ? tun_get_user+0x51dc/0x7830 [ 901.555624][T12440] tun_get_user+0x525a/0x7830 [ 901.560496][T12440] ? stack_depot_save_flags+0x35/0x790 [ 901.566166][T12440] ? kmsan_get_metadata+0xf1/0x160 [ 901.571506][T12440] ? kmsan_get_metadata+0xf1/0x160 [ 901.576860][T12440] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 901.583447][T12440] ? kmsan_get_metadata+0xf0/0x160 [ 901.588851][T12440] tun_chr_write_iter+0x3e9/0x5c0 [ 901.594113][T12440] vfs_write+0xbe1/0x15c0 [ 901.598687][T12440] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 901.604432][T12440] ksys_write+0x1d9/0x470 [ 901.609011][T12440] __ia32_sys_write+0x9a/0xf0 [ 901.613925][T12440] ia32_sys_call+0x37a7/0x4360 [ 901.618855][T12440] do_int80_emulation+0x15a/0x330 [ 901.624078][T12440] ? clear_bhb_loop+0x50/0xa0 [ 901.628929][T12440] ? clear_bhb_loop+0x50/0xa0 [ 901.633783][T12440] asm_int80_emulation+0x1f/0x30 [ 901.638895][T12440] RIP: 0023:0xf7135cab [ 901.643094][T12440] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 901.662924][T12440] RSP: 002b:00000000f53ed44c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 901.671536][T12440] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800000c0 [ 901.679655][T12440] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000 [ 901.687765][T12440] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 901.695876][T12440] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 901.703993][T12440] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 901.712136][T12440] [ 901.715893][T12440] Kernel Offset: disabled [ 901.720299][T12440] Rebooting in 86400 seconds..