last executing test programs: 11m41.800742207s ago: executing program 3 (id=599): ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000200)={0x1, 0x0, [{0x1000, 0x11, &(0x7f0000000080)=""/17}]}) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f000000b800)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x14) pwrite64(0xffffffffffffffff, &(0x7f00000000c0)="0000000000000006d9824331a2ae0d2ca49a969bea52c4784cfa91c7503bea675910506260f418ff461b00ce108352b02f898b0fb03b9b483cd5e7ec94cc12187e7ce3fdabaf58beaa47266317e8afa9ce4eb21daf65f4829b3d94e16c25c26c46a69ffeb0c6d961e9601fb9d6da1252277b9255ed931b8af03b8435fbc92421f36ad7ebd38d4c0f89d995", 0x8b, 0x9) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x4008004) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000086a82, 0x0) fadvise64(r3, 0x4b, 0x5, 0x7) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x81, 0xfd, 0x2, 0x100}, {0x6, 0x6, 0x6, 0x3}]}, 0x10) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @broadcast}, 0x1, 0x1, 0x0, 0x7}}, 0x26) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000200)={0x1, 0x0, [{0x1000, 0x11, &(0x7f0000000080)=""/17}]}) (async) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f000000b800)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x14) (async) pwrite64(0xffffffffffffffff, &(0x7f00000000c0)="0000000000000006d9824331a2ae0d2ca49a969bea52c4784cfa91c7503bea675910506260f418ff461b00ce108352b02f898b0fb03b9b483cd5e7ec94cc12187e7ce3fdabaf58beaa47266317e8afa9ce4eb21daf65f4829b3d94e16c25c26c46a69ffeb0c6d961e9601fb9d6da1252277b9255ed931b8af03b8435fbc92421f36ad7ebd38d4c0f89d995", 0x8b, 0x9) (async) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x4008004) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000086a82, 0x0) (async) fadvise64(r3, 0x4b, 0x5, 0x7) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x81, 0xfd, 0x2, 0x100}, {0x6, 0x6, 0x6, 0x3}]}, 0x10) (async) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @broadcast}, 0x1, 0x1, 0x0, 0x7}}, 0x26) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) 11m41.046298429s ago: executing program 3 (id=607): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e1800, 0x56) getdents64(r2, &(0x7f0000000400)=""/4096, 0xc00) (fail_nth: 1) 11m40.019352909s ago: executing program 3 (id=608): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x18) symlinkat(&(0x7f0000000040)='.\x00', r4, &(0x7f0000000140)='./file0\x00') r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect(r5, 0x0, 0x0) r6 = openat2(r4, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x8}, 0x18) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x80, 0x2, 0x27e}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r9, r10, r11, &(0x7f0000000980)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r7, 0x0, 0x0, 0x0, 0x40000000}) syz_ublk_add_dev(r8, r9, r10, r11, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x80, 0x2, 0x27e}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r14, r15, r16, &(0x7f0000000980)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r12, 0x0, 0x0, 0x0, 0x40000000}) syz_ublk_add_dev(r13, r14, r15, r16, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, 0x0) r17 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x13, r4, 0x10000000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000240)={0x0, 0x0}) syz_ublk_add_dev(r6, r9, r15, r17, &(0x7f0000000400)={0x2e, 0x53, 0x0, r4, 0xc0207504, 0x0, 0x0, 0x0, 0x1, 0xb7, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000300)=@any_dev={0x3, 0x93c, 0x0, 0x0, 0x1000, 0x3, r18, 0x0, 0x41}}}, &(0x7f0000000480)) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05ffffffff00000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a003400020202020202000004004600"], 0x2c}}, 0x4000000) 11m38.422298447s ago: executing program 3 (id=611): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1ec) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) 11m38.151307431s ago: executing program 3 (id=612): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1ec) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) (fail_nth: 1) 11m36.466059802s ago: executing program 3 (id=626): ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000000c0)={0x4, 0x0, 0x2a9, 0x0, 0xf}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000001c0)={0x28, 0x1, r2, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000140)}) rt_sigqueueinfo(0x0, 0x4, &(0x7f0000000080)={0x34, 0x1, 0x100}) syz_open_dev$video4linux(&(0x7f0000000080), 0xe97, 0x0) 11m35.675845662s ago: executing program 32 (id=626): ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000000c0)={0x4, 0x0, 0x2a9, 0x0, 0xf}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000001c0)={0x28, 0x1, r2, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000140)}) rt_sigqueueinfo(0x0, 0x4, &(0x7f0000000080)={0x34, 0x1, 0x100}) syz_open_dev$video4linux(&(0x7f0000000080), 0xe97, 0x0) 4m33.714185101s ago: executing program 2 (id=2598): sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x44004) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc8", 0x117}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26", 0xbe}], 0x2, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 4m33.404594732s ago: executing program 2 (id=2602): sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x44004) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bc", 0xf5}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e", 0xd9}], 0x2, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 4m32.875329177s ago: executing program 2 (id=2603): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000001400190100"], 0x28}}, 0x0) 4m32.717388837s ago: executing program 2 (id=2604): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000580)='./file0/../file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f0000000300)='./file0/../file0\x00') (fail_nth: 1) 4m32.430306725s ago: executing program 2 (id=2605): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000580)='./file0/../file0\x00') chdir(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f0000000300)='./file0/../file0\x00') 4m29.872242316s ago: executing program 2 (id=2611): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000001400190100"], 0x28}}, 0x0) 4m29.390347136s ago: executing program 33 (id=2611): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000001400190100"], 0x28}}, 0x0) 28.36028771s ago: executing program 0 (id=4034): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x7, 0x1, 0x41, 0xc3d, 0x0, 0x2004cb, 0xffffffffffffffff, 0xa1d, 0x7, 0x5, 0x79, 0x3, 0x2], 0x3332d000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x1, 0x4, 0x5, 0x0, 0x5, 0x1, 0x2, 0x9, 0xff, 0xf6, 0x5, 0x9, 0x0, 0x1, 0x5, 0x1, 0x2, 0x4, 0xff, '\x00', 0xdc, 0xe8}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 28.056430624s ago: executing program 5 (id=4036): r0 = socket(0x200000000000011, 0x3, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000d00)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x30}}, 0x0) (fail_nth: 2) 27.665694833s ago: executing program 0 (id=4038): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1c0) (async) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x2) dup2(r0, r0) (async) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'geneve1\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) (async) sendto$packet(r1, &(0x7f0000000040)="3f031c000302140006001e00890000004a1b7880610cc945000088a80000810000008180fe", 0x25, 0x1, &(0x7f0000000540)={0xc9, 0x88a8, r2, 0x1, 0x7, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14) (async) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) mknodat(r0, &(0x7f0000000100)='./file1/file2\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file1\x00', 0x2) (async) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x60b5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0xb, "", [{{0x9, 0x4, 0x0, 0xf, 0xfe, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xc, 0xfc, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x420, 0xb4, 0x9, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) (async) r4 = socket$kcm(0x10, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="d800000018007bf6e00212ba0d8105040a600000000f040b067c55a1bc0009003e0006990600000015000500fe800000d62c005401000000000000005aa7b755cbdbeb0300014002000c0901ac040098007f6f94007100a007a288747f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d345ef464095cae8c9010000730d7a5025ccca262f3db00f6b8267e04adcdf634c1f215ce3099ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d7f452a92307f01000e97", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x4000004) (async) syz_usb_control_io(r3, &(0x7f0000000dc0)={0x2c, &(0x7f0000000040)={0x60, 0x10, 0x56, {0x56, 0xe, "86ef3f9ef5491e20e6bf874332c9275fdc461fe2323447475e2a5eecbd2a26513f3cb1ea208c190fd2ad5dde3f74acf9ff4577326734f44a5e15524e1400ee26c5a5d39e62a0452868ad46f7e11511228ea89ea8"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 27.59224497s ago: executing program 5 (id=4039): kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c", 0x57, 0x5, 0xffffffff}, {0x0, 0x0, 0x7, 0x2}], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d", 0x9a}], 0x3}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0xc0400) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 26.517326867s ago: executing program 5 (id=4042): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x50) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x800) r5 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r5, 0x0, 0x0, 0x40800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r7, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r7, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000a2d000/0x2000)=nil, 0x2000}, 0x5}) 26.465114228s ago: executing program 1 (id=4043): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x50) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x800) r5 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r5, 0x0, 0x0, 0x40800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xe4776000) 26.190255804s ago: executing program 5 (id=4045): openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0x294, 0x2, 0x7fffffff, 0x8, 0x2f, 0x2006, 0xf1, 0x8, 0x80ffa, 0x2, 0x0, 0x8500, 0x1003, 0x1000004, 0xf, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x200009ea, 0x20000010, 0x40000, 0x8, 0x4008, 0x746f, 0x8, 0x5, 0x8, 0x7a2e6ff0, 0x4, 0x7ffd]}) syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, 0x0) socket$l2tp(0x2, 0x2, 0x73) 26.031596459s ago: executing program 1 (id=4047): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x59, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10) sendmmsg$inet(r0, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000c80)="91", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000140)='$+', 0x2}], 0x1}}], 0x2, 0x2090) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) (fail_nth: 2) 25.682562545s ago: executing program 1 (id=4049): r0 = epoll_create1(0x80000) fcntl$setownex(r0, 0xf, 0x0) fcntl$getownex(r0, 0x10, 0x0) 25.322817025s ago: executing program 0 (id=4050): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000a40)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820faebd6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4$alg(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000480)=[{0x0, 0x0, 0x0}], 0x1, 0x40044) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r2, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r1, &(0x7f0000000340), 0x2d}]) (fail_nth: 2) 25.210310801s ago: executing program 1 (id=4051): socketpair$unix(0x1, 0x2, 0x0, 0x0) set_mempolicy(0x2002, &(0x7f0000000080)=0x9, 0x9) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r0, &(0x7f0000001c00)=""/4108, 0x100c, 0x3) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x13, r2, 0x0) pwritev2(r2, &(0x7f0000001d40)=[{&(0x7f0000000b40)='v', 0x1}], 0x1, 0x2, 0x8, 0xa) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 24.32658737s ago: executing program 0 (id=4052): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01020000000000000000020000090900010073797a300000000008ffffffff00000220000000020a01030000000000000000020000000900010073797a30"], 0x70}, 0x1, 0x0, 0x0, 0x4801}, 0x4024000) 24.318718251s ago: executing program 5 (id=4053): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f00000001c0)={0x7, 'vlan1\x00', {0x7}, 0x404}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f00000000c0)=0xbd88, 0x4) bind$can_raw(r3, &(0x7f00000001c0), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000080)=0x4, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r5, 0x11b, 0x1, &(0x7f00000002c0), &(0x7f0000000380)=0x80) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv', 0x2) write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) ioctl$sock_SIOCOUTQNSD(r6, 0x894b, &(0x7f0000000040)) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000003c0)={'vxcan1\x00'}) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)={0x20, r2, 0x307, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}]}]}, 0x20}}, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000140), r0) fsopen(&(0x7f0000000100)='erofs\x00', 0x1) ioctl$XFS_IOC_SCRUBV_METADATA(0xffffffffffffffff, 0xc0285840, &(0x7f0000000280)={0x7fffffff, 0xffffffc0, 0x7, 0x0, 0x4, 0x2, 0x0, &(0x7f0000000240)=[{0x38, 0x101, 0x7f}, {0x12, 0x101, 0x1000}]}) 24.00856634s ago: executing program 0 (id=4054): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000005f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r2, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000) 23.98780437s ago: executing program 1 (id=4055): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x50) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x800) r5 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r5, 0x0, 0x0, 0x40800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r7, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000a2d000/0x2000)=nil, 0x2000}, 0x5}) 23.986267928s ago: executing program 5 (id=4056): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x5608, 0x3) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_subtree(r1, 0x0, 0x10448) futimesat(r1, 0x0, &(0x7f0000000040)) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000100)={0x2, 0x18, 0x9e, 0x4, 0xb4, 0x3, &(0x7f0000000040)="cbc1d21eb255335ddf6b0beffea153efa2cae789be2992fd321f711f7ae3620289ccaf21946c2d371bad5353bd110bfec259ffdfb5d9ba346f5d3d043f7cb147eb868a9652bde7705c79fa72c35131118ab144287fc73c18cf851ea079f6da165aa3cda0f56a8ff61f17886eb810abbf8f881f67dafde7cafc6321591ac6ba5bc273076a501b6a2d483a1c08e012b10c16a0bb57f01bb937673e69191bc30b3d5d123e90bda53ae32ff176a3341be6c77a90506c"}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0xfffffffffffffffd, 0x1, 0x1, 0x0, 0x0, 0xb}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x80001, 0x1, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0xa}, 0x4d4, 0x32}, 0x2, @in=@local, 0x0, 0x1, 0x1, 0x0, 0x6, 0xfffffffd}}, 0xe8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01020000000000000000020000090900010073797a300000000008ffffffff00000220000000020a01030000000000000000020000000900010073797a30"], 0x70}, 0x1, 0x0, 0x0, 0x4801}, 0x4024000) 23.885297048s ago: executing program 1 (id=4057): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet(0x2, 0xa, 0x4) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @local}, {0x2, 0x0, @rand_addr=0x64010100}, {0x2, 0x4e26, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x93f8, 0x1}) (async) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @local}, {0x2, 0x0, @rand_addr=0x64010100}, {0x2, 0x4e26, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x93f8, 0x1}) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) (async) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000001, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000000)={0x54ae, 0x3131354f, 0x1, @stepwise={0x8, 0xb, 0xfffffffc, 0x80000000, 0x2, 0x400}}) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000080)={0x980914, 0x2}) (async) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000080)={0x980914, 0x2}) socket$vsock_stream(0x28, 0x1, 0x0) (async) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r3, 0x5421, &(0x7f00000003c0)=0x5769) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x800) (async) listen(r3, 0x800) r4 = syz_open_dev$dvb_frontend(&(0x7f0000001080), 0x8d, 0x640240) ioctl$FE_GET_INFO(r4, 0x80a86f3d, &(0x7f00000010c0)) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r5, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r5, &(0x7f0000000440)=@other={'unlock', ' ', 'io+mem'}, 0xe) (async) write$vga_arbiter(r5, &(0x7f0000000440)=@other={'unlock', ' ', 'io+mem'}, 0xe) accept4$vsock_stream(r3, 0x0, 0x0, 0x800) (async) accept4$vsock_stream(r3, 0x0, 0x0, 0x800) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x3}, 0x8) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x84, 0x0) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) (async) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) mount$9p_unix(0x0, 0x0, 0x0, 0x800, &(0x7f0000000000)=ANY=[@ANYRES16]) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x800000, 0x0) 23.806309483s ago: executing program 0 (id=4058): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x7, 0x4, {0x0}, {0xee01}, 0xd25e, 0x7ff}) sched_setscheduler(r2, 0x2, 0x0) (async) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="043e1a0d01"], 0x1d) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, &(0x7f0000000140)={0x18, 0x2, {0x1, @rand_addr=0x64010100}}, 0x1e) connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x2, @loopback}}, 0x1e) (async) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) (async) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) readahead(r1, 0x0, 0x6) (async) setsockopt$WPAN_WANTACK(r4, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x4) (async) close(r4) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r5, 0x8995, &(0x7f0000000000)={'veth1_to_hsr\x00', @ifru_mtu=0x1}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) (async) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 17.877233588s ago: executing program 4 (id=4067): r0 = add_key$keyring(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$negate(0xd, r0, 0x6, r0) 17.746784464s ago: executing program 4 (id=4068): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}}) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000140)={0x2, {0x2, 0xff, 0x7, 0xff, 0x4}}) (fail_nth: 2) 17.378569327s ago: executing program 4 (id=4069): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x50) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x800) r5 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r5, 0x0, 0x0, 0x40800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xe4776000) 16.360427593s ago: executing program 4 (id=4070): openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1002, 0x0) r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0x294, 0x2, 0x7fffffff, 0x8, 0x2f, 0x2006, 0xf1, 0x8, 0x80ffa, 0x2, 0x0, 0x8500, 0x1003, 0x1000004, 0xf, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x200009ea, 0x20000010, 0x40000, 0x8, 0x4008, 0x746f, 0x8, 0x5, 0x8, 0x7a2e6ff0, 0x4, 0x7ffd]}) syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, 0x0) socket$l2tp(0x2, 0x2, 0x73) 14.820050819s ago: executing program 4 (id=4071): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0x0, 0x2) 14.67283488s ago: executing program 4 (id=4072): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0x0, 0x2) (fail_nth: 2) 9.287701456s ago: executing program 34 (id=4058): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x7, 0x4, {0x0}, {0xee01}, 0xd25e, 0x7ff}) sched_setscheduler(r2, 0x2, 0x0) (async) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="043e1a0d01"], 0x1d) syz_open_dev$MSR(0x0, 0x0, 0x0) (async) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, &(0x7f0000000140)={0x18, 0x2, {0x1, @rand_addr=0x64010100}}, 0x1e) connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x2, @loopback}}, 0x1e) (async) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) (async) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) readahead(r1, 0x0, 0x6) (async) setsockopt$WPAN_WANTACK(r4, 0x0, 0x0, &(0x7f0000000000)=0x1, 0x4) (async) close(r4) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r5, 0x8995, &(0x7f0000000000)={'veth1_to_hsr\x00', @ifru_mtu=0x1}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) (async) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 9.204474826s ago: executing program 35 (id=4057): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet(0x2, 0xa, 0x4) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @local}, {0x2, 0x0, @rand_addr=0x64010100}, {0x2, 0x4e26, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x93f8, 0x1}) (async) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @local}, {0x2, 0x0, @rand_addr=0x64010100}, {0x2, 0x4e26, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x93f8, 0x1}) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) (async) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000001, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000000)={0x54ae, 0x3131354f, 0x1, @stepwise={0x8, 0xb, 0xfffffffc, 0x80000000, 0x2, 0x400}}) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000080)={0x980914, 0x2}) (async) ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000080)={0x980914, 0x2}) socket$vsock_stream(0x28, 0x1, 0x0) (async) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r3, 0x5421, &(0x7f00000003c0)=0x5769) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x800) (async) listen(r3, 0x800) r4 = syz_open_dev$dvb_frontend(&(0x7f0000001080), 0x8d, 0x640240) ioctl$FE_GET_INFO(r4, 0x80a86f3d, &(0x7f00000010c0)) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r5, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r5, &(0x7f0000000440)=@other={'unlock', ' ', 'io+mem'}, 0xe) (async) write$vga_arbiter(r5, &(0x7f0000000440)=@other={'unlock', ' ', 'io+mem'}, 0xe) accept4$vsock_stream(r3, 0x0, 0x0, 0x800) (async) accept4$vsock_stream(r3, 0x0, 0x0, 0x800) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x3}, 0x8) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x84, 0x0) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) (async) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) mount$9p_unix(0x0, 0x0, 0x0, 0x800, &(0x7f0000000000)=ANY=[@ANYRES16]) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x800000, 0x0) 8.944558639s ago: executing program 36 (id=4056): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x5608, 0x3) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_subtree(r1, 0x0, 0x10448) futimesat(r1, 0x0, &(0x7f0000000040)) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000100)={0x2, 0x18, 0x9e, 0x4, 0xb4, 0x3, &(0x7f0000000040)="cbc1d21eb255335ddf6b0beffea153efa2cae789be2992fd321f711f7ae3620289ccaf21946c2d371bad5353bd110bfec259ffdfb5d9ba346f5d3d043f7cb147eb868a9652bde7705c79fa72c35131118ab144287fc73c18cf851ea079f6da165aa3cda0f56a8ff61f17886eb810abbf8f881f67dafde7cafc6321591ac6ba5bc273076a501b6a2d483a1c08e012b10c16a0bb57f01bb937673e69191bc30b3d5d123e90bda53ae32ff176a3341be6c77a90506c"}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0xfffffffffffffffd, 0x1, 0x1, 0x0, 0x0, 0xb}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x80001, 0x1, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0xa}, 0x4d4, 0x32}, 0x2, @in=@local, 0x0, 0x1, 0x1, 0x0, 0x6, 0xfffffffd}}, 0xe8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01020000000000000000020000090900010073797a300000000008ffffffff00000220000000020a01030000000000000000020000000900010073797a30"], 0x70}, 0x1, 0x0, 0x0, 0x4801}, 0x4024000) 0s ago: executing program 37 (id=4072): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0x0, 0x2) (fail_nth: 2) kernel console output (not intermixed with test programs): 686] ? __lock_acquire+0x6b5/0x2d10 [ 843.642384][T16686] ? do_raw_spin_lock+0x12b/0x2f0 [ 843.642442][T16686] ? __fget_files+0x2a/0x420 [ 843.642473][T16686] ? __fget_files+0x2a/0x420 [ 843.642500][T16686] ? __fget_files+0x3a6/0x420 [ 843.642531][T16686] ? __fget_files+0x2a/0x420 [ 843.642563][T16686] security_file_ioctl+0xc3/0x2a0 [ 843.642600][T16686] __se_sys_ioctl+0x47/0x170 [ 843.642636][T16686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.642662][T16686] do_syscall_64+0x174/0x580 [ 843.642696][T16686] ? trace_irq_disable+0x3b/0x140 [ 843.642723][T16686] ? clear_bhb_loop+0x40/0x90 [ 843.642752][T16686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.642775][T16686] RIP: 0033:0x7f7286a9ce59 [ 843.642796][T16686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 843.642816][T16686] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 843.642840][T16686] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 843.642864][T16686] RDX: 00002000000003c0 RSI: 000000008010aa02 RDI: 0000000000000003 [ 843.642879][T16686] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 843.642894][T16686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 843.642909][T16686] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 843.642946][T16686] [ 843.662075][T16686] ERROR: Out of memory at tomoyo_realpath_from_path. [ 844.214372][ T5804] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 844.269633][T16700] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 844.369047][ T5804] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.369073][ T5804] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 844.369124][ T5804] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 844.369171][ T5804] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 844.369198][ T5804] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 844.373664][ T5804] usb 6-1: config 0 descriptor?? [ 844.436758][ T1340] ieee802154 phy0 wpan0: encryption failed: -22 [ 844.436864][ T1340] ieee802154 phy1 wpan1: encryption failed: -22 [ 844.509985][T16705] FAULT_INJECTION: forcing a failure. [ 844.509985][T16705] name failslab, interval 1, probability 0, space 0, times 0 [ 844.510024][T16705] CPU: 1 UID: 0 PID: 16705 Comm: syz.4.3758 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 844.510051][T16705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 844.510071][T16705] Call Trace: [ 844.510081][T16705] [ 844.510092][T16705] dump_stack_lvl+0xe8/0x150 [ 844.510125][T16705] should_fail_ex+0x46b/0x600 [ 844.510166][T16705] should_failslab+0xa8/0x100 [ 844.510200][T16705] __kmalloc_noprof+0xdf/0x7b0 [ 844.510227][T16705] ? kfree+0x4d/0x6c0 [ 844.510251][T16705] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 844.510304][T16705] tomoyo_realpath_from_path+0xe3/0x5d0 [ 844.510336][T16705] ? tomoyo_domain+0xd7/0x130 [ 844.510371][T16705] ? tomoyo_path_number_perm+0x219/0x630 [ 844.510408][T16705] tomoyo_path_number_perm+0x246/0x630 [ 844.510448][T16705] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 844.510485][T16705] ? __lock_acquire+0x6b5/0x2d10 [ 844.510516][T16705] ? do_raw_spin_lock+0x12b/0x2f0 [ 844.510575][T16705] ? __fget_files+0x2a/0x420 [ 844.510606][T16705] ? __fget_files+0x2a/0x420 [ 844.510632][T16705] ? __fget_files+0x3a6/0x420 [ 844.510659][T16705] ? __fget_files+0x2a/0x420 [ 844.510691][T16705] security_file_ioctl+0xc3/0x2a0 [ 844.510728][T16705] __se_sys_ioctl+0x47/0x170 [ 844.510762][T16705] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.510788][T16705] do_syscall_64+0x174/0x580 [ 844.510835][T16705] ? clear_bhb_loop+0x40/0x90 [ 844.510864][T16705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.510889][T16705] RIP: 0033:0x7fa6fb4ace59 [ 844.510912][T16705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 844.510933][T16705] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 844.510958][T16705] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 844.510976][T16705] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 844.510991][T16705] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 844.511006][T16705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 844.511021][T16705] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 844.511057][T16705] [ 844.511179][T16705] ERROR: Out of memory at tomoyo_realpath_from_path. [ 844.805234][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805275][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805302][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805331][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805369][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805399][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805429][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805459][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805488][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.805518][ T5804] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 844.903567][ T5804] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 845.992570][T16728] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 846.032046][ T1247] usb 6-1: USB disconnect, device number 31 [ 846.471754][ T5716] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 846.615442][ T5716] usb 2-1: too many configurations: 90, using maximum allowed: 8 [ 846.619414][ T5716] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 846.619672][ T5716] usb 2-1: can't read configurations, error -61 [ 846.738468][ T5716] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 846.882321][ T5716] usb 2-1: too many configurations: 90, using maximum allowed: 8 [ 846.884728][ T5716] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 846.884772][ T5716] usb 2-1: can't read configurations, error -61 [ 846.885448][ T5716] usb usb2-port1: attempt power cycle [ 847.104574][T16755] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 847.205078][ T5716] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 847.225725][ T5716] usb 2-1: too many configurations: 90, using maximum allowed: 8 [ 847.227524][ T5716] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 847.227566][ T5716] usb 2-1: can't read configurations, error -61 [ 847.348037][ T5716] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 847.373363][ T5716] usb 2-1: too many configurations: 90, using maximum allowed: 8 [ 847.375842][ T5716] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 847.375884][ T5716] usb 2-1: can't read configurations, error -61 [ 847.378170][ T5716] usb usb2-port1: unable to enumerate USB device [ 847.643612][ T5804] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 847.795634][ T5804] usb 6-1: Using ep0 maxpacket: 32 [ 847.798297][ T5804] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 847.801369][ T5804] usb 6-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 847.801402][ T5804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.801424][ T5804] usb 6-1: Product: syz [ 847.801446][ T5804] usb 6-1: Manufacturer: syz [ 847.801458][ T5804] usb 6-1: SerialNumber: syz [ 847.820832][ T5804] usb 6-1: config 0 descriptor?? [ 847.861963][ T5804] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 848.685762][ T5804] input: gspca_pac7302 as /devices/platform/dummy_hcd.5/usb6/6-1/input/input44 [ 848.873209][T16775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 848.894194][T16775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 848.970452][T13301] usb 6-1: USB disconnect, device number 32 [ 849.322352][ T38] audit: type=1326 audit(2000000884.451:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16794 comm="syz.1.3796" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcedae6ce59 code=0x0 [ 849.391231][ T38] audit: type=1326 audit(2000000884.524:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16794 comm="syz.1.3796" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcedae6ce59 code=0x0 [ 849.405648][ T5716] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 849.567576][ T5716] usb 5-1: Using ep0 maxpacket: 16 [ 849.572590][ T5716] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 849.572620][ T5716] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 849.572643][ T5716] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 849.618767][ T5716] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 849.618880][ T5716] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 849.618967][ T5716] usb 5-1: Product: syz [ 849.618997][ T5716] usb 5-1: Manufacturer: syz [ 849.619014][ T5716] usb 5-1: SerialNumber: syz [ 849.680278][ T5716] usb 5-1: 0:2 : does not exist [ 849.854389][T16808] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 850.072247][T16790] comedi comedi0: reset error (fatal) [ 850.100215][ T5716] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 850.164402][ T5716] usb 5-1: USB disconnect, device number 25 [ 850.265155][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 850.309440][T16818] FAULT_INJECTION: forcing a failure. [ 850.309440][T16818] name failslab, interval 1, probability 0, space 0, times 0 [ 850.309478][T16818] CPU: 1 UID: 0 PID: 16818 Comm: syz.1.3804 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 850.309506][T16818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 850.309523][T16818] Call Trace: [ 850.309536][T16818] [ 850.309543][T16818] dump_stack_lvl+0xe8/0x150 [ 850.309568][T16818] should_fail_ex+0x46b/0x600 [ 850.309598][T16818] should_failslab+0xa8/0x100 [ 850.309622][T16818] __kmalloc_noprof+0xdf/0x7b0 [ 850.309642][T16818] ? kfree+0x4d/0x6c0 [ 850.309658][T16818] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 850.309683][T16818] tomoyo_realpath_from_path+0xe3/0x5d0 [ 850.309704][T16818] ? tomoyo_domain+0xd7/0x130 [ 850.309729][T16818] ? tomoyo_path_number_perm+0x219/0x630 [ 850.309788][T16818] tomoyo_path_number_perm+0x246/0x630 [ 850.309843][T16818] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 850.309878][T16818] ? __lock_acquire+0x6b5/0x2d10 [ 850.309909][T16818] ? do_raw_spin_lock+0x12b/0x2f0 [ 850.309964][T16818] ? __fget_files+0x2a/0x420 [ 850.309996][T16818] ? __fget_files+0x2a/0x420 [ 850.310021][T16818] ? __fget_files+0x3a6/0x420 [ 850.310049][T16818] ? __fget_files+0x2a/0x420 [ 850.310081][T16818] security_file_ioctl+0xc3/0x2a0 [ 850.310116][T16818] __se_sys_ioctl+0x47/0x170 [ 850.310150][T16818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.310174][T16818] do_syscall_64+0x174/0x580 [ 850.310208][T16818] ? trace_irq_disable+0x3b/0x140 [ 850.310234][T16818] ? clear_bhb_loop+0x40/0x90 [ 850.310262][T16818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.310287][T16818] RIP: 0033:0x7fcedae6ce59 [ 850.310309][T16818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 850.310340][T16818] RSP: 002b:00007fced90c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 850.310366][T16818] RAX: ffffffffffffffda RBX: 00007fcedb0e5fa0 RCX: 00007fcedae6ce59 [ 850.310385][T16818] RDX: 0000000000000000 RSI: 000000008010aa02 RDI: 0000000000000003 [ 850.310400][T16818] RBP: 00007fced90c6090 R08: 0000000000000000 R09: 0000000000000000 [ 850.310415][T16818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.310430][T16818] R13: 00007fcedb0e6038 R14: 00007fcedb0e5fa0 R15: 00007ffda58a4658 [ 850.310468][T16818] [ 850.313171][T16818] ERROR: Out of memory at tomoyo_realpath_from_path. [ 851.018291][T16837] FAULT_INJECTION: forcing a failure. [ 851.018291][T16837] name failslab, interval 1, probability 0, space 0, times 0 [ 851.018324][T16837] CPU: 1 UID: 0 PID: 16837 Comm: syz.5.3811 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 851.018344][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 851.018355][T16837] Call Trace: [ 851.018362][T16837] [ 851.018370][T16837] dump_stack_lvl+0xe8/0x150 [ 851.018397][T16837] should_fail_ex+0x46b/0x600 [ 851.018428][T16837] should_failslab+0xa8/0x100 [ 851.018453][T16837] __kmalloc_noprof+0xdf/0x7b0 [ 851.018472][T16837] ? kfree+0x4d/0x6c0 [ 851.018496][T16837] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 851.018525][T16837] tomoyo_realpath_from_path+0xe3/0x5d0 [ 851.018547][T16837] ? tomoyo_domain+0xd7/0x130 [ 851.018570][T16837] ? tomoyo_path_number_perm+0x219/0x630 [ 851.018597][T16837] tomoyo_path_number_perm+0x246/0x630 [ 851.018626][T16837] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 851.018676][T16837] ? __lock_acquire+0x6b5/0x2d10 [ 851.018708][T16837] ? do_raw_spin_lock+0x12b/0x2f0 [ 851.018773][T16837] ? __fget_files+0x2a/0x420 [ 851.018803][T16837] ? __fget_files+0x2a/0x420 [ 851.018821][T16837] ? __fget_files+0x3a6/0x420 [ 851.018839][T16837] ? __fget_files+0x2a/0x420 [ 851.018862][T16837] security_file_ioctl+0xc3/0x2a0 [ 851.018889][T16837] __se_sys_ioctl+0x47/0x170 [ 851.018914][T16837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.018933][T16837] do_syscall_64+0x174/0x580 [ 851.018959][T16837] ? trace_irq_disable+0x3b/0x140 [ 851.018981][T16837] ? clear_bhb_loop+0x40/0x90 [ 851.019003][T16837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.019020][T16837] RIP: 0033:0x7f7286a9ce59 [ 851.019036][T16837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 851.019051][T16837] RSP: 002b:00007f7284cd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 851.019069][T16837] RAX: ffffffffffffffda RBX: 00007f7286d16090 RCX: 00007f7286a9ce59 [ 851.019082][T16837] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 851.019092][T16837] RBP: 00007f7284cd5090 R08: 0000000000000000 R09: 0000000000000000 [ 851.019103][T16837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 851.019113][T16837] R13: 00007f7286d16128 R14: 00007f7286d16090 R15: 00007ffe415abcd8 [ 851.019138][T16837] [ 851.019289][T16837] ERROR: Out of memory at tomoyo_realpath_from_path. [ 852.178002][T16853] FAULT_INJECTION: forcing a failure. [ 852.178002][T16853] name failslab, interval 1, probability 0, space 0, times 0 [ 852.178042][T16853] CPU: 1 UID: 0 PID: 16853 Comm: syz.4.3816 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 852.178070][T16853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 852.178085][T16853] Call Trace: [ 852.178095][T16853] [ 852.178105][T16853] dump_stack_lvl+0xe8/0x150 [ 852.178147][T16853] should_fail_ex+0x46b/0x600 [ 852.178188][T16853] should_failslab+0xa8/0x100 [ 852.178219][T16853] __kmalloc_noprof+0xdf/0x7b0 [ 852.178247][T16853] ? kfree+0x4d/0x6c0 [ 852.178270][T16853] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 852.178306][T16853] tomoyo_realpath_from_path+0xe3/0x5d0 [ 852.178336][T16853] ? tomoyo_domain+0xd7/0x130 [ 852.178370][T16853] ? tomoyo_path_number_perm+0x219/0x630 [ 852.178409][T16853] tomoyo_path_number_perm+0x246/0x630 [ 852.178449][T16853] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 852.178485][T16853] ? __lock_acquire+0x6b5/0x2d10 [ 852.178518][T16853] ? do_raw_spin_lock+0x12b/0x2f0 [ 852.178577][T16853] ? __fget_files+0x2a/0x420 [ 852.178617][T16853] ? __fget_files+0x2a/0x420 [ 852.178644][T16853] ? __fget_files+0x3a6/0x420 [ 852.178670][T16853] ? __fget_files+0x2a/0x420 [ 852.178702][T16853] security_file_ioctl+0xc3/0x2a0 [ 852.178740][T16853] __se_sys_ioctl+0x47/0x170 [ 852.178774][T16853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.178800][T16853] do_syscall_64+0x174/0x580 [ 852.178837][T16853] ? clear_bhb_loop+0x40/0x90 [ 852.178866][T16853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.178891][T16853] RIP: 0033:0x7fa6fb4ace59 [ 852.178912][T16853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 852.178933][T16853] RSP: 002b:00007fa6f96e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 852.178957][T16853] RAX: ffffffffffffffda RBX: 00007fa6fb726090 RCX: 00007fa6fb4ace59 [ 852.178976][T16853] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 852.178991][T16853] RBP: 00007fa6f96e5090 R08: 0000000000000000 R09: 0000000000000000 [ 852.179006][T16853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 852.179020][T16853] R13: 00007fa6fb726128 R14: 00007fa6fb726090 R15: 00007fff929e2218 [ 852.179057][T16853] [ 852.182501][T16853] ERROR: Out of memory at tomoyo_realpath_from_path. [ 852.822943][T12509] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 852.876491][T16865] FAULT_INJECTION: forcing a failure. [ 852.876491][T16865] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 852.876525][T16865] CPU: 1 UID: 0 PID: 16865 Comm: syz.1.3822 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 852.876552][T16865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 852.876566][T16865] Call Trace: [ 852.876574][T16865] [ 852.876583][T16865] dump_stack_lvl+0xe8/0x150 [ 852.876649][T16865] should_fail_ex+0x46b/0x600 [ 852.876687][T16865] _copy_from_user+0x2d/0xb0 [ 852.876711][T16865] __copy_msghdr+0x3c5/0x5b0 [ 852.876745][T16865] ___sys_sendmsg+0x213/0x360 [ 852.876772][T16865] ? __lock_acquire+0x6b5/0x2d10 [ 852.876797][T16865] ? __pfx____sys_sendmsg+0x10/0x10 [ 852.876851][T16865] ? __fget_files+0x2a/0x420 [ 852.876872][T16865] ? __fget_files+0x3a6/0x420 [ 852.876901][T16865] __x64_sys_sendmsg+0x1c3/0x2a0 [ 852.876932][T16865] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 852.876969][T16865] ? __pfx_ksys_write+0x10/0x10 [ 852.877001][T16865] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.877021][T16865] do_syscall_64+0x174/0x580 [ 852.877052][T16865] ? trace_irq_disable+0x3b/0x140 [ 852.877075][T16865] ? clear_bhb_loop+0x40/0x90 [ 852.877100][T16865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.877123][T16865] RIP: 0033:0x7fcedae6ce59 [ 852.877143][T16865] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 852.877161][T16865] RSP: 002b:00007fced90c6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 852.877181][T16865] RAX: ffffffffffffffda RBX: 00007fcedb0e5fa0 RCX: 00007fcedae6ce59 [ 852.877197][T16865] RDX: 0000000000000041 RSI: 0000200000000480 RDI: 0000000000000003 [ 852.877210][T16865] RBP: 00007fced90c6090 R08: 0000000000000000 R09: 0000000000000000 [ 852.877222][T16865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 852.877235][T16865] R13: 00007fcedb0e6038 R14: 00007fcedb0e5fa0 R15: 00007ffda58a4658 [ 852.877266][T16865] [ 852.904395][T16860] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 852.909567][T12509] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 853.033196][T12509] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 853.045526][T12509] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 853.054527][T12509] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 854.992914][T16904] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 855.075016][T16861] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.075342][T16861] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.075585][T16861] bridge_slave_0: entered allmulticast mode [ 855.078596][T16861] bridge_slave_0: entered promiscuous mode [ 855.087567][T16861] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.088668][T16861] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.089707][T16861] bridge_slave_1: entered allmulticast mode [ 855.128251][T16861] bridge_slave_1: entered promiscuous mode [ 855.200199][T16861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 855.208917][T16861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 855.301236][T12503] Bluetooth: hci2: command tx timeout [ 855.913049][T16861] team0: Port device team_slave_0 added [ 855.948200][T16861] team0: Port device team_slave_1 added [ 856.186806][T16925] FAULT_INJECTION: forcing a failure. [ 856.186806][T16925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 856.186847][T16925] CPU: 1 UID: 0 PID: 16925 Comm: syz.4.3837 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 856.186875][T16925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 856.186890][T16925] Call Trace: [ 856.186899][T16925] [ 856.186909][T16925] dump_stack_lvl+0xe8/0x150 [ 856.186944][T16925] should_fail_ex+0x46b/0x600 [ 856.186985][T16925] strncpy_from_user+0x36/0x2b0 [ 856.187022][T16925] do_getname+0x77/0x250 [ 856.187051][T16925] do_sys_openat2+0xcc/0x200 [ 856.187082][T16925] ? __pfx_do_sys_openat2+0x10/0x10 [ 856.187110][T16925] ? ksys_write+0x248/0x270 [ 856.187145][T16925] ? __pfx_ksys_write+0x10/0x10 [ 856.187183][T16925] __x64_sys_openat+0x138/0x170 [ 856.187214][T16925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.187239][T16925] do_syscall_64+0x174/0x580 [ 856.187286][T16925] ? trace_irq_disable+0x3b/0x140 [ 856.187314][T16925] ? clear_bhb_loop+0x40/0x90 [ 856.187344][T16925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.187368][T16925] RIP: 0033:0x7fa6fb4ace59 [ 856.187390][T16925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 856.187411][T16925] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 856.187437][T16925] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 856.187455][T16925] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 856.187471][T16925] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 856.187487][T16925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 856.187501][T16925] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 856.187538][T16925] [ 856.764107][T16933] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 857.285469][T12503] Bluetooth: hci2: command tx timeout [ 857.576264][T10293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.720294][T16861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 857.720314][T16861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 857.720346][T16861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 857.754725][T16861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 857.754773][T16861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 857.754852][T16861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 857.973999][T16944] binder: 16941:16944 ioctl c0306201 0 returned -14 [ 858.146684][T16861] hsr_slave_0: entered promiscuous mode [ 858.170467][T16861] hsr_slave_1: entered promiscuous mode [ 858.176286][T16861] debugfs: 'hsr0' already exists in 'hsr' [ 858.176317][T16861] Cannot create hsr debugfs directory [ 858.327946][T16951] loop3: detected capacity change from 0 to 7 [ 858.373068][T16953] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3846'. [ 858.392022][T16951] loop3: [POWERTEC] [ 858.460830][T16955] binder: 16950:16955 ioctl c0306201 0 returned -14 [ 858.794779][T10293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 858.823873][T16958] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 859.008349][T16965] FAULT_INJECTION: forcing a failure. [ 859.008349][T16965] name failslab, interval 1, probability 0, space 0, times 0 [ 859.008401][T16965] CPU: 0 UID: 0 PID: 16965 Comm: syz.5.3851 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 859.008429][T16965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 859.008445][T16965] Call Trace: [ 859.008454][T16965] [ 859.008465][T16965] dump_stack_lvl+0xe8/0x150 [ 859.008500][T16965] should_fail_ex+0x46b/0x600 [ 859.008539][T16965] should_failslab+0xa8/0x100 [ 859.008563][T16965] __kmalloc_noprof+0xdf/0x7b0 [ 859.008582][T16965] ? kfree+0x4d/0x6c0 [ 859.008604][T16965] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 859.008628][T16965] tomoyo_realpath_from_path+0xe3/0x5d0 [ 859.008650][T16965] ? tomoyo_domain+0xd7/0x130 [ 859.008674][T16965] ? tomoyo_path_number_perm+0x219/0x630 [ 859.008700][T16965] tomoyo_path_number_perm+0x246/0x630 [ 859.008726][T16965] ? lapic_next_event+0x11/0x20 [ 859.008748][T16965] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 859.008775][T16965] ? __pfx_clockevents_program_event+0x10/0x10 [ 859.008809][T16965] ? irqentry_exit+0x218/0x8b0 [ 859.008849][T16965] ? __fget_files+0x2a/0x420 [ 859.008872][T16965] ? __fget_files+0x2a/0x420 [ 859.008890][T16965] ? __fget_files+0x3a6/0x420 [ 859.008909][T16965] ? __fget_files+0x2a/0x420 [ 859.008930][T16965] security_file_ioctl+0xc3/0x2a0 [ 859.008957][T16965] __se_sys_ioctl+0x47/0x170 [ 859.009000][T16965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.009019][T16965] do_syscall_64+0x174/0x580 [ 859.009043][T16965] ? trace_irq_disable+0x3b/0x140 [ 859.009062][T16965] ? clear_bhb_loop+0x40/0x90 [ 859.009083][T16965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.009102][T16965] RIP: 0033:0x7f7286a9ce59 [ 859.009118][T16965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 859.009132][T16965] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 859.009150][T16965] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 859.009163][T16965] RDX: 0000200000000100 RSI: 0000000000004bfb RDI: 0000000000000003 [ 859.009174][T16965] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 859.009185][T16965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 859.009195][T16965] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 859.009220][T16965] [ 859.009227][T16965] ERROR: Out of memory at tomoyo_realpath_from_path. [ 859.276727][T12503] Bluetooth: hci2: command tx timeout [ 859.861437][T16983] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3855'. [ 859.959897][T16985] FAULT_INJECTION: forcing a failure. [ 859.959897][T16985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 859.959939][T16985] CPU: 0 UID: 0 PID: 16985 Comm: syz.1.3857 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 859.959965][T16985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 859.959979][T16985] Call Trace: [ 859.959988][T16985] [ 859.959998][T16985] dump_stack_lvl+0xe8/0x150 [ 859.960040][T16985] should_fail_ex+0x46b/0x600 [ 859.960080][T16985] _copy_from_user+0x2d/0xb0 [ 859.960108][T16985] __copy_msghdr+0x3c5/0x5b0 [ 859.960149][T16985] ___sys_sendmsg+0x213/0x360 [ 859.960183][T16985] ? __lock_acquire+0x6b5/0x2d10 [ 859.960216][T16985] ? __pfx____sys_sendmsg+0x10/0x10 [ 859.960288][T16985] ? __fget_files+0x2a/0x420 [ 859.960316][T16985] ? __fget_files+0x3a6/0x420 [ 859.960354][T16985] __x64_sys_sendmsg+0x1c3/0x2a0 [ 859.960394][T16985] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 859.960440][T16985] ? __pfx_ksys_write+0x10/0x10 [ 859.960482][T16985] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.960508][T16985] do_syscall_64+0x174/0x580 [ 859.960542][T16985] ? trace_irq_disable+0x3b/0x140 [ 859.960568][T16985] ? clear_bhb_loop+0x40/0x90 [ 859.960594][T16985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.960617][T16985] RIP: 0033:0x7fcedae6ce59 [ 859.960638][T16985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 859.960658][T16985] RSP: 002b:00007fced90c6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 859.960681][T16985] RAX: ffffffffffffffda RBX: 00007fcedb0e5fa0 RCX: 00007fcedae6ce59 [ 859.960697][T16985] RDX: 000000000000fdff RSI: 0000200000000100 RDI: 0000000000000004 [ 859.960712][T16985] RBP: 00007fced90c6090 R08: 0000000000000000 R09: 0000000000000000 [ 859.960726][T16985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 859.960739][T16985] R13: 00007fcedb0e6038 R14: 00007fcedb0e5fa0 R15: 00007ffda58a4658 [ 859.960771][T16985] [ 859.965109][T10293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.780692][T10293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 861.162429][T17006] netlink: 57 bytes leftover after parsing attributes in process `syz.5.3865'. [ 861.220750][T17008] netlink: 'syz.5.3866': attribute type 3 has an invalid length. [ 861.234556][T12503] Bluetooth: hci2: command tx timeout [ 861.250698][ T5804] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 861.300173][T17010] FAULT_INJECTION: forcing a failure. [ 861.300173][T17010] name failslab, interval 1, probability 0, space 0, times 0 [ 861.300206][T17010] CPU: 0 UID: 0 PID: 17010 Comm: syz.5.3867 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 861.300228][T17010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 861.300240][T17010] Call Trace: [ 861.300247][T17010] [ 861.300255][T17010] dump_stack_lvl+0xe8/0x150 [ 861.300282][T17010] should_fail_ex+0x46b/0x600 [ 861.300326][T17010] should_failslab+0xa8/0x100 [ 861.300354][T17010] __kmalloc_noprof+0xdf/0x7b0 [ 861.300379][T17010] ? tomoyo_encode+0x28b/0x550 [ 861.300407][T17010] tomoyo_encode+0x28b/0x550 [ 861.300435][T17010] tomoyo_realpath_from_path+0x58d/0x5d0 [ 861.300466][T17010] ? tomoyo_path_number_perm+0x219/0x630 [ 861.300495][T17010] tomoyo_path_number_perm+0x246/0x630 [ 861.300525][T17010] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 861.300554][T17010] ? __lock_acquire+0x6b5/0x2d10 [ 861.300578][T17010] ? do_raw_spin_lock+0x12b/0x2f0 [ 861.300624][T17010] ? __fget_files+0x2a/0x420 [ 861.300650][T17010] ? __fget_files+0x2a/0x420 [ 861.300672][T17010] ? __fget_files+0x3a6/0x420 [ 861.300693][T17010] ? __fget_files+0x2a/0x420 [ 861.300720][T17010] security_file_ioctl+0xc3/0x2a0 [ 861.300752][T17010] __se_sys_ioctl+0x47/0x170 [ 861.300781][T17010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 861.300804][T17010] do_syscall_64+0x174/0x580 [ 861.300836][T17010] ? trace_irq_disable+0x3b/0x140 [ 861.300860][T17010] ? clear_bhb_loop+0x40/0x90 [ 861.300886][T17010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 861.300907][T17010] RIP: 0033:0x7f7286a9ce59 [ 861.300927][T17010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 861.300944][T17010] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 861.300965][T17010] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 861.300981][T17010] RDX: 0000200000000280 RSI: 0000000000008927 RDI: 0000000000000003 [ 861.300995][T17010] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 861.301008][T17010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 861.301024][T17010] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 861.301054][T17010] [ 861.302205][T17010] ERROR: Out of memory at tomoyo_realpath_from_path. [ 861.455980][ T5804] usb 5-1: Using ep0 maxpacket: 32 [ 861.506454][ T5804] usb 5-1: config 0 has an invalid interface number: 119 but max is 0 [ 861.506542][ T5804] usb 5-1: config 0 has no interface number 0 [ 861.506865][ T5804] usb 5-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 861.507197][ T5804] usb 5-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 861.507275][ T5804] usb 5-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 1051, setting to 1024 [ 861.507327][ T5804] usb 5-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 861.507410][ T5804] usb 5-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 861.622523][ T5804] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 861.622619][ T5804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 861.622683][ T5804] usb 5-1: Product: syz [ 861.622733][ T5804] usb 5-1: Manufacturer: syz [ 861.622776][ T5804] usb 5-1: SerialNumber: syz [ 861.697822][ T5804] usb 5-1: config 0 descriptor?? [ 861.704363][T17004] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 861.733557][ T5804] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.119/input/input45 [ 861.775763][ T4960] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 861.922381][T17003] netlink: 'syz.4.3864': attribute type 16 has an invalid length. [ 861.922730][T17003] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3864'. [ 861.970430][T17004] netlink: 'syz.4.3864': attribute type 58 has an invalid length. [ 862.061500][T17015] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3869'. [ 862.322601][ C1] bcm5974 5-1:0.119: trackpad urb failed: -1 [ 862.389346][ T5716] usb 5-1: USB disconnect, device number 26 [ 862.755871][T17029] FAULT_INJECTION: forcing a failure. [ 862.755871][T17029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 862.755911][T17029] CPU: 1 UID: 0 PID: 17029 Comm: syz.5.3874 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 862.755937][T17029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 862.755952][T17029] Call Trace: [ 862.755961][T17029] [ 862.755971][T17029] dump_stack_lvl+0xe8/0x150 [ 862.756005][T17029] should_fail_ex+0x46b/0x600 [ 862.756044][T17029] _copy_to_user+0x31/0xb0 [ 862.756075][T17029] simple_read_from_buffer+0xe1/0x170 [ 862.756111][T17029] proc_fail_nth_read+0x1be/0x230 [ 862.756143][T17029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 862.756175][T17029] ? rw_verify_area+0x2ac/0x4e0 [ 862.756213][T17029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 862.756243][T17029] vfs_read+0x212/0xa80 [ 862.756283][T17029] ? __pfx_vfs_read+0x10/0x10 [ 862.756318][T17029] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 862.756354][T17029] ? lockdep_hardirqs_on+0x7a/0x110 [ 862.756389][T17029] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 862.756424][T17029] ? mutex_lock_nested+0x152/0x1d0 [ 862.756450][T17029] ? fdget_pos+0x252/0x320 [ 862.756493][T17029] ksys_read+0x156/0x270 [ 862.756528][T17029] ? __pfx_ksys_read+0x10/0x10 [ 862.756566][T17029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.756591][T17029] do_syscall_64+0x174/0x580 [ 862.756624][T17029] ? trace_irq_disable+0x3b/0x140 [ 862.756650][T17029] ? clear_bhb_loop+0x40/0x90 [ 862.756678][T17029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.756701][T17029] RIP: 0033:0x7f7286a5d68e [ 862.756738][T17029] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 862.756765][T17029] RSP: 002b:00007f7284cf5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 862.756795][T17029] RAX: ffffffffffffffda RBX: 00007f7284cf66c0 RCX: 00007f7286a5d68e [ 862.756813][T17029] RDX: 000000000000000f RSI: 00007f7284cf60a0 RDI: 0000000000000005 [ 862.756829][T17029] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 862.756845][T17029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 862.756859][T17029] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 862.756894][T17029] [ 863.293618][T17035] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 863.953906][T10293] bridge_slave_1: left allmulticast mode [ 863.953946][T10293] bridge_slave_1: left promiscuous mode [ 863.954245][T10293] bridge0: port 2(bridge_slave_1) entered disabled state [ 864.131491][T10293] bridge_slave_0: left allmulticast mode [ 864.131525][T10293] bridge_slave_0: left promiscuous mode [ 864.135418][T10293] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.335191][T17066] FAULT_INJECTION: forcing a failure. [ 864.335191][T17066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.335230][T17066] CPU: 1 UID: 0 PID: 17066 Comm: syz.4.3881 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 864.335256][T17066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 864.335270][T17066] Call Trace: [ 864.335280][T17066] [ 864.335290][T17066] dump_stack_lvl+0xe8/0x150 [ 864.335322][T17066] should_fail_ex+0x46b/0x600 [ 864.335363][T17066] _copy_from_user+0x2d/0xb0 [ 864.335394][T17066] kstrtouint_from_user+0xd6/0x180 [ 864.335434][T17066] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 864.335489][T17066] proc_fail_nth_write+0x8e/0x210 [ 864.335518][T17066] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 864.335553][T17066] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 864.335584][T17066] vfs_write+0x2a3/0xba0 [ 864.335628][T17066] ? __pfx_vfs_write+0x10/0x10 [ 864.335666][T17066] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 864.335701][T17066] ? lockdep_hardirqs_on+0x7a/0x110 [ 864.335737][T17066] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 864.335773][T17066] ? mutex_lock_nested+0x152/0x1d0 [ 864.335799][T17066] ? fdget_pos+0x252/0x320 [ 864.335838][T17066] ksys_write+0x156/0x270 [ 864.335874][T17066] ? __pfx_ksys_write+0x10/0x10 [ 864.335916][T17066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.335943][T17066] do_syscall_64+0x174/0x580 [ 864.335978][T17066] ? trace_irq_disable+0x3b/0x140 [ 864.336013][T17066] ? clear_bhb_loop+0x40/0x90 [ 864.336043][T17066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.336067][T17066] RIP: 0033:0x7fa6fb46d68e [ 864.336089][T17066] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 864.336111][T17066] RSP: 002b:00007fa6f96c3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 864.336137][T17066] RAX: ffffffffffffffda RBX: 00007fa6f96c46c0 RCX: 00007fa6fb46d68e [ 864.336155][T17066] RDX: 0000000000000001 RSI: 00007fa6f96c40a0 RDI: 0000000000000005 [ 864.336171][T17066] RBP: 00007fa6f96c4090 R08: 0000000000000000 R09: 0000000000000000 [ 864.336187][T17066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 864.336202][T17066] R13: 00007fa6fb726218 R14: 00007fa6fb726180 R15: 00007fff929e2218 [ 864.336239][T17066] [ 865.473644][T10293] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 865.550066][T10293] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 865.571161][T10293] bond0 (unregistering): Released all slaves [ 865.699462][ T5270] 8021q: adding VLAN 0 to HW filter on device eth9 [ 866.336187][T17081] netlink: 'syz.4.3887': attribute type 58 has an invalid length. [ 867.896798][T17107] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 868.554449][ T5803] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 868.702033][ T5803] usb 6-1: Using ep0 maxpacket: 32 [ 868.704376][ T5803] usb 6-1: config 0 has an invalid interface number: 119 but max is 0 [ 868.704408][ T5803] usb 6-1: config 0 has no interface number 0 [ 868.704456][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 868.704482][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 868.704513][ T5803] usb 6-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 1051, setting to 1024 [ 868.704545][ T5803] usb 6-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 868.704573][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 868.870242][ T5803] usb 6-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 868.870276][ T5803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 868.870299][ T5803] usb 6-1: Product: syz [ 868.870316][ T5803] usb 6-1: Manufacturer: syz [ 868.870332][ T5803] usb 6-1: SerialNumber: syz [ 868.922729][ T5803] usb 6-1: config 0 descriptor?? [ 868.923731][T17124] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 869.023209][ T5803] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.119/input/input46 [ 869.151519][T17124] netlink: 'syz.5.3898': attribute type 16 has an invalid length. [ 869.151544][T17124] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3898'. [ 869.203397][T17143] netlink: 'syz.5.3898': attribute type 58 has an invalid length. [ 869.571608][ T5613] usb 6-1: USB disconnect, device number 33 [ 869.980183][T17149] C: renamed from veth1_to_team (while UP) [ 870.132417][T17149] netlink: 'syz.1.3903': attribute type 3 has an invalid length. [ 870.132436][T17149] netlink: 'syz.1.3903': attribute type 1 has an invalid length. [ 870.132448][T17149] netlink: 116 bytes leftover after parsing attributes in process `syz.1.3903'. [ 870.132470][T17149] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 870.132652][T17148] C: renamed from veth1_to_team (while UP) [ 870.190257][T17148] netlink: 'syz.4.3904': attribute type 3 has an invalid length. [ 870.190279][T17148] netlink: 'syz.4.3904': attribute type 1 has an invalid length. [ 870.190293][T17148] netlink: 116 bytes leftover after parsing attributes in process `syz.4.3904'. [ 870.190311][T17148] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 870.490130][T17161] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 870.505515][T10293] hsr_slave_0: left promiscuous mode [ 870.541571][T10293] hsr_slave_1: left promiscuous mode [ 870.542567][T10293] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 870.542591][T10293] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 870.591942][T10293] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 870.591973][T10293] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 870.847455][T10293] veth1_macvtap: left promiscuous mode [ 870.847576][T10293] veth0_macvtap: left promiscuous mode [ 870.880849][T10293] veth1_vlan: left promiscuous mode [ 870.882743][T10293] veth0_vlan: left promiscuous mode [ 870.983061][T17181] netlink: 'syz.5.3908': attribute type 21 has an invalid length. [ 870.983084][T17181] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3908'. [ 872.295117][T10293] team0 (unregistering): Port device team_slave_1 removed [ 872.340749][T10293] team0 (unregistering): Port device team_slave_0 removed [ 872.581699][T17181] netlink: 3 bytes leftover after parsing attributes in process `syz.5.3908'. [ 873.501099][T17214] FAULT_INJECTION: forcing a failure. [ 873.501099][T17214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 873.501141][T17214] CPU: 1 UID: 0 PID: 17214 Comm: syz.5.3914 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 873.501172][T17214] Tainted: [L]=SOFTLOCKUP [ 873.501181][T17214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 873.501197][T17214] Call Trace: [ 873.501206][T17214] [ 873.501216][T17214] dump_stack_lvl+0xe8/0x150 [ 873.501250][T17214] should_fail_ex+0x46b/0x600 [ 873.501290][T17214] _copy_from_user+0x2d/0xb0 [ 873.501319][T17214] __copy_msghdr+0x3c5/0x5b0 [ 873.501360][T17214] ___sys_sendmsg+0x213/0x360 [ 873.501394][T17214] ? __lock_acquire+0x6b5/0x2d10 [ 873.501426][T17214] ? __pfx____sys_sendmsg+0x10/0x10 [ 873.501503][T17214] ? __fget_files+0x2a/0x420 [ 873.501530][T17214] ? __fget_files+0x3a6/0x420 [ 873.501569][T17214] __x64_sys_sendmsg+0x1c3/0x2a0 [ 873.501608][T17214] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 873.501655][T17214] ? __pfx_ksys_write+0x10/0x10 [ 873.501697][T17214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.501723][T17214] do_syscall_64+0x174/0x580 [ 873.501758][T17214] ? trace_irq_disable+0x3b/0x140 [ 873.501783][T17214] ? clear_bhb_loop+0x40/0x90 [ 873.501819][T17214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.501843][T17214] RIP: 0033:0x7f7286a9ce59 [ 873.501864][T17214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 873.501885][T17214] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 873.501910][T17214] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 873.501928][T17214] RDX: 0000000000040040 RSI: 00002000000003c0 RDI: 0000000000000003 [ 873.501944][T17214] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 873.501960][T17214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 873.501974][T17214] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 873.502010][T17214] [ 874.083246][ T5804] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 874.225949][ T5804] usb 2-1: Using ep0 maxpacket: 16 [ 874.242576][ T5804] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 874.242606][ T5804] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 874.242628][ T5804] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 874.312285][ T5804] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 874.312318][ T5804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.312348][ T5804] usb 2-1: Product: syz [ 874.312367][ T5804] usb 2-1: Manufacturer: syz [ 874.312379][ T5804] usb 2-1: SerialNumber: syz [ 874.401945][ T5804] usb 2-1: 0:2 : does not exist [ 874.443971][T17227] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3917'. [ 874.555042][T17213] comedi comedi0: reset error (fatal) [ 874.602211][ T5804] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 874.693812][ T5804] usb 2-1: USB disconnect, device number 26 [ 874.695500][ T6131] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 874.835343][ T6131] usb 6-1: device descriptor read/64, error -71 [ 874.922292][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 875.041654][T16861] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 875.073930][ T6131] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 875.164922][T16861] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 875.166223][T16861] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 875.245367][ T6131] usb 6-1: device descriptor read/64, error -71 [ 875.323705][T16861] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 875.328270][T16861] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 875.349978][ T6131] usb usb6-port1: attempt power cycle [ 875.439981][T16861] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 875.441219][T16861] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 875.491273][T16861] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 875.673829][ T6131] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 875.696070][ T6131] usb 6-1: device descriptor read/8, error -71 [ 875.717953][T12503] Bluetooth: hci0: command 0x0406 tx timeout [ 875.806460][T17248] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 875.856269][T10293] IPVS: stop unused estimator thread 0... [ 875.921143][ T6131] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 875.945934][ T6131] usb 6-1: device descriptor read/8, error -71 [ 876.045649][ T6131] usb usb6-port1: unable to enumerate USB device [ 876.276994][T17254] FAULT_INJECTION: forcing a failure. [ 876.276994][T17254] name failslab, interval 1, probability 0, space 0, times 0 [ 876.277030][T17254] CPU: 0 UID: 0 PID: 17254 Comm: syz.1.3926 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 876.277076][T17254] Tainted: [L]=SOFTLOCKUP [ 876.277085][T17254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 876.277099][T17254] Call Trace: [ 876.277108][T17254] [ 876.277118][T17254] dump_stack_lvl+0xe8/0x150 [ 876.277148][T17254] should_fail_ex+0x46b/0x600 [ 876.277179][T17254] should_failslab+0xa8/0x100 [ 876.277206][T17254] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 876.277228][T17254] ? __alloc_skb+0x1d0/0x7d0 [ 876.277252][T17254] ? lockdep_hardirqs_on+0x7a/0x110 [ 876.277284][T17254] __alloc_skb+0x1d0/0x7d0 [ 876.277307][T17254] ? netlink_dump+0xe2/0xe10 [ 876.277337][T17254] netlink_dump+0x1d8/0xe10 [ 876.277374][T17254] ? __pfx_netlink_dump+0x10/0x10 [ 876.277411][T17254] ? netlink_recvmsg+0x5d6/0xa50 [ 876.277428][T17254] ? kmem_cache_free+0x187/0x6c0 [ 876.277451][T17254] ? netlink_recvmsg+0x5d6/0xa50 [ 876.277472][T17254] netlink_recvmsg+0x690/0xa50 [ 876.277499][T17254] ? __pfx_netlink_recvmsg+0x10/0x10 [ 876.277521][T17254] ? __pfx_aa_sk_perm+0x10/0x10 [ 876.277538][T17254] ? __lock_acquire+0x6b5/0x2d10 [ 876.277574][T17254] ? aa_sock_msg_perm+0x122/0x200 [ 876.277595][T17254] ? __pfx_netlink_recvmsg+0x10/0x10 [ 876.277615][T17254] sock_recvmsg_nosec+0x130/0x170 [ 876.277644][T17254] ____sys_recvmsg+0x23d/0x4f0 [ 876.277673][T17254] ? __pfx_____sys_recvmsg+0x10/0x10 [ 876.277709][T17254] ? import_iovec+0x73/0xa0 [ 876.277734][T17254] ___sys_recvmsg+0x215/0x590 [ 876.277758][T17254] ? __pfx____sys_recvmsg+0x10/0x10 [ 876.277781][T17254] ? __fget_files+0x2a/0x420 [ 876.277820][T17254] ? __fget_files+0x3a6/0x420 [ 876.277851][T17254] do_recvmmsg+0x33a/0x800 [ 876.277878][T17254] ? __pfx_do_recvmmsg+0x10/0x10 [ 876.277909][T17254] ? rt_mutex_slowunlock+0x1cb/0x300 [ 876.277948][T17254] __x64_sys_recvmmsg+0x198/0x250 [ 876.277972][T17254] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 876.278001][T17254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.278023][T17254] do_syscall_64+0x174/0x580 [ 876.278065][T17254] ? trace_irq_disable+0x3b/0x140 [ 876.278087][T17254] ? clear_bhb_loop+0x40/0x90 [ 876.278109][T17254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.278127][T17254] RIP: 0033:0x7fcedae6ce59 [ 876.278144][T17254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 876.278160][T17254] RSP: 002b:00007fced90c6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 876.278180][T17254] RAX: ffffffffffffffda RBX: 00007fcedb0e5fa0 RCX: 00007fcedae6ce59 [ 876.278194][T17254] RDX: 0000000000000001 RSI: 0000200000000980 RDI: 0000000000000003 [ 876.278205][T17254] RBP: 00007fced90c6090 R08: 0000000000000000 R09: 0000000000000000 [ 876.278216][T17254] R10: 0000000040000000 R11: 0000000000000246 R12: 0000000000000001 [ 876.278227][T17254] R13: 00007fcedb0e6038 R14: 00007fcedb0e5fa0 R15: 00007ffda58a4658 [ 876.278255][T17254] [ 876.445023][ T5709] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 876.604642][T16861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 876.625205][ T5709] usb 5-1: Using ep0 maxpacket: 16 [ 876.657181][ T5709] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 876.657214][ T5709] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 876.657230][ T5709] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 876.660644][ T5709] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 876.660738][ T5709] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.660803][ T5709] usb 5-1: Product: syz [ 876.660847][ T5709] usb 5-1: Manufacturer: syz [ 876.660890][ T5709] usb 5-1: SerialNumber: syz [ 876.823822][ T5709] usb 5-1: 0:2 : does not exist [ 876.967070][T17251] comedi comedi0: reset error (fatal) [ 877.050216][ T5709] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 877.213215][T16861] 8021q: adding VLAN 0 to HW filter on device team0 [ 877.290837][ T5709] usb 5-1: USB disconnect, device number 27 [ 877.303478][ T9971] bridge0: port 1(bridge_slave_0) entered blocking state [ 877.303727][ T9971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 877.422781][T10293] bridge0: port 2(bridge_slave_1) entered blocking state [ 877.422903][T10293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 877.504104][ T5803] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 877.703096][ T5803] usb 6-1: Using ep0 maxpacket: 32 [ 877.712364][ T5803] usb 6-1: config 0 has an invalid interface number: 119 but max is 0 [ 877.712394][ T5803] usb 6-1: config 0 has no interface number 0 [ 877.712452][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 877.712477][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 877.712508][ T5803] usb 6-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 1051, setting to 1024 [ 877.712538][ T5803] usb 6-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 877.712566][ T5803] usb 6-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 877.719912][ T5803] usb 6-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 877.719943][ T5803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 877.719967][ T5803] usb 6-1: Product: syz [ 877.719982][ T5803] usb 6-1: Manufacturer: syz [ 877.719997][ T5803] usb 6-1: SerialNumber: syz [ 877.745177][ T5803] usb 6-1: config 0 descriptor?? [ 877.798114][T17260] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 877.891307][ T5803] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.119/input/input47 [ 877.903603][T13301] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 878.025788][T17260] netlink: 'syz.5.3929': attribute type 16 has an invalid length. [ 878.026035][T17260] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3929'. [ 878.058506][T17260] netlink: 'syz.5.3929': attribute type 58 has an invalid length. [ 878.078183][T13301] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 878.078331][T13301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 878.129611][ T5804] usb 6-1: USB disconnect, device number 38 [ 878.129836][T13301] usb 2-1: config 0 descriptor?? [ 878.171072][T13301] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 878.523643][T13301] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 879.369120][T17292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 879.369853][T17292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 879.410694][T16861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 879.679864][T13301] gspca_cpia1: usb_control_msg 02, error -110 [ 879.680343][T13301] gspca_cpia1: usb_control_msg 05, error -32 [ 879.680833][T13301] gspca_cpia1: usb_control_msg 05, error -32 [ 879.681241][T13301] gspca_cpia1: usb_control_msg 05, error -32 [ 879.681662][T13301] gspca_cpia1: usb_control_msg 05, error -32 [ 879.681692][T13301] cpia1 2-1:0.0: unexpected systemstate: 00 [ 880.020020][T16861] veth0_vlan: entered promiscuous mode [ 880.026147][ T5803] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 880.088891][T16861] veth1_vlan: entered promiscuous mode [ 880.197887][ T5803] usb 6-1: Using ep0 maxpacket: 16 [ 880.205392][ T5803] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 880.205422][ T5803] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 880.205446][ T5803] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 880.240956][ T5803] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 880.240990][ T5803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 880.241009][ T5803] usb 6-1: Product: syz [ 880.241022][ T5803] usb 6-1: Manufacturer: syz [ 880.241035][ T5803] usb 6-1: SerialNumber: syz [ 880.332311][ T5803] usb 6-1: 0:2 : does not exist [ 880.511207][T16861] veth0_macvtap: entered promiscuous mode [ 880.578615][T17295] comedi comedi0: reset error (fatal) [ 880.600974][T16861] veth1_macvtap: entered promiscuous mode [ 880.606106][ T5803] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1) [ 880.739631][T16861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 880.807284][ T5803] usb 6-1: USB disconnect, device number 39 [ 880.807814][T16861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 880.883572][ T822] usb 2-1: USB disconnect, device number 27 [ 881.343064][ T9968] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.391868][ T9968] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.397017][ T9968] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.423149][ T9968] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.274551][T17320] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3944'. [ 882.921732][ T5709] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 883.066549][ T5709] usb 2-1: Using ep0 maxpacket: 16 [ 883.068428][ T5709] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 883.068456][ T5709] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 883.068478][ T5709] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 883.071053][ T5709] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 883.071089][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 883.071106][ T5709] usb 2-1: Product: syz [ 883.071117][ T5709] usb 2-1: Manufacturer: syz [ 883.071128][ T5709] usb 2-1: SerialNumber: syz [ 883.259509][ T5709] usb 2-1: 0:2 : does not exist [ 883.351392][ T5709] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 883.358402][T10293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 883.358423][T10293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 883.650368][ T8097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 883.650391][ T8097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 883.695827][ T5709] usb 2-1: USB disconnect, device number 28 [ 884.408096][ T5803] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 884.437791][T17350] FAULT_INJECTION: forcing a failure. [ 884.437791][T17350] name failslab, interval 1, probability 0, space 0, times 0 [ 884.437837][T17350] CPU: 0 UID: 0 PID: 17350 Comm: syz.5.3953 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 884.437869][T17350] Tainted: [L]=SOFTLOCKUP [ 884.437878][T17350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 884.437892][T17350] Call Trace: [ 884.437902][T17350] [ 884.437913][T17350] dump_stack_lvl+0xe8/0x150 [ 884.437946][T17350] should_fail_ex+0x46b/0x600 [ 884.437987][T17350] should_failslab+0xa8/0x100 [ 884.438020][T17350] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 884.438049][T17350] ? __alloc_skb+0x1d0/0x7d0 [ 884.438080][T17350] ? lockdep_hardirqs_on+0x7a/0x110 [ 884.438120][T17350] __alloc_skb+0x1d0/0x7d0 [ 884.438157][T17350] netlink_sendmsg+0x5d4/0xb40 [ 884.438192][T17350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 884.438217][T17350] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 884.438252][T17350] ? aa_sock_msg_perm+0x122/0x200 [ 884.438279][T17350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 884.438315][T17350] sock_sendmsg_nosec+0x13a/0x180 [ 884.438348][T17350] ____sys_sendmsg+0x55c/0x870 [ 884.438390][T17350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 884.438436][T17350] ? import_iovec+0x73/0xa0 [ 884.438467][T17350] ___sys_sendmsg+0x2a5/0x360 [ 884.438502][T17350] ? __lock_acquire+0x6b5/0x2d10 [ 884.438535][T17350] ? __pfx____sys_sendmsg+0x10/0x10 [ 884.438608][T17350] ? __fget_files+0x2a/0x420 [ 884.438635][T17350] ? __fget_files+0x3a6/0x420 [ 884.438673][T17350] __x64_sys_sendmsg+0x1c3/0x2a0 [ 884.438713][T17350] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 884.438759][T17350] ? __pfx_ksys_write+0x10/0x10 [ 884.438806][T17350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.438832][T17350] do_syscall_64+0x174/0x580 [ 884.438866][T17350] ? trace_irq_disable+0x3b/0x140 [ 884.438893][T17350] ? clear_bhb_loop+0x40/0x90 [ 884.438922][T17350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.438946][T17350] RIP: 0033:0x7f7286a9ce59 [ 884.438968][T17350] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 884.438989][T17350] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 884.439014][T17350] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 884.439032][T17350] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 884.439048][T17350] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 884.439063][T17350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 884.439078][T17350] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 884.439113][T17350] [ 884.578883][ T5803] usb 1-1: Using ep0 maxpacket: 32 [ 884.616492][ T5803] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 884.616576][ T5803] usb 1-1: config 0 has no interface number 0 [ 884.616710][ T5803] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 884.770377][ T5803] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 884.770421][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.770445][ T5803] usb 1-1: Product: syz [ 884.770462][ T5803] usb 1-1: Manufacturer: syz [ 884.770480][ T5803] usb 1-1: SerialNumber: syz [ 884.841623][ T5803] usb 1-1: config 0 descriptor?? [ 884.920175][ T5803] radio-si470x 1-1:0.35: could not find interrupt in endpoint [ 884.920265][ T5803] radio-si470x 1-1:0.35: probe with driver radio-si470x failed with error -5 [ 885.092851][ T5803] radio-raremono 1-1:0.35: this is not Thanko's Raremono. [ 885.093810][ T5803] usbhid 1-1:0.35: couldn't find an input interrupt endpoint [ 885.112822][ T5803] usb 1-1: USB disconnect, device number 125 [ 885.286290][T17362] FAULT_INJECTION: forcing a failure. [ 885.286290][T17362] name failslab, interval 1, probability 0, space 0, times 0 [ 885.286320][T17362] CPU: 1 UID: 0 PID: 17362 Comm: syz.4.3958 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 885.286343][T17362] Tainted: [L]=SOFTLOCKUP [ 885.286349][T17362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 885.286360][T17362] Call Trace: [ 885.286367][T17362] [ 885.286373][T17362] dump_stack_lvl+0xe8/0x150 [ 885.286398][T17362] should_fail_ex+0x46b/0x600 [ 885.286427][T17362] should_failslab+0xa8/0x100 [ 885.286451][T17362] __kmalloc_noprof+0xdf/0x7b0 [ 885.286471][T17362] ? tomoyo_encode+0x28b/0x550 [ 885.286495][T17362] tomoyo_encode+0x28b/0x550 [ 885.286518][T17362] tomoyo_realpath_from_path+0x58d/0x5d0 [ 885.286546][T17362] ? tomoyo_path_number_perm+0x219/0x630 [ 885.286573][T17362] tomoyo_path_number_perm+0x246/0x630 [ 885.286601][T17362] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 885.286626][T17362] ? __lock_acquire+0x6b5/0x2d10 [ 885.286669][T17362] ? do_raw_spin_lock+0x12b/0x2f0 [ 885.286709][T17362] ? __fget_files+0x2a/0x420 [ 885.286731][T17362] ? __fget_files+0x2a/0x420 [ 885.286749][T17362] ? __fget_files+0x3a6/0x420 [ 885.286768][T17362] ? __fget_files+0x2a/0x420 [ 885.286790][T17362] security_file_ioctl+0xc3/0x2a0 [ 885.286816][T17362] __se_sys_ioctl+0x47/0x170 [ 885.286841][T17362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.286859][T17362] do_syscall_64+0x174/0x580 [ 885.286889][T17362] ? trace_irq_disable+0x3b/0x140 [ 885.286909][T17362] ? clear_bhb_loop+0x40/0x90 [ 885.286930][T17362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.286947][T17362] RIP: 0033:0x7fa6fb4ace59 [ 885.286963][T17362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 885.286978][T17362] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 885.286996][T17362] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 885.287009][T17362] RDX: 0000200000000080 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 885.287020][T17362] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 885.287031][T17362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 885.287041][T17362] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 885.287066][T17362] [ 885.287979][T17362] ERROR: Out of memory at tomoyo_realpath_from_path. [ 885.394609][T12509] Bluetooth: hci1: command 0x0406 tx timeout [ 885.727236][ T5804] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 885.874138][ T5804] usb 2-1: Using ep0 maxpacket: 16 [ 885.876695][ T5804] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 885.876725][ T5804] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 885.876748][ T5804] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 885.879758][ T5804] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 885.879799][ T5804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 885.879823][ T5804] usb 2-1: Product: syz [ 885.879840][ T5804] usb 2-1: Manufacturer: syz [ 885.879857][ T5804] usb 2-1: SerialNumber: syz [ 886.008707][ T5804] usb 2-1: 0:2 : does not exist [ 886.193895][ T5804] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 886.375596][ T5804] usb 2-1: USB disconnect, device number 29 [ 886.524241][T17384] FAULT_INJECTION: forcing a failure. [ 886.524241][T17384] name failslab, interval 1, probability 0, space 0, times 0 [ 886.524286][T17384] CPU: 1 UID: 0 PID: 17384 Comm: syz.4.3967 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 886.524318][T17384] Tainted: [L]=SOFTLOCKUP [ 886.524328][T17384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 886.524343][T17384] Call Trace: [ 886.524353][T17384] [ 886.524363][T17384] dump_stack_lvl+0xe8/0x150 [ 886.524394][T17384] should_fail_ex+0x46b/0x600 [ 886.524433][T17384] should_failslab+0xa8/0x100 [ 886.524466][T17384] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 886.524494][T17384] ? __alloc_skb+0x1d0/0x7d0 [ 886.524522][T17384] ? lockdep_hardirqs_on+0x7a/0x110 [ 886.524562][T17384] __alloc_skb+0x1d0/0x7d0 [ 886.524592][T17384] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 886.524637][T17384] netlink_sendmsg+0x5d4/0xb40 [ 886.524671][T17384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 886.524695][T17384] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 886.524731][T17384] ? aa_sock_msg_perm+0x122/0x200 [ 886.524758][T17384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 886.524780][T17384] sock_sendmsg_nosec+0x13a/0x180 [ 886.524815][T17384] ____sys_sendmsg+0x55c/0x870 [ 886.524857][T17384] ? __pfx_____sys_sendmsg+0x10/0x10 [ 886.524902][T17384] ? import_iovec+0x73/0xa0 [ 886.524932][T17384] ___sys_sendmsg+0x2a5/0x360 [ 886.524967][T17384] ? __lock_acquire+0x6b5/0x2d10 [ 886.525000][T17384] ? __pfx____sys_sendmsg+0x10/0x10 [ 886.525070][T17384] ? __fget_files+0x2a/0x420 [ 886.525096][T17384] ? __fget_files+0x3a6/0x420 [ 886.525133][T17384] __x64_sys_sendmsg+0x1c3/0x2a0 [ 886.525171][T17384] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 886.525219][T17384] ? __pfx_ksys_write+0x10/0x10 [ 886.525260][T17384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.525287][T17384] do_syscall_64+0x174/0x580 [ 886.525321][T17384] ? trace_irq_disable+0x3b/0x140 [ 886.525347][T17384] ? clear_bhb_loop+0x40/0x90 [ 886.525376][T17384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.525401][T17384] RIP: 0033:0x7fa6fb4ace59 [ 886.525424][T17384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.525446][T17384] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 886.525471][T17384] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 886.525488][T17384] RDX: 0000000000004010 RSI: 0000200000000100 RDI: 0000000000000003 [ 886.525505][T17384] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 886.525520][T17384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 886.525535][T17384] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 886.525571][T17384] [ 886.525641][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 887.274468][ T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 887.430844][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 887.440782][T17398] binder: 17397:17398 ioctl 4018620d 0 returned -22 [ 887.456346][ T9] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 887.456369][ T9] usb 2-1: config 0 has no interface number 0 [ 887.456415][ T9] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 887.482142][ T9] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 887.482178][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 887.482193][ T9] usb 2-1: Product: syz [ 887.482205][ T9] usb 2-1: Manufacturer: syz [ 887.482216][ T9] usb 2-1: SerialNumber: syz [ 887.520887][T17399] binder: 17397:17399 ioctl c0306201 0 returned -14 [ 887.543995][ T9] usb 2-1: config 0 descriptor?? [ 887.565550][ T9] radio-si470x 2-1:0.35: could not find interrupt in endpoint [ 887.565614][ T9] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5 [ 887.566284][T17399] FAULT_INJECTION: forcing a failure. [ 887.566284][T17399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.566310][T17399] CPU: 0 UID: 0 PID: 17399 Comm: syz.4.3972 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 887.566333][T17399] Tainted: [L]=SOFTLOCKUP [ 887.566340][T17399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 887.566351][T17399] Call Trace: [ 887.566357][T17399] [ 887.566365][T17399] dump_stack_lvl+0xe8/0x150 [ 887.566393][T17399] should_fail_ex+0x46b/0x600 [ 887.566422][T17399] _copy_to_iter+0x404/0x17d0 [ 887.566464][T17399] ? rt_mutex_slowunlock+0x1cb/0x300 [ 887.566485][T17399] ? __pfx__copy_to_iter+0x10/0x10 [ 887.566513][T17399] seq_read_iter+0xbf6/0xe20 [ 887.566556][T17399] seq_read+0x36a/0x490 [ 887.566590][T17399] ? __pfx_seq_read+0x10/0x10 [ 887.566616][T17399] ? __debugfs_file_get+0x5d5/0x710 [ 887.566646][T17399] ? __pfx___debugfs_file_get+0x10/0x10 [ 887.566671][T17399] ? apparmor_file_permission+0x1f4/0x300 [ 887.566701][T17399] full_proxy_read+0x127/0x1f0 [ 887.566725][T17399] ? __pfx_full_proxy_read+0x10/0x10 [ 887.566753][T17399] vfs_read+0x212/0xa80 [ 887.566782][T17399] ? __pfx_vfs_read+0x10/0x10 [ 887.566807][T17399] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 887.566832][T17399] ? lockdep_hardirqs_on+0x7a/0x110 [ 887.566859][T17399] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 887.566888][T17399] ? mutex_lock_nested+0x152/0x1d0 [ 887.566906][T17399] ? fdget_pos+0x252/0x320 [ 887.566932][T17399] ksys_read+0x156/0x270 [ 887.566960][T17399] ? __pfx_ksys_read+0x10/0x10 [ 887.566989][T17399] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.567007][T17399] do_syscall_64+0x174/0x580 [ 887.567031][T17399] ? trace_irq_disable+0x3b/0x140 [ 887.567053][T17399] ? clear_bhb_loop+0x40/0x90 [ 887.567078][T17399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.567095][T17399] RIP: 0033:0x7fa6fb4ace59 [ 887.567110][T17399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 887.567126][T17399] RSP: 002b:00007fa6f96e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 887.567147][T17399] RAX: ffffffffffffffda RBX: 00007fa6fb726090 RCX: 00007fa6fb4ace59 [ 887.567159][T17399] RDX: 0000000000002020 RSI: 0000200000007fc0 RDI: 0000000000000004 [ 887.567171][T17399] RBP: 00007fa6f96e5090 R08: 0000000000000000 R09: 0000000000000000 [ 887.567181][T17399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 887.567191][T17399] R13: 00007fa6fb726128 R14: 00007fa6fb726090 R15: 00007fff929e2218 [ 887.567217][T17399] [ 887.920927][ T9] radio-raremono 2-1:0.35: this is not Thanko's Raremono. [ 887.921532][ T9] usbhid 2-1:0.35: couldn't find an input interrupt endpoint [ 887.969858][T17400] sctp: [Deprecated]: syz.5.3971 (pid 17400) Use of int in max_burst socket option. [ 887.969858][T17400] Use struct sctp_assoc_value instead [ 888.042148][ T9] usb 2-1: USB disconnect, device number 30 [ 888.831002][ T5803] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 889.017246][ T5803] usb 6-1: Using ep0 maxpacket: 16 [ 889.020007][ T5803] usb 6-1: config 0 has an invalid interface number: 49 but max is 0 [ 889.020037][ T5803] usb 6-1: config 0 has no interface number 0 [ 889.020085][ T5803] usb 6-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 889.023727][ T5803] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 889.023759][ T5803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.023783][ T5803] usb 6-1: Product: syz [ 889.023799][ T5803] usb 6-1: Manufacturer: syz [ 889.023815][ T5803] usb 6-1: SerialNumber: syz [ 889.120231][ T5803] usb 6-1: config 0 descriptor?? [ 889.128460][T17407] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 889.228978][T17425] FAULT_INJECTION: forcing a failure. [ 889.228978][T17425] name failslab, interval 1, probability 0, space 0, times 0 [ 889.229023][T17425] CPU: 0 UID: 0 PID: 17425 Comm: syz.4.3982 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 889.229052][T17425] Tainted: [L]=SOFTLOCKUP [ 889.229058][T17425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 889.229069][T17425] Call Trace: [ 889.229092][T17425] [ 889.229103][T17425] dump_stack_lvl+0xe8/0x150 [ 889.229138][T17425] should_fail_ex+0x46b/0x600 [ 889.229177][T17425] should_failslab+0xa8/0x100 [ 889.229214][T17425] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 889.229235][T17425] ? __alloc_skb+0x1d0/0x7d0 [ 889.229274][T17425] ? lockdep_hardirqs_on+0x7a/0x110 [ 889.229325][T17425] __alloc_skb+0x1d0/0x7d0 [ 889.229361][T17425] netlink_sendmsg+0x5d4/0xb40 [ 889.229396][T17425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 889.229414][T17425] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 889.229459][T17425] ? aa_sock_msg_perm+0x122/0x200 [ 889.229487][T17425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 889.229509][T17425] sock_sendmsg_nosec+0x13a/0x180 [ 889.229539][T17425] ____sys_sendmsg+0x55c/0x870 [ 889.229580][T17425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 889.229631][T17425] ? import_iovec+0x73/0xa0 [ 889.229663][T17425] ___sys_sendmsg+0x2a5/0x360 [ 889.229700][T17425] ? __lock_acquire+0x6b5/0x2d10 [ 889.229732][T17425] ? __pfx____sys_sendmsg+0x10/0x10 [ 889.229820][T17425] ? __fget_files+0x2a/0x420 [ 889.229849][T17425] ? __fget_files+0x3a6/0x420 [ 889.229885][T17425] __x64_sys_sendmsg+0x1c3/0x2a0 [ 889.229927][T17425] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 889.229985][T17425] ? __pfx_ksys_write+0x10/0x10 [ 889.230029][T17425] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.230054][T17425] do_syscall_64+0x174/0x580 [ 889.230098][T17425] ? clear_bhb_loop+0x40/0x90 [ 889.230119][T17425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.230136][T17425] RIP: 0033:0x7fa6fb4ace59 [ 889.230171][T17425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 889.230193][T17425] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 889.230218][T17425] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 889.230234][T17425] RDX: 0000000000000c04 RSI: 0000200000000140 RDI: 0000000000000003 [ 889.230249][T17425] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 889.230266][T17425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 889.230281][T17425] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 889.230310][T17425] [ 889.468875][ T6131] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 889.534486][ T5803] usb 6-1: USB disconnect, device number 40 [ 889.630385][ T6131] usb 1-1: Using ep0 maxpacket: 8 [ 889.632427][ T6131] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 889.632487][ T6131] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 889.632516][ T6131] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 889.632537][ T6131] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 889.632555][ T6131] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 889.632586][ T6131] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 889.632605][ T6131] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 889.910791][ T6131] usb 1-1: usb_control_msg returned -32 [ 889.910845][ T6131] usbtmc 1-1:16.0: can't read capabilities [ 890.785623][ T5804] usb 1-1: USB disconnect, device number 126 [ 890.887277][T17460] FAULT_INJECTION: forcing a failure. [ 890.887277][T17460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 890.887319][T17460] CPU: 1 UID: 0 PID: 17460 Comm: syz.1.3994 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 890.887360][T17460] Tainted: [L]=SOFTLOCKUP [ 890.887369][T17460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 890.887383][T17460] Call Trace: [ 890.887393][T17460] [ 890.887403][T17460] dump_stack_lvl+0xe8/0x150 [ 890.887437][T17460] should_fail_ex+0x46b/0x600 [ 890.887476][T17460] _copy_from_user+0x2d/0xb0 [ 890.887505][T17460] memdup_user+0x5e/0xd0 [ 890.887529][T17460] strndup_user+0x68/0xd0 [ 890.887552][T17460] __se_sys_mount+0x9d/0x420 [ 890.887581][T17460] ? ksys_write+0x248/0x270 [ 890.887627][T17460] ? __pfx___se_sys_mount+0x10/0x10 [ 890.887662][T17460] ? __x64_sys_mount+0x20/0xc0 [ 890.887689][T17460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.887715][T17460] do_syscall_64+0x174/0x580 [ 890.887750][T17460] ? trace_irq_disable+0x3b/0x140 [ 890.887774][T17460] ? clear_bhb_loop+0x40/0x90 [ 890.887804][T17460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.887828][T17460] RIP: 0033:0x7fcedae6ce59 [ 890.887849][T17460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.887869][T17460] RSP: 002b:00007fced90a5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 890.887892][T17460] RAX: ffffffffffffffda RBX: 00007fcedb0e6090 RCX: 00007fcedae6ce59 [ 890.887909][T17460] RDX: 0000200000000080 RSI: 0000200000000300 RDI: 0000000000000000 [ 890.887924][T17460] RBP: 00007fced90a5090 R08: 00002000000001c0 R09: 0000000000000000 [ 890.887940][T17460] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 890.887953][T17460] R13: 00007fcedb0e6128 R14: 00007fcedb0e6090 R15: 00007ffda58a4658 [ 890.887979][T17460] [ 891.312952][T17467] 8021q: VLANs not supported on lo [ 891.361009][T13301] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 891.503034][T13301] usb 1-1: Using ep0 maxpacket: 16 [ 891.506281][T13301] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 891.506312][T13301] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 891.506335][T13301] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 891.540902][T13301] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 891.541087][T13301] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.541124][T13301] usb 1-1: Product: syz [ 891.541142][T13301] usb 1-1: Manufacturer: syz [ 891.541158][T13301] usb 1-1: SerialNumber: syz [ 891.660447][T13301] usb 1-1: 0:2 : does not exist [ 891.826800][T17459] comedi comedi0: reset error (fatal) [ 891.860390][T13301] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1) [ 892.083323][T13301] usb 1-1: USB disconnect, device number 127 [ 892.182524][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 892.487816][T17485] FAULT_INJECTION: forcing a failure. [ 892.487816][T17485] name failslab, interval 1, probability 0, space 0, times 0 [ 892.487847][T17485] CPU: 0 UID: 0 PID: 17485 Comm: syz.0.4005 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 892.487871][T17485] Tainted: [L]=SOFTLOCKUP [ 892.487877][T17485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 892.487888][T17485] Call Trace: [ 892.487895][T17485] [ 892.487902][T17485] dump_stack_lvl+0xe8/0x150 [ 892.487926][T17485] should_fail_ex+0x46b/0x600 [ 892.487955][T17485] should_failslab+0xa8/0x100 [ 892.487979][T17485] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 892.488007][T17485] ? __alloc_skb+0x1d0/0x7d0 [ 892.488029][T17485] ? lockdep_hardirqs_on+0x7a/0x110 [ 892.488058][T17485] __alloc_skb+0x1d0/0x7d0 [ 892.488080][T17485] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 892.488106][T17485] netlink_sendmsg+0x5d4/0xb40 [ 892.488130][T17485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 892.488147][T17485] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 892.488172][T17485] ? aa_sock_msg_perm+0x122/0x200 [ 892.488191][T17485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 892.488206][T17485] sock_sendmsg_nosec+0x13a/0x180 [ 892.488228][T17485] ____sys_sendmsg+0x55c/0x870 [ 892.488258][T17485] ? __pfx_____sys_sendmsg+0x10/0x10 [ 892.488290][T17485] ? import_iovec+0x73/0xa0 [ 892.488316][T17485] ___sys_sendmsg+0x2a5/0x360 [ 892.488341][T17485] ? __lock_acquire+0x6b5/0x2d10 [ 892.488364][T17485] ? __pfx____sys_sendmsg+0x10/0x10 [ 892.488414][T17485] ? __fget_files+0x2a/0x420 [ 892.488433][T17485] ? __fget_files+0x3a6/0x420 [ 892.488459][T17485] __x64_sys_sendmsg+0x1c3/0x2a0 [ 892.488487][T17485] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 892.488523][T17485] ? __pfx_ksys_write+0x10/0x10 [ 892.488556][T17485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.488574][T17485] do_syscall_64+0x174/0x580 [ 892.488598][T17485] ? trace_irq_disable+0x3b/0x140 [ 892.488618][T17485] ? clear_bhb_loop+0x40/0x90 [ 892.488637][T17485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.488654][T17485] RIP: 0033:0x7fc81e2dce59 [ 892.488670][T17485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 892.488684][T17485] RSP: 002b:00007fc81c52e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 892.488701][T17485] RAX: ffffffffffffffda RBX: 00007fc81e555fa0 RCX: 00007fc81e2dce59 [ 892.488714][T17485] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 892.488725][T17485] RBP: 00007fc81c52e090 R08: 0000000000000000 R09: 0000000000000000 [ 892.488735][T17485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 892.488745][T17485] R13: 00007fc81e556038 R14: 00007fc81e555fa0 R15: 00007ffc04b194e8 [ 892.488769][T17485] [ 892.977003][T17492] FAULT_INJECTION: forcing a failure. [ 892.977003][T17492] name failslab, interval 1, probability 0, space 0, times 0 [ 892.977046][T17492] CPU: 0 UID: 0 PID: 17492 Comm: syz.5.4008 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 892.977079][T17492] Tainted: [L]=SOFTLOCKUP [ 892.977089][T17492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 892.977104][T17492] Call Trace: [ 892.977114][T17492] [ 892.977125][T17492] dump_stack_lvl+0xe8/0x150 [ 892.977157][T17492] should_fail_ex+0x46b/0x600 [ 892.977198][T17492] should_failslab+0xa8/0x100 [ 892.977231][T17492] kmem_cache_alloc_noprof+0x87/0x680 [ 892.977260][T17492] ? __send_signal_locked+0x22c/0xec0 [ 892.977287][T17492] ? sig_get_ucounts+0x3e4/0x450 [ 892.977323][T17492] __send_signal_locked+0x22c/0xec0 [ 892.977361][T17492] force_sig_info_to_task+0x31e/0x4b0 [ 892.977402][T17492] force_sig_fault+0xf0/0x150 [ 892.977436][T17492] ? __pfx_force_sig_fault+0x10/0x10 [ 892.977474][T17492] ? __bad_area_nosemaphore+0x31e/0x690 [ 892.977506][T17492] ? trace_page_fault_user+0x84/0x1e0 [ 892.977536][T17492] exc_page_fault+0x6a/0xc0 [ 892.977573][T17492] asm_exc_page_fault+0x26/0x30 [ 892.977597][T17492] RIP: 0033:0x7f7286951c79 [ 892.977627][T17492] Code: e8 1c ff ff ff 48 83 ec 08 b9 01 00 00 00 31 c0 6a 08 41 b8 01 00 00 00 ba 01 00 00 00 44 89 d6 bf aa 01 00 00 e8 c7 b1 14 00 <48> 89 5d 00 8b 43 0c 48 83 c4 48 5b 5d c3 66 0f 1f 84 00 00 00 00 [ 892.977648][T17492] RSP: 002b:00007f7284cf5fc0 EFLAGS: 00010207 [ 892.977669][T17492] RAX: 0000000000000001 RBX: 0000200000000200 RCX: 00007f7286a9ce59 [ 892.977686][T17492] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000007 [ 892.977700][T17492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000008 [ 892.977715][T17492] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 892.977729][T17492] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 892.977767][T17492] [ 893.627037][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 893.789810][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 893.802555][ T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 893.802635][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 893.802693][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 893.848015][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 893.848051][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 893.848074][ T9] usb 1-1: Product: syz [ 893.848091][ T9] usb 1-1: Manufacturer: syz [ 893.848106][ T9] usb 1-1: SerialNumber: syz [ 893.919263][ T9] usb 1-1: 0:2 : does not exist [ 893.998644][ T5709] usb 6-1: new full-speed USB device number 41 using dummy_hcd [ 894.030871][T17506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4015'. [ 894.132002][ T5709] usb 6-1: device descriptor read/64, error -71 [ 894.255574][T17497] comedi comedi0: reset error (fatal) [ 894.270102][ T9] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1) [ 894.370719][ T5709] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 894.411546][T17520] openvswitch: netlink: Actions may not be safe on all matching packets [ 894.428854][ T9] usb 1-1: USB disconnect, device number 2 [ 894.489228][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 894.494062][ T5709] usb 6-1: device descriptor read/64, error -71 [ 894.599612][ T5709] usb usb6-port1: attempt power cycle [ 894.688593][T17527] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 894.944045][ T5709] usb 6-1: new full-speed USB device number 43 using dummy_hcd [ 894.962092][ T5709] usb 6-1: device descriptor read/8, error -71 [ 895.088715][T17541] FAULT_INJECTION: forcing a failure. [ 895.088715][T17541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 895.088744][T17541] CPU: 0 UID: 0 PID: 17541 Comm: syz.1.4028 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 895.088788][T17541] Tainted: [L]=SOFTLOCKUP [ 895.088796][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 895.088812][T17541] Call Trace: [ 895.088822][T17541] [ 895.088832][T17541] dump_stack_lvl+0xe8/0x150 [ 895.088866][T17541] should_fail_ex+0x46b/0x600 [ 895.088906][T17541] _copy_from_user+0x2d/0xb0 [ 895.088933][T17541] kstrtouint_from_user+0xd6/0x180 [ 895.088973][T17541] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 895.089026][T17541] proc_fail_nth_write+0x8e/0x210 [ 895.089048][T17541] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 895.089071][T17541] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 895.089093][T17541] vfs_write+0x2a3/0xba0 [ 895.089123][T17541] ? __pfx_vfs_write+0x10/0x10 [ 895.089147][T17541] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 895.089173][T17541] ? lockdep_hardirqs_on+0x7a/0x110 [ 895.089198][T17541] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 895.089223][T17541] ? mutex_lock_nested+0x152/0x1d0 [ 895.089242][T17541] ? fdget_pos+0x252/0x320 [ 895.089268][T17541] ksys_write+0x156/0x270 [ 895.089289][T17541] ? __pfx_filldir64+0x10/0x10 [ 895.089306][T17541] ? __pfx_ksys_write+0x10/0x10 [ 895.089335][T17541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.089354][T17541] do_syscall_64+0x174/0x580 [ 895.089378][T17541] ? trace_irq_disable+0x3b/0x140 [ 895.089403][T17541] ? clear_bhb_loop+0x40/0x90 [ 895.089423][T17541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 895.089440][T17541] RIP: 0033:0x7fcedae2d68e [ 895.089456][T17541] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 895.089471][T17541] RSP: 002b:00007fced90c5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 895.089489][T17541] RAX: ffffffffffffffda RBX: 00007fced90c66c0 RCX: 00007fcedae2d68e [ 895.089502][T17541] RDX: 0000000000000001 RSI: 00007fced90c60a0 RDI: 0000000000000003 [ 895.089512][T17541] RBP: 00007fced90c6090 R08: 0000000000000000 R09: 0000000000000000 [ 895.089523][T17541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 895.089533][T17541] R13: 00007fcedb0e6038 R14: 00007fcedb0e5fa0 R15: 00007ffda58a4658 [ 895.089559][T17541] [ 895.094253][ T5803] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 895.240440][ T5709] usb 6-1: new full-speed USB device number 44 using dummy_hcd [ 895.259509][ T5803] usb 1-1: Using ep0 maxpacket: 32 [ 895.264636][ T5709] usb 6-1: device descriptor read/8, error -71 [ 895.287560][ T5803] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 895.287647][ T5803] usb 1-1: config 0 has no interface number 0 [ 895.287781][ T5803] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 895.287855][ T5803] usb 1-1: config 0 interface 89 has no altsetting 0 [ 895.411711][ T5803] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 895.411748][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.411765][ T5803] usb 1-1: Product: syz [ 895.411777][ T5803] usb 1-1: Manufacturer: syz [ 895.411788][ T5803] usb 1-1: SerialNumber: syz [ 895.450050][ T5803] usb 1-1: config 0 descriptor?? [ 895.457826][ T1247] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 895.465212][ T5709] usb usb6-port1: unable to enumerate USB device [ 895.482887][ T5803] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 895.482929][ T5803] em28xx 1-1:0.89: Video interface 89 found: [ 895.579641][ T1247] usb 5-1: device descriptor read/64, error -71 [ 895.808602][ T1247] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 895.942022][ T1247] usb 5-1: device descriptor read/64, error -71 [ 896.039064][ T5803] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 896.043707][T17533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 896.044335][T17533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 896.082305][ T1247] usb usb5-port1: attempt power cycle [ 896.104264][ T5709] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 896.313141][ T5709] usb 2-1: Using ep0 maxpacket: 16 [ 896.371877][ T5709] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 896.371985][ T5709] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 896.372274][ T5709] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 896.408150][ T1247] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 896.454917][ T1247] usb 5-1: device descriptor read/8, error -71 [ 896.464250][ T5709] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 896.464505][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.464532][ T5709] usb 2-1: Product: syz [ 896.464543][ T5709] usb 2-1: Manufacturer: syz [ 896.464555][ T5709] usb 2-1: SerialNumber: syz [ 896.532037][ T5709] usb 2-1: 0:2 : does not exist [ 896.645574][ T5803] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 896.645613][ T5803] em28xx 1-1:0.89: board has no eeprom [ 896.693969][ T1247] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 896.713709][ T1247] usb 5-1: device descriptor read/8, error -71 [ 896.743709][T17549] comedi comedi0: reset error (fatal) [ 896.772199][ T5803] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 896.772232][ T5803] em28xx 1-1:0.89: analog set to bulk mode. [ 896.772389][ T5804] em28xx 1-1:0.89: Registering V4L2 extension [ 896.817994][ T1247] usb usb5-port1: unable to enumerate USB device [ 896.826397][ T5709] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 896.899212][ T5803] usb 1-1: USB disconnect, device number 3 [ 896.920032][ T5803] em28xx 1-1:0.89: Disconnecting em28xx [ 897.078666][ T5804] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 897.078701][ T5804] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 897.078718][ T5804] em28xx 1-1:0.89: No AC97 audio processor [ 897.150682][ T5709] usb 2-1: USB disconnect, device number 31 [ 897.187095][ T5804] usb 1-1: Decoder not found [ 897.187112][ T5804] em28xx 1-1:0.89: failed to create media graph [ 897.187135][ T5804] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 897.216707][ T5804] em28xx 1-1:0.89: Registering snapshot button... [ 897.412466][T17561] FAULT_INJECTION: forcing a failure. [ 897.412466][T17561] name failslab, interval 1, probability 0, space 0, times 0 [ 897.412501][T17561] CPU: 0 UID: 0 PID: 17561 Comm: syz.5.4036 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 897.412527][T17561] Tainted: [L]=SOFTLOCKUP [ 897.412534][T17561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 897.412547][T17561] Call Trace: [ 897.412554][T17561] [ 897.412561][T17561] dump_stack_lvl+0xe8/0x150 [ 897.412587][T17561] should_fail_ex+0x46b/0x600 [ 897.412617][T17561] should_failslab+0xa8/0x100 [ 897.412643][T17561] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 897.412664][T17561] ? __alloc_skb+0x1d0/0x7d0 [ 897.412688][T17561] ? lockdep_hardirqs_on+0x7a/0x110 [ 897.412719][T17561] __alloc_skb+0x1d0/0x7d0 [ 897.412747][T17561] alloc_skb_with_frags+0xc8/0x760 [ 897.412781][T17561] ? do_raw_spin_lock+0x12b/0x2f0 [ 897.412802][T17561] sock_alloc_send_pskb+0x884/0x9a0 [ 897.412834][T17561] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 897.412859][T17561] ? __rcu_read_unlock+0x83/0xe0 [ 897.412883][T17561] packet_sendmsg+0x3167/0x4fd0 [ 897.412905][T17561] ? aa_label_sk_perm+0x532/0x6e0 [ 897.412927][T17561] ? __lock_acquire+0x6b5/0x2d10 [ 897.412949][T17561] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 897.412965][T17561] ? __lock_acquire+0x6b5/0x2d10 [ 897.412997][T17561] ? unwind_next_frame+0xa6/0x2550 [ 897.413035][T17561] ? __pfx_packet_sendmsg+0x10/0x10 [ 897.413058][T17561] ? aa_sk_perm+0x703/0x950 [ 897.413081][T17561] ? __pfx_aa_sk_perm+0x10/0x10 [ 897.413096][T17561] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 897.413123][T17561] ? aa_sock_msg_perm+0x122/0x200 [ 897.413143][T17561] ? __pfx_packet_sendmsg+0x10/0x10 [ 897.413162][T17561] sock_sendmsg_nosec+0x13a/0x180 [ 897.413185][T17561] ____sys_sendmsg+0x55c/0x870 [ 897.413218][T17561] ? __pfx_____sys_sendmsg+0x10/0x10 [ 897.413253][T17561] ? import_iovec+0x73/0xa0 [ 897.413285][T17561] ___sys_sendmsg+0x2a5/0x360 [ 897.413312][T17561] ? __lock_acquire+0x6b5/0x2d10 [ 897.413337][T17561] ? __pfx____sys_sendmsg+0x10/0x10 [ 897.413392][T17561] ? __fget_files+0x2a/0x420 [ 897.413413][T17561] ? __fget_files+0x3a6/0x420 [ 897.413442][T17561] __x64_sys_sendmsg+0x1c3/0x2a0 [ 897.413473][T17561] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 897.413510][T17561] ? __pfx_ksys_write+0x10/0x10 [ 897.413541][T17561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.413561][T17561] do_syscall_64+0x174/0x580 [ 897.413588][T17561] ? trace_irq_disable+0x3b/0x140 [ 897.413610][T17561] ? clear_bhb_loop+0x40/0x90 [ 897.413631][T17561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.413650][T17561] RIP: 0033:0x7f7286a9ce59 [ 897.413668][T17561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 897.413684][T17561] RSP: 002b:00007f7284cf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 897.413704][T17561] RAX: ffffffffffffffda RBX: 00007f7286d15fa0 RCX: 00007f7286a9ce59 [ 897.413719][T17561] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 897.413731][T17561] RBP: 00007f7284cf6090 R08: 0000000000000000 R09: 0000000000000000 [ 897.413742][T17561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 897.413754][T17561] R13: 00007f7286d16038 R14: 00007f7286d15fa0 R15: 00007ffe415abcd8 [ 897.413784][T17561] [ 897.945370][ T5804] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input49 [ 898.021000][ T5804] em28xx 1-1:0.89: Remote control support is not available for this card. [ 898.021073][ T5803] em28xx 1-1:0.89: Closing input extension [ 898.021097][ T5803] em28xx 1-1:0.89: Deregistering snapshot button [ 898.067528][T17564] FAULT_INJECTION: forcing a failure. [ 898.067528][T17564] name failslab, interval 1, probability 0, space 0, times 0 [ 898.067567][T17564] CPU: 1 UID: 0 PID: 17564 Comm: syz.1.4037 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 898.067599][T17564] Tainted: [L]=SOFTLOCKUP [ 898.067607][T17564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 898.067621][T17564] Call Trace: [ 898.067630][T17564] [ 898.067640][T17564] dump_stack_lvl+0xe8/0x150 [ 898.067673][T17564] should_fail_ex+0x46b/0x600 [ 898.067711][T17564] should_failslab+0xa8/0x100 [ 898.067741][T17564] __kmalloc_noprof+0xdf/0x7b0 [ 898.067767][T17564] ? kfree+0x4d/0x6c0 [ 898.067790][T17564] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 898.067823][T17564] tomoyo_realpath_from_path+0xe3/0x5d0 [ 898.067852][T17564] ? tomoyo_domain+0xd7/0x130 [ 898.067885][T17564] ? tomoyo_path_number_perm+0x219/0x630 [ 898.067920][T17564] tomoyo_path_number_perm+0x246/0x630 [ 898.067959][T17564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 898.067993][T17564] ? __lock_acquire+0x6b5/0x2d10 [ 898.068023][T17564] ? do_raw_spin_lock+0x12b/0x2f0 [ 898.068078][T17564] ? __fget_files+0x2a/0x420 [ 898.068119][T17564] ? __fget_files+0x2a/0x420 [ 898.068146][T17564] ? __fget_files+0x3a6/0x420 [ 898.068172][T17564] ? __fget_files+0x2a/0x420 [ 898.068203][T17564] security_file_ioctl+0xc3/0x2a0 [ 898.068238][T17564] __se_sys_ioctl+0x47/0x170 [ 898.068273][T17564] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.068299][T17564] do_syscall_64+0x174/0x580 [ 898.068340][T17564] ? trace_irq_disable+0x3b/0x140 [ 898.068371][T17564] ? clear_bhb_loop+0x40/0x90 [ 898.068400][T17564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.068426][T17564] RIP: 0033:0x7fcedae6ce59 [ 898.068454][T17564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 898.068475][T17564] RSP: 002b:00007fced90a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 898.068500][T17564] RAX: ffffffffffffffda RBX: 00007fcedb0e6090 RCX: 00007fcedae6ce59 [ 898.068518][T17564] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 898.068532][T17564] RBP: 00007fced90a5090 R08: 0000000000000000 R09: 0000000000000000 [ 898.068547][T17564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 898.068561][T17564] R13: 00007fcedb0e6128 R14: 00007fcedb0e6090 R15: 00007ffda58a4658 [ 898.068599][T17564] [ 898.120857][T17564] ERROR: Out of memory at tomoyo_realpath_from_path. [ 898.424821][ T5803] em28xx 1-1:0.89: Freeing device [ 898.780655][ T5803] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 898.947340][ T5803] usb 1-1: too many endpoints for config 0 interface 0 altsetting 15: 254, using maximum allowed: 30 [ 898.947395][ T5803] usb 1-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid maxpacket 1056, setting to 64 [ 898.947427][ T5803] usb 1-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 898.947459][ T5803] usb 1-1: config 0 interface 0 has no altsetting 0 [ 898.947497][ T5803] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00 [ 898.947523][ T5803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 898.961795][ T5803] usb 1-1: config 0 descriptor?? [ 898.975383][T17569] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 899.263579][ T5803] lenovo 0003:17EF:60B5.001C: reserved main item tag 0xe [ 899.263690][ T5803] hid_parser_main: 5 callbacks suppressed [ 899.263709][ T5803] lenovo 0003:17EF:60B5.001C: unknown main item tag 0x2 [ 899.386752][ T5803] lenovo 0003:17EF:60B5.001C: hidraw0: USB HID v0.0c Device [HID 17ef:60b5] on usb-dummy_hcd.0-1/input0 [ 899.447754][ T5803] usb 1-1: USB disconnect, device number 4 [ 899.567299][T17593] fido_id[17593]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 899.771009][ T1247] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 899.915228][ T1247] usb 6-1: Using ep0 maxpacket: 16 [ 899.935065][ T1247] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 899.935155][ T1247] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 899.935221][ T1247] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 899.996183][ T1247] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 899.996220][ T1247] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.996244][ T1247] usb 6-1: Product: syz [ 899.996262][ T1247] usb 6-1: Manufacturer: syz [ 899.996279][ T1247] usb 6-1: SerialNumber: syz [ 900.027647][ T6131] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 900.154158][ T1247] usb 6-1: 0:2 : does not exist [ 900.214700][ T6131] usb 5-1: config 128 has an invalid interface number: 148 but max is 0 [ 900.214734][ T6131] usb 5-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 900.214756][ T6131] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 900.215012][ T6131] usb 5-1: config 128 has no interface number 0 [ 900.215064][ T6131] usb 5-1: config 128 interface 148 altsetting 70 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 900.215097][ T6131] usb 5-1: config 128 interface 148 has no altsetting 0 [ 900.281705][ T6131] usb 5-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 900.282005][ T6131] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.282031][ T6131] usb 5-1: Product: syz [ 900.282048][ T6131] usb 5-1: Manufacturer: syz [ 900.282066][ T6131] usb 5-1: SerialNumber: syz [ 900.336391][T17606] FAULT_INJECTION: forcing a failure. [ 900.336391][T17606] name failslab, interval 1, probability 0, space 0, times 0 [ 900.336430][T17606] CPU: 1 UID: 0 PID: 17606 Comm: syz.0.4050 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 900.336461][T17606] Tainted: [L]=SOFTLOCKUP [ 900.336470][T17606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 900.336484][T17606] Call Trace: [ 900.336494][T17606] [ 900.336505][T17606] dump_stack_lvl+0xe8/0x150 [ 900.336540][T17606] should_fail_ex+0x46b/0x600 [ 900.336581][T17606] should_failslab+0xa8/0x100 [ 900.336614][T17606] kmem_cache_alloc_noprof+0x87/0x680 [ 900.336642][T17606] ? io_submit_one+0x130/0x14c0 [ 900.336681][T17606] io_submit_one+0x130/0x14c0 [ 900.336720][T17606] ? irqentry_exit+0x218/0x8b0 [ 900.336754][T17606] ? lockdep_hardirqs_on+0x7a/0x110 [ 900.336787][T17606] ? irqentry_exit+0x218/0x8b0 [ 900.336827][T17606] ? __pfx_io_submit_one+0x10/0x10 [ 900.336863][T17606] ? __might_fault+0xaf/0x130 [ 900.336905][T17606] ? __might_fault+0xaf/0x130 [ 900.336937][T17606] __se_sys_io_submit+0x195/0x340 [ 900.336972][T17606] ? __pfx___se_sys_io_submit+0x10/0x10 [ 900.337002][T17606] ? ksys_write+0x248/0x270 [ 900.337051][T17606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.337075][T17606] do_syscall_64+0x174/0x580 [ 900.337110][T17606] ? trace_irq_disable+0x3b/0x140 [ 900.337137][T17606] ? clear_bhb_loop+0x40/0x90 [ 900.337165][T17606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.337191][T17606] RIP: 0033:0x7fc81e2dce59 [ 900.337214][T17606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 900.337234][T17606] RSP: 002b:00007fc81c52e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 900.337260][T17606] RAX: ffffffffffffffda RBX: 00007fc81e555fa0 RCX: 00007fc81e2dce59 [ 900.337278][T17606] RDX: 0000200000001440 RSI: 2000000000000225 RDI: 00007fc81c509000 [ 900.337296][T17606] RBP: 00007fc81c52e090 R08: 0000000000000000 R09: 0000000000000000 [ 900.337312][T17606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 900.337326][T17606] R13: 00007fc81e556038 R14: 00007fc81e555fa0 R15: 00007ffc04b194e8 [ 900.337370][T17606] [ 900.401109][T17592] comedi comedi0: reset error (fatal) [ 900.495111][ T1247] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1) [ 900.553147][T17607] netlink: 'syz.1.4051': attribute type 10 has an invalid length. [ 900.553216][T17607] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4051'. [ 900.716903][T17607] team0: entered promiscuous mode [ 900.716938][T17607] team_slave_0: entered promiscuous mode [ 900.717215][T17607] team_slave_1: entered promiscuous mode [ 900.728432][T17607] team0: entered allmulticast mode [ 900.728459][T17607] team_slave_0: entered allmulticast mode [ 900.728505][T17607] team_slave_1: entered allmulticast mode [ 900.783681][ T1247] usb 6-1: USB disconnect, device number 45 [ 900.843536][T17607] bridge0: port 3(team0) entered blocking state [ 900.863489][T17607] bridge0: port 3(team0) entered disabled state [ 901.011696][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 901.207814][T17607] bridge0: port 3(team0) entered blocking state [ 901.207970][T17611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4052'. [ 901.208004][T17607] bridge0: port 3(team0) entered forwarding state [ 901.248167][ T6131] usb 5-1: USB disconnect, device number 32 [ 901.657673][T17613] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4056'. [ 903.356036][ T1340] ieee802154 phy0 wpan0: encryption failed: -22 [ 903.356252][ T1340] ieee802154 phy1 wpan1: encryption failed: -22 [ 903.542051][ T1247] usb 5-1: new low-speed USB device number 33 using dummy_hcd [ 903.689145][ T1247] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 903.689205][ T1247] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 903.689254][ T1247] usb 5-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 903.689280][ T1247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 903.743093][ T1247] usb 5-1: config 0 descriptor?? [ 903.748001][ T1247] qmi_wwan 5-1:0.0: bogus CDC Union: master=25, slave=0 [ 903.748288][ T1247] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 903.944476][ T1247] usb 5-1: USB disconnect, device number 33 [ 904.837231][ T1247] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 904.980433][ T1247] usb 5-1: Using ep0 maxpacket: 16 [ 904.983176][ T1247] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 904.983205][ T1247] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 904.983228][ T1247] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 904.988286][ T1247] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 904.988325][ T1247] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.988349][ T1247] usb 5-1: Product: syz [ 904.988366][ T1247] usb 5-1: Manufacturer: syz [ 904.988384][ T1247] usb 5-1: SerialNumber: syz [ 905.149763][ T1247] usb 5-1: 0:2 : does not exist [ 905.508098][T17635] comedi comedi0: reset error (fatal) [ 905.590595][ T1247] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 905.666807][ T1247] usb 5-1: USB disconnect, device number 34 [ 905.746745][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 906.246949][T17642] FAULT_INJECTION: forcing a failure. [ 906.246949][T17642] name failslab, interval 1, probability 0, space 0, times 0 [ 906.246992][T17642] CPU: 0 UID: 0 PID: 17642 Comm: syz.4.4063 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 906.247025][T17642] Tainted: [L]=SOFTLOCKUP [ 906.247039][T17642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 906.247055][T17642] Call Trace: [ 906.247064][T17642] [ 906.247075][T17642] dump_stack_lvl+0xe8/0x150 [ 906.247108][T17642] should_fail_ex+0x46b/0x600 [ 906.247149][T17642] should_failslab+0xa8/0x100 [ 906.247182][T17642] __kmalloc_noprof+0xdf/0x7b0 [ 906.247209][T17642] ? __kmalloc_cache_noprof+0x3a6/0x690 [ 906.247237][T17642] ? alloc_pipe_info+0x1fc/0x4d0 [ 906.247269][T17642] ? alloc_pipe_info+0xe8/0x4d0 [ 906.247308][T17642] alloc_pipe_info+0x1fc/0x4d0 [ 906.247345][T17642] splice_direct_to_actor+0xa19/0xc80 [ 906.247404][T17642] ? kstrtouint+0x6e/0xe0 [ 906.247440][T17642] ? __pfx_direct_splice_actor+0x10/0x10 [ 906.247472][T17642] ? __pfx_aa_file_perm+0x10/0x10 [ 906.247502][T17642] ? __lock_acquire+0x6b5/0x2d10 [ 906.247530][T17642] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 906.247572][T17642] do_splice_direct+0x19b/0x2a0 [ 906.247604][T17642] ? __pfx_do_splice_direct+0x10/0x10 [ 906.247635][T17642] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 906.247674][T17642] ? rw_verify_area+0x25b/0x4e0 [ 906.247710][T17642] do_sendfile+0x547/0x7e0 [ 906.247735][T17642] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 906.247779][T17642] ? __pfx_do_sendfile+0x10/0x10 [ 906.247817][T17642] __se_sys_sendfile64+0x144/0x1a0 [ 906.247844][T17642] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 906.247877][T17642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 906.247904][T17642] do_syscall_64+0x174/0x580 [ 906.247938][T17642] ? trace_irq_disable+0x3b/0x140 [ 906.247964][T17642] ? clear_bhb_loop+0x40/0x90 [ 906.247993][T17642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 906.248016][T17642] RIP: 0033:0x7fa6fb4ace59 [ 906.248038][T17642] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 906.248058][T17642] RSP: 002b:00007fa6f96e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 906.248083][T17642] RAX: ffffffffffffffda RBX: 00007fa6fb726090 RCX: 00007fa6fb4ace59 [ 906.248101][T17642] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 906.248115][T17642] RBP: 00007fa6f96e5090 R08: 0000000000000000 R09: 0000000000000000 [ 906.248131][T17642] R10: 00000ffffffff000 R11: 0000000000000246 R12: 0000000000000001 [ 906.248147][T17642] R13: 00007fa6fb726128 R14: 00007fa6fb726090 R15: 00007fff929e2218 [ 906.248182][T17642] [ 907.696632][T17652] FAULT_INJECTION: forcing a failure. [ 907.696632][T17652] name failslab, interval 1, probability 0, space 0, times 0 [ 907.696674][T17652] CPU: 0 UID: 0 PID: 17652 Comm: syz.4.4068 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 907.696706][T17652] Tainted: [L]=SOFTLOCKUP [ 907.696716][T17652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 907.696731][T17652] Call Trace: [ 907.696740][T17652] [ 907.696750][T17652] dump_stack_lvl+0xe8/0x150 [ 907.696785][T17652] should_fail_ex+0x46b/0x600 [ 907.696825][T17652] should_failslab+0xa8/0x100 [ 907.696867][T17652] __kmalloc_noprof+0xdf/0x7b0 [ 907.696896][T17652] ? tomoyo_encode+0x28b/0x550 [ 907.696928][T17652] tomoyo_encode+0x28b/0x550 [ 907.696962][T17652] tomoyo_realpath_from_path+0x58d/0x5d0 [ 907.697002][T17652] ? tomoyo_path_number_perm+0x219/0x630 [ 907.697040][T17652] tomoyo_path_number_perm+0x246/0x630 [ 907.697079][T17652] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 907.697115][T17652] ? __lock_acquire+0x6b5/0x2d10 [ 907.697146][T17652] ? do_raw_spin_lock+0x12b/0x2f0 [ 907.697203][T17652] ? __fget_files+0x2a/0x420 [ 907.697234][T17652] ? __fget_files+0x2a/0x420 [ 907.697261][T17652] ? __fget_files+0x3a6/0x420 [ 907.697288][T17652] ? __fget_files+0x2a/0x420 [ 907.697320][T17652] security_file_ioctl+0xc3/0x2a0 [ 907.697357][T17652] __se_sys_ioctl+0x47/0x170 [ 907.697398][T17652] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.697425][T17652] do_syscall_64+0x174/0x580 [ 907.697458][T17652] ? trace_irq_disable+0x3b/0x140 [ 907.697485][T17652] ? clear_bhb_loop+0x40/0x90 [ 907.697514][T17652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.697538][T17652] RIP: 0033:0x7fa6fb4ace59 [ 907.697559][T17652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 907.697580][T17652] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 907.697605][T17652] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 907.697622][T17652] RDX: 0000200000000140 RSI: 000000000000541c RDI: 0000000000000004 [ 907.697637][T17652] RBP: 00007fa6f9706090 R08: 0000000000000000 R09: 0000000000000000 [ 907.697653][T17652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 907.697669][T17652] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 907.697706][T17652] [ 907.697727][T17652] ERROR: Out of memory at tomoyo_realpath_from_path. [ 909.371481][ T1247] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 909.513891][ T1247] usb 5-1: Using ep0 maxpacket: 16 [ 909.516307][ T1247] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 909.516334][ T1247] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 909.516357][ T1247] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 909.527929][ T1247] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 909.527964][ T1247] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.527994][ T1247] usb 5-1: Product: syz [ 909.528011][ T1247] usb 5-1: Manufacturer: syz [ 909.528027][ T1247] usb 5-1: SerialNumber: syz [ 909.753851][ T1247] usb 5-1: 0:2 : does not exist [ 910.037467][T17656] comedi comedi0: reset error (fatal) [ 910.062083][ T1247] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 910.137964][ T1247] usb 5-1: USB disconnect, device number 35 [ 910.200055][T15684] udevd[15684]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 910.776862][T17661] FAULT_INJECTION: forcing a failure. [ 910.776862][T17661] name failslab, interval 1, probability 0, space 0, times 0 [ 910.776903][T17661] CPU: 0 UID: 0 PID: 17661 Comm: syz.4.4072 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 910.776936][T17661] Tainted: [L]=SOFTLOCKUP [ 910.776945][T17661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 910.776960][T17661] Call Trace: [ 910.776970][T17661] [ 910.776980][T17661] dump_stack_lvl+0xe8/0x150 [ 910.777015][T17661] should_fail_ex+0x46b/0x600 [ 910.777055][T17661] should_failslab+0xa8/0x100 [ 910.777088][T17661] kmem_cache_alloc_noprof+0x87/0x680 [ 910.777116][T17661] ? do_getname+0x2e/0x250 [ 910.777145][T17661] do_getname+0x2e/0x250 [ 910.777167][T17661] ? getname_flags+0x11/0x20 [ 910.777193][T17661] path_setxattrat+0x32d/0x440 [ 910.777238][T17661] ? __pfx_path_setxattrat+0x10/0x10 [ 910.777299][T17661] ? ksys_write+0x248/0x270 [ 910.777335][T17661] ? __pfx_ksys_write+0x10/0x10 [ 910.777373][T17661] __x64_sys_lsetxattr+0xbf/0xe0 [ 910.777404][T17661] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.777437][T17661] do_syscall_64+0x174/0x580 [ 910.777473][T17661] ? trace_irq_disable+0x3b/0x140 [ 910.777499][T17661] ? clear_bhb_loop+0x40/0x90 [ 910.777528][T17661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.777551][T17661] RIP: 0033:0x7fa6fb4ace59 [ 910.777572][T17661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 910.777594][T17661] RSP: 002b:00007fa6f9706028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 910.777622][T17661] RAX: ffffffffffffffda RBX: 00007fa6fb725fa0 RCX: 00007fa6fb4ace59 [ 910.777641][T17661] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000040 [ 910.777657][T17661] RBP: 00007fa6f9706090 R08: 0000000000000002 R09: 0000000000000000 [ 910.777673][T17661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 910.777687][T17661] R13: 00007fa6fb726038 R14: 00007fa6fb725fa0 R15: 00007fff929e2218 [ 910.777729][T17661] [ 916.493226][T12509] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 916.561980][T12509] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 916.563765][T12509] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 916.597400][T12509] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 916.598339][T12509] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 917.378381][T12509] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 917.443601][T12509] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 917.445474][T12509] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 917.482713][T12509] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 917.483639][T12509] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 918.262455][T12509] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 918.331351][T12509] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 918.341875][T12509] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 918.348447][T12509] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 918.349425][T12509] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 918.686663][ T4924] Bluetooth: hci4: command tx timeout [ 919.524367][ T4924] Bluetooth: hci5: command tx timeout [ 920.362508][ T4924] Bluetooth: hci6: command tx timeout [ 920.668971][ T4924] Bluetooth: hci4: command tx timeout [ 921.505445][ T4924] Bluetooth: hci5: command tx timeout [ 922.343581][ T4924] Bluetooth: hci6: command tx timeout [ 922.648359][ T4924] Bluetooth: hci4: command tx timeout [ 923.486501][ T4924] Bluetooth: hci5: command tx timeout [ 924.324668][ T4924] Bluetooth: hci6: command tx timeout [ 924.630581][ T4924] Bluetooth: hci4: command tx timeout [ 925.469787][ T4924] Bluetooth: hci5: command tx timeout [ 926.305659][T12509] Bluetooth: hci6: command tx timeout [ 926.561076][T12509] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 926.637881][T12509] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 926.647027][T12509] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 926.658693][T12509] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 926.663980][T12509] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 928.743982][ T4924] Bluetooth: hci7: command tx timeout [ 930.725039][ T4924] Bluetooth: hci7: command tx timeout [ 932.706061][ T4924] Bluetooth: hci7: command tx timeout [ 934.687179][ T4924] Bluetooth: hci7: command tx timeout [ 956.559282][ T12] kworker/u8:0 (12) used greatest stack depth: 14152 bytes left [ 961.437119][ T1340] ieee802154 phy0 wpan0: encryption failed: -22 [ 961.437230][ T1340] ieee802154 phy1 wpan1: encryption failed: -22 [ 982.326348][T12509] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 982.403893][T12509] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 982.419937][T12509] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 982.421213][T12509] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 982.422033][T12509] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 982.715929][T12509] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 982.774637][T12509] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 982.807564][T12509] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 982.811287][T12509] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 982.830228][T12509] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 983.033337][ T4924] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 983.105448][ T4924] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 983.107187][ T4924] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 983.108505][ T4924] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 983.147877][ T4924] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 983.573678][ T4924] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 983.625705][ T4924] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 983.627427][ T4924] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 983.630771][ T4924] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 983.657408][ T4924] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 984.442817][ T4924] Bluetooth: hci8: command tx timeout [ 984.899826][ T4924] Bluetooth: hci10: command tx timeout [ 985.282194][ T4924] Bluetooth: hci9: command tx timeout [ 985.816097][ T4924] Bluetooth: hci11: command tx timeout [ 986.423836][ T4924] Bluetooth: hci8: command tx timeout [ 986.881088][ T4924] Bluetooth: hci10: command tx timeout [ 987.262027][ T4924] Bluetooth: hci9: command tx timeout [ 987.796494][ T4924] Bluetooth: hci11: command tx timeout [ 988.404951][ T4924] Bluetooth: hci8: command tx timeout [ 988.862385][ T4924] Bluetooth: hci10: command tx timeout [ 989.243041][ T4924] Bluetooth: hci9: command tx timeout [ 989.776456][ T4924] Bluetooth: hci11: command tx timeout [ 990.385983][ T4924] Bluetooth: hci8: command tx timeout [ 990.843299][ T4924] Bluetooth: hci10: command tx timeout [ 991.224223][ T4924] Bluetooth: hci9: command tx timeout [ 991.757521][ T4924] Bluetooth: hci11: command tx timeout [ 1001.748475][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1001.748497][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P17621 [ 1001.748529][ C0] rcu: (detected by 0, t=10502 jiffies, g=111809, q=8337 ncpus=2) [ 1001.748555][ C0] task:syz.1.4057 state:R running task stack:26168 pid:17621 tgid:17619 ppid:12828 task_flags:0x40054c flags:0x00080001 [ 1001.748631][ C0] Call Trace: [ 1001.748640][ C0] [ 1001.748649][ C0] ? ktime_get+0x45/0x220 [ 1001.748691][ C0] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 1001.748723][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 1001.748754][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 1001.748780][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 1001.748812][ C0] ? irqentry_exit+0x218/0x8b0 [ 1001.748864][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 1001.748887][ C0] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 1001.748924][ C0] ? rt_spin_lock+0x1e0/0x400 [ 1001.748955][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1001.748989][ C0] ? trace_irq_disable+0x3b/0x140 [ 1001.749021][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1001.749050][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 1001.749076][ C0] ? vga_arb_release+0x27c/0x5c0 [ 1001.749115][ C0] ? rt_spin_unlock+0x113/0x200 [ 1001.749145][ C0] ? vga_arb_release+0x27c/0x5c0 [ 1001.749182][ C0] ? __pfx_vga_arb_release+0x10/0x10 [ 1001.749216][ C0] ? __fput+0x461/0xa70 [ 1001.749254][ C0] ? task_work_run+0x1d9/0x270 [ 1001.749285][ C0] ? __pfx_task_work_run+0x10/0x10 [ 1001.749313][ C0] ? rt_spin_unlock+0x160/0x200 [ 1001.749347][ C0] ? do_exit+0x70f/0x22c0 [ 1001.749382][ C0] ? __pfx_do_exit+0x10/0x10 [ 1001.749405][ C0] ? rt_mutex_slowunlock+0x61e/0x8b0 [ 1001.749450][ C0] ? do_group_exit+0x21b/0x2d0 [ 1001.749476][ C0] ? rt_spin_unlock+0x160/0x200 [ 1001.749507][ C0] ? get_signal+0x1284/0x1330 [ 1001.749560][ C0] ? arch_do_signal_or_restart+0xbc/0x840 [ 1001.749583][ C0] ? __fget_files+0x2a/0x420 [ 1001.749608][ C0] ? __fget_files+0x3a6/0x420 [ 1001.749635][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1001.749668][ C0] ? ksys_write+0x248/0x270 [ 1001.749709][ C0] ? exit_to_user_mode_loop+0xa9/0x680 [ 1001.749734][ C0] ? rcu_is_watching+0x15/0xb0 [ 1001.749766][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.749791][ C0] ? do_syscall_64+0x353/0x580 [ 1001.749830][ C0] ? trace_irq_disable+0x3b/0x140 [ 1001.749856][ C0] ? clear_bhb_loop+0x40/0x90 [ 1001.749884][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.749925][ C0]