last executing test programs: 49.70186031s ago: executing program 2 (id=389): r0 = syz_open_procfs(0x0, &(0x7f0000000500)='net/if_inet6\x00') unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x200) 49.551772903s ago: executing program 2 (id=392): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f00000003c0)={0x0, 0x0, {0x9, 0x749, 0x1009, 0x0, 0x5, 0x6, 0x0, 0x4}}) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) pipe2$9p(0x0, 0x80080) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0x2284, &(0x7f00000000c0)={0x3, 0x2083, 0x0, 0x0}) 48.550604489s ago: executing program 2 (id=395): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) msgsnd(0x0, &(0x7f0000000380)=ANY=[], 0x2000, 0x800) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_open_dev$vcsa(&(0x7f0000000080), 0x81, 0x400000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_rdma(0x10, 0x3, 0x14) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'ip6tnl0\x00'}}, 0x1e) connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'veth1_to_bridge\x00'}}, 0x1e) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) 46.79606837s ago: executing program 1 (id=401): socket$nl_rdma(0x10, 0x3, 0x14) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x100ec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r1) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) writev(r3, &(0x7f0000002380)=[{&(0x7f0000002140)="58f1f09172", 0x5}, {&(0x7f00000021c0)="c0a22c70", 0x4}], 0x2) sendmsg$NFC_CMD_DISABLE_SE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x24008840}, 0x40000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) fdatasync(0xffffffffffffffff) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 46.328027173s ago: executing program 1 (id=404): openat$dlm_control(0xffffffffffffff9c, 0x0, 0xad82, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) capset(0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x720, 0x508, 0x508, 0x438, 0x0, 0x438, 0x650, 0x650, 0x650, 0x650, 0x650, 0x6, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xff000000, 0xffffff00, 0x0, 0xffffff00], 'vlan1\x00', 'veth1\x00', {0xff}, {0xff}, 0x6, 0x3, 0x3, 0x14}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x1, 0x5}}}, {{@ipv6={@remote, @local, [0x0, 0xffffffff], [0x0, 0xff000000], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11, 0x0, 0x0, 0x4}, 0x0, 0x198, 0x1d8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [], @ipv6=@private1, [0x0, 0xff000000, 0xffffffff], @ipv4=@multicast2, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@empty, [0x0, 0x0, 0xff000000, 0xff], 0x0, 0x0, 0x42, 0x4e22, 0x4e24, 0x4e20, 0x4e24, 0x0, 0x23ccf3e9fd2b5143}, 0x0, 0x80, 0x0, 0x4e20, 0x4e24, 0x4e23}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@private2, 0x2c, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}, {{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@frag={{0x30}, {[0x3, 0x8], 0xa, 0x0, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x780) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) recvmmsg(r1, &(0x7f00000010c0)=[{{&(0x7f0000000000)=@l2tp, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001140)=""/4096}], 0x0, &(0x7f0000000300)=""/70}, 0x3}, {{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000002140)=""/116}, {&(0x7f0000000f40)=""/220}, {&(0x7f0000000180)=""/120}, {&(0x7f0000000680)=""/249}, {&(0x7f0000000380)=""/181}], 0x0, &(0x7f0000001040)=""/104}, 0xacee}], 0x1e, 0x40000170, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cbba25083b0904a10100010203010902120001000020000904"], 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2e, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$UHID_INPUT2(r7, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x6) r8 = socket(0x23, 0x5, 0x0) connect$unix(r8, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) creat(0x0, 0x0) capset(0x0, 0x0) 44.508270531s ago: executing program 3 (id=407): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb9040a1d080006007c02e8fe55a10a0015000900142603600e1208000f4f1b000401a8001600200005400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) r2 = dup(r1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000d80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0xa}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x98}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000ae6f93fe03ea0000000000000000a7fd"], 0x1c}}, 0x40) sendmsg$NFQNL_MSG_CONFIG(r3, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) 44.400676438s ago: executing program 4 (id=408): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) 44.221568017s ago: executing program 2 (id=410): syz_open_procfs(0x0, &(0x7f0000000400)='attr/fscreate\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setreuid(0xee01, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000002100010000000000000000000a00000000000000000000000c0014"], 0x28}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioprio_get$uid(0x3, 0xee01) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x42) add_key(&(0x7f00000018c0)='big_key\x00', &(0x7f0000001900)={'syz', 0x1}, &(0x7f0000001940)='\f', 0xfffff, 0xfffffffffffffffe) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYRES32=0x0, @ANYRES32], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000011850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x52, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[]) 44.220682073s ago: executing program 3 (id=411): add_key$keyring(0x0, &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$I2C(0x0, 0x0, 0x0) ioctl$I2C_PEC(r4, 0x708, 0x7) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000cb1ce0f50b894824c0f40666d7b7b00060000000000000001000c00"], 0x30}, 0x1, 0x0, 0x0, 0x44810}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 43.967514468s ago: executing program 4 (id=412): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x2000000000, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[], 0x44}}, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0xc1485544, 0x0) 41.114266124s ago: executing program 1 (id=413): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000140)='fsi_master_acf_poll_response_busy\x00', r3, 0x0, 0xfffffffffffffffc}, 0x18) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x30, r4, 0x153ff25051509283, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x62, 0x1}, {0x72, 0x1}, {0x5f, 0x5}, {0x7, 0x7}], "de6821d72916638f"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x94}, 0x10000000) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) mknod$loop(&(0x7f0000000100)='./file1\x00', 0x1000, 0x1) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x810) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x664001) 41.113243753s ago: executing program 3 (id=414): socket$nl_rdma(0x10, 0x3, 0x14) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x100ec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r1) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) writev(r3, &(0x7f0000002380)=[{&(0x7f0000002140)="58f1f09172", 0x5}, {&(0x7f00000021c0)="c0a22c70", 0x4}], 0x2) sendmsg$NFC_CMD_DISABLE_SE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x24008840}, 0x40000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) fdatasync(0xffffffffffffffff) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 41.02056139s ago: executing program 2 (id=415): syz_open_dev$video(0x0, 0x0, 0x8001) r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, 0x0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r2, 0x0, 0x0) r3 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xc}) syz_clone(0x410c2000, 0x0, 0x0, 0x0, 0x0, 0x0) 40.949236248s ago: executing program 4 (id=416): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x8, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x67fd, &(0x7f0000000400)={0x0, 0xfffffffc, 0x0, 0xfffffffc}, 0x0, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x2ea6, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r7, 0xc0405668, &(0x7f0000000100)={0x0, 0x1, 0x2}) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0x0) clock_gettime(0xb, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYRES32=r2, @ANYRES32=r8, @ANYRES8=r3, @ANYRESHEX=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0xac3, @void, @value}, 0x94) 40.800285542s ago: executing program 0 (id=417): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x14f, &(0x7f0000000140)={0x0, 0xfad9, 0x0, 0x1}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) shutdown(r0, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) 40.799855926s ago: executing program 1 (id=418): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') move_mount(r0, &(0x7f00000000c0)='./mnt\x00', r0, 0x0, 0x271) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r1 = socket$kcm(0x21, 0x2, 0x2) setsockopt$sock_attach_bpf(r1, 0x110, 0x3, 0x0, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r2 = getpgrp(0xffffffffffffffff) process_vm_writev(r2, &(0x7f0000000340)=[{&(0x7f0000000000)=""/228, 0xe4}, {0x0}, {&(0x7f0000000200)=""/12, 0xc}, {&(0x7f0000000240)=""/245, 0xf5}], 0x4, &(0x7f0000000500)=[{&(0x7f0000000380)=""/201, 0xc9}, {0x0}, {&(0x7f00000004c0)=""/12, 0xc}], 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$tipc(0x1e, 0x2, 0x0) dup(0xffffffffffffffff) syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x101142) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) write$char_usb(r3, &(0x7f0000000040)="e2", 0x918) socket$nl_netfilter(0x10, 0x3, 0xc) 39.87958671s ago: executing program 3 (id=419): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x14f, &(0x7f0000000140)={0x0, 0xfad9, 0x0, 0x1}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) shutdown(r0, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) 39.809242928s ago: executing program 0 (id=420): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) msgsnd(0x0, &(0x7f0000000380)=ANY=[], 0x2000, 0x800) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_open_dev$vcsa(&(0x7f0000000080), 0x81, 0x400000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_rdma(0x10, 0x3, 0x14) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'ip6tnl0\x00'}}, 0x1e) connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'veth1_to_bridge\x00'}}, 0x1e) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) 38.904507771s ago: executing program 0 (id=421): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) gettid() vmsplice(0xffffffffffffffff, 0x0, 0x0, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x7a}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) r4 = syz_io_uring_setup(0x4d9e, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x2, 0x7fffd}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) r7 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x410000, 0xa4, 0x22}, 0x18) ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f00000000c0)={0x5, 0x31, 0x1, 0x101, 0x6b, 0x1000, &(0x7f00000001c0)="49e901525eeedd2fccf6bebc2405b8ef64d7a47e8e096409833ada64c3abfe4aa98f1b8a7b402d3f97fded6beac5a61c5ca813425c9bf4b9c3e9ef0bff055048359091c193217bc49066ad07a25e92e7cd7b37eecd19852e3b2bde499419399fe3fcef581b5530cda8934b"}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xb3324d85a3be24c5}) 38.86101164s ago: executing program 4 (id=422): socket$key(0xf, 0x3, 0x2) socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x7ff, 0x4) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fallocate(0xffffffffffffffff, 0x0, 0x4, 0xec30) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x160) r4 = open(0x0, 0x1431c2, 0x0) pwrite64(r4, 0x0, 0x0, 0x600000fff) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000027c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x440, 0x0, 0x168, 0x9, 0x270, 0xb, 0x370, 0x250, 0x250, 0x370, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x230, 0x270, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'pim6reg0\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x6, 0x1000}}}, @common=@inet=@ipcomp={{0x30}, {[], 0x12}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r6 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r6, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492856, 0x0) 38.747191879s ago: executing program 3 (id=423): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c080}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newsa={0x15c, 0x10, 0x413, 0x0, 0x25dfdbfb, {{@in6=@dev, @in=@remote}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4e, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x10, 0x60, "25ca"}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd27, 0x70bd2d, 0x70bd25, 0x70bd2d, 0x1}}]}, 0x15c}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000095}, 0x4009) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 37.342058944s ago: executing program 4 (id=424): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x1) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x10001, 0x100000, 0x8, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001440)={0xfff, 0x1, 0x0, r2, 0x5}) 36.928142027s ago: executing program 0 (id=425): add_key$keyring(0x0, &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$I2C(0x0, 0x0, 0x0) ioctl$I2C_PEC(r4, 0x708, 0x7) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000cb1ce0f50b894824c0f40666d7b7b00060000000000000001000c00"], 0x30}, 0x1, 0x0, 0x0, 0x44810}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 36.880327564s ago: executing program 1 (id=426): syz_open_procfs(0x0, &(0x7f0000000400)='attr/fscreate\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setreuid(0xee01, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000002100010000000000000000000a00000000000000000000000c0014"], 0x28}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioprio_get$uid(0x3, 0xee01) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x42) add_key(&(0x7f00000018c0)='big_key\x00', &(0x7f0000001900)={'syz', 0x1}, &(0x7f0000001940)='\f', 0xfffff, 0xfffffffffffffffe) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYRES32=0x0, @ANYRES32], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000011850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x0, 0x52, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[]) 36.846398379s ago: executing program 3 (id=427): prlimit64(0x0, 0xb, &(0x7f0000000040)={0x8, 0x9}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000044041) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000200)=""/29, 0x1d}], 0x2}, 0x61) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000140)="96", 0x1, 0x1, &(0x7f0000000240)={0xa, 0x80, 0xfffffff7, @private2, 0x6}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4) close(0x3) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access\x00', 0x2, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="5febd0a274ef68c04bcf8714eaffa77ac14ffc04324d8a3a23bfeadff2179674faf663285879ce4c181a39cdacf74bff553352c4b3b1", 0x36}], 0x1) timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r4, 0x0, 0x0, 0x4c000, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000300), 0xc80, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 36.584073729s ago: executing program 4 (id=428): prlimit64(0x0, 0xb, &(0x7f0000000040)={0x8, 0x9}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000044041) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000200)=""/29, 0x1d}], 0x2}, 0x61) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000140)="96", 0x1, 0x1, &(0x7f0000000240)={0xa, 0x80, 0xfffffff7, @private2, 0x6}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4) close(0x3) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access\x00', 0x2, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="5febd0a274ef68c04bcf8714eaffa77ac14ffc04324d8a3a23bfeadff2179674faf663285879ce4c181a39cdacf74bff553352c4b3b1", 0x36}], 0x1) timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r4, 0x0, 0x0, 0x4c000, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000300), 0xc80, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 35.772747013s ago: executing program 2 (id=429): socket$nl_rdma(0x10, 0x3, 0x14) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x100ec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r1) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) writev(r3, &(0x7f0000002380)=[{&(0x7f0000002140)="58f1f09172", 0x5}, {&(0x7f00000021c0)="c0a22c70", 0x4}], 0x2) sendmsg$NFC_CMD_DISABLE_SE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x24008840}, 0x40000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) fdatasync(0xffffffffffffffff) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 34.980420006s ago: executing program 1 (id=430): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x14f, &(0x7f0000000140)={0x0, 0xfad9, 0x0, 0x1}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) shutdown(r0, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@xattr}]}) 34.804285162s ago: executing program 0 (id=431): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) msgsnd(0x0, &(0x7f0000000380)=ANY=[], 0x2000, 0x800) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_open_dev$vcsa(&(0x7f0000000080), 0x81, 0x400000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_rdma(0x10, 0x3, 0x14) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'ip6tnl0\x00'}}, 0x1e) connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'veth1_to_bridge\x00'}}, 0x1e) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) 32.178827145s ago: executing program 0 (id=432): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000100000000000000001300f4f0ae101a030ebc362f0fa522cca40a9fe9d2764392a9ec31c638d2aaa0cff17045a7c6fb004e5ddab0774f559a0bae1c8d270ccac7896534275758a907673cd414d4d3671244141bc72b43fe89027eafa3634db66b131f533e1e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) unshare(0x2040400) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) fcntl$setstatus(r1, 0x408, 0x0) 0s ago: executing program 32 (id=432): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000100000000000000001300f4f0ae101a030ebc362f0fa522cca40a9fe9d2764392a9ec31c638d2aaa0cff17045a7c6fb004e5ddab0774f559a0bae1c8d270ccac7896534275758a907673cd414d4d3671244141bc72b43fe89027eafa3634db66b131f533e1e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) unshare(0x2040400) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) fcntl$setstatus(r1, 0x408, 0x0) kernel console output (not intermixed with test programs): 79.944091][ T10] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 79.973225][ T3749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.137630][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 80.175725][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 80.229267][ T10] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice=59.c2 [ 80.252329][ T10] usb 4-1: New USB device strings: Mfr=243, Product=93, SerialNumber=0 [ 80.272173][ T10] usb 4-1: Product: syz [ 80.282322][ T10] usb 4-1: Manufacturer: syz [ 80.311449][ T10] usb 4-1: config 0 descriptor?? [ 80.484591][ T5936] kvm: kvm [5935]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xe00000085 [ 81.157558][ T55] Bluetooth: hci0: command tx timeout [ 81.163150][ T5831] Bluetooth: hci1: command tx timeout [ 81.163172][ T5829] Bluetooth: hci4: command tx timeout [ 81.234445][ T5831] Bluetooth: hci2: command tx timeout [ 81.234535][ T5829] Bluetooth: hci3: command tx timeout [ 81.380112][ T5954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.391848][ T5954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.896789][ T5829] block nbd1: Receive control failed (result -32) [ 81.906291][ T5946] block nbd1: shutting down sockets [ 81.954132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 83.306186][ T5969] Zero length message leads to an empty skb [ 83.376070][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.387175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.396812][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 83.405873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.652363][ T5872] usb 4-1: USB disconnect, device number 2 [ 83.685751][ T5973] bridge_slave_0: left allmulticast mode [ 83.699647][ T5973] bridge_slave_0: left promiscuous mode [ 83.707517][ T5973] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.744672][ T5973] bridge_slave_1: left allmulticast mode [ 83.750683][ T5973] bridge_slave_1: left promiscuous mode [ 83.757963][ T5973] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.811201][ T5973] bond0: (slave bond_slave_0): Releasing backup interface [ 83.838112][ T5973] bond0: (slave bond_slave_1): Releasing backup interface [ 83.965585][ T5973] team0: Port device team_slave_0 removed [ 84.034580][ T5973] team0: Port device team_slave_1 removed [ 84.054621][ T5973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.091989][ T5973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.094653][ T5984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.24'. [ 84.297687][ T5986] netlink: 16 bytes leftover after parsing attributes in process `syz.4.24'. [ 84.374276][ T5973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.484189][ T5986] netlink: 16 bytes leftover after parsing attributes in process `syz.4.24'. [ 84.496029][ T5973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.581029][ T5988] cgroup: none used incorrectly [ 84.650905][ T5989] Device name cannot be null; rc = [-22] [ 84.664733][ T5990] Device name cannot be null; rc = [-22] [ 84.678700][ T5992] FAULT_INJECTION: forcing a failure. [ 84.678700][ T5992] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 84.719629][ T5992] CPU: 0 UID: 0 PID: 5992 Comm: syz.0.26 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 84.719657][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 84.719668][ T5992] Call Trace: [ 84.719674][ T5992] [ 84.719682][ T5992] dump_stack_lvl+0x241/0x360 [ 84.719719][ T5992] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.719741][ T5992] ? __pfx__printk+0x10/0x10 [ 84.719768][ T5992] should_fail_ex+0x424/0x570 [ 84.719793][ T5992] _copy_to_iter+0x43f/0x1c90 [ 84.719820][ T5992] ? __pfx__copy_to_iter+0x10/0x10 [ 84.719838][ T5992] ? __virt_addr_valid+0x183/0x530 [ 84.719858][ T5992] ? __virt_addr_valid+0x183/0x530 [ 84.719876][ T5992] ? __virt_addr_valid+0x45f/0x530 [ 84.719896][ T5992] ? __phys_addr_symbol+0x2f/0x70 [ 84.719915][ T5992] ? __check_object_size+0x478/0x720 [ 84.719942][ T5992] ? skb_recv_datagram+0x26e/0x310 [ 84.719964][ T5992] __skb_datagram_iter+0x111/0x940 [ 84.719984][ T5992] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 84.720008][ T5992] skb_copy_datagram_iter+0xd1/0x250 [ 84.720029][ T5992] pfkey_recvmsg+0x25c/0x7b0 [ 84.720058][ T5992] ? __pfx_pfkey_recvmsg+0x10/0x10 [ 84.720083][ T5992] ? __import_iovec+0x3c2/0x830 [ 84.720101][ T5992] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 84.720117][ T5992] ? __pfx_pfkey_recvmsg+0x10/0x10 [ 84.720140][ T5992] sock_recvmsg+0x22f/0x280 [ 84.720164][ T5992] ____sys_recvmsg+0x1c8/0x480 [ 84.720187][ T5992] ? __pfx_____sys_recvmsg+0x10/0x10 [ 84.720217][ T5992] do_recvmmsg+0x428/0xab0 [ 84.720242][ T5992] ? __pfx_do_recvmmsg+0x10/0x10 [ 84.720270][ T5992] ? rcu_read_lock_any_held+0xbb/0x160 [ 84.720288][ T5992] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 84.720307][ T5992] ? vfs_write+0xb29/0xd10 [ 84.720335][ T5992] ? ksys_write+0x24e/0x2d0 [ 84.720369][ T5992] ? __mutex_unlock_slowpath+0x229/0x800 [ 84.720401][ T5992] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 84.720425][ T5992] ? __fget_files+0x2a/0x420 [ 84.720450][ T5992] __x64_sys_recvmmsg+0x1ab/0x260 [ 84.720470][ T5992] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 84.720492][ T5992] ? do_syscall_64+0xb6/0x230 [ 84.720519][ T5992] do_syscall_64+0xf3/0x230 [ 84.720544][ T5992] ? clear_bhb_loop+0x45/0xa0 [ 84.720565][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.720590][ T5992] RIP: 0033:0x7f17de38d169 [ 84.720611][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.720630][ T5992] RSP: 002b:00007f17df18a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 84.720650][ T5992] RAX: ffffffffffffffda RBX: 00007f17de5a5fa0 RCX: 00007f17de38d169 [ 84.720664][ T5992] RDX: 03ffffffffffff61 RSI: 0000200000000740 RDI: 0000000000000003 [ 84.720676][ T5992] RBP: 00007f17df18a090 R08: 0000000000000000 R09: 0000000000000000 [ 84.720687][ T5992] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 84.720697][ T5992] R13: 0000000000000000 R14: 00007f17de5a5fa0 R15: 00007ffcad00c7c8 [ 84.720718][ T5992] [ 86.433662][ T5872] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 86.612560][ T5872] usb 3-1: Using ep0 maxpacket: 8 [ 86.622903][ T6021] bdev: Unknown parameter 'usrquota' [ 86.632801][ T5872] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 86.662038][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 86.681543][ T96] cfg80211: failed to load regulatory.db [ 86.694030][ T5872] usb 3-1: Product: syz [ 86.698284][ T5872] usb 3-1: Manufacturer: syz [ 86.702948][ T5872] usb 3-1: SerialNumber: syz [ 86.732806][ T5872] usb 3-1: config 0 descriptor?? [ 86.756541][ T6031] FAULT_INJECTION: forcing a failure. [ 86.756541][ T6031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.790299][ T6031] CPU: 0 UID: 0 PID: 6031 Comm: syz.1.38 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 86.790327][ T6031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 86.790339][ T6031] Call Trace: [ 86.790346][ T6031] [ 86.790353][ T6031] dump_stack_lvl+0x241/0x360 [ 86.790381][ T6031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.790402][ T6031] ? __pfx__printk+0x10/0x10 [ 86.790430][ T6031] should_fail_ex+0x424/0x570 [ 86.790456][ T6031] strncpy_from_user+0x36/0x280 [ 86.790480][ T6031] getname_flags+0xf0/0x530 [ 86.790501][ T6031] do_readlinkat+0xd7/0x380 [ 86.790526][ T6031] ? __pfx_do_readlinkat+0x10/0x10 [ 86.790555][ T6031] __x64_sys_readlink+0x7f/0x90 [ 86.790576][ T6031] do_syscall_64+0xf3/0x230 [ 86.790604][ T6031] ? clear_bhb_loop+0x45/0xa0 [ 86.790624][ T6031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.790642][ T6031] RIP: 0033:0x7fc431b8d169 [ 86.790658][ T6031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.790672][ T6031] RSP: 002b:00007fc432944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000059 [ 86.790692][ T6031] RAX: ffffffffffffffda RBX: 00007fc431da6080 RCX: 00007fc431b8d169 [ 86.790706][ T6031] RDX: 00000000000000b0 RSI: 0000200000000140 RDI: 0000200000000000 [ 86.790718][ T6031] RBP: 00007fc432944090 R08: 0000000000000000 R09: 0000000000000000 [ 86.790729][ T6031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.790739][ T6031] R13: 0000000000000001 R14: 00007fc431da6080 R15: 00007ffe96000698 [ 86.790761][ T6031] [ 86.955178][ T5914] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 87.113549][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 87.130590][ T5914] usb 4-1: too many configurations: 142, using maximum allowed: 8 [ 87.142749][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 87.155535][ T5914] usb 4-1: can't read configurations, error -61 [ 87.195740][ T5918] IPVS: starting estimator thread 0... [ 87.221414][ T6030] netlink: 40 bytes leftover after parsing attributes in process `syz.0.39'. [ 87.283657][ T6034] IPVS: using max 28 ests per chain, 67200 per kthread [ 87.304857][ T5914] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 87.483594][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 87.493518][ T5914] usb 4-1: too many configurations: 142, using maximum allowed: 8 [ 87.504896][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 87.517603][ T5914] usb 4-1: can't read configurations, error -61 [ 87.530991][ T5914] usb usb4-port1: attempt power cycle [ 87.874378][ T5914] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 87.885655][ T6039] xt_CT: No such helper "pptp" [ 87.919916][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 87.946425][ T5914] usb 4-1: too many configurations: 142, using maximum allowed: 8 [ 87.980930][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 88.003986][ T5914] usb 4-1: can't read configurations, error -61 [ 88.133621][ T5914] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 88.167971][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 88.178711][ T5914] usb 4-1: too many configurations: 142, using maximum allowed: 8 [ 88.294069][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 88.301731][ T5914] usb 4-1: can't read configurations, error -61 [ 88.326938][ T5914] usb usb4-port1: unable to enumerate USB device [ 88.387481][ T5872] usb 3-1: USB disconnect, device number 2 [ 88.793615][ T5872] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 88.978977][ T5872] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.596462][ T5872] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 89.652863][ T5872] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 89.684260][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 89.713195][ T5872] usb 3-1: SerialNumber: syz [ 90.012833][ T6059] xt_nat: multiple ranges no longer supported [ 90.391234][ T5872] usb 3-1: 0:2 : does not exist [ 90.544163][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 90.643681][ T5872] usb 3-1: USB disconnect, device number 3 [ 91.723575][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 91.782190][ T6073] netlink: 288 bytes leftover after parsing attributes in process `syz.4.51'. [ 91.919976][ T6078] FAULT_INJECTION: forcing a failure. [ 91.919976][ T6078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.946579][ T6079] FAULT_INJECTION: forcing a failure. [ 91.946579][ T6079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.979614][ T6078] CPU: 1 UID: 0 PID: 6078 Comm: syz.2.53 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 91.979644][ T6078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.979656][ T6078] Call Trace: [ 91.979663][ T6078] [ 91.979671][ T6078] dump_stack_lvl+0x241/0x360 [ 91.979700][ T6078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.979723][ T6078] ? __pfx__printk+0x10/0x10 [ 91.979751][ T6078] should_fail_ex+0x424/0x570 [ 91.979777][ T6078] _copy_from_user+0x2d/0xb0 [ 91.979798][ T6078] move_addr_to_kernel+0x8c/0x170 [ 91.979824][ T6078] __sys_bind+0x12e/0x290 [ 91.979851][ T6078] ? __pfx___sys_bind+0x10/0x10 [ 91.979893][ T6078] __x64_sys_bind+0x7a/0x90 [ 91.979919][ T6078] do_syscall_64+0xf3/0x230 [ 91.979947][ T6078] ? clear_bhb_loop+0x45/0xa0 [ 91.979969][ T6078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.979987][ T6078] RIP: 0033:0x7f45bb18d169 [ 91.980003][ T6078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.980017][ T6078] RSP: 002b:00007f45bc066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 91.980037][ T6078] RAX: ffffffffffffffda RBX: 00007f45bb3a5fa0 RCX: 00007f45bb18d169 [ 91.980051][ T6078] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003 [ 91.980063][ T6078] RBP: 00007f45bc066090 R08: 0000000000000000 R09: 0000000000000000 [ 91.980076][ T6078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.980087][ T6078] R13: 0000000000000000 R14: 00007f45bb3a5fa0 R15: 00007fffe2f15948 [ 91.980110][ T6078] [ 92.133697][ T6079] CPU: 0 UID: 0 PID: 6079 Comm: syz.0.52 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 92.133729][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 92.133742][ T6079] Call Trace: [ 92.133750][ T6079] [ 92.133759][ T6079] dump_stack_lvl+0x241/0x360 [ 92.133793][ T6079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.133820][ T6079] ? __pfx__printk+0x10/0x10 [ 92.133853][ T6079] should_fail_ex+0x424/0x570 [ 92.133883][ T6079] _copy_from_user+0x2d/0xb0 [ 92.133913][ T6079] copy_msghdr_from_user+0xb3/0x580 [ 92.133945][ T6079] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 92.133972][ T6079] ? __fget_files+0x2a/0x420 [ 92.133997][ T6079] ? __fget_files+0x2a/0x420 [ 92.134025][ T6079] __sys_sendmsg+0x20a/0x360 [ 92.134055][ T6079] ? __pfx___sys_sendmsg+0x10/0x10 [ 92.134125][ T6079] ? do_syscall_64+0xb6/0x230 [ 92.134169][ T6079] do_syscall_64+0xf3/0x230 [ 92.134197][ T6079] ? clear_bhb_loop+0x45/0xa0 [ 92.134219][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.134238][ T6079] RIP: 0033:0x7f17de38d169 [ 92.134256][ T6079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.134271][ T6079] RSP: 002b:00007f17df18a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.134292][ T6079] RAX: ffffffffffffffda RBX: 00007f17de5a5fa0 RCX: 00007f17de38d169 [ 92.134307][ T6079] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 92.134319][ T6079] RBP: 00007f17df18a090 R08: 0000000000000000 R09: 0000000000000000 [ 92.134331][ T6079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.134342][ T6079] R13: 0000000000000000 R14: 00007f17de5a5fa0 R15: 00007ffcad00c7c8 [ 92.134384][ T6079] [ 93.118319][ T6088] kvm: kvm [6087]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xe00000085 [ 93.235236][ T6091] netlink: 'syz.0.57': attribute type 1 has an invalid length. [ 93.558376][ T6099] No such timeout policy "syz1" [ 94.536240][ T6102] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.017429][ T6103] netlink: 28 bytes leftover after parsing attributes in process `syz.0.61'. [ 95.026562][ T6103] nbd: must specify at least one socket [ 96.651261][ T6115] FAULT_INJECTION: forcing a failure. [ 96.651261][ T6115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.666661][ T6115] CPU: 1 UID: 0 PID: 6115 Comm: syz.1.65 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 96.666683][ T6115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 96.666693][ T6115] Call Trace: [ 96.666698][ T6115] [ 96.666704][ T6115] dump_stack_lvl+0x241/0x360 [ 96.666727][ T6115] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.666744][ T6115] ? __pfx__printk+0x10/0x10 [ 96.666767][ T6115] should_fail_ex+0x424/0x570 [ 96.666787][ T6115] _copy_from_user+0x2d/0xb0 [ 96.666804][ T6115] copy_msghdr_from_user+0xb3/0x580 [ 96.666827][ T6115] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 96.666855][ T6115] do_recvmmsg+0x3bf/0xab0 [ 96.666877][ T6115] ? __pfx_do_recvmmsg+0x10/0x10 [ 96.666901][ T6115] ? rcu_read_lock_any_held+0xbb/0x160 [ 96.666916][ T6115] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 96.666932][ T6115] ? vfs_write+0xb29/0xd10 [ 96.666955][ T6115] ? ksys_write+0x24e/0x2d0 [ 96.666975][ T6115] ? __mutex_unlock_slowpath+0x229/0x800 [ 96.667002][ T6115] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 96.667043][ T6115] ? __fget_files+0x2a/0x420 [ 96.667072][ T6115] __x64_sys_recvmmsg+0x1ab/0x260 [ 96.667094][ T6115] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 96.667119][ T6115] ? do_syscall_64+0xb6/0x230 [ 96.667149][ T6115] do_syscall_64+0xf3/0x230 [ 96.667178][ T6115] ? clear_bhb_loop+0x45/0xa0 [ 96.667199][ T6115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.667218][ T6115] RIP: 0033:0x7fc431b8d169 [ 96.667234][ T6115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.667250][ T6115] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 96.667271][ T6115] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 96.667285][ T6115] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000004 [ 96.667297][ T6115] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 96.667309][ T6115] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 96.667342][ T6115] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 96.667365][ T6115] [ 97.009780][ T6123] unknown channel width for channel at 909000KHz? [ 97.025857][ T976] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 97.063806][ T6122] overlayfs: failed to resolve './file1': -2 [ 97.290204][ T976] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 97.343539][ T976] usb 1-1: config 0 has no interface number 0 [ 97.376279][ T976] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 97.391131][ T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.399992][ T976] usb 1-1: Product: syz [ 97.409510][ T976] usb 1-1: Manufacturer: syz [ 97.628459][ T976] usb 1-1: SerialNumber: syz [ 97.637272][ T976] usb 1-1: config 0 descriptor?? [ 97.770393][ T6131] kvm: kvm [6130]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xe00000085 [ 97.851600][ T976] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state [ 97.914942][ T976] usb 1-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2 [ 97.931975][ T976] usb 1-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw [ 98.049043][ T6112] netlink: 'syz.0.63': attribute type 3 has an invalid length. [ 98.062400][ T6137] FAULT_INJECTION: forcing a failure. [ 98.062400][ T6137] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 98.092225][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.63'. [ 98.114512][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: syz.3.71 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 98.114540][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 98.114552][ T6137] Call Trace: [ 98.114558][ T6137] [ 98.114566][ T6137] dump_stack_lvl+0x241/0x360 [ 98.114594][ T6137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.114616][ T6137] ? __pfx__printk+0x10/0x10 [ 98.114642][ T6137] should_fail_ex+0x424/0x570 [ 98.114668][ T6137] prepare_alloc_pages+0x1dd/0x5c0 [ 98.114695][ T6137] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 98.114721][ T6137] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 98.114757][ T6137] alloc_pages_bulk_noprof+0x84a/0xaf0 [ 98.114787][ T6137] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 98.114814][ T6137] ? rcu_is_watching+0x15/0xb0 [ 98.114843][ T6137] ? trace_kmalloc+0x1f/0xd0 [ 98.114870][ T6137] ? copy_splice_read+0x181/0xb50 [ 98.114900][ T6137] copy_splice_read+0x1b2/0xb50 [ 98.114933][ T6137] ? __pfx_copy_splice_read+0x10/0x10 [ 98.114968][ T6137] ? wait_for_space+0x254/0x2e0 [ 98.114999][ T6137] ? __pfx_copy_splice_read+0x10/0x10 [ 98.115025][ T6137] splice_file_to_pipe+0x290/0x500 [ 98.115050][ T6137] do_splice+0xf78/0x1920 [ 98.115063][ T6137] ? __lock_acquire+0xad5/0xd80 [ 98.115092][ T6137] ? pipe_clear_nowait+0x1ad/0x250 [ 98.115107][ T6137] ? __pfx_do_splice+0x10/0x10 [ 98.115118][ T6137] ? __fget_files+0x2a/0x420 [ 98.115138][ T6137] __se_sys_splice+0x2dc/0x450 [ 98.115154][ T6137] ? __pfx___se_sys_splice+0x10/0x10 [ 98.115170][ T6137] ? __x64_sys_splice+0x21/0xf0 [ 98.115185][ T6137] do_syscall_64+0xf3/0x230 [ 98.115207][ T6137] ? clear_bhb_loop+0x45/0xa0 [ 98.115224][ T6137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.115246][ T6137] RIP: 0033:0x7fb47138d169 [ 98.115259][ T6137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.115271][ T6137] RSP: 002b:00007fb47223b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 98.115289][ T6137] RAX: ffffffffffffffda RBX: 00007fb4715a6080 RCX: 00007fb47138d169 [ 98.115300][ T6137] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000006 [ 98.115309][ T6137] RBP: 00007fb47223b090 R08: 000000007ffff000 R09: 0000000000000000 [ 98.115319][ T6137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.115329][ T6137] R13: 0000000000000000 R14: 00007fb4715a6080 R15: 00007fffa58147c8 [ 98.115353][ T6137] [ 98.654061][ T6142] ======================================================= [ 98.654061][ T6142] WARNING: The mand mount option has been deprecated and [ 98.654061][ T6142] and is ignored by this kernel. Remove the mand [ 98.654061][ T6142] option from the mount to silence this warning. [ 98.654061][ T6142] ======================================================= [ 98.756156][ T6146] netlink: 28 bytes leftover after parsing attributes in process `syz.4.73'. [ 98.765125][ T6146] nbd: must specify at least one socket [ 99.675337][ T6142] new mount options do not match the existing superblock, will be ignored [ 100.119636][ T6157] netlink: 132 bytes leftover after parsing attributes in process `syz.3.74'. [ 100.161302][ T6155] syz.4.77: attempt to access beyond end of device [ 100.161302][ T6155] nbd4: rw=0, sector=2, nr_sectors = 1 limit=0 [ 100.210293][ T6155] hfs: can't find a HFS filesystem on dev nbd4 [ 100.312263][ T6163] syz.2.78: attempt to access beyond end of device [ 100.312263][ T6163] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 100.462904][ T6163] hfs: can't find a HFS filesystem on dev nbd2 [ 100.494609][ T6164] FAULT_INJECTION: forcing a failure. [ 100.494609][ T6164] name failslab, interval 1, probability 0, space 0, times 0 [ 100.563545][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 100.675226][ T6164] CPU: 1 UID: 0 PID: 6164 Comm: syz.2.78 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 100.675256][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 100.675268][ T6164] Call Trace: [ 100.675275][ T6164] [ 100.675283][ T6164] dump_stack_lvl+0x241/0x360 [ 100.675313][ T6164] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.675337][ T6164] ? __pfx__printk+0x10/0x10 [ 100.675361][ T6164] ? __pfx___might_resched+0x10/0x10 [ 100.675393][ T6164] should_fail_ex+0x424/0x570 [ 100.675420][ T6164] should_failslab+0xac/0x100 [ 100.675452][ T6164] __kmalloc_noprof+0xdf/0x4d0 [ 100.675468][ T6164] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 100.675498][ T6164] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 100.675532][ T6164] tomoyo_realpath_from_path+0xcf/0x5e0 [ 100.675570][ T6164] tomoyo_path_number_perm+0x245/0x790 [ 100.675598][ T6164] ? tomoyo_path_number_perm+0x215/0x790 [ 100.675624][ T6164] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 100.675654][ T6164] ? ksys_write+0x24e/0x2d0 [ 100.675685][ T6164] ? __lock_acquire+0xad5/0xd80 [ 100.675722][ T6164] ? __fget_files+0x2a/0x420 [ 100.675741][ T6164] ? __fget_files+0x2a/0x420 [ 100.675763][ T6164] ? __fget_files+0x2a/0x420 [ 100.675787][ T6164] security_file_ioctl+0xc6/0x2a0 [ 100.675815][ T6164] __se_sys_ioctl+0x46/0x160 [ 100.675842][ T6164] do_syscall_64+0xf3/0x230 [ 100.675871][ T6164] ? clear_bhb_loop+0x45/0xa0 [ 100.675893][ T6164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.675912][ T6164] RIP: 0033:0x7f45bb18d169 [ 100.675928][ T6164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.675943][ T6164] RSP: 002b:00007f45bc045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.675965][ T6164] RAX: ffffffffffffffda RBX: 00007f45bb3a6080 RCX: 00007f45bb18d169 [ 100.675978][ T6164] RDX: 0000200000000600 RSI: 00000000c0505405 RDI: 0000000000000006 [ 100.675991][ T6164] RBP: 00007f45bc045090 R08: 0000000000000000 R09: 0000000000000000 [ 100.676003][ T6164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.676019][ T6164] R13: 0000000000000000 R14: 00007f45bb3a6080 R15: 00007fffe2f15948 [ 100.676045][ T6164] [ 100.676052][ T6164] ERROR: Out of memory at tomoyo_realpath_from_path. [ 101.023962][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 101.045138][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 101.054532][ T9] usb 4-1: config 128 has an invalid interface number: 127 but max is 3 [ 101.062932][ T9] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 101.085217][ T9] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 101.094880][ T9] usb 4-1: config 128 has no interface number 0 [ 101.101201][ T9] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.112625][ T9] usb 4-1: config 128 interface 127 has no altsetting 0 [ 101.243412][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 101.283662][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.314387][ T6169] syz.4.79: attempt to access beyond end of device [ 101.314387][ T6169] nbd4: rw=0, sector=2, nr_sectors = 1 limit=0 [ 101.378122][ T9] usb 4-1: Product: syz [ 101.382310][ T9] usb 4-1: Manufacturer: syz [ 101.587275][ T6169] hfs: can't find a HFS filesystem on dev nbd4 [ 101.613712][ T9] usb 4-1: SerialNumber: syz [ 102.219318][ T6177] FAULT_INJECTION: forcing a failure. [ 102.219318][ T6177] name failslab, interval 1, probability 0, space 0, times 0 [ 102.232222][ T6177] CPU: 0 UID: 0 PID: 6177 Comm: syz.0.81 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 102.232247][ T6177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 102.232258][ T6177] Call Trace: [ 102.232265][ T6177] [ 102.232273][ T6177] dump_stack_lvl+0x241/0x360 [ 102.232305][ T6177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.232328][ T6177] ? __pfx__printk+0x10/0x10 [ 102.232369][ T6177] ? __ip_dev_find+0x49b/0x580 [ 102.232393][ T6177] should_fail_ex+0x424/0x570 [ 102.232421][ T6177] should_failslab+0xac/0x100 [ 102.232453][ T6177] kmem_cache_alloc_noprof+0x78/0x390 [ 102.232483][ T6177] ? dst_alloc+0x12b/0x190 [ 102.232504][ T6177] dst_alloc+0x12b/0x190 [ 102.232525][ T6177] ip_route_output_key_hash_rcu+0x1378/0x2290 [ 102.232561][ T6177] ip_route_output_key_hash+0x195/0x2b0 [ 102.232589][ T6177] ? ip_route_output_key_hash+0xe1/0x2b0 [ 102.232643][ T6177] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 102.232684][ T6177] ip_route_output_flow+0x29/0x140 [ 102.232711][ T6177] udp_sendmsg+0x178f/0x2b10 [ 102.232755][ T6177] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 102.232785][ T6177] ? __pfx_udp_sendmsg+0x10/0x10 [ 102.232819][ T6177] ? smack_socket_sendmsg+0x184/0x580 [ 102.232852][ T6177] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 102.232885][ T6177] ? tomoyo_socket_sendmsg_permission+0x285/0x420 [ 102.232929][ T6177] ? sock_rps_record_flow+0x1a/0x410 [ 102.232960][ T6177] ? inet_sendmsg+0x2ba/0x390 [ 102.232992][ T6177] __sock_sendmsg+0x1a6/0x270 [ 102.233020][ T6177] ____sys_sendmsg+0x53c/0x870 [ 102.233046][ T6177] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.233065][ T6177] ? __fget_files+0x2a/0x420 [ 102.233089][ T6177] ? __fget_files+0x2a/0x420 [ 102.233116][ T6177] __sys_sendmmsg+0x3a0/0x7b0 [ 102.233145][ T6177] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.233190][ T6177] ? rcu_read_lock_any_held+0xbb/0x160 [ 102.233211][ T6177] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 102.233233][ T6177] ? vfs_write+0xb29/0xd10 [ 102.233266][ T6177] ? ksys_write+0x24e/0x2d0 [ 102.233294][ T6177] ? __mutex_unlock_slowpath+0x229/0x800 [ 102.233345][ T6177] ? ksys_write+0x275/0x2d0 [ 102.233380][ T6177] __x64_sys_sendmmsg+0xa0/0xb0 [ 102.233402][ T6177] do_syscall_64+0xf3/0x230 [ 102.233433][ T6177] ? clear_bhb_loop+0x45/0xa0 [ 102.233455][ T6177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.233474][ T6177] RIP: 0033:0x7f17de38d169 [ 102.233490][ T6177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.233506][ T6177] RSP: 002b:00007f17df148038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 102.233528][ T6177] RAX: ffffffffffffffda RBX: 00007f17de5a6160 RCX: 00007f17de38d169 [ 102.233543][ T6177] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005 [ 102.233556][ T6177] RBP: 00007f17df148090 R08: 0000000000000000 R09: 0000000000000000 [ 102.233568][ T6177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.233580][ T6177] R13: 0000000000000000 R14: 00007f17de5a6160 R15: 00007ffcad00c7c8 [ 102.233605][ T6177] [ 102.833102][ T6179] netlink: 'syz.4.82': attribute type 21 has an invalid length. [ 102.987770][ T6182] 9pnet_fd: Insufficient options for proto=fd [ 103.067987][ T6183] ubi31: attaching mtd0 [ 103.140560][ T6183] ubi31: scanning is finished [ 103.145951][ T6183] ubi31: empty MTD device detected [ 103.656923][ T9] usb 4-1: USB disconnect, device number 7 [ 103.814695][ T6183] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 104.042043][ T6183] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 104.079919][ T6183] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 104.087630][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.127820][ T6183] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 104.142159][ T6183] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 104.186855][ T6183] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 104.233576][ T6183] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1363736029 [ 104.342565][ T6183] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 104.426884][ T6190] ubi31: background thread "ubi_bgt31d" started, PID 6190 [ 104.443703][ T6192] ubi: mtd0 is already attached to ubi31 [ 104.864126][ T6198] new mount options do not match the existing superblock, will be ignored [ 105.150827][ T6211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.87'. [ 105.159852][ T6211] nbd: must specify at least one socket [ 107.259564][ T6226] FAULT_INJECTION: forcing a failure. [ 107.259564][ T6226] name failslab, interval 1, probability 0, space 0, times 0 [ 107.293922][ T6226] CPU: 1 UID: 0 PID: 6226 Comm: syz.3.92 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 107.293953][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 107.293965][ T6226] Call Trace: [ 107.293972][ T6226] [ 107.293980][ T6226] dump_stack_lvl+0x241/0x360 [ 107.294011][ T6226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.294035][ T6226] ? __pfx__printk+0x10/0x10 [ 107.294072][ T6226] ? __pfx___might_resched+0x10/0x10 [ 107.294105][ T6226] should_fail_ex+0x424/0x570 [ 107.294132][ T6226] should_failslab+0xac/0x100 [ 107.294161][ T6226] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 107.294192][ T6226] ? __alloc_skb+0x1c2/0x480 [ 107.294223][ T6226] __alloc_skb+0x1c2/0x480 [ 107.294264][ T6226] ? __pfx___alloc_skb+0x10/0x10 [ 107.294294][ T6226] ? netlink_autobind+0xd6/0x2f0 [ 107.294316][ T6226] ? netlink_autobind+0x2b0/0x2f0 [ 107.294341][ T6226] netlink_sendmsg+0x65c/0xce0 [ 107.294371][ T6226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.294401][ T6226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.294423][ T6226] __sock_sendmsg+0x221/0x270 [ 107.294450][ T6226] ____sys_sendmsg+0x53c/0x870 [ 107.294475][ T6226] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.294492][ T6226] ? __fget_files+0x2a/0x420 [ 107.294515][ T6226] ? __fget_files+0x2a/0x420 [ 107.294540][ T6226] __sys_sendmsg+0x271/0x360 [ 107.294562][ T6226] ? __pfx___sys_sendmsg+0x10/0x10 [ 107.294616][ T6226] ? do_syscall_64+0xb6/0x230 [ 107.294647][ T6226] do_syscall_64+0xf3/0x230 [ 107.294675][ T6226] ? clear_bhb_loop+0x45/0xa0 [ 107.294697][ T6226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.294716][ T6226] RIP: 0033:0x7fb47138d169 [ 107.294732][ T6226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.294748][ T6226] RSP: 002b:00007fb47225c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.294769][ T6226] RAX: ffffffffffffffda RBX: 00007fb4715a5fa0 RCX: 00007fb47138d169 [ 107.294783][ T6226] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 107.294795][ T6226] RBP: 00007fb47225c090 R08: 0000000000000000 R09: 0000000000000000 [ 107.294806][ T6226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.294817][ T6226] R13: 0000000000000000 R14: 00007fb4715a5fa0 R15: 00007fffa58147c8 [ 107.294841][ T6226] [ 107.539440][ T6233] FAULT_INJECTION: forcing a failure. [ 107.539440][ T6233] name failslab, interval 1, probability 0, space 0, times 0 [ 107.552414][ T6233] CPU: 0 UID: 0 PID: 6233 Comm: syz.4.94 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 107.552441][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 107.552452][ T6233] Call Trace: [ 107.552458][ T6233] [ 107.552473][ T6233] dump_stack_lvl+0x241/0x360 [ 107.552501][ T6233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.552520][ T6233] ? __pfx__printk+0x10/0x10 [ 107.552538][ T6233] ? __pfx___might_resched+0x10/0x10 [ 107.552563][ T6233] should_fail_ex+0x424/0x570 [ 107.552584][ T6233] should_failslab+0xac/0x100 [ 107.552608][ T6233] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 107.552631][ T6233] ? __alloc_skb+0x1c2/0x480 [ 107.552656][ T6233] __alloc_skb+0x1c2/0x480 [ 107.552680][ T6233] ? __pfx___alloc_skb+0x10/0x10 [ 107.552702][ T6233] ? netlink_autobind+0xd6/0x2f0 [ 107.552719][ T6233] ? netlink_autobind+0x2b0/0x2f0 [ 107.552738][ T6233] netlink_sendmsg+0x65c/0xce0 [ 107.552760][ T6233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.552783][ T6233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.552799][ T6233] __sock_sendmsg+0x221/0x270 [ 107.552818][ T6233] ____sys_sendmsg+0x53c/0x870 [ 107.552838][ T6233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.552851][ T6233] ? __fget_files+0x2a/0x420 [ 107.552868][ T6233] ? __fget_files+0x2a/0x420 [ 107.552906][ T6233] __sys_sendmsg+0x271/0x360 [ 107.552924][ T6233] ? __pfx___sys_sendmsg+0x10/0x10 [ 107.552967][ T6233] ? do_syscall_64+0xb6/0x230 [ 107.552994][ T6233] do_syscall_64+0xf3/0x230 [ 107.553018][ T6233] ? clear_bhb_loop+0x45/0xa0 [ 107.553036][ T6233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.553052][ T6233] RIP: 0033:0x7fed57b8d169 [ 107.553066][ T6233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.553079][ T6233] RSP: 002b:00007fed589c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.553097][ T6233] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8d169 [ 107.553109][ T6233] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 107.553119][ T6233] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 107.553129][ T6233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.553139][ T6233] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 107.553158][ T6233] [ 108.604527][ T6247] FAULT_INJECTION: forcing a failure. [ 108.604527][ T6247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.096709][ T6247] CPU: 0 UID: 0 PID: 6247 Comm: syz.3.97 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 109.096737][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.096748][ T6247] Call Trace: [ 109.096754][ T6247] [ 109.096762][ T6247] dump_stack_lvl+0x241/0x360 [ 109.096790][ T6247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.096811][ T6247] ? __pfx__printk+0x10/0x10 [ 109.096838][ T6247] should_fail_ex+0x424/0x570 [ 109.096866][ T6247] _copy_to_user+0x31/0xb0 [ 109.096889][ T6247] copy_siginfo_to_user+0x24/0xc0 [ 109.096918][ T6247] x64_setup_rt_frame+0x7eb/0xda0 [ 109.096943][ T6247] ? _raw_spin_unlock_irq+0x29/0x50 [ 109.096979][ T6247] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 109.097011][ T6247] arch_do_signal_or_restart+0x428/0x840 [ 109.097038][ T6247] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 109.097072][ T6247] ? syscall_exit_to_user_mode+0xa3/0x340 [ 109.097111][ T6247] syscall_exit_to_user_mode+0xce/0x340 [ 109.097140][ T6247] do_syscall_64+0x100/0x230 [ 109.097169][ T6247] ? clear_bhb_loop+0x45/0xa0 [ 109.097191][ T6247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.097209][ T6247] RIP: 0033:0x7fb47138bb7a [ 109.097225][ T6247] Code: 48 83 ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 <0f> 05 48 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 [ 109.097240][ T6247] RSP: 002b:00007fb47225bfb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.097260][ T6247] RAX: 0000000000000000 RBX: 0000200000003000 RCX: 00007fb47138bb7c [ 109.097273][ T6247] RDX: 0000000000002000 RSI: 0000200000003000 RDI: 0000000000000003 [ 109.097285][ T6247] RBP: 00007fb47225c090 R08: 0000000000000000 R09: 0000000000000000 [ 109.097296][ T6247] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000003 [ 109.097307][ T6247] R13: 0000200000005900 R14: 00007fb4715a5fa0 R15: 00007fffa58147c8 [ 109.097352][ T6247] [ 110.440154][ T6277] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 110.533145][ T6279] FAULT_INJECTION: forcing a failure. [ 110.533145][ T6279] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.563353][ T6279] CPU: 0 UID: 0 PID: 6279 Comm: syz.1.106 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 110.563383][ T6279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.563395][ T6279] Call Trace: [ 110.563403][ T6279] [ 110.563411][ T6279] dump_stack_lvl+0x241/0x360 [ 110.563447][ T6279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.563470][ T6279] ? __pfx__printk+0x10/0x10 [ 110.563499][ T6279] should_fail_ex+0x424/0x570 [ 110.563528][ T6279] _copy_from_iter+0x211/0x1c70 [ 110.563552][ T6279] ? alloc_pages_mpol+0x4e6/0x690 [ 110.563586][ T6279] ? __pfx__copy_from_iter+0x10/0x10 [ 110.563609][ T6279] ? set_page_refcounted+0xa1/0x1e0 [ 110.563640][ T6279] ? alloc_pages_noprof+0x136/0x190 [ 110.563669][ T6279] ? page_copy_sane+0x46/0x260 [ 110.563690][ T6279] copy_page_from_iter+0x7a/0x100 [ 110.563711][ T6279] tun_get_user+0x206e/0x48d0 [ 110.563733][ T6279] ? tun_get_user+0x83d/0x48d0 [ 110.563764][ T6279] ? kstrtouint+0xfc/0x190 [ 110.563792][ T6279] ? __pfx_tun_get_user+0x10/0x10 [ 110.563850][ T6279] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 110.563889][ T6279] ? tun_get+0x1e/0x2f0 [ 110.563908][ T6279] ? tun_get+0x1e/0x2f0 [ 110.563931][ T6279] ? tun_get+0x27d/0x2f0 [ 110.563955][ T6279] tun_chr_write_iter+0x10d/0x1f0 [ 110.563975][ T6279] vfs_write+0x70f/0xd10 [ 110.564005][ T6279] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 110.564025][ T6279] ? __pfx_vfs_write+0x10/0x10 [ 110.564058][ T6279] ? __fget_files+0x2a/0x420 [ 110.564086][ T6279] ? __fget_files+0x2a/0x420 [ 110.564111][ T6279] ksys_write+0x19d/0x2d0 [ 110.564137][ T6279] ? __pfx_ksys_write+0x10/0x10 [ 110.564165][ T6279] ? do_syscall_64+0xb6/0x230 [ 110.564198][ T6279] do_syscall_64+0xf3/0x230 [ 110.564237][ T6279] ? clear_bhb_loop+0x45/0xa0 [ 110.564259][ T6279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.564279][ T6279] RIP: 0033:0x7fc431b8bc1f [ 110.564296][ T6279] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 110.564312][ T6279] RSP: 002b:00007fc432965000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 110.564334][ T6279] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8bc1f [ 110.564348][ T6279] RDX: 0000000000000052 RSI: 0000200000000300 RDI: 00000000000000c8 [ 110.564361][ T6279] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 110.564373][ T6279] R10: 0000000000000052 R11: 0000000000000293 R12: 0000000000000001 [ 110.564385][ T6279] R13: 0000000000000001 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 110.564410][ T6279] [ 111.519592][ T6289] FAULT_INJECTION: forcing a failure. [ 111.519592][ T6289] name failslab, interval 1, probability 0, space 0, times 0 [ 111.549667][ T6289] CPU: 1 UID: 0 PID: 6289 Comm: syz.1.109 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 111.549699][ T6289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.549712][ T6289] Call Trace: [ 111.549720][ T6289] [ 111.549728][ T6289] dump_stack_lvl+0x241/0x360 [ 111.549760][ T6289] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.549785][ T6289] ? __pfx__printk+0x10/0x10 [ 111.549811][ T6289] ? __pfx___might_resched+0x10/0x10 [ 111.549846][ T6289] should_fail_ex+0x424/0x570 [ 111.549875][ T6289] should_failslab+0xac/0x100 [ 111.549908][ T6289] kmem_cache_alloc_noprof+0x78/0x390 [ 111.549940][ T6289] ? fuse_get_req+0x7bf/0x10a0 [ 111.549984][ T6289] fuse_get_req+0x7bf/0x10a0 [ 111.550009][ T6289] ? register_lock_class+0x54/0x330 [ 111.550043][ T6289] ? __pfx_fuse_get_req+0x10/0x10 [ 111.550068][ T6289] ? __mutex_trylock_common+0x184/0x2e0 [ 111.550103][ T6289] ? __pfx___mutex_trylock_common+0x10/0x10 [ 111.550140][ T6289] __fuse_simple_request+0x13d/0x1990 [ 111.550180][ T6289] ? register_lock_class+0x54/0x330 [ 111.550206][ T6289] ? __pfx___fuse_simple_request+0x10/0x10 [ 111.550236][ T6289] ? fuse_lock_inode+0xd2/0x120 [ 111.550256][ T6289] ? __pfx___mutex_lock+0x10/0x10 [ 111.550287][ T6289] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 111.550322][ T6289] ? set_page_refcounted+0xa1/0x1e0 [ 111.550359][ T6289] fuse_readdir+0x182a/0x3260 [ 111.550385][ T6289] ? kernel_text_address+0xa7/0xe0 [ 111.550410][ T6289] ? __kernel_text_address+0xd/0x40 [ 111.550441][ T6289] ? kstrtoull+0x1d3/0x2f0 [ 111.550469][ T6289] ? __pfx_kstrtoull+0x10/0x10 [ 111.550503][ T6289] ? __pfx_fuse_readdir+0x10/0x10 [ 111.550530][ T6289] ? kstrtouint+0xfc/0x190 [ 111.550556][ T6289] ? look_up_lock_class+0x7b/0x170 [ 111.550585][ T6289] ? register_lock_class+0x54/0x330 [ 111.550614][ T6289] ? __lock_acquire+0xad5/0xd80 [ 111.550670][ T6289] ? __pfx___mutex_lock+0x10/0x10 [ 111.550705][ T6289] ? __fget_files+0x2a/0x420 [ 111.550730][ T6289] iterate_dir+0x5a9/0x760 [ 111.550761][ T6289] __se_sys_getdents64+0x1e4/0x4c0 [ 111.550795][ T6289] ? __pfx___se_sys_getdents64+0x10/0x10 [ 111.550822][ T6289] ? ksys_write+0x275/0x2d0 [ 111.550845][ T6289] ? __pfx_filldir64+0x10/0x10 [ 111.550881][ T6289] ? do_syscall_64+0xb6/0x230 [ 111.550912][ T6289] do_syscall_64+0xf3/0x230 [ 111.550941][ T6289] ? clear_bhb_loop+0x45/0xa0 [ 111.550964][ T6289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.550983][ T6289] RIP: 0033:0x7fc431b8d169 [ 111.551000][ T6289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.551015][ T6289] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 111.551037][ T6289] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 111.551052][ T6289] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004 [ 111.551064][ T6289] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 111.551076][ T6289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.551087][ T6289] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 111.551112][ T6289] [ 112.900690][ T6297] 9pnet_fd: Insufficient options for proto=fd [ 113.154162][ T6303] openvswitch: netlink: Actions may not be safe on all matching packets [ 113.169652][ T6303] netlink: 40 bytes leftover after parsing attributes in process `syz.2.110'. [ 113.518785][ T6305] netlink: 'syz.4.114': attribute type 21 has an invalid length. [ 113.560080][ T6307] netlink: 'syz.3.115': attribute type 21 has an invalid length. [ 113.658441][ T6307] 9pnet_fd: Insufficient options for proto=fd [ 113.659337][ T6311] loop2: detected capacity change from 0 to 7 [ 113.683985][ T6313] 9pnet_fd: Insufficient options for proto=fd [ 113.712815][ T6311] Dev loop2: unable to read RDB block 7 [ 113.749602][ T6311] loop2: unable to read partition table [ 113.782820][ T6311] loop2: partition table beyond EOD, truncated [ 113.858367][ T6320] netlink: 48 bytes leftover after parsing attributes in process `syz.4.119'. [ 113.875673][ T6311] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 114.175647][ T6311] ubi: mtd0 is already attached to ubi31 [ 114.540744][ T6326] FAULT_INJECTION: forcing a failure. [ 114.540744][ T6326] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.645991][ T6326] CPU: 0 UID: 0 PID: 6326 Comm: syz.2.121 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 114.646040][ T6326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 114.646053][ T6326] Call Trace: [ 114.646060][ T6326] [ 114.646068][ T6326] dump_stack_lvl+0x241/0x360 [ 114.646099][ T6326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.646122][ T6326] ? __pfx__printk+0x10/0x10 [ 114.646147][ T6326] should_fail_ex+0x424/0x570 [ 114.646175][ T6326] _copy_to_user+0x31/0xb0 [ 114.646199][ T6326] simple_read_from_buffer+0xdc/0x170 [ 114.646233][ T6326] proc_fail_nth_read+0x1ef/0x260 [ 114.646257][ T6326] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.646292][ T6326] ? rw_verify_area+0x246/0x630 [ 114.646314][ T6326] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.646337][ T6326] vfs_read+0x21f/0xb90 [ 114.646364][ T6326] ? __pfx___mutex_lock+0x10/0x10 [ 114.646393][ T6326] ? __pfx_vfs_read+0x10/0x10 [ 114.646419][ T6326] ? __fget_files+0x2a/0x420 [ 114.646439][ T6326] ? __fget_files+0x39d/0x420 [ 114.646457][ T6326] ? __fget_files+0x2a/0x420 [ 114.646482][ T6326] ksys_read+0x19d/0x2d0 [ 114.646508][ T6326] ? __pfx_ksys_read+0x10/0x10 [ 114.646537][ T6326] ? do_syscall_64+0xb6/0x230 [ 114.646566][ T6326] do_syscall_64+0xf3/0x230 [ 114.646594][ T6326] ? clear_bhb_loop+0x45/0xa0 [ 114.646616][ T6326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.646634][ T6326] RIP: 0033:0x7f45bb18bb7c [ 114.646650][ T6326] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 114.646666][ T6326] RSP: 002b:00007f45bc066030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 114.646686][ T6326] RAX: ffffffffffffffda RBX: 00007f45bb3a5fa0 RCX: 00007f45bb18bb7c [ 114.646700][ T6326] RDX: 000000000000000f RSI: 00007f45bc0660a0 RDI: 0000000000000005 [ 114.646711][ T6326] RBP: 00007f45bc066090 R08: 0000000000000000 R09: 0000000000000000 [ 114.646723][ T6326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.646733][ T6326] R13: 0000000000000000 R14: 00007f45bb3a5fa0 R15: 00007fffe2f15948 [ 114.646757][ T6326] [ 114.862693][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.493746][ T5914] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 117.114499][ T5831] Bluetooth: hci4: command 0x0405 tx timeout [ 117.206136][ T6340] geneve2: entered promiscuous mode [ 117.215400][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 117.225259][ T5914] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 117.245060][ T5914] usb 4-1: New USB device found, idVendor=07ca, idProduct=2835, bcdDevice=f5.ac [ 117.254450][ T6340] geneve2: entered allmulticast mode [ 117.257466][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.356149][ T5914] usb 4-1: config 0 descriptor?? [ 117.467999][ T5914] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 117.700907][ T6336] syz.3.123 uses obsolete (PF_INET,SOCK_PACKET) [ 117.773850][ T6351] netlink: 'syz.2.129': attribute type 3 has an invalid length. [ 118.100898][ T5914] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 118.117289][ T6351] netlink: 'syz.2.129': attribute type 3 has an invalid length. [ 118.711447][ T6359] FAULT_INJECTION: forcing a failure. [ 118.711447][ T6359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.747947][ T6359] CPU: 0 UID: 0 PID: 6359 Comm: syz.1.131 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 118.747977][ T6359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.747988][ T6359] Call Trace: [ 118.747995][ T6359] [ 118.748003][ T6359] dump_stack_lvl+0x241/0x360 [ 118.748042][ T6359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.748064][ T6359] ? __pfx__printk+0x10/0x10 [ 118.748091][ T6359] should_fail_ex+0x424/0x570 [ 118.748116][ T6359] _copy_from_user+0x2d/0xb0 [ 118.748137][ T6359] copy_msghdr_from_user+0xb3/0x580 [ 118.748165][ T6359] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 118.748187][ T6359] ? __fget_files+0x2a/0x420 [ 118.748208][ T6359] ? __fget_files+0x2a/0x420 [ 118.748232][ T6359] do_recvmmsg+0x3bf/0xab0 [ 118.748258][ T6359] ? __pfx_do_recvmmsg+0x10/0x10 [ 118.748287][ T6359] ? __lock_acquire+0xad5/0xd80 [ 118.748330][ T6359] ? get_timespec64+0x1a8/0x290 [ 118.748362][ T6359] __x64_sys_recvmmsg+0x1ca/0x260 [ 118.748383][ T6359] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 118.748406][ T6359] ? do_syscall_64+0xb6/0x230 [ 118.748435][ T6359] do_syscall_64+0xf3/0x230 [ 118.748461][ T6359] ? clear_bhb_loop+0x45/0xa0 [ 118.748481][ T6359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.748499][ T6359] RIP: 0033:0x7fc431b8d169 [ 118.748526][ T6359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.748541][ T6359] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 118.748564][ T6359] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 118.748578][ T6359] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 118.748590][ T6359] RBP: 00007fc432965090 R08: 0000200000003700 R09: 0000000000000000 [ 118.748602][ T6359] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 118.748613][ T6359] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 118.748636][ T6359] [ 118.949744][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.175646][ T10] usb 4-1: USB disconnect, device number 8 [ 119.707967][ T6373] loop2: detected capacity change from 0 to 7 [ 119.720072][ T5837] Dev loop2: unable to read RDB block 7 [ 119.729678][ T5837] loop2: unable to read partition table [ 119.737343][ T5837] loop2: partition table beyond EOD, truncated [ 119.756537][ T6373] Dev loop2: unable to read RDB block 7 [ 119.766778][ T6373] loop2: unable to read partition table [ 119.775008][ T6373] loop2: partition table beyond EOD, truncated [ 119.791176][ T6373] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 120.053575][ T6376] ubi: mtd0 is already attached to ubi31 [ 120.709340][ T6370] mmap: syz.1.135 (6370) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 120.865967][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 120.879240][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 121.348042][ T5914] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 121.640610][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 122.225770][ T5914] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 122.285607][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.314179][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 122.349139][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.398263][ T6404] FAULT_INJECTION: forcing a failure. [ 122.398263][ T6404] name failslab, interval 1, probability 0, space 0, times 0 [ 122.447187][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.4.145 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 122.447217][ T6404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 122.447229][ T6404] Call Trace: [ 122.447236][ T6404] [ 122.447244][ T6404] dump_stack_lvl+0x241/0x360 [ 122.447281][ T6404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.447303][ T6404] ? __pfx__printk+0x10/0x10 [ 122.447326][ T6404] ? __pfx___might_resched+0x10/0x10 [ 122.447358][ T6404] should_fail_ex+0x424/0x570 [ 122.447383][ T6404] should_failslab+0xac/0x100 [ 122.447413][ T6404] __kmalloc_noprof+0xdf/0x4d0 [ 122.447430][ T6404] ? tomoyo_encode+0x26f/0x540 [ 122.447463][ T6404] tomoyo_encode+0x26f/0x540 [ 122.447494][ T6404] tomoyo_realpath_from_path+0x59e/0x5e0 [ 122.447532][ T6404] tomoyo_path_number_perm+0x245/0x790 [ 122.447569][ T6404] ? tomoyo_path_number_perm+0x215/0x790 [ 122.447593][ T6404] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 122.447621][ T6404] ? ksys_write+0x24e/0x2d0 [ 122.447648][ T6404] ? __lock_acquire+0xad5/0xd80 [ 122.447681][ T6404] ? __fget_files+0x2a/0x420 [ 122.447699][ T6404] ? __fget_files+0x2a/0x420 [ 122.447718][ T6404] ? __fget_files+0x2a/0x420 [ 122.447739][ T6404] security_file_ioctl+0xc6/0x2a0 [ 122.447764][ T6404] __se_sys_ioctl+0x46/0x160 [ 122.447789][ T6404] do_syscall_64+0xf3/0x230 [ 122.447817][ T6404] ? clear_bhb_loop+0x45/0xa0 [ 122.447837][ T6404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.447854][ T6404] RIP: 0033:0x7fed57b8d169 [ 122.447869][ T6404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.447883][ T6404] RSP: 002b:00007fed589c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.447903][ T6404] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8d169 [ 122.447917][ T6404] RDX: 0000200000000040 RSI: 00000000c02c5625 RDI: 0000000000000003 [ 122.447928][ T6404] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 122.447939][ T6404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.447949][ T6404] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 122.447971][ T6404] [ 122.456171][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.465340][ T6404] ERROR: Out of memory at tomoyo_realpath_from_path. [ 122.547390][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 122.620497][ C1] vkms_vblank_simulate: vblank timer overrun [ 122.711933][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.802520][ T6412] capability: warning: `syz.2.150' uses 32-bit capabilities (legacy support in use) [ 122.833279][ T6412] program syz.2.150 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.934275][ T5913] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 123.695460][ T5914] usb 4-1: usb_control_msg returned -32 [ 123.701096][ T5914] usbtmc 4-1:16.0: can't read capabilities [ 123.756013][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.767142][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.811769][ T5913] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 123.958728][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.994385][ T5913] usb 2-1: config 0 descriptor?? [ 124.830827][ T10] usb 4-1: USB disconnect, device number 9 [ 124.895098][ T6429] netlink: 35 bytes leftover after parsing attributes in process `syz.2.153'. [ 124.913722][ T6429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.153'. [ 125.269576][ T6437] loop2: detected capacity change from 0 to 7 [ 125.363300][ T6437] Dev loop2: unable to read RDB block 7 [ 125.406234][ T6437] loop2: unable to read partition table [ 125.492659][ T6437] loop2: partition table beyond EOD, truncated [ 125.512992][ T6437] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 125.715015][ T6440] ubi: mtd0 is already attached to ubi31 [ 125.873225][ T5913] usbhid 2-1:0.0: can't add hid device: -71 [ 125.880252][ T5913] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 125.915326][ T5913] usb 2-1: USB disconnect, device number 2 [ 125.993815][ T5870] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 126.617278][ T5870] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 126.627075][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.635256][ T5870] usb 4-1: Product: syz [ 126.639959][ T5870] usb 4-1: Manufacturer: syz [ 126.646350][ T5870] usb 4-1: SerialNumber: syz [ 126.654649][ T5870] usb 4-1: config 0 descriptor?? [ 127.104078][ T5870] airspy 4-1:0.0: Board ID: 00 [ 127.108880][ T5870] airspy 4-1:0.0: Firmware version: [ 127.429229][ T6456] FAULT_INJECTION: forcing a failure. [ 127.429229][ T6456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.442708][ T6456] CPU: 1 UID: 0 PID: 6456 Comm: syz.2.162 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 127.442737][ T6456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.442750][ T6456] Call Trace: [ 127.442759][ T6456] [ 127.442768][ T6456] dump_stack_lvl+0x241/0x360 [ 127.442799][ T6456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.442824][ T6456] ? __pfx__printk+0x10/0x10 [ 127.442866][ T6456] should_fail_ex+0x424/0x570 [ 127.442895][ T6456] _copy_from_iter+0x211/0x1c70 [ 127.442920][ T6456] ? alloc_pages_mpol+0x4e6/0x690 [ 127.442955][ T6456] ? __pfx__copy_from_iter+0x10/0x10 [ 127.442978][ T6456] ? set_page_refcounted+0xa1/0x1e0 [ 127.443011][ T6456] ? alloc_pages_noprof+0x136/0x190 [ 127.443041][ T6456] ? page_copy_sane+0x46/0x260 [ 127.443061][ T6456] copy_page_from_iter+0x7a/0x100 [ 127.443084][ T6456] tun_get_user+0x206e/0x48d0 [ 127.443104][ T6456] ? tun_get_user+0x83d/0x48d0 [ 127.443136][ T6456] ? kstrtouint+0xfc/0x190 [ 127.443164][ T6456] ? __pfx_tun_get_user+0x10/0x10 [ 127.443196][ T6456] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 127.443235][ T6456] ? tun_get+0x1e/0x2f0 [ 127.443254][ T6456] ? tun_get+0x1e/0x2f0 [ 127.443270][ T6456] ? tun_get+0x27d/0x2f0 [ 127.443290][ T6456] tun_chr_write_iter+0x10d/0x1f0 [ 127.443311][ T6456] vfs_write+0x70f/0xd10 [ 127.443342][ T6456] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 127.443362][ T6456] ? __pfx_vfs_write+0x10/0x10 [ 127.443390][ T6456] ? __fget_files+0x2a/0x420 [ 127.443417][ T6456] ? __fget_files+0x2a/0x420 [ 127.443443][ T6456] ksys_write+0x19d/0x2d0 [ 127.443467][ T6456] ? __pfx_ksys_write+0x10/0x10 [ 127.443496][ T6456] ? do_syscall_64+0xb6/0x230 [ 127.443528][ T6456] do_syscall_64+0xf3/0x230 [ 127.443557][ T6456] ? clear_bhb_loop+0x45/0xa0 [ 127.443580][ T6456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.443599][ T6456] RIP: 0033:0x7f45bb18bc1f [ 127.443616][ T6456] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 127.443632][ T6456] RSP: 002b:00007f45bc066000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 127.443653][ T6456] RAX: ffffffffffffffda RBX: 00007f45bb3a5fa0 RCX: 00007f45bb18bc1f [ 127.443668][ T6456] RDX: 000000000000004e RSI: 0000200000000040 RDI: 00000000000000c8 [ 127.443681][ T6456] RBP: 00007f45bc066090 R08: 0000000000000000 R09: 0000000000000000 [ 127.443694][ T6456] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 127.443705][ T6456] R13: 0000000000000000 R14: 00007f45bb3a5fa0 R15: 00007fffe2f15948 [ 127.443730][ T6456] [ 128.354848][ T5870] airspy 4-1:0.0: usb_control_msg() failed -110 request 0e [ 128.413884][ T5870] airspy 4-1:0.0: Registered as swradio24 [ 128.438877][ T5870] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 128.532800][ T5870] usb 4-1: USB disconnect, device number 10 [ 129.063304][ T30] audit: type=1800 audit(1743081148.672:2): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.167" name="file1" dev="tmpfs" ino=214 res=0 errno=0 [ 129.213599][ T5870] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 129.404712][ T5870] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 129.429047][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.470955][ T6477] input: syz1 as /devices/virtual/input/input5 [ 129.493516][ T5870] usb 4-1: Product: syz [ 129.497759][ T5870] usb 4-1: Manufacturer: syz [ 129.502407][ T5870] usb 4-1: SerialNumber: syz [ 129.525411][ T5870] usb 4-1: config 0 descriptor?? [ 130.601141][ T6506] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 130.625002][ T6506] x_tables: duplicate underflow at hook 1 [ 130.691788][ T6504] kvm: MWAIT instruction emulated as NOP! [ 131.066009][ T6513] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 131.795789][ T5829] Bluetooth: hci3: command 0x0401 tx timeout [ 131.801916][ T6475] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 131.817313][ T5870] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 131.836349][ T5870] usb 4-1: setting power ON [ 131.846597][ T5870] dvb-usb: bulk message failed: -22 (2/0) [ 131.861269][ T5870] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 131.881116][ T5870] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19) [ 131.890928][ T5870] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22 [ 131.913731][ T5913] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 131.922168][ T5870] usb 4-1: USB disconnect, device number 11 [ 132.095034][ T5913] usb 3-1: Using ep0 maxpacket: 16 [ 132.108819][ T5913] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 132.120198][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 132.129076][ T5913] usb 3-1: Product: syz [ 132.134221][ T5913] usb 3-1: Manufacturer: syz [ 132.138865][ T5913] usb 3-1: SerialNumber: syz [ 132.152062][ T5913] usb 3-1: config 0 descriptor?? [ 132.210309][ T6537] FAULT_INJECTION: forcing a failure. [ 132.210309][ T6537] name failslab, interval 1, probability 0, space 0, times 0 [ 132.223641][ T6537] CPU: 0 UID: 0 PID: 6537 Comm: syz.4.188 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 132.223670][ T6537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.223682][ T6537] Call Trace: [ 132.223689][ T6537] [ 132.223697][ T6537] dump_stack_lvl+0x241/0x360 [ 132.223727][ T6537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.223750][ T6537] ? __pfx__printk+0x10/0x10 [ 132.223772][ T6537] ? __pfx___might_resched+0x10/0x10 [ 132.223806][ T6537] should_fail_ex+0x424/0x570 [ 132.223833][ T6537] should_failslab+0xac/0x100 [ 132.223864][ T6537] kmem_cache_alloc_noprof+0x78/0x390 [ 132.223895][ T6537] ? io_submit_one+0x156/0x18b0 [ 132.223919][ T6537] io_submit_one+0x156/0x18b0 [ 132.223945][ T6537] ? __lock_acquire+0xad5/0xd80 [ 132.223973][ T6537] ? __pfx_io_submit_one+0x10/0x10 [ 132.224002][ T6537] ? __might_fault+0xaa/0x120 [ 132.224027][ T6537] __se_sys_io_submit+0x17a/0x2e0 [ 132.224060][ T6537] ? __pfx___se_sys_io_submit+0x10/0x10 [ 132.224089][ T6537] ? ksys_write+0x275/0x2d0 [ 132.224131][ T6537] ? do_syscall_64+0xb6/0x230 [ 132.224162][ T6537] do_syscall_64+0xf3/0x230 [ 132.224203][ T6537] ? clear_bhb_loop+0x45/0xa0 [ 132.224225][ T6537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.224244][ T6537] RIP: 0033:0x7fed57b8d169 [ 132.224260][ T6537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.224276][ T6537] RSP: 002b:00007fed589c9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 132.224297][ T6537] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8d169 [ 132.224311][ T6537] RDX: 0000200000000780 RSI: 0000000000000020 RDI: 00007fed5897f000 [ 132.224323][ T6537] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 132.224335][ T6537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.224346][ T6537] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 132.224371][ T6537] [ 132.429816][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.758817][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.799113][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.019208][ T5913] usb 3-1: USB disconnect, device number 4 [ 133.128070][ T6547] ALSA: mixer_oss: invalid OSS volume 'Xñð‘rÀ¢,p' [ 134.263552][ T10] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 134.878953][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 134.892391][ T10] usb 2-1: config 0 has no interface number 0 [ 134.932848][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 135.023532][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 135.061480][ T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 135.097785][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.124598][ T10] usb 2-1: config 0 descriptor?? [ 135.138251][ T6565] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 135.177967][ T10] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 135.187679][ T6579] 9pnet: Could not find request transport: f'–4d [ 135.284682][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.204'. [ 135.307433][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.204'. [ 135.451519][ T10] usb 2-1: USB disconnect, device number 3 [ 135.451519][ C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 135.554005][ T5913] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 135.743860][ T5913] usb 3-1: device descriptor read/64, error -71 [ 136.033811][ T5913] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 136.176888][ T5913] usb 3-1: device descriptor read/64, error -71 [ 136.292356][ T6611] netlink: 28 bytes leftover after parsing attributes in process `syz.3.208'. [ 136.301458][ T6611] nbd: must specify at least one socket [ 136.977657][ T5870] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 136.998649][ T5913] usb usb3-port1: attempt power cycle [ 137.763532][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 137.950520][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.970980][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.058099][ T5870] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 138.068357][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.085050][ T5870] usb 5-1: config 0 descriptor?? [ 138.092051][ T5870] hub 5-1:0.0: USB hub found [ 138.253564][ T5913] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 138.274736][ T5913] usb 3-1: device descriptor read/8, error -71 [ 138.298570][ T5870] hub 5-1:0.0: 1 port detected [ 138.907998][ T6636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.215'. [ 138.984536][ T5913] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 139.016313][ T5913] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 139.025092][ T5913] usb 3-1: config 0 has no interface number 0 [ 139.031710][ T5913] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 139.046039][ T5913] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 139.056535][ T5913] usb 3-1: config 0 interface 113 has no altsetting 0 [ 139.069853][ T6640] FAULT_INJECTION: forcing a failure. [ 139.069853][ T6640] name failslab, interval 1, probability 0, space 0, times 0 [ 139.092637][ T5913] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 139.097759][ T6640] CPU: 0 UID: 0 PID: 6640 Comm: syz.1.219 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 139.097790][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 139.097803][ T6640] Call Trace: [ 139.097810][ T6640] [ 139.097818][ T6640] dump_stack_lvl+0x241/0x360 [ 139.097850][ T6640] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.097873][ T6640] ? __pfx__printk+0x10/0x10 [ 139.097897][ T6640] ? __pfx___might_resched+0x10/0x10 [ 139.097931][ T6640] should_fail_ex+0x424/0x570 [ 139.097959][ T6640] should_failslab+0xac/0x100 [ 139.097991][ T6640] __kmalloc_noprof+0xdf/0x4d0 [ 139.098007][ T6640] ? __kmalloc_cache_noprof+0x236/0x370 [ 139.098024][ T6640] ? fuse_direct_io+0x340/0x2c00 [ 139.098053][ T6640] fuse_direct_io+0x340/0x2c00 [ 139.098083][ T6640] ? __lock_acquire+0xad5/0xd80 [ 139.098119][ T6640] ? generic_write_checks_count+0x409/0x520 [ 139.098144][ T6640] ? generic_write_checks+0x162/0x1d0 [ 139.098167][ T6640] ? __pfx_fuse_direct_io+0x10/0x10 [ 139.098193][ T6640] ? __pfx_generic_write_checks+0x10/0x10 [ 139.098221][ T6640] fuse_file_write_iter+0x8c1/0x1180 [ 139.098254][ T6640] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 139.098290][ T6640] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 139.098321][ T6640] vfs_write+0x70f/0xd10 [ 139.098352][ T6640] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 139.098381][ T6640] ? __pfx_vfs_write+0x10/0x10 [ 139.098408][ T6640] ? __fget_files+0x2a/0x420 [ 139.098431][ T6640] ? __fget_files+0x2a/0x420 [ 139.098457][ T6640] ksys_write+0x19d/0x2d0 [ 139.098484][ T6640] ? __pfx_ksys_write+0x10/0x10 [ 139.098513][ T6640] ? do_syscall_64+0xb6/0x230 [ 139.098545][ T6640] do_syscall_64+0xf3/0x230 [ 139.098574][ T6640] ? clear_bhb_loop+0x45/0xa0 [ 139.098596][ T6640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.098615][ T6640] RIP: 0033:0x7fc431b8d169 [ 139.098633][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.098648][ T6640] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.098670][ T6640] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 139.098684][ T6640] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 0000000000000004 [ 139.098703][ T6640] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 139.098715][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.098726][ T6640] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 139.098751][ T6640] [ 139.377056][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.385560][ T5913] usb 3-1: Product: syz [ 139.386530][ T5870] hub 5-1:0.0: activate --> -90 [ 139.389843][ T5913] usb 3-1: Manufacturer: syz [ 139.401107][ T5913] usb 3-1: SerialNumber: syz [ 139.425378][ T5913] usb 3-1: config 0 descriptor?? [ 139.432058][ T6643] ubi: mtd0 is already attached to ubi31 [ 139.442516][ C1] usb 3-1: NFC: Urb failure (status -71) [ 139.465256][ T5913] usb 3-1: NFC: Unable to get FW version [ 139.484072][ T5913] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90 [ 139.826296][ T6650] netlink: 28 bytes leftover after parsing attributes in process `syz.1.222'. [ 139.835313][ T6650] nbd: must specify at least one socket [ 141.846625][ T10] usb 5-1: USB disconnect, device number 2 [ 141.944425][ T5923] usb 3-1: USB disconnect, device number 8 [ 142.200432][ T6655] ALSA: mixer_oss: invalid OSS volume 'Xñð‘rÀ¢,p' [ 142.553558][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 142.755005][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 142.801510][ T10] usb 5-1: config 0 has an invalid interface number: 110 but max is 0 [ 142.981714][ T10] usb 5-1: config 0 has no interface number 0 [ 143.064617][ T6677] input: syz0 as /devices/virtual/input/input8 [ 143.086651][ T10] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=3a.e4 [ 143.108281][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.138109][ T10] usb 5-1: Product: syz [ 143.173357][ T10] usb 5-1: Manufacturer: syz [ 143.201839][ T10] usb 5-1: SerialNumber: syz [ 143.218181][ T10] usb 5-1: config 0 descriptor?? [ 143.240021][ T10] igorplugusb 5-1:0.110: incorrect number of endpoints [ 143.564012][ T6690] FAULT_INJECTION: forcing a failure. [ 143.564012][ T6690] name failslab, interval 1, probability 0, space 0, times 0 [ 143.596584][ T6689] FAULT_INJECTION: forcing a failure. [ 143.596584][ T6689] name failslab, interval 1, probability 0, space 0, times 0 [ 143.600205][ T6690] CPU: 0 UID: 0 PID: 6690 Comm: syz.1.234 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 143.600242][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 143.600255][ T6690] Call Trace: [ 143.600263][ T6690] [ 143.600271][ T6690] dump_stack_lvl+0x241/0x360 [ 143.600301][ T6690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.600325][ T6690] ? __pfx__printk+0x10/0x10 [ 143.600350][ T6690] ? __pfx___might_resched+0x10/0x10 [ 143.600382][ T6690] should_fail_ex+0x424/0x570 [ 143.600410][ T6690] should_failslab+0xac/0x100 [ 143.600441][ T6690] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 143.600473][ T6690] ? __alloc_skb+0x1c2/0x480 [ 143.600504][ T6690] __alloc_skb+0x1c2/0x480 [ 143.600535][ T6690] ? __pfx___alloc_skb+0x10/0x10 [ 143.600564][ T6690] ? netlink_autobind+0xd6/0x2f0 [ 143.600587][ T6690] ? netlink_autobind+0x2b0/0x2f0 [ 143.600613][ T6690] netlink_sendmsg+0x65c/0xce0 [ 143.600663][ T6690] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.600696][ T6690] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.600718][ T6690] __sock_sendmsg+0x221/0x270 [ 143.600747][ T6690] ____sys_sendmsg+0x53c/0x870 [ 143.600774][ T6690] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.600793][ T6690] ? __fget_files+0x2a/0x420 [ 143.600816][ T6690] ? __fget_files+0x2a/0x420 [ 143.600843][ T6690] __sys_sendmsg+0x271/0x360 [ 143.600867][ T6690] ? __pfx___sys_sendmsg+0x10/0x10 [ 143.600937][ T6690] do_syscall_64+0xf3/0x230 [ 143.600971][ T6690] ? clear_bhb_loop+0x45/0xa0 [ 143.600996][ T6690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.601015][ T6690] RIP: 0033:0x7fc431b8d169 [ 143.601034][ T6690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.601050][ T6690] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.601074][ T6690] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 143.601090][ T6690] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 143.601119][ T6690] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 143.601133][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.601145][ T6690] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 143.601170][ T6690] [ 144.058665][ T6689] CPU: 1 UID: 0 PID: 6689 Comm: syz.4.226 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 144.058693][ T6689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 144.058704][ T6689] Call Trace: [ 144.058711][ T6689] [ 144.058718][ T6689] dump_stack_lvl+0x241/0x360 [ 144.058747][ T6689] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.058769][ T6689] ? __pfx__printk+0x10/0x10 [ 144.058790][ T6689] ? __pfx___might_resched+0x10/0x10 [ 144.058820][ T6689] should_fail_ex+0x424/0x570 [ 144.058845][ T6689] should_failslab+0xac/0x100 [ 144.058873][ T6689] __kmalloc_noprof+0xdf/0x4d0 [ 144.058889][ T6689] ? tomoyo_encode+0x26f/0x540 [ 144.058920][ T6689] tomoyo_encode+0x26f/0x540 [ 144.058951][ T6689] tomoyo_realpath_from_path+0x59e/0x5e0 [ 144.058986][ T6689] tomoyo_path_number_perm+0x245/0x790 [ 144.059013][ T6689] ? tomoyo_path_number_perm+0x215/0x790 [ 144.059039][ T6689] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 144.059063][ T6689] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 144.059098][ T6689] ? rcu_read_unlock_special+0x49b/0x570 [ 144.059134][ T6689] ? __rcu_read_unlock+0xa1/0x110 [ 144.059154][ T6689] ? __fget_files+0x2a/0x420 [ 144.059175][ T6689] ? __fget_files+0x2a/0x420 [ 144.059197][ T6689] security_file_ioctl+0xc6/0x2a0 [ 144.059222][ T6689] __se_sys_ioctl+0x46/0x160 [ 144.059248][ T6689] do_syscall_64+0xf3/0x230 [ 144.059276][ T6689] ? clear_bhb_loop+0x45/0xa0 [ 144.059305][ T6689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.059322][ T6689] RIP: 0033:0x7fed57b8d169 [ 144.059338][ T6689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.059353][ T6689] RSP: 002b:00007fed58995038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.059373][ T6689] RAX: ffffffffffffffda RBX: 00007fed57da6080 RCX: 00007fed57b8d169 [ 144.059386][ T6689] RDX: 00002000000001c0 RSI: 00000000c0205648 RDI: 000000000000000a [ 144.059398][ T6689] RBP: 00007fed58995090 R08: 0000000000000000 R09: 0000000000000000 [ 144.059409][ T6689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.059419][ T6689] R13: 0000000000000000 R14: 00007fed57da6080 R15: 00007ffd7de14ca8 [ 144.059442][ T6689] [ 144.059458][ T6689] ERROR: Out of memory at tomoyo_realpath_from_path. [ 144.333863][ T6689] vivid-003: disconnect [ 144.348895][ T5870] usb 5-1: USB disconnect, device number 3 [ 144.355491][ T6663] vivid-003: reconnect [ 144.557184][ T6700] FAULT_INJECTION: forcing a failure. [ 144.557184][ T6700] name failslab, interval 1, probability 0, space 0, times 0 [ 144.576816][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.2.238 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 144.576845][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 144.576857][ T6700] Call Trace: [ 144.576864][ T6700] [ 144.576872][ T6700] dump_stack_lvl+0x241/0x360 [ 144.576902][ T6700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.576925][ T6700] ? __pfx__printk+0x10/0x10 [ 144.576949][ T6700] ? __pfx___might_resched+0x10/0x10 [ 144.576981][ T6700] should_fail_ex+0x424/0x570 [ 144.577008][ T6700] should_failslab+0xac/0x100 [ 144.577038][ T6700] __kmalloc_noprof+0xdf/0x4d0 [ 144.577055][ T6700] ? tomoyo_encode+0x26f/0x540 [ 144.577087][ T6700] tomoyo_encode+0x26f/0x540 [ 144.577117][ T6700] ? __pfx_anon_inodefs_dname+0x10/0x10 [ 144.577139][ T6700] tomoyo_realpath_from_path+0x59e/0x5e0 [ 144.577178][ T6700] tomoyo_path_number_perm+0x245/0x790 [ 144.577205][ T6700] ? tomoyo_path_number_perm+0x215/0x790 [ 144.577232][ T6700] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 144.577262][ T6700] ? ksys_write+0x24e/0x2d0 [ 144.577292][ T6700] ? __lock_acquire+0xad5/0xd80 [ 144.577329][ T6700] ? __fget_files+0x2a/0x420 [ 144.577348][ T6700] ? __fget_files+0x2a/0x420 [ 144.577369][ T6700] ? __fget_files+0x2a/0x420 [ 144.577392][ T6700] security_file_ioctl+0xc6/0x2a0 [ 144.577419][ T6700] __se_sys_ioctl+0x46/0x160 [ 144.577446][ T6700] do_syscall_64+0xf3/0x230 [ 144.577475][ T6700] ? clear_bhb_loop+0x45/0xa0 [ 144.577507][ T6700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.577526][ T6700] RIP: 0033:0x7f45bb18d169 [ 144.577543][ T6700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.577558][ T6700] RSP: 002b:00007f45bc066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.577579][ T6700] RAX: ffffffffffffffda RBX: 00007f45bb3a5fa0 RCX: 00007f45bb18d169 [ 144.577593][ T6700] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 144.577605][ T6700] RBP: 00007f45bc066090 R08: 0000000000000000 R09: 0000000000000000 [ 144.577616][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.577627][ T6700] R13: 0000000000000000 R14: 00007f45bb3a5fa0 R15: 00007fffe2f15948 [ 144.577651][ T6700] [ 144.577668][ T6700] ERROR: Out of memory at tomoyo_realpath_from_path. [ 145.278638][ T5831] Bluetooth: hci4: command 0x0405 tx timeout [ 145.341664][ T6717] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2) [ 145.813035][ T6723] FAULT_INJECTION: forcing a failure. [ 145.813035][ T6723] name failslab, interval 1, probability 0, space 0, times 0 [ 145.876458][ T6723] CPU: 1 UID: 0 PID: 6723 Comm: syz.2.243 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 145.876490][ T6723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 145.876503][ T6723] Call Trace: [ 145.876511][ T6723] [ 145.876519][ T6723] dump_stack_lvl+0x241/0x360 [ 145.876551][ T6723] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.876575][ T6723] ? __pfx__printk+0x10/0x10 [ 145.876603][ T6723] ? __pfx___might_resched+0x10/0x10 [ 145.876637][ T6723] should_fail_ex+0x424/0x570 [ 145.876666][ T6723] should_failslab+0xac/0x100 [ 145.876699][ T6723] __kmalloc_cache_noprof+0x73/0x370 [ 145.876718][ T6723] ? do_signalfd4+0x156/0x390 [ 145.876744][ T6723] do_signalfd4+0x156/0x390 [ 145.876768][ T6723] __x64_sys_signalfd4+0x176/0x1c0 [ 145.876792][ T6723] ? __pfx___x64_sys_signalfd4+0x10/0x10 [ 145.876814][ T6723] ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0 [ 145.876847][ T6723] ? syscall_user_dispatch+0x4e/0x90 [ 145.876879][ T6723] do_syscall_64+0xf3/0x230 [ 145.876909][ T6723] ? clear_bhb_loop+0x45/0xa0 [ 145.876932][ T6723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.876951][ T6723] RIP: 0033:0x7f45bb18d169 [ 145.876968][ T6723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.877007][ T6723] RSP: 002b:00007f45bc045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121 [ 145.877072][ T6723] RAX: ffffffffffffffda RBX: 00007f45bb3a6080 RCX: 00007f45bb18d169 [ 145.877087][ T6723] RDX: 0000000000000008 RSI: 0000200000000040 RDI: ffffffffffffffff [ 145.877100][ T6723] RBP: 00007f45bc045090 R08: 0000000000000000 R09: 0000000000000000 [ 145.877113][ T6723] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 145.877125][ T6723] R13: 0000000000000000 R14: 00007f45bb3a6080 R15: 00007fffe2f15948 [ 145.877150][ T6723] [ 146.203981][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 146.448662][ T10] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 146.460807][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.535726][ T10] usb 5-1: Product: syz [ 146.561357][ T10] usb 5-1: Manufacturer: syz [ 146.577290][ T10] usb 5-1: SerialNumber: syz [ 146.638605][ T10] usb 5-1: config 0 descriptor?? [ 146.957687][ T10] hso 5-1:0.0: Can't find BULK IN endpoint [ 146.964832][ T10] usb-storage 5-1:0.0: USB Mass Storage device detected [ 147.390620][ T6738] fuse: Bad value for 'rootmode' [ 147.506722][ T10] usb 5-1: USB disconnect, device number 4 [ 147.760003][ T6749] fuse: Unknown parameter 'rƒotmode' [ 147.819507][ T6754] openvswitch: netlink: IP tunnel dst address not specified [ 147.838340][ T30] audit: type=1800 audit(1743081167.452:3): pid=6754 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.255" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 147.862537][ T6749] kvm: pic: non byte write [ 147.883056][ T6756] netlink: 24 bytes leftover after parsing attributes in process `syz.2.254'. [ 148.065338][ T6764] FAULT_INJECTION: forcing a failure. [ 148.065338][ T6764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.099455][ T6764] CPU: 1 UID: 0 PID: 6764 Comm: syz.1.258 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 148.099486][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.099499][ T6764] Call Trace: [ 148.099506][ T6764] [ 148.099515][ T6764] dump_stack_lvl+0x241/0x360 [ 148.099545][ T6764] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.099568][ T6764] ? __pfx__printk+0x10/0x10 [ 148.099597][ T6764] should_fail_ex+0x424/0x570 [ 148.099624][ T6764] _copy_to_user+0x31/0xb0 [ 148.099648][ T6764] simple_read_from_buffer+0xdc/0x170 [ 148.099681][ T6764] proc_fail_nth_read+0x1ef/0x260 [ 148.099707][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 148.099731][ T6764] ? rw_verify_area+0x246/0x630 [ 148.099754][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 148.099777][ T6764] vfs_read+0x21f/0xb90 [ 148.099804][ T6764] ? __pfx___mutex_lock+0x10/0x10 [ 148.099834][ T6764] ? __pfx_vfs_read+0x10/0x10 [ 148.099860][ T6764] ? __fget_files+0x2a/0x420 [ 148.099881][ T6764] ? __fget_files+0x39d/0x420 [ 148.099900][ T6764] ? __fget_files+0x2a/0x420 [ 148.099925][ T6764] ksys_read+0x19d/0x2d0 [ 148.099960][ T6764] ? __pfx_ksys_read+0x10/0x10 [ 148.099988][ T6764] ? do_syscall_64+0xb6/0x230 [ 148.100019][ T6764] do_syscall_64+0xf3/0x230 [ 148.100047][ T6764] ? clear_bhb_loop+0x45/0xa0 [ 148.100070][ T6764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.100088][ T6764] RIP: 0033:0x7fc431b8bb7c [ 148.100105][ T6764] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 148.100120][ T6764] RSP: 002b:00007fc432965030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 148.100141][ T6764] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8bb7c [ 148.100155][ T6764] RDX: 000000000000000f RSI: 00007fc4329650a0 RDI: 0000000000000043 [ 148.100167][ T6764] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 148.100179][ T6764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.100191][ T6764] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 148.100215][ T6764] [ 148.384917][ T6768] FAULT_INJECTION: forcing a failure. [ 148.384917][ T6768] name failslab, interval 1, probability 0, space 0, times 0 [ 148.413257][ T6768] CPU: 1 UID: 0 PID: 6768 Comm: syz.0.259 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 148.413286][ T6768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.413298][ T6768] Call Trace: [ 148.413306][ T6768] [ 148.413314][ T6768] dump_stack_lvl+0x241/0x360 [ 148.413344][ T6768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.413368][ T6768] ? __pfx__printk+0x10/0x10 [ 148.413392][ T6768] ? __pfx___might_resched+0x10/0x10 [ 148.413429][ T6768] should_fail_ex+0x424/0x570 [ 148.413458][ T6768] should_failslab+0xac/0x100 [ 148.413491][ T6768] __kmalloc_noprof+0xdf/0x4d0 [ 148.413509][ T6768] ? tomoyo_encode+0x26f/0x540 [ 148.413544][ T6768] tomoyo_encode+0x26f/0x540 [ 148.413575][ T6768] ? __pfx_anon_inodefs_dname+0x10/0x10 [ 148.413598][ T6768] tomoyo_realpath_from_path+0x59e/0x5e0 [ 148.413639][ T6768] tomoyo_path_number_perm+0x245/0x790 [ 148.413670][ T6768] ? tomoyo_path_number_perm+0x215/0x790 [ 148.413699][ T6768] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 148.413729][ T6768] ? ksys_write+0x24e/0x2d0 [ 148.413760][ T6768] ? __lock_acquire+0xad5/0xd80 [ 148.413799][ T6768] ? __fget_files+0x2a/0x420 [ 148.413819][ T6768] ? __fget_files+0x2a/0x420 [ 148.413841][ T6768] ? __fget_files+0x2a/0x420 [ 148.413864][ T6768] security_file_ioctl+0xc6/0x2a0 [ 148.413892][ T6768] __se_sys_ioctl+0x46/0x160 [ 148.413932][ T6768] do_syscall_64+0xf3/0x230 [ 148.413963][ T6768] ? clear_bhb_loop+0x45/0xa0 [ 148.413987][ T6768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.414006][ T6768] RIP: 0033:0x7f17de38d169 [ 148.414025][ T6768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.414041][ T6768] RSP: 002b:00007f17df18a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.414063][ T6768] RAX: ffffffffffffffda RBX: 00007f17de5a5fa0 RCX: 00007f17de38d169 [ 148.414079][ T6768] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 148.414091][ T6768] RBP: 00007f17df18a090 R08: 0000000000000000 R09: 0000000000000000 [ 148.414104][ T6768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.414116][ T6768] R13: 0000000000000000 R14: 00007f17de5a5fa0 R15: 00007ffcad00c7c8 [ 148.414154][ T6768] [ 148.672416][ T6768] ERROR: Out of memory at tomoyo_realpath_from_path. [ 149.791893][ T6782] netlink: 28 bytes leftover after parsing attributes in process `syz.4.264'. [ 150.193833][ T5923] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 150.498921][ T5923] usb 4-1: Using ep0 maxpacket: 16 [ 150.541817][ T5923] usb 4-1: New USB device found, idVendor=0403, idProduct=bca0, bcdDevice=e3.4b [ 150.554774][ T6797] FAULT_INJECTION: forcing a failure. [ 150.554774][ T6797] name failslab, interval 1, probability 0, space 0, times 0 [ 150.595362][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.635696][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.4.267'. [ 150.640210][ T6797] CPU: 1 UID: 0 PID: 6797 Comm: syz.1.268 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 150.640239][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.640252][ T6797] Call Trace: [ 150.640259][ T6797] [ 150.640267][ T6797] dump_stack_lvl+0x241/0x360 [ 150.640299][ T6797] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.640323][ T6797] ? __pfx__printk+0x10/0x10 [ 150.640347][ T6797] ? __pfx___might_resched+0x10/0x10 [ 150.640380][ T6797] should_fail_ex+0x424/0x570 [ 150.640408][ T6797] should_failslab+0xac/0x100 [ 150.640440][ T6797] __kmalloc_noprof+0xdf/0x4d0 [ 150.640457][ T6797] ? tomoyo_encode+0x26f/0x540 [ 150.640490][ T6797] tomoyo_encode+0x26f/0x540 [ 150.640542][ T6797] tomoyo_realpath_from_path+0x59e/0x5e0 [ 150.640601][ T6797] tomoyo_path_number_perm+0x245/0x790 [ 150.640631][ T6797] ? tomoyo_path_number_perm+0x215/0x790 [ 150.640660][ T6797] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 150.640692][ T6797] ? ksys_write+0x24e/0x2d0 [ 150.640725][ T6797] ? __lock_acquire+0xad5/0xd80 [ 150.640765][ T6797] ? __fget_files+0x2a/0x420 [ 150.640786][ T6797] ? __fget_files+0x2a/0x420 [ 150.640809][ T6797] ? __fget_files+0x2a/0x420 [ 150.640832][ T6797] security_file_ioctl+0xc6/0x2a0 [ 150.640864][ T6797] __se_sys_ioctl+0x46/0x160 [ 150.640893][ T6797] do_syscall_64+0xf3/0x230 [ 150.640931][ T6797] ? clear_bhb_loop+0x45/0xa0 [ 150.640955][ T6797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.640975][ T6797] RIP: 0033:0x7fc431b8d169 [ 150.640994][ T6797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.641011][ T6797] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.641034][ T6797] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 150.641049][ T6797] RDX: 0000000000000000 RSI: 000000000000227d RDI: 0000000000000004 [ 150.641062][ T6797] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 150.641075][ T6797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.641088][ T6797] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 150.641113][ T6797] [ 150.641133][ T6797] ERROR: Out of memory at tomoyo_realpath_from_path. [ 150.886336][ T5923] usb 4-1: Product: syz [ 150.890684][ T5923] usb 4-1: Manufacturer: syz [ 150.923850][ T5923] usb 4-1: SerialNumber: syz [ 150.973376][ T5923] usb 4-1: config 0 descriptor?? [ 150.982728][ T5923] ftdi_sio 4-1:0.0: Ignoring interface reserved for JTAG [ 151.131926][ T6805] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 151.790374][ T5923] usb 4-1: USB disconnect, device number 12 [ 152.101846][ T6821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.278'. [ 152.304121][ T6831] FAULT_INJECTION: forcing a failure. [ 152.304121][ T6831] name failslab, interval 1, probability 0, space 0, times 0 [ 152.317133][ T6831] CPU: 1 UID: 0 PID: 6831 Comm: syz.1.283 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 152.317160][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 152.317173][ T6831] Call Trace: [ 152.317180][ T6831] [ 152.317189][ T6831] dump_stack_lvl+0x241/0x360 [ 152.317219][ T6831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.317243][ T6831] ? __pfx__printk+0x10/0x10 [ 152.317267][ T6831] ? __pfx___might_resched+0x10/0x10 [ 152.317301][ T6831] should_fail_ex+0x424/0x570 [ 152.317328][ T6831] should_failslab+0xac/0x100 [ 152.317359][ T6831] __kmalloc_noprof+0xdf/0x4d0 [ 152.317376][ T6831] ? do_sys_poll+0x2c5/0x1610 [ 152.317399][ T6831] do_sys_poll+0x2c5/0x1610 [ 152.317420][ T6831] ? is_bpf_text_address+0x26/0x2a0 [ 152.317467][ T6831] ? is_bpf_text_address+0x288/0x2a0 [ 152.317493][ T6831] ? is_bpf_text_address+0x26/0x2a0 [ 152.317521][ T6831] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 152.317544][ T6831] ? kernel_text_address+0xa7/0xe0 [ 152.317569][ T6831] ? __kernel_text_address+0xd/0x40 [ 152.317593][ T6831] ? _parse_integer_limit+0x1b4/0x200 [ 152.317622][ T6831] ? __pfx_do_sys_poll+0x10/0x10 [ 152.317644][ T6831] ? kstrtoull+0x1d3/0x2f0 [ 152.317714][ T6831] ? rcu_read_lock_any_held+0xbb/0x160 [ 152.317747][ T6831] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 152.317768][ T6831] ? vfs_write+0xb29/0xd10 [ 152.317811][ T6831] ? __pfx_set_user_sigmask+0x10/0x10 [ 152.317853][ T6831] __se_sys_ppoll+0x2a2/0x330 [ 152.317888][ T6831] ? __pfx___se_sys_ppoll+0x10/0x10 [ 152.317925][ T6831] ? __x64_sys_ppoll+0x20/0xc0 [ 152.317956][ T6831] do_syscall_64+0xf3/0x230 [ 152.317986][ T6831] ? clear_bhb_loop+0x45/0xa0 [ 152.318008][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.318028][ T6831] RIP: 0033:0x7fc431b8d169 [ 152.318044][ T6831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.318060][ T6831] RSP: 002b:00007fc432965038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 152.318081][ T6831] RAX: ffffffffffffffda RBX: 00007fc431da5fa0 RCX: 00007fc431b8d169 [ 152.318095][ T6831] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 152.318109][ T6831] RBP: 00007fc432965090 R08: 0000000000000000 R09: 0000000000000000 [ 152.318120][ T6831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.318132][ T6831] R13: 0000000000000000 R14: 00007fc431da5fa0 R15: 00007ffe96000698 [ 152.318155][ T6831] [ 152.653541][ T5923] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 152.813641][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 152.833516][ T5923] usb 3-1: config 0 has no interfaces? [ 152.849968][ T5923] usb 3-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c [ 152.865066][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.873247][ T5923] usb 3-1: Product: syz [ 152.877665][ T5923] usb 3-1: Manufacturer: syz [ 152.888767][ T5923] usb 3-1: SerialNumber: syz [ 152.939261][ T5923] usb 3-1: config 0 descriptor?? [ 154.821327][ T6884] warning: `syz.4.290' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 155.012211][ T6884] program syz.4.290 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 155.112443][ T5870] usb 3-1: USB disconnect, device number 9 [ 155.276493][ T6898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 155.313813][ T6901] netlink: 'syz.4.294': attribute type 21 has an invalid length. [ 155.402741][ T6901] 9pnet_fd: Insufficient options for proto=fd [ 156.932866][ T6917] FAULT_INJECTION: forcing a failure. [ 156.932866][ T6917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.969690][ T6917] CPU: 0 UID: 0 PID: 6917 Comm: syz.4.298 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 156.969720][ T6917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 156.969733][ T6917] Call Trace: [ 156.969740][ T6917] [ 156.969749][ T6917] dump_stack_lvl+0x241/0x360 [ 156.969780][ T6917] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.969804][ T6917] ? __pfx__printk+0x10/0x10 [ 156.969833][ T6917] should_fail_ex+0x424/0x570 [ 156.969860][ T6917] _copy_to_user+0x31/0xb0 [ 156.969888][ T6917] simple_read_from_buffer+0xdc/0x170 [ 156.969922][ T6917] proc_fail_nth_read+0x1ef/0x260 [ 156.969947][ T6917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.969972][ T6917] ? rw_verify_area+0x246/0x630 [ 156.969995][ T6917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.970018][ T6917] vfs_read+0x21f/0xb90 [ 156.970045][ T6917] ? __pfx___mutex_lock+0x10/0x10 [ 156.970075][ T6917] ? __pfx_vfs_read+0x10/0x10 [ 156.970101][ T6917] ? __fget_files+0x2a/0x420 [ 156.970123][ T6917] ? __fget_files+0x39d/0x420 [ 156.970141][ T6917] ? __fget_files+0x2a/0x420 [ 156.970167][ T6917] ksys_read+0x19d/0x2d0 [ 156.970199][ T6917] ? __pfx_ksys_read+0x10/0x10 [ 156.970227][ T6917] ? do_syscall_64+0xb6/0x230 [ 156.970258][ T6917] do_syscall_64+0xf3/0x230 [ 156.970286][ T6917] ? clear_bhb_loop+0x45/0xa0 [ 156.970308][ T6917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.970327][ T6917] RIP: 0033:0x7fed57b8bb7c [ 156.970344][ T6917] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 156.970362][ T6917] RSP: 002b:00007fed589c9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 156.970383][ T6917] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8bb7c [ 156.970398][ T6917] RDX: 000000000000000f RSI: 00007fed589c90a0 RDI: 0000000000000005 [ 156.970410][ T6917] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 156.970423][ T6917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.970434][ T6917] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 156.970460][ T6917] [ 157.561807][ T6934] netlink: 20 bytes leftover after parsing attributes in process `syz.4.304'. [ 157.951962][ T6909] fuse: Unknown parameter 'G`' [ 158.005440][ C0] dccp_v6_rcv: dropped packet with invalid checksum [ 158.605037][ T976] usb 1-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 158.676411][ T976] dvb_usb_ec168 1-1:0.1: probe with driver dvb_usb_ec168 failed with error -110 [ 158.689604][ T976] usb 1-1: USB disconnect, device number 2 [ 159.373879][ T5918] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 159.653824][ T5918] usb 1-1: Using ep0 maxpacket: 8 [ 159.702220][ T5918] usb 1-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 159.738248][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 159.751418][ T5918] usb 1-1: Product: syz [ 159.768134][ T5918] usb 1-1: Manufacturer: syz [ 159.772987][ T5918] usb 1-1: SerialNumber: syz [ 159.786521][ T5918] usb 1-1: config 0 descriptor?? [ 159.815742][ T6959] FAULT_INJECTION: forcing a failure. [ 159.815742][ T6959] name failslab, interval 1, probability 0, space 0, times 0 [ 159.850689][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.4.311 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 159.850720][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 159.850734][ T6959] Call Trace: [ 159.850741][ T6959] [ 159.850750][ T6959] dump_stack_lvl+0x241/0x360 [ 159.850783][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.850807][ T6959] ? __pfx__printk+0x10/0x10 [ 159.850832][ T6959] ? __pfx___might_resched+0x10/0x10 [ 159.850865][ T6959] should_fail_ex+0x424/0x570 [ 159.850896][ T6959] should_failslab+0xac/0x100 [ 159.850928][ T6959] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 159.850969][ T6959] ? __alloc_skb+0x1c2/0x480 [ 159.851001][ T6959] __alloc_skb+0x1c2/0x480 [ 159.851035][ T6959] ? __pfx___alloc_skb+0x10/0x10 [ 159.851065][ T6959] ? netlink_autobind+0xd6/0x2f0 [ 159.851088][ T6959] ? netlink_autobind+0x2b0/0x2f0 [ 159.851115][ T6959] netlink_sendmsg+0x65c/0xce0 [ 159.851146][ T6959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.851177][ T6959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.851199][ T6959] __sock_sendmsg+0x221/0x270 [ 159.851226][ T6959] ____sys_sendmsg+0x53c/0x870 [ 159.851251][ T6959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.851270][ T6959] ? __fget_files+0x2a/0x420 [ 159.851293][ T6959] ? __fget_files+0x2a/0x420 [ 159.851319][ T6959] __sys_sendmsg+0x271/0x360 [ 159.851343][ T6959] ? __pfx___sys_sendmsg+0x10/0x10 [ 159.851396][ T6959] ? do_syscall_64+0xb6/0x230 [ 159.851428][ T6959] do_syscall_64+0xf3/0x230 [ 159.851458][ T6959] ? clear_bhb_loop+0x45/0xa0 [ 159.851480][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.851500][ T6959] RIP: 0033:0x7fed57b8d169 [ 159.851517][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.851534][ T6959] RSP: 002b:00007fed589c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.851556][ T6959] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8d169 [ 159.851571][ T6959] RDX: 0000000000000000 RSI: 0000200000000740 RDI: 0000000000000003 [ 159.851584][ T6959] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 159.851597][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.851609][ T6959] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 159.851633][ T6959] [ 161.189985][ T6974] FAULT_INJECTION: forcing a failure. [ 161.189985][ T6974] name failslab, interval 1, probability 0, space 0, times 0 [ 161.232652][ T6974] CPU: 0 UID: 0 PID: 6974 Comm: syz.2.315 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 161.232685][ T6974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 161.232697][ T6974] Call Trace: [ 161.232704][ T6974] [ 161.232712][ T6974] dump_stack_lvl+0x241/0x360 [ 161.232742][ T6974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.232765][ T6974] ? __pfx__printk+0x10/0x10 [ 161.232788][ T6974] ? __pfx___might_resched+0x10/0x10 [ 161.232827][ T6974] should_fail_ex+0x424/0x570 [ 161.232862][ T6974] should_failslab+0xac/0x100 [ 161.232893][ T6974] __kmalloc_noprof+0xdf/0x4d0 [ 161.232937][ T6974] ? tomoyo_encode+0x26f/0x540 [ 161.232971][ T6974] tomoyo_encode+0x26f/0x540 [ 161.233006][ T6974] tomoyo_realpath_from_path+0x59e/0x5e0 [ 161.233048][ T6974] tomoyo_path_number_perm+0x245/0x790 [ 161.233077][ T6974] ? tomoyo_path_number_perm+0x215/0x790 [ 161.233107][ T6974] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 161.233139][ T6974] ? ksys_write+0x24e/0x2d0 [ 161.233170][ T6974] ? __lock_acquire+0xad5/0xd80 [ 161.233208][ T6974] ? __fget_files+0x2a/0x420 [ 161.233230][ T6974] ? __fget_files+0x2a/0x420 [ 161.233252][ T6974] ? __fget_files+0x2a/0x420 [ 161.233277][ T6974] security_file_ioctl+0xc6/0x2a0 [ 161.233306][ T6974] __se_sys_ioctl+0x46/0x160 [ 161.233335][ T6974] do_syscall_64+0xf3/0x230 [ 161.233367][ T6974] ? clear_bhb_loop+0x45/0xa0 [ 161.233391][ T6974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.233412][ T6974] RIP: 0033:0x7f45bb18d169 [ 161.233430][ T6974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.233447][ T6974] RSP: 002b:00007f45bc066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.233470][ T6974] RAX: ffffffffffffffda RBX: 00007f45bb3a5fa0 RCX: 00007f45bb18d169 [ 161.233485][ T6974] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000003 [ 161.233498][ T6974] RBP: 00007f45bc066090 R08: 0000000000000000 R09: 0000000000000000 [ 161.233511][ T6974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.233523][ T6974] R13: 0000000000000000 R14: 00007f45bb3a5fa0 R15: 00007fffe2f15948 [ 161.233548][ T6974] [ 161.489470][ T6974] ERROR: Out of memory at tomoyo_realpath_from_path. [ 163.188818][ T5918] usb 1-1: USB disconnect, device number 3 [ 163.360642][ T6996] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 163.468812][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.522994][ T5923] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 163.723867][ T5923] usb 4-1: Using ep0 maxpacket: 8 [ 163.765474][ T5923] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 163.833008][ T5923] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 163.910069][ T5923] usb 4-1: config 0 has an invalid descriptor of length 79, skipping remainder of the config [ 164.076560][ T5923] usb 4-1: config 0 has no interface number 0 [ 164.110233][ T5923] usb 4-1: New USB device found, idVendor=1199, idProduct=9055, bcdDevice=5f.c3 [ 164.143551][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.174572][ T5923] usb 4-1: config 0 descriptor?? [ 164.182153][ T5923] hub 4-1:0.8: bad descriptor, ignoring hub [ 164.191094][ T5923] hub 4-1:0.8: probe with driver hub failed with error -5 [ 164.293134][ T7015] FAULT_INJECTION: forcing a failure. [ 164.293134][ T7015] name failslab, interval 1, probability 0, space 0, times 0 [ 164.513911][ T7015] CPU: 1 UID: 0 PID: 7015 Comm: syz.0.328 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 164.513943][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 164.513957][ T7015] Call Trace: [ 164.513965][ T7015] [ 164.513974][ T7015] dump_stack_lvl+0x241/0x360 [ 164.514006][ T7015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.514031][ T7015] ? __pfx__printk+0x10/0x10 [ 164.514056][ T7015] ? __pfx___might_resched+0x10/0x10 [ 164.514104][ T7015] should_fail_ex+0x424/0x570 [ 164.514132][ T7015] should_failslab+0xac/0x100 [ 164.514164][ T7015] kmem_cache_alloc_noprof+0x78/0x390 [ 164.514193][ T7015] ? vm_area_dup+0x61/0x290 [ 164.514220][ T7015] vm_area_dup+0x61/0x290 [ 164.514246][ T7015] __split_vma+0x1c2/0xc00 [ 164.514276][ T7015] ? __sanitizer_cov_trace_pc+0x37/0x70 [ 164.514307][ T7015] ? __pfx___split_vma+0x10/0x10 [ 164.514349][ T7015] vma_modify+0x193/0x390 [ 164.514380][ T7015] vma_modify_flags+0x3a7/0x430 [ 164.514407][ T7015] ? __pfx_ima_file_mprotect+0x10/0x10 [ 164.514437][ T7015] ? __pfx_vma_modify_flags+0x10/0x10 [ 164.514477][ T7015] ? may_expand_vm+0x1b9/0x300 [ 164.514503][ T7015] mprotect_fixup+0x4a3/0xb00 [ 164.514535][ T7015] ? __pfx_mprotect_fixup+0x10/0x10 [ 164.514562][ T7015] ? mas_find+0x950/0xbb0 [ 164.514601][ T7015] do_mprotect_pkey+0x99f/0xde0 [ 164.514630][ T7015] ? ksys_write+0x24e/0x2d0 [ 164.514662][ T7015] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 164.514718][ T7015] __x64_sys_mprotect+0x80/0x90 [ 164.514746][ T7015] do_syscall_64+0xf3/0x230 [ 164.514775][ T7015] ? clear_bhb_loop+0x45/0xa0 [ 164.514797][ T7015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.514817][ T7015] RIP: 0033:0x7f17de38d169 [ 164.514835][ T7015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.514855][ T7015] RSP: 002b:00007f17df18a038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 164.514878][ T7015] RAX: ffffffffffffffda RBX: 00007f17de5a5fa0 RCX: 00007f17de38d169 [ 164.514893][ T7015] RDX: 000000000000000b RSI: 0000000000005000 RDI: 0000200000ffa000 [ 164.514906][ T7015] RBP: 00007f17df18a090 R08: 0000000000000000 R09: 0000000000000000 [ 164.514918][ T7015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.514930][ T7015] R13: 0000000000000000 R14: 00007f17de5a5fa0 R15: 00007ffcad00c7c8 [ 164.514956][ T7015] [ 165.111147][ T976] usb 4-1: USB disconnect, device number 13 [ 165.303722][ T5923] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 165.543484][ T5923] usb 2-1: Using ep0 maxpacket: 8 [ 165.582029][ T5923] usb 2-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 165.627914][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 165.672323][ T5923] usb 2-1: Product: syz [ 165.839813][ T5923] usb 2-1: Manufacturer: syz [ 166.129719][ T5923] usb 2-1: SerialNumber: syz [ 166.740928][ T5923] usb 2-1: config 0 descriptor?? [ 166.903614][ T976] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 167.063647][ T976] usb 4-1: Using ep0 maxpacket: 16 [ 167.087134][ T976] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 167.111208][ T7051] netlink: 44 bytes leftover after parsing attributes in process `syz.4.336'. [ 167.135265][ T976] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 167.163646][ T976] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 167.191581][ T976] usb 4-1: config 0 has no interface number 0 [ 167.217461][ T976] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 167.255964][ T976] usb 4-1: config 0 interface 104 has no altsetting 1 [ 167.282814][ T976] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 167.312173][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.333164][ T976] usb 4-1: Product: syz [ 167.361820][ T976] usb 4-1: Manufacturer: syz [ 167.382691][ T976] usb 4-1: SerialNumber: syz [ 167.433732][ T976] usb 4-1: config 0 descriptor?? [ 167.681406][ T976] asix 4-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 167.732008][ T976] asix 4-1:0.104: probe with driver asix failed with error -71 [ 167.775745][ T976] usb 4-1: USB disconnect, device number 14 [ 168.781539][ T7067] FAULT_INJECTION: forcing a failure. [ 168.781539][ T7067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.799056][ T7067] CPU: 0 UID: 0 PID: 7067 Comm: syz.4.341 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 168.799088][ T7067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 168.799101][ T7067] Call Trace: [ 168.799108][ T7067] [ 168.799134][ T7067] dump_stack_lvl+0x241/0x360 [ 168.799167][ T7067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.799201][ T7067] ? __pfx__printk+0x10/0x10 [ 168.799232][ T7067] should_fail_ex+0x424/0x570 [ 168.799261][ T7067] _copy_to_user+0x31/0xb0 [ 168.799285][ T7067] simple_read_from_buffer+0xdc/0x170 [ 168.799321][ T7067] proc_fail_nth_read+0x1ef/0x260 [ 168.799348][ T7067] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 168.799374][ T7067] ? rw_verify_area+0x246/0x630 [ 168.799398][ T7067] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 168.799422][ T7067] vfs_read+0x21f/0xb90 [ 168.799451][ T7067] ? __pfx___mutex_lock+0x10/0x10 [ 168.799482][ T7067] ? __pfx_vfs_read+0x10/0x10 [ 168.799511][ T7067] ? __fget_files+0x2a/0x420 [ 168.799533][ T7067] ? __fget_files+0x39d/0x420 [ 168.799552][ T7067] ? __fget_files+0x2a/0x420 [ 168.799579][ T7067] ksys_read+0x19d/0x2d0 [ 168.799607][ T7067] ? __pfx_ksys_read+0x10/0x10 [ 168.799637][ T7067] ? do_syscall_64+0xb6/0x230 [ 168.799670][ T7067] do_syscall_64+0xf3/0x230 [ 168.799701][ T7067] ? clear_bhb_loop+0x45/0xa0 [ 168.799724][ T7067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.799744][ T7067] RIP: 0033:0x7fed57b8bb7c [ 168.799763][ T7067] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 168.799781][ T7067] RSP: 002b:00007fed589c9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 168.799803][ T7067] RAX: ffffffffffffffda RBX: 00007fed57da5fa0 RCX: 00007fed57b8bb7c [ 168.799819][ T7067] RDX: 000000000000000f RSI: 00007fed589c90a0 RDI: 0000000000000005 [ 168.799831][ T7067] RBP: 00007fed589c9090 R08: 0000000000000000 R09: 0000000000000000 [ 168.799844][ T7067] R10: 0000000000000068 R11: 0000000000000246 R12: 0000000000000001 [ 168.799856][ T7067] R13: 0000000000000000 R14: 00007fed57da5fa0 R15: 00007ffd7de14ca8 [ 168.799882][ T7067] [ 171.626558][ T5923] usb 2-1: USB disconnect, device number 4 [ 172.028035][ T5837] udevd[5837]: setting owner of /dev/bus/usb/002/004 to uid=0, gid=0 failed: No such file or directory [ 172.353019][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.965759][ T7101] FAULT_INJECTION: forcing a failure. [ 172.965759][ T7101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.009117][ T7101] CPU: 1 UID: 0 PID: 7101 Comm: syz.1.350 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) [ 173.009140][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 173.009150][ T7101] Call Trace: [ 173.009156][ T7101] [ 173.009163][ T7101] dump_stack_lvl+0x241/0x360 [ 173.009186][ T7101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.009203][ T7101] ? __pfx__printk+0x10/0x10 [ 173.009223][ T7101] should_fail_ex+0x424/0x570 [ 173.009243][ T7101] strncpy_from_user+0x36/0x280 [ 173.009261][ T7101] getname_flags+0xf0/0x530 [ 173.009278][ T7101] user_path_at+0x24/0x60 [ 173.009294][ T7101] __se_sys_utime+0x144/0x2f0 [ 173.009313][ T7101] ? __pfx___se_sys_utime+0x10/0x10 [ 173.009328][ T7101] ? ksys_write+0x275/0x2d0 [ 173.009351][ T7101] ? do_syscall_64+0xb6/0x230 [ 173.009373][ T7101] do_syscall_64+0xf3/0x230 [ 173.009394][ T7101] ? clear_bhb_loop+0x45/0xa0 [ 173.009410][ T7101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.009425][ T7101] RIP: 0033:0x7fc431b8d169 [ 173.009437][ T7101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.009449][ T7101] RSP: 002b:00007fc432944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084 [ 173.009465][ T7101] RAX: ffffffffffffffda RBX: 00007fc431da6080 RCX: 00007fc431b8d169 [ 173.009476][ T7101] RDX: 0000000000000000 RSI: 0000200000001300 RDI: 00002000000012c0 [ 173.009485][ T7101] RBP: 00007fc432944090 R08: 0000000000000000 R09: 0000000000000000 [ 173.009494][ T7101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.009502][ T7101] R13: 0000000000000001 R14: 00007fc431da6080 R15: 00007ffe96000698 [ 173.009519][ T7101] [ 174.801729][ T7118] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.352'. [ 174.812022][ T7118] openvswitch: netlink: Message has 44053 unknown bytes. [ 175.583677][ T976] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 176.502538][ T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.900418][ T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.973273][ T976] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 177.019222][ T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.187411][ T976] usb 3-1: config 0 descriptor?? [ 177.533658][ T5923] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 178.210046][ T5923] usb 1-1: Using ep0 maxpacket: 8 [ 178.232820][ T5923] usb 1-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 178.262312][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 178.276333][ T7143] netlink: 'syz.1.361': attribute type 21 has an invalid length. [ 178.287002][ T5923] usb 1-1: Product: syz [ 178.291224][ T5923] usb 1-1: Manufacturer: syz [ 178.304150][ T5923] usb 1-1: SerialNumber: syz [ 178.319687][ T5923] usb 1-1: config 0 descriptor?? [ 178.427608][ T976] hid-led 0003:0FC5:B080.0001: probe with driver hid-led failed with error -71 [ 178.446017][ T7143] 9pnet_fd: Insufficient options for proto=fd [ 178.478944][ T976] usb 3-1: USB disconnect, device number 10 [ 179.139165][ T7161] loop2: detected capacity change from 0 to 7 [ 179.150250][ T7161] Dev loop2: unable to read RDB block 7 [ 179.174578][ T7161] loop2: unable to read partition table [ 179.182078][ T7161] loop2: partition table beyond EOD, truncated [ 179.396817][ T7161] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 179.950088][ T7163] ubi: mtd0 is already attached to ubi31 [ 180.450695][ T5923] usb 1-1: USB disconnect, device number 4 [ 181.040631][ T96] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 181.391663][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.503207][ T96] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 181.520077][ T96] usb 2-1: config 0 has no interface number 0 [ 181.565352][ T96] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 182.437422][ T96] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.471791][ T96] usb 2-1: config 0 descriptor?? [ 182.657577][ T96] usb 2-1: selecting invalid altsetting 1 [ 182.719272][ T96] dvb_ttusb_budget: ttusb_init_controller: error [ 182.729152][ T7167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.753939][ T7167] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.781439][ T96] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 182.807052][ T7183] delete_channel: no stack [ 182.980370][ T96] DVB: Unable to find symbol cx22700_attach() [ 183.114002][ T96] DVB: Unable to find symbol tda10046_attach() [ 183.130001][ T96] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 183.179371][ T96] usb 2-1: USB disconnect, device number 5 [ 184.320031][ T7239] netlink: 'syz.1.391': attribute type 21 has an invalid length. [ 184.420001][ T7243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.392'. [ 185.014086][ T7249] 9pnet_fd: Insufficient options for proto=fd [ 185.471479][ T7262] netlink: 28 bytes leftover after parsing attributes in process `syz.3.394'. [ 185.480635][ T7262] nbd: must specify at least one socket [ 185.627162][ T7264] loop2: detected capacity change from 0 to 7 [ 185.671403][ T7264] Dev loop2: unable to read RDB block 7 [ 185.698725][ T7264] loop2: unable to read partition table [ 185.738972][ T7264] loop2: partition table beyond EOD, truncated [ 185.785452][ T7264] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 186.751034][ T7264] ubi: mtd0 is already attached to ubi31 [ 187.044777][ T7275] ALSA: mixer_oss: invalid OSS volume 'Xñð‘rÀ¢,p' [ 188.056117][ T976] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 188.358699][ T976] usb 2-1: device descriptor read/64, error -71 [ 188.480501][ T7294] netlink: 12 bytes leftover after parsing attributes in process `syz.4.405'. [ 189.145849][ T7299] netlink: 'syz.3.407': attribute type 21 has an invalid length. [ 189.203551][ T976] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 189.317925][ T7301] 9pnet_fd: Insufficient options for proto=fd [ 189.343515][ T976] usb 2-1: device descriptor read/64, error -71 [ 189.468270][ T976] usb usb2-port1: attempt power cycle [ 189.856331][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.411'. [ 189.865319][ T7314] nbd: must specify at least one socket [ 190.844744][ T976] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 192.608936][ T976] usb 2-1: device descriptor read/8, error -71 [ 192.762778][ T7329] loop2: detected capacity change from 0 to 7 [ 192.787720][ T7329] Dev loop2: unable to read RDB block 7 [ 192.803052][ T7329] loop2: unable to read partition table [ 192.821913][ T7329] loop2: partition table beyond EOD, truncated [ 192.862360][ T7329] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 193.240618][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 193.388122][ T7330] ubi: mtd0 is already attached to ubi31 [ 193.664006][ T7321] ALSA: mixer_oss: invalid OSS volume 'Xñð‘rÀ¢,p' [ 193.743589][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 193.753350][ T10] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 193.762401][ T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 193.797164][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 193.823729][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.855443][ T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.173475][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 194.329672][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.498038][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.500571][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.951231][ T7345] xt_CT: You must specify a L4 protocol and not use inversions on it [ 195.073694][ T10] usb 3-1: GET_CAPABILITIES returned 0 [ 195.100974][ T10] usbtmc 3-1:16.0: can't read capabilities [ 195.503083][ T7354] xt_ipcomp: unknown flags 12 [ 196.513978][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 196.520560][ T5829] Bluetooth: hci3: command 0x0401 tx timeout [ 196.520584][ T5821] Bluetooth: hci2: command 0x0406 tx timeout [ 196.526761][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 196.679309][ T7350] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 196.759547][ T976] usb 3-1: USB disconnect, device number 11 [ 198.055632][ T7376] netlink: 28 bytes leftover after parsing attributes in process `syz.0.425'. [ 198.064715][ T7376] nbd: must specify at least one socket [ 204.024564][ T7382] ALSA: mixer_oss: invalid OSS volume 'Xñð‘rÀ¢,p' [ 216.303424][ C0] sched: DL replenish lagged too much [ 286.608509][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 288.355748][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.230450][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 317.337147][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.358806][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.533340][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 391.540339][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5806/1:b..l [ 391.548575][ C1] rcu: (detected by 1, t=10503 jiffies, g=18173, q=393 ncpus=2) [ 391.556338][ C1] task:syz-executor state:R running task stack:20272 pid:5806 tgid:5806 ppid:5804 task_flags:0x400100 flags:0x00000002 [ 391.570730][ C1] Call Trace: [ 391.574039][ C1] [ 391.576996][ C1] __schedule+0x1ac3/0x5090 [ 391.581525][ C1] ? __dev_queue_xmit+0x2f9/0x3f60 [ 391.586655][ C1] ? lockdep_hardirqs_on+0x9d/0x150 [ 391.591906][ C1] ? __pfx___schedule+0x10/0x10 [ 391.596782][ C1] ? __lock_acquire+0xad5/0xd80 [ 391.601671][ C1] ? preempt_schedule_irq+0xf3/0x1c0 [ 391.606976][ C1] preempt_schedule_irq+0xfe/0x1c0 [ 391.612117][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 391.617967][ C1] irqentry_exit+0x5e/0x90 [ 391.622422][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 391.628444][ C1] RIP: 0010:__kernel_text_address+0x5/0x40 [ 391.634306][ C1] Code: c3 48 c7 c7 80 7e 3b 90 e8 28 3d 9c 00 eb b5 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 53 <48> 89 fb e8 43 00 00 00 85 c0 0f 95 c0 48 c7 c1 00 70 98 91 48 39 [ 391.653960][ C1] RSP: 0018:ffffc9000404f730 EFLAGS: 00000246 [ 391.660057][ C1] RAX: 0000000000000000 RBX: ffffc9000404f7a8 RCX: 0000000080000000 [ 391.668046][ C1] RDX: dffffc0000000000 RSI: ffffc90004048000 RDI: ffffffff822915aa [ 391.676046][ C1] RBP: ffffc9000404f7f0 R08: ffffc9000404fc28 R09: 0000000000000000 [ 391.684051][ C1] R10: ffffc9000404f7b0 R11: fffff52000809ef8 R12: ffff888029ab3c00 [ 391.692054][ C1] R13: ffffffff81aed9f0 R14: dffffc0000000000 R15: 1ffff92000809ef5 [ 391.700048][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 391.706225][ C1] ? qlist_free_all+0x9a/0x140 [ 391.711056][ C1] unwind_get_return_address+0x4d/0x90 [ 391.716547][ C1] arch_stack_walk+0xff/0x150 [ 391.721246][ C1] ? qlist_free_all+0x9a/0x140 [ 391.726030][ C1] stack_trace_save+0x11a/0x1d0 [ 391.730907][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 391.736310][ C1] ? _raw_spin_unlock_irqrestore+0x90/0x140 [ 391.742226][ C1] ? lockdep_hardirqs_on+0x9d/0x150 [ 391.747454][ C1] save_stack+0xfc/0x1f0 [ 391.751731][ C1] ? __pfx_save_stack+0x10/0x10 [ 391.756607][ C1] ? free_frozen_pages+0xe0d/0x10e0 [ 391.761825][ C1] ? __put_partials+0x160/0x1c0 [ 391.766683][ C1] ? put_cpu_partial+0x17e/0x250 [ 391.771641][ C1] ? __slab_free+0x294/0x390 [ 391.776266][ C1] ? page_ext_get+0x20/0x2a0 [ 391.780887][ C1] __reset_page_owner+0x79/0x440 [ 391.785855][ C1] free_frozen_pages+0xe0d/0x10e0 [ 391.790905][ C1] __put_partials+0x160/0x1c0 [ 391.795596][ C1] ? put_cpu_partial+0x14e/0x250 [ 391.800561][ C1] put_cpu_partial+0x17e/0x250 [ 391.805349][ C1] ? put_cpu_partial+0x72/0x250 [ 391.810227][ C1] __slab_free+0x294/0x390 [ 391.814667][ C1] ? __phys_addr+0xba/0x170 [ 391.819189][ C1] qlist_free_all+0x9a/0x140 [ 391.823815][ C1] kasan_quarantine_reduce+0x14f/0x170 [ 391.829299][ C1] __kasan_slab_alloc+0x23/0x80 [ 391.834166][ C1] __kmalloc_noprof+0x238/0x4d0 [ 391.839051][ C1] ? alloc_pipe_info+0x1ff/0x4d0 [ 391.844019][ C1] alloc_pipe_info+0x1ff/0x4d0 [ 391.848812][ C1] create_pipe_files+0x86/0x7d0 [ 391.853681][ C1] ? rcu_is_watching+0x15/0xb0 [ 391.858482][ C1] __do_pipe_flags+0x48/0x2d0 [ 391.863197][ C1] do_pipe2+0xd6/0x310 [ 391.867304][ C1] ? __pfx_do_pipe2+0x10/0x10 [ 391.872001][ C1] __x64_sys_pipe2+0x5a/0x70 [ 391.876619][ C1] do_syscall_64+0xf3/0x230 [ 391.881185][ C1] ? clear_bhb_loop+0x45/0xa0 [ 391.885893][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.891806][ C1] RIP: 0033:0x7fbe0258be89 [ 391.896222][ C1] RSP: 002b:00007ffc7d482878 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 391.904653][ C1] RAX: ffffffffffffffda RBX: 00005555593cdc70 RCX: 00007fbe0258be89 [ 391.912657][ C1] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 00007ffc7d482888 [ 391.920636][ C1] RBP: 00007ffc7d482c40 R08: 0000000000000007 R09: 00005555593cb5c0 [ 391.928623][ C1] R10: b9b45b26c92340ab R11: 0000000000000246 R12: 00007ffc7d482ca0 [ 391.936600][ C1] R13: 00005555593cf390 R14: 00007ffc7d4829c0 R15: 00005555593cd6a0 [ 391.944605][ C1] [ 391.947653][ C1] rcu: rcu_preempt kthread starved for 6810 jiffies! g18173 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 391.958763][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 391.968747][ C1] rcu: RCU grace-period kthread stack dump: [ 391.974644][ C1] task:rcu_preempt state:R running task stack:26976 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 391.988189][ C1] Call Trace: [ 391.991480][ C1] [ 391.994425][ C1] __schedule+0x1ac3/0x5090 [ 391.998984][ C1] ? __pfx___schedule+0x10/0x10 [ 392.003880][ C1] ? schedule+0x90/0x360 [ 392.008181][ C1] ? schedule+0x90/0x360 [ 392.012423][ C1] schedule+0x163/0x360 [ 392.016609][ C1] schedule_timeout+0x15b/0x290 [ 392.021495][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 392.026898][ C1] ? __pfx_process_timeout+0x10/0x10 [ 392.032209][ C1] ? prepare_to_swait_event+0x330/0x350 [ 392.037789][ C1] rcu_gp_fqs_loop+0x2e1/0x1340 [ 392.042678][ C1] ? rcu_gp_init+0x1279/0x1690 [ 392.047512][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 392.052450][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 392.058624][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 392.063968][ C1] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 392.069892][ C1] ? finish_swait+0xd4/0x1e0 [ 392.074496][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 392.079727][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 392.084370][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 392.089613][ C1] ? __kthread_parkme+0x169/0x1d0 [ 392.094644][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 392.099870][ C1] kthread+0x7a9/0x920 [ 392.103973][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 392.109297][ C1] ? __pfx_kthread+0x10/0x10 [ 392.113908][ C1] ? __pfx_kthread+0x10/0x10 [ 392.118527][ C1] ? __pfx_kthread+0x10/0x10 [ 392.123144][ C1] ? __pfx_kthread+0x10/0x10 [ 392.127759][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 392.132959][ C1] ? lockdep_hardirqs_on+0x9d/0x150 [ 392.138173][ C1] ? __pfx_kthread+0x10/0x10 [ 392.142786][ C1] ret_from_fork+0x4b/0x80 [ 392.147246][ C1] ? __pfx_kthread+0x10/0x10 [ 392.151863][ C1] ret_from_fork_asm+0x1a/0x30 [ 392.156669][ C1] [ 392.159708][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 392.166056][ C1] Sending NMI from CPU 1 to CPUs 0: [ 392.171327][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x21/0x30 [ 393.144918][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 393.156807][ T1293] ieee802154 phy1 wpan1: encryption failed: -22