last executing test programs: 23.089736863s ago: executing program 2 (id=680): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) r1 = socket(0x1d, 0x2, 0x6) fallocate(0xffffffffffffffff, 0x0, 0x400000000000000, 0x7) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r2, 0x0, 0x0) listen(r2, 0x4) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000100)=0x5, &(0x7f0000000280)=0x4) accept4$netrom(0xffffffffffffffff, 0x0, 0x0, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007"], 0x48) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101600, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0x4018aee2, &(0x7f0000000000)=""/33) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x8) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r5, 0x80082102, &(0x7f0000000080)) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000240)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newlink={0x324, 0x10, 0xffffff1f, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x11121}, [@IFLA_VFINFO_LIST={0x304, 0x16, 0x0, 0x1, [{0x114, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x5, 0x1}}, @IFLA_VF_MAC={0x28, 0x1, {0xc, @link_local}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7, 0x56c, 0x7f}}, @IFLA_VF_VLAN_LIST={0xa4, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x4, 0xb85, 0x2, 0x8100}}, {0x14, 0x1, {0x7, 0x3ac, 0x46e, 0x88a8}}, {0x14, 0x1, {0x3, 0xe02, 0x100, 0x88a8}}, {0x14, 0x1, {0x9, 0x162, 0x0, 0x8100}}, {0x14, 0x1, {0x9, 0xbce, 0x5, 0x88a8}}, {0x14, 0x1, {0x3, 0xe3a, 0x10, 0x88a8}}, {0x14, 0x1, {0x3, 0xfc4, 0x1, 0x88a8}}, {0x14, 0x1, {0x0, 0x70, 0x8002, 0x88a8}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x5, @remote}}]}, {0xf0, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x4, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0x7, @local}}, @IFLA_VF_TRUST={0xc, 0x9, {0x9, 0xea15}}, @IFLA_VF_RATE={0x10, 0x6, {0x510, 0xff, 0x9}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x9}}, @IFLA_VF_TRUST={0x3e, 0x9, {0x1, 0x1e42}}, @IFLA_VF_VLAN_LIST={0x54, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x7, 0xa01, 0x8, 0x88a8}}, {0x14, 0x1, {0x3, 0xcc0, 0x6, 0x8100}}, {0x14, 0x1, {0x6, 0x698, 0x8000, 0x8100}}, {0x14, 0x1, {0x7, 0x520, 0xe63, 0x8100}}]}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x724, 0x3}}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x9}}]}, {0xfc, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x2, 0x6eae}}, @IFLA_VF_TRUST={0xc, 0x9, {0x1, 0x6}}, @IFLA_VF_VLAN_LIST={0xb8, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x10000, 0x3db, 0x20000000, 0x8100}}, {0x14, 0x1, {0xf4, 0x3de, 0x400, 0x88a8}}, {0x14, 0x1, {0x7, 0x6f8, 0x1, 0xc180}}, {0x14, 0x1, {0xad, 0x3aa, 0x751, 0x88a8}}, {0x14, 0x1, {0x4, 0x29d, 0x8, 0x88a8}}, {0x14, 0x1, {0x5, 0xe9f, 0x1, 0x8100}}, {0x14, 0x1, {0x4, 0xe3e, 0x7, 0x88a8}}, {0x14, 0x1, {0x9, 0x24f, 0x6, 0x88a8}}, {0x14, 0x1, {0x2, 0xbb4, 0x7, 0x88a8}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @random="018215db49c9"}}]}]}]}, 0x324}, 0x1, 0x0, 0x0, 0x40}, 0x0) socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x0, 0x0, 0x4e21}, 0x6e) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000200)='ocfs2\x00', 0x5087, 0x0) bind$rds(r1, &(0x7f0000000680)={0x2, 0x4, @local}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8) 21.909862216s ago: executing program 2 (id=685): syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00050201020c2402060602040c0032a304f0ffffff0001020000090401010101020000072401200404000c2402010201400f290c89c009e900090000f7090707250183020c00090402000001020000090402020101020000072401018105000b2402010f04b4018c703c0905820940"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00') r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0x7000000) r6 = socket(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000040)) socket$can_raw(0x1d, 0x3, 0x1) setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x2, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x20, 0x1, 0x1, '\"'}, 0x0}) getdents64(r1, &(0x7f00000041c0)=""/4111, 0x100f) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 18.862640346s ago: executing program 3 (id=695): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) r1 = socket(0x1d, 0x2, 0x6) fallocate(0xffffffffffffffff, 0x0, 0x400000000000000, 0x7) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r2, 0x0, 0x0) listen(r2, 0x4) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000100)=0x5, &(0x7f0000000280)=0x4) accept4$netrom(0xffffffffffffffff, 0x0, 0x0, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007"], 0x48) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101600, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0x4018aee2, &(0x7f0000000000)=""/33) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x8) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r5, 0x80082102, &(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newlink={0x324, 0x10, 0xffffff1f, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x11121}, [@IFLA_VFINFO_LIST={0x304, 0x16, 0x0, 0x1, [{0x114, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x5, 0x1}}, @IFLA_VF_MAC={0x28, 0x1, {0xc, @link_local}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7, 0x56c, 0x7f}}, @IFLA_VF_VLAN_LIST={0xa4, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x4, 0xb85, 0x2, 0x8100}}, {0x14, 0x1, {0x7, 0x3ac, 0x46e, 0x88a8}}, {0x14, 0x1, {0x3, 0xe02, 0x100, 0x88a8}}, {0x14, 0x1, {0x9, 0x162, 0x0, 0x8100}}, {0x14, 0x1, {0x9, 0xbce, 0x5, 0x88a8}}, {0x14, 0x1, {0x3, 0xe3a, 0x10, 0x88a8}}, {0x14, 0x1, {0x3, 0xfc4, 0x1, 0x88a8}}, {0x14, 0x1, {0x0, 0x70, 0x8002, 0x88a8}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x5, @remote}}]}, {0xf0, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x4, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0x7, @local}}, @IFLA_VF_TRUST={0xc, 0x9, {0x9, 0xea15}}, @IFLA_VF_RATE={0x10, 0x6, {0x510, 0xff, 0x9}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x9}}, @IFLA_VF_TRUST={0x3e, 0x9, {0x1, 0x1e42}}, @IFLA_VF_VLAN_LIST={0x54, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x7, 0xa01, 0x8, 0x88a8}}, {0x14, 0x1, {0x3, 0xcc0, 0x6, 0x8100}}, {0x14, 0x1, {0x6, 0x698, 0x8000, 0x8100}}, {0x14, 0x1, {0x7, 0x520, 0xe63, 0x8100}}]}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x724, 0x3}}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x9}}]}, {0xfc, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x2, 0x6eae}}, @IFLA_VF_TRUST={0xc, 0x9, {0x1, 0x6}}, @IFLA_VF_VLAN_LIST={0xb8, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x10000, 0x3db, 0x20000000, 0x8100}}, {0x14, 0x1, {0xf4, 0x3de, 0x400, 0x88a8}}, {0x14, 0x1, {0x7, 0x6f8, 0x1, 0xc180}}, {0x14, 0x1, {0xad, 0x3aa, 0x751, 0x88a8}}, {0x14, 0x1, {0x4, 0x29d, 0x8, 0x88a8}}, {0x14, 0x1, {0x5, 0xe9f, 0x1, 0x8100}}, {0x14, 0x1, {0x4, 0xe3e, 0x7, 0x88a8}}, {0x14, 0x1, {0x9, 0x24f, 0x6, 0x88a8}}, {0x14, 0x1, {0x2, 0xbb4, 0x7, 0x88a8}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x6, @random="018215db49c9"}}]}]}]}, 0x324}, 0x1, 0x0, 0x0, 0x40}, 0x0) socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x0, 0x0, 0x4e21}, 0x6e) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000200)='ocfs2\x00', 0x5087, 0x0) bind$rds(r1, &(0x7f0000000680)={0x2, 0x4, @local}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8) 18.42017495s ago: executing program 2 (id=699): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xa7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006) bpf$MAP_CREATE(0x0, 0x0, 0x50) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r4) sendmsg$IEEE802154_ASSOCIATE_RESP(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000580)=ANY=[@ANYBLOB="1478577e0aae924197934d0d16482d7d3b73fd17cc96a37e44d1880b2004e46a18ae8cc4ba0720a741f428a8d71656b380f353cedaea800f916952eece91abd463e4eeda10b34bb51edc48c049f99ced0f09a9ca68c1883b1caa0fc5499d16bc01a769ff125dd70ea53c07c4811e2ab1796b974bacba28180b2b6e0cae56fc3b69a3f220aa3105d87356b273b1d8f240709c524c61401d3abd4d9a04824971529f2a058aa9b82571377e67582d7c47845b12351e6e3823b77db27a25ae6f7d7c9cdb4363eeeed4", @ANYRES16=r5], 0x14}, 0x1, 0x0, 0x0, 0x200000d0}, 0x4) socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$kcm(0x29, 0x2, 0x0) timer_create(0x2, &(0x7f0000000300)={0x0, 0x27, 0x4}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05400000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a01040000000000000000010000002400048020000180080001006f736600140002800500020000000000080001400000001408000b40000000000900010073797a300000000014000000110001"], 0xd4}}, 0x0) 17.091212874s ago: executing program 3 (id=702): syz_open_dev$usbmon(&(0x7f0000000280), 0x80000000000000, 0x0) r0 = io_uring_setup(0x4292, &(0x7f0000000040)={0x0, 0x6a04, 0x400, 0x3, 0x326}) r1 = syz_io_uring_setup(0x23e, &(0x7f00000000c0)={0x0, 0xe6f5, 0x10100, 0x3, 0x0, 0x0, r0}, &(0x7f0000000300)=0x0, &(0x7f0000000140)=0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=r5, @ANYBLOB="0000000001000000000000000e000100697036677242740c00028006000e000300000000000000000f61ea889b7263369b23c3e1dfa8fa10c15879b561ed4e988f7f5070d3567e81e60c31ff4820e58649c8868cc47ebd6ba9e6b87c760cb9149ec9f865c92d68ae29899232b4f7eb4670f0a313ceb28800e1cf687ecc27b5b772a5dd052ff5a64846bd338e07279e81edd9dae2e94b9e650d94fec49bbebc33f42d15116109089492db5a83ae543a3f329e7674e87390fe1af11ed6d9ae50e623380bb326c7cd8fe486c6af7bd748396c6174ffcc1cfca5c4e8723d4a46c4ae96cbac04cc4af42f9fe2b96db99d2947d9755064a4185aad3d6af1150354f5bea462bfdcd9d14c11"], 0x40}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x81801) unshare(0x2a020400) mount$bind(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x80000, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r6, &(0x7f0000002140)={0x2020}, 0x2020) r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$TCSETAF(r7, 0x5408, &(0x7f00000000c0)={0xffff, 0x5, 0x21, 0x79, 0x3, "5acf8f53872ebc82"}) writev(r7, &(0x7f00000024c0)=[{&(0x7f0000000480)="b9e94d", 0x3}], 0x1) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) 15.900848961s ago: executing program 3 (id=705): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000140)=ANY=[], 0x12f4}}, 0x0) recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f0000000180)=""/103, 0x67}], 0x2}, 0x20032123) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x2000000, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000280)={'fscrypt:', @desc4}, &(0x7f0000000500)={0x0, "f1a1173fb9462d3509e67197f90be6e423ceb0ab4912f9f6a31854ec7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x10}, 0x48, 0xffffffffffffffff) keyctl$invalidate(0x15, r5) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000040)={r5}, &(0x7f00000000c0)={'enc=', 'raw', ' hash=', {'cmac-aes-neon\x00'}}, 0x0, 0x0) r6 = epoll_create1(0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000000c0)={0xe000001a}) preadv(r7, &(0x7f0000000640)=[{&(0x7f0000000100)=""/115, 0x73}], 0x1, 0x80000001, 0x800000f5) ppoll(&(0x7f00000001c0)=[{r6, 0x1065}], 0x1, 0x0, 0x0, 0x0) write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) 7.438645679s ago: executing program 3 (id=711): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan3\x00', 0x0}) sendmsg$IEEE802154_LLSEC_GETPARAMS(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r3, 0x504, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x40}}, 0x41) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x2, 0x0, @private2}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f00000003c0)=@assoc_value={0x0, 0x4}, &(0x7f0000000400)=0x8) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000200)={'veth1_to_batadv\x00', {0x2, 0x4e21, @broadcast}}) ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000040)={0x4, 0xbfa, 0x7, 0x6}) 5.897400991s ago: executing program 0 (id=714): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fcntl$lock(r0, 0x24, 0x0) (fail_nth: 1) 5.54173851s ago: executing program 0 (id=715): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') socket$nl_route(0x10, 0x3, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x48, 0x14, 0xf0b, 0x4000, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xb, 0x1}, {0x4}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x200, 0xa, 0x0, 0x0, 0x7e}}, {0x4}}]}]}, 0x48}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000180)=0x6, 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="540000000207050000000000000000000200000908000540000000010c00064000000000000000000c00020308000540000000060c00024000000000000000040c00034000000000000000022f82d1bae62028b94eb1a93b8cbe25d535de592176a72e1371535740b3c61db030d12ecafef0ef719334de383e2c72b96cb425e12122c019c7d2a4b4516a6a00db07026071dff6047d0380e0cf245aea2dcf39f1a5acc69e8543499b11051c1fbd1fb3111e40211b7721032ff9fdb5187372d060715cf5cebca102194268f82ebdf8499120251669c92ea0"], 0x54}, 0x1, 0x0, 0x0, 0x8801}, 0x4040000) bind$netlink(r2, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r5, 0x0, 0xfffffe3e) bind$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffe52) 4.941455995s ago: executing program 1 (id=716): r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f00000000c0)) ioctl$MON_IOCX_GETX(r0, 0x80089203, &(0x7f0000000a40)={0x0, 0x0}) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) unshare(0x6a040000) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_GET(r1, 0x0, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x4100, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000020000502000000000100000002002000000000000000000008000200ac1414aa4598f1f1551f58d206d118f2478df19ce94476d794c97288d56eb1da677a6eef6dfdca8355147378b6e8051a71012de32c2c5630128579defea988cc49ae462ccc96a316d47691f2abb2dd0188e45a3787dfa661a834e584a3d7e5fc49b3849121ca7d850d3ce70e37f8fc1d6f8883ea194341687cba372177292627b161ee41918fc54485b4d9aa8a53b065833735da628d40d0d4acd73374dcdd9288dd5e3e279c1eff2f5effcc7b53f065ea2e5803b244e0c42eba0e4e4e941cf8b086269ee9bd79cb282dbd"], 0x24}}, 0x26048880) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x64}, 0x1, 0x0, 0x0, 0x40001}, 0x4000010) 4.671529597s ago: executing program 0 (id=717): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000540)="64b61d9b104c99176403699c7d94", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 4.572861494s ago: executing program 2 (id=718): bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b70020007f"], 0x48) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000371000/0x1000)=nil, 0x1000, 0x8) 4.401611202s ago: executing program 0 (id=719): syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00050201020c2402060602040c0032a304f0ffffff0001020000090401010101020000072401200404000c2402010201400f290c89c009e900090000f7090707250183020c00090402000001020000090402020101020000072401018105000b2402010f04b4018c703c0905820940"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0x7000000) r6 = socket(0x10, 0x3, 0x6) r7 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) socket$can_raw(0x1d, 0x3, 0x1) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, r7) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x2, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x20, 0x1, 0x1, '\"'}, 0x0}) getdents64(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 4.378675637s ago: executing program 4 (id=720): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='hrtimer_start\x00'}, 0x10) openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000040)={0x16, 0x3, 0x103, 0x1, 'syz1\x00', 0x4}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0xc1105511, 0x0) openat$fb0(0xffffffffffffff9c, 0x0, 0x133542, 0x0) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioperm(0x8, 0x40, 0x101) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000080)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xd, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) mount_setattr(0xffffffffffffffff, 0x0, 0x900, &(0x7f0000000240)={0x100000, 0x4, 0x140000}, 0x20) getsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, &(0x7f0000000080)) r4 = fcntl$getown(0xffffffffffffffff, 0x9) prlimit64(r4, 0x8, &(0x7f0000000140)={0x3, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prlimit64(0x0, 0x7, &(0x7f0000001040)={0x3, 0x10}, 0x0) socket$can_raw(0x1d, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysfs(0xffffffffffffff9c, 0x0, 0x440400, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRES16], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) 4.248994694s ago: executing program 2 (id=721): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r1, 0x0, 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020) (async) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x18c6) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000ec0)=ANY=[@ANYBLOB="61154c000000000061134f0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf590000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf664e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab69a000248e167253472dc89a57c10bb08395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb845129361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386ba3b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f44fc00b69151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cbe8d23810052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a299fa176018054e9149a1c9d20a809ce3000000000000000000000000f6fad8476470bf4bb79d2ba2c0f7147577466f4229b364d6900ad22583c0ec630ea0c6177ad88014b074d88fea473d5ef91ed786bbd3371f0dfcc5ccf4aa82927192aa94fe70a261f1899e1f2f62d50b027f7e7cac8fe3691aa323e71d5e479d466512d1df57633a9006016322978a795431c745f0502e37b8884c368a3f9d5c05a7fb5bd25d95442d09f79c5bd656dccb450cb19c6df406ffcfc414334021df3e4654f84f10070846d3b0679544"], &(0x7f0000000100)='GPL\x00', 0x200000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064c7, &(0x7f0000000140)={0xa, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0x4000010, r4, 0x3ba7a000) 4.137866646s ago: executing program 2 (id=722): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() (fail_nth: 1) 4.102662608s ago: executing program 4 (id=723): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) munlockall() 4.031256257s ago: executing program 1 (id=724): setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000780)='net/tcp6\x00') preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/118, 0x76}], 0x1, 0x0, 0x0) 3.95353355s ago: executing program 3 (id=725): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$unix(r0, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000096a7f097d9"], 0x10, 0x4800}, 0x44040) 3.865261859s ago: executing program 3 (id=726): r0 = syz_usb_connect(0x2, 0x41, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0xd1, 0x25, 0x3c, 0x40, 0x12d1, 0xed56, 0x46dd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xcf, 0x0, 0x0, 0xff, 0x1, 0x37, 0x0, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xc957}, {0xd, 0x24, 0xf, 0x1, 0xe, 0x7, 0x5}, {0x6, 0x24, 0x1a, 0x8001, 0x9}}]}}]}}]}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) msgsnd(0x0, &(0x7f0000000300)=ANY=[], 0x4000, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000004c0)={{0x1, 0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x1cb, 0x38f}, 0x0, 0x0, 0xb7, 0xda, 0x4, 0x2, 0x8, 0x2, 0x101a, 0xd7df}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)={'filter\x00', 0x0, 0x0, 0x0, [0xfffffffc, 0x0, 0xed, 0x6]}, &(0x7f0000000080)=0x50) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000ff9000/0x4000)=nil) write$rfkill(r2, &(0x7f0000000080)={0x2000000, 0x1, 0x3, 0x1}, 0x8) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r6, 0xc0044d07, &(0x7f0000000000)=0x11e) sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="800000deff000000700012800e0001006970366772657461700000005c000280050008004000000006000f00810000000800140006000000060011004e20000008000400080000000600030006000000040012001400"], 0x98}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f0000000000)={0x0, 0x21, 0x3c, {0x3c, 0x0, "8da36e3eb08726d42cc868e21efa329135318a371802d51b1632d7af212e7bbcf68c2e8341740c53cf469a4e6015a417637853c89a6c8c784033"}}, &(0x7f0000000080)={0x0, 0x3, 0x68, @string={0x68, 0x3, "ded8b45c2de13110de859fac463b65396baceac3d5dde2b29cb8901c0f6af02977650bf31a1195133c5a1f73fb80950fb0d8efa224d7b94967e6bb00e47789beab22e2e3252030df5a901471439a63fa4a0e75d98996060edb46cdecffb0e56811f0ea459e7a"}}, &(0x7f0000000100)={0x0, 0xf, 0xc5, {0x5, 0xf, 0xc5, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xa, "a28dc7cd39495d5574be1d78ad44d7bb"}, @generic={0xa0, 0x10, 0xb, "267a2f761fd47fe59295f246404737d38600f5d9f9147e3b53deff1add4cb1ad5c6978f18a8a6d7a246053715f6c4eaf14f30572da327c77eaab8941a0dbaff4029659d07efa009ced4c9d98e7ef23e1d933bd20aefd6a638fdddf9c84e0fd2da927ca2f0f2e4ef387a7bb2e04e520f622e8bbfff86338fca8094c3717b2aecb5828a8f76306161808de232fd8a29160be3f7d6a2556f02e033b10256c"}, @ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0xeb1, 0xf, 0xffff}]}}, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x1, 0xa, 0x9, 'KQp3', "fa1f370b"}}, &(0x7f00000002c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xc, 0x8, 0xc0, 0x0, 0x3, 0xfff7, 0x4}}}, &(0x7f0000000740)={0x84, &(0x7f0000000340)={0x40, 0x5, 0x2b, "c9961b11469596fc750799869b9699fbe5075b9df4adf9b92a77b5082b68ae2436b3a5a460130dffa0b289"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x8}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xb}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x60, 0x2, [0xf0]}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x80}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000500)={0x40, 0xb, 0x2, "6c81"}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000580)={0x40, 0x13, 0x6, @local}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @local}, &(0x7f0000000600)={0x40, 0x19, 0x2, "1067"}, &(0x7f0000000640)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x7}, &(0x7f00000006c0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000000700)={0x40, 0x21, 0x1, 0xe}}) 3.528607535s ago: executing program 1 (id=727): unshare(0x26060400) semop(0x0, &(0x7f0000000000)=[{0x3, 0x7, 0x1000}, {0x3, 0x3, 0x1800}], 0x2) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) 3.412323846s ago: executing program 1 (id=728): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000030000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e3900000613f207c4e8ed79bb5e9aa6000000015d2b51e85dc0893f8f8ae201553ec6e4a50f86eff6007772e76e19601ff1a9816108e4b4e8d3ce1b13cf8d59b55cd71c788aa9cfc760ad65c0e5ba06b84e7591d96dfbfced372c1b00253a3b37bca0a3eb46270d249b4ba48e853bdfac49c833fdc58e1b38", @ANYRES32, @ANYBLOB="0500000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="050000000100000001"], 0x50) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x5, 0xf}]}}]}, 0x38}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000890000000000000000", @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000100001040000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028005000e0040"], 0x44}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040), 0x0, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.411853646s ago: executing program 4 (id=729): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$unix(r0, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4800}, 0x44040) 3.226173801s ago: executing program 1 (id=730): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14010000110007082cbd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1200000001020100080013"], 0x114}, 0x1, 0x0, 0x0, 0x8000040}, 0x24004080) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000040)=0x3bff, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = syz_open_dev$rtc(&(0x7f00000000c0), 0x0, 0x20002) ioctl$RTC_UIE_ON(r3, 0x7003) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000001e80), 0x40800, 0x0) dup2(r4, r3) symlink(&(0x7f0000000240)='./file0/file0\x00', &(0x7f00000017c0)='./file0\x00') rmdir(&(0x7f0000000000)='./file0/file0\x00') read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$dri(0x0, 0x1, 0x0) setxattr$incfs_size(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x3) listen(0xffffffffffffffff, 0x0) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$char_usb(r5, &(0x7f00000022c0)=""/171, 0xab) open_by_handle_at(r5, &(0x7f0000000040)=@fuse_with_parent={0x18, 0x82, {{0x3ff, 0x4, 0x9}, {0x2, 0x6, 0x5}}}, 0x10000) unshare(0x42000080) sendmmsg$inet6(r1, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r1, 0x0, 0xfffffffffffffe80, 0x80, 0x0, 0x30) 3.225923364s ago: executing program 4 (id=731): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x16c}}, 0x24) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x500}, 0x57) 1.557768439s ago: executing program 4 (id=732): r0 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x280200) write$vhost_msg(r2, &(0x7f0000000280)={0x1, {&(0x7f0000000080)=""/91, 0x5b, &(0x7f0000000180)=""/198, 0x1, 0x1}}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001540)=@delneigh={0x30, 0x1d, 0x1, 0x70bd28, 0x25dfdbff, {0x1c, 0x0, 0x0, 0x0, 0x40, 0x1, 0xa}, [@NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x10}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000811}, 0x40040) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newlink={0x38, 0x10, 0x801, 0xfffffffd, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x10, 0x1a, 0x0, 0x1, [@AF_INET6={0xc, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x1}]}]}]}, 0x38}}, 0x0) 455.942582ms ago: executing program 0 (id=733): unshare(0x26060400) semop(0x0, &(0x7f0000000000)=[{0x3, 0x7, 0x1000}, {0x3, 0x3, 0x1800}], 0x2) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) (fail_nth: 1) 455.380812ms ago: executing program 4 (id=734): r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f00000000c0)) ioctl$MON_IOCX_GETX(r0, 0x80089203, &(0x7f0000000a40)={0x0, 0x0}) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) unshare(0x6a040000) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_GET(r1, 0x0, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x4100, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000020000502000000000100000002002000000000000000000008000200ac1414aa4598f1f1551f58d206d118f2478df19ce94476d794c97288d56eb1da677a6eef6dfdca8355147378b6e8051a71012de32c2c5630128579defea988cc49ae462ccc96a316d47691f2abb2dd0188e45a3787dfa661a834e584a3d7e5fc49b3849121ca7d850d3ce70e37f8fc1d6f8883ea194341687cba372177292627b161ee41918fc54485b4d9aa8a53b065833735da628d40d0d4acd73374dcdd9288dd5e3e279c1eff2f5effcc7b53f065ea2e5803b244e0c42eba0e4e4e941cf8b086269ee9bd79cb282dbd"], 0x24}}, 0x26048880) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x64}, 0x1, 0x0, 0x0, 0x40001}, 0x4000010) 181.614504ms ago: executing program 0 (id=735): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x5}) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x0, 0x31, 0x7d, 0x55}}]}}]}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='team_slave_1\x00', 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0xce, &(0x7f0000000280)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x27, 0x4, 0x0, 0x0, 0xc0, 0xfffd, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x32, 0x1, [{0x5, 0x8, "e3c75e7f7eb2"}, {0x0, 0x10, "971edeac660bfe24d61f7df17639"}, {0x6, 0x9, "eae005061d9e59"}, {0x6, 0xb, "fb9cfc9c3c72d8e0e9"}]}, @ssrr={0x89, 0x1b, 0x84, [@remote, @empty, @empty, @local, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x88, 0xc, "ed1cae230823b1200d92"}, @ssrr={0x89, 0x27, 0x6b, [@loopback, @empty, @broadcast, @broadcast, @dev={0xac, 0x14, 0x14, 0x3f}, @local, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4}]}}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 1 (id=736): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$unix(r0, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000096a7"], 0x10, 0x4800}, 0x44040) kernel console output (not intermixed with test programs): 30.397227][ T48] usb 3-1: config 1 interface 2 has no altsetting 1 [ 230.427005][ T48] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 230.447436][ T7160] raw-gadget.1 gadget.0: failed to queue disconnect event [ 230.452492][ T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.480145][ T48] usb 3-1: Product: syz [ 230.497862][ T48] usb 3-1: Manufacturer: syz [ 230.502498][ T48] usb 3-1: SerialNumber: syz [ 231.974456][ T5871] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 232.184363][ T5871] usb 4-1: Using ep0 maxpacket: 8 [ 232.227797][ T5871] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.356905][ T5871] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 232.388439][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.426151][ T5871] usb 4-1: config 0 descriptor?? [ 232.460140][ T5871] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 232.791306][ T7278] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 232.887881][ T7278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.397'. [ 232.928630][ T7285] FAULT_INJECTION: forcing a failure. [ 232.928630][ T7285] name failslab, interval 1, probability 0, space 0, times 0 [ 233.094331][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz.4.399 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 233.094363][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 233.094376][ T7285] Call Trace: [ 233.094384][ T7285] [ 233.094392][ T7285] dump_stack_lvl+0x241/0x360 [ 233.094427][ T7285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.094452][ T7285] ? __pfx__printk+0x10/0x10 [ 233.094480][ T7285] ? __pfx___might_resched+0x10/0x10 [ 233.094516][ T7285] should_fail_ex+0x424/0x570 [ 233.094549][ T7285] should_failslab+0xac/0x100 [ 233.094582][ T7285] __kvmalloc_node_noprof+0x170/0x5a0 [ 233.094606][ T7285] ? seq_read_iter+0x20b/0xda0 [ 233.094634][ T7285] ? __pfx_kstrtoull+0x10/0x10 [ 233.094656][ T7285] seq_read_iter+0x20b/0xda0 [ 233.094689][ T7285] ? kstrtouint+0xfc/0x190 [ 233.094714][ T7285] seq_read+0x3ab/0x4f0 [ 233.094746][ T7285] ? __pfx_seq_read+0x10/0x10 [ 233.094787][ T7285] ? rw_verify_area+0x246/0x630 [ 233.094820][ T7285] vfs_readv+0x6be/0xa80 [ 233.094849][ T7285] ? __pfx_seq_read+0x10/0x10 [ 233.094886][ T7285] ? __pfx_vfs_readv+0x10/0x10 [ 233.094919][ T7285] ? __fget_files+0x2a/0x420 [ 233.094942][ T7285] ? __fget_files+0x39d/0x420 [ 233.094962][ T7285] ? __fget_files+0x2a/0x420 [ 233.094991][ T7285] __x64_sys_preadv+0x1ba/0x2d0 [ 233.095022][ T7285] ? __pfx___x64_sys_preadv+0x10/0x10 [ 233.095056][ T7285] ? do_syscall_64+0xb6/0x230 [ 233.095080][ T7285] do_syscall_64+0xf3/0x230 [ 233.095101][ T7285] ? clear_bhb_loop+0x45/0xa0 [ 233.095125][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.095145][ T7285] RIP: 0033:0x7f2b8178d169 [ 233.095163][ T7285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.095181][ T7285] RSP: 002b:00007f2b8258c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 233.095204][ T7285] RAX: ffffffffffffffda RBX: 00007f2b819a6080 RCX: 00007f2b8178d169 [ 233.095219][ T7285] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000007 [ 233.095232][ T7285] RBP: 00007f2b8258c090 R08: 0000000000000000 R09: 0000000000000000 [ 233.095245][ T7285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.095257][ T7285] R13: 0000000000000000 R14: 00007f2b819a6080 R15: 00007ffc76b1cff8 [ 233.095284][ T7285] [ 233.660397][ T7293] FAULT_INJECTION: forcing a failure. [ 233.660397][ T7293] name failslab, interval 1, probability 0, space 0, times 0 [ 233.673489][ T7293] CPU: 0 UID: 0 PID: 7293 Comm: syz.0.402 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 233.673520][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 233.673533][ T7293] Call Trace: [ 233.673541][ T7293] [ 233.673549][ T7293] dump_stack_lvl+0x241/0x360 [ 233.673580][ T7293] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.673605][ T7293] ? __pfx__printk+0x10/0x10 [ 233.673631][ T7293] ? __pfx___might_resched+0x10/0x10 [ 233.673661][ T7293] should_fail_ex+0x424/0x570 [ 233.673688][ T7293] should_failslab+0xac/0x100 [ 233.673714][ T7293] kmem_cache_alloc_noprof+0x78/0x390 [ 233.673740][ T7293] ? getname_flags+0xb6/0x530 [ 233.673769][ T7293] ? ksys_write+0x24e/0x2d0 [ 233.673796][ T7293] getname_flags+0xb6/0x530 [ 233.673815][ T7293] do_sys_openat2+0xbf/0x1d0 [ 233.673833][ T7293] ? __pfx_do_sys_openat2+0x10/0x10 [ 233.673849][ T7293] ? __fget_files+0x2a/0x420 [ 233.673869][ T7293] ? __fget_files+0x2a/0x420 [ 233.673889][ T7293] __x64_sys_openat+0x249/0x2a0 [ 233.673913][ T7293] ? __pfx___x64_sys_openat+0x10/0x10 [ 233.673935][ T7293] ? do_syscall_64+0xb6/0x230 [ 233.673955][ T7293] do_syscall_64+0xf3/0x230 [ 233.673973][ T7293] ? clear_bhb_loop+0x45/0xa0 [ 233.673995][ T7293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.674013][ T7293] RIP: 0033:0x7f0567d8d169 [ 233.674029][ T7293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.674048][ T7293] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 233.674067][ T7293] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 233.674080][ T7293] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 233.674091][ T7293] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 233.674106][ T7293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.674118][ T7293] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 233.674142][ T7293] [ 233.978497][ T48] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 233.989259][ T7298] netlink: 'syz.2.405': attribute type 30 has an invalid length. [ 234.102198][ T48] usb 3-1: USB disconnect, device number 18 [ 234.171148][ T5823] udevd[5823]: setting owner of /dev/audio3 to uid=0, gid=29 failed: No such file or directory [ 234.280079][ T7267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'. [ 234.816428][ T5871] gspca_vc032x: reg_w err -110 [ 235.067856][ T5871] vc032x 4-1:0.0: probe with driver vc032x failed with error -110 [ 235.068634][ T7267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.291193][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.324825][ T7267] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.442093][ T7267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.450855][ T7267] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.637361][ T48] usb 4-1: USB disconnect, device number 15 [ 235.790585][ T7316] overlay: Unknown parameter '/' [ 239.703072][ T7334] orangefs_mount: mount request failed with -4 [ 240.078893][ T7339] geneve0: left allmulticast mode [ 240.654257][ T5933] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 241.021544][ T5933] usb 4-1: Using ep0 maxpacket: 8 [ 241.054928][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.568371][ T5878] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 241.920165][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.930497][ T5933] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 242.088921][ T5933] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 242.098163][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.139043][ T5933] usb 4-1: config 0 descriptor?? [ 242.172576][ T5933] usbhid 4-1:0.0: can't add hid device: -22 [ 242.184697][ T5878] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 242.193501][ T5878] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.864455][ T5933] usbhid 4-1:0.0: probe with driver usbhid failed with error -22 [ 242.886972][ T5878] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 242.946004][ T5878] usb 2-1: config 1 has no interface number 1 [ 242.952180][ T5878] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 242.984433][ T5878] usb 2-1: config 1 interface 2 has no altsetting 1 [ 242.994454][ T5878] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 243.004262][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.009013][ T5917] usb 4-1: USB disconnect, device number 16 [ 243.018682][ T5878] usb 2-1: Product: syz [ 243.054320][ T5878] usb 2-1: Manufacturer: syz [ 243.074546][ T5878] usb 2-1: SerialNumber: syz [ 243.586167][ T7372] FAULT_INJECTION: forcing a failure. [ 243.586167][ T7372] name failslab, interval 1, probability 0, space 0, times 0 [ 243.599109][ T7372] CPU: 1 UID: 0 PID: 7372 Comm: syz.4.423 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 243.599138][ T7372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 243.599162][ T7372] Call Trace: [ 243.599170][ T7372] [ 243.599178][ T7372] dump_stack_lvl+0x241/0x360 [ 243.599211][ T7372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.599237][ T7372] ? __pfx__printk+0x10/0x10 [ 243.599264][ T7372] ? __pfx___might_resched+0x10/0x10 [ 243.599299][ T7372] should_fail_ex+0x424/0x570 [ 243.599337][ T7372] should_failslab+0xac/0x100 [ 243.599371][ T7372] __kmalloc_noprof+0xdf/0x4d0 [ 243.599389][ T7372] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 243.599409][ T7372] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 243.599433][ T7372] tomoyo_realpath_from_path+0xcf/0x5e0 [ 243.599462][ T7372] tomoyo_path_number_perm+0x245/0x790 [ 243.599500][ T7372] ? tomoyo_path_number_perm+0x215/0x790 [ 243.599531][ T7372] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 243.599564][ T7372] ? ksys_write+0x24e/0x2d0 [ 243.599597][ T7372] ? __lock_acquire+0xad5/0xd80 [ 243.599637][ T7372] ? __fget_files+0x2a/0x420 [ 243.599660][ T7372] ? __fget_files+0x2a/0x420 [ 243.599684][ T7372] ? __fget_files+0x2a/0x420 [ 243.599710][ T7372] security_file_ioctl+0xc6/0x2a0 [ 243.599741][ T7372] __se_sys_ioctl+0x46/0x160 [ 243.599770][ T7372] do_syscall_64+0xf3/0x230 [ 243.599793][ T7372] ? clear_bhb_loop+0x45/0xa0 [ 243.599817][ T7372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.599844][ T7372] RIP: 0033:0x7f2b8178d169 [ 243.599864][ T7372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.599882][ T7372] RSP: 002b:00007f2b8256b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 243.599905][ T7372] RAX: ffffffffffffffda RBX: 00007f2b819a6160 RCX: 00007f2b8178d169 [ 243.599920][ T7372] RDX: 0000200000000280 RSI: 00000000405c5503 RDI: 0000000000000007 [ 243.599934][ T7372] RBP: 00007f2b8256b090 R08: 0000000000000000 R09: 0000000000000000 [ 243.599947][ T7372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.599959][ T7372] R13: 0000000000000000 R14: 00007f2b819a6160 R15: 00007ffc76b1cff8 [ 243.599986][ T7372] [ 243.600016][ T7372] ERROR: Out of memory at tomoyo_realpath_from_path. [ 244.054648][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 245.031488][ T5878] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor [ 245.891186][ T5878] usb 2-1: USB disconnect, device number 21 [ 248.180278][ T7391] bridge_slave_1: default FDB implementation only supports local addresses [ 248.202557][ T7388] FAULT_INJECTION: forcing a failure. [ 248.202557][ T7388] name failslab, interval 1, probability 0, space 0, times 0 [ 248.248280][ T7388] CPU: 1 UID: 0 PID: 7388 Comm: syz.2.426 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 248.248310][ T7388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 248.248323][ T7388] Call Trace: [ 248.248330][ T7388] [ 248.248338][ T7388] dump_stack_lvl+0x241/0x360 [ 248.248371][ T7388] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.248396][ T7388] ? __pfx__printk+0x10/0x10 [ 248.248423][ T7388] ? __pfx___might_resched+0x10/0x10 [ 248.248464][ T7388] should_fail_ex+0x424/0x570 [ 248.248496][ T7388] should_failslab+0xac/0x100 [ 248.248529][ T7388] __kmalloc_noprof+0xdf/0x4d0 [ 248.248548][ T7388] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 248.248568][ T7388] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 248.248592][ T7388] tomoyo_realpath_from_path+0xcf/0x5e0 [ 248.248620][ T7388] tomoyo_path_number_perm+0x245/0x790 [ 248.248651][ T7388] ? tomoyo_path_number_perm+0x215/0x790 [ 248.248681][ T7388] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 248.248713][ T7388] ? ksys_write+0x24e/0x2d0 [ 248.248744][ T7388] ? __lock_acquire+0xad5/0xd80 [ 248.248783][ T7388] ? __fget_files+0x2a/0x420 [ 248.248803][ T7388] ? __fget_files+0x2a/0x420 [ 248.248822][ T7388] ? __fget_files+0x2a/0x420 [ 248.248843][ T7388] security_file_ioctl+0xc6/0x2a0 [ 248.248868][ T7388] __se_sys_ioctl+0x46/0x160 [ 248.248893][ T7388] do_syscall_64+0xf3/0x230 [ 248.248911][ T7388] ? clear_bhb_loop+0x45/0xa0 [ 248.248930][ T7388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.248945][ T7388] RIP: 0033:0x7f79d3f8d169 [ 248.248960][ T7388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.248974][ T7388] RSP: 002b:00007f79d4d54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 248.248992][ T7388] RAX: ffffffffffffffda RBX: 00007f79d41a5fa0 RCX: 00007f79d3f8d169 [ 248.249014][ T7388] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005 [ 248.249025][ T7388] RBP: 00007f79d4d54090 R08: 0000000000000000 R09: 0000000000000000 [ 248.249036][ T7388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.249045][ T7388] R13: 0000000000000000 R14: 00007f79d41a5fa0 R15: 00007ffdf6e7e158 [ 248.249066][ T7388] [ 248.249196][ T7388] ERROR: Out of memory at tomoyo_realpath_from_path. [ 248.387342][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 248.494339][ T979] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 248.621018][ T7399] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 248.643037][ T7399] xt_nfacct: accounting object `syz1' does not exists [ 248.684270][ T979] usb 1-1: config 0 has no interfaces? [ 248.689806][ T979] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 248.704867][ T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.759185][ T979] usb 1-1: config 0 descriptor?? [ 248.888549][ T7411] FAULT_INJECTION: forcing a failure. [ 248.888549][ T7411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.901976][ T7411] CPU: 0 UID: 0 PID: 7411 Comm: syz.3.434 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 248.902004][ T7411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 248.902018][ T7411] Call Trace: [ 248.902025][ T7411] [ 248.902033][ T7411] dump_stack_lvl+0x241/0x360 [ 248.902065][ T7411] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.902089][ T7411] ? __pfx__printk+0x10/0x10 [ 248.902120][ T7411] should_fail_ex+0x424/0x570 [ 248.902152][ T7411] _copy_from_user+0x2d/0xb0 [ 248.902178][ T7411] move_addr_to_kernel+0x8c/0x170 [ 248.902199][ T7411] __sys_connect+0xb8/0x2d0 [ 248.902223][ T7411] ? __fget_files+0x2a/0x420 [ 248.902244][ T7411] ? __pfx___sys_connect+0x10/0x10 [ 248.902283][ T7411] __x64_sys_connect+0x7a/0x90 [ 248.902307][ T7411] do_syscall_64+0xf3/0x230 [ 248.902329][ T7411] ? clear_bhb_loop+0x45/0xa0 [ 248.902351][ T7411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.902370][ T7411] RIP: 0033:0x7fe19678d169 [ 248.902387][ T7411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.902404][ T7411] RSP: 002b:00007fe197614038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 248.902426][ T7411] RAX: ffffffffffffffda RBX: 00007fe1969a5fa0 RCX: 00007fe19678d169 [ 248.902441][ T7411] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000005 [ 248.902453][ T7411] RBP: 00007fe197614090 R08: 0000000000000000 R09: 0000000000000000 [ 248.902466][ T7411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.902478][ T7411] R13: 0000000000000000 R14: 00007fe1969a5fa0 R15: 00007ffe90a75d08 [ 248.902503][ T7411] [ 248.975161][ T7413] input: syz1 as /devices/virtual/input/input8 [ 248.988891][ T979] usb 1-1: USB disconnect, device number 23 [ 249.083301][ T5872] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 249.235857][ T5872] usb 5-1: config 0 has an invalid interface number: 204 but max is 1 [ 249.246096][ T5872] usb 5-1: config 0 has no interface number 1 [ 249.254018][ T5872] usb 5-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b9.bf [ 249.264044][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.276002][ T5872] usb 5-1: Product: syz [ 249.280187][ T5872] usb 5-1: Manufacturer: syz [ 249.286516][ T5872] usb 5-1: SerialNumber: syz [ 249.292630][ T5872] usb 5-1: config 0 descriptor?? [ 249.311488][ T5872] snd-usb-audio 5-1:0.204: probe with driver snd-usb-audio failed with error -22 [ 249.346162][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.204/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 249.364744][ T5878] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 249.394753][ T48] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 249.464279][ T30] audit: type=1326 audit(1743124954.684:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7400 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6938d169 code=0x7fc00000 [ 249.526587][ T5872] usb 5-1: USB disconnect, device number 16 [ 249.560407][ T5878] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 249.579638][ T5878] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.609904][ T5878] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 249.629432][ T48] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 249.630697][ T5878] usb 4-1: config 1 has no interface number 1 [ 249.648018][ T48] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.664421][ T5878] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 249.678070][ T48] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 249.694492][ T5878] usb 4-1: config 1 interface 2 has no altsetting 1 [ 249.697628][ T48] usb 3-1: config 1 has no interface number 1 [ 249.713561][ T48] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 249.716421][ T5878] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 249.726786][ T48] usb 3-1: config 1 interface 2 has no altsetting 1 [ 249.743217][ T48] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 249.754800][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.763080][ T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.773573][ T5878] usb 4-1: Product: syz [ 249.778565][ T5878] usb 4-1: Manufacturer: syz [ 249.783562][ T48] usb 3-1: Product: syz [ 249.788794][ T48] usb 3-1: Manufacturer: syz [ 249.793500][ T48] usb 3-1: SerialNumber: syz [ 249.795749][ T5878] usb 4-1: SerialNumber: syz [ 250.882781][ T48] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 251.458678][ T48] usb 3-1: USB disconnect, device number 19 [ 251.496508][ T5878] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor [ 251.587369][ T5878] usb 4-1: USB disconnect, device number 17 [ 252.439646][ T7441] orangefs_mount: mount request failed with -4 [ 252.712935][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 254.632402][ T5822] Bluetooth: hci4: command 0x0405 tx timeout [ 255.088128][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 255.618419][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.624767][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.824402][ T5878] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 255.874428][ T7461] 9pnet_fd: Insufficient options for proto=fd [ 256.324401][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 256.358592][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.430299][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.453197][ T5878] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 256.538839][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.570783][ T5878] usb 3-1: config 0 descriptor?? [ 256.582945][ T5878] hub 3-1:0.0: USB hub found [ 256.850512][ T7451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.946233][ T7451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.284678][ T5872] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 257.317531][ T7451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.339177][ T7451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.376698][ T5878] hub 3-1:0.0: 1 port detected [ 257.570541][ T5872] usb 5-1: too many configurations: 140, using maximum allowed: 8 [ 257.688111][ T5872] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 257.713269][ T5872] usb 5-1: can't read configurations, error -61 [ 257.964239][ T5872] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 258.197077][ T5872] usb 5-1: too many configurations: 140, using maximum allowed: 8 [ 258.981654][ T5872] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 258.999339][ T5872] usb 5-1: can't read configurations, error -61 [ 259.244727][ T979] hub 3-1:0.0: hub_ext_port_status failed (err = -32) [ 259.278233][ T5872] usb usb5-port1: attempt power cycle [ 259.320680][ T5874] usb 3-1: USB disconnect, device number 20 [ 259.651890][ T5872] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 259.670085][ T979] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 259.962766][ T5872] usb 5-1: device not accepting address 19, error -71 [ 260.354380][ T979] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 260.363144][ T979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 260.404533][ T979] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 260.424307][ T979] usb 2-1: config 1 has no interface number 1 [ 260.430794][ T7497] FAULT_INJECTION: forcing a failure. [ 260.430794][ T7497] name failslab, interval 1, probability 0, space 0, times 0 [ 260.443687][ T979] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 260.474193][ T979] usb 2-1: config 1 interface 2 has no altsetting 1 [ 260.508257][ T979] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 260.548097][ T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.570843][ T7497] CPU: 0 UID: 0 PID: 7497 Comm: syz.0.457 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 260.570876][ T7497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 260.570889][ T7497] Call Trace: [ 260.570896][ T7497] [ 260.570904][ T7497] dump_stack_lvl+0x241/0x360 [ 260.570949][ T7497] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.570967][ T7497] ? __pfx__printk+0x10/0x10 [ 260.570985][ T7497] ? __pfx___might_resched+0x10/0x10 [ 260.571012][ T7497] should_fail_ex+0x424/0x570 [ 260.571042][ T7497] should_failslab+0xac/0x100 [ 260.571075][ T7497] __kmalloc_noprof+0xdf/0x4d0 [ 260.571094][ T7497] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 260.571113][ T7497] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 260.571136][ T7497] tomoyo_realpath_from_path+0xcf/0x5e0 [ 260.571165][ T7497] tomoyo_path_number_perm+0x245/0x790 [ 260.571195][ T7497] ? tomoyo_path_number_perm+0x215/0x790 [ 260.571223][ T7497] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 260.571255][ T7497] ? ksys_write+0x24e/0x2d0 [ 260.571287][ T7497] ? __lock_acquire+0xad5/0xd80 [ 260.571326][ T7497] ? __fget_files+0x2a/0x420 [ 260.571347][ T7497] ? __fget_files+0x2a/0x420 [ 260.571370][ T7497] ? __fget_files+0x2a/0x420 [ 260.571395][ T7497] security_file_ioctl+0xc6/0x2a0 [ 260.571424][ T7497] __se_sys_ioctl+0x46/0x160 [ 260.571454][ T7497] do_syscall_64+0xf3/0x230 [ 260.571476][ T7497] ? clear_bhb_loop+0x45/0xa0 [ 260.571499][ T7497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.571519][ T7497] RIP: 0033:0x7f0567d8d169 [ 260.571536][ T7497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.571553][ T7497] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.571575][ T7497] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 260.571591][ T7497] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 260.571604][ T7497] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 260.571617][ T7497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.571629][ T7497] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 260.571655][ T7497] [ 260.572182][ T7497] ERROR: Out of memory at tomoyo_realpath_from_path. [ 260.812237][ T979] usb 2-1: Product: syz [ 260.826793][ T979] usb 2-1: Manufacturer: syz [ 260.856383][ T7497] loop8: detected capacity change from 0 to 7 [ 260.874182][ T979] usb 2-1: SerialNumber: syz [ 260.881814][ T7497] Dev loop8: unable to read RDB block 7 [ 260.893533][ T7497] loop8: unable to read partition table [ 260.911757][ T7497] loop8: partition table beyond EOD, truncated [ 260.932727][ T7497] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 261.619482][ T7487] netlink: 'syz.2.455': attribute type 10 has an invalid length. [ 261.675152][ T979] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor [ 261.693717][ T7488] netlink: 'syz.2.455': attribute type 10 has an invalid length. [ 261.764536][ T979] usb 2-1: USB disconnect, device number 22 [ 261.832414][ T7505] FAULT_INJECTION: forcing a failure. [ 261.832414][ T7505] name failslab, interval 1, probability 0, space 0, times 0 [ 261.847020][ T7505] CPU: 1 UID: 0 PID: 7505 Comm: syz.4.459 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 261.847050][ T7505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 261.847062][ T7505] Call Trace: [ 261.847070][ T7505] [ 261.847079][ T7505] dump_stack_lvl+0x241/0x360 [ 261.847110][ T7505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.847135][ T7505] ? __pfx__printk+0x10/0x10 [ 261.847162][ T7505] ? __pfx___might_resched+0x10/0x10 [ 261.847195][ T7505] should_fail_ex+0x424/0x570 [ 261.847228][ T7505] should_failslab+0xac/0x100 [ 261.847261][ T7505] __kmalloc_noprof+0xdf/0x4d0 [ 261.847280][ T7505] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 261.847300][ T7505] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 261.847324][ T7505] tomoyo_realpath_from_path+0xcf/0x5e0 [ 261.847353][ T7505] tomoyo_path_number_perm+0x245/0x790 [ 261.847384][ T7505] ? tomoyo_path_number_perm+0x215/0x790 [ 261.847413][ T7505] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 261.847444][ T7505] ? ksys_write+0x24e/0x2d0 [ 261.847477][ T7505] ? __lock_acquire+0xad5/0xd80 [ 261.847517][ T7505] ? __fget_files+0x2a/0x420 [ 261.847539][ T7505] ? __fget_files+0x2a/0x420 [ 261.847562][ T7505] ? __fget_files+0x2a/0x420 [ 261.847588][ T7505] security_file_ioctl+0xc6/0x2a0 [ 261.847627][ T7505] __se_sys_ioctl+0x46/0x160 [ 261.847656][ T7505] do_syscall_64+0xf3/0x230 [ 261.847679][ T7505] ? clear_bhb_loop+0x45/0xa0 [ 261.847703][ T7505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.847723][ T7505] RIP: 0033:0x7f2b8178d169 [ 261.847741][ T7505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.847760][ T7505] RSP: 002b:00007f2b8258c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.847782][ T7505] RAX: ffffffffffffffda RBX: 00007f2b819a6080 RCX: 00007f2b8178d169 [ 261.847798][ T7505] RDX: 0000200000001f00 RSI: 00000000c05064a7 RDI: 0000000000000005 [ 261.847812][ T7505] RBP: 00007f2b8258c090 R08: 0000000000000000 R09: 0000000000000000 [ 261.847825][ T7505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.847837][ T7505] R13: 0000000000000000 R14: 00007f2b819a6080 R15: 00007ffc76b1cff8 [ 261.847863][ T7505] [ 261.847887][ T7505] ERROR: Out of memory at tomoyo_realpath_from_path. [ 262.100564][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 263.300495][ T7528] tipc: Started in network mode [ 263.306007][ T7528] tipc: Node identity , cluster identity 4711 [ 263.312391][ T7528] tipc: Failed to set node id, please configure manually [ 263.319839][ T7528] tipc: Enabling of bearer rejected, failed to enable media [ 263.348896][ T7528] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 263.357678][ T7528] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 263.367390][ T7528] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 263.375778][ T7528] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 264.316316][ T7517] syz.3.463: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 264.334535][ T7517] CPU: 1 UID: 0 PID: 7517 Comm: syz.3.463 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 264.334564][ T7517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.334578][ T7517] Call Trace: [ 264.334586][ T7517] [ 264.334594][ T7517] dump_stack_lvl+0x241/0x360 [ 264.334627][ T7517] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.334657][ T7517] ? __pfx__printk+0x10/0x10 [ 264.334682][ T7517] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 264.334712][ T7517] ? __rcu_read_unlock+0xa1/0x110 [ 264.334741][ T7517] warn_alloc+0x27c/0x410 [ 264.334771][ T7517] ? __pfx_warn_alloc+0x10/0x10 [ 264.334801][ T7517] ? vb2_vmalloc_alloc+0xf2/0x340 [ 264.334822][ T7517] ? __get_vm_area_node+0x1c8/0x2d0 [ 264.334845][ T7517] ? __get_vm_area_node+0x25c/0x2d0 [ 264.334873][ T7517] __vmalloc_node_range_noprof+0x634/0x1390 [ 264.334920][ T7517] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 264.334950][ T7517] ? __kasan_kmalloc+0x9d/0xb0 [ 264.334984][ T7517] vmalloc_user_noprof+0x74/0x80 [ 264.335010][ T7517] ? vb2_vmalloc_alloc+0xf2/0x340 [ 264.335031][ T7517] vb2_vmalloc_alloc+0xf2/0x340 [ 264.335055][ T7517] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 264.335076][ T7517] __vb2_queue_alloc+0xa16/0x16f0 [ 264.335125][ T7517] vb2_core_reqbufs+0xd3b/0x17d0 [ 264.335169][ T7517] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 264.335215][ T7517] v4l2_m2m_ioctl_reqbufs+0x14b/0x230 [ 264.335248][ T7517] __video_do_ioctl+0xc0b/0xdd0 [ 264.335283][ T7517] ? __pfx___video_do_ioctl+0x10/0x10 [ 264.335320][ T7517] video_usercopy+0x986/0x1390 [ 264.335365][ T7517] ? __pfx___video_do_ioctl+0x10/0x10 [ 264.335395][ T7517] ? __pfx_video_usercopy+0x10/0x10 [ 264.335425][ T7517] ? smack_file_ioctl+0x306/0x3b0 [ 264.335460][ T7517] ? __fget_files+0x2a/0x420 [ 264.335485][ T7517] ? __fget_files+0x2a/0x420 [ 264.335507][ T7517] v4l2_ioctl+0x189/0x1e0 [ 264.335533][ T7517] ? __pfx_v4l2_ioctl+0x10/0x10 [ 264.335572][ T7517] __se_sys_ioctl+0xf1/0x160 [ 264.335601][ T7517] do_syscall_64+0xf3/0x230 [ 264.335623][ T7517] ? clear_bhb_loop+0x45/0xa0 [ 264.335646][ T7517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.335666][ T7517] RIP: 0033:0x7fe19678d169 [ 264.335685][ T7517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.335704][ T7517] RSP: 002b:00007fe197614038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 264.335726][ T7517] RAX: ffffffffffffffda RBX: 00007fe1969a5fa0 RCX: 00007fe19678d169 [ 264.335741][ T7517] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003 [ 264.335756][ T7517] RBP: 00007fe19680e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 264.335769][ T7517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.335781][ T7517] R13: 0000000000000000 R14: 00007fe1969a5fa0 R15: 00007ffe90a75d08 [ 264.335807][ T7517] [ 264.335978][ T7517] Mem-Info: [ 264.726654][ T7517] active_anon:3187 inactive_anon:6092 isolated_anon:0 [ 264.726654][ T7517] active_file:12699 inactive_file:39202 isolated_file:0 [ 264.726654][ T7517] unevictable:768 dirty:437 writeback:0 [ 264.726654][ T7517] slab_reclaimable:9767 slab_unreclaimable:99913 [ 264.726654][ T7517] mapped:29969 shmem:4290 pagetables:1039 [ 264.726654][ T7517] sec_pagetables:0 bounce:0 [ 264.726654][ T7517] kernel_misc_reclaimable:0 [ 264.726654][ T7517] free:1314826 free_pcp:976 free_cma:0 [ 264.813281][ T7533] FAULT_INJECTION: forcing a failure. [ 264.813281][ T7533] name failslab, interval 1, probability 0, space 0, times 0 [ 264.831221][ T7533] CPU: 0 UID: 0 PID: 7533 Comm: syz.2.468 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 264.831253][ T7533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.831266][ T7533] Call Trace: [ 264.831274][ T7533] [ 264.831282][ T7533] dump_stack_lvl+0x241/0x360 [ 264.831313][ T7533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.831337][ T7533] ? __pfx__printk+0x10/0x10 [ 264.831363][ T7533] ? __pfx___might_resched+0x10/0x10 [ 264.831397][ T7533] should_fail_ex+0x424/0x570 [ 264.831430][ T7533] should_failslab+0xac/0x100 [ 264.831463][ T7533] __kmalloc_cache_noprof+0x73/0x370 [ 264.831483][ T7533] ? io_uring_alloc_task_context+0xad/0x630 [ 264.831519][ T7533] io_uring_alloc_task_context+0xad/0x630 [ 264.831553][ T7533] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 264.831584][ T7533] ? __lock_acquire+0xad5/0xd80 [ 264.831627][ T7533] __io_uring_add_tctx_node+0x350/0x560 [ 264.831651][ T7533] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 264.831672][ T7533] ? __fget_files+0x2a/0x420 [ 264.831695][ T7533] ? __fget_files+0x39d/0x420 [ 264.831719][ T7533] __io_uring_add_tctx_node_from_submit+0x93/0x130 [ 264.831742][ T7533] __se_sys_io_uring_enter+0x2c82/0x3400 [ 264.831770][ T7533] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 264.831797][ T7533] ? vfs_write+0xb29/0xd10 [ 264.831831][ T7533] ? ksys_write+0x24e/0x2d0 [ 264.831862][ T7533] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 264.831890][ T7533] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 264.831912][ T7533] ? __fget_files+0x2a/0x420 [ 264.831936][ T7533] ? __fget_files+0x2a/0x420 [ 264.831962][ T7533] ? fput+0x9b/0xd0 [ 264.831983][ T7533] ? ksys_write+0x275/0x2d0 [ 264.832015][ T7533] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 264.832039][ T7533] do_syscall_64+0xf3/0x230 [ 264.832061][ T7533] ? clear_bhb_loop+0x45/0xa0 [ 264.832085][ T7533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.832105][ T7533] RIP: 0033:0x7f79d3f8d169 [ 264.832123][ T7533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.832141][ T7533] RSP: 002b:00007f79d4d54038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 264.832164][ T7533] RAX: ffffffffffffffda RBX: 00007f79d41a5fa0 RCX: 00007f79d3f8d169 [ 264.832180][ T7533] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000005 [ 264.832192][ T7533] RBP: 00007f79d4d54090 R08: 0000000000000000 R09: 0000000000000000 [ 264.832205][ T7533] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 264.832217][ T7533] R13: 0000000000000000 R14: 00007f79d41a5fa0 R15: 00007ffdf6e7e158 [ 264.832242][ T7533] [ 265.238326][ T7517] Node 0 active_anon:12756kB inactive_anon:22644kB active_file:50732kB inactive_file:156900kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120548kB dirty:1828kB writeback:0kB shmem:15572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11624kB pagetables:4224kB sec_pagetables:0kB all_unreclaimable? no [ 265.425210][ T7517] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 265.527053][ T7517] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 265.604335][ T7517] lowmem_reserve[]: 0 2491 2491 2491 2491 [ 265.614221][ T7517] Node 0 DMA32 free:1330320kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:12752kB inactive_anon:26008kB active_file:50208kB inactive_file:156848kB unevictable:1536kB writepending:1228kB present:3129332kB managed:2550888kB mlocked:0kB bounce:0kB free_pcp:1948kB local_pcp:1284kB free_cma:0kB [ 265.646512][ T7517] lowmem_reserve[]: 0 0 0 0 0 [ 265.652580][ T7517] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:524kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:624kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 265.814456][ T5905] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 265.846450][ T7517] lowmem_reserve[]: 0 0 0 0 0 [ 265.851493][ T7517] Node 1 Normal free:3910492kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 265.903782][ T7543] netlink: 'syz.0.471': attribute type 10 has an invalid length. [ 265.915762][ T7543] netlink: 'syz.0.471': attribute type 10 has an invalid length. [ 265.966144][ T7517] lowmem_reserve[]: 0 0 0 0 0 [ 265.984280][ T7517] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 266.005984][ T5905] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 266.033900][ T5905] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 266.064262][ T5905] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 266.074237][ T7517] Node 0 DMA32: 7*4kB (UME) 21*8kB (UE) 20*16kB (UE) 300*32kB (UME) 268*64kB (UME) 64*128kB (UME) 24*256kB (UME) 14*512kB (M) 3*1024kB (M) 0*2048kB 310*4096kB (UME) = 1321604kB [ 266.084159][ T5905] usb 3-1: config 1 has no interface number 1 [ 266.134258][ T5905] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.145303][ T7517] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 266.145468][ T7517] Node 1 Normal: 219*4kB (UME) 72*8kB (UME) 43*16kB (UME) 206*32kB (UME) 89*64kB (UME) 30*128kB (UME) 18*256kB (UME) 15*512kB (UME) 5*1024kB (UME) 2*2048kB (U) 945*4096kB (UM) = 3910492kB [ 266.214252][ T5905] usb 3-1: config 1 interface 2 has no altsetting 1 [ 266.234556][ T979] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 266.275792][ T5905] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 266.278150][ T7517] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 266.294639][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.323398][ T5905] usb 3-1: Product: syz [ 266.331676][ T5905] usb 3-1: Manufacturer: syz [ 266.354175][ T5905] usb 3-1: SerialNumber: syz [ 266.356680][ T7517] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 266.412643][ T7517] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 266.431210][ T979] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 266.456474][ T979] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 266.478919][ T7552] pimreg3: entered allmulticast mode [ 266.482030][ T7517] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 266.486704][ T979] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 266.494588][ T7517] 56217 total pagecache pages [ 266.515997][ T979] usb 5-1: config 1 has no interface number 1 [ 266.519394][ T7551] pimreg3: left allmulticast mode [ 266.522344][ T979] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.541783][ T979] usb 5-1: config 1 interface 2 has no altsetting 1 [ 266.552258][ T7517] 0 pages in swap cache [ 266.565473][ T7517] Free swap = 124736kB [ 266.576037][ T7517] Total swap = 124996kB [ 266.590701][ T7517] 2097051 pages RAM [ 266.611631][ T979] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 266.629489][ T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.648495][ T7517] 0 pages HighMem/MovableOnly [ 266.662406][ T979] usb 5-1: Product: syz [ 266.684154][ T979] usb 5-1: Manufacturer: syz [ 266.709331][ T7517] 427541 pages reserved [ 266.744188][ T979] usb 5-1: SerialNumber: syz [ 266.762749][ T7517] 0 pages cma reserved [ 267.300259][ T5905] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 267.406172][ T5905] usb 3-1: USB disconnect, device number 21 [ 267.965893][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 268.145618][ T979] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor [ 268.220125][ T979] usb 5-1: USB disconnect, device number 21 [ 268.308432][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 268.345092][ T7568] FAULT_INJECTION: forcing a failure. [ 268.345092][ T7568] name failslab, interval 1, probability 0, space 0, times 0 [ 268.364661][ T7568] CPU: 0 UID: 0 PID: 7568 Comm: syz.1.478 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 268.364692][ T7568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 268.364705][ T7568] Call Trace: [ 268.364711][ T7568] [ 268.364719][ T7568] dump_stack_lvl+0x241/0x360 [ 268.364751][ T7568] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.364776][ T7568] ? __pfx__printk+0x10/0x10 [ 268.364803][ T7568] ? __pfx___might_resched+0x10/0x10 [ 268.364838][ T7568] should_fail_ex+0x424/0x570 [ 268.364868][ T7568] should_failslab+0xac/0x100 [ 268.364911][ T7568] __kmalloc_cache_noprof+0x73/0x370 [ 268.364930][ T7568] ? sctp_datamsg_from_user+0x88/0xf20 [ 268.364964][ T7568] sctp_datamsg_from_user+0x88/0xf20 [ 268.364992][ T7568] ? __sk_mem_raise_allocated+0xa5f/0x1140 [ 268.365026][ T7568] sctp_sendmsg_to_asoc+0xf9b/0x1870 [ 268.365059][ T7568] ? __lock_acquire+0xad5/0xd80 [ 268.365092][ T7568] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 268.365117][ T7568] ? __local_bh_enable_ip+0x168/0x200 [ 268.365146][ T7568] ? sctp_sendmsg+0xf30/0x3620 [ 268.365168][ T7568] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 268.365196][ T7568] ? sctp_sendmsg_check_sflags+0x181/0x2c0 [ 268.365223][ T7568] sctp_sendmsg+0x2512/0x3620 [ 268.365256][ T7568] ? smack_socket_sendmsg+0x184/0x580 [ 268.365288][ T7568] ? __pfx_sctp_sendmsg+0x10/0x10 [ 268.365310][ T7568] ? tomoyo_socket_sendmsg_permission+0x285/0x420 [ 268.365346][ T7568] ? inet_sendmsg+0x330/0x390 [ 268.365377][ T7568] __sock_sendmsg+0x1a6/0x270 [ 268.365399][ T7568] sock_write_iter+0x2d9/0x3f0 [ 268.365419][ T7568] ? __pfx_sock_write_iter+0x10/0x10 [ 268.365453][ T7568] do_iter_readv_writev+0x71f/0x9d0 [ 268.365485][ T7568] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 268.365517][ T7568] ? bpf_lsm_file_permission+0x9/0x10 [ 268.365542][ T7568] ? rw_verify_area+0x246/0x630 [ 268.365569][ T7568] vfs_writev+0x38d/0xbc0 [ 268.365589][ T7568] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 268.365612][ T7568] ? vfs_write+0xb29/0xd10 [ 268.365638][ T7568] ? __lock_acquire+0xad5/0xd80 [ 268.365664][ T7568] ? __pfx_vfs_writev+0x10/0x10 [ 268.365696][ T7568] ? __fget_files+0x2a/0x420 [ 268.365719][ T7568] ? __fget_files+0x39d/0x420 [ 268.365738][ T7568] ? __fget_files+0x2a/0x420 [ 268.365765][ T7568] do_writev+0x1b8/0x360 [ 268.365789][ T7568] ? __pfx_do_writev+0x10/0x10 [ 268.365814][ T7568] ? do_syscall_64+0xb6/0x230 [ 268.365837][ T7568] do_syscall_64+0xf3/0x230 [ 268.365857][ T7568] ? clear_bhb_loop+0x45/0xa0 [ 268.365885][ T7568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.365904][ T7568] RIP: 0033:0x7f2c6938d169 [ 268.365921][ T7568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.365938][ T7568] RSP: 002b:00007f2c6a193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 268.365959][ T7568] RAX: ffffffffffffffda RBX: 00007f2c695a5fa0 RCX: 00007f2c6938d169 [ 268.365975][ T7568] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 268.365987][ T7568] RBP: 00007f2c6a193090 R08: 0000000000000000 R09: 0000000000000000 [ 268.365999][ T7568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.366011][ T7568] R13: 0000000000000000 R14: 00007f2c695a5fa0 R15: 00007ffe396f87f8 [ 268.366035][ T7568] [ 269.031258][ T7577] netlink: 20 bytes leftover after parsing attributes in process `syz.2.479'. [ 269.925813][ T7586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.058003][ T7582] netlink: 'syz.3.484': attribute type 10 has an invalid length. [ 271.075385][ T7582] netlink: 'syz.3.484': attribute type 10 has an invalid length. [ 271.104210][ T979] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 271.197017][ T7586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.275887][ T979] usb 3-1: config index 0 descriptor too short (expected 22226, got 18) [ 271.294414][ T979] usb 3-1: config 77 has too many interfaces: 69, using maximum allowed: 32 [ 271.303173][ T979] usb 3-1: config 77 has an invalid descriptor of length 116, skipping remainder of the config [ 271.349466][ T979] usb 3-1: config 77 has 0 interfaces, different from the descriptor's value: 69 [ 271.460210][ T979] usb 3-1: string descriptor 0 read error: -71 [ 271.518456][ T979] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 271.561973][ T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.584400][ T979] usb 3-1: can't set config #77, error -71 [ 271.605877][ T979] usb 3-1: USB disconnect, device number 22 [ 278.618347][ T7643] netlink: 'syz.4.498': attribute type 10 has an invalid length. [ 278.626408][ T5878] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 278.660444][ T7643] netlink: 'syz.4.498': attribute type 10 has an invalid length. [ 278.821855][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.835115][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.849444][ T5878] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 278.860167][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.902514][ T5878] usb 1-1: config 0 descriptor?? [ 279.024560][ T5871] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 279.312327][ T5871] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 279.324237][ T5871] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.344177][ T5871] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 279.353195][ T5871] usb 2-1: config 1 has no interface number 1 [ 279.355531][ T5878] petalynx 0003:18B1:0037.0002: hidraw0: USB HID vff.ff Device [HID 18b1:0037] on usb-dummy_hcd.0-1/input0 [ 279.947956][ T5871] usb 2-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 279.959091][ T5871] usb 2-1: config 1 interface 2 has no altsetting 1 [ 279.967786][ T5871] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 279.977091][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.985195][ T5871] usb 2-1: Product: syz [ 279.989396][ T5871] usb 2-1: Manufacturer: syz [ 279.994019][ T5871] usb 2-1: SerialNumber: syz [ 280.185452][ T5878] usb 1-1: USB disconnect, device number 24 [ 281.411928][ T5871] usb 2-1: 2:2 : no or invalid class specific endpoint descriptor [ 281.439755][ T5871] usb 2-1: USB disconnect, device number 23 [ 281.661056][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 282.448106][ T7705] FAULT_INJECTION: forcing a failure. [ 282.448106][ T7705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.493785][ T7705] CPU: 0 UID: 0 PID: 7705 Comm: syz.3.517 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 282.493816][ T7705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 282.493828][ T7705] Call Trace: [ 282.493835][ T7705] [ 282.493843][ T7705] dump_stack_lvl+0x241/0x360 [ 282.493874][ T7705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.493898][ T7705] ? __pfx__printk+0x10/0x10 [ 282.493927][ T7705] should_fail_ex+0x424/0x570 [ 282.493958][ T7705] strncpy_from_user+0x36/0x280 [ 282.493987][ T7705] __se_sys_prctl+0xed1/0x4190 [ 282.494012][ T7705] ? is_bpf_text_address+0x26/0x2a0 [ 282.494040][ T7705] ? 0xffffffffa0003b40 [ 282.494057][ T7705] ? is_bpf_text_address+0x288/0x2a0 [ 282.494088][ T7705] ? is_bpf_text_address+0x26/0x2a0 [ 282.494112][ T7705] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 282.494135][ T7705] ? kernel_text_address+0xa7/0xe0 [ 282.494160][ T7705] ? __kernel_text_address+0xd/0x40 [ 282.494183][ T7705] ? _parse_integer_limit+0x1b4/0x200 [ 282.494217][ T7705] ? kstrtoull+0x1d3/0x2f0 [ 282.494236][ T7705] ? __pfx_kstrtoull+0x10/0x10 [ 282.494253][ T7705] ? __pfx___se_sys_prctl+0x10/0x10 [ 282.494285][ T7705] ? kstrtouint+0xfc/0x190 [ 282.494307][ T7705] ? __lock_acquire+0xad5/0xd80 [ 282.494353][ T7705] ? rcu_read_lock_any_held+0xbb/0x160 [ 282.494373][ T7705] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 282.494396][ T7705] ? vfs_write+0xb29/0xd10 [ 282.494427][ T7705] ? ksys_write+0x24e/0x2d0 [ 282.494454][ T7705] ? __mutex_unlock_slowpath+0x229/0x800 [ 282.494481][ T7705] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 282.494501][ T7705] ? __fget_files+0x2a/0x420 [ 282.494524][ T7705] ? __fget_files+0x2a/0x420 [ 282.494549][ T7705] ? fput+0x9b/0xd0 [ 282.494569][ T7705] ? ksys_write+0x275/0x2d0 [ 282.494599][ T7705] ? __x64_sys_prctl+0x20/0xc0 [ 282.494625][ T7705] do_syscall_64+0xf3/0x230 [ 282.494645][ T7705] ? clear_bhb_loop+0x45/0xa0 [ 282.494667][ T7705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.494694][ T7705] RIP: 0033:0x7fe19678d169 [ 282.494711][ T7705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.494729][ T7705] RSP: 002b:00007fe197614038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 282.494751][ T7705] RAX: ffffffffffffffda RBX: 00007fe1969a5fa0 RCX: 00007fe19678d169 [ 282.494766][ T7705] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 000000000000000f [ 282.494778][ T7705] RBP: 00007fe197614090 R08: 0000000000000000 R09: 0000000000000000 [ 282.494792][ T7705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.494803][ T7705] R13: 0000000000000001 R14: 00007fe1969a5fa0 R15: 00007ffe90a75d08 [ 282.494827][ T7705] [ 282.881558][ T7709] netlink: 136 bytes leftover after parsing attributes in process `syz.1.519'. [ 288.230123][ T7735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'. [ 288.281576][ T7736] netlink: 12 bytes leftover after parsing attributes in process `syz.3.526'. [ 288.464303][ T7731] netlink: 144 bytes leftover after parsing attributes in process `syz.4.523'. [ 289.524200][ T5878] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 289.524840][ T7746] netlink: 236 bytes leftover after parsing attributes in process `syz.0.529'. [ 290.100756][ T5878] usb 4-1: Using ep0 maxpacket: 8 [ 290.197263][ T5878] usb 4-1: config 2 has an invalid interface number: 216 but max is 0 [ 290.206931][ T5878] usb 4-1: config 2 has no interface number 0 [ 290.231150][ T5878] usb 4-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=de.7b [ 290.257400][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.282913][ T5878] gspca_main: spca501-2.14.0 probing 040a:0002 [ 290.324287][ T5905] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 290.484398][ T5878] gspca_spca501: reg write: error -71 [ 290.490805][ T5878] spca501 4-1:2.216: Reg write failed for 0x00,0xaa,0x00 [ 290.500900][ T5878] spca501 4-1:2.216: probe with driver spca501 failed with error -22 [ 290.514421][ T5905] usb 1-1: config 0 has an invalid interface number: 224 but max is 0 [ 290.527129][ T5905] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.539171][ T5878] usb 4-1: USB disconnect, device number 18 [ 290.554915][ T5905] usb 1-1: config 0 has no interface number 0 [ 290.565100][ T5905] usb 1-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=c7.bc [ 290.657462][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.688581][ T5905] usb 1-1: Product: syz [ 291.313868][ T5905] usb 1-1: Manufacturer: syz [ 291.318707][ T5905] usb 1-1: SerialNumber: syz [ 291.345340][ T5905] usb 1-1: config 0 descriptor?? [ 291.373396][ T5905] ldusb 1-1:0.224: Interrupt in endpoint not found [ 291.555027][ T7764] 9pnet_fd: Insufficient options for proto=fd [ 291.602251][ T979] usb 1-1: USB disconnect, device number 25 [ 291.938517][ T7770] netlink: 132 bytes leftover after parsing attributes in process `syz.4.536'. [ 291.974402][ T5905] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 292.004573][ T7772] netlink: 'syz.1.537': attribute type 23 has an invalid length. [ 292.012545][ T7772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.537'. [ 292.081215][ T7770] Invalid option length (10838) for dns_resolver key [ 292.164739][ T5905] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 292.164773][ T5905] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 292.164796][ T5905] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 292.164820][ T5905] usb 4-1: config 1 has no interface number 1 [ 292.164860][ T5905] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 292.164890][ T5905] usb 4-1: config 1 interface 2 has no altsetting 1 [ 292.172273][ T5905] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 292.172305][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.172327][ T5905] usb 4-1: Product: syz [ 292.172342][ T5905] usb 4-1: Manufacturer: syz [ 292.172357][ T5905] usb 4-1: SerialNumber: syz [ 293.795999][ T5905] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor [ 293.855294][ T5905] usb 4-1: USB disconnect, device number 19 [ 294.280777][ T5871] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 298.282551][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 299.130260][ T7804] FAULT_INJECTION: forcing a failure. [ 299.130260][ T7804] name failslab, interval 1, probability 0, space 0, times 0 [ 299.156029][ T7804] CPU: 0 UID: 0 PID: 7804 Comm: syz.3.545 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 299.156062][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 299.156076][ T7804] Call Trace: [ 299.156083][ T7804] [ 299.156091][ T7804] dump_stack_lvl+0x241/0x360 [ 299.156125][ T7804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.156151][ T7804] ? __pfx__printk+0x10/0x10 [ 299.156177][ T7804] ? __pfx___might_resched+0x10/0x10 [ 299.156209][ T7804] should_fail_ex+0x424/0x570 [ 299.156240][ T7804] should_failslab+0xac/0x100 [ 299.156270][ T7804] kmem_cache_alloc_noprof+0x78/0x390 [ 299.156298][ T7804] ? getname_flags+0xb6/0x530 [ 299.156321][ T7804] getname_flags+0xb6/0x530 [ 299.156339][ T7804] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 299.156359][ T7804] ? __fget_files+0x2a/0x420 [ 299.156379][ T7804] user_path_at+0x24/0x60 [ 299.156400][ T7804] do_faccessat+0x5e5/0xbe0 [ 299.156423][ T7804] ? fput+0x9b/0xd0 [ 299.156444][ T7804] ? __pfx_do_faccessat+0x10/0x10 [ 299.156471][ T7804] __x64_sys_faccessat2+0x9a/0xb0 [ 299.156501][ T7804] do_syscall_64+0xf3/0x230 [ 299.156521][ T7804] ? clear_bhb_loop+0x45/0xa0 [ 299.156543][ T7804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.156562][ T7804] RIP: 0033:0x7fe19678d169 [ 299.156580][ T7804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.156599][ T7804] RSP: 002b:00007fe197614038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7 [ 299.156620][ T7804] RAX: ffffffffffffffda RBX: 00007fe1969a5fa0 RCX: 00007fe19678d169 [ 299.156635][ T7804] RDX: 0000000000000005 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 299.156649][ T7804] RBP: 00007fe197614090 R08: 0000000000000000 R09: 0000000000000000 [ 299.156662][ T7804] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000001 [ 299.156674][ T7804] R13: 0000000000000000 R14: 00007fe1969a5fa0 R15: 00007ffe90a75d08 [ 299.156699][ T7804] [ 300.367711][ T7815] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 303.854423][ T5871] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 303.974356][ T48] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 304.041837][ T5871] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 304.041955][ T5871] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.042034][ T5871] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 304.042115][ T5871] usb 1-1: config 1 has no interface number 1 [ 304.042299][ T5871] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 304.042389][ T5871] usb 1-1: config 1 interface 2 has no altsetting 1 [ 304.076019][ T5874] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 304.786959][ T48] usb 5-1: Using ep0 maxpacket: 8 [ 304.807172][ T48] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.807222][ T48] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 304.807251][ T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 304.807279][ T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 304.807303][ T48] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 304.807462][ T5871] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 304.807489][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.807570][ T5871] usb 1-1: Product: syz [ 304.807587][ T5871] usb 1-1: Manufacturer: syz [ 304.807603][ T5871] usb 1-1: SerialNumber: syz [ 304.836451][ T48] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 304.836492][ T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 304.836515][ T48] usb 5-1: Product: syz [ 304.836533][ T48] usb 5-1: Manufacturer: syz [ 304.836576][ T48] usb 5-1: SerialNumber: syz [ 304.838708][ T48] usb 5-1: config 0 descriptor?? [ 304.913435][ T5874] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 304.913501][ T5874] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.913523][ T5874] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 304.913546][ T5874] usb 3-1: config 1 has no interface number 1 [ 304.913586][ T5874] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 304.913645][ T5874] usb 3-1: config 1 interface 2 has no altsetting 1 [ 304.954283][ T5874] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 304.954320][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.954377][ T5874] usb 3-1: Product: syz [ 304.954395][ T5874] usb 3-1: Manufacturer: syz [ 304.954419][ T5874] usb 3-1: SerialNumber: syz [ 305.682878][ T48] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 305.726541][ T48] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 306.533070][ T7852] syzkaller1: entered promiscuous mode [ 306.533099][ T7852] syzkaller1: entered allmulticast mode [ 306.622243][ T979] usb 5-1: USB disconnect, device number 22 [ 308.723622][ T5871] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor [ 309.776788][ T5871] usb 1-1: USB disconnect, device number 27 [ 309.777421][ T5874] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 309.797661][ T5874] usb 3-1: USB disconnect, device number 23 [ 309.987443][ T7875] bond0: left promiscuous mode [ 309.993095][ T7875] bond0: left allmulticast mode [ 310.038787][ T7875] team0: Port device bond0 removed [ 310.046679][ T7875] team0: left allmulticast mode [ 310.051680][ T7875] team0: left promiscuous mode [ 310.057193][ T7875] bridge0: port 1(team0) entered disabled state [ 310.228494][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 311.268712][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 311.308213][ T7878] netlink: 236 bytes leftover after parsing attributes in process `syz.3.564'. [ 315.614306][ T5917] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 315.983856][ T5874] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 317.020435][ T5874] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 317.051096][ T5874] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 317.064951][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.071313][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.928996][ T5874] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 317.980534][ T5874] usb 5-1: config 1 has no interface number 1 [ 318.004758][ T5874] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 318.054912][ T5874] usb 5-1: config 1 interface 2 has no altsetting 1 [ 318.202903][ T7907] netlink: 136 bytes leftover after parsing attributes in process `syz.0.572'. [ 318.219103][ T5874] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 318.250725][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.269545][ T5874] usb 5-1: Product: syz [ 318.308194][ T5874] usb 5-1: Manufacturer: syz [ 318.314579][ T5874] usb 5-1: SerialNumber: syz [ 318.698445][ T5871] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 318.856016][ T7918] netlink: 20 bytes leftover after parsing attributes in process `syz.3.575'. [ 319.484370][ T5871] usb 2-1: Using ep0 maxpacket: 8 [ 319.494842][ T5871] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 319.503521][ T5871] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 319.600239][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 319.961304][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 319.981666][ T5871] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.000232][ T5874] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor [ 320.784590][ T5871] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 320.805492][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.850120][ T5874] usb 5-1: USB disconnect, device number 23 [ 320.975611][ T7932] FAULT_INJECTION: forcing a failure. [ 320.975611][ T7932] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.032280][ T5871] usb 2-1: GET_CAPABILITIES returned 0 [ 321.045094][ T7932] CPU: 1 UID: 0 PID: 7932 Comm: syz.0.579 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 321.045124][ T7932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 321.045137][ T7932] Call Trace: [ 321.045144][ T7932] [ 321.045152][ T7932] dump_stack_lvl+0x241/0x360 [ 321.045185][ T7932] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.045210][ T7932] ? __pfx__printk+0x10/0x10 [ 321.045240][ T7932] should_fail_ex+0x424/0x570 [ 321.045273][ T7932] _copy_from_user+0x2d/0xb0 [ 321.045298][ T7932] do_sys_poll+0x253/0x1610 [ 321.045323][ T7932] ? 0xffffffffa0001fa4 [ 321.045339][ T7932] ? is_bpf_text_address+0x26/0x2a0 [ 321.045368][ T7932] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 321.045392][ T7932] ? kernel_text_address+0xa7/0xe0 [ 321.045418][ T7932] ? __kernel_text_address+0xd/0x40 [ 321.045446][ T7932] ? __pfx_do_sys_poll+0x10/0x10 [ 321.045468][ T7932] ? kstrtoull+0x1d3/0x2f0 [ 321.045487][ T7932] ? __pfx_kstrtoull+0x10/0x10 [ 321.045550][ T7932] ? ktime_get_ts64+0xa1/0x440 [ 321.045571][ T7932] ? seqcount_lockdep_reader_access+0x159/0x230 [ 321.045593][ T7932] ? lockdep_hardirqs_on+0x9d/0x150 [ 321.045631][ T7932] ? __pfx_timespec64_add_safe+0x10/0x10 [ 321.045658][ T7932] ? fd_install+0x9c/0x4c0 [ 321.045684][ T7932] __se_sys_poll+0x1eb/0x430 [ 321.045706][ T7932] ? __pfx___se_sys_poll+0x10/0x10 [ 321.045730][ T7932] ? do_syscall_64+0xb6/0x230 [ 321.045753][ T7932] do_syscall_64+0xf3/0x230 [ 321.045784][ T7932] ? clear_bhb_loop+0x45/0xa0 [ 321.045808][ T7932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.045828][ T7932] RIP: 0033:0x7f0567d8d169 [ 321.045845][ T7932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.045862][ T7932] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 321.045884][ T7932] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 321.045900][ T7932] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000200000000240 [ 321.045913][ T7932] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 321.045926][ T7932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.045938][ T7932] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 321.045964][ T7932] [ 321.052541][ T5871] usbtmc 2-1:16.0: can't read capabilities [ 321.444327][ T5874] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 321.670085][ T5874] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 321.775439][ T5874] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 321.869370][ T5874] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 321.908670][ T5874] usb 5-1: config 1 has no interface number 1 [ 321.915302][ T5874] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 321.970221][ T5874] usb 5-1: config 1 interface 2 has no altsetting 1 [ 321.983627][ T5874] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 321.997388][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.999506][ T7939] FAULT_INJECTION: forcing a failure. [ 321.999506][ T7939] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.019180][ T7939] CPU: 0 UID: 0 PID: 7939 Comm: syz.0.581 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 322.019208][ T7939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.019222][ T7939] Call Trace: [ 322.019229][ T7939] [ 322.019237][ T7939] dump_stack_lvl+0x241/0x360 [ 322.019269][ T7939] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.019293][ T7939] ? __pfx__printk+0x10/0x10 [ 322.019321][ T7939] should_fail_ex+0x424/0x570 [ 322.019351][ T7939] _copy_from_user+0x2d/0xb0 [ 322.019378][ T7939] copy_msghdr_from_user+0xb3/0x580 [ 322.019405][ T7939] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 322.019424][ T7939] ? __fget_files+0x2a/0x420 [ 322.019449][ T7939] ? __fget_files+0x2a/0x420 [ 322.019477][ T7939] __sys_sendmmsg+0x361/0x7b0 [ 322.019514][ T7939] ? __pfx___sys_sendmmsg+0x10/0x10 [ 322.019566][ T7939] ? rcu_read_lock_any_held+0xbb/0x160 [ 322.019588][ T7939] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 322.019610][ T7939] ? vfs_write+0xb29/0xd10 [ 322.019643][ T7939] ? ksys_write+0x24e/0x2d0 [ 322.019671][ T7939] ? __mutex_unlock_slowpath+0x229/0x800 [ 322.019724][ T7939] ? ksys_write+0x275/0x2d0 [ 322.019759][ T7939] __x64_sys_sendmmsg+0xa0/0xb0 [ 322.019789][ T7939] do_syscall_64+0xf3/0x230 [ 322.019811][ T7939] ? clear_bhb_loop+0x45/0xa0 [ 322.019834][ T7939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.019854][ T7939] RIP: 0033:0x7f0567d8d169 [ 322.019873][ T7939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.019891][ T7939] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 322.019913][ T7939] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 322.019929][ T7939] RDX: 0000000000000002 RSI: 0000200000006b80 RDI: 0000000000000003 [ 322.019942][ T7939] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 322.019955][ T7939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.019968][ T7939] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 322.019993][ T7939] [ 322.034136][ T5874] usb 5-1: Product: syz [ 322.255001][ T5874] usb 5-1: Manufacturer: syz [ 322.259748][ T5874] usb 5-1: SerialNumber: syz [ 322.425927][ T7948] FAULT_INJECTION: forcing a failure. [ 322.425927][ T7948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.443370][ T7951] netlink: 236 bytes leftover after parsing attributes in process `syz.0.585'. [ 322.463101][ T7948] CPU: 0 UID: 0 PID: 7948 Comm: syz.1.586 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 322.463135][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.463148][ T7948] Call Trace: [ 322.463155][ T7948] [ 322.463164][ T7948] dump_stack_lvl+0x241/0x360 [ 322.463195][ T7948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.463220][ T7948] ? __pfx__printk+0x10/0x10 [ 322.463251][ T7948] should_fail_ex+0x424/0x570 [ 322.463303][ T7948] _copy_from_user+0x2d/0xb0 [ 322.463335][ T7948] do_sock_getsockopt+0x1d5/0x740 [ 322.463366][ T7948] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 322.463392][ T7948] ? __fget_files+0x2a/0x420 [ 322.463415][ T7948] ? __fget_files+0x39d/0x420 [ 322.463435][ T7948] ? __fget_files+0x2a/0x420 [ 322.463461][ T7948] __x64_sys_getsockopt+0x2a3/0x370 [ 322.463494][ T7948] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 322.463526][ T7948] ? do_syscall_64+0xb6/0x230 [ 322.463549][ T7948] do_syscall_64+0xf3/0x230 [ 322.463570][ T7948] ? clear_bhb_loop+0x45/0xa0 [ 322.463593][ T7948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.463613][ T7948] RIP: 0033:0x7f2c6938d169 [ 322.463630][ T7948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.463648][ T7948] RSP: 002b:00007f2c6a193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 322.463670][ T7948] RAX: ffffffffffffffda RBX: 00007f2c695a5fa0 RCX: 00007f2c6938d169 [ 322.463686][ T7948] RDX: 0000000000000015 RSI: 0000000000000000 RDI: 0000000000000004 [ 322.463698][ T7948] RBP: 00007f2c6a193090 R08: 0000200000000080 R09: 0000000000000000 [ 322.463711][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.463723][ T7948] R13: 0000000000000000 R14: 00007f2c695a5fa0 R15: 00007ffe396f87f8 [ 322.463748][ T7948] [ 323.882421][ T5874] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor [ 323.934921][ T5874] usb 5-1: USB disconnect, device number 24 [ 324.054284][ T5878] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 324.135045][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 324.154399][ T48] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 324.273429][ T5878] usb 1-1: config 0 has an invalid interface number: 224 but max is 0 [ 324.288202][ T5878] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 324.300454][ T5878] usb 1-1: config 0 has no interface number 0 [ 324.313897][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 324.366179][ T5878] usb 1-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=c7.bc [ 324.392044][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.401263][ T5878] usb 1-1: Product: syz [ 324.647874][ T5878] usb 1-1: Manufacturer: syz [ 324.652561][ T5878] usb 1-1: SerialNumber: syz [ 324.689444][ T48] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 324.694855][ T5878] usb 1-1: config 0 descriptor?? [ 324.703300][ T48] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.716092][ T5878] ldusb 1-1:0.224: Interrupt in endpoint not found [ 324.742167][ T48] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 324.752007][ T48] usb 3-1: config 1 has no interface number 1 [ 324.762593][ T48] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 324.774680][ T48] usb 3-1: config 1 interface 2 has no altsetting 1 [ 324.784795][ T48] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 324.793887][ T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.809075][ T48] usb 3-1: Product: syz [ 324.815419][ T48] usb 3-1: Manufacturer: syz [ 324.821133][ T48] usb 3-1: SerialNumber: syz [ 326.356805][ T48] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 326.371374][ T979] usb 1-1: USB disconnect, device number 28 [ 326.528946][ T48] usb 3-1: USB disconnect, device number 24 [ 326.855442][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 326.945251][ T5874] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 327.214576][ T5874] usb 1-1: device descriptor read/64, error -71 [ 327.424254][ T5871] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 327.518250][ T7999] netlink: 28 bytes leftover after parsing attributes in process `syz.1.600'. [ 327.544184][ T5874] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 327.610668][ T5871] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 327.627048][ T5871] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 327.652219][ T5871] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 327.671869][ T5871] usb 4-1: config 1 has no interface number 1 [ 327.687092][ T5871] usb 4-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 327.705397][ T5874] usb 1-1: device descriptor read/64, error -71 [ 327.731101][ T5871] usb 4-1: config 1 interface 2 has no altsetting 1 [ 327.756131][ T5871] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 327.772024][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.790804][ T5871] usb 4-1: Product: syz [ 327.799588][ T5871] usb 4-1: Manufacturer: syz [ 327.809957][ T5871] usb 4-1: SerialNumber: syz [ 327.824579][ T5874] usb usb1-port1: attempt power cycle [ 327.911132][ T8010] fuse: Bad value for 'rootmode' [ 328.010457][ T8008] syzkaller0: entered promiscuous mode [ 328.018595][ T8008] syzkaller0: entered allmulticast mode [ 328.062550][ T8013] netlink: 20 bytes leftover after parsing attributes in process `syz.2.606'. [ 328.098689][ T8013] ======================================================= [ 328.098689][ T8013] WARNING: The mand mount option has been deprecated and [ 328.098689][ T8013] and is ignored by this kernel. Remove the mand [ 328.098689][ T8013] option from the mount to silence this warning. [ 328.098689][ T8013] ======================================================= [ 328.204665][ T5874] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 328.323156][ T5874] usb 1-1: device descriptor read/8, error -71 [ 328.737375][ T5874] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 328.850466][ T5874] usb 1-1: device descriptor read/8, error -71 [ 329.159047][ T5874] usb usb1-port1: unable to enumerate USB device [ 329.668756][ T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 329.843096][ T8031] netlink: 20 bytes leftover after parsing attributes in process `syz.1.609'. [ 329.904230][ T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 329.961733][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 330.043633][ T24] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 330.095175][ T24] usb 3-1: config 1 has no interface number 1 [ 330.113976][ T24] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 330.140005][ T24] usb 3-1: config 1 interface 2 has no altsetting 1 [ 330.183203][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 330.237038][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.245308][ T24] usb 3-1: Product: syz [ 330.249618][ T24] usb 3-1: Manufacturer: syz [ 330.255110][ T24] usb 3-1: SerialNumber: syz [ 330.941073][ T8039] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma? [ 331.196901][ T24] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 331.240717][ T8043] netlink: 136 bytes leftover after parsing attributes in process `syz.4.616'. [ 331.269243][ T5871] usb 4-1: 2:2 : no or invalid class specific endpoint descriptor [ 331.279604][ T24] usb 3-1: USB disconnect, device number 25 [ 331.295491][ T979] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 331.465141][ T8047] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 331.617050][ T979] usb 1-1: config 0 has an invalid interface number: 207 but max is 0 [ 331.622543][ T5871] usb 4-1: USB disconnect, device number 21 [ 331.656312][ T979] usb 1-1: config 0 has no interface number 0 [ 331.681747][ T979] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 331.714770][ T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.722830][ T979] usb 1-1: Product: syz [ 331.762125][ T979] usb 1-1: Manufacturer: syz [ 331.778462][ T979] usb 1-1: SerialNumber: syz [ 331.797943][ T8056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.798774][ T979] usb 1-1: config 0 descriptor?? [ 331.815861][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 331.839176][ T979] qmi_wwan 1-1:0.207: bogus CDC Union: master=0, slave=1 [ 331.846515][ T8056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.889966][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 332.718215][ T8066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.614'. [ 332.727293][ T8066] netlink: 16 bytes leftover after parsing attributes in process `syz.0.614'. [ 332.924396][ T24] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 333.156522][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 333.314610][ T979] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22 [ 333.326520][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 333.368016][ T24] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 333.395045][ T24] usb 5-1: config 1 has no interface number 1 [ 333.402376][ T24] usb 5-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 333.414777][ T24] usb 5-1: config 1 interface 2 has no altsetting 1 [ 333.423822][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 333.434055][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.442727][ T24] usb 5-1: Product: syz [ 333.447275][ T24] usb 5-1: Manufacturer: syz [ 333.451908][ T24] usb 5-1: SerialNumber: syz [ 335.220377][ T5905] usb 1-1: USB disconnect, device number 33 [ 335.306611][ T5878] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 335.446242][ T24] usb 5-1: 2:2 : no or invalid class specific endpoint descriptor [ 335.510762][ T24] usb 5-1: USB disconnect, device number 25 [ 335.693246][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 335.714753][ T8094] netlink: 136 bytes leftover after parsing attributes in process `syz.1.632'. [ 336.015825][ T8108] FAULT_INJECTION: forcing a failure. [ 336.015825][ T8108] name failslab, interval 1, probability 0, space 0, times 0 [ 336.068912][ T8108] CPU: 1 UID: 0 PID: 8108 Comm: syz.2.637 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 336.068945][ T8108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 336.068958][ T8108] Call Trace: [ 336.068966][ T8108] [ 336.068975][ T8108] dump_stack_lvl+0x241/0x360 [ 336.069008][ T8108] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.069032][ T8108] ? __pfx__printk+0x10/0x10 [ 336.069059][ T8108] ? __pfx___might_resched+0x10/0x10 [ 336.069090][ T8108] should_fail_ex+0x424/0x570 [ 336.069129][ T8108] should_failslab+0xac/0x100 [ 336.069162][ T8108] __kmalloc_noprof+0xdf/0x4d0 [ 336.069181][ T8108] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 336.069201][ T8108] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 336.069224][ T8108] tomoyo_realpath_from_path+0xcf/0x5e0 [ 336.069250][ T8108] tomoyo_path_number_perm+0x245/0x790 [ 336.069278][ T8108] ? tomoyo_path_number_perm+0x215/0x790 [ 336.069307][ T8108] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 336.069339][ T8108] ? ksys_write+0x24e/0x2d0 [ 336.069372][ T8108] ? __lock_acquire+0xad5/0xd80 [ 336.069413][ T8108] ? __fget_files+0x2a/0x420 [ 336.069434][ T8108] ? __fget_files+0x2a/0x420 [ 336.069457][ T8108] ? __fget_files+0x2a/0x420 [ 336.069481][ T8108] security_file_ioctl+0xc6/0x2a0 [ 336.069511][ T8108] __se_sys_ioctl+0x46/0x160 [ 336.069540][ T8108] do_syscall_64+0xf3/0x230 [ 336.069561][ T8108] ? clear_bhb_loop+0x45/0xa0 [ 336.069585][ T8108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.069606][ T8108] RIP: 0033:0x7f79d3f8d169 [ 336.069623][ T8108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.069642][ T8108] RSP: 002b:00007f79d4d54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 336.069665][ T8108] RAX: ffffffffffffffda RBX: 00007f79d41a5fa0 RCX: 00007f79d3f8d169 [ 336.069682][ T8108] RDX: 0000200000000080 RSI: 00000000c040564a RDI: 0000000000000003 [ 336.069696][ T8108] RBP: 00007f79d4d54090 R08: 0000000000000000 R09: 0000000000000000 [ 336.069710][ T8108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.069723][ T8108] R13: 0000000000000000 R14: 00007f79d41a5fa0 R15: 00007ffdf6e7e158 [ 336.069750][ T8108] [ 336.069759][ T8108] ERROR: Out of memory at tomoyo_realpath_from_path. [ 336.236043][ T8115] FAULT_INJECTION: forcing a failure. [ 336.236043][ T8115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.488142][ T8115] CPU: 1 UID: 0 PID: 8115 Comm: syz.3.639 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 336.488175][ T8115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 336.488188][ T8115] Call Trace: [ 336.488195][ T8115] [ 336.488205][ T8115] dump_stack_lvl+0x241/0x360 [ 336.488236][ T8115] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.488275][ T8115] ? __pfx__printk+0x10/0x10 [ 336.488297][ T8115] should_fail_ex+0x424/0x570 [ 336.488322][ T8115] _copy_to_user+0x31/0xb0 [ 336.488342][ T8115] simple_read_from_buffer+0xdc/0x170 [ 336.488368][ T8115] proc_fail_nth_read+0x1ef/0x260 [ 336.488388][ T8115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.488407][ T8115] ? rw_verify_area+0x246/0x630 [ 336.488425][ T8115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.488443][ T8115] vfs_read+0x21f/0xb90 [ 336.488465][ T8115] ? __pfx___mutex_lock+0x10/0x10 [ 336.488480][ T8115] ? __pfx_vfs_read+0x10/0x10 [ 336.488501][ T8115] ? __fget_files+0x2a/0x420 [ 336.488518][ T8115] ? __fget_files+0x39d/0x420 [ 336.488532][ T8115] ? __fget_files+0x2a/0x420 [ 336.488552][ T8115] ksys_read+0x19d/0x2d0 [ 336.488572][ T8115] ? __pfx_ksys_read+0x10/0x10 [ 336.488594][ T8115] ? do_syscall_64+0xb6/0x230 [ 336.488611][ T8115] do_syscall_64+0xf3/0x230 [ 336.488626][ T8115] ? clear_bhb_loop+0x45/0xa0 [ 336.488643][ T8115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.488658][ T8115] RIP: 0033:0x7fe19678bb7c [ 336.488671][ T8115] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 336.488684][ T8115] RSP: 002b:00007fe1975d2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 336.488700][ T8115] RAX: ffffffffffffffda RBX: 00007fe1969a6160 RCX: 00007fe19678bb7c [ 336.488711][ T8115] RDX: 000000000000000f RSI: 00007fe1975d20a0 RDI: 0000000000000004 [ 336.488721][ T8115] RBP: 00007fe1975d2090 R08: 0000000000000000 R09: 0000000000000000 [ 336.488730][ T8115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.488739][ T8115] R13: 0000000000000000 R14: 00007fe1969a6160 R15: 00007ffe90a75d08 [ 336.488758][ T8115] [ 337.426474][ T5905] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 337.587772][ T5905] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 337.606330][ T5905] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 337.640718][ T5905] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 337.668053][ T5905] usb 1-1: config 1 has no interface number 1 [ 337.687317][ T5905] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 337.720444][ T5905] usb 1-1: config 1 interface 2 has no altsetting 1 [ 337.750438][ T5905] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 337.778261][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.804424][ T5905] usb 1-1: Product: syz [ 337.817216][ T5905] usb 1-1: Manufacturer: syz [ 337.832160][ T5905] usb 1-1: SerialNumber: syz [ 338.254172][ T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 338.551372][ T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 338.738986][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 338.850388][ T24] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 338.997790][ T24] usb 3-1: config 1 has no interface number 1 [ 339.047818][ T8144] gretap0: left allmulticast mode [ 339.054461][ T8144] netlink: 136 bytes leftover after parsing attributes in process `syz.3.648'. [ 339.100514][ T24] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 339.233545][ T5905] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor [ 339.235389][ T24] usb 3-1: config 1 interface 2 has no altsetting 1 [ 339.344037][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 339.467267][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.524125][ T24] usb 3-1: Product: syz [ 339.537140][ T24] usb 3-1: Manufacturer: syz [ 339.565598][ T5905] usb 1-1: USB disconnect, device number 34 [ 339.573990][ T24] usb 3-1: SerialNumber: syz [ 340.538179][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 342.884902][ T24] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 342.923685][ T24] usb 3-1: USB disconnect, device number 26 [ 343.076295][ T8163] FAULT_INJECTION: forcing a failure. [ 343.076295][ T8163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 343.119121][ T8163] CPU: 0 UID: 0 PID: 8163 Comm: syz.0.654 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 343.119152][ T8163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 343.119165][ T8163] Call Trace: [ 343.119173][ T8163] [ 343.119181][ T8163] dump_stack_lvl+0x241/0x360 [ 343.119226][ T8163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.119251][ T8163] ? __pfx__printk+0x10/0x10 [ 343.119282][ T8163] should_fail_ex+0x424/0x570 [ 343.119316][ T8163] _copy_from_user+0x2d/0xb0 [ 343.119342][ T8163] copy_msghdr_from_user+0xb3/0x580 [ 343.119369][ T8163] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 343.119388][ T8163] ? __fget_files+0x2a/0x420 [ 343.119413][ T8163] ? __fget_files+0x2a/0x420 [ 343.119441][ T8163] do_recvmmsg+0x3bf/0xab0 [ 343.119478][ T8163] ? __pfx_do_recvmmsg+0x10/0x10 [ 343.119519][ T8163] ? rcu_read_lock_any_held+0xbb/0x160 [ 343.119539][ T8163] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 343.119562][ T8163] ? vfs_write+0xb29/0xd10 [ 343.119595][ T8163] ? ksys_write+0x24e/0x2d0 [ 343.119624][ T8163] ? __mutex_unlock_slowpath+0x229/0x800 [ 343.119652][ T8163] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 343.119673][ T8163] ? __fget_files+0x2a/0x420 [ 343.119704][ T8163] __x64_sys_recvmmsg+0x1ab/0x260 [ 343.119734][ T8163] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 343.119769][ T8163] ? do_syscall_64+0xb6/0x230 [ 343.119792][ T8163] do_syscall_64+0xf3/0x230 [ 343.119813][ T8163] ? clear_bhb_loop+0x45/0xa0 [ 343.119836][ T8163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.119856][ T8163] RIP: 0033:0x7f0567d8d169 [ 343.119874][ T8163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.119893][ T8163] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 343.119915][ T8163] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 343.119931][ T8163] RDX: 0000000000000001 RSI: 0000200000002780 RDI: 0000000000000003 [ 343.119944][ T8163] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 343.119957][ T8163] R10: 0000000000002140 R11: 0000000000000246 R12: 0000000000000001 [ 343.119969][ T8163] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 343.119995][ T8163] [ 343.129142][ T6038] udevd[6038]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 343.593589][ T5878] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 343.645815][ T8179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 343.646055][ T8179] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 343.745352][ T5878] usb 1-1: no configurations [ 343.745417][ T5878] usb 1-1: can't read configurations, error -22 [ 343.884410][ T5878] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 344.037873][ T5878] usb 1-1: no configurations [ 344.037943][ T5878] usb 1-1: can't read configurations, error -22 [ 344.038364][ T5878] usb usb1-port1: attempt power cycle [ 344.426565][ T5878] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 344.478983][ T5878] usb 1-1: no configurations [ 344.604251][ T5878] usb 1-1: can't read configurations, error -22 [ 344.634203][ T24] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 344.665201][ T8187] netlink: 136 bytes leftover after parsing attributes in process `syz.4.663'. [ 344.754215][ T5878] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 344.804470][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 344.811818][ T5878] usb 1-1: no configurations [ 344.820498][ T24] usb 3-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 344.833121][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.844140][ T24] usb 3-1: Product: syz [ 344.848440][ T24] usb 3-1: Manufacturer: syz [ 344.853179][ T24] usb 3-1: SerialNumber: syz [ 344.857880][ T5878] usb 1-1: can't read configurations, error -22 [ 344.858248][ T5878] usb usb1-port1: unable to enumerate USB device [ 344.904928][ T24] usb 3-1: config 0 descriptor?? [ 344.922670][ T24] radioshark 3-1:0.0: Invalid radioSHARK device [ 344.956425][ T24] radioshark 3-1:0.0: probe with driver radioshark failed with error -22 [ 345.016310][ T24] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 346.467482][ T5871] usb 3-1: USB disconnect, device number 27 [ 347.314720][ T8221] trusted_key: encrypted_key: insufficient parameters specified [ 347.548271][ T5822] Bluetooth: hci4: command 0x0405 tx timeout [ 347.693351][ T8220] netlink: 136 bytes leftover after parsing attributes in process `syz.2.674'. [ 352.322325][ T8250] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 352.929900][ T8259] FAULT_INJECTION: forcing a failure. [ 352.929900][ T8259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.943273][ T8259] CPU: 1 UID: 0 PID: 8259 Comm: syz.1.681 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 352.943302][ T8259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 352.943316][ T8259] Call Trace: [ 352.943324][ T8259] [ 352.943332][ T8259] dump_stack_lvl+0x241/0x360 [ 352.943365][ T8259] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.943391][ T8259] ? __pfx__printk+0x10/0x10 [ 352.943424][ T8259] should_fail_ex+0x424/0x570 [ 352.943457][ T8259] _copy_from_user+0x2d/0xb0 [ 352.943484][ T8259] copy_msghdr_from_user+0xb3/0x580 [ 352.943511][ T8259] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 352.943531][ T8259] ? __fget_files+0x2a/0x420 [ 352.943555][ T8259] ? __fget_files+0x2a/0x420 [ 352.943584][ T8259] __sys_sendmmsg+0x361/0x7b0 [ 352.943620][ T8259] ? __pfx___sys_sendmmsg+0x10/0x10 [ 352.943673][ T8259] ? rcu_read_lock_any_held+0xbb/0x160 [ 352.943694][ T8259] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 352.943717][ T8259] ? vfs_write+0xb29/0xd10 [ 352.943751][ T8259] ? ksys_write+0x24e/0x2d0 [ 352.943780][ T8259] ? __mutex_unlock_slowpath+0x229/0x800 [ 352.943821][ T8259] ? ksys_write+0x275/0x2d0 [ 352.943856][ T8259] __x64_sys_sendmmsg+0xa0/0xb0 [ 352.943887][ T8259] do_syscall_64+0xf3/0x230 [ 352.943908][ T8259] ? clear_bhb_loop+0x45/0xa0 [ 352.943932][ T8259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.943952][ T8259] RIP: 0033:0x7f2c6938d169 [ 352.943969][ T8259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.943987][ T8259] RSP: 002b:00007f2c6a193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 352.944009][ T8259] RAX: ffffffffffffffda RBX: 00007f2c695a5fa0 RCX: 00007f2c6938d169 [ 352.944025][ T8259] RDX: 0000000000000001 RSI: 0000200000006480 RDI: 0000000000000004 [ 352.944038][ T8259] RBP: 00007f2c6a193090 R08: 0000000000000000 R09: 0000000000000000 [ 352.944056][ T8259] R10: 0000000000044044 R11: 0000000000000246 R12: 0000000000000001 [ 352.944069][ T8259] R13: 0000000000000000 R14: 00007f2c695a5fa0 R15: 00007ffe396f87f8 [ 352.944094][ T8259] [ 353.150885][ C1] vkms_vblank_simulate: vblank timer overrun [ 353.505689][ T8262] No source specified [ 353.712598][ T8272] input: syz0 as /devices/virtual/input/input9 [ 353.880040][ T5874] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 354.962402][ T5874] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 354.974019][ T5874] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 354.990041][ T5874] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 355.001819][ T5874] usb 3-1: config 1 has no interface number 1 [ 355.010908][ T5874] usb 3-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 355.024237][ T5874] usb 3-1: config 1 interface 2 has no altsetting 1 [ 355.042629][ T5874] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 355.062621][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.083227][ T5874] usb 3-1: Product: syz [ 355.095433][ T5874] usb 3-1: Manufacturer: syz [ 355.121966][ T5874] usb 3-1: SerialNumber: syz [ 355.181348][ T8287] syzkaller1: entered promiscuous mode [ 355.260251][ T8285] FAULT_INJECTION: forcing a failure. [ 355.260251][ T8285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.343735][ T8287] syzkaller1: entered allmulticast mode [ 355.439617][ T8285] CPU: 1 UID: 0 PID: 8285 Comm: syz.3.691 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 355.439647][ T8285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.439660][ T8285] Call Trace: [ 355.439668][ T8285] [ 355.439677][ T8285] dump_stack_lvl+0x241/0x360 [ 355.439712][ T8285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.439736][ T8285] ? __pfx__printk+0x10/0x10 [ 355.439761][ T8285] ? _copy_from_iter+0x1ad/0x1c70 [ 355.439788][ T8285] should_fail_ex+0x424/0x570 [ 355.439819][ T8285] _copy_from_iter+0x211/0x1c70 [ 355.439851][ T8285] ? __pfx__copy_from_iter+0x10/0x10 [ 355.439890][ T8285] ? finish_task_switch+0x1e5/0x870 [ 355.439913][ T8285] ? lockdep_hardirqs_on+0x9d/0x150 [ 355.439939][ T8285] ? finish_task_switch+0x1e5/0x870 [ 355.439967][ T8285] tun_get_user+0x269/0x47c0 [ 355.440008][ T8285] ? __pfx___schedule+0x10/0x10 [ 355.440035][ T8285] ? __pfx_tun_get_user+0x10/0x10 [ 355.440061][ T8285] ? __switch_to+0xe97/0x1c30 [ 355.440091][ T8285] ? ref_tracker_alloc+0x316/0x4c0 [ 355.440123][ T8285] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 355.440161][ T8285] ? tun_get+0x1e/0x2f0 [ 355.440186][ T8285] ? tun_get+0x1e/0x2f0 [ 355.440208][ T8285] ? tun_get+0x27d/0x2f0 [ 355.440234][ T8285] tun_chr_write_iter+0x10d/0x1f0 [ 355.440261][ T8285] vfs_write+0x70f/0xd10 [ 355.440290][ T8285] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 355.440317][ T8285] ? __pfx_vfs_write+0x10/0x10 [ 355.440343][ T8285] ? __fget_files+0x2a/0x420 [ 355.440365][ T8285] ? __fget_files+0x2a/0x420 [ 355.440391][ T8285] ksys_write+0x19d/0x2d0 [ 355.440417][ T8285] ? __pfx_ksys_write+0x10/0x10 [ 355.440446][ T8285] ? do_syscall_64+0xb6/0x230 [ 355.440467][ T8285] do_syscall_64+0xf3/0x230 [ 355.440487][ T8285] ? clear_bhb_loop+0x45/0xa0 [ 355.440509][ T8285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.440528][ T8285] RIP: 0033:0x7fe19678d169 [ 355.440544][ T8285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.440561][ T8285] RSP: 002b:00007fe197614038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 355.440583][ T8285] RAX: ffffffffffffffda RBX: 00007fe1969a5fa0 RCX: 00007fe19678d169 [ 355.440597][ T8285] RDX: 0000000000000fce RSI: 0000200000000240 RDI: 0000000000000003 [ 355.440610][ T8285] RBP: 00007fe197614090 R08: 0000000000000000 R09: 0000000000000000 [ 355.440622][ T8285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.440633][ T8285] R13: 0000000000000000 R14: 00007fe1969a5fa0 R15: 00007ffe90a75d08 [ 355.440657][ T8285] [ 355.696419][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.467691][ T5874] usb 3-1: 2:2 : no or invalid class specific endpoint descriptor [ 356.557334][ T5874] usb 3-1: USB disconnect, device number 28 [ 356.688184][ T8305] netlink: 236 bytes leftover after parsing attributes in process `syz.1.696'. [ 356.801572][ T8263] udevd[8263]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 358.251536][ T8305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.260440][ T8305] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 359.252204][ T8330] netlink: 32 bytes leftover after parsing attributes in process `syz.3.702'. [ 359.305625][ T8330] [U] ¹éM [ 360.398216][ T8338] netlink: 24 bytes leftover after parsing attributes in process `syz.0.704'. [ 368.463052][ T8367] FAULT_INJECTION: forcing a failure. [ 368.463052][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 368.542125][ T8367] CPU: 0 UID: 0 PID: 8367 Comm: syz.1.712 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 368.542150][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 368.542160][ T8367] Call Trace: [ 368.542166][ T8367] [ 368.542173][ T8367] dump_stack_lvl+0x241/0x360 [ 368.542198][ T8367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 368.542216][ T8367] ? __pfx__printk+0x10/0x10 [ 368.542235][ T8367] ? __pfx___might_resched+0x10/0x10 [ 368.542260][ T8367] should_fail_ex+0x424/0x570 [ 368.542285][ T8367] should_failslab+0xac/0x100 [ 368.542309][ T8367] __kmalloc_noprof+0xdf/0x4d0 [ 368.542322][ T8367] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 368.542336][ T8367] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 368.542353][ T8367] tomoyo_realpath_from_path+0xcf/0x5e0 [ 368.542373][ T8367] tomoyo_path_number_perm+0x245/0x790 [ 368.542394][ T8367] ? tomoyo_path_number_perm+0x215/0x790 [ 368.542415][ T8367] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 368.542438][ T8367] ? ksys_write+0x24e/0x2d0 [ 368.542462][ T8367] ? __lock_acquire+0xad5/0xd80 [ 368.542490][ T8367] ? __fget_files+0x2a/0x420 [ 368.542506][ T8367] ? __fget_files+0x2a/0x420 [ 368.542522][ T8367] ? __fget_files+0x2a/0x420 [ 368.542540][ T8367] security_file_ioctl+0xc6/0x2a0 [ 368.542562][ T8367] __se_sys_ioctl+0x46/0x160 [ 368.542584][ T8367] do_syscall_64+0xf3/0x230 [ 368.542600][ T8367] ? clear_bhb_loop+0x45/0xa0 [ 368.542618][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.542632][ T8367] RIP: 0033:0x7f2c6938d169 [ 368.542645][ T8367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.542657][ T8367] RSP: 002b:00007f2c6a193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 368.542673][ T8367] RAX: ffffffffffffffda RBX: 00007f2c695a5fa0 RCX: 00007f2c6938d169 [ 368.542684][ T8367] RDX: 0000000000000000 RSI: 0000000000007439 RDI: 0000000000000004 [ 368.542693][ T8367] RBP: 00007f2c6a193090 R08: 0000000000000000 R09: 0000000000000000 [ 368.542703][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 368.542711][ T8367] R13: 0000000000000000 R14: 00007f2c695a5fa0 R15: 00007ffe396f87f8 [ 368.542729][ T8367] [ 368.542737][ T8367] ERROR: Out of memory at tomoyo_realpath_from_path. [ 368.834347][ T5878] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 368.976604][ T8371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.994602][ T8371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.009665][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 369.041532][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.094145][ T5878] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 369.133547][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.250481][ T5878] usb 4-1: config 0 descriptor?? [ 369.574710][ T8375] FAULT_INJECTION: forcing a failure. [ 369.574710][ T8375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 369.588506][ T8375] CPU: 1 UID: 0 PID: 8375 Comm: syz.0.714 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 369.588537][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 369.588551][ T8375] Call Trace: [ 369.588559][ T8375] [ 369.588568][ T8375] dump_stack_lvl+0x241/0x360 [ 369.588601][ T8375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.588627][ T8375] ? __pfx__printk+0x10/0x10 [ 369.588661][ T8375] should_fail_ex+0x424/0x570 [ 369.588694][ T8375] _copy_from_user+0x2d/0xb0 [ 369.588722][ T8375] do_fcntl+0xa3c/0x1b20 [ 369.588758][ T8375] ? smack_file_fcntl+0x150/0x380 [ 369.588785][ T8375] ? __pfx_do_fcntl+0x10/0x10 [ 369.588811][ T8375] ? __pfx_smack_file_fcntl+0x10/0x10 [ 369.588848][ T8375] ? tomoyo_file_fcntl+0x7d/0x200 [ 369.588876][ T8375] __se_sys_fcntl+0xd2/0x1e0 [ 369.588904][ T8375] do_syscall_64+0xf3/0x230 [ 369.588935][ T8375] ? clear_bhb_loop+0x45/0xa0 [ 369.588959][ T8375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.588980][ T8375] RIP: 0033:0x7f0567d8d169 [ 369.588998][ T8375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.589017][ T8375] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 369.589040][ T8375] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 369.589057][ T8375] RDX: 0000000000000000 RSI: 0000000000000024 RDI: 0000000000000003 [ 369.589069][ T8375] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 369.589082][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.589095][ T8375] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 369.589121][ T8375] [ 369.827829][ T5878] savu 0003:1E7D:2D5A.0003: hiddev1,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 370.474910][ T8365] sctp: [Deprecated]: syz.3.711 (pid 8365) Use of struct sctp_assoc_value in delayed_ack socket option. [ 370.474910][ T8365] Use struct sctp_sack_info instead [ 370.848320][ T5874] usb 4-1: USB disconnect, device number 23 [ 371.155662][ T8382] netlink: 'syz.1.716': attribute type 10 has an invalid length. [ 371.167468][ T8382] netlink: 'syz.1.716': attribute type 10 has an invalid length. [ 371.274231][ T5871] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 371.348541][ T8405] FAULT_INJECTION: forcing a failure. [ 371.348541][ T8405] name failslab, interval 1, probability 0, space 0, times 0 [ 371.385774][ T8405] CPU: 1 UID: 0 PID: 8405 Comm: syz.2.722 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 371.385804][ T8405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 371.385816][ T8405] Call Trace: [ 371.385824][ T8405] [ 371.385832][ T8405] dump_stack_lvl+0x241/0x360 [ 371.385861][ T8405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.385883][ T8405] ? __pfx__printk+0x10/0x10 [ 371.385905][ T8405] ? __pfx___might_resched+0x10/0x10 [ 371.385934][ T8405] should_fail_ex+0x424/0x570 [ 371.385962][ T8405] should_failslab+0xac/0x100 [ 371.385991][ T8405] kmem_cache_alloc_noprof+0x78/0x390 [ 371.386017][ T8405] ? mas_alloc_nodes+0x25b/0x7e0 [ 371.386037][ T8405] mas_alloc_nodes+0x25b/0x7e0 [ 371.386059][ T8405] mas_preallocate+0x5ea/0x950 [ 371.386088][ T8405] ? __pfx_mas_preallocate+0x10/0x10 [ 371.386118][ T8405] ? __lock_acquire+0xad5/0xd80 [ 371.386141][ T8405] ? __mas_set_range+0x133/0x3c0 [ 371.386161][ T8405] commit_merge+0x467/0x800 [ 371.386191][ T8405] ? __pfx_commit_merge+0x10/0x10 [ 371.386219][ T8405] ? dup_anon_vma+0x7d/0x2b0 [ 371.386260][ T8405] vma_merge_existing_range+0x1431/0x1770 [ 371.386280][ T8405] ? vma_merge_existing_range+0x771/0x1770 [ 371.386297][ T8405] ? vma_merge_existing_range+0x771/0x1770 [ 371.386321][ T8405] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 371.386346][ T8405] vma_modify+0x76/0x390 [ 371.386372][ T8405] vma_modify_flags+0x3a7/0x430 [ 371.386399][ T8405] ? __pfx_vma_modify_flags+0x10/0x10 [ 371.386438][ T8405] mlock_fixup+0x21d/0x350 [ 371.386459][ T8405] apply_mlockall_flags+0x309/0x410 [ 371.386478][ T8405] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 371.386500][ T8405] ? __do_sys_munlockall+0x5a/0x220 [ 371.386534][ T8405] __do_sys_munlockall+0x10a/0x220 [ 371.386562][ T8405] do_syscall_64+0xf3/0x230 [ 371.386581][ T8405] ? clear_bhb_loop+0x45/0xa0 [ 371.386602][ T8405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.386619][ T8405] RIP: 0033:0x7f79d3f8d169 [ 371.386636][ T8405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.386651][ T8405] RSP: 002b:00007f79d4d33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 371.386670][ T8405] RAX: ffffffffffffffda RBX: 00007f79d41a6080 RCX: 00007f79d3f8d169 [ 371.386684][ T8405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 371.386694][ T8405] RBP: 00007f79d4d33090 R08: 0000000000000000 R09: 0000000000000000 [ 371.386705][ T8405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.386716][ T8405] R13: 0000000000000001 R14: 00007f79d41a6080 R15: 00007ffdf6e7e158 [ 371.386738][ T8405] [ 371.386771][ T8405] vmg ffffc900040dfc40 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 371.663415][ T8405] vmg ffffc900040dfc40 state: mm ffff88807de030c0 pgoff 2 [ 371.663415][ T8405] vmi ffffc900040dfde0 [200000000000,200000800000) [ 371.663415][ T8405] prev ffff88804d043aa8 next 0000000000000000 vma ffff88804d043aa8 [ 371.663415][ T8405] start 200000000000 end 200000800000 flags 80000fb [ 371.663415][ T8405] file ffff88807aec4380 anon_vma 0000000000000000 policy 0000000000000000 [ 371.663415][ T8405] uffd_ctx 0000000000000000 [ 371.663415][ T8405] anon_name 0000000000000000 [ 371.663415][ T8405] merge_flags 0 state 0 [ 371.721364][ T8405] vmg ffffc900040dfc40 mm: [ 371.726357][ T8405] mm ffff88807de030c0 task_size 140737488351232 [ 371.726357][ T8405] mmap_base 140161238552576 mmap_legacy_base 47471556616192 [ 371.726357][ T8405] pgd ffff88802071a000 mm_users 3 mm_count 1 pgtables_bytes 126976 map_count 35 [ 371.726357][ T8405] hiwater_rss 15f7 hiwater_vm 5fa6 total_vm 5fc7 locked_vm 800 [ 371.726357][ T8405] pinned_vm 0 data_vm 18a5 exec_vm 1a4 stack_vm 21 [ 371.726357][ T8405] start_code 7f79d3e48000 end_code 7f79d3fe9529 start_data 7f79d4180000 end_data 7f79d4180000 [ 371.726357][ T8405] start_brk 55556c5ca000 brk 55556c5fe000 start_stack 7ffdf6e7e9c0 [ 371.726357][ T8405] arg_start 7ffdf6e7ff6d arg_end 7ffdf6e7ff81 env_start 7ffdf6e7ff81 env_end 7ffdf6e7ffe9 [ 371.726357][ T8405] binfmt ffffffff8ecaa2a0 flags 800007fd [ 371.726357][ T8405] ioctx_table 0000000000000000 [ 371.726357][ T8405] owner ffff8880302dda00 exe_file ffff88807f743a40 [ 371.726357][ T8405] notifier_subscriptions 0000000000000000 [ 371.726357][ T8405] numa_next_scan 4294974353 numa_scan_offset 0 numa_scan_seq 0 [ 371.726357][ T8405] tlb_flush_pending 0 [ 371.726357][ T8405] def_flags: 0x0() [ 371.831046][ T5871] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 371.840840][ T8405] vmg ffffc900040dfc40 vma: [ 371.843760][ T5871] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 371.870293][ T8405] vma ffff88804d043aa8 start 0000200000000000 end 0000200000800000 mm ffff88807de030c0 [ 371.870293][ T8405] prot 8000000000000025 anon_vma 0000000000000000 vm_ops ffffffff8c33d900 [ 371.870293][ T8405] pgoff 2 file ffff88807aec4380 private_data 0000000000000000 [ 371.870293][ T8405] flags: 0x80020fb(read|write|shared|mayread|maywrite|mayexec|mayshare|locked|softdirty) [ 371.874547][ T5871] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 371.905561][ T5878] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 371.932021][ T5871] usb 1-1: config 1 has no interface number 1 [ 371.948154][ T8405] vmg ffffc900040dfc40 prev: [ 371.984211][ T5871] usb 1-1: config 1 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 371.996081][ T8405] vma ffff88804d043aa8 start 0000200000000000 end 0000200000800000 mm ffff88807de030c0 [ 371.996081][ T8405] prot 8000000000000025 anon_vma 0000000000000000 vm_ops ffffffff8c33d900 [ 371.996081][ T8405] pgoff 2 file ffff88807aec4380 private_data 0000000000000000 [ 371.996081][ T8405] flags: 0x80020fb(read|write|shared|mayread|maywrite|mayexec|mayshare|locked|softdirty) [ 372.014232][ T5871] usb 1-1: config 1 interface 2 has no altsetting 1 [ 372.063584][ T8405] vmg ffffc900040dfc40 next: (NULL) [ 372.074813][ T8405] vmg ffffc900040dfc40 vmi: [ 372.079668][ T5871] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 372.089537][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.097806][ T8405] MAS: tree=ffff88807de03100 enode=ffff888035604c0c [ 372.097885][ T8405] (ma_active) [ 372.097895][ T8405] Store Type: [ 372.097903][ T8405] node_store [ 372.097912][ T8405] [6/11] index=200000000000 last=2000007fffff [ 372.097930][ T8405] min=0 max=55556c5ebfff alloc=0000000000000000, depth=1, flags=0 [ 372.097950][ T8405] maple_tree(ffff88807de03100) flags 30B, height 2 root ffff88807c5e401e [ 372.097970][ T8405] 0-ffffffffffffffff: node ffff88807c5e4000 depth 0 type 3 parent ffff88807de03101 contents: 35556b5c9000 2a24657f9000 35000 ffff800209180000 [ 372.114142][ T5871] usb 1-1: Product: syz [ 372.122822][ T8405] 0 [ 372.149895][ T5871] usb 1-1: Manufacturer: syz [ 372.181666][ T5878] usb 4-1: config 0 has an invalid interface number: 207 but max is 0 [ 372.182529][ T5871] usb 1-1: SerialNumber: syz [ 372.191146][ T5878] usb 4-1: config 0 has no interface number 0 [ 372.205329][ T8423] netlink: 236 bytes leftover after parsing attributes in process `syz.1.730'. [ 372.219459][ T5878] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 372.233143][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.239162][ T8405] 0 0 0 0 0 | 03 03| ffff888035604c0c 55556C5EBFFF ffff888035a91c0c 7F79D3DFFFFF ffff88807c5e5a0c 7F79D4D13FFF ffff88807c5e480c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 372.251533][ T5878] usb 4-1: Product: syz [ 372.288250][ T8405] 0-55556c5ebfff: node ffff888035604c00 depth 1 type 1 parent ffff88807c5e4006 contents: 0000000000000000 110C22FFFF ffff888030ef81f0 110E22FFFF 0000000000000000 1B2F21FFFF ffff888030ef8000 1B2F25FFFF 0000000000000000 1FFFFFFFEFFF ffff88801fe871f0 1FFFFFFFFFFF ffff88804d043aa8 2000007FFFFF ffff88804d0439b0 200000B35FFF ffff88804d043ba0 200000FFFFFF ffff88807f5be4d8 200001000FFF 0000000000000000 55556C5C9FFF ffff88807f5be1f0 55556C5EBFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000b [ 372.430564][ T5878] usb 4-1: Manufacturer: syz [ 372.493915][ T5878] usb 4-1: SerialNumber: syz [ 372.497051][ T8405] 0-110c22ffff: 0000000000000000 [ 372.503076][ T5878] usb 4-1: config 0 descriptor?? [ 372.515927][ T5878] qmi_wwan 4-1:0.207: bogus CDC Union: master=0, slave=1 [ 372.638812][ T8405] 110c230000-110e22ffff: ffff888030ef81f0 [ 372.646747][ T8405] 110e230000-1b2f21ffff: 0000000000000000 [ 372.653009][ T8405] 1b2f220000-1b2f25ffff: ffff888030ef8000 [ 372.699983][ T8405] 1b2f260000-1fffffffefff: 0000000000000000 [ 372.829777][ T8405] 1ffffffff000-1fffffffffff: ffff88801fe871f0 [ 372.841594][ T8405] 200000000000-2000007fffff: ffff88804d043aa8 [ 373.085456][ T8405] 200000800000-200000b35fff: ffff88804d0439b0 [ 373.423464][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'. [ 373.432678][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.3.726'. [ 373.990978][ T5878] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22 [ 374.301114][ T8405] 200000b36000-200000ffffff: ffff88804d043ba0 [ 374.425769][ T8405] 200001000000-200001000fff: ffff88807f5be4d8 [ 374.612895][ T8405] 200001001000-55556c5c9fff: 0000000000000000 [ 374.621589][ T5871] usb 1-1: 2:2 : no or invalid class specific endpoint descriptor [ 374.624390][ T8405] 55556c5ca000-55556c5ebfff: ffff88807f5be1f0 [ 374.664190][ T8405] 55556c5ec000-7f79d3dfffff: node ffff888035a91c00 depth 1 type 1 parent ffff88807c5e400e contents: ffff8880314893e0 55556C5FDFFF 0000000000000000 7F79D1DF6FFF ffff888031489d90 7F79D1DF7FFF ffff8880314894d8 7F79D25F7FFF ffff888031489c98 7F79D25F8FFF ffff888031489e88 7F79D2DF8FFF ffff88802de603e0 7F79D2DFAFFF ffff88802de602e8 7F79D31FAFFF ffff88807a674000 7F79D31FCFFF ffff88807a6747c0 7F79D35FCFFF ffff88807a6741f0 7F79D35FEFFF ffff88807a674e88 7F79D39FEFFF ffff88807eaca7c0 7F79D39FFFFF ffff88807eaca2e8 7F79D3DFFFFF 0000000000000000 0 000000000000000d [ 374.715935][ T8405] 55556c5ec000-55556c5fdfff: ffff8880314893e0 [ 374.722774][ T8405] 55556c5fe000-7f79d1df6fff: 0000000000000000 [ 374.731248][ T8405] 7f79d1df7000-7f79d1df7fff: ffff888031489d90 [ 374.739685][ T8405] 7f79d1df8000-7f79d25f7fff: ffff8880314894d8 [ 374.746677][ T8405] 7f79d25f8000-7f79d25f8fff: ffff888031489c98 [ 374.753258][ T8405] 7f79d25f9000-7f79d2df8fff: ffff888031489e88 [ 374.760095][ T8405] 7f79d2df9000-7f79d2dfafff: ffff88802de603e0 [ 374.766929][ T8405] 7f79d2dfb000-7f79d31fafff: ffff88802de602e8 [ 374.774550][ T8405] 7f79d31fb000-7f79d31fcfff: ffff88807a674000 [ 374.781114][ T8405] 7f79d31fd000-7f79d35fcfff: ffff88807a6747c0 [ 374.798825][ T8405] 7f79d35fd000-7f79d35fefff: ffff88807a6741f0 [ 374.800965][ T5871] usb 1-1: USB disconnect, device number 39 [ 374.805853][ T8405] 7f79d35ff000-7f79d39fefff: ffff88807a674e88 [ 374.818347][ T8405] 7f79d39ff000-7f79d39fffff: ffff88807eaca7c0 [ 374.825158][ T8405] 7f79d3a00000-7f79d3dfffff: ffff88807eaca2e8 [ 374.831641][ T8405] 7f79d3e00000-7f79d4d13fff: node ffff88807c5e5a00 depth 1 type 1 parent ffff88807c5e4016 contents: ffff88807eacae88 7F79D3E47FFF ffff88807eaca1f0 7F79D3FE9FFF ffff88807eaca3e0 7F79D4095FFF ffff88807eaca5d0 7F79D4175FFF ffff88807eacac98 7F79D417EFFF 0000000000000000 7F79D417FFFF ffff88807eaca0f8 7F79D4CDDFFF 0000000000000000 7F79D4D12FFF ffff888034f0a5d0 7F79D4D13FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 374.956810][ T8405] 7f79d3e00000-7f79d3e47fff: ffff88807eacae88 [ 374.980683][ T8441] FAULT_INJECTION: forcing a failure. [ 374.980683][ T8441] name failslab, interval 1, probability 0, space 0, times 0 [ 375.004405][ T8405] 7f79d3e48000-7f79d3fe9fff: ffff88807eaca1f0 [ 375.013913][ T8441] CPU: 1 UID: 0 PID: 8441 Comm: syz.0.733 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 375.013941][ T8441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 375.013954][ T8441] Call Trace: [ 375.013962][ T8441] [ 375.013988][ T8441] dump_stack_lvl+0x241/0x360 [ 375.014020][ T8441] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.014045][ T8441] ? __pfx__printk+0x10/0x10 [ 375.014075][ T8441] ? __pfx___might_resched+0x10/0x10 [ 375.014108][ T8441] should_fail_ex+0x424/0x570 [ 375.014149][ T8441] should_failslab+0xac/0x100 [ 375.014182][ T8441] kmem_cache_alloc_noprof+0x78/0x390 [ 375.014213][ T8441] ? create_new_namespaces+0x34/0x7b0 [ 375.014247][ T8441] create_new_namespaces+0x34/0x7b0 [ 375.014278][ T8441] ? __pfx_vfs_write+0x10/0x10 [ 375.014303][ T8441] ? do_sys_openat2+0x165/0x1d0 [ 375.014330][ T8441] __se_sys_setns+0x2eb/0x1bd0 [ 375.014369][ T8441] ? __pfx___se_sys_setns+0x10/0x10 [ 375.014406][ T8441] ? do_syscall_64+0xb6/0x230 [ 375.014429][ T8441] do_syscall_64+0xf3/0x230 [ 375.014450][ T8441] ? clear_bhb_loop+0x45/0xa0 [ 375.014473][ T8441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.014493][ T8441] RIP: 0033:0x7f0567d8d169 [ 375.014520][ T8441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.014538][ T8441] RSP: 002b:00007f0568c0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134 [ 375.014561][ T8441] RAX: ffffffffffffffda RBX: 00007f0567fa5fa0 RCX: 00007f0567d8d169 [ 375.014576][ T8441] RDX: 0000000000000000 RSI: 0000000008020000 RDI: 0000000000000003 [ 375.014589][ T8441] RBP: 00007f0568c0b090 R08: 0000000000000000 R09: 0000000000000000 [ 375.014602][ T8441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.014615][ T8441] R13: 0000000000000000 R14: 00007f0567fa5fa0 R15: 00007ffeb3ae5da8 [ 375.014641][ T8441] [ 375.074659][ T8405] 7f79d3fea000-7f79d4095fff: ffff88807eaca3e0 [ 375.229172][ T8405] 7f79d4096000-7f79d4175fff: ffff88807eaca5d0 [ 375.237131][ T8405] 7f79d4176000-7f79d417efff: ffff88807eacac98 [ 375.279651][ T8405] 7f79d417f000-7f79d417ffff: 0000000000000000 [ 375.334913][ T8405] 7f79d4180000-7f79d4cddfff: ffff88807eaca0f8 [ 375.351340][ T8405] 7f79d4cde000-7f79d4d12fff: 0000000000000000 [ 375.364493][ T8405] 7f79d4d13000-7f79d4d13fff: ffff888034f0a5d0 [ 375.373094][ T8405] 7f79d4d14000-ffffffffffffffff: node ffff88807c5e4800 depth 1 type 1 parent ffff88807c5e401e contents: ffff88804d043c98 7F79D4D33FFF ffff888032f043e0 7F79D4D34FFF ffff88804d043d90 7F79D4D54FFF ffff88807eaca6c8 7F79D4D58FFF ffff888029a99c98 7F79D4D5AFFF ffff888029a992e8 7F79D4D5CFFF 0000000000000000 7FFDF6E5EFFF ffff888034f0ac98 7FFDF6E7FFFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 375.421187][ T8405] 7f79d4d14000-7f79d4d33fff: ffff88804d043c98 [ 375.429430][ T8405] 7f79d4d34000-7f79d4d34fff: ffff888032f043e0 [ 375.436616][ T8405] 7f79d4d35000-7f79d4d54fff: ffff88804d043d90 [ 375.443206][ T8405] 7f79d4d55000-7f79d4d58fff: ffff88807eaca6c8 [ 375.452504][ T8278] udevd[8278]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 375.470206][ T8405] 7f79d4d59000-7f79d4d5afff: ffff888029a99c98 [ 375.478828][ T8405] 7f79d4d5b000-7f79d4d5cfff: ffff888029a992e8 [ 375.480374][ T8443] netlink: 'syz.4.734': attribute type 10 has an invalid length. [ 375.486646][ T8405] 7f79d4d5d000-7ffdf6e5efff: 0000000000000000 [ 375.507975][ T8405] 7ffdf6e5f000-7ffdf6e7ffff: ffff888034f0ac98 [ 375.533769][ T8405] 7ffdf6e80000-ffffffffffffffff: 0000000000000000 [ 375.541200][ T8405] ------------[ cut here ]------------ [ 375.546881][ T8405] WARNING: CPU: 0 PID: 8405 at mm/vma.c:734 vma_merge_existing_range+0x11ca/0x1770 [ 375.556301][ T8405] Modules linked in: [ 375.560240][ T8405] CPU: 0 UID: 0 PID: 8405 Comm: syz.2.722 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 375.571928][ T8405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 375.582132][ T8405] RIP: 0010:vma_merge_existing_range+0x11ca/0x1770 [ 375.588772][ T8405] Code: 48 c7 c6 c0 11 36 8c e8 d4 8e f2 ff 90 0f 0b 90 e9 fd f0 ff ff e8 16 69 a9 ff 4c 89 f7 48 c7 c6 40 12 36 8c e8 b7 8e f2 ff 90 <0f> 0b 90 e9 61 f1 ff ff e8 f9 68 a9 ff e9 7b f2 ff ff e8 ef 68 a9 [ 375.608710][ T8405] RSP: 0018:ffffc900040dfa40 EFLAGS: 00010282 [ 375.614886][ T8405] RAX: ffffffff8c10ada5 RBX: 0000200000000000 RCX: ffff8880302dbc00 [ 375.623347][ T8405] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 375.631474][ T8405] RBP: ffffc900040dfb90 R08: ffffffff8c10aca0 R09: 1ffff9200081beb0 [ 375.639575][ T8405] R10: dffffc0000000000 R11: fffff5200081beb1 R12: 0000200000800000 [ 375.647639][ T8405] R13: 0000200000000000 R14: ffffc900040dfc40 R15: ffff88804d043aa8 [ 375.655723][ T8405] FS: 00007f79d4d336c0(0000) GS:ffff888125243000(0000) knlGS:0000000000000000 [ 375.664809][ T8405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 375.671450][ T8405] CR2: 00007f2c695a7bac CR3: 000000002071a000 CR4: 00000000003526f0 [ 375.679519][ T8405] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 375.687600][ T8405] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 375.695678][ T8405] Call Trace: [ 375.698995][ T8405] [ 375.701974][ T8405] ? __warn+0x165/0x4d0 [ 375.706315][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.712258][ T8405] ? report_bug+0x2b3/0x500 [ 375.716867][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.722809][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.728833][ T8405] ? vma_merge_existing_range+0x11cc/0x1770 [ 375.734829][ T8405] ? handle_bug+0x89/0x170 [ 375.739305][ T8405] ? exc_invalid_op+0x1a/0x50 [ 375.744029][ T8405] ? asm_exc_invalid_op+0x1a/0x20 [ 375.749175][ T8405] ? mt_dump_node+0x1860/0x2290 [ 375.754150][ T8405] ? mt_dump_node+0x1965/0x2290 [ 375.759053][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.765077][ T8405] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 375.771202][ T8405] vma_modify+0x76/0x390 [ 375.775628][ T8405] vma_modify_flags+0x3a7/0x430 [ 375.780539][ T8405] ? __pfx_vma_modify_flags+0x10/0x10 [ 375.786132][ T8405] mlock_fixup+0x21d/0x350 [ 375.790683][ T8405] apply_mlockall_flags+0x309/0x410 [ 375.795985][ T8405] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 375.801745][ T8405] ? __do_sys_munlockall+0x5a/0x220 [ 375.807066][ T8405] __do_sys_munlockall+0x10a/0x220 [ 375.812228][ T8405] do_syscall_64+0xf3/0x230 [ 375.816905][ T8405] ? clear_bhb_loop+0x45/0xa0 [ 375.821625][ T8405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.827620][ T8405] RIP: 0033:0x7f79d3f8d169 [ 375.832072][ T8405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.851788][ T8405] RSP: 002b:00007f79d4d33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 375.860413][ T8405] RAX: ffffffffffffffda RBX: 00007f79d41a6080 RCX: 00007f79d3f8d169 [ 375.868491][ T8405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 375.876560][ T8405] RBP: 00007f79d4d33090 R08: 0000000000000000 R09: 0000000000000000 [ 375.884643][ T8405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.892747][ T8405] R13: 0000000000000001 R14: 00007f79d41a6080 R15: 00007ffdf6e7e158 [ 375.900849][ T8405] [ 375.903921][ T8405] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 375.911237][ T8405] CPU: 0 UID: 0 PID: 8405 Comm: syz.2.722 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 375.923179][ T8405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 375.933375][ T8405] Call Trace: [ 375.936691][ T8405] [ 375.939654][ T8405] dump_stack_lvl+0x241/0x360 [ 375.944394][ T8405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.949615][ T8405] ? __pfx__printk+0x10/0x10 [ 375.954226][ T8405] ? vscnprintf+0x5d/0x90 [ 375.958584][ T8405] panic+0x349/0x880 [ 375.962493][ T8405] ? __warn+0x174/0x4d0 [ 375.966662][ T8405] ? __pfx_panic+0x10/0x10 [ 375.971096][ T8405] __warn+0x344/0x4d0 [ 375.975086][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.980990][ T8405] report_bug+0x2b3/0x500 [ 375.985327][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.991316][ T8405] ? vma_merge_existing_range+0x11ca/0x1770 [ 375.997220][ T8405] ? vma_merge_existing_range+0x11cc/0x1770 [ 376.003120][ T8405] handle_bug+0x89/0x170 [ 376.007375][ T8405] exc_invalid_op+0x1a/0x50 [ 376.011885][ T8405] asm_exc_invalid_op+0x1a/0x20 [ 376.016743][ T8405] RIP: 0010:vma_merge_existing_range+0x11ca/0x1770 [ 376.023257][ T8405] Code: 48 c7 c6 c0 11 36 8c e8 d4 8e f2 ff 90 0f 0b 90 e9 fd f0 ff ff e8 16 69 a9 ff 4c 89 f7 48 c7 c6 40 12 36 8c e8 b7 8e f2 ff 90 <0f> 0b 90 e9 61 f1 ff ff e8 f9 68 a9 ff e9 7b f2 ff ff e8 ef 68 a9 [ 376.042874][ T8405] RSP: 0018:ffffc900040dfa40 EFLAGS: 00010282 [ 376.048954][ T8405] RAX: ffffffff8c10ada5 RBX: 0000200000000000 RCX: ffff8880302dbc00 [ 376.056938][ T8405] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 376.064920][ T8405] RBP: ffffc900040dfb90 R08: ffffffff8c10aca0 R09: 1ffff9200081beb0 [ 376.073107][ T8405] R10: dffffc0000000000 R11: fffff5200081beb1 R12: 0000200000800000 [ 376.081105][ T8405] R13: 0000200000000000 R14: ffffc900040dfc40 R15: ffff88804d043aa8 [ 376.089091][ T8405] ? mt_dump_node+0x1860/0x2290 [ 376.093957][ T8405] ? mt_dump_node+0x1965/0x2290 [ 376.098833][ T8405] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 376.104976][ T8405] vma_modify+0x76/0x390 [ 376.109242][ T8405] vma_modify_flags+0x3a7/0x430 [ 376.114150][ T8405] ? __pfx_vma_modify_flags+0x10/0x10 [ 376.119550][ T8405] mlock_fixup+0x21d/0x350 [ 376.123973][ T8405] apply_mlockall_flags+0x309/0x410 [ 376.129179][ T8405] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 376.134907][ T8405] ? __do_sys_munlockall+0x5a/0x220 [ 376.140127][ T8405] __do_sys_munlockall+0x10a/0x220 [ 376.145254][ T8405] do_syscall_64+0xf3/0x230 [ 376.149771][ T8405] ? clear_bhb_loop+0x45/0xa0 [ 376.154456][ T8405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.160352][ T8405] RIP: 0033:0x7f79d3f8d169 [ 376.164777][ T8405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.184403][ T8405] RSP: 002b:00007f79d4d33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 376.192830][ T8405] RAX: ffffffffffffffda RBX: 00007f79d41a6080 RCX: 00007f79d3f8d169 [ 376.200809][ T8405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 376.208786][ T8405] RBP: 00007f79d4d33090 R08: 0000000000000000 R09: 0000000000000000 [ 376.216765][ T8405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 376.224749][ T8405] R13: 0000000000000001 R14: 00007f79d41a6080 R15: 00007ffdf6e7e158 [ 376.232757][ T8405] [ 376.236125][ T8405] Kernel Offset: disabled [ 376.240553][ T8405] Rebooting in 86400 seconds..