last executing test programs: 6m46.360967139s ago: executing program 1 (id=865): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) ptrace(0x10, r3) ptrace$cont(0x20, r3, 0x1000000ffffffff, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x1, 0x40000032, r4, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0) ioctl$TIOCPKT(r6, 0x5420, &(0x7f00000000c0)=0x1) ioctl$TCSETS(r6, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) splice(r6, 0x0, r4, 0x0, 0x7ffff000, 0x1) readv(r5, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/248, 0xf8}], 0x1) ptrace(0x9, r3) openat$cuse(0xffffff9c, 0x0, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010080000000fddbdf256600000008000300", @ANYRES32=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000001dd0a00000000000073013200000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48) 6m43.777746595s ago: executing program 1 (id=869): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000004c0)=0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x13dd, 0xc01) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000240), 0x8080, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646fef3d", @ANYBLOB=',\x00']) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x18, 0x1401, 0x400, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x850}, 0x20000001) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000440)='oom_score_adj_update\x00', r1}, 0x18) syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) unshare(0x20040600) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x4008af25, &(0x7f00000003c0)) 6m40.172242984s ago: executing program 1 (id=883): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) syz_emit_ethernet(0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="bbbbbbbbd3bbaaaaaaaaaaaa08004510001e"], 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x7, 0x20, 0x1, 0x2000000, {{0xa, 0x4, 0x2, 0x17, 0x28, 0x66, 0x0, 0x0, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, {[@lsrr={0x83, 0x7, 0x2a, [@multicast2]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @generic={0x83, 0x4, "5fe2"}, @end]}}}}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x80, 0x80, 0x3, [@decl_tag={0xe, 0x0, 0x0, 0x11, 0x5, 0x2}, @restrict={0x7, 0x0, 0x0, 0xb, 0x3}, @volatile={0x1, 0x0, 0x0, 0x9, 0x1}, @int={0x10, 0x0, 0x0, 0x1, 0x0, 0x70, 0x0, 0x19, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3, 0xffff2143}}, @func={0x2, 0x0, 0x0, 0xc, 0x4}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x6}, {0x1, 0x5}, {0xa}]}]}, {0x0, [0x61]}}, &(0x7f0000000480)=""/1, 0x9b, 0x1, 0x1, 0x7}, 0x28) r5 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000) getpid() 6m39.440348788s ago: executing program 1 (id=888): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) open(&(0x7f00000000c0)='./cgroup/../file0\x00', 0x284800, 0x21) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) shmdt(0x0) rmdir(&(0x7f0000000200)='./cgroup/../file0\x00') 6m38.467383783s ago: executing program 1 (id=891): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000540)=ANY=[@ANYBLOB="d8000000", @ANYRES16=r2, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r3, @ANYBLOB="0600130084e000000a0006000802110000010000060010008005000006001200010000009600ac00425fee80f99f31df1a6c13f0"], 0xd8}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) 6m36.520235841s ago: executing program 1 (id=894): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 6m19.85273992s ago: executing program 32 (id=894): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 4m51.797845406s ago: executing program 2 (id=1181): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000014c0)={'syztnl2\x00', 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendfile(r1, r0, 0x0, 0x80000000) 4m50.784046421s ago: executing program 2 (id=1185): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="bcea"]) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x20010, r2, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f00000001c0)={0x51, 0xffff, 0x560c, {0x803, 0x5d5}, {0xfffa, 0x2}, @period={0x59, 0x2, 0x4, 0x6d, 0x9ee, {0x2, 0x7, 0xfffb, 0xa}, 0x0, 0x0}}) 4m48.575531685s ago: executing program 2 (id=1193): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@resgid={'resgid', 0x3d, 0xee00}}, {@user_xattr}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") mkdir(&(0x7f0000000200)='./control\x00', 0x15d) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0xb, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1a, 0x63, 0x1, 0xbf22, 0x440, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x200002, 0x1}, 0x50) io_uring_enter(r0, 0x2219, 0x3ebd, 0x16, 0x0, 0x0) inotify_init1(0x0) chdir(0x0) creat(0x0, 0x109) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup(r2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3) dup3(r1, r3, 0x0) r4 = dup3(r2, r1, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x13) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246) pwritev(r5, &(0x7f0000000300)=[{&(0x7f0000000600)="8414", 0x2}, {&(0x7f0000000640)='hQ', 0x2}], 0x2, 0xffffffff, 0x4) ioctl$TCFLSH(r1, 0x540b, 0x1) futex(&(0x7f0000000040)=0x4, 0x5, 0x1, 0x0, &(0x7f0000004000)=0x1, 0xb1024000) rmdir(&(0x7f0000001c00)='./control\x00') 4m48.2827034s ago: executing program 2 (id=1197): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, 0x0, 0x0) 4m47.247512034s ago: executing program 2 (id=1202): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0xc800) 4m46.69213386s ago: executing program 2 (id=1205): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 4m30.365663441s ago: executing program 33 (id=1205): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 24.400458658s ago: executing program 6 (id=1983): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r0 = socket$nl_rdma(0x10, 0x3, 0x14) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000000)=0x2, 0x4) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) socket$igmp6(0xa, 0x3, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) times(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_GET_FPEXC(0xb, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5801", @ANYRES16=r7], 0x158}, 0x1, 0x0, 0x0, 0x4}, 0x4) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDELRT(r8, 0x890c, &(0x7f0000005fc0)={@remote, @mcast2, @mcast2, 0x4, 0x8000, 0x40, 0x400, 0x1000, 0x1cc0014}) 23.283677252s ago: executing program 6 (id=1986): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) recvfrom(r2, 0x0, 0x480, 0x0, 0x0, 0x0) 23.259936853s ago: executing program 4 (id=1987): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000540)=ANY=[@ANYBLOB="d8000000", @ANYRES16=r2, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r3, @ANYBLOB="0600130084e000000a0006000802110000010000060010008005000006001200010000009600ac"], 0xd8}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) (fail_nth: 3) 23.083408255s ago: executing program 4 (id=1989): memfd_create(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) sysinfo(0x0) 22.851551181s ago: executing program 5 (id=1990): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) r1 = syz_io_uring_setup(0x186, &(0x7f0000000280)={0x0, 0x0, 0x10000, 0x0, 0xfffffff9}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) openat(0xffffffffffffff9c, 0x0, 0x80101, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f027}) 22.809723774s ago: executing program 5 (id=1991): socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r4, 0x1, 0x7, 0x0, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 22.375550168s ago: executing program 5 (id=1992): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = eventfd(0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) r4 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, 0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x803}, 0x20004004) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2) 22.144624056s ago: executing program 6 (id=1993): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x3a, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"4adcda08f6e83e2aa00e133f88a8349f246e"}}}}, 0xfc6d) (fail_nth: 4) 21.697320076s ago: executing program 6 (id=1994): ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4000884}, 0x6040) syz_genetlink_get_family_id$nl80211(0x0, r3) r4 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28040085) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCGMASK(r5, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) 21.496048285s ago: executing program 4 (id=1995): prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x81, 0x4, 0x8000, 0x16, 0xffffffffffffffff, 0xffffffff}, 0x48) r1 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x6, 0x0, 0x100000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fstat(r2, 0x0) fstat(r2, 0x0) lstat(&(0x7f0000000100)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000200)) 21.327483797s ago: executing program 0 (id=1996): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff181d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) 20.372321032s ago: executing program 4 (id=1997): syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006c43a608d10503900002010203010902120001000000000904"], 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0xc}, @in=@private=0xa010100, 0xfffd, 0x0, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x3c, 0x0, 0xee00}, {@in6=@local, 0x0, 0x3c}, @in6=@local, {0x0, 0x10000000000000b5, 0x2}, {0x0, 0x200000, 0x3, 0xfffffffffffffffd}, {0x40000, 0x0, 0x2c12}, 0x8, 0x0, 0xa, 0x2, 0x0, 0x68}, [@tfcpad={0x8, 0x16, 0x800}]}, 0xf8}, 0x1, 0x0, 0x0, 0x400}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x4, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001ac0)={@cgroup, 0xffffffffffffffff, 0x18}, 0x20) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66) r4 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f000043f000/0x3000)=nil, &(0x7f0000f96000/0x1000)=nil, 0x0, 0x0, 0x0, 0x6, 0x50, 0x2, 0x0, 0x3a}) r5 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000180)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x25, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @private=0xa010101}}, 0x7}, 0xad) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000380)="0f20d835080000000f22d80f090f01cb66b8f0000f00d007bbc035040000000f22c0660f3a21fe809a00700000180166baf80cb8d1bed58def66bafc0cb04beeab0fc731", 0x44}], 0x1, 0x41, 0x0, 0xfffffffffffffeb7) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x9, 0x9}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000300)='uid_map\x00') writev(r9, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x2) ioctl$KVM_RUN(r6, 0xae80, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000680)=[@in6={0xa, 0x4e20, 0x2, @loopback={0xffffff7f}, 0x3}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000002d00)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xfffff922, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f00000000c0)="b1", 0x1}], 0x1}}], 0x1, 0x80cd) syz_usb_connect(0x0, 0x1e1, &(0x7f0000000880)=ANY=[@ANYBLOB="12010003e67d8520d11280263694010203010902cf0103030200000904e05e04ff040d0809050908200001040107250102090000072501030201010905061010000040230725018388050009058010080001070609050c0c000407e50a072501010905000904690506d0bbe2a306240600013205240002000d240f01008000000e0009007106241a0a00080524158a0f0c241b01000100050304000309050e02100007030709050704000240070209050b01ff037f000909050f004000060309ed2285926d77a19a0a5002e4cb17c97fc92183541859eef877f86159eeaab93e514db094968820a4b8d6f65c7fc35810b6f89ae00de3383c517ed2b621816ee503c82361448421b40e8bcb2378ea8c892fa398958e103aede85732555702d8f81f1797a8018c3e2d4860d3638ad601c455ee7decbc52a37aa6d57125294b67a4f18799e9bdb582b2769d5c7422e94da5edbf25fb3a7865b8a10c088b04184d202a1f2b408573d242db8fc3f768bf2573170598f2c6225df1915538547c50edc9ca9086f6c31a21c7432704030a0dccb79da214ad12b6831d5ce04421c9dd0dd71cfedeaac204a152094aa8d48b6b0ba1185261ba7a6f0f050f0000027f1d0809050600480404080809044503005ab206021024020215000500040fb1c9b9a453ce092106000501224f050000000000042a26d33b65b9d3757dbe8e956d094fe6d7a3f18dab8a1c65c4c67015669fca0287bf57b1024a6fbe0cd553c2f7cc84fc306f5dc87ac0293edc92f3447cda3e73ad60be34ce74b0ea828e5c5ad6a30b"], &(0x7f0000000700)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0x2, 0x8, 0x7, 0x10}, 0xfc, &(0x7f0000000040)={0x5, 0xf, 0xfc, 0x6, [@generic={0xcb, 0x10, 0x1, "4cfce5132e66604e15385fa1735ff4ded2684c4d525aadc36ff950d4ebcd317bf62c67e7140eb6efbd5312dd2431dc9a8a6b5d300b2d1adcdd4a0f316c67cc993f57f7c93c20d568b5ccc2dd6a60421b54b7a303143cbaf84ca2f76c8c82ab9dc16ce6bad4a4a2b8f3a9fba0ffe3c160ac3599c9bd2c36abae309d717815acf13a7761429ee4b77b15f0544d09d68bbc46f11832be0cfab4618e3ed3b134960aa57b49de2152208951874fbf52e41f5765dc35abd3f1423860b4ae84bc1c4d5d5fc7d97d99753aa7"}, @ss_container_id={0x14, 0x10, 0x4, 0xc8, "67166e9e2a980d0adcfaf428cc996198"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x26, 0x63, 0x0, 0x8, 0x9}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0xe, 0x3, 0x9}, @ptm_cap={0x3}]}, 0x9, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x40d}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x820}}, {0x49, &(0x7f0000000240)=ANY=[@ANYBLOB="4903d89ca79fac73d5ca54c18d50bc74b8031dca52151655b0c8d33c000000000000005c4b15ed28523fb082117de6e8cb06d8d1969e05b9fa233a831442dabdacf58503f4bf8dd20bdc171b19d5acbf6e00e8fde2"]}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x40f}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc09}}, {0xde, &(0x7f0000000ac0)=ANY=[@ANYBLOB="de03cd5859ceba1785385f9cc3613e1a91a7fecd1644c629942fb7aa3b952d31c22989469c20a8e8c4f3db5fb1185884dc80af723f070b714989174043f99838b597979240b31ddfbf2cb5c9ca4ca4557f88296889f47402f38ea72fb7e0bb9990b3a9ed35bfe66b749608c12a266c8b55ef6b13a5c5e2a78dc93736af21caeda8b3c02a13e82bad8d5e00bd4bab5f9565ee01161f007fc0345263127d1289cad24749cc3e31bc6b5ac4c2a986bad1348a4054b76253829f66bd58788c26deeafb1f9fd691f19cefd2e94f2bd8f9e2d57ddaf82962bc55826bd37e54aa61f6a266f732aa56def0788606133e92b0b781fad4ce83facea0a15775f9eaf879bcec5cd537124a3124f588855fa0c3fe2325f49a41a4ff8a3cfa1b1392777deba26aa2fd7407488b1009f610c1a5526f30e0ef9d87090f53fea626178ae20b43747fd3a86e6724ad196eb3a6d54c0b3e99908181d76fd5c5ad77e9f988da7312c568a60de945aed2f29cbd062da787cbd2ad1e0ae02e0915d883a47b5b5564407bc4b0978de6c4d50d248125cac2a028d1a3aef704349091832e74"]}, {0x19, &(0x7f0000000600)=@string={0x19, 0x3, "add8f6a2cf612f71c9dc44a50f43ebb62e5eb22b81f96f"}}, {0x6e, &(0x7f0000000640)=@string={0x6e, 0x3, "8eebeef4c1c0722fc8e90d7e813c1e2ecd9620229af19826b2e1c1593404792d00f8fc0841e96bfb692ca96b72a28738259d4eac34e45e8c8fa398977e17a4c15324dc6370d2ec3ca43b06b64eecf12a35aa2dad44837a2b7e215d116c45e03cf8a3895fb524cfe58c34b29a"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x41e}}]}) 20.276515804s ago: executing program 0 (id=1998): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file3\x00', 0x210048, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1d1, &(0x7f0000000440)="$eJzslj2v0lAYx//nlBQwGhNHFwdJ1MHSFjUuJLI4OZj4QhxMJFIJUsRAByEx6Cdwd3Nw9wuY6OqHMOiiC04615yXliOhCNwL3OQ+v4Sn/1POy9PnNP9TEARxbPn+7c8k/l39UQBwEiXk9f2f1qwPN/p/Lfx6+fnWzfqbh++/5CdOcdGccbz6+jkAn2oWonTsv6NL+noXPNX3wHFJ6zoYHK0fgeO+1gEYHmj91NA90d9xnrTDwHncC5tCuCJ4IvgiVObzm75maBr5MeP/wXDUaYRh0N+i+F/9pjWOqpGfuV8OVLauUT8PHJ7WFTDc0fo68kltVEmM5z+bm81vLX1+G9uuiEhljVFnTmVulQ1gszQAdlh7j1f6ld3mO5QhLEiR7OiOV9+BQO5IpLGG2GQvPt5QY5I78Vi1ZZ/TGRPG4xWXsLFR5VN/it8xXDD8SVnJW3nUlKPu8/JgOLrc7jZaQSt45vuVa+4V173ql6URqbjE/4rSn07M5l94JglsZuNFI4r6nopp21dxkeNy6X8cF8+rtnBTe27egqGZ/nF5ld7b+ZCZPUEQxP44ByY9WfpyIvRpAuNb9/YecyQIgiAIgiAIgiAI4mD8DQAA//80kEvd") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)={0x2c, r4, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0) 19.939514966s ago: executing program 3 (id=1999): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setrlimit(0x0, &(0x7f0000000080)={0x4, 0xa}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$kcm(0x21, 0x2, 0x2) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x110, 0x6, 0x0, 0xfffffffffffffdcb) 19.600447444s ago: executing program 3 (id=2000): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x802) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sigaltstack(&(0x7f0000000140)={&(0x7f0000000780)=""/4093, 0x1, 0xffd}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1000000, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 18.914087751s ago: executing program 0 (id=2001): r0 = socket$alg(0x26, 0x5, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xbb) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) 18.643587391s ago: executing program 0 (id=2002): socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r4, 0x1, 0x7, 0x0, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 17.972031889s ago: executing program 0 (id=2003): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x12f4}, 0x1, 0x0, 0x0, 0x4040051}, 0x240000c4) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xe71a, 0x400, 0xfffffffd, 0x24d}, &(0x7f00000000c0)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd=r1, 0x0, &(0x7f0000000180)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x6}) io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0) (fail_nth: 2) 17.827862489s ago: executing program 3 (id=2004): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsopen(&(0x7f00000001c0)='smb3\x00', 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x80000239, 0x0, &(0x7f0000000180), &(0x7f0000000240)) write(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000002680)={{0xa, 0x3, 0xa5, 0x7, 'syz1\x00'}, 0x2, 0x10000000, 0x2, 0x0, 0x6, 0x9, 'syz0\x00', &(0x7f0000002640)=['/dev/iommu\x00', '.\xe4\x13\x00', 'tunl0\x00', 'michael_mic\x00', '+\xf3\x00', 'michael_mic\x00'], 0x30}) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000280)=0x3) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000200)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000003c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r5, 0x0, 0x8, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$COMEDI_SUBDINFO(0xffffffffffffffff, 0x80486402, &(0x7f0000000000)) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0) sendmsg$key(r6, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020300090a00000000000000000000000300060000000e0002000000e0000009000000000000000002000100000000000000000200000000030005000003000002000000010000000000fcff0061db72be351b00de20de3ea54c54c6a6fba8d955f1a402e320e229ada4842ba2557bef351e25325826991deb7b8571adad3b02e74b465374b468c14f3ff620abc9f92ea0a5daf767a5b87e4a99e49700ef2885e763"], 0x50}}, 0x0) 17.731645829s ago: executing program 6 (id=2005): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc) writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000004c0)="0e9a0f", 0x3}], 0x2) 17.730813955s ago: executing program 0 (id=2006): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="980000000001050500000000000000000a0000003c0002802c000180140003"], 0x98}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000bc0)={0x3c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x3c}}, 0x40890) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x3c, r8, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0xfffffffffffffd65, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x0, 0x1, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000020}, 0x4010) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="980000000001050500000000000000000a0000003c0002802c000180140003"], 0x98}}, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) (async) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000bc0)={0x3c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x3c}}, 0x40890) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) (async) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)) (async) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) (async) sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x3c, r8, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0xfffffffffffffd65, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x0, 0x1, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000020}, 0x4010) (async) 17.65544877s ago: executing program 5 (id=2007): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x12f4}, 0x1, 0x0, 0x0, 0x4040051}, 0x240000c4) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xe71a, 0x400, 0xfffffffd, 0x24d}, &(0x7f00000000c0)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd=r1, 0x0, &(0x7f0000000180)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x6}) io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 17.117464904s ago: executing program 6 (id=2008): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1f, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7fff}, {}, {}, [@generic={0x2, 0x4, 0x0, 0xbcbb, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3c0}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='GPL\x00', 0x543, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r0}, 0x18) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x4}, 0x8) 17.06001415s ago: executing program 4 (id=2009): mkdir(0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_type(r0, 0x0, 0x2, 0x0) rmdir(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x800ec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x41, 0x4000, @fd=r1, 0x7, 0x0, 0x0, 0x10, 0x1, {0x3}}) socket$inet_tcp(0x2, 0x1, 0x0) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 17.024132694s ago: executing program 5 (id=2010): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x100000a, 0x10, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) getrandom(&(0x7f0000000140)=""/103, 0x67, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64d1, &(0x7f0000000080)={0x1, 0x0, 0x6, 0x2, 0x2, 0x2, 0x56afe045}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000000008000"], 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="b784500df7a496c0dacc6a3c24465b016f64b4c00b5f7c691cb24cb8000000001a000020c000000000201500", 0x0, 0x48) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0, 0xfffffffffffffe9a}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00'}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x20, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_emit_ethernet(0xf3, &(0x7f00000014c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@void, {0x8100, 0x7, 0x0, 0x2}}, {@llc={0x4, {@llc={0x42, 0x42, ')a', "349602a676ad6a1b2db4700807cbde31ef0b40d259fffe951a50097163d2e380642f8be4326079855aa542709e1b70157322abfd39c8f2ef41caf282a813721a6729b1283e62bf7adea8a92c434b1bd0f50697912b0836842a5a9e6f2e4d0b24f081114a0b304a0b1c8273329b8e4dec93a4623a02734b8d8b37dce18a9e6d9e942fad53a8757c2e10072ffb5666685272c6c6a9137dff891a5913d7d36b9c5e7d6a9e300c66de819961ea5a41bfda3139f4c6b792014d8e4fdd29f9b27d28ad1eaa14511127b27bfee3794092c1c571d13612478991f45dd58e8ca13f"}}}}}, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000380), 0xc0180, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000001440)="e403402e6d69aa1ce29ef9a6a8a811114a73730561f86ec24fbd20a031516af10645443ba1ea91a31e618c729fa46241fc852cf7795cc3c0d78ae4de1e5110eafba42f764d048680", 0x0, 0x48) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2, {0x3}}, './file0\x00'}) read$msr(r7, &(0x7f0000000240)=""/172, 0xac) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ffa000/0x1000)=nil, 0x1000}) 16.901813891s ago: executing program 3 (id=2011): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)=0x7ffd) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x5752c1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$loop(&(0x7f00000001c0), 0x40009, 0x60c783) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x87}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) syz_emit_vhci(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8400) (fail_nth: 4) socket$igmp6(0xa, 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000100)={0x4, 0x20002, 0x1}) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) socket(0x200000000000011, 0x4000000000080002, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 16.339561412s ago: executing program 3 (id=2012): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0xb7e, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc0042, 0x1) close(r1) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$xdp(0x2c, 0x3, 0x0) mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYRES32]) 16.267410248s ago: executing program 3 (id=2013): socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r4, 0x1, 0x7, 0x0, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 16.013508662s ago: executing program 5 (id=2014): r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315ce7e0102030109026100010000000009040001"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) unshare(0x26020480) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x10, 0x40, 0x3, 0x20f, {{0x11, 0x4, 0x2, 0x4, 0x44, 0x68, 0x0, 0x2, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @rand_addr=0x64010101, {[@rr={0x7, 0x7, 0x12, [@multicast1]}, @generic={0x83, 0xd, "87569635b71661ac3769d9"}, @timestamp_addr={0x44, 0x14, 0x63, 0x1, 0xe, [{@dev={0xac, 0x14, 0x14, 0x2}, 0x100}, {@empty, 0xffff1f0f}]}, @generic={0x83a26ec86be8969c, 0x5, "799715"}]}}}}}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='mountstats\x00') r3 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$PPPIOCUNBRIDGECHAN(r3, 0x7434) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x3, 0x0, 0x8000006, 0x22028, r3, 0x4, '\x00', r1, r2, 0x2, 0x5}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, r4}, 0x38) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23}, 0x38) syz_usb_control_io$printer(r0, 0x0, 0x0) 15.195501212s ago: executing program 4 (id=2015): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r2 = socket(0x22, 0x3, 0x744) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x70, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r3, 0xf7) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) io_setup(0x4, 0x0) io_setup(0x9, &(0x7f0000000b80)=0x0) r7 = fanotify_init(0x0, 0x0) io_submit(r6, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}]) io_pgetevents(r6, 0x2, 0x5, &(0x7f0000000440)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)={0x77359400}, 0x0) syslog(0xa, &(0x7f0000000300)=""/163, 0xa3) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) 2.146447852s ago: executing program 34 (id=2006): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="980000000001050500000000000000000a0000003c0002802c000180140003"], 0x98}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000bc0)={0x3c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x3c}}, 0x40890) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x3c, r8, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0xfffffffffffffd65, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x0, 0x1, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000020}, 0x4010) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="980000000001050500000000000000000a0000003c0002802c000180140003"], 0x98}}, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r1) (async) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000bc0)={0x3c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x3c}}, 0x40890) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) (async) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)) (async) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) (async) sendmsg$NFC_CMD_DEV_DOWN(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x3c, r8, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0xfffffffffffffd65, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x0, 0x1, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000020}, 0x4010) (async) 1.117278442s ago: executing program 35 (id=2008): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1f, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7fff}, {}, {}, [@generic={0x2, 0x4, 0x0, 0xbcbb, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3c0}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='GPL\x00', 0x543, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r0}, 0x18) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x4}, 0x8) 1.07727353s ago: executing program 36 (id=2013): socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r4, 0x1, 0x7, 0x0, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 38.071333ms ago: executing program 37 (id=2014): r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315ce7e0102030109026100010000000009040001"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) unshare(0x26020480) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x10, 0x40, 0x3, 0x20f, {{0x11, 0x4, 0x2, 0x4, 0x44, 0x68, 0x0, 0x2, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @rand_addr=0x64010101, {[@rr={0x7, 0x7, 0x12, [@multicast1]}, @generic={0x83, 0xd, "87569635b71661ac3769d9"}, @timestamp_addr={0x44, 0x14, 0x63, 0x1, 0xe, [{@dev={0xac, 0x14, 0x14, 0x2}, 0x100}, {@empty, 0xffff1f0f}]}, @generic={0x83a26ec86be8969c, 0x5, "799715"}]}}}}}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='mountstats\x00') r3 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$PPPIOCUNBRIDGECHAN(r3, 0x7434) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x3, 0x0, 0x8000006, 0x22028, r3, 0x4, '\x00', r1, r2, 0x2, 0x5}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, r4}, 0x38) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23}, 0x38) syz_usb_control_io$printer(r0, 0x0, 0x0) 0s ago: executing program 38 (id=2015): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r2 = socket(0x22, 0x3, 0x744) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x70, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r3, 0xf7) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) io_setup(0x4, 0x0) io_setup(0x9, &(0x7f0000000b80)=0x0) r7 = fanotify_init(0x0, 0x0) io_submit(r6, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}]) io_pgetevents(r6, 0x2, 0x5, &(0x7f0000000440)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)={0x77359400}, 0x0) syslog(0xa, &(0x7f0000000300)=""/163, 0xa3) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) kernel console output (not intermixed with test programs): /0x250 [ 600.228743][T11494] ? __pfx____ratelimit+0x10/0x10 [ 600.228768][T11494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 600.228794][T11494] ? __pfx__printk+0x10/0x10 [ 600.228829][T11494] ? __pfx___might_resched+0x10/0x10 [ 600.228859][T11494] ? fs_reclaim_acquire+0x7d/0x100 [ 600.228885][T11494] should_fail_ex+0x414/0x560 [ 600.228920][T11494] should_failslab+0xa8/0x100 [ 600.228944][T11494] __kmalloc_noprof+0xcb/0x7f0 [ 600.228974][T11494] ? tomoyo_encode+0x28b/0x550 [ 600.229021][T11494] tomoyo_encode+0x28b/0x550 [ 600.229054][T11494] tomoyo_realpath_from_path+0x58d/0x5d0 [ 600.229094][T11494] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 600.229117][T11494] tomoyo_path_number_perm+0x1e8/0x5a0 [ 600.229143][T11494] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 600.229217][T11494] ? __fget_files+0x2a/0x420 [ 600.229241][T11494] ? __fget_files+0x3a0/0x420 [ 600.229258][T11494] ? __fget_files+0x2a/0x420 [ 600.229281][T11494] security_file_ioctl+0xcb/0x2d0 [ 600.229303][T11494] __se_sys_ioctl+0x47/0x170 [ 600.229331][T11494] do_syscall_64+0xfa/0xfa0 [ 600.229353][T11494] ? lockdep_hardirqs_on+0x9c/0x150 [ 600.229376][T11494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.229394][T11494] ? clear_bhb_loop+0x60/0xb0 [ 600.229417][T11494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.229436][T11494] RIP: 0033:0x7f508c78ec29 [ 600.229452][T11494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.229469][T11494] RSP: 002b:00007f508d685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 600.229489][T11494] RAX: ffffffffffffffda RBX: 00007f508c9d5fa0 RCX: 00007f508c78ec29 [ 600.229503][T11494] RDX: 0000200000000000 RSI: 000000004010640d RDI: 0000000000000003 [ 600.229515][T11494] RBP: 00007f508d685090 R08: 0000000000000000 R09: 0000000000000000 [ 600.229527][T11494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 600.229538][T11494] R13: 00007f508c9d6038 R14: 00007f508c9d5fa0 R15: 00007fffb9bdd728 [ 600.229570][T11494] [ 600.233241][T11494] ERROR: Out of memory at tomoyo_realpath_from_path. [ 600.510645][ T5934] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 600.537729][ T5934] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 600.547066][ T5934] usb 7-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 600.555302][ T5934] usb 7-1: Manufacturer: syz [ 600.605058][ T5934] usb 7-1: config 0 descriptor?? [ 600.831147][ T5934] usb 7-1: USB disconnect, device number 6 [ 601.096815][T11500] overlayfs: missing 'lowerdir' [ 601.926158][T11512] netlink: 'syz.6.1622': attribute type 4 has an invalid length. [ 602.424156][T11524] netlink: 'syz.4.1624': attribute type 58 has an invalid length. [ 602.646247][T11524] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1624'. [ 602.873832][T11531] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 604.638114][ T917] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 604.795499][T11537] FAULT_INJECTION: forcing a failure. [ 604.795499][T11537] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.818190][T11537] CPU: 1 UID: 0 PID: 11537 Comm: syz.6.1628 Not tainted syzkaller #0 PREEMPT(full) [ 604.818219][T11537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 604.818233][T11537] Call Trace: [ 604.818240][T11537] [ 604.818268][T11537] dump_stack_lvl+0x189/0x250 [ 604.818306][T11537] ? __pfx____ratelimit+0x10/0x10 [ 604.818328][T11537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 604.818351][T11537] ? __pfx__printk+0x10/0x10 [ 604.818379][T11537] ? __might_fault+0xb0/0x130 [ 604.818425][T11537] should_fail_ex+0x414/0x560 [ 604.818456][T11537] _copy_from_iter+0x1de/0x1790 [ 604.818491][T11537] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 604.818512][T11537] ? __lock_acquire+0xab9/0xd20 [ 604.818547][T11537] ? policy_nodemask+0x27c/0x720 [ 604.818568][T11537] ? __pfx__copy_from_iter+0x10/0x10 [ 604.818606][T11537] ? set_page_refcounted+0xa0/0x1e0 [ 604.818628][T11537] ? page_copy_sane+0x4e/0x280 [ 604.818648][T11537] copy_page_from_iter+0xdd/0x170 [ 604.818672][T11537] tun_get_user+0x1d7b/0x3e20 [ 604.818709][T11537] ? tun_get_user+0x6f6/0x3e20 [ 604.818745][T11537] ? stack_trace_save+0x9c/0xe0 [ 604.818767][T11537] ? __pfx_tun_get_user+0x10/0x10 [ 604.818800][T11537] ? save_netdev_trace_buffer+0x14f/0x5e0 [ 604.818835][T11537] ? save_netdev_trace_buffer+0x4e2/0x5e0 [ 604.818863][T11537] ? __lock_acquire+0xab9/0xd20 [ 604.818896][T11537] ? ref_tracker_alloc+0x318/0x460 [ 604.818922][T11537] ? tun_get+0x157/0x2f0 [ 604.818947][T11537] ? tun_chr_write_iter+0x60/0x210 [ 604.818972][T11537] ? ksys_write+0x145/0x250 [ 604.819001][T11537] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 604.819036][T11537] ? tun_get+0x1c/0x2f0 [ 604.819069][T11537] ? tun_get+0x1c/0x2f0 [ 604.819107][T11537] ? tun_get+0x1c/0x2f0 [ 604.819137][T11537] tun_chr_write_iter+0x113/0x210 [ 604.819166][T11537] vfs_write+0x5c9/0xb30 [ 604.819200][T11537] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 604.819227][T11537] ? __pfx_vfs_write+0x10/0x10 [ 604.819267][T11537] ? __fget_files+0x2a/0x420 [ 604.819303][T11537] ksys_write+0x145/0x250 [ 604.819335][T11537] ? __pfx_ksys_write+0x10/0x10 [ 604.819368][T11537] ? do_syscall_64+0xbe/0xfa0 [ 604.819395][T11537] do_syscall_64+0xfa/0xfa0 [ 604.819418][T11537] ? lockdep_hardirqs_on+0x9c/0x150 [ 604.819441][T11537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.819460][T11537] ? clear_bhb_loop+0x60/0xb0 [ 604.819484][T11537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.819503][T11537] RIP: 0033:0x7fe85ef8d6df [ 604.819521][T11537] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 604.819538][T11537] RSP: 002b:00007fe85fe6c000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 604.819558][T11537] RAX: ffffffffffffffda RBX: 00007fe85f1d5fa0 RCX: 00007fe85ef8d6df [ 604.819573][T11537] RDX: 000000000000002a RSI: 0000200000000080 RDI: 00000000000000c8 [ 604.819584][T11537] RBP: 00007fe85fe6c090 R08: 0000000000000000 R09: 0000000000000000 [ 604.819596][T11537] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001 [ 604.819606][T11537] R13: 00007fe85f1d6038 R14: 00007fe85f1d5fa0 R15: 00007ffcb4eb9018 [ 604.819638][T11537] [ 605.198603][ T917] usb 4-1: device descriptor read/64, error -71 [ 605.385975][T11543] overlayfs: missing 'lowerdir' [ 605.398937][ T5953] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 605.616432][T11544] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 606.128339][ T917] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 606.428367][ T917] usb 4-1: device descriptor read/64, error -71 [ 606.446566][ T5953] usb 1-1: unable to get BOS descriptor or descriptor too short [ 606.469397][ T5953] usb 1-1: config 3 has an invalid interface number: 8 but max is 3 [ 606.488816][ T5953] usb 1-1: config 3 has an invalid descriptor of length 70, skipping remainder of the config [ 606.507737][ T5953] usb 1-1: config 3 has 1 interface, different from the descriptor's value: 4 [ 606.555536][ T5953] usb 1-1: config 3 has no interface number 0 [ 606.562412][ T917] usb usb4-port1: attempt power cycle [ 606.603376][ T5953] usb 1-1: config 3 interface 8 altsetting 6 endpoint 0x82 has an invalid bInterval 248, changing to 11 [ 607.398651][ T917] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 607.459252][ T5953] usb 1-1: config 3 interface 8 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 607.498126][ T5953] usb 1-1: config 3 interface 8 has no altsetting 0 [ 607.515407][ T5953] usb 1-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=c2.be [ 607.533762][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.610922][ T5953] usb 1-1: Product: syz [ 607.618423][ T5953] usb 1-1: Manufacturer: syz [ 607.619280][T11558] FAULT_INJECTION: forcing a failure. [ 607.619280][T11558] name failslab, interval 1, probability 0, space 0, times 0 [ 607.642928][ T5953] usb 1-1: SerialNumber: syz [ 607.698178][ T917] usb 4-1: device not accepting address 27, error -71 [ 607.720713][T11558] CPU: 1 UID: 0 PID: 11558 Comm: syz.4.1635 Not tainted syzkaller #0 PREEMPT(full) [ 607.720743][T11558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 607.720756][T11558] Call Trace: [ 607.720765][T11558] [ 607.720774][T11558] dump_stack_lvl+0x189/0x250 [ 607.720804][T11558] ? __pfx____ratelimit+0x10/0x10 [ 607.720828][T11558] ? __pfx_dump_stack_lvl+0x10/0x10 [ 607.720852][T11558] ? __pfx__printk+0x10/0x10 [ 607.720884][T11558] ? __pfx___might_resched+0x10/0x10 [ 607.720914][T11558] ? fs_reclaim_acquire+0x7d/0x100 [ 607.720938][T11558] should_fail_ex+0x414/0x560 [ 607.720969][T11558] should_failslab+0xa8/0x100 [ 607.720991][T11558] kmem_cache_alloc_noprof+0x74/0x6e0 [ 607.721025][T11558] ? __percpu_counter_compare+0xae/0x2e0 [ 607.721046][T11558] ? ep_insert+0x272/0x19e0 [ 607.721068][T11558] ep_insert+0x272/0x19e0 [ 607.721102][T11558] ? __pfx_ep_insert+0x10/0x10 [ 607.721121][T11558] ? __pfx___mutex_lock+0x10/0x10 [ 607.721146][T11558] ? __fget_files+0x2a/0x420 [ 607.721168][T11558] ? __fget_files+0x2a/0x420 [ 607.721185][T11558] ? __fget_files+0x3a0/0x420 [ 607.721203][T11558] ? __fget_files+0x2a/0x420 [ 607.721232][T11558] do_epoll_ctl+0x7f4/0xe80 [ 607.721262][T11558] __x64_sys_epoll_ctl+0x163/0x1a0 [ 607.721284][T11558] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 607.721308][T11558] ? do_syscall_64+0xbe/0xfa0 [ 607.721334][T11558] do_syscall_64+0xfa/0xfa0 [ 607.721354][T11558] ? lockdep_hardirqs_on+0x9c/0x150 [ 607.721376][T11558] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.721395][T11558] ? clear_bhb_loop+0x60/0xb0 [ 607.721418][T11558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.721436][T11558] RIP: 0033:0x7f8b4f18ec29 [ 607.721453][T11558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.721470][T11558] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 607.721490][T11558] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 607.721503][T11558] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000003 [ 607.721515][T11558] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 607.721527][T11558] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 607.721539][T11558] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 607.721572][T11558] [ 607.962775][ T5921] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 608.138172][ T5921] usb 6-1: Using ep0 maxpacket: 16 [ 608.146516][ T5921] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 608.494488][ T5953] appledisplay 1-1:3.8: Error while getting initial brightness: -71 [ 608.505788][ T5953] appledisplay 1-1:3.8: probe with driver appledisplay failed with error -71 [ 608.515817][ T5921] usb 6-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 608.733797][T11567] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 609.166421][ T5921] usb 6-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 609.179925][ T5953] usbhid 1-1:3.8: can't add hid device: -22 [ 609.185969][ T5953] usbhid 1-1:3.8: probe with driver usbhid failed with error -22 [ 610.051905][ T5921] usb 6-1: Manufacturer: syz [ 610.073459][ T5921] usb 6-1: config 0 descriptor?? [ 610.081305][ T5953] usb 1-1: USB disconnect, device number 28 [ 610.590433][T11575] overlayfs: missing 'workdir' [ 611.380520][T11582] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 612.296038][ T5921] usb 6-1: can't set config #0, error -71 [ 612.357747][T11584] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 612.433284][ T5921] usb 6-1: USB disconnect, device number 7 [ 612.441423][T11584] EXT4-fs (loop3): unable to read superblock [ 612.612814][T11584] futex_wake_op: syz.3.1644 tries to shift op by 36; fix this program [ 612.689185][T11589] program syz.5.1646 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 612.748249][ T5980] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 612.898206][ T5980] usb 7-1: device descriptor read/64, error -71 [ 613.288410][T11597] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 614.789217][ T5980] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 615.060254][ T5980] usb 7-1: device descriptor read/64, error -71 [ 615.151311][T11605] netlink: 'syz.4.1639': attribute type 4 has an invalid length. [ 615.181803][ T5980] usb usb7-port1: attempt power cycle [ 615.351100][T11612] overlayfs: missing 'workdir' [ 615.508986][T11591] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1647'. [ 616.642437][T11624] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 616.655071][T11627] program syz.3.1658 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 616.688219][T11624] EXT4-fs (loop4): unable to read superblock [ 616.768912][T11624] futex_wake_op: syz.4.1657 tries to shift op by 36; fix this program [ 616.986316][ T5934] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 617.718655][ T5934] usb 6-1: Using ep0 maxpacket: 16 [ 617.833921][ T5934] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 617.909555][ T5934] usb 6-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 617.922604][ T5934] usb 6-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 617.962412][ T5934] usb 6-1: Manufacturer: syz [ 618.068896][ T5934] usb 6-1: config 0 descriptor?? [ 618.116265][T11646] FAULT_INJECTION: forcing a failure. [ 618.116265][T11646] name failslab, interval 1, probability 0, space 0, times 0 [ 618.129084][T11646] CPU: 0 UID: 0 PID: 11646 Comm: syz.3.1663 Not tainted syzkaller #0 PREEMPT(full) [ 618.129115][T11646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 618.129124][T11646] Call Trace: [ 618.129131][T11646] [ 618.129137][T11646] dump_stack_lvl+0x189/0x250 [ 618.129160][T11646] ? __pfx____ratelimit+0x10/0x10 [ 618.129176][T11646] ? __pfx_dump_stack_lvl+0x10/0x10 [ 618.129193][T11646] ? __pfx__printk+0x10/0x10 [ 618.129224][T11646] ? __pfx___might_resched+0x10/0x10 [ 618.129244][T11646] ? fs_reclaim_acquire+0x7d/0x100 [ 618.129262][T11646] should_fail_ex+0x414/0x560 [ 618.129285][T11646] should_failslab+0xa8/0x100 [ 618.129301][T11646] kmem_cache_alloc_node_noprof+0x77/0x710 [ 618.129323][T11646] ? __alloc_skb+0x112/0x2d0 [ 618.129343][T11646] __alloc_skb+0x112/0x2d0 [ 618.129361][T11646] netlink_sendmsg+0x5c6/0xb30 [ 618.129384][T11646] ? __pfx_netlink_sendmsg+0x10/0x10 [ 618.129402][T11646] ? aa_sock_msg_perm+0xf1/0x1d0 [ 618.129423][T11646] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 618.129437][T11646] ? __pfx_netlink_sendmsg+0x10/0x10 [ 618.129453][T11646] __sock_sendmsg+0x21c/0x270 [ 618.129477][T11646] ____sys_sendmsg+0x505/0x830 [ 618.129499][T11646] ? __pfx_____sys_sendmsg+0x10/0x10 [ 618.129523][T11646] ? import_iovec+0x74/0xa0 [ 618.129540][T11646] ___sys_sendmsg+0x21f/0x2a0 [ 618.129559][T11646] ? __pfx____sys_sendmsg+0x10/0x10 [ 618.129602][T11646] ? __fget_files+0x2a/0x420 [ 618.129615][T11646] ? __fget_files+0x3a0/0x420 [ 618.129637][T11646] __x64_sys_sendmsg+0x19b/0x260 [ 618.129657][T11646] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 618.129681][T11646] ? __pfx_ksys_write+0x10/0x10 [ 618.129705][T11646] ? do_syscall_64+0xbe/0xfa0 [ 618.129725][T11646] do_syscall_64+0xfa/0xfa0 [ 618.129741][T11646] ? lockdep_hardirqs_on+0x9c/0x150 [ 618.129757][T11646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.129771][T11646] ? clear_bhb_loop+0x60/0xb0 [ 618.129787][T11646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.129801][T11646] RIP: 0033:0x7f658b38ec29 [ 618.129814][T11646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.129827][T11646] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 618.129842][T11646] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 618.129853][T11646] RDX: 0000000000000004 RSI: 0000200000000900 RDI: 0000000000000004 [ 618.129862][T11646] RBP: 00007f658c257090 R08: 0000000000000000 R09: 0000000000000000 [ 618.129870][T11646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 618.129879][T11646] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 618.129901][T11646] [ 620.445097][T11665] netlink: 'syz.6.1667': attribute type 4 has an invalid length. [ 620.660566][ T5953] usb 6-1: USB disconnect, device number 8 [ 621.366692][T11668] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1669'. [ 621.433049][T11675] program syz.3.1673 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 621.437691][T11670] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 621.538228][T11670] EXT4-fs (loop5): unable to read superblock [ 621.655264][T11670] futex_wake_op: syz.5.1671 tries to shift op by 36; fix this program [ 622.751655][T11694] FAULT_INJECTION: forcing a failure. [ 622.751655][T11694] name failslab, interval 1, probability 0, space 0, times 0 [ 622.857245][T11694] CPU: 1 UID: 0 PID: 11694 Comm: syz.4.1679 Not tainted syzkaller #0 PREEMPT(full) [ 622.857274][T11694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 622.857287][T11694] Call Trace: [ 622.857295][T11694] [ 622.857304][T11694] dump_stack_lvl+0x189/0x250 [ 622.857334][T11694] ? __pfx____ratelimit+0x10/0x10 [ 622.857358][T11694] ? __pfx_dump_stack_lvl+0x10/0x10 [ 622.857382][T11694] ? __pfx__printk+0x10/0x10 [ 622.857416][T11694] ? __pfx___might_resched+0x10/0x10 [ 622.857451][T11694] should_fail_ex+0x414/0x560 [ 622.857483][T11694] should_failslab+0xa8/0x100 [ 622.857506][T11694] __kmalloc_noprof+0xcb/0x7f0 [ 622.857534][T11694] ? kfree+0x4d/0x6d0 [ 622.857557][T11694] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 622.857592][T11694] tomoyo_realpath_from_path+0xe3/0x5d0 [ 622.857622][T11694] ? tomoyo_domain+0xd9/0x130 [ 622.857655][T11694] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 622.857674][T11694] tomoyo_path_number_perm+0x1e8/0x5a0 [ 622.857695][T11694] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 622.857716][T11694] ? sb_end_write+0xe9/0x1c0 [ 622.857735][T11694] ? vfs_write+0x956/0xb30 [ 622.857786][T11694] ? ksys_write+0x1e1/0x250 [ 622.857813][T11694] security_file_ioctl+0xcb/0x2d0 [ 622.857832][T11694] __se_sys_ioctl+0x47/0x170 [ 622.857861][T11694] do_syscall_64+0xfa/0xfa0 [ 622.857881][T11694] ? lockdep_hardirqs_on+0x9c/0x150 [ 622.857918][T11694] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.857934][T11694] ? clear_bhb_loop+0x60/0xb0 [ 622.857954][T11694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.857969][T11694] RIP: 0033:0x7f8b4f18ec29 [ 622.857984][T11694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.858003][T11694] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.858023][T11694] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 622.858039][T11694] RDX: 0000000000000000 RSI: 000000004008af25 RDI: 0000000000000003 [ 622.858049][T11694] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 622.858058][T11694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.858068][T11694] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 622.858095][T11694] [ 623.095904][T11694] ERROR: Out of memory at tomoyo_realpath_from_path. [ 623.818147][ T44] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 624.178155][ T44] usb 7-1: Using ep0 maxpacket: 16 [ 624.200928][ T44] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 624.248633][ T44] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 624.257696][ T44] usb 7-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 624.310823][T11710] netlink: 'syz.4.1684': attribute type 4 has an invalid length. [ 624.456297][T11720] program syz.0.1685 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 624.469282][ T44] usb 7-1: Manufacturer: syz [ 624.488980][ T44] usb 7-1: config 0 descriptor?? [ 624.613258][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.625399][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.995245][T11724] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 625.017964][T11724] EXT4-fs (loop5): unable to read superblock [ 625.030170][T11726] FAULT_INJECTION: forcing a failure. [ 625.030170][T11726] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.083146][T11726] CPU: 0 UID: 0 PID: 11726 Comm: syz.4.1689 Not tainted syzkaller #0 PREEMPT(full) [ 625.083173][T11726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 625.083186][T11726] Call Trace: [ 625.083193][T11726] [ 625.083201][T11726] dump_stack_lvl+0x189/0x250 [ 625.083230][T11726] ? __pfx____ratelimit+0x10/0x10 [ 625.083253][T11726] ? __pfx_dump_stack_lvl+0x10/0x10 [ 625.083276][T11726] ? __pfx__printk+0x10/0x10 [ 625.083303][T11726] ? __might_fault+0xb0/0x130 [ 625.083343][T11726] should_fail_ex+0x414/0x560 [ 625.083373][T11726] _copy_from_user+0x2d/0xb0 [ 625.083396][T11726] ___sys_sendmsg+0x158/0x2a0 [ 625.083427][T11726] ? __pfx____sys_sendmsg+0x10/0x10 [ 625.083485][T11726] ? __fget_files+0x2a/0x420 [ 625.083504][T11726] ? __fget_files+0x3a0/0x420 [ 625.083533][T11726] __x64_sys_sendmsg+0x19b/0x260 [ 625.083559][T11726] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 625.083592][T11726] ? __pfx_ksys_write+0x10/0x10 [ 625.083642][T11726] ? do_syscall_64+0xbe/0xfa0 [ 625.083671][T11726] do_syscall_64+0xfa/0xfa0 [ 625.083693][T11726] ? lockdep_hardirqs_on+0x9c/0x150 [ 625.083717][T11726] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.083736][T11726] ? clear_bhb_loop+0x60/0xb0 [ 625.083760][T11726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.083779][T11726] RIP: 0033:0x7f8b4f18ec29 [ 625.083797][T11726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.083814][T11726] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 625.083835][T11726] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 625.083850][T11726] RDX: 000000000000c800 RSI: 00002000000002c0 RDI: 0000000000000003 [ 625.083863][T11726] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 625.083875][T11726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.083897][T11726] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 625.083930][T11726] [ 625.085026][T11724] futex_wake_op: syz.5.1686 tries to shift op by 36; fix this program [ 625.758216][T11740] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 626.538836][T11744] FAULT_INJECTION: forcing a failure. [ 626.538836][T11744] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 626.617714][T11744] CPU: 0 UID: 0 PID: 11744 Comm: syz.0.1693 Not tainted syzkaller #0 PREEMPT(full) [ 626.617736][T11744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 626.617746][T11744] Call Trace: [ 626.617754][T11744] [ 626.617761][T11744] dump_stack_lvl+0x189/0x250 [ 626.617784][T11744] ? __pfx____ratelimit+0x10/0x10 [ 626.617801][T11744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.617818][T11744] ? __pfx__printk+0x10/0x10 [ 626.617838][T11744] ? __might_fault+0xb0/0x130 [ 626.617869][T11744] should_fail_ex+0x414/0x560 [ 626.617893][T11744] _copy_from_user+0x2d/0xb0 [ 626.617928][T11744] ___sys_sendmsg+0x158/0x2a0 [ 626.617949][T11744] ? __pfx____sys_sendmsg+0x10/0x10 [ 626.618005][T11744] ? __fget_files+0x2a/0x420 [ 626.618024][T11744] ? __fget_files+0x3a0/0x420 [ 626.618055][T11744] __x64_sys_sendmsg+0x19b/0x260 [ 626.618083][T11744] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 626.618117][T11744] ? __pfx_ksys_write+0x10/0x10 [ 626.618143][T11744] ? do_syscall_64+0xbe/0xfa0 [ 626.618163][T11744] do_syscall_64+0xfa/0xfa0 [ 626.618180][T11744] ? lockdep_hardirqs_on+0x9c/0x150 [ 626.618197][T11744] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.618211][T11744] ? clear_bhb_loop+0x60/0xb0 [ 626.618229][T11744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.618243][T11744] RIP: 0033:0x7f3c60d8ec29 [ 626.618257][T11744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.618270][T11744] RSP: 002b:00007f3c61c9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 626.618285][T11744] RAX: ffffffffffffffda RBX: 00007f3c60fd5fa0 RCX: 00007f3c60d8ec29 [ 626.618296][T11744] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 626.618306][T11744] RBP: 00007f3c61c9e090 R08: 0000000000000000 R09: 0000000000000000 [ 626.618315][T11744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 626.618323][T11744] R13: 00007f3c60fd6038 R14: 00007f3c60fd5fa0 R15: 00007fffb768b818 [ 626.618347][T11744] [ 626.913368][ T44] usb 7-1: USB disconnect, device number 10 [ 627.025667][T11747] program syz.3.1697 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 628.126356][T11764] futex_wake_op: syz.0.1701 tries to shift op by 36; fix this program [ 628.167464][T11766] netlink: 'syz.3.1699': attribute type 4 has an invalid length. [ 629.725610][T11779] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 630.535831][T11783] FAULT_INJECTION: forcing a failure. [ 630.535831][T11783] name failslab, interval 1, probability 0, space 0, times 0 [ 630.618522][T11783] CPU: 1 UID: 0 PID: 11783 Comm: syz.6.1707 Not tainted syzkaller #0 PREEMPT(full) [ 630.618552][T11783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 630.618565][T11783] Call Trace: [ 630.618574][T11783] [ 630.618583][T11783] dump_stack_lvl+0x189/0x250 [ 630.618615][T11783] ? __pfx____ratelimit+0x10/0x10 [ 630.618639][T11783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 630.618664][T11783] ? __pfx__printk+0x10/0x10 [ 630.618699][T11783] ? __pfx___might_resched+0x10/0x10 [ 630.618727][T11783] ? fs_reclaim_acquire+0x7d/0x100 [ 630.618753][T11783] should_fail_ex+0x414/0x560 [ 630.618786][T11783] should_failslab+0xa8/0x100 [ 630.618811][T11783] __kmalloc_noprof+0xcb/0x7f0 [ 630.618841][T11783] ? tomoyo_encode+0x28b/0x550 [ 630.618866][T11783] ? __pfx_dmabuffs_dname+0x10/0x10 [ 630.618892][T11783] tomoyo_encode+0x28b/0x550 [ 630.618926][T11783] tomoyo_realpath_from_path+0x58d/0x5d0 [ 630.618957][T11783] ? tomoyo_domain+0xd9/0x130 [ 630.618991][T11783] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 630.619014][T11783] tomoyo_path_number_perm+0x1e8/0x5a0 [ 630.619041][T11783] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 630.619062][T11783] ? __seccomp_filter+0x74a/0x1a30 [ 630.619133][T11783] ? __fget_files+0x2a/0x420 [ 630.619158][T11783] ? __fget_files+0x3a0/0x420 [ 630.619176][T11783] ? __fget_files+0x2a/0x420 [ 630.619201][T11783] security_file_ioctl+0xcb/0x2d0 [ 630.619224][T11783] __se_sys_ioctl+0x47/0x170 [ 630.619254][T11783] do_syscall_64+0xfa/0xfa0 [ 630.619277][T11783] ? lockdep_hardirqs_on+0x9c/0x150 [ 630.619300][T11783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.619319][T11783] ? clear_bhb_loop+0x60/0xb0 [ 630.619343][T11783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.619362][T11783] RIP: 0033:0x7fe85ef8ec29 [ 630.619391][T11783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.619408][T11783] RSP: 002b:00007fe85fe6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 630.619429][T11783] RAX: ffffffffffffffda RBX: 00007fe85f1d5fa0 RCX: 00007fe85ef8ec29 [ 630.619443][T11783] RDX: 0000200000000540 RSI: 00000000c0086202 RDI: 0000000000000007 [ 630.619456][T11783] RBP: 00007fe85fe6c090 R08: 0000000000000000 R09: 0000000000000000 [ 630.619468][T11783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 630.619479][T11783] R13: 00007fe85f1d6038 R14: 00007fe85f1d5fa0 R15: 00007ffcb4eb9018 [ 630.619513][T11783] [ 630.627123][T11783] ERROR: Out of memory at tomoyo_realpath_from_path. [ 630.820347][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.056328][T11790] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1710'. [ 631.075714][T11792] program syz.6.1709 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 632.476618][T11810] syzkaller1: entered promiscuous mode [ 632.482285][T11810] syzkaller1: entered allmulticast mode [ 632.740181][T11811] netlink: 'syz.5.1714': attribute type 4 has an invalid length. [ 633.593390][T11826] raw_sendmsg: syz.5.1719 forgot to set AF_INET. Fix it! [ 634.349887][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1721'. [ 634.498187][ T917] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 634.509515][T11839] program syz.5.1722 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 634.781262][ T917] usb 4-1: Using ep0 maxpacket: 16 [ 634.858205][ T917] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 635.000166][ T917] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 635.184859][ T917] usb 4-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 635.193641][ T917] usb 4-1: Manufacturer: syz [ 635.229760][ T917] usb 4-1: config 0 descriptor?? [ 636.393974][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1727'. [ 637.409277][T11870] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1732'. [ 637.451205][ T5953] usb 4-1: USB disconnect, device number 29 [ 638.089759][T11878] FAULT_INJECTION: forcing a failure. [ 638.089759][T11878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.186263][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.4.1733 Not tainted syzkaller #0 PREEMPT(full) [ 638.186283][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 638.186293][T11878] Call Trace: [ 638.186299][T11878] [ 638.186306][T11878] dump_stack_lvl+0x189/0x250 [ 638.186328][T11878] ? __pfx____ratelimit+0x10/0x10 [ 638.186344][T11878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.186362][T11878] ? __pfx__printk+0x10/0x10 [ 638.186381][T11878] ? __might_fault+0xb0/0x130 [ 638.186410][T11878] should_fail_ex+0x414/0x560 [ 638.186433][T11878] _copy_from_user+0x2d/0xb0 [ 638.186449][T11878] ___sys_sendmsg+0x158/0x2a0 [ 638.186470][T11878] ? __pfx____sys_sendmsg+0x10/0x10 [ 638.186513][T11878] ? __fget_files+0x2a/0x420 [ 638.186528][T11878] ? __fget_files+0x3a0/0x420 [ 638.186550][T11878] __x64_sys_sendmsg+0x19b/0x260 [ 638.186570][T11878] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 638.186594][T11878] ? __pfx_ksys_write+0x10/0x10 [ 638.186618][T11878] ? do_syscall_64+0xbe/0xfa0 [ 638.186638][T11878] do_syscall_64+0xfa/0xfa0 [ 638.186654][T11878] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.186671][T11878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.186684][T11878] ? clear_bhb_loop+0x60/0xb0 [ 638.186701][T11878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.186715][T11878] RIP: 0033:0x7f8b4f18ec29 [ 638.186728][T11878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.186740][T11878] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 638.186756][T11878] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 638.186766][T11878] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 638.186781][T11878] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 638.186790][T11878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 638.186798][T11878] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 638.186821][T11878] [ 638.387651][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.068115][ T5934] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 639.458129][ T5934] usb 4-1: Using ep0 maxpacket: 16 [ 639.488918][ T5934] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 639.501359][ T5934] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 639.512755][ T5934] usb 4-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 639.528472][ T5934] usb 4-1: Manufacturer: syz [ 639.548785][ T5934] usb 4-1: config 0 descriptor?? [ 641.506768][T11902] program syz.5.1738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 642.574166][T11916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1743'. [ 642.868481][ T5921] usb 4-1: USB disconnect, device number 30 [ 642.890826][T11921] erofs (device loop6): cannot find valid erofs superblock [ 643.098545][T10360] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 643.158139][ T5934] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 643.288227][T10360] usb 7-1: Using ep0 maxpacket: 16 [ 643.372163][T10360] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.404535][T10360] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.026073][T10360] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 644.035517][T10360] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.098114][ T5934] usb 1-1: Using ep0 maxpacket: 8 [ 644.233764][T10360] usb 7-1: config 0 descriptor?? [ 644.249864][ T5934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 644.290412][ T5934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 644.404338][ T5934] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 644.788093][ T5934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.798819][T10360] usbhid 7-1:0.0: can't add hid device: -71 [ 644.804791][T10360] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 644.877681][ T5934] usb 1-1: config 0 descriptor?? [ 644.910695][ T5934] hso 1-1:0.0: Can't find BULK IN endpoint [ 644.921968][T10360] usb 7-1: USB disconnect, device number 11 [ 646.714211][ T5953] usb 1-1: USB disconnect, device number 29 [ 646.995046][T11954] program syz.6.1752 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 648.377439][T11972] Bluetooth: MGMT ver 1.23 [ 648.686899][ T5953] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 648.838084][ T5953] usb 1-1: device descriptor read/64, error -71 [ 648.970988][T11989] FAULT_INJECTION: forcing a failure. [ 648.970988][T11989] name failslab, interval 1, probability 0, space 0, times 0 [ 648.984036][T11989] CPU: 1 UID: 0 PID: 11989 Comm: syz.6.1760 Not tainted syzkaller #0 PREEMPT(full) [ 648.984055][T11989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 648.984063][T11989] Call Trace: [ 648.984069][T11989] [ 648.984075][T11989] dump_stack_lvl+0x189/0x250 [ 648.984095][T11989] ? __pfx____ratelimit+0x10/0x10 [ 648.984110][T11989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 648.984126][T11989] ? __pfx__printk+0x10/0x10 [ 648.984148][T11989] ? __pfx___might_resched+0x10/0x10 [ 648.984167][T11989] ? fs_reclaim_acquire+0x7d/0x100 [ 648.984184][T11989] should_fail_ex+0x414/0x560 [ 648.984206][T11989] should_failslab+0xa8/0x100 [ 648.984221][T11989] kmem_cache_alloc_node_noprof+0x77/0x710 [ 648.984242][T11989] ? __alloc_skb+0x112/0x2d0 [ 648.984255][T11989] ? netlink_autobind+0xdb/0x300 [ 648.984273][T11989] __alloc_skb+0x112/0x2d0 [ 648.984290][T11989] netlink_sendmsg+0x5c6/0xb30 [ 648.984311][T11989] ? __pfx_netlink_sendmsg+0x10/0x10 [ 648.984328][T11989] ? aa_sock_msg_perm+0xf1/0x1d0 [ 648.984347][T11989] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 648.984361][T11989] ? __pfx_netlink_sendmsg+0x10/0x10 [ 648.984376][T11989] __sock_sendmsg+0x21c/0x270 [ 648.984417][T11989] ____sys_sendmsg+0x505/0x830 [ 648.984438][T11989] ? __pfx_____sys_sendmsg+0x10/0x10 [ 648.984462][T11989] ? import_iovec+0x74/0xa0 [ 648.984479][T11989] ___sys_sendmsg+0x21f/0x2a0 [ 648.984498][T11989] ? __pfx____sys_sendmsg+0x10/0x10 [ 648.984540][T11989] ? __fget_files+0x2a/0x420 [ 648.984554][T11989] ? __fget_files+0x3a0/0x420 [ 648.984575][T11989] __x64_sys_sendmsg+0x19b/0x260 [ 648.984595][T11989] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 648.984619][T11989] ? __pfx_ksys_write+0x10/0x10 [ 648.984642][T11989] ? do_syscall_64+0xbe/0xfa0 [ 648.984662][T11989] do_syscall_64+0xfa/0xfa0 [ 648.984678][T11989] ? lockdep_hardirqs_on+0x9c/0x150 [ 648.984695][T11989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.984708][T11989] ? clear_bhb_loop+0x60/0xb0 [ 648.984731][T11989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.984744][T11989] RIP: 0033:0x7fe85ef8ec29 [ 648.984757][T11989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.984769][T11989] RSP: 002b:00007fe85fe6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 648.984784][T11989] RAX: ffffffffffffffda RBX: 00007fe85f1d5fa0 RCX: 00007fe85ef8ec29 [ 648.984794][T11989] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 648.984803][T11989] RBP: 00007fe85fe6c090 R08: 0000000000000000 R09: 0000000000000000 [ 648.984811][T11989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.984819][T11989] R13: 00007fe85f1d6038 R14: 00007fe85f1d5fa0 R15: 00007ffcb4eb9018 [ 648.984842][T11989] [ 649.258992][ T5953] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 649.688157][ T5953] usb 1-1: device descriptor read/64, error -71 [ 649.778119][ T5921] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 649.820478][ T5953] usb usb1-port1: attempt power cycle [ 649.948120][ T5921] usb 4-1: Using ep0 maxpacket: 16 [ 650.003270][ T5921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 650.239343][ T5921] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 650.396266][ T5921] usb 4-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 650.582774][ T5921] usb 4-1: Manufacturer: syz [ 650.718356][ T5921] usb 4-1: config 0 descriptor?? [ 650.990025][T12001] FAULT_INJECTION: forcing a failure. [ 650.990025][T12001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 651.049882][T12001] CPU: 0 UID: 0 PID: 12001 Comm: syz.4.1763 Not tainted syzkaller #0 PREEMPT(full) [ 651.049924][T12001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 651.049935][T12001] Call Trace: [ 651.049943][T12001] [ 651.049952][T12001] dump_stack_lvl+0x189/0x250 [ 651.049980][T12001] ? __pfx____ratelimit+0x10/0x10 [ 651.050000][T12001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 651.050022][T12001] ? __pfx__printk+0x10/0x10 [ 651.050048][T12001] ? __might_fault+0xb0/0x130 [ 651.050085][T12001] should_fail_ex+0x414/0x560 [ 651.050114][T12001] _copy_from_user+0x2d/0xb0 [ 651.050135][T12001] get_itimerspec64+0x19e/0x2f0 [ 651.050183][T12001] ? __pfx_get_itimerspec64+0x10/0x10 [ 651.050212][T12001] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 651.050247][T12001] __x64_sys_timer_settime+0x142/0x240 [ 651.050275][T12001] ? __pfx___x64_sys_timer_settime+0x10/0x10 [ 651.050312][T12001] ? do_syscall_64+0xbe/0xfa0 [ 651.050340][T12001] do_syscall_64+0xfa/0xfa0 [ 651.050362][T12001] ? lockdep_hardirqs_on+0x9c/0x150 [ 651.050385][T12001] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.050405][T12001] ? clear_bhb_loop+0x60/0xb0 [ 651.050429][T12001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.050448][T12001] RIP: 0033:0x7f8b4f18ec29 [ 651.050466][T12001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 651.050482][T12001] RSP: 002b:00007f8b4ffd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df [ 651.050501][T12001] RAX: ffffffffffffffda RBX: 00007f8b4f3d6090 RCX: 00007f8b4f18ec29 [ 651.050527][T12001] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000000000000000 [ 651.050539][T12001] RBP: 00007f8b4ffd0090 R08: 0000000000000000 R09: 0000000000000000 [ 651.050551][T12001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 651.050562][T12001] R13: 00007f8b4f3d6128 R14: 00007f8b4f3d6090 R15: 00007ffd345a3458 [ 651.050592][T12001] [ 653.686599][ T5953] usb 4-1: USB disconnect, device number 31 [ 653.777114][T12025] FAULT_INJECTION: forcing a failure. [ 653.777114][T12025] name failslab, interval 1, probability 0, space 0, times 0 [ 653.807458][T12026] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1770'. [ 653.837949][T12025] CPU: 1 UID: 0 PID: 12025 Comm: syz.4.1771 Not tainted syzkaller #0 PREEMPT(full) [ 653.837974][T12025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 653.837993][T12025] Call Trace: [ 653.838000][T12025] [ 653.838010][T12025] dump_stack_lvl+0x189/0x250 [ 653.838039][T12025] ? __pfx____ratelimit+0x10/0x10 [ 653.838064][T12025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.838088][T12025] ? __pfx__printk+0x10/0x10 [ 653.838113][T12025] ? __pfx___might_resched+0x10/0x10 [ 653.838133][T12025] ? fs_reclaim_acquire+0x7d/0x100 [ 653.838152][T12025] should_fail_ex+0x414/0x560 [ 653.838175][T12025] should_failslab+0xa8/0x100 [ 653.838192][T12025] __kmalloc_noprof+0xcb/0x7f0 [ 653.838214][T12025] ? tomoyo_encode+0x28b/0x550 [ 653.838238][T12025] tomoyo_encode+0x28b/0x550 [ 653.838269][T12025] tomoyo_realpath_from_path+0x58d/0x5d0 [ 653.838298][T12025] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 653.838315][T12025] tomoyo_path_number_perm+0x1e8/0x5a0 [ 653.838334][T12025] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 653.838379][T12025] ? __fget_files+0x2a/0x420 [ 653.838398][T12025] ? __fget_files+0x3a0/0x420 [ 653.838411][T12025] ? __fget_files+0x2a/0x420 [ 653.838429][T12025] security_file_ioctl+0xcb/0x2d0 [ 653.838446][T12025] __se_sys_ioctl+0x47/0x170 [ 653.838469][T12025] do_syscall_64+0xfa/0xfa0 [ 653.838486][T12025] ? lockdep_hardirqs_on+0x9c/0x150 [ 653.838503][T12025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.838517][T12025] ? clear_bhb_loop+0x60/0xb0 [ 653.838535][T12025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.838549][T12025] RIP: 0033:0x7f8b4f18ec29 [ 653.838563][T12025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.838576][T12025] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 653.838592][T12025] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 653.838602][T12025] RDX: 0000200000000340 RSI: 00000000c05c6104 RDI: 0000000000000006 [ 653.838612][T12025] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 653.838621][T12025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.838629][T12025] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 653.838654][T12025] [ 654.131365][T12025] ERROR: Out of memory at tomoyo_realpath_from_path. [ 654.555516][T12047] __vm_enough_memory: pid: 12047, comm: syz.4.1776, bytes: 4115879641088 not enough memory for the allocation [ 654.568460][T12047] FAULT_INJECTION: forcing a failure. [ 654.568460][T12047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 654.583551][T12047] CPU: 1 UID: 0 PID: 12047 Comm: syz.4.1776 Not tainted syzkaller #0 PREEMPT(full) [ 654.583598][T12047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 654.583610][T12047] Call Trace: [ 654.583618][T12047] [ 654.583627][T12047] dump_stack_lvl+0x189/0x250 [ 654.583656][T12047] ? __pfx____ratelimit+0x10/0x10 [ 654.583681][T12047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.583706][T12047] ? __pfx__printk+0x10/0x10 [ 654.583735][T12047] ? __might_fault+0xb0/0x130 [ 654.583773][T12047] should_fail_ex+0x414/0x560 [ 654.583805][T12047] _copy_to_user+0x31/0xb0 [ 654.583830][T12047] simple_read_from_buffer+0xe1/0x170 [ 654.583867][T12047] proc_fail_nth_read+0x1b3/0x220 [ 654.583898][T12047] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 654.583929][T12047] ? rw_verify_area+0x2a6/0x4d0 [ 654.583957][T12047] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 654.583996][T12047] vfs_read+0x200/0xa30 [ 654.584026][T12047] ? ipcget+0xc74/0xdd0 [ 654.584052][T12047] ? __pfx_vfs_read+0x10/0x10 [ 654.584077][T12047] ? rcu_is_watching+0x15/0xb0 [ 654.584108][T12047] ? preempt_schedule_irq+0xde/0x150 [ 654.584130][T12047] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 654.584150][T12047] ? preempt_schedule_irq+0xde/0x150 [ 654.584171][T12047] ? __pfx_ipcget+0x10/0x10 [ 654.584204][T12047] ksys_read+0x145/0x250 [ 654.584234][T12047] ? __pfx_ksys_read+0x10/0x10 [ 654.584265][T12047] ? do_syscall_64+0xbe/0xfa0 [ 654.584291][T12047] do_syscall_64+0xfa/0xfa0 [ 654.584313][T12047] ? lockdep_hardirqs_on+0x9c/0x150 [ 654.584335][T12047] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.584353][T12047] ? clear_bhb_loop+0x60/0xb0 [ 654.584376][T12047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.584395][T12047] RIP: 0033:0x7f8b4f18d63c [ 654.584412][T12047] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 654.584428][T12047] RSP: 002b:00007f8b4ffaf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 654.584448][T12047] RAX: ffffffffffffffda RBX: 00007f8b4f3d6180 RCX: 00007f8b4f18d63c [ 654.584470][T12047] RDX: 000000000000000f RSI: 00007f8b4ffaf0a0 RDI: 0000000000000007 [ 654.584482][T12047] RBP: 00007f8b4ffaf090 R08: 0000000000000000 R09: 0000000000000000 [ 654.584493][T12047] R10: 0000200000fff000 R11: 0000000000000246 R12: 0000000000000001 [ 654.584505][T12047] R13: 00007f8b4f3d6218 R14: 00007f8b4f3d6180 R15: 00007ffd345a3458 [ 654.584536][T12047] [ 654.931700][T12052] netlink: 'syz.5.1777': attribute type 4 has an invalid length. [ 655.379246][T12058] FAULT_INJECTION: forcing a failure. [ 655.379246][T12058] name failslab, interval 1, probability 0, space 0, times 0 [ 655.398366][T12058] CPU: 0 UID: 0 PID: 12058 Comm: syz.3.1778 Not tainted syzkaller #0 PREEMPT(full) [ 655.398394][T12058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 655.398407][T12058] Call Trace: [ 655.398417][T12058] [ 655.398424][T12058] dump_stack_lvl+0x189/0x250 [ 655.398448][T12058] ? __pfx____ratelimit+0x10/0x10 [ 655.398465][T12058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 655.398483][T12058] ? __pfx__printk+0x10/0x10 [ 655.398508][T12058] ? __pfx___might_resched+0x10/0x10 [ 655.398528][T12058] ? fs_reclaim_acquire+0x7d/0x100 [ 655.398547][T12058] should_fail_ex+0x414/0x560 [ 655.398569][T12058] should_failslab+0xa8/0x100 [ 655.398599][T12058] __kmalloc_noprof+0xcb/0x7f0 [ 655.398621][T12058] ? tomoyo_encode+0x28b/0x550 [ 655.398645][T12058] tomoyo_encode+0x28b/0x550 [ 655.398668][T12058] tomoyo_realpath_from_path+0x58d/0x5d0 [ 655.398689][T12058] ? tomoyo_domain+0xd9/0x130 [ 655.398713][T12058] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 655.398729][T12058] tomoyo_path_number_perm+0x1e8/0x5a0 [ 655.398747][T12058] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 655.398818][T12058] ? __fget_files+0x2a/0x420 [ 655.398838][T12058] ? __fget_files+0x3a0/0x420 [ 655.398851][T12058] ? __fget_files+0x2a/0x420 [ 655.398868][T12058] security_file_ioctl+0xcb/0x2d0 [ 655.398886][T12058] __se_sys_ioctl+0x47/0x170 [ 655.398908][T12058] do_syscall_64+0xfa/0xfa0 [ 655.398925][T12058] ? lockdep_hardirqs_on+0x9c/0x150 [ 655.398942][T12058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.398956][T12058] ? clear_bhb_loop+0x60/0xb0 [ 655.398974][T12058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.398988][T12058] RIP: 0033:0x7f658b38ec29 [ 655.399001][T12058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 655.399013][T12058] RSP: 002b:00007f658c215038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 655.399042][T12058] RAX: ffffffffffffffda RBX: 00007f658b5d6180 RCX: 00007f658b38ec29 [ 655.399052][T12058] RDX: 0000200000000100 RSI: 000000008010aa02 RDI: 0000000000000003 [ 655.399062][T12058] RBP: 00007f658c215090 R08: 0000000000000000 R09: 0000000000000000 [ 655.399070][T12058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 655.399078][T12058] R13: 00007f658b5d6218 R14: 00007f658b5d6180 R15: 00007ffd19c74d88 [ 655.399102][T12058] [ 655.399119][T12058] ERROR: Out of memory at tomoyo_realpath_from_path. [ 655.748471][T12034] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1773'. [ 655.929448][ T44] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 656.078147][ T44] usb 6-1: device descriptor read/64, error -71 [ 656.128602][T12068] FAULT_INJECTION: forcing a failure. [ 656.128602][T12068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.206540][T12068] CPU: 0 UID: 0 PID: 12068 Comm: syz.6.1780 Not tainted syzkaller #0 PREEMPT(full) [ 656.206590][T12068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 656.206604][T12068] Call Trace: [ 656.206610][T12068] [ 656.206617][T12068] dump_stack_lvl+0x189/0x250 [ 656.206639][T12068] ? __pfx____ratelimit+0x10/0x10 [ 656.206656][T12068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 656.206673][T12068] ? __pfx__printk+0x10/0x10 [ 656.206692][T12068] ? __might_fault+0xb0/0x130 [ 656.206721][T12068] should_fail_ex+0x414/0x560 [ 656.206743][T12068] _copy_from_user+0x2d/0xb0 [ 656.206760][T12068] sctp_setsockopt+0x19f/0x1200 [ 656.206780][T12068] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 656.206804][T12068] do_sock_setsockopt+0x17c/0x1b0 [ 656.206824][T12068] __x64_sys_setsockopt+0x13f/0x1b0 [ 656.206845][T12068] do_syscall_64+0xfa/0xfa0 [ 656.206861][T12068] ? lockdep_hardirqs_on+0x9c/0x150 [ 656.206878][T12068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.206892][T12068] ? clear_bhb_loop+0x60/0xb0 [ 656.206909][T12068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.206922][T12068] RIP: 0033:0x7fe85ef8ec29 [ 656.206935][T12068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.206947][T12068] RSP: 002b:00007fe85fe4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 656.206962][T12068] RAX: ffffffffffffffda RBX: 00007fe85f1d6090 RCX: 00007fe85ef8ec29 [ 656.206973][T12068] RDX: 0000000000000079 RSI: 0000000000000084 RDI: 0000000000000003 [ 656.206981][T12068] RBP: 00007fe85fe4b090 R08: 0000000000000008 R09: 0000000000000000 [ 656.206990][T12068] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001 [ 656.206999][T12068] R13: 00007fe85f1d6128 R14: 00007fe85f1d6090 R15: 00007ffcb4eb9018 [ 656.207022][T12068] [ 656.328311][ T44] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 656.978325][ T44] usb 6-1: device descriptor read/64, error -71 [ 657.094168][ T44] usb usb6-port1: attempt power cycle [ 657.598598][ T44] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 657.640370][T12084] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1786'. [ 657.678820][ T44] usb 6-1: device descriptor read/8, error -71 [ 657.898722][T12092] FAULT_INJECTION: forcing a failure. [ 657.898722][T12092] name failslab, interval 1, probability 0, space 0, times 0 [ 657.918140][ T44] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 657.937776][T12092] CPU: 1 UID: 0 PID: 12092 Comm: syz.0.1788 Not tainted syzkaller #0 PREEMPT(full) [ 657.937802][T12092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 657.937814][T12092] Call Trace: [ 657.937822][T12092] [ 657.937831][T12092] dump_stack_lvl+0x189/0x250 [ 657.937866][T12092] ? __pfx____ratelimit+0x10/0x10 [ 657.937889][T12092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 657.937931][T12092] ? __pfx__printk+0x10/0x10 [ 657.937965][T12092] ? __pfx___might_resched+0x10/0x10 [ 657.938001][T12092] ? fs_reclaim_acquire+0x7d/0x100 [ 657.938027][T12092] should_fail_ex+0x414/0x560 [ 657.938059][T12092] should_failslab+0xa8/0x100 [ 657.938083][T12092] __kmalloc_noprof+0xcb/0x7f0 [ 657.938112][T12092] ? alloc_pipe_info+0x1fd/0x4d0 [ 657.938137][T12092] alloc_pipe_info+0x1fd/0x4d0 [ 657.938159][T12092] splice_direct_to_actor+0xa5d/0xcc0 [ 657.938190][T12092] ? __lock_acquire+0xab9/0xd20 [ 657.938231][T12092] ? __pfx_aa_file_perm+0x10/0x10 [ 657.938258][T12092] ? __lock_acquire+0xab9/0xd20 [ 657.938285][T12092] ? __pfx_direct_splice_actor+0x10/0x10 [ 657.938305][T12092] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 657.938336][T12092] do_splice_direct+0x181/0x270 [ 657.938359][T12092] ? __pfx_do_splice_direct+0x10/0x10 [ 657.938377][T12092] ? common_file_perm+0x1b5/0x230 [ 657.938403][T12092] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 657.938428][T12092] ? bpf_lsm_file_permission+0x9/0x20 [ 657.938451][T12092] ? security_file_permission+0x75/0x290 [ 657.938475][T12092] ? rw_verify_area+0x255/0x4d0 [ 657.938508][T12092] do_sendfile+0x4da/0x7e0 [ 657.938530][T12092] ? __pfx_vfs_write+0x10/0x10 [ 657.938566][T12092] ? __pfx_do_sendfile+0x10/0x10 [ 657.938589][T12092] ? __fget_files+0x3a0/0x420 [ 657.938621][T12092] __se_sys_sendfile64+0x13e/0x190 [ 657.938647][T12092] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 657.938674][T12092] ? do_syscall_64+0xbe/0xfa0 [ 657.938703][T12092] do_syscall_64+0xfa/0xfa0 [ 657.938725][T12092] ? lockdep_hardirqs_on+0x9c/0x150 [ 657.938749][T12092] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.938769][T12092] ? clear_bhb_loop+0x60/0xb0 [ 657.938794][T12092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.938814][T12092] RIP: 0033:0x7f3c60d8ec29 [ 657.938832][T12092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.938849][T12092] RSP: 002b:00007f3c61c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 657.938870][T12092] RAX: ffffffffffffffda RBX: 00007f3c60fd6090 RCX: 00007f3c60d8ec29 [ 657.938885][T12092] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 657.938897][T12092] RBP: 00007f3c61c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 657.938909][T12092] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001 [ 657.938922][T12092] R13: 00007f3c60fd6128 R14: 00007f3c60fd6090 R15: 00007fffb768b818 [ 657.938956][T12092] [ 658.260526][ T44] usb 6-1: device descriptor read/8, error -71 [ 658.368399][ T44] usb usb6-port1: unable to enumerate USB device [ 658.518160][T10360] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 658.679407][T10360] usb 4-1: Using ep0 maxpacket: 16 [ 658.687377][T10360] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 658.720541][T10360] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 658.748199][T10360] usb 4-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 658.767064][T10360] usb 4-1: Manufacturer: syz [ 658.789853][T10360] usb 4-1: config 0 descriptor?? [ 658.846955][T12102] FAULT_INJECTION: forcing a failure. [ 658.846955][T12102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 658.938334][T12102] CPU: 0 UID: 0 PID: 12102 Comm: syz.5.1791 Not tainted syzkaller #0 PREEMPT(full) [ 658.938362][T12102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 658.938374][T12102] Call Trace: [ 658.938382][T12102] [ 658.938393][T12102] dump_stack_lvl+0x189/0x250 [ 658.938416][T12102] ? __pfx____ratelimit+0x10/0x10 [ 658.938433][T12102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 658.938451][T12102] ? __pfx__printk+0x10/0x10 [ 658.938494][T12102] should_fail_ex+0x414/0x560 [ 658.938516][T12102] _copy_to_user+0x31/0xb0 [ 658.938534][T12102] simple_read_from_buffer+0xe1/0x170 [ 658.938561][T12102] proc_fail_nth_read+0x1b3/0x220 [ 658.938602][T12102] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.938623][T12102] ? rw_verify_area+0x2a6/0x4d0 [ 658.938644][T12102] ? __lock_acquire+0xab9/0xd20 [ 658.938662][T12102] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.938683][T12102] vfs_read+0x200/0xa30 [ 658.938703][T12102] ? fdget_pos+0x247/0x320 [ 658.938721][T12102] ? __pfx___mutex_lock+0x10/0x10 [ 658.938740][T12102] ? __pfx_vfs_read+0x10/0x10 [ 658.938763][T12102] ? __fget_files+0x2a/0x420 [ 658.938780][T12102] ? __fget_files+0x3a0/0x420 [ 658.938794][T12102] ? __fget_files+0x2a/0x420 [ 658.938815][T12102] ksys_read+0x145/0x250 [ 658.938838][T12102] ? __pfx_ksys_read+0x10/0x10 [ 658.938868][T12102] ? do_syscall_64+0xbe/0xfa0 [ 658.938888][T12102] do_syscall_64+0xfa/0xfa0 [ 658.938904][T12102] ? lockdep_hardirqs_on+0x9c/0x150 [ 658.938921][T12102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.938935][T12102] ? clear_bhb_loop+0x60/0xb0 [ 658.938955][T12102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.938969][T12102] RIP: 0033:0x7f508c78d63c [ 658.938982][T12102] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 658.938994][T12102] RSP: 002b:00007f508d664030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 658.939010][T12102] RAX: ffffffffffffffda RBX: 00007f508c9d6090 RCX: 00007f508c78d63c [ 658.939021][T12102] RDX: 000000000000000f RSI: 00007f508d6640a0 RDI: 0000000000000005 [ 658.939030][T12102] RBP: 00007f508d664090 R08: 0000000000000000 R09: 0000000000000000 [ 658.939039][T12102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.939047][T12102] R13: 00007f508c9d6128 R14: 00007f508c9d6090 R15: 00007fffb9bdd728 [ 658.939071][T12102] [ 659.666830][T12094] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1790'. [ 659.922365][T12117] FAULT_INJECTION: forcing a failure. [ 659.922365][T12117] name failslab, interval 1, probability 0, space 0, times 0 [ 659.946107][T12117] CPU: 0 UID: 0 PID: 12117 Comm: syz.4.1795 Not tainted syzkaller #0 PREEMPT(full) [ 659.946133][T12117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 659.946144][T12117] Call Trace: [ 659.946151][T12117] [ 659.946158][T12117] dump_stack_lvl+0x189/0x250 [ 659.946187][T12117] ? __pfx____ratelimit+0x10/0x10 [ 659.946212][T12117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.946233][T12117] ? __pfx__printk+0x10/0x10 [ 659.946263][T12117] ? __pfx___might_resched+0x10/0x10 [ 659.946289][T12117] ? fs_reclaim_acquire+0x7d/0x100 [ 659.946311][T12117] should_fail_ex+0x414/0x560 [ 659.946339][T12117] should_failslab+0xa8/0x100 [ 659.946360][T12117] __kmalloc_noprof+0xcb/0x7f0 [ 659.946387][T12117] ? tomoyo_encode+0x28b/0x550 [ 659.946419][T12117] tomoyo_encode+0x28b/0x550 [ 659.946442][T12117] tomoyo_realpath_from_path+0x58d/0x5d0 [ 659.946462][T12117] ? tomoyo_domain+0xd9/0x130 [ 659.946484][T12117] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 659.946499][T12117] tomoyo_path_number_perm+0x1e8/0x5a0 [ 659.946516][T12117] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 659.946557][T12117] ? __fget_files+0x2a/0x420 [ 659.946573][T12117] ? __fget_files+0x3a0/0x420 [ 659.946585][T12117] ? __fget_files+0x2a/0x420 [ 659.946601][T12117] security_file_ioctl+0xcb/0x2d0 [ 659.946616][T12117] __se_sys_ioctl+0x47/0x170 [ 659.946636][T12117] do_syscall_64+0xfa/0xfa0 [ 659.946652][T12117] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.946667][T12117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.946680][T12117] ? clear_bhb_loop+0x60/0xb0 [ 659.946696][T12117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.946709][T12117] RIP: 0033:0x7f8b4f18ec29 [ 659.946739][T12117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.946751][T12117] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 659.946767][T12117] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 659.946777][T12117] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 659.946786][T12117] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 659.946795][T12117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 659.946802][T12117] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 659.946825][T12117] [ 660.189060][T12117] ERROR: Out of memory at tomoyo_realpath_from_path. [ 660.630809][T12130] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1798'. [ 660.739471][T12132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1799'. [ 661.284616][ T5953] usb 4-1: USB disconnect, device number 32 [ 661.933097][T12147] tmpfs: Bad value for 'mpol' [ 662.322473][T12157] netlink: 'syz.6.1808': attribute type 1 has an invalid length. [ 662.338340][T12157] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1808'. [ 662.882143][T12166] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1810'. [ 663.569586][ T5953] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 663.888110][ T5953] usb 5-1: Using ep0 maxpacket: 8 [ 663.909645][ T5953] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 663.938214][ T5953] usb 5-1: config 179 has no interface number 0 [ 663.954816][ T5953] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 663.987433][ T5953] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 664.028105][ T5953] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 664.040201][ T5953] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 664.052096][ T5953] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 664.066860][ T5953] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 664.098451][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.119586][T12175] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 664.390531][ T917] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input30 [ 664.641746][T10360] usb 5-1: USB disconnect, device number 22 [ 664.641842][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 664.656141][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 665.088180][ T917] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 665.590747][ T917] usb 1-1: Using ep0 maxpacket: 16 [ 665.743266][ T917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 665.832404][ T917] usb 1-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 665.908634][ T917] usb 1-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 665.975488][T12202] netlink: 'syz.4.1819': attribute type 4 has an invalid length. [ 665.977263][T12201] program syz.3.1820 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 666.038116][ T917] usb 1-1: Manufacturer: syz [ 666.076952][ T917] usb 1-1: config 0 descriptor?? [ 666.319916][T12208] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1823'. [ 667.826139][T12217] program syz.5.1826 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 668.589709][T12219] FAULT_INJECTION: forcing a failure. [ 668.589709][T12219] name failslab, interval 1, probability 0, space 0, times 0 [ 668.667280][T12219] CPU: 0 UID: 0 PID: 12219 Comm: syz.3.1825 Not tainted syzkaller #0 PREEMPT(full) [ 668.667309][T12219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 668.667322][T12219] Call Trace: [ 668.667339][T12219] [ 668.667349][T12219] dump_stack_lvl+0x189/0x250 [ 668.667380][T12219] ? __pfx____ratelimit+0x10/0x10 [ 668.667405][T12219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 668.667430][T12219] ? __pfx__printk+0x10/0x10 [ 668.667462][T12219] ? __pfx___might_resched+0x10/0x10 [ 668.667493][T12219] ? fs_reclaim_acquire+0x7d/0x100 [ 668.667519][T12219] should_fail_ex+0x414/0x560 [ 668.667551][T12219] should_failslab+0xa8/0x100 [ 668.667576][T12219] __kmalloc_cache_noprof+0x6f/0x6f0 [ 668.667608][T12219] ? _copy_from_user+0x94/0xb0 [ 668.667628][T12219] ? __se_sys_mount+0x166/0x410 [ 668.667649][T12219] ? memdup_user+0x99/0xd0 [ 668.667676][T12219] __se_sys_mount+0x166/0x410 [ 668.667704][T12219] ? __pfx___se_sys_mount+0x10/0x10 [ 668.667730][T12219] ? do_syscall_64+0xbe/0xfa0 [ 668.667753][T12219] ? __x64_sys_mount+0x20/0xc0 [ 668.667776][T12219] do_syscall_64+0xfa/0xfa0 [ 668.667800][T12219] ? lockdep_hardirqs_on+0x9c/0x150 [ 668.667824][T12219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.667845][T12219] ? clear_bhb_loop+0x60/0xb0 [ 668.667874][T12219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.667895][T12219] RIP: 0033:0x7f658b38ec29 [ 668.667912][T12219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.667931][T12219] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 668.667954][T12219] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 668.667973][T12219] RDX: 0000200000000480 RSI: 0000200000000440 RDI: 0000000000000000 [ 668.667986][T12219] RBP: 00007f658c257090 R08: 0000200000000000 R09: 0000000000000000 [ 668.667998][T12219] R10: 0000000000000084 R11: 0000000000000246 R12: 0000000000000001 [ 668.668011][T12219] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 668.668045][T12219] [ 669.123255][T12231] program syz.3.1831 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 669.670015][T10360] usb 1-1: USB disconnect, device number 33 [ 670.252428][T12243] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 671.597219][T12262] netlink: 'syz.5.1837': attribute type 4 has an invalid length. [ 671.820196][ T44] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 672.008128][ T44] usb 7-1: Using ep0 maxpacket: 16 [ 672.020989][ T44] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 672.048105][ T44] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 672.094321][ T44] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 672.103846][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.183296][ T44] usb 7-1: Product: syz [ 672.193399][ T44] usb 7-1: Manufacturer: syz [ 672.204220][ T44] usb 7-1: SerialNumber: syz [ 672.269860][ T44] usb 7-1: config 0 descriptor?? [ 672.301968][ T44] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 672.343032][ T44] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class) [ 672.417465][T12275] program syz.5.1842 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 672.914007][ T44] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 672.929645][ T44] em28xx 7-1:0.0: Config register raw data: 0xfa [ 672.936037][ T44] em28xx 7-1:0.0: I2S Audio (3 sample rate(s)) [ 672.974225][ T44] em28xx 7-1:0.0: No AC97 audio processor [ 673.131272][T12261] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1839'. [ 673.361736][T12261] Invalid ELF header magic: != ELF [ 673.389289][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1839'. [ 673.752062][T12285] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 674.399598][ T917] usb 7-1: USB disconnect, device number 12 [ 675.338194][T10360] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 675.450722][T12305] FAULT_INJECTION: forcing a failure. [ 675.450722][T12305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.518191][T10360] usb 4-1: Using ep0 maxpacket: 16 [ 675.671068][T12305] CPU: 1 UID: 0 PID: 12305 Comm: syz.6.1851 Not tainted syzkaller #0 PREEMPT(full) [ 675.671097][T12305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 675.671110][T12305] Call Trace: [ 675.671118][T12305] [ 675.671127][T12305] dump_stack_lvl+0x189/0x250 [ 675.671156][T12305] ? __pfx____ratelimit+0x10/0x10 [ 675.671179][T12305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 675.671202][T12305] ? __pfx__printk+0x10/0x10 [ 675.671229][T12305] ? __might_fault+0xb0/0x130 [ 675.671265][T12305] should_fail_ex+0x414/0x560 [ 675.671290][T12305] _copy_from_user+0x2d/0xb0 [ 675.671307][T12305] __sys_bpf+0x1ed/0x870 [ 675.671329][T12305] ? __pfx___sys_bpf+0x10/0x10 [ 675.671359][T12305] ? ksys_write+0x22a/0x250 [ 675.671385][T12305] ? __pfx_ksys_write+0x10/0x10 [ 675.671413][T12305] __x64_sys_bpf+0x7c/0x90 [ 675.671431][T12305] do_syscall_64+0xfa/0xfa0 [ 675.671450][T12305] ? lockdep_hardirqs_on+0x9c/0x150 [ 675.671468][T12305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.671509][T12305] ? clear_bhb_loop+0x60/0xb0 [ 675.671529][T12305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.671544][T12305] RIP: 0033:0x7fe85ef8ec29 [ 675.671559][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.671573][T12305] RSP: 002b:00007fe85fe6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 675.671592][T12305] RAX: ffffffffffffffda RBX: 00007fe85f1d5fa0 RCX: 00007fe85ef8ec29 [ 675.671615][T12305] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005 [ 675.671624][T12305] RBP: 00007fe85fe6c090 R08: 0000000000000000 R09: 0000000000000000 [ 675.671634][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 675.671643][T12305] R13: 00007fe85f1d6038 R14: 00007fe85f1d5fa0 R15: 00007ffcb4eb9018 [ 675.671669][T12305] [ 676.046755][T10360] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 676.076347][T10360] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 676.090411][T10360] usb 4-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 676.210278][T10360] usb 4-1: Manufacturer: syz [ 676.242567][T10360] usb 4-1: config 0 descriptor?? [ 676.710449][T12322] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 676.738255][T12322] SQUASHFS error: Failed to read block 0x0: -5 [ 676.744527][T12322] unable to read squashfs_super_block [ 676.812537][T12322] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1857'. [ 677.591374][T12328] FAULT_INJECTION: forcing a failure. [ 677.591374][T12328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 677.658269][T12328] CPU: 1 UID: 0 PID: 12328 Comm: syz.5.1858 Not tainted syzkaller #0 PREEMPT(full) [ 677.658297][T12328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 677.658310][T12328] Call Trace: [ 677.658319][T12328] [ 677.658328][T12328] dump_stack_lvl+0x189/0x250 [ 677.658366][T12328] ? __pfx____ratelimit+0x10/0x10 [ 677.658388][T12328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 677.658412][T12328] ? __pfx__printk+0x10/0x10 [ 677.658440][T12328] ? __might_fault+0xb0/0x130 [ 677.658480][T12328] should_fail_ex+0x414/0x560 [ 677.658512][T12328] _copy_from_user+0x2d/0xb0 [ 677.658535][T12328] vmemdup_user+0x5e/0xd0 [ 677.658559][T12328] map_lookup_elem+0x237/0x630 [ 677.658586][T12328] ? bpf_lsm_bpf+0x9/0x20 [ 677.658614][T12328] __sys_bpf+0x470/0x870 [ 677.658641][T12328] ? __pfx___sys_bpf+0x10/0x10 [ 677.658684][T12328] ? rcu_is_watching+0x15/0xb0 [ 677.658722][T12328] __x64_sys_bpf+0x7c/0x90 [ 677.658746][T12328] do_syscall_64+0xfa/0xfa0 [ 677.658770][T12328] ? lockdep_hardirqs_on+0x9c/0x150 [ 677.658794][T12328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.658814][T12328] ? clear_bhb_loop+0x60/0xb0 [ 677.658840][T12328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.658861][T12328] RIP: 0033:0x7f508c78ec29 [ 677.658878][T12328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.658896][T12328] RSP: 002b:00007f508d685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 677.658918][T12328] RAX: ffffffffffffffda RBX: 00007f508c9d5fa0 RCX: 00007f508c78ec29 [ 677.658933][T12328] RDX: 0000000000000020 RSI: 0000200000000340 RDI: 0000000000000001 [ 677.658946][T12328] RBP: 00007f508d685090 R08: 0000000000000000 R09: 0000000000000000 [ 677.658959][T12328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 677.658971][T12328] R13: 00007f508c9d6038 R14: 00007f508c9d5fa0 R15: 00007fffb9bdd728 [ 677.659005][T12328] [ 678.575600][T12336] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 678.891861][T12339] FAULT_INJECTION: forcing a failure. [ 678.891861][T12339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 678.948209][T12339] CPU: 1 UID: 0 PID: 12339 Comm: syz.5.1860 Not tainted syzkaller #0 PREEMPT(full) [ 678.948246][T12339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 678.948257][T12339] Call Trace: [ 678.948264][T12339] [ 678.948271][T12339] dump_stack_lvl+0x189/0x250 [ 678.948296][T12339] ? __pfx____ratelimit+0x10/0x10 [ 678.948316][T12339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 678.948335][T12339] ? __pfx__printk+0x10/0x10 [ 678.948358][T12339] ? __might_fault+0xb0/0x130 [ 678.948391][T12339] should_fail_ex+0x414/0x560 [ 678.948417][T12339] _copy_from_user+0x2d/0xb0 [ 678.948436][T12339] dma_buf_ioctl+0x20d/0x880 [ 678.948465][T12339] ? __pfx_dma_buf_ioctl+0x10/0x10 [ 678.948497][T12339] ? __fget_files+0x2a/0x420 [ 678.948517][T12339] ? __fget_files+0x3a0/0x420 [ 678.948532][T12339] ? __fget_files+0x2a/0x420 [ 678.948551][T12339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 678.948570][T12339] ? __pfx_dma_buf_ioctl+0x10/0x10 [ 678.948595][T12339] __se_sys_ioctl+0xfc/0x170 [ 678.948619][T12339] do_syscall_64+0xfa/0xfa0 [ 678.948638][T12339] ? lockdep_hardirqs_on+0x9c/0x150 [ 678.948657][T12339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.948672][T12339] ? clear_bhb_loop+0x60/0xb0 [ 678.948692][T12339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.948708][T12339] RIP: 0033:0x7f508c78ec29 [ 678.948721][T12339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.948736][T12339] RSP: 002b:00007f508d685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 678.948754][T12339] RAX: ffffffffffffffda RBX: 00007f508c9d5fa0 RCX: 00007f508c78ec29 [ 678.948766][T12339] RDX: 0000200000000540 RSI: 00000000c0086202 RDI: 0000000000000007 [ 678.948776][T12339] RBP: 00007f508d685090 R08: 0000000000000000 R09: 0000000000000000 [ 678.948786][T12339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 678.948795][T12339] R13: 00007f508c9d6038 R14: 00007f508c9d5fa0 R15: 00007fffb9bdd728 [ 678.948821][T12339] [ 679.401765][T12341] syzkaller1: entered promiscuous mode [ 679.407406][T12341] syzkaller1: entered allmulticast mode [ 679.694247][ T44] usb 4-1: USB disconnect, device number 33 [ 680.148078][ T917] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 680.239375][T12353] syzkaller1: entered promiscuous mode [ 680.245141][T12353] syzkaller1: entered allmulticast mode [ 680.372373][ T917] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 680.384814][ T917] usb 7-1: config 0 interface 0 has no altsetting 0 [ 680.396763][ T917] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 680.413929][ T917] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 680.423459][ T917] usb 7-1: Product: syz [ 680.427855][ T917] usb 7-1: Manufacturer: syz [ 680.434060][ T917] usb 7-1: SerialNumber: syz [ 680.450167][ T917] usb 7-1: config 0 descriptor?? [ 680.490961][ T917] usb 7-1: selecting invalid altsetting 0 [ 680.516687][T12361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1868'. [ 680.526759][T12361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1868'. [ 680.667213][ T917] usb 7-1: USB disconnect, device number 13 [ 681.890875][T12372] program syz.4.1871 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 682.558483][T10360] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 682.690973][T12388] netlink: 'syz.5.1876': attribute type 4 has an invalid length. [ 682.745323][T10360] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 682.782719][T10360] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 682.825285][T10360] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 682.848100][T10360] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 682.866724][T10360] usb 5-1: SerialNumber: syz [ 683.029493][T12396] FAULT_INJECTION: forcing a failure. [ 683.029493][T12396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 683.049214][T12396] CPU: 1 UID: 0 PID: 12396 Comm: syz.5.1878 Not tainted syzkaller #0 PREEMPT(full) [ 683.049238][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 683.049251][T12396] Call Trace: [ 683.049257][T12396] [ 683.049264][T12396] dump_stack_lvl+0x189/0x250 [ 683.049288][T12396] ? __pfx____ratelimit+0x10/0x10 [ 683.049306][T12396] ? __pfx_dump_stack_lvl+0x10/0x10 [ 683.049325][T12396] ? __pfx__printk+0x10/0x10 [ 683.049347][T12396] ? __might_fault+0xb0/0x130 [ 683.049380][T12396] should_fail_ex+0x414/0x560 [ 683.049405][T12396] _copy_from_user+0x2d/0xb0 [ 683.049423][T12396] video_usercopy+0x346/0x1450 [ 683.049455][T12396] ? __pfx___video_do_ioctl+0x10/0x10 [ 683.049476][T12396] ? __pfx_video_usercopy+0x10/0x10 [ 683.049512][T12396] ? __fget_files+0x3a0/0x420 [ 683.049531][T12396] v4l2_ioctl+0x18d/0x1e0 [ 683.049553][T12396] ? __pfx_v4l2_ioctl+0x10/0x10 [ 683.049573][T12396] __se_sys_ioctl+0xfc/0x170 [ 683.049597][T12396] do_syscall_64+0xfa/0xfa0 [ 683.049615][T12396] ? lockdep_hardirqs_on+0x9c/0x150 [ 683.049633][T12396] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.049649][T12396] ? clear_bhb_loop+0x60/0xb0 [ 683.049668][T12396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.049683][T12396] RIP: 0033:0x7f508c78ec29 [ 683.049698][T12396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.049712][T12396] RSP: 002b:00007f508d685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 683.049729][T12396] RAX: ffffffffffffffda RBX: 00007f508c9d5fa0 RCX: 00007f508c78ec29 [ 683.049741][T12396] RDX: 0000200000000040 RSI: 00000000c008561c RDI: 0000000000000005 [ 683.049751][T12396] RBP: 00007f508d685090 R08: 0000000000000000 R09: 0000000000000000 [ 683.049761][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 683.049770][T12396] R13: 00007f508c9d6038 R14: 00007f508c9d5fa0 R15: 00007fffb9bdd728 [ 683.049797][T12396] [ 683.335496][T10360] usb 5-1: 0:2 : does not exist [ 683.367272][T10360] usb 5-1: USB disconnect, device number 23 [ 683.406209][T10674] udevd[10674]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 684.013705][T12403] erofs (device loop4): cannot find valid erofs superblock [ 684.511932][T12407] FAULT_INJECTION: forcing a failure. [ 684.511932][T12407] name failslab, interval 1, probability 0, space 0, times 0 [ 684.524784][T12407] CPU: 1 UID: 0 PID: 12407 Comm: syz.4.1880 Not tainted syzkaller #0 PREEMPT(full) [ 684.524810][T12407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 684.524823][T12407] Call Trace: [ 684.524833][T12407] [ 684.524842][T12407] dump_stack_lvl+0x189/0x250 [ 684.524872][T12407] ? __pfx____ratelimit+0x10/0x10 [ 684.524895][T12407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 684.524920][T12407] ? __pfx__printk+0x10/0x10 [ 684.524955][T12407] ? __pfx___might_resched+0x10/0x10 [ 684.524983][T12407] ? fs_reclaim_acquire+0x7d/0x100 [ 684.525087][T12407] should_fail_ex+0x414/0x560 [ 684.525122][T12407] should_failslab+0xa8/0x100 [ 684.525154][T12407] kmem_cache_alloc_node_noprof+0x77/0x710 [ 684.525186][T12407] ? __alloc_skb+0x112/0x2d0 [ 684.525224][T12407] __alloc_skb+0x112/0x2d0 [ 684.525251][T12407] netlink_sendmsg+0x5c6/0xb30 [ 684.525284][T12407] ? __pfx_netlink_sendmsg+0x10/0x10 [ 684.525311][T12407] ? aa_sock_msg_perm+0xf1/0x1d0 [ 684.525340][T12407] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 684.525361][T12407] ? __pfx_netlink_sendmsg+0x10/0x10 [ 684.525384][T12407] __sock_sendmsg+0x21c/0x270 [ 684.525419][T12407] ____sys_sendmsg+0x505/0x830 [ 684.525450][T12407] ? __pfx_____sys_sendmsg+0x10/0x10 [ 684.525485][T12407] ? import_iovec+0x74/0xa0 [ 684.525510][T12407] ___sys_sendmsg+0x21f/0x2a0 [ 684.525537][T12407] ? __pfx____sys_sendmsg+0x10/0x10 [ 684.525600][T12407] ? __fget_files+0x2a/0x420 [ 684.525620][T12407] ? __fget_files+0x3a0/0x420 [ 684.525651][T12407] __x64_sys_sendmsg+0x19b/0x260 [ 684.525680][T12407] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 684.525702][T12407] ? irqentry_exit+0x74/0x90 [ 684.525751][T12407] do_syscall_64+0xfa/0xfa0 [ 684.525788][T12407] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.525808][T12407] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 684.525846][T12407] ? clear_bhb_loop+0x60/0xb0 [ 684.525872][T12407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.525893][T12407] RIP: 0033:0x7f8b4f18ec29 [ 684.525912][T12407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.525931][T12407] RSP: 002b:00007f8b4ffaf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 684.525952][T12407] RAX: ffffffffffffffda RBX: 00007f8b4f3d6180 RCX: 00007f8b4f18ec29 [ 684.525968][T12407] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 684.525981][T12407] RBP: 00007f8b4ffaf090 R08: 0000000000000000 R09: 0000000000000000 [ 684.525994][T12407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 684.526007][T12407] R13: 00007f8b4f3d6218 R14: 00007f8b4f3d6180 R15: 00007ffd345a3458 [ 684.526041][T12407] [ 685.682965][T12421] input input31: cannot allocate more than FF_MAX_EFFECTS effects [ 685.723052][ T44] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 686.053365][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.061415][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.098109][ T44] usb 5-1: device descriptor read/64, error -71 [ 686.338207][ T44] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 686.488255][ T44] usb 5-1: device descriptor read/64, error -71 [ 686.599021][ T44] usb usb5-port1: attempt power cycle [ 686.718119][T12430] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1888'. [ 686.788033][T12430] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1888'. [ 686.858201][ T5921] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 686.989078][ T44] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 687.035582][ T44] usb 5-1: device descriptor read/8, error -71 [ 687.138123][ T5921] usb 4-1: Using ep0 maxpacket: 16 [ 687.145443][ T5921] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 687.169528][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 687.195904][ T5921] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 687.239564][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.260709][ T5921] usb 4-1: Product: syz [ 687.264912][ T5921] usb 4-1: Manufacturer: syz [ 687.269655][ T5921] usb 4-1: SerialNumber: syz [ 687.285028][ T5921] usb 4-1: config 0 descriptor?? [ 687.294382][ T5921] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 687.307376][ T5921] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 687.317584][ T44] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 687.348844][ T44] usb 5-1: device descriptor read/8, error -71 [ 687.514296][ T44] usb usb5-port1: unable to enumerate USB device [ 687.900681][ T5921] em28xx 4-1:0.0: unknown em28xx chip ID (232) [ 688.198145][ T5921] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 688.631464][T12427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 688.659783][T12427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 688.841983][T12453] FAULT_INJECTION: forcing a failure. [ 688.841983][T12453] name failslab, interval 1, probability 0, space 0, times 0 [ 688.891081][T12453] CPU: 1 UID: 0 PID: 12453 Comm: syz.4.1897 Not tainted syzkaller #0 PREEMPT(full) [ 688.891109][T12453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 688.891121][T12453] Call Trace: [ 688.891129][T12453] [ 688.891138][T12453] dump_stack_lvl+0x189/0x250 [ 688.891167][T12453] ? __pfx____ratelimit+0x10/0x10 [ 688.891190][T12453] ? __pfx_dump_stack_lvl+0x10/0x10 [ 688.891215][T12453] ? __pfx__printk+0x10/0x10 [ 688.891245][T12453] ? __pfx___might_resched+0x10/0x10 [ 688.891274][T12453] ? fs_reclaim_acquire+0x7d/0x100 [ 688.891299][T12453] should_fail_ex+0x414/0x560 [ 688.891330][T12453] should_failslab+0xa8/0x100 [ 688.891354][T12453] __kmalloc_cache_noprof+0x6f/0x6f0 [ 688.891435][T12453] ? _copy_from_user+0x94/0xb0 [ 688.891454][T12453] ? __se_sys_mount+0x166/0x410 [ 688.891475][T12453] ? memdup_user+0x99/0xd0 [ 688.891501][T12453] __se_sys_mount+0x166/0x410 [ 688.891529][T12453] ? __pfx___se_sys_mount+0x10/0x10 [ 688.891558][T12453] ? do_syscall_64+0xbe/0xfa0 [ 688.891581][T12453] ? __x64_sys_mount+0x20/0xc0 [ 688.891604][T12453] do_syscall_64+0xfa/0xfa0 [ 688.891626][T12453] ? lockdep_hardirqs_on+0x9c/0x150 [ 688.891650][T12453] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.891671][T12453] ? clear_bhb_loop+0x60/0xb0 [ 688.891694][T12453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.891713][T12453] RIP: 0033:0x7f8b4f18ec29 [ 688.891738][T12453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.891756][T12453] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 688.891778][T12453] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 688.891794][T12453] RDX: 0000200000000480 RSI: 0000200000000440 RDI: 0000000000000000 [ 688.891808][T12453] RBP: 00007f8b4fff1090 R08: 0000200000000000 R09: 0000000000000000 [ 688.891821][T12453] R10: 0000000000000084 R11: 0000000000000246 R12: 0000000000000001 [ 688.891833][T12453] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 688.891867][T12453] [ 689.694470][T12457] netlink: 'syz.6.1898': attribute type 10 has an invalid length. [ 689.735968][T12457] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.735991][ T5921] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 689.743452][T12457] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.783968][ T5921] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 689.891451][ T5921] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 689.945312][ T5921] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 690.068103][ T5921] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 690.178514][ T5921] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 690.388574][ T5921] usb 4-1: USB disconnect, device number 34 [ 690.394629][T12465] FAULT_INJECTION: forcing a failure. [ 690.394629][T12465] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 690.443584][T12465] CPU: 0 UID: 0 PID: 12465 Comm: syz.5.1901 Not tainted syzkaller #0 PREEMPT(full) [ 690.443609][T12465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 690.443621][T12465] Call Trace: [ 690.443629][T12465] [ 690.443637][T12465] dump_stack_lvl+0x189/0x250 [ 690.443667][T12465] ? __pfx____ratelimit+0x10/0x10 [ 690.443690][T12465] ? __pfx_dump_stack_lvl+0x10/0x10 [ 690.443714][T12465] ? __pfx__printk+0x10/0x10 [ 690.443754][T12465] should_fail_ex+0x414/0x560 [ 690.443786][T12465] _copy_to_user+0x31/0xb0 [ 690.443810][T12465] simple_read_from_buffer+0xe1/0x170 [ 690.443846][T12465] proc_fail_nth_read+0x1b3/0x220 [ 690.443876][T12465] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 690.443905][T12465] ? rw_verify_area+0x2a6/0x4d0 [ 690.443932][T12465] ? __lock_acquire+0xab9/0xd20 [ 690.443956][T12465] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 690.443984][T12465] vfs_read+0x200/0xa30 [ 690.444011][T12465] ? fdget_pos+0x247/0x320 [ 690.444035][T12465] ? __pfx___mutex_lock+0x10/0x10 [ 690.444061][T12465] ? __pfx_vfs_read+0x10/0x10 [ 690.444090][T12465] ? __fget_files+0x2a/0x420 [ 690.444114][T12465] ? __fget_files+0x3a0/0x420 [ 690.444132][T12465] ? __fget_files+0x2a/0x420 [ 690.444162][T12465] ksys_read+0x145/0x250 [ 690.444193][T12465] ? __pfx_ksys_read+0x10/0x10 [ 690.444225][T12465] ? do_syscall_64+0xbe/0xfa0 [ 690.444252][T12465] do_syscall_64+0xfa/0xfa0 [ 690.444274][T12465] ? lockdep_hardirqs_on+0x9c/0x150 [ 690.444296][T12465] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.444316][T12465] ? clear_bhb_loop+0x60/0xb0 [ 690.444340][T12465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.444358][T12465] RIP: 0033:0x7f508c78d63c [ 690.444375][T12465] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 690.444392][T12465] RSP: 002b:00007f508d664030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 690.444413][T12465] RAX: ffffffffffffffda RBX: 00007f508c9d6090 RCX: 00007f508c78d63c [ 690.444427][T12465] RDX: 000000000000000f RSI: 00007f508d6640a0 RDI: 0000000000000004 [ 690.444439][T12465] RBP: 00007f508d664090 R08: 0000000000000000 R09: 0000000000000000 [ 690.444451][T12465] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001 [ 690.444463][T12465] R13: 00007f508c9d6128 R14: 00007f508c9d6090 R15: 00007fffb9bdd728 [ 690.444497][T12465] [ 691.038135][ T917] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 691.175866][T12467] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 691.435011][T12478] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 691.898128][ T917] usb 7-1: Using ep0 maxpacket: 8 [ 692.019009][ T917] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 692.027341][ T917] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 692.180643][ T917] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 692.278266][ T917] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 692.289031][ T917] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 692.303218][ T917] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 692.313049][ T917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.948122][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 692.948147][ T30] audit: type=1326 audit(1758454168.144:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.017677][ T30] audit: type=1326 audit(1758454168.144:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.094590][ T30] audit: type=1326 audit(1758454168.144:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.117221][ T30] audit: type=1326 audit(1758454168.144:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.140270][ T30] audit: type=1326 audit(1758454168.144:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.164790][ T30] audit: type=1326 audit(1758454168.184:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.251506][ T917] usb 7-1: usb_control_msg returned -32 [ 693.257661][ T917] usbtmc 7-1:16.0: can't read capabilities [ 693.288837][T12500] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1904'. [ 693.297182][ T917] usb 7-1: USB disconnect, device number 14 [ 693.315156][T12495] netlink: 'syz.5.1909': attribute type 4 has an invalid length. [ 693.955391][ T30] audit: type=1326 audit(1758454168.184:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 693.977916][ T30] audit: type=1326 audit(1758454168.184:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 694.078239][ T30] audit: type=1326 audit(1758454168.194:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 694.109394][ T30] audit: type=1326 audit(1758454168.194:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.6.1904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85ef8ec29 code=0x7ffc0000 [ 694.519291][T12515] program syz.3.1915 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 694.682948][T12522] FAULT_INJECTION: forcing a failure. [ 694.682948][T12522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 694.757015][T12522] CPU: 1 UID: 0 PID: 12522 Comm: syz.3.1916 Not tainted syzkaller #0 PREEMPT(full) [ 694.757044][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 694.757057][T12522] Call Trace: [ 694.757066][T12522] [ 694.757079][T12522] dump_stack_lvl+0x189/0x250 [ 694.757110][T12522] ? __pfx____ratelimit+0x10/0x10 [ 694.757132][T12522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 694.757156][T12522] ? __pfx__printk+0x10/0x10 [ 694.757189][T12522] ? __might_fault+0xb0/0x130 [ 694.757230][T12522] should_fail_ex+0x414/0x560 [ 694.757262][T12522] _copy_from_iter+0x404/0x1790 [ 694.757309][T12522] ? __pfx__copy_from_iter+0x10/0x10 [ 694.757342][T12522] ? __build_skb_around+0x262/0x3f0 [ 694.757368][T12522] ? netlink_sendmsg+0x642/0xb30 [ 694.757388][T12522] ? skb_put+0x11b/0x210 [ 694.757414][T12522] netlink_sendmsg+0x6b2/0xb30 [ 694.757445][T12522] ? __pfx_netlink_sendmsg+0x10/0x10 [ 694.757470][T12522] ? aa_sock_msg_perm+0xf1/0x1d0 [ 694.757499][T12522] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 694.757519][T12522] ? __pfx_netlink_sendmsg+0x10/0x10 [ 694.757543][T12522] __sock_sendmsg+0x21c/0x270 [ 694.757576][T12522] sock_write_iter+0x279/0x360 [ 694.757606][T12522] ? __pfx_sock_write_iter+0x10/0x10 [ 694.757658][T12522] do_iter_readv_writev+0x623/0x8c0 [ 694.757696][T12522] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 694.757724][T12522] ? common_file_perm+0x1b5/0x230 [ 694.757754][T12522] ? bpf_lsm_file_permission+0x9/0x20 [ 694.757777][T12522] ? security_file_permission+0x75/0x290 [ 694.757799][T12522] ? rw_verify_area+0x255/0x4d0 [ 694.757831][T12522] vfs_writev+0x31a/0x960 [ 694.757858][T12522] ? __lock_acquire+0xab9/0xd20 [ 694.757888][T12522] ? __pfx_vfs_writev+0x10/0x10 [ 694.757943][T12522] ? __fget_files+0x2a/0x420 [ 694.757968][T12522] ? __fget_files+0x3a0/0x420 [ 694.757986][T12522] ? __fget_files+0x2a/0x420 [ 694.758013][T12522] do_writev+0x14d/0x2d0 [ 694.758039][T12522] ? __pfx_do_writev+0x10/0x10 [ 694.758065][T12522] ? do_syscall_64+0xbe/0xfa0 [ 694.758093][T12522] do_syscall_64+0xfa/0xfa0 [ 694.758114][T12522] ? lockdep_hardirqs_on+0x9c/0x150 [ 694.758136][T12522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.758155][T12522] ? clear_bhb_loop+0x60/0xb0 [ 694.758186][T12522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.758206][T12522] RIP: 0033:0x7f658b38ec29 [ 694.758225][T12522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.758242][T12522] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 694.758264][T12522] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 694.758279][T12522] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 694.758292][T12522] RBP: 00007f658c257090 R08: 0000000000000000 R09: 0000000000000000 [ 694.758304][T12522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 694.758316][T12522] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 694.758350][T12522] [ 695.392228][T12531] FAULT_INJECTION: forcing a failure. [ 695.392228][T12531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 695.405718][T12531] CPU: 0 UID: 0 PID: 12531 Comm: syz.3.1919 Not tainted syzkaller #0 PREEMPT(full) [ 695.405747][T12531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 695.405759][T12531] Call Trace: [ 695.405767][T12531] [ 695.405776][T12531] dump_stack_lvl+0x189/0x250 [ 695.405806][T12531] ? __pfx____ratelimit+0x10/0x10 [ 695.405829][T12531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.405862][T12531] ? __pfx__printk+0x10/0x10 [ 695.405903][T12531] should_fail_ex+0x414/0x560 [ 695.405935][T12531] _copy_to_user+0x31/0xb0 [ 695.405959][T12531] drm_ioctl+0x6a4/0xb10 [ 695.405993][T12531] ? __pfx_drm_setclientcap+0x10/0x10 [ 695.406028][T12531] ? __pfx_drm_ioctl+0x10/0x10 [ 695.406071][T12531] ? __fget_files+0x3a0/0x420 [ 695.406091][T12531] ? __fget_files+0x2a/0x420 [ 695.406114][T12531] ? bpf_lsm_file_ioctl+0x9/0x20 [ 695.406138][T12531] ? __pfx_drm_ioctl+0x10/0x10 [ 695.406166][T12531] __se_sys_ioctl+0xfc/0x170 [ 695.406196][T12531] do_syscall_64+0xfa/0xfa0 [ 695.406219][T12531] ? lockdep_hardirqs_on+0x9c/0x150 [ 695.406242][T12531] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.406262][T12531] ? clear_bhb_loop+0x60/0xb0 [ 695.406286][T12531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.406306][T12531] RIP: 0033:0x7f658b38ec29 [ 695.406324][T12531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.406341][T12531] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.406363][T12531] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 695.406377][T12531] RDX: 0000200000000000 RSI: 000000004010640d RDI: 0000000000000003 [ 695.406390][T12531] RBP: 00007f658c257090 R08: 0000000000000000 R09: 0000000000000000 [ 695.406402][T12531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.406415][T12531] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 695.406448][T12531] [ 695.602221][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.740135][T12534] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 696.709576][T12547] netlink: 'syz.0.1923': attribute type 4 has an invalid length. [ 697.530172][T12561] FAULT_INJECTION: forcing a failure. [ 697.530172][T12561] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 697.588261][T12561] CPU: 1 UID: 0 PID: 12561 Comm: syz.3.1926 Not tainted syzkaller #0 PREEMPT(full) [ 697.588291][T12561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 697.588304][T12561] Call Trace: [ 697.588313][T12561] [ 697.588322][T12561] dump_stack_lvl+0x189/0x250 [ 697.588354][T12561] ? __pfx____ratelimit+0x10/0x10 [ 697.588378][T12561] ? __pfx_dump_stack_lvl+0x10/0x10 [ 697.588404][T12561] ? __pfx__printk+0x10/0x10 [ 697.588433][T12561] ? __might_fault+0xb0/0x130 [ 697.588476][T12561] should_fail_ex+0x414/0x560 [ 697.588509][T12561] _copy_from_user+0x2d/0xb0 [ 697.588533][T12561] input_event_from_user+0xb2/0x280 [ 697.588569][T12561] ? __pfx_input_event_from_user+0x10/0x10 [ 697.588602][T12561] ? input_inject_event+0xb6/0x340 [ 697.588624][T12561] evdev_write+0x2a6/0x480 [ 697.588655][T12561] ? __pfx_evdev_write+0x10/0x10 [ 697.588687][T12561] ? bpf_lsm_file_permission+0x9/0x20 [ 697.588719][T12561] ? security_file_permission+0x75/0x290 [ 697.588743][T12561] ? rw_verify_area+0x255/0x4d0 [ 697.588772][T12561] ? __lock_acquire+0xab9/0xd20 [ 697.588798][T12561] ? __pfx_evdev_write+0x10/0x10 [ 697.588826][T12561] vfs_write+0x27e/0xb30 [ 697.588867][T12561] ? __pfx_vfs_write+0x10/0x10 [ 697.588899][T12561] ? __fget_files+0x2a/0x420 [ 697.588924][T12561] ? __fget_files+0x2a/0x420 [ 697.588942][T12561] ? __fget_files+0x3a0/0x420 [ 697.588962][T12561] ? __fget_files+0x2a/0x420 [ 697.588992][T12561] ksys_write+0x145/0x250 [ 697.589025][T12561] ? __pfx_ksys_write+0x10/0x10 [ 697.589060][T12561] ? do_syscall_64+0xbe/0xfa0 [ 697.589090][T12561] do_syscall_64+0xfa/0xfa0 [ 697.589113][T12561] ? lockdep_hardirqs_on+0x9c/0x150 [ 697.589138][T12561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.589159][T12561] ? clear_bhb_loop+0x60/0xb0 [ 697.589184][T12561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.589205][T12561] RIP: 0033:0x7f658b38ec29 [ 697.589224][T12561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 697.589242][T12561] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 697.589265][T12561] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 697.589280][T12561] RDX: 000000000000ff0f RSI: 0000200000000040 RDI: 0000000000000003 [ 697.589294][T12561] RBP: 00007f658c257090 R08: 0000000000000000 R09: 0000000000000000 [ 697.589308][T12561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 697.589319][T12561] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 697.589354][T12561] [ 700.149693][T12590] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 701.358960][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 701.358981][ T30] audit: type=1804 audit(1758454176.554:169): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1933" name="/newroot/215/file1" dev="fuse" ino=1 res=1 errno=0 [ 701.424099][ T30] audit: type=1800 audit(1758454176.554:170): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1933" name="/" dev="fuse" ino=1 res=0 errno=0 [ 701.563366][ T30] audit: type=1800 audit(1758454176.554:171): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1933" name="/" dev="fuse" ino=1 res=0 errno=0 [ 701.598085][T12599] netlink: 'syz.6.1936': attribute type 4 has an invalid length. [ 701.654698][T12603] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 701.754029][T12603] FAT-fs (loop5): unable to read boot sector [ 701.813413][T12607] program syz.4.1939 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 703.351057][T12612] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1940'. [ 704.126700][T12637] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 704.970034][T12647] FAULT_INJECTION: forcing a failure. [ 704.970034][T12647] name failslab, interval 1, probability 0, space 0, times 0 [ 705.028336][T12647] CPU: 1 UID: 0 PID: 12647 Comm: syz.0.1950 Not tainted syzkaller #0 PREEMPT(full) [ 705.028367][T12647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 705.028380][T12647] Call Trace: [ 705.028388][T12647] [ 705.028397][T12647] dump_stack_lvl+0x189/0x250 [ 705.028428][T12647] ? __pfx____ratelimit+0x10/0x10 [ 705.028452][T12647] ? __pfx_dump_stack_lvl+0x10/0x10 [ 705.028477][T12647] ? __pfx__printk+0x10/0x10 [ 705.028509][T12647] ? __pfx___might_resched+0x10/0x10 [ 705.028538][T12647] ? fs_reclaim_acquire+0x7d/0x100 [ 705.028563][T12647] should_fail_ex+0x414/0x560 [ 705.028595][T12647] should_failslab+0xa8/0x100 [ 705.028618][T12647] kmem_cache_alloc_node_noprof+0x77/0x710 [ 705.028649][T12647] ? __alloc_skb+0x112/0x2d0 [ 705.028668][T12647] ? netlink_autobind+0xdb/0x300 [ 705.028696][T12647] __alloc_skb+0x112/0x2d0 [ 705.028720][T12647] netlink_sendmsg+0x5c6/0xb30 [ 705.028753][T12647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 705.028780][T12647] ? aa_sock_msg_perm+0xf1/0x1d0 [ 705.028809][T12647] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 705.028830][T12647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 705.028854][T12647] __sock_sendmsg+0x21c/0x270 [ 705.028887][T12647] ____sys_sendmsg+0x505/0x830 [ 705.028918][T12647] ? __pfx_____sys_sendmsg+0x10/0x10 [ 705.028953][T12647] ? import_iovec+0x74/0xa0 [ 705.028979][T12647] ___sys_sendmsg+0x21f/0x2a0 [ 705.029006][T12647] ? __pfx____sys_sendmsg+0x10/0x10 [ 705.029077][T12647] ? __fget_files+0x2a/0x420 [ 705.029097][T12647] ? __fget_files+0x3a0/0x420 [ 705.029140][T12647] __x64_sys_sendmsg+0x19b/0x260 [ 705.029177][T12647] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 705.029208][T12647] ? __pfx_ksys_write+0x10/0x10 [ 705.029238][T12647] ? do_syscall_64+0xbe/0xfa0 [ 705.029263][T12647] do_syscall_64+0xfa/0xfa0 [ 705.029283][T12647] ? lockdep_hardirqs_on+0x9c/0x150 [ 705.029304][T12647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.029322][T12647] ? clear_bhb_loop+0x60/0xb0 [ 705.029345][T12647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.029362][T12647] RIP: 0033:0x7f3c60d8ec29 [ 705.029379][T12647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.029395][T12647] RSP: 002b:00007f3c61c9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 705.029415][T12647] RAX: ffffffffffffffda RBX: 00007f3c60fd5fa0 RCX: 00007f3c60d8ec29 [ 705.029428][T12647] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 705.029439][T12647] RBP: 00007f3c61c9e090 R08: 0000000000000000 R09: 0000000000000000 [ 705.029451][T12647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 705.029461][T12647] R13: 00007f3c60fd6038 R14: 00007f3c60fd5fa0 R15: 00007fffb768b818 [ 705.029493][T12647] [ 705.691672][T12654] program syz.3.1952 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 705.979686][T12662] Illegal XDP return value 4294967274 on prog (id 157) dev syz_tun, expect packet loss! [ 706.455686][T12675] FAULT_INJECTION: forcing a failure. [ 706.455686][T12675] name failslab, interval 1, probability 0, space 0, times 0 [ 706.963396][T12675] CPU: 1 UID: 0 PID: 12675 Comm: syz.5.1961 Not tainted syzkaller #0 PREEMPT(full) [ 706.963424][T12675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 706.963437][T12675] Call Trace: [ 706.963445][T12675] [ 706.963453][T12675] dump_stack_lvl+0x189/0x250 [ 706.963482][T12675] ? __pfx____ratelimit+0x10/0x10 [ 706.963504][T12675] ? __pfx_dump_stack_lvl+0x10/0x10 [ 706.963526][T12675] ? __pfx__printk+0x10/0x10 [ 706.963558][T12675] ? __pfx___might_resched+0x10/0x10 [ 706.963583][T12675] ? fs_reclaim_acquire+0x7d/0x100 [ 706.963605][T12675] should_fail_ex+0x414/0x560 [ 706.963633][T12675] should_failslab+0xa8/0x100 [ 706.963654][T12675] kmem_cache_alloc_node_noprof+0x77/0x710 [ 706.963681][T12675] ? __alloc_skb+0x112/0x2d0 [ 706.963698][T12675] ? netlink_autobind+0xdb/0x300 [ 706.963721][T12675] __alloc_skb+0x112/0x2d0 [ 706.963744][T12675] netlink_sendmsg+0x5c6/0xb30 [ 706.963772][T12675] ? __pfx_netlink_sendmsg+0x10/0x10 [ 706.963795][T12675] ? aa_sock_msg_perm+0xf1/0x1d0 [ 706.963820][T12675] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 706.963839][T12675] ? __pfx_netlink_sendmsg+0x10/0x10 [ 706.963858][T12675] __sock_sendmsg+0x21c/0x270 [ 706.963888][T12675] ____sys_sendmsg+0x505/0x830 [ 706.963923][T12675] ? __pfx_____sys_sendmsg+0x10/0x10 [ 706.963955][T12675] ? import_iovec+0x74/0xa0 [ 706.963979][T12675] ___sys_sendmsg+0x21f/0x2a0 [ 706.964003][T12675] ? __pfx____sys_sendmsg+0x10/0x10 [ 706.964061][T12675] ? __fget_files+0x2a/0x420 [ 706.964078][T12675] ? __fget_files+0x3a0/0x420 [ 706.964107][T12675] __x64_sys_sendmsg+0x19b/0x260 [ 706.964132][T12675] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 706.964164][T12675] ? __pfx_ksys_write+0x10/0x10 [ 706.964195][T12675] ? do_syscall_64+0xbe/0xfa0 [ 706.964221][T12675] do_syscall_64+0xfa/0xfa0 [ 706.964241][T12675] ? lockdep_hardirqs_on+0x9c/0x150 [ 706.964262][T12675] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.964281][T12675] ? clear_bhb_loop+0x60/0xb0 [ 706.964303][T12675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.964321][T12675] RIP: 0033:0x7f508c78ec29 [ 706.964338][T12675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.964354][T12675] RSP: 002b:00007f508d685038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 706.964374][T12675] RAX: ffffffffffffffda RBX: 00007f508c9d5fa0 RCX: 00007f508c78ec29 [ 706.964387][T12675] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 706.964399][T12675] RBP: 00007f508d685090 R08: 0000000000000000 R09: 0000000000000000 [ 706.964411][T12675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 706.964421][T12675] R13: 00007f508c9d6038 R14: 00007f508c9d5fa0 R15: 00007fffb9bdd728 [ 706.964452][T12675] [ 707.539043][T12684] netlink: 'syz.3.1964': attribute type 4 has an invalid length. [ 707.928150][ T44] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 707.959636][T12701] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1968'. [ 708.174766][T12704] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1966'. [ 708.238167][ T5980] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 708.405122][ T5980] usb 1-1: config 1 has an invalid interface number: 128 but max is 1 [ 708.417306][ T5980] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 708.429279][ T5980] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 708.439793][ T5980] usb 1-1: config 1 has no interface number 0 [ 708.445949][ T5980] usb 1-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 708.457642][ T5980] usb 1-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 708.728539][ T44] usb 4-1: unable to get BOS descriptor or descriptor too short [ 708.737766][ T44] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 708.748323][ T5980] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 708.759661][ T44] usb 4-1: can't read configurations, error -71 [ 708.766088][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.775360][ T5980] usb 1-1: Product: syz [ 708.779916][ T5980] usb 1-1: Manufacturer: syz [ 708.784535][ T5980] usb 1-1: SerialNumber: syz [ 708.802241][ T5980] cdc_wdm 1-1:1.128: skipping garbage [ 708.818571][ T5980] cdc_wdm 1-1:1.128: cdc-wdm0: USB WDM device [ 708.825052][ T5980] cdc_wdm 1-1:1.128: Unknown control protocol [ 709.235107][ T5953] usb 1-1: USB disconnect, device number 34 [ 709.804229][T12722] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 709.913517][T12722] SQUASHFS error: Failed to read block 0x0: -5 [ 709.923246][T12722] unable to read squashfs_super_block [ 709.985354][T12722] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1974'. [ 710.446779][T12732] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1976'. [ 711.292064][T12737] netlink: 'syz.5.1977': attribute type 4 has an invalid length. [ 713.654791][T12768] FAULT_INJECTION: forcing a failure. [ 713.654791][T12768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 713.808111][T12768] CPU: 0 UID: 0 PID: 12768 Comm: syz.4.1984 Not tainted syzkaller #0 PREEMPT(full) [ 713.808141][T12768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 713.808154][T12768] Call Trace: [ 713.808162][T12768] [ 713.808172][T12768] dump_stack_lvl+0x189/0x250 [ 713.808203][T12768] ? __pfx____ratelimit+0x10/0x10 [ 713.808228][T12768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 713.808253][T12768] ? __pfx__printk+0x10/0x10 [ 713.808283][T12768] ? __might_fault+0xb0/0x130 [ 713.808326][T12768] should_fail_ex+0x414/0x560 [ 713.808367][T12768] _copy_from_iter+0x1de/0x1790 [ 713.808406][T12768] ? rcu_is_watching+0x15/0xb0 [ 713.808442][T12768] ? kmalloc_reserve+0xbd/0x290 [ 713.808466][T12768] ? __pfx__copy_from_iter+0x10/0x10 [ 713.808500][T12768] ? __build_skb_around+0x262/0x3f0 [ 713.808527][T12768] ? netlink_sendmsg+0x642/0xb30 [ 713.808548][T12768] ? skb_put+0x11b/0x210 [ 713.808574][T12768] netlink_sendmsg+0x6b2/0xb30 [ 713.808608][T12768] ? __pfx_netlink_sendmsg+0x10/0x10 [ 713.808635][T12768] ? aa_sock_msg_perm+0xf1/0x1d0 [ 713.808665][T12768] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 713.808686][T12768] ? __pfx_netlink_sendmsg+0x10/0x10 [ 713.808710][T12768] __sock_sendmsg+0x21c/0x270 [ 713.808744][T12768] ____sys_sendmsg+0x505/0x830 [ 713.808776][T12768] ? __pfx_____sys_sendmsg+0x10/0x10 [ 713.808812][T12768] ? import_iovec+0x74/0xa0 [ 713.808838][T12768] ___sys_sendmsg+0x21f/0x2a0 [ 713.808866][T12768] ? __pfx____sys_sendmsg+0x10/0x10 [ 713.808932][T12768] ? __fget_files+0x2a/0x420 [ 713.808953][T12768] ? __fget_files+0x3a0/0x420 [ 713.808985][T12768] __x64_sys_sendmsg+0x19b/0x260 [ 713.809014][T12768] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 713.809062][T12768] ? __pfx_ksys_write+0x10/0x10 [ 713.809096][T12768] ? do_syscall_64+0xbe/0xfa0 [ 713.809125][T12768] do_syscall_64+0xfa/0xfa0 [ 713.809147][T12768] ? lockdep_hardirqs_on+0x9c/0x150 [ 713.809179][T12768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.809199][T12768] ? clear_bhb_loop+0x60/0xb0 [ 713.809224][T12768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.809243][T12768] RIP: 0033:0x7f8b4f18ec29 [ 713.809261][T12768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.809278][T12768] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 713.809300][T12768] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 713.809316][T12768] RDX: 00000000000c4000 RSI: 0000200000000380 RDI: 0000000000000003 [ 713.809345][T12768] RBP: 00007f8b4fff1090 R08: 0000000000000000 R09: 0000000000000000 [ 713.809357][T12768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.809379][T12768] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 713.809413][T12768] [ 715.232823][T12787] netlink: 'syz.5.1991': attribute type 4 has an invalid length. [ 716.014314][T12796] syzkaller1: entered promiscuous mode [ 716.020848][T12796] syzkaller1: entered allmulticast mode [ 718.129272][T12815] erofs (device loop0): cannot find valid erofs superblock [ 718.223862][ T5980] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 718.498483][ T5980] usb 5-1: Using ep0 maxpacket: 8 [ 718.507628][ T5980] usb 5-1: New USB device found, idVendor=05d1, idProduct=9003, bcdDevice= 2.00 [ 718.517493][ T5980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.083388][ T5980] usb 5-1: Product: syz [ 719.087698][ T5980] usb 5-1: Manufacturer: syz [ 719.092675][ T5980] usb 5-1: SerialNumber: syz [ 719.101936][ T5980] usb 5-1: config 0 descriptor?? [ 719.167175][ T5980] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 719.217286][ T5980] usb 5-1: Detected FT232A [ 719.246417][ T5980] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 719.405961][T12829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 719.414910][T12829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 719.429149][T12825] netlink: 'syz.0.2002': attribute type 4 has an invalid length. [ 719.962896][ T5980] usb 5-1: USB disconnect, device number 28 [ 720.001077][ T5980] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 720.043388][ T5980] ftdi_sio 5-1:0.0: device disconnected [ 720.695433][T12838] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2006'. [ 720.819447][T12838] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2006'. [ 720.884264][T12838] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2006'. [ 720.935677][T12846] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2006'. [ 720.989880][T12846] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2006'. [ 721.017571][T12846] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2006'. [ 721.145809][T12857] netlink: 'syz.3.2011': attribute type 10 has an invalid length. [ 721.259204][T12857] FAULT_INJECTION: forcing a failure. [ 721.259204][T12857] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.272413][T12857] CPU: 0 UID: 0 PID: 12857 Comm: syz.3.2011 Not tainted syzkaller #0 PREEMPT(full) [ 721.272431][T12857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 721.272440][T12857] Call Trace: [ 721.272446][T12857] [ 721.272453][T12857] dump_stack_lvl+0x189/0x250 [ 721.272473][T12857] ? __pfx____ratelimit+0x10/0x10 [ 721.272489][T12857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 721.272505][T12857] ? __pfx__printk+0x10/0x10 [ 721.272524][T12857] ? __might_fault+0xb0/0x130 [ 721.272551][T12857] should_fail_ex+0x414/0x560 [ 721.272573][T12857] _copy_from_iter+0x1de/0x1790 [ 721.272598][T12857] ? rcu_is_watching+0x15/0xb0 [ 721.272621][T12857] ? kmalloc_reserve+0xbd/0x290 [ 721.272636][T12857] ? __pfx__copy_from_iter+0x10/0x10 [ 721.272658][T12857] ? __build_skb_around+0x262/0x3f0 [ 721.272674][T12857] ? netlink_sendmsg+0x642/0xb30 [ 721.272688][T12857] ? skb_put+0x11b/0x210 [ 721.272705][T12857] netlink_sendmsg+0x6b2/0xb30 [ 721.272743][T12857] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.272760][T12857] ? aa_sock_msg_perm+0xf1/0x1d0 [ 721.272779][T12857] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 721.272793][T12857] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.272808][T12857] __sock_sendmsg+0x21c/0x270 [ 721.272831][T12857] ____sys_sendmsg+0x505/0x830 [ 721.272851][T12857] ? __pfx_____sys_sendmsg+0x10/0x10 [ 721.272873][T12857] ? import_iovec+0x74/0xa0 [ 721.272889][T12857] ___sys_sendmsg+0x21f/0x2a0 [ 721.272907][T12857] ? __pfx____sys_sendmsg+0x10/0x10 [ 721.272927][T12857] ? rcu_read_lock_any_held+0xb3/0x120 [ 721.272949][T12857] ? sb_end_write+0xe9/0x1c0 [ 721.272973][T12857] ? __pfx_vfs_write+0x10/0x10 [ 721.272992][T12857] ? do_sys_openat2+0x154/0x1c0 [ 721.273013][T12857] __x64_sys_sendmsg+0x19b/0x260 [ 721.273031][T12857] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 721.273054][T12857] ? __pfx_ksys_write+0x10/0x10 [ 721.273076][T12857] ? do_syscall_64+0xbe/0xfa0 [ 721.273094][T12857] do_syscall_64+0xfa/0xfa0 [ 721.273109][T12857] ? lockdep_hardirqs_on+0x9c/0x150 [ 721.273124][T12857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.273137][T12857] ? clear_bhb_loop+0x60/0xb0 [ 721.273153][T12857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.273166][T12857] RIP: 0033:0x7f658b38ec29 [ 721.273179][T12857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.273190][T12857] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 721.273204][T12857] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 721.273214][T12857] RDX: 0000000000008400 RSI: 0000200000000080 RDI: 0000000000000008 [ 721.273223][T12857] RBP: 00007f658c257090 R08: 0000000000000000 R09: 0000000000000000 [ 721.273231][T12857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.273239][T12857] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 721.273260][T12857] [ 721.666892][T12864] 9pnet_fd: Insufficient options for proto=fd [ 721.770655][T12848] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 721.787733][T12848] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 721.798487][T12848] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 721.804432][T12848] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 721.813743][T12848] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 721.823085][T12848] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 721.854708][T12873] netlink: 'syz.3.2013': attribute type 4 has an invalid length. [ 722.104643][T12848] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 722.147398][T12848] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 723.030867][ T30] audit: type=1326 audit(1758454198.184:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.062958][ T30] audit: type=1326 audit(1758454198.184:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.089208][ T30] audit: type=1326 audit(1758454198.184:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.118683][ T30] audit: type=1326 audit(1758454198.184:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.141624][ T30] audit: type=1326 audit(1758454198.184:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.177901][ T30] audit: type=1326 audit(1758454198.184:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.200977][ T30] audit: type=1326 audit(1758454198.184:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.223895][ T30] audit: type=1326 audit(1758454198.184:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.253943][ T30] audit: type=1326 audit(1758454198.184:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 723.295910][ T30] audit: type=1326 audit(1758454198.184:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12888 comm="syz.4.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f8b4f18ec29 code=0x7ffc0000 [ 747.483411][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.489831][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.922970][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.929725][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.363774][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.370249][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 882.518690][ T31] INFO: task syz-executor:5879 blocked for more than 143 seconds. [ 882.526557][ T31] Not tainted syzkaller #0 [ 882.531835][ T31] Blocked by coredump. [ 882.536476][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 882.545444][ T31] task:syz-executor state:D stack:20968 pid:5879 tgid:5879 ppid:1 task_flags:0x40054c flags:0x00080003 [ 882.557699][ T31] Call Trace: [ 882.561134][ T31] [ 882.564067][ T31] __schedule+0x1798/0x4cc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 882.568651][ T31] ? __pfx___schedule+0x10/0x10 [ 882.573659][ T31] ? schedule+0x91/0x360 [ 882.578733][ T31] schedule+0x165/0x360 [ 882.582957][ T31] schedule_preempt_disabled+0x13/0x30 [ 882.589072][ T31] __mutex_lock+0x7e6/0x1350 [ 882.593704][ T31] ? __mutex_lock+0x5bb/0x1350 [ 882.598622][ T31] ? rfkill_unregister+0xc8/0x220 [ 882.631219][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 882.636420][ T31] ? __pfx_device_del+0x10/0x10 [ 882.663248][ T31] ? hci_sock_dev_event+0x42d/0x600 [ 882.673825][ T31] rfkill_unregister+0xc8/0x220 [ 882.678859][ T31] hci_unregister_dev+0x374/0x510 [ 882.683916][ T31] vhci_release+0x152/0x1a0 [ 882.688542][ T31] ? __pfx_vhci_release+0x10/0x10 [ 882.693593][ T31] __fput+0x44c/0xa70 [ 882.697587][ T31] task_work_run+0x1d4/0x260 [ 882.702617][ T31] ? __pfx_task_work_run+0x10/0x10 [ 882.707764][ T31] ? do_exit+0x6b0/0x2300 [ 882.712203][ T31] ? kmem_cache_free+0x19b/0x690 [ 882.717186][ T31] do_exit+0x6b5/0x2300 [ 882.721442][ T31] ? do_raw_spin_lock+0x121/0x290 [ 882.726493][ T31] ? __pfx_do_exit+0x10/0x10 [ 882.731144][ T31] do_group_exit+0x21c/0x2d0 [ 882.735756][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 882.741011][ T31] get_signal+0x1285/0x1340 [ 882.745570][ T31] arch_do_signal_or_restart+0xa0/0x790 [ 882.751242][ T31] ? __pfx___x64_sys_wait4+0x10/0x10 [ 882.756557][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 882.762789][ T31] ? exit_to_user_mode_loop+0x40/0x130 [ 882.768330][ T31] exit_to_user_mode_loop+0x72/0x130 [ 882.773660][ T31] do_syscall_64+0x2bd/0xfa0 [ 882.778311][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 882.783594][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.789708][ T31] ? clear_bhb_loop+0x60/0xb0 [ 882.794403][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.800385][ T31] RIP: 0033:0x7f3c60d84e97 [ 882.804816][ T31] RSP: 002b:00007fffb768bb70 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 882.813287][ T31] RAX: fffffffffffffe00 RBX: 00000000000004fb RCX: 00007f3c60d84e97 [ 882.821303][ T31] RDX: 0000000040000000 RSI: 00007fffb768bbdc RDI: 00000000ffffffff [ 882.829327][ T31] RBP: 00007fffb768bbdc R08: 0000000000000000 R09: 0000000000000000 [ 882.837317][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000001a6 [ 882.845356][ T31] R13: 000055557268d590 R14: 00000000000afff6 R15: 00007fffb768bc30 [ 882.853403][ T31] [ 882.856460][ T31] INFO: task kworker/1:5:5980 blocked for more than 143 seconds. [ 882.864359][ T31] Not tainted syzkaller #0 [ 882.869344][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 882.878067][ T31] task:kworker/1:5 state:D stack:22888 pid:5980 tgid:5980 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 882.890144][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 882.896847][ T31] Call Trace: [ 882.900188][ T31] [ 882.903143][ T31] __schedule+0x1798/0x4cc0 [ 882.907699][ T31] ? __pfx___schedule+0x10/0x10 [ 882.912652][ T31] ? schedule+0x91/0x360 [ 882.916913][ T31] schedule+0x165/0x360 [ 882.921160][ T31] schedule_preempt_disabled+0x13/0x30 [ 882.926647][ T31] __mutex_lock+0x7e6/0x1350 [ 882.931280][ T31] ? __mutex_lock+0x5bb/0x1350 [ 882.936068][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 882.942367][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 882.947418][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 882.953185][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 882.958956][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 882.965025][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 882.970809][ T31] process_scheduled_works+0xae1/0x17b0 [ 882.976419][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 882.982463][ T31] worker_thread+0x8a0/0xda0 [ 882.987078][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 882.993452][ T31] ? __kthread_parkme+0x7b/0x200 [ 882.998566][ T31] kthread+0x711/0x8a0 [ 883.002640][ T31] ? __pfx_worker_thread+0x10/0x10 [ 883.007753][ T31] ? __pfx_kthread+0x10/0x10 [ 883.012645][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 883.017914][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.023136][ T31] ? __pfx_kthread+0x10/0x10 [ 883.027769][ T31] ret_from_fork+0x4bc/0x870 [ 883.032528][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 883.037683][ T31] ? __switch_to_asm+0x39/0x70 [ 883.042493][ T31] ? __switch_to_asm+0x33/0x70 [ 883.047362][ T31] ? __pfx_kthread+0x10/0x10 [ 883.051986][ T31] ret_from_fork_asm+0x1a/0x30 [ 883.056784][ T31] [ 883.059879][ T31] INFO: task syz.0.2006:12846 blocked for more than 143 seconds. [ 883.067626][ T31] Not tainted syzkaller #0 [ 883.074713][ T31] Blocked by coredump. [ 883.079364][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 883.088097][ T31] task:syz.0.2006 state:D stack:23784 pid:12846 tgid:12835 ppid:5879 task_flags:0x40054c flags:0x00080001 [ 883.100199][ T31] Call Trace: [ 883.103490][ T31] [ 883.106417][ T31] __schedule+0x1798/0x4cc0 [ 883.111014][ T31] ? __pfx___schedule+0x10/0x10 [ 883.115903][ T31] ? schedule+0x91/0x360 [ 883.120194][ T31] schedule+0x165/0x360 [ 883.124378][ T31] schedule_preempt_disabled+0x13/0x30 [ 883.129882][ T31] __mutex_lock+0x7e6/0x1350 [ 883.134488][ T31] ? __mutex_lock+0x5bb/0x1350 [ 883.139319][ T31] ? rfkill_unregister+0xc8/0x220 [ 883.144374][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 883.149476][ T31] ? __pfx_device_del+0x10/0x10 [ 883.154373][ T31] rfkill_unregister+0xc8/0x220 [ 883.159439][ T31] nfc_unregister_device+0x96/0x2a0 [ 883.164663][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 883.170442][ T31] virtual_ncidev_close+0x56/0x90 [ 883.175519][ T31] __fput+0x44c/0xa70 [ 883.179593][ T31] task_work_run+0x1d4/0x260 [ 883.184207][ T31] ? __pfx_task_work_run+0x10/0x10 [ 883.189387][ T31] ? do_exit+0x6b0/0x2300 [ 883.193760][ T31] ? kmem_cache_free+0x19b/0x690 [ 883.198771][ T31] do_exit+0x6b5/0x2300 [ 883.202952][ T31] ? do_raw_spin_lock+0x121/0x290 [ 883.208053][ T31] ? __pfx_do_exit+0x10/0x10 [ 883.212696][ T31] do_group_exit+0x21c/0x2d0 [ 883.217286][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.222525][ T31] get_signal+0x1285/0x1340 [ 883.227078][ T31] arch_do_signal_or_restart+0xa0/0x790 [ 883.232654][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 883.238851][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 883.244341][ T31] ? exit_to_user_mode_loop+0x40/0x130 [ 883.249871][ T31] exit_to_user_mode_loop+0x72/0x130 [ 883.255175][ T31] do_syscall_64+0x2bd/0xfa0 [ 883.259813][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.265031][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.271163][ T31] ? clear_bhb_loop+0x60/0xb0 [ 883.275873][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.281832][ T31] RIP: 0033:0x7f3c60d8ec29 [ 883.286268][ T31] RSP: 002b:00007f3c61c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 883.294729][ T31] RAX: 0000000000000098 RBX: 00007f3c60fd6180 RCX: 00007f3c60d8ec29 [ 883.302746][ T31] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 883.310798][ T31] RBP: 00007f3c60e11e41 R08: 0000000000000000 R09: 0000000000000000 [ 883.318822][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.326806][ T31] R13: 00007f3c60fd6218 R14: 00007f3c60fd6180 R15: 00007fffb768b818 [ 883.334838][ T31] [ 883.337929][ T31] INFO: task syz.6.2008:12848 blocked for more than 144 seconds. [ 883.345657][ T31] Not tainted syzkaller #0 [ 883.355571][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 883.364312][ T31] task:syz.6.2008 state:D stack:24936 pid:12848 tgid:12847 ppid:10060 task_flags:0x400140 flags:0x00080003 [ 883.376301][ T31] Call Trace: [ 883.379615][ T31] [ 883.382584][ T31] __schedule+0x1798/0x4cc0 [ 883.387107][ T31] ? __pfx___schedule+0x10/0x10 [ 883.392038][ T31] ? schedule+0x91/0x360 [ 883.396310][ T31] schedule+0x165/0x360 [ 883.400797][ T31] schedule_preempt_disabled+0x13/0x30 [ 883.406370][ T31] __mutex_lock+0x7e6/0x1350 [ 883.411047][ T31] ? __mutex_lock+0x5bb/0x1350 [ 883.415844][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 883.421177][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 883.426222][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.431498][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 883.437408][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 883.443786][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 883.449552][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 883.454665][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 883.460416][ T31] rfkill_set_block+0x1d2/0x440 [ 883.465309][ T31] rfkill_fop_write+0x44b/0x570 [ 883.470210][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 883.475615][ T31] ? security_kernfs_init_security+0x280/0x290 [ 883.481935][ T31] ? rw_verify_area+0x255/0x4d0 [ 883.486834][ T31] ? __lock_acquire+0xab9/0xd20 [ 883.491739][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 883.497134][ T31] vfs_write+0x27e/0xb30 [ 883.501461][ T31] ? __pfx_vfs_write+0x10/0x10 [ 883.506262][ T31] ? __fget_files+0x2a/0x420 [ 883.510918][ T31] ? __fget_files+0x2a/0x420 [ 883.515530][ T31] ? __fget_files+0x3a0/0x420 [ 883.520271][ T31] ? __fget_files+0x2a/0x420 [ 883.524905][ T31] ksys_write+0x145/0x250 [ 883.529316][ T31] ? __pfx_ksys_write+0x10/0x10 [ 883.534177][ T31] ? do_syscall_64+0xbe/0xfa0 [ 883.538943][ T31] do_syscall_64+0xfa/0xfa0 [ 883.543462][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.548740][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.554835][ T31] ? clear_bhb_loop+0x60/0xb0 [ 883.559851][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.565766][ T31] RIP: 0033:0x7fe85ef8ec29 [ 883.570269][ T31] RSP: 002b:00007fe85fe6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 883.578741][ T31] RAX: ffffffffffffffda RBX: 00007fe85f1d5fa0 RCX: 00007fe85ef8ec29 [ 883.586733][ T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003 [ 883.594744][ T31] RBP: 00007fe85f011e41 R08: 0000000000000000 R09: 0000000000000000 [ 883.602752][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.610750][ T31] R13: 00007fe85f1d6038 R14: 00007fe85f1d5fa0 R15: 00007ffcb4eb9018 [ 883.618769][ T31] [ 883.621797][ T31] INFO: task syz.3.2013:12868 blocked for more than 144 seconds. [ 883.629592][ T31] Not tainted syzkaller #0 [ 883.634543][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 883.643268][ T31] task:syz.3.2013 state:D stack:25448 pid:12868 tgid:12867 ppid:5876 task_flags:0x400040 flags:0x00080002 [ 883.655256][ T31] Call Trace: [ 883.658929][ T31] [ 883.661898][ T31] __schedule+0x1798/0x4cc0 [ 883.666409][ T31] ? __lock_acquire+0xab9/0xd20 [ 883.671429][ T31] ? __lock_acquire+0xab9/0xd20 [ 883.676310][ T31] ? __pfx___schedule+0x10/0x10 [ 883.681320][ T31] ? schedule+0x91/0x360 [ 883.685590][ T31] schedule+0x165/0x360 [ 883.690349][ T31] schedule_preempt_disabled+0x13/0x30 [ 883.695843][ T31] __mutex_lock+0x7e6/0x1350 [ 883.700616][ T31] ? __mutex_lock+0x5bb/0x1350 [ 883.705414][ T31] ? rfkill_register+0x37/0x8e0 [ 883.710450][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 883.715517][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 883.721085][ T31] ? device_initialize+0x24b/0x440 [ 883.726232][ T31] rfkill_register+0x37/0x8e0 [ 883.730965][ T31] nfc_register_device+0x14a/0x320 [ 883.736114][ T31] nci_register_device+0x87f/0x9d0 [ 883.741444][ T31] ? __pfx_nci_register_device+0x10/0x10 [ 883.747109][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 883.752560][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 883.758037][ T31] virtual_ncidev_open+0x129/0x1a0 [ 883.763177][ T31] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 883.768913][ T31] misc_open+0x2d5/0x350 [ 883.773191][ T31] chrdev_open+0x4cc/0x5e0 [ 883.777628][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 883.782659][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 883.789165][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 883.794138][ T31] do_dentry_open+0x953/0x13f0 [ 883.799559][ T31] vfs_open+0x3b/0x340 [ 883.803656][ T31] ? path_openat+0x2ecd/0x3830 [ 883.808496][ T31] path_openat+0x2ee5/0x3830 [ 883.813143][ T31] ? __pfx_path_openat+0x10/0x10 [ 883.818191][ T31] do_filp_open+0x1fa/0x410 [ 883.822718][ T31] ? __lock_acquire+0xab9/0xd20 [ 883.827578][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 883.832824][ T31] ? _raw_spin_unlock+0x28/0x50 [ 883.837704][ T31] ? alloc_fd+0x64c/0x6c0 [ 883.842118][ T31] do_sys_openat2+0x121/0x1c0 [ 883.847007][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 883.852292][ T31] ? rcu_is_watching+0x15/0xb0 [ 883.857084][ T31] __x64_sys_openat+0x138/0x170 [ 883.862007][ T31] do_syscall_64+0xfa/0xfa0 [ 883.866632][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 883.871954][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.878110][ T31] ? clear_bhb_loop+0x60/0xb0 [ 883.882794][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.888750][ T31] RIP: 0033:0x7f658b38ec29 [ 883.893178][ T31] RSP: 002b:00007f658c257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 883.901702][ T31] RAX: ffffffffffffffda RBX: 00007f658b5d5fa0 RCX: 00007f658b38ec29 [ 883.910145][ T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 883.918845][ T31] RBP: 00007f658b411e41 R08: 0000000000000000 R09: 0000000000000000 [ 883.926839][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.934968][ T31] R13: 00007f658b5d6038 R14: 00007f658b5d5fa0 R15: 00007ffd19c74d88 [ 883.943009][ T31] [ 883.946065][ T31] INFO: task syz.5.2014:12880 blocked for more than 144 seconds. [ 883.953965][ T31] Not tainted syzkaller #0 [ 883.958987][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 883.967689][ T31] task:syz.5.2014 state:D stack:28296 pid:12880 tgid:12877 ppid:8893 task_flags:0x400040 flags:0x00080002 [ 883.979711][ T31] Call Trace: [ 883.983004][ T31] [ 883.985932][ T31] __schedule+0x1798/0x4cc0 [ 883.990525][ T31] ? security_file_open+0xb1/0x270 [ 883.995665][ T31] ? __pfx___schedule+0x10/0x10 [ 884.000583][ T31] ? schedule+0x91/0x360 [ 884.004859][ T31] schedule+0x165/0x360 [ 884.009060][ T31] schedule_preempt_disabled+0x13/0x30 [ 884.014589][ T31] __mutex_lock+0x7e6/0x1350 [ 884.019264][ T31] ? __mutex_lock+0x5bb/0x1350 [ 884.024058][ T31] ? misc_open+0x51/0x350 [ 884.028451][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 884.033536][ T31] misc_open+0x51/0x350 [ 884.037724][ T31] chrdev_open+0x4cc/0x5e0 [ 884.042568][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.047541][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 884.053990][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.059028][ T31] do_dentry_open+0x953/0x13f0 [ 884.063838][ T31] vfs_open+0x3b/0x340 [ 884.068116][ T31] ? path_openat+0x2ecd/0x3830 [ 884.072937][ T31] path_openat+0x2ee5/0x3830 [ 884.077561][ T31] ? __pfx_path_openat+0x10/0x10 [ 884.082622][ T31] do_filp_open+0x1fa/0x410 [ 884.087150][ T31] ? __lock_acquire+0xab9/0xd20 [ 884.092124][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 884.097190][ T31] ? _raw_spin_unlock+0x28/0x50 [ 884.102106][ T31] ? alloc_fd+0x64c/0x6c0 [ 884.106466][ T31] do_sys_openat2+0x121/0x1c0 [ 884.111268][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 884.116494][ T31] ? exc_page_fault+0x82/0x100 [ 884.121407][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 884.126720][ T31] __x64_sys_openat+0x138/0x170 [ 884.132134][ T31] do_syscall_64+0xfa/0xfa0 [ 884.136671][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 884.141995][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.148327][ T31] ? clear_bhb_loop+0x60/0xb0 [ 884.153049][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.159061][ T31] RIP: 0033:0x7f508c78d590 [ 884.163512][ T31] RSP: 002b:00007f508d682ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 884.172012][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f508c78d590 [ 884.180063][ T31] RDX: 0000000000000002 RSI: 00007f508c811b1c RDI: 00000000ffffff9c [ 884.188216][ T31] RBP: 00007f508c811b1c R08: 0000000000000000 R09: 0000000000000000 [ 884.196208][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 884.204256][ T31] R13: 0000000000000073 R14: 0000200000000400 R15: 00007fffb9bdd728 [ 884.212300][ T31] [ 884.215345][ T31] INFO: task syz.4.2015:12890 blocked for more than 145 seconds. [ 884.223211][ T31] Not tainted syzkaller #0 [ 884.228254][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 884.236929][ T31] task:syz.4.2015 state:D stack:28296 pid:12890 tgid:12888 ppid:5868 task_flags:0x400040 flags:0x00080002 [ 884.249339][ T31] Call Trace: [ 884.252644][ T31] [ 884.255665][ T31] __schedule+0x1798/0x4cc0 [ 884.260754][ T31] ? security_file_open+0xb1/0x270 [ 884.265940][ T31] ? __pfx___schedule+0x10/0x10 [ 884.271187][ T31] ? schedule+0x91/0x360 [ 884.275478][ T31] schedule+0x165/0x360 [ 884.279972][ T31] schedule_preempt_disabled+0x13/0x30 [ 884.285458][ T31] __mutex_lock+0x7e6/0x1350 [ 884.290124][ T31] ? __mutex_lock+0x5bb/0x1350 [ 884.294913][ T31] ? misc_open+0x51/0x350 [ 884.299318][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 884.304378][ T31] misc_open+0x51/0x350 [ 884.308655][ T31] chrdev_open+0x4cc/0x5e0 [ 884.313101][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.318115][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 884.324482][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.329488][ T31] do_dentry_open+0x953/0x13f0 [ 884.334311][ T31] vfs_open+0x3b/0x340 [ 884.338466][ T31] ? path_openat+0x2ecd/0x3830 [ 884.343262][ T31] path_openat+0x2ee5/0x3830 [ 884.347928][ T31] ? __pfx_path_openat+0x10/0x10 [ 884.352901][ T31] do_filp_open+0x1fa/0x410 [ 884.357491][ T31] ? __lock_acquire+0xab9/0xd20 [ 884.363272][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 884.368429][ T31] ? _raw_spin_unlock+0x28/0x50 [ 884.373300][ T31] ? alloc_fd+0x64c/0x6c0 [ 884.377629][ T31] do_sys_openat2+0x121/0x1c0 [ 884.382397][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 884.387653][ T31] ? exc_page_fault+0x82/0x100 [ 884.392535][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 884.397858][ T31] __x64_sys_openat+0x138/0x170 [ 884.402852][ T31] do_syscall_64+0xfa/0xfa0 [ 884.407381][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 884.412693][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.418901][ T31] ? clear_bhb_loop+0x60/0xb0 [ 884.423610][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.429618][ T31] RIP: 0033:0x7f8b4f18ec29 [ 884.434051][ T31] RSP: 002b:00007f8b4fff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 884.446594][ T31] RAX: ffffffffffffffda RBX: 00007f8b4f3d5fa0 RCX: 00007f8b4f18ec29 [ 884.454640][ T31] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 884.462672][ T31] RBP: 00007f8b4f211e41 R08: 0000000000000000 R09: 0000000000000000 [ 884.470977][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.479323][ T31] R13: 00007f8b4f3d6038 R14: 00007f8b4f3d5fa0 R15: 00007ffd345a3458 [ 884.487372][ T31] [ 884.490553][ T31] INFO: task syz.4.2015:12898 blocked for more than 145 seconds. [ 884.498326][ T31] Not tainted syzkaller #0 [ 884.503255][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 884.512024][ T31] task:syz.4.2015 state:D stack:25064 pid:12898 tgid:12888 ppid:5868 task_flags:0x400140 flags:0x00080002 [ 884.524106][ T31] Call Trace: [ 884.527429][ T31] [ 884.530466][ T31] __schedule+0x1798/0x4cc0 [ 884.535021][ T31] ? __pfx___schedule+0x10/0x10 [ 884.539936][ T31] ? schedule+0x91/0x360 [ 884.544200][ T31] schedule+0x165/0x360 [ 884.548479][ T31] schedule_preempt_disabled+0x13/0x30 [ 884.553959][ T31] __mutex_lock+0x7e6/0x1350 [ 884.558621][ T31] ? __mutex_lock+0x5bb/0x1350 [ 884.563441][ T31] ? rfkill_register+0x37/0x8e0 [ 884.568382][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 884.573446][ T31] ? device_initialize+0x24b/0x440 [ 884.578842][ T31] rfkill_register+0x37/0x8e0 [ 884.583541][ T31] hci_register_dev+0x3f5/0x890 [ 884.588812][ T31] hci_uart_tty_ioctl+0x828/0xa00 [ 884.593868][ T31] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 884.601580][ T31] tty_ioctl+0x9c6/0xde0 [ 884.605864][ T31] ? __pfx_tty_ioctl+0x10/0x10 [ 884.610720][ T31] __se_sys_ioctl+0xfc/0x170 [ 884.615336][ T31] do_syscall_64+0xfa/0xfa0 [ 884.619938][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.626023][ T31] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 884.631747][ T31] ? clear_bhb_loop+0x60/0xb0 [ 884.636447][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.642380][ T31] RIP: 0033:0x7f8b4f18ec29 [ 884.646858][ T31] RSP: 002b:00007f8b4ff8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 884.655396][ T31] RAX: ffffffffffffffda RBX: 00007f8b4f3d6270 RCX: 00007f8b4f18ec29 [ 884.663438][ T31] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000008 [ 884.671543][ T31] RBP: 00007f8b4f211e41 R08: 0000000000000000 R09: 0000000000000000 [ 884.679572][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.687650][ T31] R13: 00007f8b4f3d6308 R14: 00007f8b4f3d6270 R15: 00007ffd345a3458 [ 884.695791][ T31] [ 884.699234][ T31] INFO: task syz-executor:12957 blocked for more than 145 seconds. [ 884.707123][ T31] Not tainted syzkaller #0 [ 884.712187][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 884.720908][ T31] task:syz-executor state:D stack:28008 pid:12957 tgid:12957 ppid:1 task_flags:0x400040 flags:0x00080000 [ 884.732900][ T31] Call Trace: [ 884.736191][ T31] [ 884.739211][ T31] __schedule+0x1798/0x4cc0 [ 884.743753][ T31] ? security_file_open+0xb1/0x270 [ 884.748996][ T31] ? __pfx___schedule+0x10/0x10 [ 884.753880][ T31] ? schedule+0x91/0x360 [ 884.758215][ T31] schedule+0x165/0x360 [ 884.762418][ T31] schedule_preempt_disabled+0x13/0x30 [ 884.767976][ T31] __mutex_lock+0x7e6/0x1350 [ 884.772594][ T31] ? __mutex_lock+0x5bb/0x1350 [ 884.777390][ T31] ? misc_open+0x51/0x350 [ 884.781807][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 884.786866][ T31] misc_open+0x51/0x350 [ 884.791087][ T31] chrdev_open+0x4cc/0x5e0 [ 884.795527][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.800531][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 884.806880][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 884.812414][ T31] do_dentry_open+0x953/0x13f0 [ 884.817205][ T31] vfs_open+0x3b/0x340 [ 884.821344][ T31] ? path_openat+0x2ecd/0x3830 [ 884.826137][ T31] path_openat+0x2ee5/0x3830 [ 884.830830][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 884.836329][ T31] ? count_memcg_event_mm+0x21/0x260 [ 884.841708][ T31] ? __pfx_path_openat+0x10/0x10 [ 884.846681][ T31] ? __pfx___up_read+0x10/0x10 [ 884.851514][ T31] ? do_user_addr_fault+0xbbc/0x1380 [ 884.856857][ T31] do_filp_open+0x1fa/0x410 [ 884.861455][ T31] ? __lock_acquire+0xab9/0xd20 [ 884.866337][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 884.871470][ T31] ? _raw_spin_unlock+0x28/0x50 [ 884.876341][ T31] ? alloc_fd+0x64c/0x6c0 [ 884.880756][ T31] do_sys_openat2+0x121/0x1c0 [ 884.885471][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 884.890745][ T31] ? fd_install+0x97/0x540 [ 884.895178][ T31] ? fd_install+0x30d/0x540 [ 884.899729][ T31] __x64_sys_openat+0x138/0x170 [ 884.904623][ T31] do_syscall_64+0xfa/0xfa0 [ 884.909241][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 884.914459][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.920993][ T31] ? clear_bhb_loop+0x60/0xb0 [ 884.925689][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.931677][ T31] RIP: 0033:0x7fa4df98d511 [ 884.936114][ T31] RSP: 002b:00007fffec3c7c60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 884.944642][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa4df98d511 [ 884.952745][ T31] RDX: 0000000000000002 RSI: 00007fa4dfa1284a RDI: 00000000ffffff9c [ 884.960806][ T31] RBP: 00007fa4dfa1284a R08: 0000000000000000 R09: 00007fa4e070d6c0 [ 884.968863][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 884.976869][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 884.984917][ T31] [ 884.988033][ T31] INFO: task syz-executor:12960 blocked for more than 145 seconds. [ 884.995935][ T31] Not tainted syzkaller #0 [ 885.001106][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 885.009833][ T31] task:syz-executor state:D stack:27904 pid:12960 tgid:12960 ppid:1 task_flags:0x400040 flags:0x00080000 [ 885.021818][ T31] Call Trace: [ 885.025110][ T31] [ 885.028548][ T31] __schedule+0x1798/0x4cc0 [ 885.033069][ T31] ? security_file_open+0xb1/0x270 [ 885.038242][ T31] ? __pfx___schedule+0x10/0x10 [ 885.043123][ T31] ? schedule+0x91/0x360 [ 885.047372][ T31] schedule+0x165/0x360 [ 885.051647][ T31] schedule_preempt_disabled+0x13/0x30 [ 885.057142][ T31] __mutex_lock+0x7e6/0x1350 [ 885.061797][ T31] ? __mutex_lock+0x5bb/0x1350 [ 885.066592][ T31] ? misc_open+0x51/0x350 [ 885.071015][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 885.076094][ T31] misc_open+0x51/0x350 [ 885.080584][ T31] chrdev_open+0x4cc/0x5e0 [ 885.085035][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.090099][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 885.096455][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.101500][ T31] do_dentry_open+0x953/0x13f0 [ 885.106300][ T31] vfs_open+0x3b/0x340 [ 885.110486][ T31] ? path_openat+0x2ecd/0x3830 [ 885.115283][ T31] path_openat+0x2ee5/0x3830 [ 885.119968][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 885.125466][ T31] ? count_memcg_event_mm+0x21/0x260 [ 885.130858][ T31] ? __pfx_path_openat+0x10/0x10 [ 885.135817][ T31] ? __pfx___up_read+0x10/0x10 [ 885.141094][ T31] ? do_user_addr_fault+0xbbc/0x1380 [ 885.146489][ T31] do_filp_open+0x1fa/0x410 [ 885.151085][ T31] ? __lock_acquire+0xab9/0xd20 [ 885.155968][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 885.161057][ T31] ? _raw_spin_unlock+0x28/0x50 [ 885.165930][ T31] ? alloc_fd+0x64c/0x6c0 [ 885.170350][ T31] do_sys_openat2+0x121/0x1c0 [ 885.175066][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.180341][ T31] ? fd_install+0x97/0x540 [ 885.184798][ T31] ? fd_install+0x30d/0x540 [ 885.189389][ T31] __x64_sys_openat+0x138/0x170 [ 885.194270][ T31] do_syscall_64+0xfa/0xfa0 [ 885.198872][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 885.204105][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.210245][ T31] ? clear_bhb_loop+0x60/0xb0 [ 885.214952][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.220917][ T31] RIP: 0033:0x7f4641d8d511 [ 885.225353][ T31] RSP: 002b:00007fff079ad240 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 885.233856][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4641d8d511 [ 885.241910][ T31] RDX: 0000000000000002 RSI: 00007f4641e1284a RDI: 00000000ffffff9c [ 885.250428][ T31] RBP: 00007f4641e1284a R08: 0000000000000000 R09: 00007f4642b0d6c0 [ 885.258458][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 885.266444][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 885.274516][ T31] [ 885.277539][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 885.286605][ T31] INFO: task syz-executor:12961 blocked for more than 146 seconds. [ 885.294567][ T31] Not tainted syzkaller #0 [ 885.299543][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 885.308563][ T31] task:syz-executor state:D stack:28008 pid:12961 tgid:12961 ppid:1 task_flags:0x400040 flags:0x00080000 [ 885.320553][ T31] Call Trace: [ 885.323840][ T31] [ 885.326775][ T31] __schedule+0x1798/0x4cc0 [ 885.331384][ T31] ? security_file_open+0xb1/0x270 [ 885.336563][ T31] ? __pfx___schedule+0x10/0x10 [ 885.341513][ T31] ? schedule+0x91/0x360 [ 885.345786][ T31] schedule+0x165/0x360 [ 885.350041][ T31] schedule_preempt_disabled+0x13/0x30 [ 885.355525][ T31] __mutex_lock+0x7e6/0x1350 [ 885.360633][ T31] ? __mutex_lock+0x5bb/0x1350 [ 885.365433][ T31] ? misc_open+0x51/0x350 [ 885.369840][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 885.374987][ T31] misc_open+0x51/0x350 [ 885.379229][ T31] chrdev_open+0x4cc/0x5e0 [ 885.383683][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.388720][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 885.395080][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.400485][ T31] do_dentry_open+0x953/0x13f0 [ 885.405335][ T31] vfs_open+0x3b/0x340 [ 885.409482][ T31] ? path_openat+0x2ecd/0x3830 [ 885.414273][ T31] path_openat+0x2ee5/0x3830 [ 885.418954][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 885.424457][ T31] ? count_memcg_event_mm+0x21/0x260 [ 885.429846][ T31] ? __pfx_path_openat+0x10/0x10 [ 885.434808][ T31] ? __pfx___up_read+0x10/0x10 [ 885.439616][ T31] ? do_user_addr_fault+0xbbc/0x1380 [ 885.444930][ T31] do_filp_open+0x1fa/0x410 [ 885.449514][ T31] ? __lock_acquire+0xab9/0xd20 [ 885.454394][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 885.459595][ T31] ? _raw_spin_unlock+0x28/0x50 [ 885.464474][ T31] ? alloc_fd+0x64c/0x6c0 [ 885.469385][ T31] do_sys_openat2+0x121/0x1c0 [ 885.474078][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.480014][ T31] ? fd_install+0x97/0x540 [ 885.484467][ T31] ? fd_install+0x30d/0x540 [ 885.489157][ T31] __x64_sys_openat+0x138/0x170 [ 885.494063][ T31] do_syscall_64+0xfa/0xfa0 [ 885.498707][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 885.504021][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.510214][ T31] ? clear_bhb_loop+0x60/0xb0 [ 885.515006][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.520953][ T31] RIP: 0033:0x7efc5618d511 [ 885.525430][ T31] RSP: 002b:00007ffd9517e850 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 885.533998][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007efc5618d511 [ 885.542100][ T31] RDX: 0000000000000002 RSI: 00007efc5621284a RDI: 00000000ffffff9c [ 885.550261][ T31] RBP: 00007efc5621284a R08: 0000000000000000 R09: 00007efc56f0d6c0 [ 885.558558][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 885.566573][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 885.574642][ T31] [ 885.577688][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 885.586756][ T31] INFO: task syz-executor:12964 blocked for more than 146 seconds. [ 885.594770][ T31] Not tainted syzkaller #0 [ 885.599766][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 885.608558][ T31] task:syz-executor state:D stack:28008 pid:12964 tgid:12964 ppid:1 task_flags:0x400040 flags:0x00080000 [ 885.620561][ T31] Call Trace: [ 885.623941][ T31] [ 885.627062][ T31] __schedule+0x1798/0x4cc0 [ 885.631643][ T31] ? security_file_open+0xb1/0x270 [ 885.636792][ T31] ? __pfx___schedule+0x10/0x10 [ 885.641957][ T31] ? schedule+0x91/0x360 [ 885.646240][ T31] schedule+0x165/0x360 [ 885.650478][ T31] schedule_preempt_disabled+0x13/0x30 [ 885.655961][ T31] __mutex_lock+0x7e6/0x1350 [ 885.660626][ T31] ? __mutex_lock+0x5bb/0x1350 [ 885.665411][ T31] ? misc_open+0x51/0x350 [ 885.669874][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 885.674933][ T31] misc_open+0x51/0x350 [ 885.679151][ T31] chrdev_open+0x4cc/0x5e0 [ 885.683591][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.688581][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 885.694930][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 885.699939][ T31] do_dentry_open+0x953/0x13f0 [ 885.704740][ T31] vfs_open+0x3b/0x340 [ 885.708856][ T31] ? path_openat+0x2ecd/0x3830 [ 885.713648][ T31] path_openat+0x2ee5/0x3830 [ 885.727947][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 885.733496][ T31] ? count_memcg_event_mm+0x21/0x260 [ 885.739678][ T31] ? __pfx_path_openat+0x10/0x10 [ 885.744670][ T31] ? __pfx___up_read+0x10/0x10 [ 885.750888][ T31] ? do_user_addr_fault+0xbbc/0x1380 [ 885.756226][ T31] do_filp_open+0x1fa/0x410 [ 885.762145][ T31] ? __lock_acquire+0xab9/0xd20 [ 885.767028][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 885.774186][ T31] ? _raw_spin_unlock+0x28/0x50 [ 885.779340][ T31] ? alloc_fd+0x64c/0x6c0 [ 885.783707][ T31] do_sys_openat2+0x121/0x1c0 [ 885.788720][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.793949][ T31] ? fd_install+0x97/0x540 [ 885.799296][ T31] ? fd_install+0x30d/0x540 [ 885.803828][ T31] __x64_sys_openat+0x138/0x170 [ 885.809044][ T31] do_syscall_64+0xfa/0xfa0 [ 885.813576][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 885.819208][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.825303][ T31] ? clear_bhb_loop+0x60/0xb0 [ 885.830415][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.836343][ T31] RIP: 0033:0x7fa32218d511 [ 885.844927][ T31] RSP: 002b:00007ffd966132b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 885.853923][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa32218d511 [ 885.863441][ T31] RDX: 0000000000000002 RSI: 00007fa32221284a RDI: 00000000ffffff9c [ 885.873487][ T31] RBP: 00007fa32221284a R08: 0000000000000000 R09: 00007fa322f0d6c0 [ 885.882704][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 885.890955][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 885.899227][ T31] [ 885.902264][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 885.912111][ T31] INFO: task syz-executor:12965 blocked for more than 146 seconds. [ 885.920456][ T31] Not tainted syzkaller #0 [ 885.925408][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 885.934385][ T31] task:syz-executor state:D stack:27048 pid:12965 tgid:12965 ppid:1 task_flags:0x400040 flags:0x00080000 [ 885.946569][ T31] Call Trace: [ 885.953992][ T31] [ 885.956950][ T31] __schedule+0x1798/0x4cc0 [ 885.962439][ T31] ? security_file_open+0xb1/0x270 [ 885.967608][ T31] ? __pfx___schedule+0x10/0x10 [ 885.974385][ T31] ? schedule+0x91/0x360 [ 885.980199][ T31] schedule+0x165/0x360 [ 885.984382][ T31] schedule_preempt_disabled+0x13/0x30 [ 885.991152][ T31] __mutex_lock+0x7e6/0x1350 [ 885.995862][ T31] ? __mutex_lock+0x5bb/0x1350 [ 886.001048][ T31] ? misc_open+0x51/0x350 [ 886.005412][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 886.010888][ T31] misc_open+0x51/0x350 [ 886.015093][ T31] chrdev_open+0x4cc/0x5e0 [ 886.020327][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 886.025293][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 886.032219][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 886.037177][ T31] do_dentry_open+0x953/0x13f0 [ 886.042420][ T31] vfs_open+0x3b/0x340 [ 886.046510][ T31] ? path_openat+0x2ecd/0x3830 [ 886.051673][ T31] path_openat+0x2ee5/0x3830 [ 886.056305][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 886.065753][ T31] ? count_memcg_event_mm+0x21/0x260 [ 886.071217][ T31] ? __pfx_path_openat+0x10/0x10 [ 886.076203][ T31] ? __pfx___up_read+0x10/0x10 [ 886.081245][ T31] ? do_user_addr_fault+0xbbc/0x1380 [ 886.086605][ T31] do_filp_open+0x1fa/0x410 [ 886.091257][ T31] ? __lock_acquire+0xab9/0xd20 [ 886.096306][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 886.101468][ T31] ? _raw_spin_unlock+0x28/0x50 [ 886.106343][ T31] ? alloc_fd+0x64c/0x6c0 [ 886.110799][ T31] do_sys_openat2+0x121/0x1c0 [ 886.115533][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 886.121045][ T31] ? fd_install+0x97/0x540 [ 886.125487][ T31] ? fd_install+0x30d/0x540 [ 886.130342][ T31] __x64_sys_openat+0x138/0x170 [ 886.135204][ T31] do_syscall_64+0xfa/0xfa0 [ 886.139800][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 886.145043][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.151306][ T31] ? clear_bhb_loop+0x60/0xb0 [ 886.156014][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.161971][ T31] RIP: 0033:0x7fd572d8d511 [ 886.166399][ T31] RSP: 002b:00007ffcd6784bd0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 886.174930][ T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd572d8d511 [ 886.183066][ T31] RDX: 0000000000000002 RSI: 00007fd572e1284a RDI: 00000000ffffff9c [ 886.191131][ T31] RBP: 00007fd572e1284a R08: 0000000000000000 R09: 00007fd573b0d6c0 [ 886.199197][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 886.207173][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 886.215316][ T31] [ 886.218406][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 886.227522][ T31] [ 886.227522][ T31] Showing all locks held in the system: [ 886.235390][ T31] 1 lock held by khungtaskd/31: [ 886.240287][ T31] #0: ffffffff8e33d260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 886.250219][ T31] 1 lock held by klogd/5225: [ 886.254817][ T31] #0: ffff8880b863a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 886.264795][ T31] 2 locks held by getty/5628: [ 886.269510][ T31] #0: ffff88814cbed0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 886.279454][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 886.289666][ T31] 1 lock held by syz-executor/5879: [ 886.294869][ T31] #0: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 886.305008][ T31] 3 locks held by kworker/1:5/5980: [ 886.310265][ T31] #0: ffff88813fe81948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 886.321296][ T31] #1: ffffc90004817ba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 886.334868][ T31] #2: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 886.346620][ T31] 2 locks held by syz.0.2006/12846: [ 886.351905][ T31] #0: ffff88807f097100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 886.361863][ T31] #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 886.372067][ T31] 2 locks held by syz.6.2008/12848: [ 886.377276][ T31] #0: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570 [ 886.387492][ T31] #1: ffff88807f097100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 886.397298][ T31] 3 locks held by syz.3.2013/12868: [ 886.402719][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.411245][ T31] #1: ffff88807b4a7100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 886.420871][ T31] #2: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 886.430904][ T31] 1 lock held by syz.5.2014/12880: [ 886.436038][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.444580][ T31] 1 lock held by syz.4.2015/12890: [ 886.449762][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.458259][ T31] 2 locks held by syz.4.2015/12898: [ 886.463471][ T31] #0: ffff888032eaa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 886.473279][ T31] #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 886.483293][ T31] 1 lock held by syz-executor/12957: [ 886.488644][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.497171][ T31] 1 lock held by syz-executor/12960: [ 886.502546][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.511083][ T31] 1 lock held by syz-executor/12961: [ 886.516379][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.524949][ T31] 1 lock held by syz-executor/12964: [ 886.530308][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.538859][ T31] 1 lock held by syz-executor/12965: [ 886.544158][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.552661][ T31] 1 lock held by syz-executor/12971: [ 886.558027][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.566529][ T31] 1 lock held by syz-executor/12974: [ 886.571870][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.580410][ T31] 1 lock held by syz-executor/12975: [ 886.585693][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.594206][ T31] 1 lock held by syz-executor/12978: [ 886.599551][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.608148][ T31] 1 lock held by syz-executor/12979: [ 886.613457][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.621979][ T31] 1 lock held by syz-executor/12985: [ 886.627272][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.635820][ T31] 1 lock held by syz-executor/12988: [ 886.641151][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.649710][ T31] 1 lock held by syz-executor/12989: [ 886.655011][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.663551][ T31] 1 lock held by syz-executor/12992: [ 886.668955][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.677407][ T31] 1 lock held by syz-executor/12993: [ 886.682725][ T31] #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350 [ 886.691253][ T31] [ 886.693607][ T31] ============================================= [ 886.693607][ T31] [ 886.702068][ T31] NMI backtrace for cpu 0 [ 886.702099][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 886.702121][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 886.702132][ T31] Call Trace: [ 886.702138][ T31] [ 886.702146][ T31] dump_stack_lvl+0x189/0x250 [ 886.702176][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 886.702206][ T31] ? __pfx__printk+0x10/0x10 [ 886.702246][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 886.702278][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 886.702311][ T31] ? __pfx__printk+0x10/0x10 [ 886.702342][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 886.702383][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 886.702414][ T31] watchdog+0xf60/0xfa0 [ 886.702444][ T31] ? watchdog+0x1e2/0xfa0 [ 886.702473][ T31] kthread+0x711/0x8a0 [ 886.702498][ T31] ? __pfx_watchdog+0x10/0x10 [ 886.702522][ T31] ? __pfx_kthread+0x10/0x10 [ 886.702545][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 886.702565][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 886.702585][ T31] ? __pfx_kthread+0x10/0x10 [ 886.702606][ T31] ret_from_fork+0x4bc/0x870 [ 886.702635][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 886.702669][ T31] ? __switch_to_asm+0x39/0x70 [ 886.702692][ T31] ? __switch_to_asm+0x33/0x70 [ 886.702716][ T31] ? __pfx_kthread+0x10/0x10 [ 886.702738][ T31] ret_from_fork_asm+0x1a/0x30 [ 886.702780][ T31] [ 886.702787][ T31] Sending NMI from CPU 0 to CPUs 1: [ 886.847717][ C1] NMI backtrace for cpu 1 [ 886.847748][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 886.847768][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 886.847780][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 886.847805][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 4a 23 00 f3 0f 1e fa fb f4 c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 886.847820][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 886.847836][ C1] RAX: 95aba96d91c6a000 RBX: ffffffff8196a2b7 RCX: 95aba96d91c6a000 [ 886.847849][ C1] RDX: 0000000000000001 RSI: ffffffff8dba2d53 RDI: ffffffff8c03aa60 [ 886.847862][ C1] RBP: ffffc90000197f10 R08: ffff8880b8732fdb R09: 1ffff110170e65fb [ 886.847881][ C1] R10: dffffc0000000000 R11: ffffed10170e65fc R12: ffffffff8fc39670 [ 886.847895][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a52b58 [ 886.847908][ C1] FS: 0000000000000000(0000) GS:ffff888125ae7000(0000) knlGS:0000000000000000 [ 886.847923][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 886.847935][ C1] CR2: 00007ffec14e7f2c CR3: 000000000e138000 CR4: 00000000003526f0 [ 886.847950][ C1] Call Trace: [ 886.847959][ C1] [ 886.847966][ C1] default_idle+0x13/0x20 [ 886.847990][ C1] default_idle_call+0x73/0xb0 [ 886.848015][ C1] do_idle+0x1e7/0x510 [ 886.848044][ C1] ? __pfx_do_idle+0x10/0x10 [ 886.848078][ C1] cpu_startup_entry+0x44/0x60 [ 886.848102][ C1] start_secondary+0x101/0x110 [ 886.848124][ C1] common_startup_64+0x13e/0x147 [ 886.848152][ C1] [ 886.848692][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 886.848712][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 886.848739][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 886.848755][ T31] Call Trace: [ 886.848766][ T31] [ 886.848776][ T31] dump_stack_lvl+0x99/0x250 [ 886.848807][ T31] ? __asan_memcpy+0x40/0x70 [ 886.848842][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 886.848875][ T31] ? __pfx__printk+0x10/0x10 [ 886.848922][ T31] vpanic+0x237/0x6d0 [ 886.848949][ T31] ? __pfx_vpanic+0x10/0x10 [ 886.848979][ T31] ? __irq_work_queue_local+0x1de/0x550 [ 886.849019][ T31] panic+0xb9/0xc0 [ 886.849045][ T31] ? __pfx_panic+0x10/0x10 [ 886.849075][ T31] ? irq_work_queue+0xbc/0x140 [ 886.849110][ T31] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 886.849150][ T31] watchdog+0xf9f/0xfa0 [ 886.849195][ T31] ? watchdog+0x1e2/0xfa0 [ 886.849232][ T31] kthread+0x711/0x8a0 [ 886.849263][ T31] ? __pfx_watchdog+0x10/0x10 [ 886.849294][ T31] ? __pfx_kthread+0x10/0x10 [ 886.849322][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 886.849347][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 886.849372][ T31] ? __pfx_kthread+0x10/0x10 [ 886.849399][ T31] ret_from_fork+0x4bc/0x870 [ 886.849436][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 886.849477][ T31] ? __switch_to_asm+0x39/0x70 [ 886.849508][ T31] ? __switch_to_asm+0x33/0x70 [ 886.849538][ T31] ? __pfx_kthread+0x10/0x10 [ 886.849565][ T31] ret_from_fork_asm+0x1a/0x30 [ 886.849617][ T31] [ 887.160377][ T31] Kernel Offset: disabled [ 887.164699][ T31] Rebooting in 86400 seconds..