last executing test programs: 3m12.643312777s ago: executing program 1 (id=1006): unshare(0x22020600) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x20200) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, 0x0) 3m12.405745742s ago: executing program 1 (id=1012): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8801}, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000000c0)=0x6, 0x4) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000056000106000000000000000007"], 0x1c}], 0x1, 0x0, 0x0, 0x40000}, 0x0) 3m12.239204932s ago: executing program 1 (id=1014): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0x42795000) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) ioctl$TCSETS(r0, 0x545c, 0x0) 3m10.509159143s ago: executing program 1 (id=1032): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) bind$802154_raw(r0, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8) 3m10.338423025s ago: executing program 1 (id=1035): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x8, 0xfffffffc, 0xdc64}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r1, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) 3m9.989013897s ago: executing program 1 (id=1039): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000039c0), 0x1, 0x0) write(r0, 0x0, 0x0) write(r0, 0x0, 0x0) 2m54.794565012s ago: executing program 32 (id=1039): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000039c0), 0x1, 0x0) write(r0, 0x0, 0x0) write(r0, 0x0, 0x0) 25.586813336s ago: executing program 3 (id=2809): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) 25.23999693s ago: executing program 3 (id=2812): socket$inet_udp(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0) socket(0x2, 0x3, 0xff) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000080)=0x1) write(r1, &(0x7f0000000480)="f480", 0x2) 24.738581219s ago: executing program 3 (id=2813): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000100)={0x0, 0x7fffffffffffffff, 0x3}) 24.42680908s ago: executing program 3 (id=2816): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp6\x00') pread64(r0, &(0x7f000001a240)=""/102389, 0x18ff5, 0x4) 24.049492648s ago: executing program 3 (id=2820): socket$inet_udp(0x2, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0) socket(0x2, 0x3, 0xff) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000080)=0x1) write(r1, &(0x7f0000000480)="f480", 0x2) 23.762674594s ago: executing program 3 (id=2821): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000f80)=[{&(0x7f0000000200)="2e9b5b00ace03dd65193dfb68561963d86dd000000449c34dcf74b5c85cd6d000000000000000000", 0x28}, {&(0x7f0000000240)="a1c6757dfaadb02100006cf2", 0xc}, {&(0x7f0000000ec0)="4b76d93167f4", 0x6}], 0x3) 4.153216473s ago: executing program 2 (id=2960): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000f80), 0x0) 3.090271652s ago: executing program 2 (id=2965): syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac", 0x4, 0x5, 0xffffffff}], 0x0) r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0x53, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000140)={0x2c, &(0x7f0000000040)={0x0, 0x10, 0x2, {0x2, 0x6}}, 0x0, 0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000005f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r5, @ANYBLOB="0600eb00000800000400ec004a00060008021100000100000600f70000ff000008009e"], 0x44}, 0x1, 0x0, 0x0, 0x40c1}, 0x28000) 2.400068818s ago: executing program 2 (id=2968): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0x0, 0xfff8}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x3, 0x0, 0x2, 0x9, 0x1}, 0x20) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x3b4, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r1, 0x1) r3 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000100)=0x3, 0x4) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x924, r4, 0x300, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x3c}}}}, [@NL80211_ATTR_FRAME={0x8ba, 0x33, @data_frame={@msdu=@type00={{0x0, 0x2, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1a3f}, @broadcast, @broadcast, @random="311d322fb47c", {0x7, 0x7}, "", @void, @value=@ver_80211n={0x0, 0x30, 0x0, 0x2, 0x0, 0x3}}, @random="dce0d3bfa9503579c44c4a0d0718a6a7acb274bc9c5f3847df4f4060f507e6c5ba56f20947b997eb39b2d924a6a7632f11d7a33c359e067c7599404cbf1c16adcd871a92be99b8cd4743c767f23b47838f137626a96e6afcb75e6f38c6adcf3b820b03f94d323f74e0c1317d95a7c5e57b3806dbb8d4aeb38dda3048fdc85bfb12c183b307468b2b9a9248c0a353927deb459e35654ba86c01206459b7328898b1a4f5fec9f33630b0e506e42b6726c95bff84f827a7dd439d25085f9f64b2af15a1e58f708b9c757a1beabb1696f51d3879bb28b9f91f921f0da9a5821aebc4d563e629b17538ed8a43bc72a77e23b30afdee94c154b12fbf32f342a20416bb5533e7b2e3d65befc65f7af8ecd740bd2f08b7594bb7b1b2c1588809ad9e34617a38b0a117bbef9d220e484e5454848574086682381405068ffa7f447c3aadc509a7667249cee7fd0addf6bd3754e992a8b6b2dd42c053e9064b18462b3d812300eba230703ecca9c64591115d4ed831dafedb437178cb6ae15ae3438cdc0ef0638178f576fffe070670bc1eb2c75dd957fe22fcebd63f91e3e148865b9dadbe7777d19a015ac991ce8ddd94736ac6987c385659ba28d37e0dc152ff73abab8b1327ca01e69588c0182c84cacb2ec326f8b0589262b2de125e5cedf4cc1435c53745aca95f5cc2011f23aa3af5577e91b951f338533965e4577454d49df78219c8d5c99ef0775123bb699b3a7c981a21001ac60e3b1f4c4d9e4b6505ae6300d764437e643ac95b8bcd773dc752b18188c4222a358efffb9c82ae779bff5554559fec0ea012b2353724c12933c0e67f6fc0e1ae60aa71dd5344baa51b68d703c5727c765c2d783a17355159205fd1e52dd675a83f8fa885acf907a6861844149387cc0822fd0864051cba7e8aeaef0c1fc707bead937c7b74a147bd7b3ac8752a607290e196a4a486d5aa493ac1a3203dd2ee9e7b096c5680ef3dc5a44243a649a38032a48cf99db43f3f3fe7a7399026c31a0283d59548169b497481922629d6e77b6360d9eddd79a5a71d90485e91200ad67a11f407c8c421847c626c7ef02f35ae50bc2c8a6915ca5d587f3bc4c1de194dcef145cebbee48c4c83b9f2e4830c3e5a93799d895c76888067c9ba3813951206c375d595b7b99761dbfe13e7657ecaa4cdcaac6ec86df3f211e1923085f528d81d0f4c4e1f5691704cc37d6a1d4a3a79391360560a4b3beb291f3a89433ce2ad6c213df2bfc6fbd5b06be93325f668616bffa7f46a8bb4255fada9dc9899ced4e4037030ff3009cfefbc598b416c72e79077b7b7a86519704f4cf235a1ee1134fd3a2e98dabd2edf1747843c62029751f0eb9d6151dc6814e23f21a7480477fc4a31d58637e0e2382cbc4b629f4a83c0f7983d49c4f8657672649f00081d40a784f37197fc15bed2d792ef51d0998dc707c6bbe999751ff18f0cc32166d678c080ae5ff0976d71c5dcc2be74fd506e44eb586cd8fd41bcd8e9469625540e01b780be977eaf424567dd390d068b87ffdc9cb93205a7a9e43b013165fcf30a8dfe3a01510ab43fa3313be169c3dd1351c2b724746e79d5f0551806452f8a2ee69b5cfb18352ffef19c460f5f380f9764c8e108b6f6af874ad84adb8401cf78291bca5bef61bc85732dd554f2ff36975aa8d61f26d3a33b529cfbfe1440775f7758e247959cfbe41f7b26dcbd3e9cd9a586f7d4bdc01c2fc2b0d50465d709c95d1b4aeb73f820f256c07676707aefb4c4fa2c1ac815d80398dae6dbbd0d6f1fb66eaa2f5fe483d9643d2a1eebe1b61f365eb0ef3dca0546ba428ef1c4e33f0f836577ae8c23e88d516a35a33727bbaed9a31950382b349b616040505bb0d13ef0968234acfe42a1d904f21ba93393cbb447c52f8c7f18f9b41e6c53122f1728ff90fbed35ce47cff1aa61c92078f05def89c0f2a7e2576a153b34e83d87b561e030e714003352f612840f0afad83bb8897a14ea7464abb87f6965f04762dd119e384eb6ae7ea046e916c66ec2f9708a1ce6d676baa7cfb087851f779588f46f6f67b8225d462a44bb9f607958319aa1c8b06c529d9fd827df389a5156006b8f7701a835c76d8717f5732cce479bdd723ac91af2efee73e527b67e20531904ae99b8fd9c5bb745d1c3888730670e69d1f756e661e6f859ad59b38a2c549dcfd7442388df8808772425d19a032e36f5c6517451050fee00509243a9675a8f3c239b13d4fed6700c26c39e2c8bb2eafb64fff82ebf7e71e6a8284b69811bb150e463493b36b77884c7dc8bb15bb4f2b8a4e00757b7c6cf4357b170b734fa874f792e703820f33f5fd92ff1fde35d2ad813a6cb8953fcfd750fdf0bcaa5305ed63d700a38ac6923a6f1105c926306c2faccee2af170cc46289481ea583c6bb5f40e8846e837717ee772f1b376894b629c4632268c3c80d71c1a99c3a5b5a8e260714d25ab7487cd8ed9c41547f9996597d048580a6f3c76e4d1e0405eb0d01703f68df514fa54ac73e7130d0b612f99a06f576fd824600ef2a87ecf76ab80de5dd12ae9ae7bfed2ec69288080476af167755e4c0846afa42839d4fad60fda27f052e19c6fd50d30d0571118ca19d24a34012db73e9d04be73a4f1ba79d999220ab1c39a178e94025b5ae5426a5572d1c08733243868f0bccf4f1a5b7d763ee3f23c0a57a5d3dbaf5c94c1f723fe5cb636191c47c0604c37cac139705259a43e69d8ba290036423f9f4e04c11773d8c41a9a853539b51b822d5b0f8cafb4922debea6dda18274f14161a4ee3b378a55c13e39859499029d8d8fcae36aba400f0d47c77193a9c6fd3cd3e9e98dea08dd49ae9fb52102fe933860e332a058f6c76773608871ea8dddcbddde8b6af21aa509110dd647bdfa2245cfb7c3274a0fa13f91fd70f92356a8a43ae37df48deed1b802681973c3c0bc70abba1c2e1e647c670ee770681cfb436bc2dbd01c92d9ba79a2b1bfc8f4fb37116081d8f492d32e6e8cdba1b538a545a90472d78ead0e7f2f3f218a9fbfe86edbfb50e7f7ecef342a914bacc03b06167e0e510a45e9bad24aa53b06b6cb5c1ec0ffee86b5e8e7d98e9d13ce136a6e0585e9e5f5"}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x924}, 0x1, 0x0, 0x0, 0x20000080}, 0x804) accept4(r3, 0x0, 0x0, 0x80800) 2.242142355s ago: executing program 2 (id=2969): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) ioctl$sock_netdev_private(r0, 0x89f1, &(0x7f0000000000)) 2.241259743s ago: executing program 4 (id=2977): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, 0x0, 0x4000) 2.108430617s ago: executing program 4 (id=2970): keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0xffffffff}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4001, 0x800000, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) listen(r4, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000", 0x42}], 0x1) 1.971672846s ago: executing program 2 (id=2972): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000f80), 0x0) 1.891691451s ago: executing program 4 (id=2973): syz_io_uring_setup(0x1dc4, &(0x7f0000000180)={0x0, 0x751b, 0x100, 0x1, 0x144}, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "2d9421fe8a4c9563", "cf6ff9ff337ed301000100c747fbbfc1", "dbdc27ff", "16de86d67a8426bd"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.731722948s ago: executing program 0 (id=2976): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) preadv(0xffffffffffffffff, 0x0, 0x0, 0x108c, 0x8) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"}) 1.603681869s ago: executing program 4 (id=2978): r0 = inotify_init1(0x0) read(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) 1.316552713s ago: executing program 0 (id=2979): sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x30}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7040010000000f00000008000300", @ANYRES32=r2, @ANYBLOB="0800320005000000050033"], 0x2c}}, 0x18) 1.242730661s ago: executing program 2 (id=2980): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575", 0xe}, {&(0x7f00000001c0)="31020002", 0x4}, {0x0}], 0x3) 1.131924325s ago: executing program 0 (id=2981): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x30, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb8}}, 0x0) 895.386829ms ago: executing program 0 (id=2982): setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x2, 0x1}}, 0x2e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000080)=0x1) write(r3, &(0x7f0000000480)="f480", 0x2) 698.845151ms ago: executing program 0 (id=2983): r0 = syz_open_dev$loop(&(0x7f0000000240), 0xfffffbff7ffffffb, 0x1222e2) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000280)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x7fffffffffffffff]}}) 495.279873ms ago: executing program 4 (id=2984): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) 131.808961ms ago: executing program 0 (id=2985): keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0xffffffff}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4001, 0x800000, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) listen(r4, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000", 0x42}], 0x1) 0s ago: executing program 4 (id=2986): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) preadv(0xffffffffffffffff, 0x0, 0x0, 0x108c, 0x8) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"}) kernel console output (not intermixed with test programs): val 1, probability 0, space 0, times 0 [ 216.098692][ T7353] CPU: 1 UID: 0 PID: 7353 Comm: syz.0.516 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 216.098724][ T7353] Tainted: [L]=SOFTLOCKUP [ 216.098733][ T7353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 216.098747][ T7353] Call Trace: [ 216.098756][ T7353] [ 216.098766][ T7353] dump_stack_lvl+0xe8/0x150 [ 216.098800][ T7353] should_fail_ex+0x46b/0x600 [ 216.098841][ T7353] __kvm_read_guest_page+0x18d/0x240 [ 216.098880][ T7353] kvm_fetch_guest_virt+0x12b/0x170 [ 216.098917][ T7353] ? __pfx_kvm_fetch_guest_virt+0x10/0x10 [ 216.098947][ T7353] __do_insn_fetch_bytes+0x31c/0x6d0 [ 216.098991][ T7353] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 216.099033][ T7353] ? x86_decode_insn+0x171c/0x5e00 [ 216.099071][ T7353] x86_decode_insn+0x38e/0x5e00 [ 216.099118][ T7353] ? __lock_acquire+0x6b5/0x2d10 [ 216.099179][ T7353] ? __pfx_x86_decode_insn+0x10/0x10 [ 216.099212][ T7353] ? is_bpf_text_address+0x26/0x2b0 [ 216.099250][ T7353] ? vmx_read_guest_seg_ar+0x3e9/0x640 [ 216.099289][ T7353] ? __asan_memset+0x22/0x50 [ 216.099314][ T7353] ? init_decode_cache+0xf3/0x160 [ 216.099350][ T7353] ? init_emulate_ctxt+0x533/0x6e0 [ 216.099384][ T7353] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 216.099416][ T7353] ? kvm_multiple_exception+0x2b0/0x950 [ 216.099446][ T7353] x86_emulate_instruction+0x315/0x2030 [ 216.099502][ T7353] ? __lock_acquire+0x6b5/0x2d10 [ 216.099539][ T7353] ? __lock_acquire+0x6b5/0x2d10 [ 216.099565][ T7353] ? __pfx_x86_emulate_instruction+0x10/0x10 [ 216.099600][ T7353] ? do_raw_spin_lock+0x12b/0x2f0 [ 216.099626][ T7353] ? vmx_handle_exit_irqoff+0xff/0xac0 [ 216.099652][ T7353] ? vmx_read_guest_seg_ar+0x399/0x640 [ 216.099696][ T7353] handle_ud+0x19e/0x680 [ 216.099725][ T7353] ? __lock_acquire+0x6b5/0x2d10 [ 216.099754][ T7353] ? __pfx_handle_ud+0x10/0x10 [ 216.099775][ T7353] ? __lock_acquire+0x6b5/0x2d10 [ 216.099806][ T7353] ? clear_bhb_loop+0x40/0x90 [ 216.099836][ T7353] ? rcu_is_watching+0x15/0xb0 [ 216.099873][ T7353] ? handle_exception_nmi+0x2df/0x1330 [ 216.099910][ T7353] ? __pfx_handle_exception_nmi+0x10/0x10 [ 216.099943][ T7353] vmx_handle_exit+0x1081/0x17e0 [ 216.099988][ T7353] vcpu_run+0x5c5b/0x7830 [ 216.100013][ T7353] ? segmented_read+0x2d0/0x3f0 [ 216.100049][ T7353] ? vcpu_run+0x4982/0x7830 [ 216.100115][ T7353] ? __pfx_vcpu_run+0x10/0x10 [ 216.100148][ T7353] ? __asan_memcpy+0x40/0x70 [ 216.100173][ T7353] ? complete_emulated_mmio+0x53e/0x900 [ 216.100219][ T7353] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 216.100257][ T7353] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 216.100274][ T7353] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 216.100340][ T7353] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 216.100378][ T7353] ? lockdep_hardirqs_on+0x7a/0x110 [ 216.100410][ T7353] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 216.100442][ T7353] ? _mutex_lock_killable+0x152/0x1d0 [ 216.100461][ T7353] ? kvm_vcpu_ioctl+0x283/0xfe0 [ 216.100513][ T7353] kvm_vcpu_ioctl+0xa65/0xfe0 [ 216.100553][ T7353] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 216.100607][ T7353] ? __fget_files+0x2a/0x420 [ 216.100628][ T7353] ? __fget_files+0x2a/0x420 [ 216.100660][ T7353] ? __fget_files+0x3a6/0x420 [ 216.100686][ T7353] ? __fget_files+0x2a/0x420 [ 216.100719][ T7353] ? bpf_lsm_file_ioctl+0x9/0x20 [ 216.100750][ T7353] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 216.100784][ T7353] __se_sys_ioctl+0xff/0x170 [ 216.100812][ T7353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.100859][ T7353] do_syscall_64+0x174/0x580 [ 216.100894][ T7353] ? trace_irq_disable+0x3b/0x140 [ 216.100920][ T7353] ? clear_bhb_loop+0x40/0x90 [ 216.100947][ T7353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.100975][ T7353] RIP: 0033:0x7f1293f7ce59 [ 216.100991][ T7353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.101020][ T7353] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 216.101045][ T7353] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 216.101063][ T7353] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 216.101078][ T7353] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 216.101092][ T7353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.101107][ T7353] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 216.101142][ T7353] [ 217.138417][ T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 217.327670][ T10] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 217.327779][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.392626][ T10] usb 3-1: config 0 descriptor?? [ 217.445480][ T7363] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.519'. [ 217.530474][ T5812] f81534a_ctrl 4-1:6.221: probe with driver f81534a_ctrl failed with error -71 [ 217.563270][ T5812] usb 4-1: USB disconnect, device number 26 [ 217.641127][ T7365] netlink: 14 bytes leftover after parsing attributes in process `syz.0.519'. [ 218.650915][ T5702] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 218.703219][ T5601] usb 2-1: USB disconnect, device number 34 [ 218.800316][ T5702] ath9k_htc: Failed to initialize the device [ 218.806677][ T5601] usb 2-1: ath9k_htc: USB layer deinitialized [ 219.010806][ T10] usb 3-1: Cannot set MAC address [ 219.011086][ T10] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 219.082959][ T10] usb 3-1: USB disconnect, device number 35 [ 219.342739][ T7385] FAULT_INJECTION: forcing a failure. [ 219.342739][ T7385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.342780][ T7385] CPU: 1 UID: 0 PID: 7385 Comm: syz.1.525 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 219.342810][ T7385] Tainted: [L]=SOFTLOCKUP [ 219.342818][ T7385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 219.342833][ T7385] Call Trace: [ 219.342841][ T7385] [ 219.342850][ T7385] dump_stack_lvl+0xe8/0x150 [ 219.342883][ T7385] should_fail_ex+0x46b/0x600 [ 219.342924][ T7385] _copy_from_user+0x2d/0xb0 [ 219.342951][ T7385] ____sys_sendmsg+0x30d/0x870 [ 219.342995][ T7385] ? __pfx_____sys_sendmsg+0x10/0x10 [ 219.343040][ T7385] ? import_iovec+0x73/0xa0 [ 219.343071][ T7385] ___sys_sendmsg+0x2a5/0x360 [ 219.343106][ T7385] ? __lock_acquire+0x6b5/0x2d10 [ 219.343138][ T7385] ? __pfx____sys_sendmsg+0x10/0x10 [ 219.343209][ T7385] ? __fget_files+0x2a/0x420 [ 219.343235][ T7385] ? __fget_files+0x3a6/0x420 [ 219.343272][ T7385] __x64_sys_sendmsg+0x1c3/0x2a0 [ 219.343308][ T7385] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 219.343354][ T7385] ? rcu_is_watching+0x15/0xb0 [ 219.343408][ T7385] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.343434][ T7385] do_syscall_64+0x174/0x580 [ 219.343469][ T7385] ? trace_irq_disable+0x3b/0x140 [ 219.343495][ T7385] ? clear_bhb_loop+0x40/0x90 [ 219.343533][ T7385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.343556][ T7385] RIP: 0033:0x7fc7ca08ce59 [ 219.343575][ T7385] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.343594][ T7385] RSP: 002b:00007fc7c82e6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.343620][ T7385] RAX: ffffffffffffffda RBX: 00007fc7ca305fa0 RCX: 00007fc7ca08ce59 [ 219.343637][ T7385] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 219.343652][ T7385] RBP: 00007fc7c82e6090 R08: 0000000000000000 R09: 0000000000000000 [ 219.343667][ T7385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.343681][ T7385] R13: 00007fc7ca306038 R14: 00007fc7ca305fa0 R15: 00007fffa1b39408 [ 219.343716][ T7385] [ 219.618082][ T7390] netlink: 'syz.0.529': attribute type 1 has an invalid length. [ 219.618105][ T7390] netlink: 748 bytes leftover after parsing attributes in process `syz.0.529'. [ 219.685979][ T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 219.865873][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 219.882116][ T10] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 219.882149][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.882172][ T10] usb 4-1: Product: syz [ 219.882187][ T10] usb 4-1: Manufacturer: syz [ 219.882204][ T10] usb 4-1: SerialNumber: syz [ 219.925093][ T10] usb 4-1: config 0 descriptor?? [ 220.180644][ T7410] netlink: 120 bytes leftover after parsing attributes in process `syz.2.535'. [ 220.394484][ T38] audit: type=1326 audit(1780764453.069:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7414 comm="syz.2.537" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f907481ce59 code=0x0 [ 220.466126][ T5601] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 220.514073][ T10] airspy 4-1:0.0: usb_control_msg() failed -71 request 09 [ 220.514165][ T10] airspy 4-1:0.0: Could not detect board [ 220.514259][ T10] airspy 4-1:0.0: probe with driver airspy failed with error -71 [ 220.552891][ T10] usb 4-1: USB disconnect, device number 27 [ 220.619442][ T5601] usb 1-1: Using ep0 maxpacket: 8 [ 220.674725][ T5601] usb 1-1: unable to get BOS descriptor or descriptor too short [ 220.676824][ T5601] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 220.676862][ T5601] usb 1-1: can't read configurations, error -71 [ 220.721091][ T7416] kAFS: unable to lookup cell '' [ 221.145987][ T5702] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 221.305879][ T5702] usb 2-1: Using ep0 maxpacket: 8 [ 221.323613][ T5702] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.323670][ T5702] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 221.323699][ T5702] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 221.323724][ T5702] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 221.388607][ T5702] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 221.388641][ T5702] usb 2-1: New USB device strings: Mfr=1, Product=247, SerialNumber=35 [ 221.388665][ T5702] usb 2-1: Product: syz [ 221.388681][ T5702] usb 2-1: Manufacturer: syz [ 221.388697][ T5702] usb 2-1: SerialNumber: syz [ 221.450577][ T5702] usb 2-1: config 0 descriptor?? [ 221.517116][ T7433] FAULT_INJECTION: forcing a failure. [ 221.517116][ T7433] name failslab, interval 1, probability 0, space 0, times 0 [ 221.517159][ T7433] CPU: 1 UID: 0 PID: 7433 Comm: syz.2.542 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 221.517191][ T7433] Tainted: [L]=SOFTLOCKUP [ 221.517199][ T7433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 221.517214][ T7433] Call Trace: [ 221.517222][ T7433] [ 221.517232][ T7433] dump_stack_lvl+0xe8/0x150 [ 221.517265][ T7433] should_fail_ex+0x46b/0x600 [ 221.517306][ T7433] should_failslab+0xa8/0x100 [ 221.517340][ T7433] __kmalloc_noprof+0xdf/0x7b0 [ 221.517380][ T7433] ? shrinker_alloc+0x322/0xb10 [ 221.517402][ T7433] ? __list_lru_init+0xbe/0x600 [ 221.517437][ T7433] ? __rt_spin_lock_init+0x3e/0x50 [ 221.517475][ T7433] __list_lru_init+0xbe/0x600 [ 221.517520][ T7433] alloc_super+0x879/0xac0 [ 221.517550][ T7433] ? rt_spin_unlock+0x160/0x200 [ 221.517578][ T7433] ? __pfx_afs_dynroot_test_super+0x10/0x10 [ 221.517604][ T7433] sget_fc+0x329/0xa40 [ 221.517636][ T7433] ? __pfx_afs_set_super+0x10/0x10 [ 221.517664][ T7433] afs_get_tree+0x6f4/0x1170 [ 221.517687][ T7433] ? apparmor_capable+0x126/0x170 [ 221.517726][ T7433] vfs_get_tree+0x92/0x2a0 [ 221.517762][ T7433] do_new_mount+0x341/0xd30 [ 221.517787][ T7433] ? apparmor_capable+0x126/0x170 [ 221.517823][ T7433] ? __pfx_do_new_mount+0x10/0x10 [ 221.517849][ T7433] ? ns_capable+0x89/0xe0 [ 221.517889][ T7433] ? user_path_at+0xd4/0x160 [ 221.517924][ T7433] ? user_path_at+0xd4/0x160 [ 221.517956][ T7433] __se_sys_mount+0x31d/0x420 [ 221.517990][ T7433] ? __pfx___se_sys_mount+0x10/0x10 [ 221.518024][ T7433] ? __x64_sys_mount+0x20/0xc0 [ 221.518051][ T7433] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.518076][ T7433] do_syscall_64+0x174/0x580 [ 221.518110][ T7433] ? trace_irq_disable+0x3b/0x140 [ 221.518137][ T7433] ? clear_bhb_loop+0x40/0x90 [ 221.518166][ T7433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.518189][ T7433] RIP: 0033:0x7f907481ce59 [ 221.518210][ T7433] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.518231][ T7433] RSP: 002b:00007f9072a76028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 221.518255][ T7433] RAX: ffffffffffffffda RBX: 00007f9074a95fa0 RCX: 00007f907481ce59 [ 221.518273][ T7433] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000200000000100 [ 221.518289][ T7433] RBP: 00007f9072a76090 R08: 0000200000000380 R09: 0000000000000000 [ 221.518306][ T7433] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002 [ 221.518320][ T7433] R13: 00007f9074a96038 R14: 00007f9074a95fa0 R15: 00007ffe6c903eb8 [ 221.518362][ T7433] [ 221.533525][ T5702] radio-si470x 2-1:0.0: could not find interrupt in endpoint [ 221.533805][ T5702] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 221.576837][ T5702] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 221.929063][ T7435] netlink: 120 bytes leftover after parsing attributes in process `syz.2.545'. [ 222.138180][ T7443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.304884][ T7445] mmap: syz.2.547 (7445) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 222.306093][ T5618] Bluetooth: hci0: command 0x0c1a tx timeout [ 222.332717][ T60] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 222.408881][ T10] usb 4-1: new low-speed USB device number 28 using dummy_hcd [ 222.578615][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 8 [ 222.582721][ T10] usb 4-1: string descriptor 0 read error: -22 [ 222.582877][ T10] usb 4-1: New USB device found, idVendor=249c, idProduct=9006, bcdDevice= 0.40 [ 222.582905][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.626482][ T7443] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 222.658626][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 222.658686][ T10] usb 4-1: MIDIStreaming interface descriptor not found [ 222.933270][ T10] usb 4-1: USB disconnect, device number 28 [ 223.766074][ T7482] sg_write: data in/out 62/136 bytes for SCSI command 0x0-- guessing data in; [ 223.766074][ T7482] program syz.3.561 not setting count and/or reply_len properly [ 223.809312][ T7486] netlink: 120 bytes leftover after parsing attributes in process `syz.2.564'. [ 223.950708][ T5806] usb 2-1: USB disconnect, device number 35 [ 224.002535][ T7490] tmpfs: Bad value for 'mpol' [ 224.005509][ T7490] netlink: 'syz.2.566': attribute type 3 has an invalid length. [ 224.095928][ T10] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 224.246498][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 224.248393][ T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 224.248421][ T10] usb 1-1: config 0 has no interface number 0 [ 224.248465][ T10] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.248486][ T10] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.248513][ T10] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 224.248531][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.252837][ T10] usb 1-1: config 0 descriptor?? [ 224.459608][ T5806] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 224.616866][ T5806] usb 2-1: Using ep0 maxpacket: 16 [ 224.630731][ T5806] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 224.630760][ T5806] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.630779][ T5806] usb 2-1: Product: syz [ 224.630793][ T5806] usb 2-1: Manufacturer: syz [ 224.630806][ T5806] usb 2-1: SerialNumber: syz [ 224.681287][ T10] usbhid 1-1:0.1: can't add hid device: -71 [ 224.681405][ T10] usbhid 1-1:0.1: probe with driver usbhid failed with error -71 [ 224.705002][ T5806] usb 2-1: config 0 descriptor?? [ 224.724199][ T10] usb 1-1: USB disconnect, device number 31 [ 224.738889][ T5806] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 224.804815][ T7505] netlink: 'syz.2.571': attribute type 5 has an invalid length. [ 225.138238][ T5806] usb 2-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 225.255877][ T10] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 225.396000][ T10] usb 4-1: device descriptor read/64, error -71 [ 225.570378][ T5709] usb 2-1: USB disconnect, device number 36 [ 225.602658][ T5709] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 225.620420][ T5709] visor 2-1:0.0: device disconnected [ 225.645969][ T10] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 225.786746][ T10] usb 4-1: device descriptor read/64, error -71 [ 225.897382][ T10] usb usb4-port1: attempt power cycle [ 225.968551][ T7526] sg_write: data in/out 418780/98 bytes for SCSI command 0x0-- guessing data in; [ 225.968551][ T7526] program syz.2.579 not setting count and/or reply_len properly [ 226.265932][ T10] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 226.288832][ T10] usb 4-1: device descriptor read/8, error -71 [ 226.518248][ T7547] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.537595][ T10] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 226.539911][ T7547] syzkaller0: entered promiscuous mode [ 226.539940][ T7547] syzkaller0: entered allmulticast mode [ 226.542101][ T7547] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 226.573931][ T10] usb 4-1: device descriptor read/8, error -71 [ 226.686189][ T10] usb usb4-port1: unable to enumerate USB device [ 227.256272][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 227.298792][ T7562] netlink: 28 bytes leftover after parsing attributes in process `syz.1.596'. [ 227.424743][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 227.424777][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.452477][ T10] usb 1-1: config 0 descriptor?? [ 227.470199][ T10] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 227.764492][ T10] gspca_stv06xx: I2C: Read error writing address: -71 [ 227.777854][ T10] usb 1-1: USB disconnect, device number 32 [ 228.336331][ T7594] tmpfs: Bad value for 'mpol' [ 228.342352][ T7594] netlink: 'syz.3.607': attribute type 3 has an invalid length. [ 228.826084][ T5601] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 228.918112][ T5716] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 228.977582][ T5601] usb 3-1: Using ep0 maxpacket: 16 [ 228.980837][ T5601] usb 3-1: config index 0 descriptor too short (expected 51443, got 18) [ 228.985345][ T5601] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 228.985374][ T5601] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.985396][ T5601] usb 3-1: Product: syz [ 228.985412][ T5601] usb 3-1: Manufacturer: syz [ 228.985427][ T5601] usb 3-1: SerialNumber: syz [ 229.047854][ T5716] usb 2-1: device descriptor read/64, error -71 [ 229.050975][ T5601] r8152-cfgselector 3-1: Unknown version 0x0000 [ 229.050999][ T5601] r8152-cfgselector 3-1: config 0 descriptor?? [ 229.275865][ T5757] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 229.288099][ T5716] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 229.436733][ T5716] usb 2-1: device descriptor read/64, error -71 [ 229.461967][ T5757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.462004][ T5757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.462022][ T5757] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 229.462053][ T5757] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 229.462071][ T5757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.490357][ T5757] usb 4-1: config 0 descriptor?? [ 229.537487][ T5702] r8152-cfgselector 3-1: USB disconnect, device number 36 [ 229.581375][ T5716] usb usb2-port1: attempt power cycle [ 229.667117][ T5812] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 229.729065][ T7617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.730214][ T7617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.835872][ T5812] usb 1-1: Using ep0 maxpacket: 8 [ 229.837779][ T5812] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 229.837824][ T5812] usb 1-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice= 0.00 [ 229.837848][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.844549][ T5812] usb 1-1: config 0 descriptor?? [ 229.946954][ T5757] plantronics 0003:047F:FFFF.0008: unknown global tag 0xc [ 229.946979][ T5757] plantronics 0003:047F:FFFF.0008: item 0 4 1 12 parsing failed [ 229.947800][ T5757] plantronics 0003:047F:FFFF.0008: parse failed [ 229.947906][ T5757] plantronics 0003:047F:FFFF.0008: probe with driver plantronics failed with error -22 [ 229.952685][ T5716] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 229.968168][ T5716] usb 2-1: device descriptor read/8, error -71 [ 230.138110][ T5757] usb 4-1: USB disconnect, device number 33 [ 230.206157][ T5716] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 230.258719][ T5716] usb 2-1: device descriptor read/8, error -71 [ 230.366642][ T5716] usb usb2-port1: unable to enumerate USB device [ 230.822689][ T5812] usbhid 1-1:0.0: can't add hid device: -71 [ 230.822823][ T5812] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 230.855085][ T5812] usb 1-1: USB disconnect, device number 33 [ 231.083582][ T7644] netlink: 188 bytes leftover after parsing attributes in process `syz.3.627'. [ 231.118274][ T7644] binder: BINDER_SET_CONTEXT_MGR already set [ 231.118299][ T7644] binder: 7643:7644 ioctl 4018620d 200000004a80 returned -16 [ 231.412460][ T7653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.631'. [ 231.413063][ T7653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.631'. [ 231.456352][ T5812] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 231.616124][ T5812] usb 3-1: Using ep0 maxpacket: 8 [ 231.619011][ T5812] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.619049][ T5812] usb 3-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 231.619079][ T5812] usb 3-1: config 0 interface 0 has no altsetting 0 [ 231.619116][ T5812] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 231.619142][ T5812] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.683012][ T5812] usb 3-1: config 0 descriptor?? [ 231.816102][ T5709] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 231.982243][ T5709] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 231.982279][ T5709] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.982304][ T5709] usb 4-1: Product: syz [ 231.982320][ T5709] usb 4-1: Manufacturer: syz [ 231.982336][ T5709] usb 4-1: SerialNumber: syz [ 232.050174][ T5709] usb 4-1: config 0 descriptor?? [ 232.579458][ T5812] corsair 0003:1B1C:1B3E.0009: unknown main item tag 0x0 [ 232.663520][ T5812] corsair 0003:1B1C:1B3E.0009: hidraw0: USB HID vff.ff Device [HID 1b1c:1b3e] on usb-dummy_hcd.2-1/input0 [ 232.696687][ T5812] usb 3-1: USB disconnect, device number 37 [ 232.933684][ T7685] fido_id[7685]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 233.089343][ T5709] usb 4-1: f81604_read: reg: 100f failed: -EPIPE [ 233.566266][ T5716] usb 4-1: USB disconnect, device number 34 [ 233.567134][ T5274] usb 4-1: f81604_read: reg: 100f failed: -EPROTO [ 233.567337][ T5274] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 233.763134][ T5716] usb 4-1: f81604_read: reg: 100f failed: -ENODEV [ 233.848996][ T7705] netlink: 'syz.1.654': attribute type 5 has an invalid length. [ 233.849022][ T7705] netlink: 12 bytes leftover after parsing attributes in process `syz.1.654'. [ 233.849056][ T7705] netlink: 'syz.1.654': attribute type 1 has an invalid length. [ 233.944279][ T7701] C: renamed from veth1_to_team (while UP) [ 233.985382][ T7701] netlink: 'syz.2.653': attribute type 1 has an invalid length. [ 233.985420][ T7701] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 234.064348][ T5716] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 234.176681][ T5709] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 234.337149][ T5709] usb 2-1: Using ep0 maxpacket: 16 [ 234.358257][ T5709] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 234.358291][ T5709] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 234.381727][ T5709] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 234.381761][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.381784][ T5709] usb 2-1: Product: syz [ 234.381800][ T5709] usb 2-1: Manufacturer: syz [ 234.381816][ T5709] usb 2-1: SerialNumber: syz [ 234.428445][ T5709] usb 2-1: config 0 descriptor?? [ 234.448953][ T5709] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 234.448993][ T5709] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 235.038613][ T5709] em28xx 2-1:0.0: chip ID is em2800 [ 235.240892][ T7711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.656'. [ 235.394106][ T5709] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 235.395399][ T5709] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 235.395420][ T5709] em28xx 2-1:0.0: No AC97 audio processor [ 235.460270][ T5709] usb 2-1: USB disconnect, device number 41 [ 235.476177][ T5709] em28xx 2-1:0.0: Disconnecting em28xx [ 235.499902][ T5709] em28xx 2-1:0.0: Freeing device [ 235.652873][ T7754] FAULT_INJECTION: forcing a failure. [ 235.652873][ T7754] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.652915][ T7754] CPU: 1 UID: 0 PID: 7754 Comm: syz.0.668 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 235.652948][ T7754] Tainted: [L]=SOFTLOCKUP [ 235.652957][ T7754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 235.652971][ T7754] Call Trace: [ 235.652980][ T7754] [ 235.652990][ T7754] dump_stack_lvl+0xe8/0x150 [ 235.653024][ T7754] should_fail_ex+0x46b/0x600 [ 235.653064][ T7754] _copy_from_user+0x2d/0xb0 [ 235.653090][ T7754] __copy_msghdr+0x3c5/0x5b0 [ 235.653133][ T7754] ___sys_sendmsg+0x213/0x360 [ 235.653168][ T7754] ? __lock_acquire+0x6b5/0x2d10 [ 235.653200][ T7754] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.653270][ T7754] ? __fget_files+0x2a/0x420 [ 235.653297][ T7754] ? __fget_files+0x3a6/0x420 [ 235.653335][ T7754] __x64_sys_sendmsg+0x1c3/0x2a0 [ 235.653375][ T7754] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 235.653441][ T7754] ? __pfx_ksys_write+0x10/0x10 [ 235.653482][ T7754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.653507][ T7754] do_syscall_64+0x174/0x580 [ 235.653540][ T7754] ? trace_irq_disable+0x3b/0x140 [ 235.653566][ T7754] ? clear_bhb_loop+0x40/0x90 [ 235.653593][ T7754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.653615][ T7754] RIP: 0033:0x7f1293f7ce59 [ 235.653637][ T7754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 235.653656][ T7754] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.653680][ T7754] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 235.653701][ T7754] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000004 [ 235.653733][ T7754] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 235.653747][ T7754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.653762][ T7754] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 235.653795][ T7754] [ 236.249325][ T7768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.886571][ T7798] raw_sendmsg: syz.1.680 forgot to set AF_INET. Fix it! [ 237.704657][ T7822] FAULT_INJECTION: forcing a failure. [ 237.704657][ T7822] name failslab, interval 1, probability 0, space 0, times 0 [ 237.704690][ T7822] CPU: 0 UID: 0 PID: 7822 Comm: syz.3.687 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 237.704713][ T7822] Tainted: [L]=SOFTLOCKUP [ 237.704719][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 237.704729][ T7822] Call Trace: [ 237.704735][ T7822] [ 237.704742][ T7822] dump_stack_lvl+0xe8/0x150 [ 237.704767][ T7822] should_fail_ex+0x46b/0x600 [ 237.704795][ T7822] should_failslab+0xa8/0x100 [ 237.704818][ T7822] kmem_cache_alloc_noprof+0x87/0x680 [ 237.704838][ T7822] ? alloc_file_pseudo_noaccount+0x15d/0x310 [ 237.704862][ T7822] alloc_file_pseudo_noaccount+0x15d/0x310 [ 237.704883][ T7822] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 237.704906][ T7822] ? ilookup+0x169/0x1c0 [ 237.704932][ T7822] bdev_file_open_by_dev+0x181/0x240 [ 237.704960][ T7822] setup_bdev_super+0x5a/0x5b0 [ 237.704986][ T7822] get_tree_bdev_flags+0x389/0x4f0 [ 237.705010][ T7822] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 237.705031][ T7822] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 237.705062][ T7822] vfs_get_tree+0x92/0x2a0 [ 237.705087][ T7822] do_new_mount+0x341/0xd30 [ 237.705108][ T7822] ? apparmor_capable+0x126/0x170 [ 237.705165][ T7822] ? __pfx_do_new_mount+0x10/0x10 [ 237.705191][ T7822] ? ns_capable+0x89/0xe0 [ 237.705229][ T7822] ? user_path_at+0xd4/0x160 [ 237.705263][ T7822] ? user_path_at+0xd4/0x160 [ 237.705296][ T7822] __se_sys_mount+0x31d/0x420 [ 237.705331][ T7822] ? __pfx___se_sys_mount+0x10/0x10 [ 237.705361][ T7822] ? __x64_sys_mount+0x20/0xc0 [ 237.705379][ T7822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.705397][ T7822] do_syscall_64+0x174/0x580 [ 237.705421][ T7822] ? trace_irq_disable+0x3b/0x140 [ 237.705440][ T7822] ? clear_bhb_loop+0x40/0x90 [ 237.705459][ T7822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.705476][ T7822] RIP: 0033:0x7f1abea2ce59 [ 237.705491][ T7822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 237.705505][ T7822] RSP: 002b:00007f1abcc86028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 237.705523][ T7822] RAX: ffffffffffffffda RBX: 00007f1abeca5fa0 RCX: 00007f1abea2ce59 [ 237.705535][ T7822] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000200000000000 [ 237.705547][ T7822] RBP: 00007f1abcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 237.705557][ T7822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.705567][ T7822] R13: 00007f1abeca6038 R14: 00007f1abeca5fa0 R15: 00007ffefded6588 [ 237.705596][ T7822] [ 237.803538][ T7822] /dev/loop3: Can't open blockdev [ 238.273340][ T7831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.547720][ T5716] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 238.700384][ T5716] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 238.708982][ T7850] FAULT_INJECTION: forcing a failure. [ 238.708982][ T7850] name failslab, interval 1, probability 0, space 0, times 0 [ 238.709091][ T7850] CPU: 0 UID: 0 PID: 7850 Comm: syz.0.698 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 238.709176][ T7850] Tainted: [L]=SOFTLOCKUP [ 238.709199][ T7850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 238.709240][ T7850] Call Trace: [ 238.709258][ T7850] [ 238.709287][ T7850] dump_stack_lvl+0xe8/0x150 [ 238.709376][ T7850] should_fail_ex+0x46b/0x600 [ 238.709472][ T7850] should_failslab+0xa8/0x100 [ 238.709576][ T7850] __kmalloc_noprof+0xdf/0x7b0 [ 238.709643][ T7850] ? kfree+0x4d/0x6c0 [ 238.709713][ T7850] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 238.709813][ T7850] tomoyo_realpath_from_path+0xe3/0x5d0 [ 238.709916][ T7850] ? tomoyo_domain+0xd7/0x130 [ 238.710008][ T7850] ? tomoyo_path_number_perm+0x219/0x630 [ 238.710111][ T7850] tomoyo_path_number_perm+0x246/0x630 [ 238.710217][ T7850] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 238.710305][ T7850] ? __lock_acquire+0x6b5/0x2d10 [ 238.710380][ T7850] ? do_raw_spin_lock+0x12b/0x2f0 [ 238.710520][ T7850] ? __fget_files+0x2a/0x420 [ 238.710602][ T7850] ? __fget_files+0x2a/0x420 [ 238.710669][ T7850] ? __fget_files+0x3a6/0x420 [ 238.710741][ T7850] ? __fget_files+0x2a/0x420 [ 238.710818][ T7850] security_file_ioctl+0xc3/0x2a0 [ 238.710913][ T7850] __se_sys_ioctl+0x47/0x170 [ 238.711000][ T7850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.711064][ T7850] do_syscall_64+0x174/0x580 [ 238.711151][ T7850] ? trace_irq_disable+0x3b/0x140 [ 238.711225][ T7850] ? clear_bhb_loop+0x40/0x90 [ 238.711320][ T7850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.711383][ T7850] RIP: 0033:0x7f1293f7ce59 [ 238.711436][ T7850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.711489][ T7850] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.711551][ T7850] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 238.711595][ T7850] RDX: 0000200000000140 RSI: 0000000040026f33 RDI: 0000000000000003 [ 238.711636][ T7850] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 238.711670][ T7850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.711710][ T7850] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 238.711798][ T7850] [ 238.724710][ T7850] ERROR: Out of memory at tomoyo_realpath_from_path. [ 238.743903][ T5716] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 238.743937][ T5716] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.743961][ T5716] usb 2-1: Product: syz [ 238.743977][ T5716] usb 2-1: Manufacturer: syz [ 238.743994][ T5716] usb 2-1: SerialNumber: syz [ 239.023507][ T5716] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 239.207592][ T7856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.700'. [ 239.481145][ T5716] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 240.061503][ T7885] FAULT_INJECTION: forcing a failure. [ 240.061503][ T7885] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 240.061535][ T7885] CPU: 0 UID: 0 PID: 7885 Comm: syz.0.710 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 240.061562][ T7885] Tainted: [L]=SOFTLOCKUP [ 240.061569][ T7885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 240.061579][ T7885] Call Trace: [ 240.061585][ T7885] [ 240.061593][ T7885] dump_stack_lvl+0xe8/0x150 [ 240.061618][ T7885] should_fail_ex+0x46b/0x600 [ 240.061646][ T7885] prepare_alloc_pages+0x22a/0x6b0 [ 240.061675][ T7885] __alloc_frozen_pages_noprof+0x12f/0x380 [ 240.061705][ T7885] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 240.061731][ T7885] ? __pfx_policy_nodemask+0x10/0x10 [ 240.061754][ T7885] ? __lock_acquire+0x6b5/0x2d10 [ 240.061779][ T7885] alloc_pages_mpol+0xd1/0x380 [ 240.061835][ T7885] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 240.061871][ T7885] vma_alloc_folio_noprof+0xe1/0x1e0 [ 240.061907][ T7885] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 240.061945][ T7885] ? __pte_offset_map+0x29/0x200 [ 240.061968][ T7885] do_pte_missing+0x822/0x2940 [ 240.061998][ T7885] ? handle_mm_fault+0xed/0x14d0 [ 240.062019][ T7885] handle_mm_fault+0xdc2/0x14d0 [ 240.062042][ T7885] ? handle_mm_fault+0xed/0x14d0 [ 240.062070][ T7885] ? __pfx_handle_mm_fault+0x10/0x10 [ 240.062090][ T7885] ? follow_page_pte+0xbe2/0xe60 [ 240.062115][ T7885] ? __pfx_follow_page_pte+0x10/0x10 [ 240.062144][ T7885] __get_user_pages+0x16d4/0x2620 [ 240.062186][ T7885] get_user_pages_unlocked+0x1e2/0x710 [ 240.062213][ T7885] hva_to_pfn+0x365/0xf20 [ 240.062245][ T7885] ? __pfx_hva_to_pfn+0x10/0x10 [ 240.062273][ T7885] ? xas_start+0x396/0x780 [ 240.062299][ T7885] ? xa_load+0x60/0x210 [ 240.062320][ T7885] ? kvm_follow_pfn+0x21a/0x3c0 [ 240.062345][ T7885] __kvm_faultin_pfn+0xaa/0x100 [ 240.062374][ T7885] kvm_mmu_faultin_pfn+0x735/0x15b0 [ 240.062405][ T7885] ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10 [ 240.062432][ T7885] kvm_tdp_page_fault+0x273/0x370 [ 240.062456][ T7885] kvm_mmu_do_page_fault+0x33d/0x690 [ 240.062482][ T7885] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 240.062508][ T7885] ? __lock_acquire+0x6b5/0x2d10 [ 240.062529][ T7885] ? __lock_acquire+0x6b5/0x2d10 [ 240.062547][ T7885] ? clear_bhb_loop+0x40/0x90 [ 240.062567][ T7885] ? clear_bhb_loop+0x40/0x90 [ 240.062583][ T7885] ? clear_bhb_loop+0x40/0x90 [ 240.062603][ T7885] kvm_mmu_page_fault+0x22d/0xb90 [ 240.062630][ T7885] ? __pfx_handle_ept_violation+0x10/0x10 [ 240.062654][ T7885] vmx_handle_exit+0x1081/0x17e0 [ 240.062686][ T7885] vcpu_run+0x5c5b/0x7830 [ 240.062700][ T7885] ? unwind_next_frame+0xa6/0x2550 [ 240.062735][ T7885] ? vcpu_run+0x4982/0x7830 [ 240.062789][ T7885] ? __pfx_vcpu_run+0x10/0x10 [ 240.062805][ T7885] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 240.062823][ T7885] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 240.062850][ T7885] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 240.062877][ T7885] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 240.062893][ T7885] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 240.062938][ T7885] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 240.062987][ T7885] ? lockdep_hardirqs_on+0x7a/0x110 [ 240.063023][ T7885] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 240.063071][ T7885] ? _mutex_lock_killable+0x152/0x1d0 [ 240.063091][ T7885] ? kvm_vcpu_ioctl+0x283/0xfe0 [ 240.063116][ T7885] kvm_vcpu_ioctl+0xa65/0xfe0 [ 240.063145][ T7885] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 240.063184][ T7885] ? __fget_files+0x2a/0x420 [ 240.063206][ T7885] ? __fget_files+0x2a/0x420 [ 240.063223][ T7885] ? __fget_files+0x3a6/0x420 [ 240.063241][ T7885] ? __fget_files+0x2a/0x420 [ 240.063263][ T7885] ? bpf_lsm_file_ioctl+0x9/0x20 [ 240.063287][ T7885] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 240.063311][ T7885] __se_sys_ioctl+0xff/0x170 [ 240.063335][ T7885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.063353][ T7885] do_syscall_64+0x174/0x580 [ 240.063377][ T7885] ? trace_irq_disable+0x3b/0x140 [ 240.063395][ T7885] ? clear_bhb_loop+0x40/0x90 [ 240.063415][ T7885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.063431][ T7885] RIP: 0033:0x7f1293f7ce59 [ 240.063446][ T7885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 240.063459][ T7885] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.063477][ T7885] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 240.063489][ T7885] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 240.063499][ T7885] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 240.063509][ T7885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.063519][ T7885] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 240.063544][ T7885] [ 240.238982][ T7887] netlink: 16 bytes leftover after parsing attributes in process `syz.1.689'. [ 240.986063][ T5757] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 241.141702][ T5757] usb 4-1: config 7 descriptor has 1 excess byte, ignoring [ 241.141731][ T5757] usb 4-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 241.164440][ T5757] usb 4-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84 [ 241.164474][ T5757] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.164497][ T5757] usb 4-1: Product: syz [ 241.164513][ T5757] usb 4-1: Manufacturer: syz [ 241.164530][ T5757] usb 4-1: SerialNumber: syz [ 241.223134][ T5757] rndis_host 4-1:7.0: skipping garbage [ 241.223156][ T5757] rndis_host 4-1:7.0: rndis: master #0/ffff888031713000 slave #1/0000000000000000 [ 241.247666][ T5757] option 4-1:7.0: GSM modem (1-port) converter detected [ 241.295175][ T7904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.717'. [ 241.423555][ T5709] usb 2-1: USB disconnect, device number 42 [ 242.024819][ T7931] FAULT_INJECTION: forcing a failure. [ 242.024819][ T7931] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.024861][ T7931] CPU: 0 UID: 0 PID: 7931 Comm: syz.0.728 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 242.024892][ T7931] Tainted: [L]=SOFTLOCKUP [ 242.024898][ T7931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 242.024909][ T7931] Call Trace: [ 242.024915][ T7931] [ 242.024922][ T7931] dump_stack_lvl+0xe8/0x150 [ 242.024946][ T7931] should_fail_ex+0x46b/0x600 [ 242.024975][ T7931] _copy_from_user+0x2d/0xb0 [ 242.024994][ T7931] ___sys_sendmsg+0x1c6/0x360 [ 242.025020][ T7931] ? __lock_acquire+0x6b5/0x2d10 [ 242.025043][ T7931] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.025066][ T7931] ? finish_task_switch+0x15f/0xbe0 [ 242.025109][ T7931] ? __fget_files+0x2a/0x420 [ 242.025128][ T7931] ? __fget_files+0x3a6/0x420 [ 242.025156][ T7931] __sys_sendmmsg+0x282/0x4e0 [ 242.025185][ T7931] ? __pfx___sys_sendmmsg+0x10/0x10 [ 242.025232][ T7931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.025279][ T7931] __x64_sys_sendmmsg+0xa0/0xc0 [ 242.025318][ T7931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.025341][ T7931] do_syscall_64+0x174/0x580 [ 242.025382][ T7931] ? trace_irq_disable+0x3b/0x140 [ 242.025401][ T7931] ? clear_bhb_loop+0x40/0x90 [ 242.025421][ T7931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.025437][ T7931] RIP: 0033:0x7f1293f7ce59 [ 242.025451][ T7931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 242.025465][ T7931] RSP: 002b:00007f12921b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 242.025483][ T7931] RAX: ffffffffffffffda RBX: 00007f12941f6090 RCX: 00007f1293f7ce59 [ 242.025495][ T7931] RDX: 0000000000000002 RSI: 0000200000001d80 RDI: 0000000000000004 [ 242.025505][ T7931] RBP: 00007f12921b5090 R08: 0000000000000000 R09: 0000000000000000 [ 242.025515][ T7931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.025524][ T7931] R13: 00007f12941f6128 R14: 00007f12941f6090 R15: 00007ffe59d77b28 [ 242.025548][ T7931] [ 242.631858][ T5812] usb 4-1: USB disconnect, device number 35 [ 242.640015][ T5812] option 4-1:7.0: device disconnected [ 243.021836][ T7940] netlink: 'syz.0.732': attribute type 5 has an invalid length. [ 243.035100][ T7940] netlink: 'syz.0.732': attribute type 5 has an invalid length. [ 243.216280][ T5709] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 243.376188][ T5709] usb 2-1: Using ep0 maxpacket: 8 [ 243.378815][ T5709] usb 2-1: unable to get BOS descriptor or descriptor too short [ 243.380085][ T5709] usb 2-1: config 142 has an invalid interface number: 251 but max is 0 [ 243.380114][ T5709] usb 2-1: config 142 has no interface number 0 [ 243.380163][ T5709] usb 2-1: config 142 interface 251 altsetting 11 bulk endpoint 0x1 has invalid maxpacket 64 [ 243.380193][ T5709] usb 2-1: config 142 interface 251 has no altsetting 0 [ 243.383720][ T5709] usb 2-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=91.80 [ 243.383749][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.383772][ T5709] usb 2-1: Product: syz [ 243.383788][ T5709] usb 2-1: Manufacturer: syz [ 243.383804][ T5709] usb 2-1: SerialNumber: syz [ 243.449722][ T7936] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 243.689330][ T5709] cypress_m8 2-1:142.251: HID->COM RS232 Adapter converter detected [ 243.692922][ T5709] cyphidcom ttyUSB0: required endpoint is missing [ 243.732326][ T5709] usb 2-1: USB disconnect, device number 43 [ 243.755027][ T5709] cypress_m8 2-1:142.251: device disconnected [ 243.789639][ T7960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.807489][ T7962] netlink: 120 bytes leftover after parsing attributes in process `syz.3.740'. [ 244.135872][ T5347] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 244.298338][ T5347] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 244.312421][ T5347] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 244.312935][ T5347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.312969][ T5347] usb 3-1: Product: syz [ 244.312985][ T5347] usb 3-1: Manufacturer: syz [ 244.313001][ T5347] usb 3-1: SerialNumber: syz [ 244.336611][ T5347] usb 3-1: config 0 descriptor?? [ 244.357567][ T5347] hub 3-1:0.0: bad descriptor, ignoring hub [ 244.357621][ T5347] hub 3-1:0.0: probe with driver hub failed with error -5 [ 244.383756][ T5347] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 244.432129][ T7973] tmpfs: Bad value for 'mpol' [ 244.432785][ T7973] netlink: 'syz.1.745': attribute type 3 has an invalid length. [ 244.641179][ T5347] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 244.702707][ T5780] udevd[5780]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 244.760427][ T5347] usb 3-1: USB disconnect, device number 38 [ 244.996142][ T32] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 245.127273][ T5812] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 245.145930][ T32] usb 1-1: Using ep0 maxpacket: 32 [ 245.148728][ T32] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 245.148757][ T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.148779][ T32] usb 1-1: config 0 has no interface number 0 [ 245.148824][ T32] usb 1-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 245.152366][ T32] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 245.152398][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.152421][ T32] usb 1-1: Product: syz [ 245.152446][ T32] usb 1-1: Manufacturer: syz [ 245.152463][ T32] usb 1-1: SerialNumber: syz [ 245.233367][ T7985] netlink: 120 bytes leftover after parsing attributes in process `syz.2.751'. [ 245.251410][ T32] usb 1-1: config 0 descriptor?? [ 245.267824][ T32] radio-si470x 1-1:0.35: could not find interrupt in endpoint [ 245.267913][ T32] radio-si470x 1-1:0.35: probe with driver radio-si470x failed with error -5 [ 245.285859][ T5709] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 245.316389][ T5812] usb 4-1: Using ep0 maxpacket: 8 [ 245.324637][ T5812] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 245.324670][ T5812] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.324694][ T5812] usb 4-1: Product: syz [ 245.324710][ T5812] usb 4-1: Manufacturer: syz [ 245.324727][ T5812] usb 4-1: SerialNumber: syz [ 245.380976][ T5812] usb 4-1: config 0 descriptor?? [ 245.449157][ T7987] FAULT_INJECTION: forcing a failure. [ 245.449157][ T7987] name failslab, interval 1, probability 0, space 0, times 0 [ 245.449201][ T7987] CPU: 0 UID: 0 PID: 7987 Comm: syz.2.752 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 245.449231][ T7987] Tainted: [L]=SOFTLOCKUP [ 245.449245][ T7987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 245.449265][ T7987] Call Trace: [ 245.449272][ T7987] [ 245.449279][ T7987] dump_stack_lvl+0xe8/0x150 [ 245.449329][ T7987] should_fail_ex+0x46b/0x600 [ 245.449371][ T7987] should_failslab+0xa8/0x100 [ 245.449401][ T7987] __kmalloc_noprof+0xdf/0x7b0 [ 245.449431][ T7987] ? tomoyo_encode+0x28b/0x550 [ 245.449453][ T7987] tomoyo_encode+0x28b/0x550 [ 245.449499][ T7987] tomoyo_realpath_from_path+0x58d/0x5d0 [ 245.449539][ T7987] ? tomoyo_path_number_perm+0x219/0x630 [ 245.449574][ T7987] tomoyo_path_number_perm+0x246/0x630 [ 245.449614][ T7987] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 245.449654][ T7987] ? __lock_acquire+0x6b5/0x2d10 [ 245.449684][ T7987] ? do_raw_spin_lock+0x12b/0x2f0 [ 245.449740][ T7987] ? __fget_files+0x2a/0x420 [ 245.449775][ T7987] ? __fget_files+0x2a/0x420 [ 245.449793][ T7987] ? __fget_files+0x3a6/0x420 [ 245.449811][ T7987] ? __fget_files+0x2a/0x420 [ 245.449857][ T7987] security_file_ioctl+0xc3/0x2a0 [ 245.449894][ T7987] __se_sys_ioctl+0x47/0x170 [ 245.449932][ T7987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.449960][ T7987] do_syscall_64+0x174/0x580 [ 245.449985][ T7987] ? trace_irq_disable+0x3b/0x140 [ 245.450024][ T7987] ? clear_bhb_loop+0x40/0x90 [ 245.450053][ T7987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.450076][ T7987] RIP: 0033:0x7f907481ce59 [ 245.450096][ T7987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.450115][ T7987] RSP: 002b:00007f9072a76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.450140][ T7987] RAX: ffffffffffffffda RBX: 00007f9074a95fa0 RCX: 00007f907481ce59 [ 245.450152][ T7987] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004 [ 245.450163][ T7987] RBP: 00007f9072a76090 R08: 0000000000000000 R09: 0000000000000000 [ 245.450190][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.450205][ T7987] R13: 00007f9074a96038 R14: 00007f9074a95fa0 R15: 00007ffe6c903eb8 [ 245.450241][ T7987] [ 245.450330][ T7987] ERROR: Out of memory at tomoyo_realpath_from_path. [ 245.487772][ T5709] usb 2-1: Using ep0 maxpacket: 8 [ 245.601813][ T32] radio-raremono 1-1:0.35: this is not Thanko's Raremono. [ 245.602453][ T32] usbhid 1-1:0.35: couldn't find an input interrupt endpoint [ 245.605483][ T32] usb 1-1: USB disconnect, device number 34 [ 245.723349][ T5709] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 245.723571][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.723634][ T5709] usb 2-1: Product: syz [ 245.723813][ T5709] usb 2-1: Manufacturer: syz [ 245.723856][ T5709] usb 2-1: SerialNumber: syz [ 246.163006][ T7993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.174445][ T7993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.340621][ T5812] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in cold state [ 246.523710][ T5812] usb 4-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2 [ 246.523734][ T5812] usb 4-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw [ 246.618489][ T8000] FAULT_INJECTION: forcing a failure. [ 246.618489][ T8000] name failslab, interval 1, probability 0, space 0, times 0 [ 246.618595][ T8000] CPU: 0 UID: 0 PID: 8000 Comm: syz.1.754 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 246.618627][ T8000] Tainted: [L]=SOFTLOCKUP [ 246.618635][ T8000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 246.618649][ T8000] Call Trace: [ 246.618658][ T8000] [ 246.618667][ T8000] dump_stack_lvl+0xe8/0x150 [ 246.618704][ T8000] should_fail_ex+0x46b/0x600 [ 246.618745][ T8000] should_failslab+0xa8/0x100 [ 246.618776][ T8000] kmem_cache_alloc_noprof+0x87/0x680 [ 246.618804][ T8000] ? __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 246.618839][ T8000] __kvm_mmu_topup_memory_cache+0x1b4/0x610 [ 246.618882][ T8000] mmu_topup_memory_caches+0x21/0x170 [ 246.618916][ T8000] kvm_mmu_load+0x9d/0x2320 [ 246.618946][ T8000] ? kvm_msr_allowed+0x9a/0x490 [ 246.618982][ T8000] ? kvm_msr_allowed+0x9a/0x490 [ 246.619016][ T8000] ? kvm_msr_allowed+0x3f4/0x490 [ 246.619050][ T8000] ? kvm_msr_allowed+0x9a/0x490 [ 246.619087][ T8000] ? kvm_apic_has_interrupt+0x73c/0x770 [ 246.619124][ T8000] ? vmx_recalc_intercepts+0xec4/0x1b10 [ 246.619170][ T8000] vcpu_run+0x5c68/0x7830 [ 246.619206][ T8000] ? kvm_sched_in+0x7c/0xe0 [ 246.619231][ T8000] ? finish_task_switch+0xb15/0xbe0 [ 246.619284][ T8000] ? ___ratelimit+0x1ea/0x8d0 [ 246.619352][ T8000] ? __pfx_vcpu_run+0x10/0x10 [ 246.619376][ T8000] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 246.619411][ T8000] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 246.619451][ T8000] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 246.619490][ T8000] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 246.619515][ T8000] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 246.619544][ T8000] ? do_raw_spin_lock+0x12b/0x2f0 [ 246.619580][ T8000] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 246.619615][ T8000] ? lockdep_hardirqs_on+0x7a/0x110 [ 246.619651][ T8000] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 246.619687][ T8000] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 246.619722][ T8000] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 246.619752][ T8000] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 246.619787][ T8000] ? lockdep_hardirqs_on+0x7a/0x110 [ 246.619822][ T8000] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 246.619857][ T8000] ? rt_write_unlock+0x190/0x230 [ 246.619888][ T8000] kvm_vcpu_ioctl+0xa65/0xfe0 [ 246.619930][ T8000] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 246.619986][ T8000] ? __fget_files+0x2a/0x420 [ 246.620017][ T8000] ? __fget_files+0x2a/0x420 [ 246.620043][ T8000] ? __fget_files+0x3a6/0x420 [ 246.620068][ T8000] ? __fget_files+0x2a/0x420 [ 246.620099][ T8000] ? bpf_lsm_file_ioctl+0x9/0x20 [ 246.620134][ T8000] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 246.620168][ T8000] __se_sys_ioctl+0xff/0x170 [ 246.620203][ T8000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.620229][ T8000] do_syscall_64+0x174/0x580 [ 246.620262][ T8000] ? trace_irq_disable+0x3b/0x140 [ 246.620289][ T8000] ? clear_bhb_loop+0x40/0x90 [ 246.620318][ T8000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.620342][ T8000] RIP: 0033:0x7fc7ca08ce59 [ 246.620363][ T8000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 246.620391][ T8000] RSP: 002b:00007fc7c82c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.620415][ T8000] RAX: ffffffffffffffda RBX: 00007fc7ca306090 RCX: 00007fc7ca08ce59 [ 246.620433][ T8000] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 246.620447][ T8000] RBP: 00007fc7c82c5090 R08: 0000000000000000 R09: 0000000000000000 [ 246.620467][ T8000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 246.620482][ T8000] R13: 00007fc7ca306128 R14: 00007fc7ca306090 R15: 00007fffa1b39408 [ 246.620519][ T8000] [ 248.045874][ T60] Bluetooth: Wrong link type (-71) [ 248.972532][ T8053] netlink: 'syz.2.777': attribute type 3 has an invalid length. [ 249.163481][ T8059] netlink: 8 bytes leftover after parsing attributes in process `syz.1.780'. [ 249.347102][ T8059] trusted_key: encrypted_key: key trusted:syz not found [ 249.359320][ T8059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 249.386667][ T8059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.026610][ T5347] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 250.185173][ T5347] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.185297][ T5347] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 250.185329][ T5347] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.185356][ T5347] usb 3-1: config 0 interface 0 has no altsetting 0 [ 250.185393][ T5347] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 250.185490][ T5347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.340325][ T5347] usb 3-1: config 0 descriptor?? [ 250.481593][ T5347] usbhid 3-1:0.0: fixing wrong optional hid class descriptors count [ 250.878509][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.878791][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.878825][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.878854][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879129][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879297][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879328][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879357][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879618][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.879649][ T5347] sony 0003:054C:0268.000A: unknown main item tag 0x0 [ 250.974292][ T5709] mxuport 2-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-110) [ 250.981637][ T5709] mxuport 2-1:254.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-32) [ 250.981875][ T5709] mxuport 2-1:254.0: probe with driver mxuport failed with error -110 [ 251.255913][ T5347] sony 0003:054C:0268.000A: hiddev0,hidraw0: USB HID v80.81 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0 [ 251.256381][ T5347] sony 0003:054C:0268.000A: failed to claim input [ 251.410823][ T5347] usb 3-1: USB disconnect, device number 39 [ 251.705400][ T8089] fido_id[8089]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 251.836927][ T8095] binder: 8094:8095 ioctl c0606610 200000000080 returned -22 [ 252.313298][ T8111] netlink: 'syz.1.801': attribute type 3 has an invalid length. [ 252.485036][ T8118] FAULT_INJECTION: forcing a failure. [ 252.485036][ T8118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.485089][ T8118] CPU: 0 UID: 0 PID: 8118 Comm: syz.0.804 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 252.485124][ T8118] Tainted: [L]=SOFTLOCKUP [ 252.485131][ T8118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 252.485141][ T8118] Call Trace: [ 252.485147][ T8118] [ 252.485153][ T8118] dump_stack_lvl+0xe8/0x150 [ 252.485178][ T8118] should_fail_ex+0x46b/0x600 [ 252.485207][ T8118] _copy_from_user+0x2d/0xb0 [ 252.485226][ T8118] input_event_from_user+0xb1/0x290 [ 252.485253][ T8118] ? __pfx_input_event_from_user+0x10/0x10 [ 252.485283][ T8118] ? rt_spin_unlock+0x160/0x200 [ 252.485307][ T8118] evdev_write+0x2ca/0x4c0 [ 252.485331][ T8118] ? __lock_acquire+0x6b5/0x2d10 [ 252.485353][ T8118] ? __pfx_evdev_write+0x10/0x10 [ 252.485381][ T8118] ? rw_verify_area+0x25b/0x4e0 [ 252.485402][ T8118] ? __pfx_evdev_write+0x10/0x10 [ 252.485430][ T8118] vfs_write+0x2a3/0xba0 [ 252.485458][ T8118] ? __pfx_vfs_write+0x10/0x10 [ 252.485482][ T8118] ? __fget_files+0x2a/0x420 [ 252.485502][ T8118] ? __fget_files+0x2a/0x420 [ 252.485520][ T8118] ? __fget_files+0x3a6/0x420 [ 252.485538][ T8118] ? __fget_files+0x2a/0x420 [ 252.485563][ T8118] ksys_write+0x156/0x270 [ 252.485587][ T8118] ? __pfx_ksys_write+0x10/0x10 [ 252.485616][ T8118] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.485634][ T8118] do_syscall_64+0x174/0x580 [ 252.485657][ T8118] ? trace_irq_disable+0x3b/0x140 [ 252.485676][ T8118] ? clear_bhb_loop+0x40/0x90 [ 252.485713][ T8118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.485735][ T8118] RIP: 0033:0x7f1293f7ce59 [ 252.485754][ T8118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.485774][ T8118] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 252.485806][ T8118] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 252.485822][ T8118] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 252.485837][ T8118] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 252.485852][ T8118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 252.485866][ T8118] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 252.485902][ T8118] [ 252.611770][ T5347] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 252.797478][ T5347] usb 3-1: Using ep0 maxpacket: 16 [ 252.799907][ T5347] usb 3-1: config 5 has an invalid interface number: 43 but max is 0 [ 252.799936][ T5347] usb 3-1: config 5 has no interface number 0 [ 252.799970][ T5347] usb 3-1: config 5 interface 43 has no altsetting 0 [ 252.830057][ T5347] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a4.98 [ 252.830085][ T5347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.830101][ T5347] usb 3-1: Product: syz [ 252.830111][ T5347] usb 3-1: Manufacturer: syz [ 252.830122][ T5347] usb 3-1: SerialNumber: syz [ 253.254499][ T5347] usb 3-1: USB disconnect, device number 40 [ 253.687354][ T8150] misc userio: Invalid payload size [ 253.737000][ T5757] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 253.888127][ T5757] usb 3-1: Using ep0 maxpacket: 16 [ 253.894745][ T5757] usb 3-1: unable to get BOS descriptor or descriptor too short [ 253.897980][ T5757] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 129, changing to 7 [ 253.898041][ T5757] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 139, changing to 7 [ 253.904510][ T5757] usb 3-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 253.904541][ T5757] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.904565][ T5757] usb 3-1: Product: syz [ 253.904580][ T5757] usb 3-1: Manufacturer: syz [ 253.904597][ T5757] usb 3-1: SerialNumber: syz [ 254.232169][ T5757] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 254.233084][ T5757] usb 3-1: 2:1 : sample bitwidth 41 in over sample bytes 3 [ 254.233117][ T5757] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 254.339220][ T5757] usb 3-1: USB disconnect, device number 41 [ 254.439818][ T5780] udevd[5780]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 254.995576][ T8179] netlink: 72 bytes leftover after parsing attributes in process `syz.2.830'. [ 255.525048][ T8196] FAULT_INJECTION: forcing a failure. [ 255.525048][ T8196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.525088][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.3.836 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 255.525119][ T8196] Tainted: [L]=SOFTLOCKUP [ 255.525127][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 255.525141][ T8196] Call Trace: [ 255.525149][ T8196] [ 255.525158][ T8196] dump_stack_lvl+0xe8/0x150 [ 255.525191][ T8196] should_fail_ex+0x46b/0x600 [ 255.525235][ T8196] _copy_from_user+0x2d/0xb0 [ 255.525263][ T8196] binder_ioctl_write_read+0xadd/0xa490 [ 255.525323][ T8196] ? __kernel_text_address+0xd/0x30 [ 255.525371][ T8196] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 255.525406][ T8196] ? stack_depot_save_flags+0x33/0x810 [ 255.525449][ T8196] ? do_raw_spin_lock+0x12b/0x2f0 [ 255.525491][ T8196] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 255.525520][ T8196] ? reacquire_held_locks+0x104/0x190 [ 255.525550][ T8196] ? rt_spin_lock+0x1e0/0x400 [ 255.525579][ T8196] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 255.525612][ T8196] ? rt_spin_unlock+0x14f/0x200 [ 255.525650][ T8196] ? binder_get_thread+0x177/0x6d0 [ 255.525686][ T8196] binder_ioctl+0x426/0x1b10 [ 255.525715][ T8196] ? tomoyo_path_number_perm+0x219/0x630 [ 255.525753][ T8196] ? tomoyo_path_number_perm+0x219/0x630 [ 255.525791][ T8196] ? do_vfs_ioctl+0x117b/0x1540 [ 255.525826][ T8196] ? __pfx_binder_ioctl+0x10/0x10 [ 255.525858][ T8196] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 255.525928][ T8196] ? __fget_files+0x2a/0x420 [ 255.525959][ T8196] ? __fget_files+0x2a/0x420 [ 255.525984][ T8196] ? __fget_files+0x3a6/0x420 [ 255.526009][ T8196] ? __fget_files+0x2a/0x420 [ 255.526040][ T8196] ? bpf_lsm_file_ioctl+0x9/0x20 [ 255.526074][ T8196] ? __pfx_binder_ioctl+0x10/0x10 [ 255.526105][ T8196] __se_sys_ioctl+0xff/0x170 [ 255.526138][ T8196] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.526163][ T8196] do_syscall_64+0x174/0x580 [ 255.526195][ T8196] ? trace_irq_disable+0x3b/0x140 [ 255.526221][ T8196] ? clear_bhb_loop+0x40/0x90 [ 255.526249][ T8196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.526280][ T8196] RIP: 0033:0x7f1abea2ce59 [ 255.526302][ T8196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 255.526322][ T8196] RSP: 002b:00007f1abcc86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 255.526346][ T8196] RAX: ffffffffffffffda RBX: 00007f1abeca5fa0 RCX: 00007f1abea2ce59 [ 255.526363][ T8196] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 255.526378][ T8196] RBP: 00007f1abcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 255.526393][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.526407][ T8196] R13: 00007f1abeca6038 R14: 00007f1abeca5fa0 R15: 00007ffefded6588 [ 255.526442][ T8196] [ 255.533031][ T8196] binder: 8195:8196 ioctl c0306201 2000000003c0 returned -14 [ 255.832553][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.832673][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.124853][ T8204] FAULT_INJECTION: forcing a failure. [ 256.124853][ T8204] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 256.124884][ T8204] CPU: 1 UID: 0 PID: 8204 Comm: syz.0.839 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 256.124909][ T8204] Tainted: [L]=SOFTLOCKUP [ 256.124915][ T8204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 256.124926][ T8204] Call Trace: [ 256.124932][ T8204] [ 256.124939][ T8204] dump_stack_lvl+0xe8/0x150 [ 256.124965][ T8204] should_fail_ex+0x46b/0x600 [ 256.124994][ T8204] prepare_alloc_pages+0x22a/0x6b0 [ 256.125023][ T8204] __alloc_frozen_pages_noprof+0x12f/0x380 [ 256.125050][ T8204] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 256.125077][ T8204] ? __pfx_policy_nodemask+0x10/0x10 [ 256.125101][ T8204] ? __lock_acquire+0x6b5/0x2d10 [ 256.125126][ T8204] alloc_pages_mpol+0xd1/0x380 [ 256.125152][ T8204] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 256.125178][ T8204] vma_alloc_folio_noprof+0xe1/0x1e0 [ 256.125203][ T8204] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 256.125228][ T8204] ? __pte_offset_map+0x29/0x200 [ 256.125260][ T8204] do_pte_missing+0x822/0x2940 [ 256.125289][ T8204] ? handle_mm_fault+0xed/0x14d0 [ 256.125311][ T8204] handle_mm_fault+0xdc2/0x14d0 [ 256.125334][ T8204] ? handle_mm_fault+0xed/0x14d0 [ 256.125356][ T8204] ? __pfx_handle_mm_fault+0x10/0x10 [ 256.125376][ T8204] ? follow_page_pte+0xbe2/0xe60 [ 256.125402][ T8204] ? __pfx_follow_page_pte+0x10/0x10 [ 256.125430][ T8204] __get_user_pages+0x16d4/0x2620 [ 256.125471][ T8204] get_user_pages_unlocked+0x1e2/0x710 [ 256.125498][ T8204] hva_to_pfn+0x365/0xf20 [ 256.125531][ T8204] ? __pfx_hva_to_pfn+0x10/0x10 [ 256.125559][ T8204] ? xas_start+0x396/0x780 [ 256.125584][ T8204] ? xa_load+0x60/0x210 [ 256.125606][ T8204] ? kvm_follow_pfn+0x21a/0x3c0 [ 256.125635][ T8204] __kvm_faultin_pfn+0xaa/0x100 [ 256.125664][ T8204] kvm_mmu_faultin_pfn+0x735/0x15b0 [ 256.125723][ T8204] ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10 [ 256.125763][ T8204] kvm_tdp_page_fault+0x273/0x370 [ 256.125797][ T8204] kvm_mmu_do_page_fault+0x33d/0x690 [ 256.125833][ T8204] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 256.125869][ T8204] ? __lock_acquire+0x6b5/0x2d10 [ 256.125898][ T8204] ? __lock_acquire+0x6b5/0x2d10 [ 256.125923][ T8204] ? clear_bhb_loop+0x40/0x90 [ 256.125946][ T8204] ? clear_bhb_loop+0x40/0x90 [ 256.125969][ T8204] ? clear_bhb_loop+0x40/0x90 [ 256.125998][ T8204] kvm_mmu_page_fault+0x22d/0xb90 [ 256.126037][ T8204] ? __pfx_handle_ept_violation+0x10/0x10 [ 256.126071][ T8204] vmx_handle_exit+0x1081/0x17e0 [ 256.126115][ T8204] vcpu_run+0x5c5b/0x7830 [ 256.126136][ T8204] ? unwind_next_frame+0xa6/0x2550 [ 256.126184][ T8204] ? vcpu_run+0x4982/0x7830 [ 256.126267][ T8204] ? __pfx_vcpu_run+0x10/0x10 [ 256.126283][ T8204] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 256.126301][ T8204] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 256.126328][ T8204] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 256.126355][ T8204] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 256.126372][ T8204] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 256.126416][ T8204] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 256.126440][ T8204] ? lockdep_hardirqs_on+0x7a/0x110 [ 256.126465][ T8204] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 256.126489][ T8204] ? _mutex_lock_killable+0x152/0x1d0 [ 256.126508][ T8204] ? kvm_vcpu_ioctl+0x283/0xfe0 [ 256.126533][ T8204] kvm_vcpu_ioctl+0xa65/0xfe0 [ 256.126562][ T8204] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 256.126601][ T8204] ? __fget_files+0x2a/0x420 [ 256.126623][ T8204] ? __fget_files+0x2a/0x420 [ 256.126641][ T8204] ? __fget_files+0x3a6/0x420 [ 256.126658][ T8204] ? __fget_files+0x2a/0x420 [ 256.126680][ T8204] ? bpf_lsm_file_ioctl+0x9/0x20 [ 256.126705][ T8204] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 256.126728][ T8204] __se_sys_ioctl+0xff/0x170 [ 256.126753][ T8204] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.126770][ T8204] do_syscall_64+0x174/0x580 [ 256.126794][ T8204] ? trace_irq_disable+0x3b/0x140 [ 256.126812][ T8204] ? clear_bhb_loop+0x40/0x90 [ 256.126832][ T8204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.126848][ T8204] RIP: 0033:0x7f1293f7ce59 [ 256.126864][ T8204] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.126878][ T8204] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.126895][ T8204] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 256.126908][ T8204] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 256.126918][ T8204] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 256.126928][ T8204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.126937][ T8204] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 256.126963][ T8204] [ 256.828422][ T8217] netlink: 52 bytes leftover after parsing attributes in process `syz.2.842'. [ 256.939996][ T8219] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.843'. [ 257.438325][ T8237] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 257.440854][ T8237] FAULT_INJECTION: forcing a failure. [ 257.440854][ T8237] name failslab, interval 1, probability 0, space 0, times 0 [ 257.440893][ T8237] CPU: 1 UID: 0 PID: 8237 Comm: syz.0.849 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 257.440924][ T8237] Tainted: [L]=SOFTLOCKUP [ 257.440932][ T8237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 257.440946][ T8237] Call Trace: [ 257.440955][ T8237] [ 257.440964][ T8237] dump_stack_lvl+0xe8/0x150 [ 257.440997][ T8237] should_fail_ex+0x46b/0x600 [ 257.441038][ T8237] should_failslab+0xa8/0x100 [ 257.441070][ T8237] __kmalloc_noprof+0xdf/0x7b0 [ 257.441107][ T8237] ? kfree+0x4d/0x6c0 [ 257.441131][ T8237] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 257.441167][ T8237] tomoyo_realpath_from_path+0xe3/0x5d0 [ 257.441197][ T8237] ? tomoyo_domain+0xd7/0x130 [ 257.441230][ T8237] ? tomoyo_path_number_perm+0x219/0x630 [ 257.441267][ T8237] tomoyo_path_number_perm+0x246/0x630 [ 257.441309][ T8237] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 257.441345][ T8237] ? __lock_acquire+0x6b5/0x2d10 [ 257.441376][ T8237] ? do_raw_spin_lock+0x12b/0x2f0 [ 257.441434][ T8237] ? __fget_files+0x2a/0x420 [ 257.441464][ T8237] ? __fget_files+0x2a/0x420 [ 257.441489][ T8237] ? __fget_files+0x3a6/0x420 [ 257.441515][ T8237] ? __fget_files+0x2a/0x420 [ 257.441546][ T8237] security_file_ioctl+0xc3/0x2a0 [ 257.441585][ T8237] __se_sys_ioctl+0x47/0x170 [ 257.441619][ T8237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.441644][ T8237] do_syscall_64+0x174/0x580 [ 257.441677][ T8237] ? trace_irq_disable+0x3b/0x140 [ 257.441703][ T8237] ? clear_bhb_loop+0x40/0x90 [ 257.441731][ T8237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.441755][ T8237] RIP: 0033:0x7f1293f7ce59 [ 257.441775][ T8237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 257.441794][ T8237] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.441818][ T8237] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 257.441835][ T8237] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 257.441850][ T8237] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 257.441864][ T8237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.441878][ T8237] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 257.441914][ T8237] [ 257.441946][ T8237] ERROR: Out of memory at tomoyo_realpath_from_path. [ 257.838949][ T8240] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 259.025526][ T8282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.036501][ T8282] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.783909][ T8297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.874'. [ 259.861061][ T8304] netlink: 44 bytes leftover after parsing attributes in process `syz.1.875'. [ 259.862956][ T8304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.866360][ T8304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 260.662160][ T8337] FAULT_INJECTION: forcing a failure. [ 260.662160][ T8337] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.662202][ T8337] CPU: 1 UID: 0 PID: 8337 Comm: syz.0.888 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 260.662233][ T8337] Tainted: [L]=SOFTLOCKUP [ 260.662241][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 260.662255][ T8337] Call Trace: [ 260.662264][ T8337] [ 260.662274][ T8337] dump_stack_lvl+0xe8/0x150 [ 260.662307][ T8337] should_fail_ex+0x46b/0x600 [ 260.662345][ T8337] _copy_from_iter+0x1d3/0x1670 [ 260.662369][ T8337] ? rcu_is_watching+0x15/0xb0 [ 260.662400][ T8337] ? trace_kmem_cache_alloc+0x29/0xe0 [ 260.662430][ T8337] ? kmem_cache_alloc_noprof+0x388/0x680 [ 260.662457][ T8337] ? __pfx__copy_from_iter+0x10/0x10 [ 260.662483][ T8337] ? __build_skb+0x2a2/0x440 [ 260.662517][ T8337] ? netlink_sendmsg+0x650/0xb40 [ 260.662538][ T8337] ? skb_put+0x11b/0x210 [ 260.662572][ T8337] netlink_sendmsg+0x6c0/0xb40 [ 260.662604][ T8337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.662629][ T8337] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 260.662660][ T8337] ? __pfx_aa_file_perm+0x10/0x10 [ 260.662688][ T8337] ? aa_sock_msg_perm+0x122/0x200 [ 260.662714][ T8337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.662735][ T8337] sock_sendmsg_nosec+0x13a/0x180 [ 260.662772][ T8337] sock_write_iter+0x308/0x410 [ 260.662800][ T8337] ? __pfx_sock_write_iter+0x10/0x10 [ 260.662850][ T8337] vfs_write+0x629/0xba0 [ 260.662894][ T8337] ? __pfx_vfs_write+0x10/0x10 [ 260.662936][ T8337] ? __fget_files+0x2a/0x420 [ 260.662973][ T8337] ksys_write+0x156/0x270 [ 260.663008][ T8337] ? __pfx_ksys_write+0x10/0x10 [ 260.663049][ T8337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.663075][ T8337] do_syscall_64+0x174/0x580 [ 260.663108][ T8337] ? trace_irq_disable+0x3b/0x140 [ 260.663134][ T8337] ? clear_bhb_loop+0x40/0x90 [ 260.663162][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.663185][ T8337] RIP: 0033:0x7f1293f7ce59 [ 260.663205][ T8337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.663224][ T8337] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.663248][ T8337] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 260.663267][ T8337] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003 [ 260.663282][ T8337] RBP: 00007f12921d6090 R08: 0000000000000000 R09: 0000000000000000 [ 260.663297][ T8337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.663310][ T8337] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 260.663345][ T8337] [ 262.262811][ T8391] FAULT_INJECTION: forcing a failure. [ 262.262811][ T8391] name failslab, interval 1, probability 0, space 0, times 0 [ 262.262852][ T8391] CPU: 0 UID: 0 PID: 8391 Comm: syz.0.913 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 262.262883][ T8391] Tainted: [L]=SOFTLOCKUP [ 262.262892][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 262.262906][ T8391] Call Trace: [ 262.262915][ T8391] [ 262.262924][ T8391] dump_stack_lvl+0xe8/0x150 [ 262.262956][ T8391] should_fail_ex+0x46b/0x600 [ 262.262997][ T8391] should_failslab+0xa8/0x100 [ 262.263031][ T8391] __kmalloc_noprof+0xdf/0x7b0 [ 262.263059][ T8391] ? kfree+0x4d/0x6c0 [ 262.263081][ T8391] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 262.263115][ T8391] tomoyo_realpath_from_path+0xe3/0x5d0 [ 262.263158][ T8391] tomoyo_mount_permission+0x3e8/0x9d0 [ 262.263188][ T8391] ? tomoyo_mount_permission+0x2b3/0x9d0 [ 262.263213][ T8391] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 262.263306][ T8391] security_sb_mount+0xe4/0x320 [ 262.263337][ T8391] path_mount+0xbc/0x10e0 [ 262.263363][ T8391] ? user_path_at+0xd4/0x160 [ 262.263397][ T8391] ? user_path_at+0xd4/0x160 [ 262.263430][ T8391] __se_sys_mount+0x31d/0x420 [ 262.263467][ T8391] ? __pfx___se_sys_mount+0x10/0x10 [ 262.263502][ T8391] ? __x64_sys_mount+0x20/0xc0 [ 262.263528][ T8391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.263554][ T8391] do_syscall_64+0x174/0x580 [ 262.263602][ T8391] ? trace_irq_disable+0x3b/0x140 [ 262.263628][ T8391] ? clear_bhb_loop+0x40/0x90 [ 262.263657][ T8391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.263681][ T8391] RIP: 0033:0x7f1293f7ce59 [ 262.263701][ T8391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 262.263721][ T8391] RSP: 002b:00007f12921d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 262.263745][ T8391] RAX: ffffffffffffffda RBX: 00007f12941f5fa0 RCX: 00007f1293f7ce59 [ 262.263763][ T8391] RDX: 00002000000002c0 RSI: 0000200000000240 RDI: 0000000000000000 [ 262.263779][ T8391] RBP: 00007f12921d6090 R08: 0000200000000400 R09: 0000000000000000 [ 262.263795][ T8391] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 262.263808][ T8391] R13: 00007f12941f6038 R14: 00007f12941f5fa0 R15: 00007ffe59d77b28 [ 262.263844][ T8391] [ 262.263942][ T8391] ERROR: Out of memory at tomoyo_realpath_from_path. [ 262.596081][ T8395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.596703][ T8395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.163367][ T8419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.177249][ T8419] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.338351][ T8423] binder: Unknown parameter 'euid>00000000000000000000' [ 263.355860][ T5811] usb 3-1: new full-speed USB device number 42 using dummy_hcd [ 263.395917][ T5347] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 263.497211][ T5811] usb 3-1: device descriptor read/64, error -71 [ 263.546046][ T5347] usb 1-1: device descriptor read/64, error -71 [ 263.755912][ T5811] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 263.795906][ T5347] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 263.895894][ T5811] usb 3-1: device descriptor read/64, error -71 [ 263.925983][ T5347] usb 1-1: device descriptor read/64, error -71 [ 264.006760][ T5811] usb usb3-port1: attempt power cycle [ 264.036411][ T5347] usb usb1-port1: attempt power cycle [ 264.345870][ T5811] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 264.368191][ T5811] usb 3-1: device descriptor read/8, error -71 [ 264.385928][ T5347] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 264.406437][ T5347] usb 1-1: device descriptor read/8, error -71 [ 264.593477][ T8432] netlink: 120 bytes leftover after parsing attributes in process `syz.1.928'. [ 264.605933][ T5811] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 264.628258][ T5811] usb 3-1: device descriptor read/8, error -71 [ 264.646482][ T5347] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 264.667523][ T5347] usb 1-1: device descriptor read/8, error -71 [ 264.697185][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.1.929'. [ 264.736296][ T5811] usb usb3-port1: unable to enumerate USB device [ 264.777172][ T5347] usb usb1-port1: unable to enumerate USB device [ 265.733681][ T8443] netlink: 'syz.1.932': attribute type 3 has an invalid length. [ 265.779989][ T8445] sg_write: data in/out 393183/48 bytes for SCSI command 0x0-- guessing data in; [ 265.779989][ T8445] program syz.3.933 not setting count and/or reply_len properly [ 266.375437][ T8458] netlink: 120 bytes leftover after parsing attributes in process `syz.1.938'. [ 266.550103][ T8464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 266.552619][ T8464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.415188][ T8492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.426198][ T8492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.413246][ T8529] netlink: 'syz.1.970': attribute type 6 has an invalid length. [ 270.044961][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.996'. [ 270.044992][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.996'. [ 270.244209][ T8592] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1000'. [ 273.256315][ T8678] random: crng reseeded on system resumption [ 273.915162][ T8693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1046'. [ 273.915192][ T8693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1046'. [ 288.491036][ T5347] usb 2-1: USB disconnect, device number 44 [ 288.724474][ T8745] mmap: syz.3.1066 (8745): VmData 33271808 exceed data ulimit 1048576. Update limits or use boot option ignore_rlimit_data. [ 288.872549][ T5618] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 288.932847][ T5618] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 288.967354][ T5618] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 288.969297][ T5618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 288.984783][ T5618] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 289.360933][ T8760] tipc: Started in network mode [ 289.360967][ T8760] tipc: Node identity badf8be2b184, cluster identity 4711 [ 289.388969][ T8760] tipc: Enabled bearer , priority 0 [ 289.392079][ T8760] +: renamed from syzkaller0 [ 289.444926][ T8760] tipc: Disabling bearer [ 291.107398][ T60] Bluetooth: hci4: command tx timeout [ 291.635499][ T8746] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.641400][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.642432][ T8746] bridge_slave_0: entered allmulticast mode [ 291.653466][ T8746] bridge_slave_0: entered promiscuous mode [ 291.693779][ T8746] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.694250][ T8746] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.694557][ T8746] bridge_slave_1: entered allmulticast mode [ 291.703922][ T8746] bridge_slave_1: entered promiscuous mode [ 291.766263][ T8746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.772526][ T8746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.922875][ T8746] team0: Port device team_slave_0 added [ 291.933466][ T8746] team0: Port device team_slave_1 added [ 291.981879][ T8746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.981894][ T8746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 291.981915][ T8746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.985422][ T8746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.985435][ T8746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 291.985474][ T8746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.163387][ T8746] hsr_slave_0: entered promiscuous mode [ 292.172296][ T8746] hsr_slave_1: entered promiscuous mode [ 292.174252][ T8746] debugfs: 'hsr0' already exists in 'hsr' [ 292.174278][ T8746] Cannot create hsr debugfs directory [ 293.041671][ T8746] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 293.102050][ T8746] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 293.104542][ T8746] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 293.138192][ T8746] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 293.139642][ T8746] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 293.195803][ T60] Bluetooth: hci4: command tx timeout [ 293.250654][ T8746] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 293.254950][ T8746] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 293.299412][ T8746] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 293.800005][ T8746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.883482][ T8746] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.914385][ T1398] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.914572][ T1398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.947762][ T1398] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.948016][ T1398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.265930][ T60] Bluetooth: hci4: command tx timeout [ 295.468715][ T8746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.150791][ T8902] tipc: Started in network mode [ 296.150830][ T8902] tipc: Node identity b6e693e65fcd, cluster identity 4711 [ 296.174067][ T8902] tipc: Enabled bearer , priority 0 [ 296.202730][ T8902] +: renamed from syzkaller0 [ 296.250435][ T8902] tipc: Disabling bearer [ 296.513379][ T8746] veth0_vlan: entered promiscuous mode [ 296.579480][ T8746] veth1_vlan: entered promiscuous mode [ 296.824333][ T8746] veth0_macvtap: entered promiscuous mode [ 296.891329][ T8746] veth1_macvtap: entered promiscuous mode [ 297.081532][ T8746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.133484][ T8746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.289046][ T3375] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.290156][ T3375] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.292548][ T3375] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.336011][ T3375] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.348480][ T60] Bluetooth: hci4: command tx timeout [ 299.250800][ T3398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.250822][ T3398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.705311][ T3435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.705333][ T3435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.594997][ T8999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1062'. [ 300.595026][ T8999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1062'. [ 301.014488][ T9013] tipc: Enabled bearer , priority 0 [ 301.118664][ T9007] tipc: Disabling bearer [ 305.251839][ T9154] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1228'. [ 305.504957][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1232'. [ 306.239369][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1245'. [ 307.892245][ T9217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1256'. [ 310.234589][ T9274] 9p: Bad value for 'wfdno' [ 310.347670][ T9299] tipc: Enabled bearer , priority 0 [ 310.422695][ T9298] tipc: Disabling bearer [ 311.499342][ T9329] +: renamed from syzkaller0 [ 312.430831][ T5812] usb 4-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 312.430944][ T5812] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -110 [ 312.471174][ T5618] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 312.574661][ T5618] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 312.608328][ T5618] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 312.629693][ T5812] usb 4-1: USB disconnect, device number 36 [ 312.639576][ T5618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 312.646280][ T5618] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 312.764689][ T8679] Unrecognized hibernate image header format! [ 312.764706][ T8679] PM: hibernation: Image mismatch: architecture specific data [ 313.754737][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1317'. [ 314.785906][ T60] Bluetooth: hci5: command tx timeout [ 315.084322][ T9376] 9p: Bad value for 'wfdno' [ 316.338595][ T9342] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.339062][ T9342] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.339359][ T9342] bridge_slave_0: entered allmulticast mode [ 316.373863][ T9342] bridge_slave_0: entered promiscuous mode [ 316.455175][ T9422] 9p: Bad value for 'wfdno' [ 316.464901][ T9342] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.470801][ T9342] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.481765][ T9342] bridge_slave_1: entered allmulticast mode [ 316.522190][ T9342] bridge_slave_1: entered promiscuous mode [ 316.853609][ T9342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 316.876258][ T60] Bluetooth: hci5: command tx timeout [ 316.944729][ T9342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 317.081682][ T9342] team0: Port device team_slave_0 added [ 317.099702][ T9342] team0: Port device team_slave_1 added [ 317.262383][ T9342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.262400][ T9342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 317.262431][ T9342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.326676][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.326822][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.481329][ T9342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.481349][ T9342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 317.481382][ T9342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 317.706374][ T9342] hsr_slave_0: entered promiscuous mode [ 317.714516][ T9342] hsr_slave_1: entered promiscuous mode [ 317.729135][ T9342] debugfs: 'hsr0' already exists in 'hsr' [ 317.729165][ T9342] Cannot create hsr debugfs directory [ 317.887998][ T9455] +: renamed from syzkaller0 [ 317.978928][ T9452] 9p: Bad value for 'wfdno' [ 318.956283][ T60] Bluetooth: hci5: command tx timeout [ 319.446750][ T9485] 9p: Bad value for 'wfdno' [ 319.692172][ T9342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.845441][ T9495] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1370'. [ 320.471925][ T9342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.632313][ T9521] 9p: Bad value for 'wfdno' [ 321.021188][ T9539] sg_write: data in/out 447452/210 bytes for SCSI command 0x0-- guessing data in; [ 321.021188][ T9539] program syz.4.1386 not setting count and/or reply_len properly [ 321.025819][ T60] Bluetooth: hci5: command tx timeout [ 321.217340][ T9342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.835256][ T9342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.612534][ T9558] 9p: Bad value for 'wfdno' [ 323.971290][ T9342] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 324.047453][ T9342] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 324.062846][ T9342] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 324.166368][ T9342] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 324.175483][ T9342] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 324.347762][ T9342] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 324.362161][ T9342] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 324.522720][ T9342] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 325.120589][ T9342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.147411][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1423'. [ 325.211866][ T9342] 8021q: adding VLAN 0 to HW filter on device team0 [ 325.321028][ T1398] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.321546][ T1398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 325.620643][ T3398] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.620857][ T3398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.260230][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1434'. [ 327.063111][ T9685] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1445'. [ 327.403954][ T9342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.830443][ T9342] veth0_vlan: entered promiscuous mode [ 327.931886][ T9342] veth1_vlan: entered promiscuous mode [ 328.011048][ T9711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1455'. [ 328.190187][ T9342] veth0_macvtap: entered promiscuous mode [ 328.223251][ T9342] veth1_macvtap: entered promiscuous mode [ 328.384920][ T9342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 328.498754][ T9342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 328.642924][ T1027] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.698998][ T1027] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.699051][ T1027] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.699092][ T1027] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.748519][ T9732] netlink: 'syz.4.1465': attribute type 10 has an invalid length. [ 328.877460][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1467'. [ 329.172170][ T9732] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 329.182527][ T9732] team0: Port device netdevsim1 added [ 330.163890][ T9761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1476'. [ 330.994167][ T3398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.994189][ T3398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.421143][ T1398] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.421167][ T1398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.050015][ T9833] +: renamed from syzkaller0 [ 334.387721][ T9866] +: renamed from syzkaller0 [ 334.609411][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1531'. [ 335.367103][ T9903] +: renamed from syzkaller0 [ 335.444627][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1542'. [ 336.110348][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1555'. [ 336.266307][ T9937] +: renamed from syzkaller0 [ 338.957880][T10030] ./file0: Can't lookup blockdev [ 343.534797][T10187] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1665'. [ 343.534827][T10187] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1665'. [ 344.787421][T10231] +: renamed from syzkaller0 [ 345.656339][T10258] +: renamed from syzkaller0 [ 346.437253][T10281] +: renamed from syzkaller0 [ 346.583382][T10289] sctp: [Deprecated]: syz.0.1711 (pid 10289) Use of struct sctp_assoc_value in delayed_ack socket option. [ 346.583382][T10289] Use struct sctp_sack_info instead [ 346.859520][ T32] hid_parser_main: 30 callbacks suppressed [ 346.859546][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862580][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862613][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862640][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862667][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862693][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862720][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862747][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862774][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 346.862800][ T32] hid-generic 0103:0004:0000.000B: unknown main item tag 0x0 [ 347.215903][T10300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1716'. [ 347.217555][ T32] hid-generic 0103:0004:0000.000B: hidraw0: HID v0.05 Device [syz0] on syz1 [ 347.284605][T10308] fido_id[10308]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 347.747209][T10317] +: renamed from syzkaller0 [ 348.122498][T10333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1728'. [ 348.591096][T10357] +: renamed from syzkaller0 [ 348.839826][T10362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1741'. [ 349.610919][T10390] +: renamed from syzkaller0 [ 349.747398][T10393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1754'. [ 350.477807][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1764'. [ 351.278067][T10444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1777'. [ 351.595888][T10454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1788'. [ 352.191581][T10480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1792'. [ 352.228476][T10482] +: renamed from syzkaller0 [ 352.938313][T10507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1804'. [ 353.170543][T10514] +: renamed from syzkaller0 [ 354.209563][T10544] +: renamed from syzkaller0 [ 355.225285][T10584] +: renamed from syzkaller0 [ 358.602332][T10682] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1882'. [ 359.559494][T10710] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1893'. [ 359.878364][T10722] tipc: Enabling of bearer rejected, failed to enable media [ 359.880170][T10722] +: renamed from syzkaller0 [ 361.050354][T10758] tipc: Enabling of bearer rejected, failed to enable media [ 361.066209][T10758] +: renamed from syzkaller0 [ 362.030771][T10793] tipc: Enabling of bearer rejected, failed to enable media [ 362.048645][T10793] +: renamed from syzkaller0 [ 362.862162][T10826] tipc: Enabling of bearer rejected, failed to enable media [ 362.878227][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1942'. [ 362.881906][T10826] +: renamed from syzkaller0 [ 363.664924][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1955'. [ 363.777234][T10857] tipc: Enabling of bearer rejected, failed to enable media [ 363.779182][T10857] +: renamed from syzkaller0 [ 364.358300][T10880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 364.388595][T10880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1968'. [ 364.917489][T10896] tipc: Enabling of bearer rejected, failed to enable media [ 364.991390][T10891] +: renamed from syzkaller0 [ 365.308294][T10914] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'. [ 365.361226][T10915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'. [ 366.049798][T10938] tipc: Enabling of bearer rejected, failed to enable media [ 366.080600][T10938] +: renamed from syzkaller0 [ 369.082081][T11040] +: renamed from syzkaller0 [ 370.213692][ T38] audit: type=1326 audit(1780764602.889:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11085 comm="syz.3.2055" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1abea2ce59 code=0x0 [ 370.624389][T11098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2060'. [ 370.624416][T11098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2060'. [ 370.672015][T11098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2060'. [ 371.547067][T11134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2075'. [ 371.547103][T11134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2075'. [ 371.609220][T11139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2075'. [ 372.634818][T11174] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2089'. [ 377.235201][T11271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2130'. [ 377.235228][T11271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2130'. [ 377.579936][T11280] +: renamed from syzkaller0 [ 378.264143][T11302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2145'. [ 378.626491][T11313] +: renamed from syzkaller0 [ 378.724434][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.724554][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.338333][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2159'. [ 379.862670][T11350] sctp: [Deprecated]: syz.2.2167 (pid 11350) Use of struct sctp_assoc_value in delayed_ack socket option. [ 379.862670][T11350] Use struct sctp_sack_info instead [ 380.052902][T11351] +: renamed from syzkaller0 [ 380.288968][T11363] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2172'. [ 381.217510][T11395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2186'. [ 381.562022][T11401] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 381.811315][T11417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2194'. [ 381.981026][ T5716] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 381.981473][ T5716] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 381.981906][ T5716] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 381.984799][ T5716] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 381.984824][ T5716] rtc rtc0: __rtc_set_alarm: err=-22 [ 382.432802][T11431] +: renamed from syzkaller0 [ 383.401944][T11473] netlink: 'syz.2.2221': attribute type 10 has an invalid length. [ 383.640664][T11473] team0 (unregistering): Port device team_slave_0 removed [ 383.701900][T11473] team0 (unregistering): Port device team_slave_1 removed [ 383.875105][T11482] +: renamed from syzkaller0 [ 385.679267][T11549] tipc: Started in network mode [ 385.679315][T11549] tipc: Node identity 7e6cff616ffa, cluster identity 4711 [ 385.679592][T11549] tipc: Enabled bearer , priority 0 [ 385.793061][T11546] tipc: Disabling bearer [ 386.098784][T11561] sg_write: data in/out 455644/242 bytes for SCSI command 0x0-- guessing data in; [ 386.098784][T11561] program syz.3.2258 not setting count and/or reply_len properly [ 386.210172][T11567] bridge0: port 3(gretap0) entered blocking state [ 386.266250][T11567] bridge0: port 3(gretap0) entered disabled state [ 386.292729][T11567] gretap0: entered allmulticast mode [ 386.322482][T11567] gretap0: entered promiscuous mode [ 386.342308][T11567] bridge0: port 3(gretap0) entered blocking state [ 386.342542][T11567] bridge0: port 3(gretap0) entered forwarding state [ 386.619794][T11577] tipc: Started in network mode [ 386.619828][T11577] tipc: Node identity ca240a1d71e8, cluster identity 4711 [ 386.620064][T11577] tipc: Enabled bearer , priority 0 [ 386.714351][T11575] tipc: Disabling bearer [ 388.278244][T11607] tipc: Enabled bearer , priority 0 [ 388.589065][T11606] tipc: Disabling bearer [ 388.787505][T11630] bridge0: port 3(gretap0) entered blocking state [ 388.793407][T11630] bridge0: port 3(gretap0) entered disabled state [ 388.793748][T11630] gretap0: entered allmulticast mode [ 388.883364][T11630] gretap0: entered promiscuous mode [ 388.892932][T11630] bridge0: port 3(gretap0) entered blocking state [ 388.893091][T11630] bridge0: port 3(gretap0) entered forwarding state [ 389.892122][T11657] tipc: Enabled bearer , priority 0 [ 389.982148][T11656] tipc: Disabling bearer [ 390.669916][T11674] program syz.4.2308 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 390.919475][T11679] tipc: Enabled bearer , priority 0 [ 391.024653][T11678] tipc: Disabling bearer [ 395.815198][T11843] program syz.0.2384 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 396.402311][T11867] program syz.2.2393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 396.902699][T11884] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2401'. [ 397.073928][T11890] program syz.3.2404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 398.309547][T11934] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2423'. [ 399.061321][T11958] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2434'. [ 399.977208][T11980] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2445'. [ 400.773707][T12005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2457'. [ 400.773726][T12005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2457'. [ 401.479963][T12030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2469'. [ 401.479990][T12030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2469'. [ 402.379455][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2481'. [ 402.379483][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2481'. [ 403.010444][T12083] program syz.0.2494 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 403.652294][T12105] program syz.0.2504 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 404.760564][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2509'. [ 404.760591][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2509'. [ 405.169794][T12134] program syz.2.2515 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 406.018163][T12152] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2522'. [ 406.018191][T12152] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2522'. [ 406.842992][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2533'. [ 406.843020][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2533'. [ 407.671887][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2546'. [ 407.671915][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2546'. [ 411.510960][ T60] Bluetooth: hci4: command 0x0406 tx timeout [ 412.655097][T12263] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 412.705171][T12263] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 412.720801][T12263] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 412.723533][T12263] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 412.727442][T12263] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 414.263680][ T1511] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.553380][ T5618] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 414.866198][ T5618] Bluetooth: hci3: command tx timeout [ 415.159886][ T1511] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.785066][ T1511] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.261440][ T1511] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.945880][ T5618] Bluetooth: hci3: command tx timeout [ 417.043074][T12340] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.043476][T12340] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.043729][T12340] bridge_slave_0: entered allmulticast mode [ 417.072131][T12340] bridge_slave_0: entered promiscuous mode [ 417.110547][T12340] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.111028][T12340] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.111389][T12340] bridge_slave_1: entered allmulticast mode [ 417.115217][T12340] bridge_slave_1: entered promiscuous mode [ 417.649129][T12340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.776878][T12340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 418.016240][T12340] team0: Port device team_slave_0 added [ 418.046348][T12340] team0: Port device team_slave_1 added [ 418.670667][ T1511] bridge_slave_1: left allmulticast mode [ 418.670851][ T1511] bridge_slave_1: left promiscuous mode [ 418.717069][ T1511] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.027100][T12263] Bluetooth: hci3: command tx timeout [ 419.103721][ T3417] Bluetooth: hci0: Frame reassembly failed (-84) [ 419.129427][ T44] Bluetooth: hci0: Frame reassembly failed (-84) [ 419.144176][ T1511] bridge_slave_0: left allmulticast mode [ 419.145096][ T1511] bridge_slave_0: left promiscuous mode [ 419.147414][ T1511] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.508108][ T1511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.616439][ T1511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.675440][ T1511] bond0 (unregistering): Released all slaves [ 420.760783][T12340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.760798][T12340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.760819][T12340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.788991][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1 [ 420.821913][T12340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.821932][T12340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.821963][T12340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.032297][T12340] hsr_slave_0: entered promiscuous mode [ 421.034453][T12340] hsr_slave_1: entered promiscuous mode [ 421.049099][T12340] debugfs: 'hsr0' already exists in 'hsr' [ 421.049126][T12340] Cannot create hsr debugfs directory [ 421.118834][ T5618] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 421.127468][ T60] Bluetooth: hci3: command tx timeout [ 421.339322][ T1511] tipc: Left network mode [ 422.756425][ T5274] 8021q: adding VLAN 0 to HW filter on device eth2 [ 423.111672][ T3375] Bluetooth: hci0: Frame reassembly failed (-84) [ 423.138789][T12582] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2673'. [ 425.113397][ T5618] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 425.557489][ T1511] hsr_slave_0: left promiscuous mode [ 425.595915][ T1511] hsr_slave_1: left promiscuous mode [ 425.597233][ T1511] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 425.619217][ T1511] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.698646][ T1511] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.911303][ T1511] veth1_macvtap: left promiscuous mode [ 425.911717][ T1511] veth0_macvtap: left promiscuous mode [ 425.926744][ T1511] veth1_vlan: left promiscuous mode [ 425.931123][ T1511] veth0_vlan: left promiscuous mode [ 426.050503][T12670] random: crng reseeded on system resumption [ 429.208866][T12734] : renamed from vlan0 (while UP) [ 432.621769][ T1511] IPVS: stop unused estimator thread 0... [ 432.622741][T12340] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 432.732326][T12340] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 432.749720][T12340] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 432.917551][T12340] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 432.919483][T12340] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 433.203252][T12340] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 433.220067][T12340] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 433.402454][T12340] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 434.153700][ T67] Bluetooth: hci0: Frame reassembly failed (-84) [ 434.397774][T12340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 434.490234][T12340] 8021q: adding VLAN 0 to HW filter on device team0 [ 434.594954][ T1511] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.619233][ T1511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.704213][ T3375] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.704990][ T3375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 436.013382][T12340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 436.152014][ T5618] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 436.355094][T12340] veth0_vlan: entered promiscuous mode [ 436.383630][T12340] veth1_vlan: entered promiscuous mode [ 436.474198][T12969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2801'. [ 436.614448][T12340] veth0_macvtap: entered promiscuous mode [ 436.743545][T12340] veth1_macvtap: entered promiscuous mode [ 436.878319][T12340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.916913][T12340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.994497][ T3375] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.012326][ T3375] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.012652][ T3375] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.012696][ T3375] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.021977][T12904] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 437.118518][ T5618] Bluetooth: hci5: command 0x0406 tx timeout [ 438.671733][ T1567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.671755][ T1567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.095831][ T1567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 439.095855][ T1567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.157553][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.157667][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.591050][ T5618] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 440.695477][ T5618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 440.710434][ T5618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 440.737636][ T5618] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 440.743071][ T5618] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 442.791393][ T60] Bluetooth: hci0: command tx timeout [ 444.238971][T13115] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2857'. [ 444.481008][ T1567] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.865910][ T60] Bluetooth: hci0: command tx timeout [ 445.491113][ T1567] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.330943][ T1567] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.959685][ T60] Bluetooth: hci0: command tx timeout [ 447.529807][ T1567] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.025823][ T60] Bluetooth: hci0: command tx timeout [ 450.847284][ T1567] gretap0: left allmulticast mode [ 450.847310][ T1567] gretap0: left promiscuous mode [ 450.847529][ T1567] bridge0: port 3(gretap0) entered disabled state [ 450.987703][ T1567] bridge_slave_1: left allmulticast mode [ 450.987730][ T1567] bridge_slave_1: left promiscuous mode [ 450.987938][ T1567] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.021081][T13278] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2917'. [ 451.167858][ T1567] bridge_slave_0: left allmulticast mode [ 451.167886][ T1567] bridge_slave_0: left promiscuous mode [ 451.168147][ T1567] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.127072][ T1567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.187871][ T1567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 452.231300][ T1567] bond0 (unregistering): Released all slaves [ 452.276492][T13048] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.276752][T13048] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.277031][T13048] bridge_slave_0: entered allmulticast mode [ 452.279691][T13048] bridge_slave_0: entered promiscuous mode [ 452.345451][T13048] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.348257][T13048] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.349250][T13048] bridge_slave_1: entered allmulticast mode [ 452.367692][T13048] bridge_slave_1: entered promiscuous mode [ 452.551731][ T1567] tipc: Left network mode [ 452.564415][T13048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.580657][T13048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.787235][T13048] team0: Port device team_slave_0 added [ 452.792165][T13048] team0: Port device team_slave_1 added [ 452.857707][T13048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 452.857726][T13048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 452.857750][T13048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 452.864315][T13048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 452.864332][T13048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 452.864362][T13048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.542591][T13303] netlink: 'syz.4.2923': attribute type 3 has an invalid length. [ 453.872224][T13316] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2926'. [ 454.380191][T13048] hsr_slave_0: entered promiscuous mode [ 454.382746][T13048] hsr_slave_1: entered promiscuous mode [ 454.455552][ T5274] 8021q: adding VLAN 0 to HW filter on device eth1 [ 454.678482][T13339] netlink: 120 bytes leftover after parsing attributes in process `syz.4.2934'. [ 455.298810][ T1567] hsr_slave_0: left promiscuous mode [ 455.335831][ T1567] hsr_slave_1: left promiscuous mode [ 455.343897][ T1567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.343928][ T1567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.469684][ T1567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.469716][ T1567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.965777][ T1567] veth1_macvtap: left promiscuous mode [ 455.965969][ T1567] veth0_macvtap: left promiscuous mode [ 455.966275][ T1567] veth1_vlan: left promiscuous mode [ 456.280216][T13379] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2944'. [ 457.236650][ T1567] team0 (unregistering): Port device team_slave_1 removed [ 457.296669][ T1567] team0 (unregistering): Port device team_slave_0 removed [ 457.569898][ T5274] 8021q: adding VLAN 0 to HW filter on device eth2 [ 458.005194][T13398] netlink: 'syz.0.2952': attribute type 3 has an invalid length. [ 460.044346][T13446] netlink: 'syz.2.2965': attribute type 3 has an invalid length. [ 460.282892][T13451] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2967'. [ 462.423153][T13513] loop9: detected capacity change from 0 to 7 [ 462.515939][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.516106][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.541892][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.541998][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.747535][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.747573][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.747913][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.747947][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.751104][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.751223][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.751837][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.751920][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.752819][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.752909][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.753125][T13513] ldm_validate_partition_table(): Disk read failed. [ 462.753602][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.753646][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.760927][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.760961][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.761200][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 462.761237][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 462.761490][T13513] Dev loop9: unable to read RDB block 0 [ 462.769036][T13513] loop9: unable to read partition table [ 462.769650][T13513] loop9: partition table beyond EOD, truncated [ 462.769727][T13513] loop_reread_partitions: partition scan of loop9 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 463.133134][ T5780] [ 463.133193][ T5780] ====================================================== [ 463.133210][ T5780] WARNING: possible circular locking dependency detected [ 463.133386][ T5780] syzkaller #0 Tainted: G L [ 463.133404][ T5780] ------------------------------------------------------ [ 463.133445][ T5780] udevd/5780 is trying to acquire lock: [ 463.133462][ T5780] ffff88805951c938 ((wq_completion)loop9){+.+.}-{0:0}, at: touch_wq_lockdep_map+0xb5/0x180 [ 463.133551][ T5780] [ 463.133551][ T5780] but task is already holding lock: [ 463.133558][ T5780] ffff8880262c54c8 (&disk->open_mutex#4){+.+.}-{4:4}, at: bdev_release+0x1af/0x660 [ 463.133652][ T5780] [ 463.133652][ T5780] which lock already depends on the new lock. [ 463.133652][ T5780] [ 463.133661][ T5780] [ 463.133661][ T5780] the existing dependency chain (in reverse order) is: [ 463.133669][ T5780] [ 463.133669][ T5780] -> #5 (&disk->open_mutex#4){+.+.}-{4:4}: [ 463.133731][ T5780] mutex_lock_nested+0x5a/0x1d0 [ 463.133756][ T5780] bdev_open+0xe0/0xcc0 [ 463.133785][ T5780] bdev_file_open_by_dev+0x1be/0x240 [ 463.133815][ T5780] swsusp_check+0x56/0x490 [ 463.133837][ T5780] software_resume+0x51/0x4c0 [ 463.133865][ T5780] resume_store+0x333/0x4f0 [ 463.133882][ T5780] kernfs_fop_write_iter+0x3b0/0x540 [ 463.133912][ T5780] vfs_write+0x629/0xba0 [ 463.133939][ T5780] ksys_write+0x156/0x270 [ 463.133965][ T5780] do_syscall_64+0x174/0x580 [ 463.133995][ T5780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.134016][ T5780] [ 463.134016][ T5780] -> #4 (system_transition_mutex){+.+.}-{4:4}: [ 463.134046][ T5780] mutex_lock_nested+0x5a/0x1d0 [ 463.134070][ T5780] lock_system_sleep+0x49/0x70 [ 463.134092][ T5780] resume_store+0x2ff/0x4f0 [ 463.134108][ T5780] kernfs_fop_write_iter+0x3b0/0x540 [ 463.134137][ T5780] vfs_write+0x629/0xba0 [ 463.134162][ T5780] ksys_write+0x156/0x270 [ 463.134197][ T5780] do_syscall_64+0x174/0x580 [ 463.134228][ T5780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.134249][ T5780] [ 463.134249][ T5780] -> #3 (&of->mutex){+.+.}-{4:4}: [ 463.134279][ T5780] mutex_lock_nested+0x5a/0x1d0 [ 463.134306][ T5780] kernfs_seq_start+0x5c/0x420 [ 463.134337][ T5780] traverse+0x164/0x580 [ 463.134368][ T5780] seq_read_iter+0xd09/0xe20 [ 463.134399][ T5780] lo_rw_aio+0xc80/0xf00 [ 463.134427][ T5780] loop_process_work+0x92a/0x11b0 [ 463.134456][ T5780] process_one_work+0x98b/0x1630 [ 463.134484][ T5780] worker_thread+0xb49/0x1140 [ 463.134513][ T5780] kthread+0x388/0x470 [ 463.134533][ T5780] ret_from_fork+0x514/0xb70 [ 463.134555][ T5780] ret_from_fork_asm+0x1a/0x30 [ 463.134582][ T5780] [ 463.134582][ T5780] -> #2 (&p->lock){+.+.}-{4:4}: [ 463.134612][ T5780] mutex_lock_nested+0x5a/0x1d0 [ 463.134635][ T5780] seq_read_iter+0xb8/0xe20 [ 463.134665][ T5780] lo_rw_aio+0xc80/0xf00 [ 463.134692][ T5780] loop_process_work+0x92a/0x11b0 [ 463.134719][ T5780] process_one_work+0x98b/0x1630 [ 463.134747][ T5780] worker_thread+0xb49/0x1140 [ 463.134775][ T5780] kthread+0x388/0x470 [ 463.134795][ T5780] ret_from_fork+0x514/0xb70 [ 463.134817][ T5780] ret_from_fork_asm+0x1a/0x30 [ 463.134843][ T5780] [ 463.134843][ T5780] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}: [ 463.134875][ T5780] process_one_work+0x8d7/0x1630 [ 463.134903][ T5780] worker_thread+0xb49/0x1140 [ 463.134933][ T5780] kthread+0x388/0x470 [ 463.134953][ T5780] ret_from_fork+0x514/0xb70 [ 463.134975][ T5780] ret_from_fork_asm+0x1a/0x30 [ 463.135000][ T5780] [ 463.135000][ T5780] -> #0 ((wq_completion)loop9){+.+.}-{0:0}: [ 463.135031][ T5780] __lock_acquire+0x15a5/0x2d10 [ 463.135056][ T5780] lock_acquire+0x106/0x350 [ 463.135078][ T5780] touch_wq_lockdep_map+0xcb/0x180 [ 463.135096][ T5780] __flush_workqueue+0x14b/0x14f0 [ 463.135115][ T5780] drain_workqueue+0xd3/0x390 [ 463.135132][ T5780] lo_release+0x287/0x8f0 [ 463.135159][ T5780] bdev_release+0x541/0x660 [ 463.135198][ T5780] blkdev_release+0x15/0x20 [ 463.135217][ T5780] __fput+0x461/0xa70 [ 463.135239][ T5780] fput_close_sync+0x11f/0x240 [ 463.135263][ T5780] __x64_sys_close+0x7e/0x110 [ 463.135287][ T5780] do_syscall_64+0x174/0x580 [ 463.135318][ T5780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.135339][ T5780] [ 463.135339][ T5780] other info that might help us debug this: [ 463.135339][ T5780] [ 463.135347][ T5780] Chain exists of: [ 463.135347][ T5780] (wq_completion)loop9 --> system_transition_mutex --> &disk->open_mutex#4 [ 463.135347][ T5780] [ 463.135439][ T5780] Possible unsafe locking scenario: [ 463.135439][ T5780] [ 463.135447][ T5780] CPU0 CPU1 [ 463.135485][ T5780] ---- ---- [ 463.135500][ T5780] lock(&disk->open_mutex#4); [ 463.135521][ T5780] lock(system_transition_mutex); [ 463.135539][ T5780] lock(&disk->open_mutex#4); [ 463.135562][ T5780] lock((wq_completion)loop9); [ 463.135576][ T5780] [ 463.135576][ T5780] *** DEADLOCK *** [ 463.135576][ T5780] [ 463.135609][ T5780] 1 lock held by udevd/5780: [ 463.135648][ T5780] #0: ffff8880262c54c8 (&disk->open_mutex#4){+.+.}-{4:4}, at: bdev_release+0x1af/0x660 [ 463.135744][ T5780] [ 463.135744][ T5780] stack backtrace: [ 463.135767][ T5780] CPU: 1 UID: 0 PID: 5780 Comm: udevd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 463.135798][ T5780] Tainted: [L]=SOFTLOCKUP [ 463.135806][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 463.135825][ T5780] Call Trace: [ 463.135838][ T5780] [ 463.135878][ T5780] dump_stack_lvl+0xe8/0x150 [ 463.135928][ T5780] print_circular_bug+0x2e1/0x300 [ 463.135961][ T5780] check_noncircular+0x12e/0x150 [ 463.135996][ T5780] __lock_acquire+0x15a5/0x2d10 [ 463.136024][ T5780] ? lockdep_hardirqs_on+0x7a/0x110 [ 463.136090][ T5780] ? synchronize_rcu_normal+0x1cf/0x330 [ 463.136123][ T5780] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 463.136155][ T5780] ? find_get_entries+0x712/0x830 [ 463.136191][ T5780] ? __pfx_filemap_get_entry+0x10/0x10 [ 463.136221][ T5780] ? touch_wq_lockdep_map+0xb5/0x180 [ 463.136241][ T5780] lock_acquire+0x106/0x350 [ 463.136265][ T5780] ? touch_wq_lockdep_map+0xb5/0x180 [ 463.136292][ T5780] ? touch_wq_lockdep_map+0xb5/0x180 [ 463.136311][ T5780] touch_wq_lockdep_map+0xcb/0x180 [ 463.136331][ T5780] ? touch_wq_lockdep_map+0xb5/0x180 [ 463.136352][ T5780] __flush_workqueue+0x14b/0x14f0 [ 463.136373][ T5780] ? do_raw_spin_lock+0x12b/0x2f0 [ 463.136398][ T5780] ? __pfx___flush_workqueue+0x10/0x10 [ 463.136430][ T5780] drain_workqueue+0xd3/0x390 [ 463.136454][ T5780] lo_release+0x287/0x8f0 [ 463.136485][ T5780] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 463.136519][ T5780] ? __pfx_lo_release+0x10/0x10 [ 463.136547][ T5780] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 463.136573][ T5780] ? reacquire_held_locks+0x104/0x190 [ 463.136600][ T5780] ? rt_spin_lock+0x1e0/0x400 [ 463.136625][ T5780] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 463.136653][ T5780] ? rt_spin_unlock+0x14f/0x200 [ 463.136681][ T5780] ? rt_spin_unlock+0x160/0x200 [ 463.136710][ T5780] ? __pfx_lo_release+0x10/0x10 [ 463.136740][ T5780] bdev_release+0x541/0x660 [ 463.136775][ T5780] ? __pfx_blkdev_release+0x10/0x10 [ 463.136796][ T5780] blkdev_release+0x15/0x20 [ 463.136816][ T5780] __fput+0x461/0xa70 [ 463.136844][ T5780] fput_close_sync+0x11f/0x240 [ 463.136868][ T5780] ? __pfx_fput_close_sync+0x10/0x10 [ 463.136896][ T5780] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.136919][ T5780] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.136941][ T5780] __x64_sys_close+0x7e/0x110 [ 463.136967][ T5780] do_syscall_64+0x174/0x580 [ 463.136999][ T5780] ? clear_bhb_loop+0x40/0x90 [ 463.137024][ T5780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.137046][ T5780] RIP: 0033:0x7f6bdebd4407 [ 463.137066][ T5780] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 463.137118][ T5780] RSP: 002b:00007ffdc105cb60 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 463.137141][ T5780] RAX: ffffffffffffffda RBX: 00007f6bdeae6880 RCX: 00007f6bdebd4407 [ 463.137158][ T5780] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 463.137178][ T5780] RBP: 00007f6bdeae66e8 R08: 0000000000000000 R09: 0000000000000000 [ 463.137193][ T5780] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 463.137207][ T5780] R13: 000055e43943e190 R14: 0000000000000008 R15: 000055e439444ba0 [ 463.137230][ T5780] [ 463.877574][T13048] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 463.952630][T13048] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 463.980355][T13048] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 464.020230][T13048] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 464.023443][T13048] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 464.053650][T13048] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 464.055289][T13048] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 464.090767][T13048] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 464.229029][T13048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.259913][T13048] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.277394][ T1567] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.277535][ T1567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.300116][T12531] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.300262][T12531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.837282][T13048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.913196][T13048] veth0_vlan: entered promiscuous mode [ 464.928052][T13048] veth1_vlan: entered promiscuous mode [ 464.967226][T13048] veth0_macvtap: entered promiscuous mode [ 464.972785][T13048] veth1_macvtap: entered promiscuous mode [ 465.006182][T13048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.020402][T13048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.037278][ T1567] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.037891][ T1567] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.037933][ T1567] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.037969][ T1567] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.200424][T13048] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht' [ 465.227511][ T1567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.227543][ T1567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.230737][T13048] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' [ 465.270411][ T1567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.270433][ T1567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.383721][ T5695] ------------[ cut here ]------------ [ 468.383739][ T5695] kcov->t != t [ 468.383755][ T5695] WARNING: kernel/kcov.c:475 at kcov_task_exit+0x181/0x240, CPU#0: udevd/5695 [ 468.383803][ T5695] Modules linked in: [ 468.383826][ T5695] CPU: 0 UID: 0 PID: 5695 Comm: udevd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 468.383860][ T5695] Tainted: [L]=SOFTLOCKUP [ 468.383869][ T5695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 468.383884][ T5695] RIP: 0010:kcov_task_exit+0x181/0x240 [ 468.383909][ T5695] Code: 90 00 00 00 e8 f0 17 59 00 4c 89 f7 5b 41 5e 41 5f e9 b3 de 5e 00 7c 40 5b 41 5e 41 5f c3 cc cc cc cc cc 90 0f 0b 90 eb 10 90 <0f> 0b 90 eb 0a 90 0f 0b 90 eb 04 90 0f 0b 90 4c 89 ff 5b 41 5e 41 [ 468.383931][ T5695] RSP: 0018:ffffc90004fe7d20 EFLAGS: 00010287 [ 468.383952][ T5695] RAX: 0d85a4c77fcec700 RBX: ffff88805aa40000 RCX: 0000000000000000 [ 468.383969][ T5695] RDX: 0000000000000000 RSI: ffffffff8bac2160 RDI: 00000000ffffffff [ 468.383986][ T5695] RBP: ffffc90004fe7e78 R08: 0000000000000000 R09: 0000000000000000 [ 468.384000][ T5695] R10: dffffc0000000000 R11: fffffbfff1f5d99f R12: dffffc0000000000 [ 468.384023][ T5695] R13: 0000000000000000 R14: ffff888031b61400 R15: ffff888031b61408 [ 468.384041][ T5695] FS: 00007f6bdeae6880(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000 [ 468.384061][ T5695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 468.384077][ T5695] CR2: 000055e439439a38 CR3: 000000005968a000 CR4: 00000000003526f0 [ 468.384097][ T5695] Call Trace: [ 468.384106][ T5695] [ 468.384117][ T5695] do_exit+0x150/0x22c0 [ 468.384146][ T5695] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 468.384191][ T5695] ? preempt_count_add+0x91/0x190 [ 468.384225][ T5695] ? __pfx_do_exit+0x10/0x10 [ 468.384250][ T5695] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 468.384283][ T5695] ? rt_spin_unlock+0x160/0x200 [ 468.384311][ T5695] do_group_exit+0x21b/0x2d0 [ 468.384338][ T5695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.384362][ T5695] __x64_sys_exit_group+0x3f/0x40 [ 468.384388][ T5695] x64_sys_call+0x221a/0x2240 [ 468.384418][ T5695] do_syscall_64+0x174/0x580 [ 468.384452][ T5695] ? trace_irq_disable+0x3b/0x140 [ 468.384477][ T5695] ? clear_bhb_loop+0x40/0x90 [ 468.384502][ T5695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.384525][ T5695] RIP: 0033:0x7f6bdec1e6c5 [ 468.384545][ T5695] Code: ff ff ff 64 89 02 eb d2 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 35 21 f7 0f 00 ba e7 00 00 00 eb 03 66 90 f4 89 d0 0f 05 <48> 3d 00 f0 ff ff 76 f3 f7 d8 64 89 06 eb ec 66 2e 0f 1f 84 00 00 [ 468.384566][ T5695] RSP: 002b:00007ffdc105cbd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 468.384590][ T5695] RAX: ffffffffffffffda RBX: 000055e4394dbb80 RCX: 00007f6bdec1e6c5 [ 468.384608][ T5695] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000 [ 468.384624][ T5695] RBP: 000055e439430910 R08: 0000000000000000 R09: 0000000000000000 [ 468.384639][ T5695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.384653][ T5695] R13: 00007ffdc105cc20 R14: 0000000000000000 R15: 0000000000000000 [ 468.384677][ T5695] [ 468.384696][ T5695] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 468.384721][ T5695] CPU: 0 UID: 0 PID: 5695 Comm: udevd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 468.384753][ T5695] Tainted: [L]=SOFTLOCKUP [ 468.384763][ T5695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 468.384776][ T5695] Call Trace: [ 468.384784][ T5695] [ 468.384793][ T5695] vpanic+0x56c/0xa60 [ 468.384824][ T5695] ? __pfx__printk+0x10/0x10 [ 468.384845][ T5695] ? __pfx_vpanic+0x10/0x10 [ 468.384876][ T5695] ? is_bpf_text_address+0x292/0x2b0 [ 468.384905][ T5695] ? is_bpf_text_address+0x26/0x2b0 [ 468.384939][ T5695] panic+0xc5/0xd0 [ 468.384971][ T5695] ? __pfx_panic+0x10/0x10 [ 468.385011][ T5695] __warn+0x315/0x4c0 [ 468.385044][ T5695] ? kcov_task_exit+0x181/0x240 [ 468.385067][ T5695] ? kcov_task_exit+0x181/0x240 [ 468.385088][ T5695] __report_bug+0x339/0x540 [ 468.385126][ T5695] ? kcov_task_exit+0x181/0x240 [ 468.385148][ T5695] ? __pfx___report_bug+0x10/0x10 [ 468.385194][ T5695] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 468.385226][ T5695] ? rt_spin_lock+0x1e0/0x400 [ 468.385252][ T5695] ? rcu_is_watching+0x15/0xb0 [ 468.385284][ T5695] ? lock_acquire+0x5f/0x350 [ 468.385310][ T5695] ? kcov_task_exit+0x181/0x240 [ 468.385332][ T5695] report_bug+0x16a/0x220 [ 468.385366][ T5695] ? kcov_task_exit+0x181/0x240 [ 468.385387][ T5695] ? kcov_task_exit+0x183/0x240 [ 468.385408][ T5695] handle_bug+0x9c/0x200 [ 468.385431][ T5695] exc_invalid_op+0x1a/0x50 [ 468.385455][ T5695] asm_exc_invalid_op+0x1a/0x20 [ 468.385477][ T5695] RIP: 0010:kcov_task_exit+0x181/0x240 [ 468.385501][ T5695] Code: 90 00 00 00 e8 f0 17 59 00 4c 89 f7 5b 41 5e 41 5f e9 b3 de 5e 00 7c 40 5b 41 5e 41 5f c3 cc cc cc cc cc 90 0f 0b 90 eb 10 90 <0f> 0b 90 eb 0a 90 0f 0b 90 eb 04 90 0f 0b 90 4c 89 ff 5b 41 5e 41 [ 468.385523][ T5695] RSP: 0018:ffffc90004fe7d20 EFLAGS: 00010287 [ 468.385544][ T5695] RAX: 0d85a4c77fcec700 RBX: ffff88805aa40000 RCX: 0000000000000000 [ 468.385561][ T5695] RDX: 0000000000000000 RSI: ffffffff8bac2160 RDI: 00000000ffffffff [ 468.385577][ T5695] RBP: ffffc90004fe7e78 R08: 0000000000000000 R09: 0000000000000000 [ 468.385592][ T5695] R10: dffffc0000000000 R11: fffffbfff1f5d99f R12: dffffc0000000000 [ 468.385610][ T5695] R13: 0000000000000000 R14: ffff888031b61400 R15: ffff888031b61408 [ 468.385635][ T5695] do_exit+0x150/0x22c0 [ 468.385661][ T5695] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 468.385697][ T5695] ? preempt_count_add+0x91/0x190 [ 468.385742][ T5695] ? __pfx_do_exit+0x10/0x10 [ 468.385767][ T5695] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 468.385800][ T5695] ? rt_spin_unlock+0x160/0x200 [ 468.385828][ T5695] do_group_exit+0x21b/0x2d0 [ 468.385855][ T5695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.385879][ T5695] __x64_sys_exit_group+0x3f/0x40 [ 468.385906][ T5695] x64_sys_call+0x221a/0x2240 [ 468.385935][ T5695] do_syscall_64+0x174/0x580 [ 468.385971][ T5695] ? trace_irq_disable+0x3b/0x140 [ 468.385996][ T5695] ? clear_bhb_loop+0x40/0x90 [ 468.386022][ T5695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.386046][ T5695] RIP: 0033:0x7f6bdec1e6c5 [ 468.386065][ T5695] Code: ff ff ff 64 89 02 eb d2 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 35 21 f7 0f 00 ba e7 00 00 00 eb 03 66 90 f4 89 d0 0f 05 <48> 3d 00 f0 ff ff 76 f3 f7 d8 64 89 06 eb ec 66 2e 0f 1f 84 00 00 [ 468.386086][ T5695] RSP: 002b:00007ffdc105cbd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 468.386111][ T5695] RAX: ffffffffffffffda RBX: 000055e4394dbb80 RCX: 00007f6bdec1e6c5 [ 468.386128][ T5695] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000 [ 468.386144][ T5695] RBP: 000055e439430910 R08: 0000000000000000 R09: 0000000000000000 [ 468.386158][ T5695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.386173][ T5695] R13: 00007ffdc105cc20 R14: 0000000000000000 R15: 0000000000000000 [ 468.386207][ T5695] [ 468.386819][ T5695] Kernel Offset: disabled