last executing test programs: 6.348674799s ago: executing program 1 (id=1189): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e24, 0x80002000, @remote, 0xffff}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents64(r1, &(0x7f00000000c0)=""/149, 0x95) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r3, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4}) ioctl$DVB_DEMUX_DMX_ADD_PID(r3, 0x40026f33, &(0x7f0000000100)=0x808c) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) memfd_create(&(0x7f0000000000)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\x1c\xe4\xd8\xb58\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\x00\b\x00\x00X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31\xb0\x87O\xc3\xa3AW\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]~\xfc1\xe5w\"\xa3\x8d\xe7\xd4x\xb3\xfa(\xc9\xc2bb\xb1\xa8\xe1\xc2\xec\xca\x7f\xe1\x1e\xb9\xd4\x80-6L\x91\x9b\xad\x85`\xf2+\xfbN+\x0e\xa6\xc4M\xda\xfc\xa1gZ)STB\xd1\xd1\xf1', 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0x480}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x2, 0xff, 0x0, 0x0, 0x6}, 0x20) rt_tgsigqueueinfo(0x0, 0x0, 0x2d, &(0x7f0000000100)={0x1a, 0x1, 0xe}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x4c, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88c7}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac=@broadcast, @device_b}}}]}, 0x4c}}, 0x800) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 6.023688457s ago: executing program 1 (id=1192): syz_usb_connect$midi(0x2, 0x38, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000200000040990444104000010203010902260001010940060904000001010300400724013cff070009050300200009010504250100dfa8317a7e1d65fd8b777c55453356b4e3bc90b22a7d7f54a346326ffd226716650964a4b46107508965109e9cd1bec05eeec1fa3322e91bcbce13291dc04402c47afefd4d0d756a3469bc6f88e9e1280dc9c1d8e98af1197bc39b340899ce78590abcb581fe3beed9c46288111668930d01c0baaf3973849b1c857a6d756f7f55bc46"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) 4.586844722s ago: executing program 1 (id=1208): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x9, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) 4.560683911s ago: executing program 3 (id=1209): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) futex(0x0, 0xd, 0x2, &(0x7f0000000240), 0x0, 0x2) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@host, 0x1}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0x9}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x109) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xf321108ff504fe31, 0x10, 0xffffffffffffffff, 0x66330000) fremovexattr(r2, &(0x7f0000000000)=@known='system.posix_acl_default\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r4) 4.430314964s ago: executing program 1 (id=1210): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22903) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00', 0x0, 0xc0006, 0x0, 0x0, 0x0, 0x4a9e47b3, 0xffffff3e, 0x0, 0x6}) socket(0x28, 0x6, 0x2) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6) 4.324540882s ago: executing program 3 (id=1211): connect$unix(0xffffffffffffffff, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x8000, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x200c0800}, {&(0x7f00000001c0)=@in={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000280)="ea49796b84085d98c19f617c5c4e6079017d07dd9d108c3213d4113e6a9cf153a2e41612a7c733bbd2ba1ec6015d5c18aa997e3ca81cf18d406db2be644be16a4fd864e12c967b4ba73ba3e61020700e640a8bc7b297b9c3e85c0cebf65f37a656e7a645f93c2143cc85074c61bce2d087ef9195529765f65a90d134b0dad1b38c54fc13c2328943d531fcf2137f60e9a7286c4cc9be26f531687d68ce0f319bff36cd2b29d8170543152182d63d06efcbab5ba3441c04c5563ea807c9b0c8407c68b3ce5265c82ba28e7ca65493ac625b89380fb5bb036b1c94ccf591405706845d8cc2ee32bf70bd8426675475ca", 0xef}, {&(0x7f0000000380)="d0f3451de3ba017aea5da9f2feb268b112763423fb81b8db008f8cbfad197fe99e6a9a5cebc05ac9d2140003a8c102adb89aebbf04fad9639d", 0x39}, {&(0x7f0000000500)="487aca939bb371560a0d1e9593d5ca084ced95cd9c42df30bf11931f3f17e8ce16b6930775fee04e500a7e516ae9a5f0c6de60443c90b201965593d7f567c0c4445fee01a3efc30498f6925935cdffd4243625c03d0cd3565ef75255a3bf50f6ca89f3e6af42d3555ca28a7c68c61098f11743d118c0e2c41a9a2bb360e06f4716a95d80ebdeaeb257dc0238a0d7b4170ac6fbf8", 0x94}, {&(0x7f00000007c0)}], 0x4, &(0x7f0000000680)=[@sndinfo={0x20, 0x84, 0x2, {0x7, 0x4, 0xfffffff0, 0x1}}, @init={0x18, 0x84, 0x0, {0x70, 0x101, 0x7f, 0x40}}, @init={0x18, 0x84, 0x0, {0x1000, 0xa89, 0x8000, 0x7}}, @dstaddrv6={0x20, 0x84, 0x8, @remote}, @dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}], 0x90, 0x8000}], 0x2, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000080)='a', 0x4101}], 0x1, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000018c0)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001800)='&', 0x1}, 0x68) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r3 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$cgroup_ro(r3, &(0x7f0000000200)='memory.events\x00', 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 3.759089268s ago: executing program 0 (id=1215): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x73f0, 0x9}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x11, 0x5}) (fail_nth: 1) 3.733037636s ago: executing program 3 (id=1216): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x73f0, 0x9}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x11, 0x5}) 3.624741268s ago: executing program 2 (id=1217): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000240)={0x2, {0xaba, 0x9, 0x6, 0x6}, {0x3fe, 0x3, 0x40, 0x7}, {0x8, 0x5}}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) ioctl$SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000200)=0x1) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) close(r4) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r3, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r2, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r5, 0x0, 0x1004000, 0x1000, &(0x7f0000ffc000)}) r6 = syz_clone(0x600, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, 0x0) waitid(0x0, r6, &(0x7f0000000100), 0x8, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x41) r7 = syz_usbip_server_init(0x5) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r9 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r9, 0x0, 0xffffffffffffffff) setpgid(r8, r8) r10 = syz_open_dev$video(&(0x7f0000000200), 0xd8e, 0x0) ioctl$VIDIOC_G_FMT(r10, 0xc0d05604, &(0x7f0000000280)={0x8, @raw_data="24c68d6a23e49bb0d4b5e7813d9d11b799b508b3643d1d213807b8ef1b8984ddba6ffc5f5d1411423f2b3bb545b61201ce62c16137bcf57c565a6287b9671ef47bbe381bcb378921bb13f489dcaf4f5f2edbefb84d75d32c899b3943ea607442bfb00c56ba7048bd50558250130f1e54b4df9f939a1dfa4496e7e1fe0ec0a3e9ae24420e6630625b304c7a8102a1fa8824edf26fbef59238ec895e9d35d234feebdbaebf84720ee47b9357c745e7ac2390a8825cda2e1cba0b75c519cb175a194023d672f843ce0a"}) wait4(r8, 0x0, 0xa0000000, 0x0) r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r11, 0xc0045401, &(0x7f0000000040)=0x1ab) getsockopt$inet_udp_int(r11, 0x11, 0x67, &(0x7f0000000100), &(0x7f0000000140)=0x4) r12 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f00000002c0)=0x4) ioctl$mixer_OSS_ALSAEMULVER(r12, 0x80044df9, &(0x7f0000000040)) write$usbip_server(r7, &(0x7f00000001c0)=ANY=[@ANYRES16=r11, @ANYRES32=r9, @ANYRESDEC=r11], 0x35) 3.356593637s ago: executing program 1 (id=1218): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x9, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044) 3.118466546s ago: executing program 1 (id=1219): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe40102030109021200"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000002c0)={0x18, &(0x7f0000000180)={0x0, 0x17, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0}) 2.850376418s ago: executing program 3 (id=1220): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001a40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fc00df253500000008000300", @ANYRES32=r4, @ANYBLOB="0a00340001010101010100000600fd0007000000140055"], 0x44}, 0x1, 0x0, 0x0, 0x80440d0}, 0x20000044) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72918f72", {0x1, 0x1, 0x1000, 0x2, 0x5}}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x3, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x1f, &(0x7f0000000380)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15"]) 2.740438705s ago: executing program 0 (id=1221): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0) r0 = mq_open(&(0x7f00000002c0)='wg2\x00', 0x40, 0x10, &(0x7f0000000400)={0xfffffffffffffffb, 0xfff, 0xb8, 0x3d6}) mq_notify(r0, &(0x7f0000000900)={0x0, 0x37, 0x1, @thr={&(0x7f0000000480)="e0f9ef1536c5040de8952c1d6317e6da4b29933deb15887d849c102efb00d6070abcac81f47eb6408e94719e6d49728c7dc10063456ec1a1b1fa17c615cb05a7915d991a520b3c08e5e48a2bbe6e62b896aafad5da66a217075dc7e17b3d7a01a89aab751c99e96624a2e481dd4f891f1c735dd420e8223bf023085fdddc12fea9c8b045d4ebb919ae20c5796ec537bc4271f0f0feeae6fa9369aea4baee10df5ceec0c569e349798951018ee6e99b30781ba06312a830", &(0x7f0000000800)="03fae8148d9fdb686184d3bd5e7c783a22c7b829aa21f2b48eaeb2c4e030ca57a25dd1cf3210e7f25e56e5eb8e537ff9d413990c5b2b6369c2f05b94e561691bb9cdae9fbf66155aafd1d60a4abea2328206b98a6d051b228d9feda31e89ab5467c14d1621a2c61db87b8273aa1cb05c19e29a03691fbb5d6e5b93e142cb7b5ea24b7f32a8d5d6f92bfa88d929526a57622153994c589a8da2b7f905677b953f458ab73ebb8fc84ec4542e15faa87efd0f8517558b6167abceedee5b146054418764db3861a6e2e0a75b3f979005cdb5da"}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x8, &(0x7f0000000540)=[{0x15}, {0x25, 0x0, 0x20}, {0x6, 0x0, 0x0, 0x7fff7ffc}, {0x8, 0x1, 0x2, 0x8}, {0x9, 0x9, 0x8, 0xfffffffa}, {0x7f, 0x1, 0x5, 0x4}, {0x58ec, 0x0, 0x9, 0x3}, {0xffff, 0x5, 0xb8, 0x10000}]}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xaf9ba000) r1 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x800) syz_usb_connect(0x5, 0x2d, &(0x7f0000000b00)={{0x12, 0x1, 0x250, 0x17, 0x7a, 0x5, 0x10, 0xc72, 0x13, 0x4ef5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x8, 0x9, 0x40, 0xa, "", [{{0x9, 0x4, 0xfe, 0xe7, 0x1, 0x60, 0x27, 0x47, 0x80, [], [{{0x9, 0x5, 0xd, 0x0, 0x8, 0x3, 0x3d, 0xc4}}]}}]}}]}}, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000107d1eed2c00000000000109022400010000b001090400000903001a00092109000301222c0009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f00000005c0)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="20382c0000002c22c89ebc76f120d6fa31ea7823f7327ada0f03519ba6a62f093a06add6ca8e9fdc8f481100000000000000"], 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) syz_ublk_add_dev(r3, r4, r5, r6, &(0x7f0000000200)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000440)=@new_dev={0x4, 0x3c9, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x40}}}, &(0x7f0000000300)=0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f00000003c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r10, @ANYBLOB="4c00088048000080200004000a004e210000845e4e843a510994000000000000000000010000000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c", @ANYRES64=0x0], 0x68}}, 0x0) mmap$usbfs(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x10, 0xffffffffffffffff, 0x3) syz_emit_vhci(&(0x7f0000000940)=ANY=[@ANYBLOB="040e040a292001307f8874b49913ba55e80cd489684973c739a508e3a8cb5676c321f94e7dbb3bd27d4316e0f0ec3db3a2f93eb89f5e08a012f3d83dcf6e512d5289a2d97cfe125010c15ca8a29e1807b85c8baf6ab6937f458e2b0a85ee5c961d132dae6ca59ba2f5c6dff5ad4ec4de68e244ecca013942ffe57beff524b6ffbb7026b70100c5400ce202773af0e466c07be1e90c4575d7f09b3b7c74be36723de6b5d898c538b113d6e3672854c1de5a7ea2724bc16f025d090000000000000056bd9b2ee46f34af785dcf1ba26449ace34fd2a084bda2838799ae890036b959c878a09873cbd91208ae83670bb24792d8a0679ab90cb26a3f224f1bd00bf4dad0c72e"], 0x7) r11 = epoll_create(0x4) ioctl$OCFS2_IOC_UNRESVSP64(r11, 0x4030582b, 0x0) r12 = dup(r8) syz_ublk_setup_queues(r12, r7, &(0x7f0000000180)={0x0, 0x0, 0x1000, 0x1, 0x257}, &(0x7f0000000580)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0xd9d3, 0x20, 0x1000000, 0x35f, 0x0, r12}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x80, 0x0, 0x146, 0x0, r3}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xd289, 0x400, 0x5}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x1, 0x5, 0xfffffffd, 0x0, r1}}], 0x1, &(0x7f0000001000)={0x2e, 0xa, 0x0, r12, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, '\x00', {0x1, 0xbcc, 0x0, 0x0}}, 0x0) 2.738320446s ago: executing program 0 (id=1222): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r2, 0x5000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r2, 0x0, 0xffffffdb) (fail_nth: 1) 2.467431261s ago: executing program 2 (id=1223): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7cb, &(0x7f0000000100)={&(0x7f0000001080)={{@any, 0xfff}, {@any, 0x5}, 0x400, "4145fdc5fec7663a106cef95c8d86f03d655b82e62dc5204ff06732791d90936bf31f7b4eafad3ed43e8da42de6780edce2e2f941399c9b9002a6a538fc1ebd3e994ce6fa4a67c775c476cdbedebbe34904cbe0d5808cf5892aa1e563f949f38cd2ebaa2c46464183ead798b1af0ba7ad5db77736a5329e7297e674242854f87ef03b0fba724523033529e64be44188740b9e9a0ba6944e9724c4aaa8470ab8d35a1746a1da4dfa2112cb5135d97efae0975e7fa5e421fe7ec12a8bbd7714076b63ddaca822d7c0383ccc4e21b11c8a0443850c05f4bb6716b6ba83016b709b44a9959c44daa717edf6b43f7c235fae47730ff2d435ed29d062451ab74bd9f65d9bf96e1afc645ca2249c89146fc815210d465ca0ede0acbfe1165b15d222ed668b79b14f901178d35e7421637588c887b0f2335ea84a442fc95bbcf0ea3b308ee18d913901cb8f40dd2798e781c4b1c620c23565b5bc18e25c206f772c863c8a8864f460c239033717d41f94fbf13b1d0c7271364bd6d144160e1df33fcb33e5d45a5e7ea4264d089397d7e022c6e1f37a2e464c01b4df6a906d3a46d9432ba1966d73aa0627491e3b3c33bee03ff2138896b64862910f24dbacc3c686e0059ff5915c8b69bce3c4022c5c80d574274d1107c9935898ae444a6c38dbd8319e778e1a86a293094bd98d0ae3ae2c32a4bcb20e0517c03e7b46839f4e3601ff98244ca5485cacbfe53c935cf14038bba908af19834a86b56cf68a7170448a434b55d66c080ea095b02ba4c3f8ba492c9e50111bf1b3085cc0f3938a58609a337e89eba9271ee071a8b9f3ab4ad0fc3c92a48cb6bc63ed74877d8425c88eb40d18c6260d2221dc295d1fa1557cfcfe1cb3a1d61b4b1235e28903ae5a4d3d358f6d3e2c87b110e38aab0fd1ca2c047b3ea826d8cd9b980b3fc64fbf38d0d3fed0057b30612880a3d93aa3e16e1c1902cc8c206d7732f426fbb063b020a03d08e3bcd4ff32c30c8ea424ea0c746e72c23e8d53576cc801bdf82f8bba865074e5dde3177820c24be87b9bd36e30a81d1d50b5aa0628262d46d19060ae37a33aa8e515fed3f8bfdf65ba5f8e11e4d517a50ce03f82bc5b3c8e9b3eb6572f1a686430170ce64bc1a61246fd99b2d8a3215104478eead271fcca07bc66e637d5543ad47147f5ad50cc5a203a37b7d2f67bb0387ae189ee7d5cfc0a421b0f0e6286aaf28a3eadfad1b8c83a26ac0a1d4a3846d93e161c82be100278d94e35fc7b5f1feb833f1b975adb33bec5d777cfbdb2c5fe171e205fd6596b37ba646b9ecb163fabcd89a469f6ad539a80937748105298b0a6364d75c6de3cbcbb96c440d5489f3f47149551e7f53d3a22d837cfb59c3e43f0c95760791ed36ff84ae82a679e4e062461bda5db7c27fb00c3238266734bc7c16d45ce7cd3f0b7e63c309977816048f24"}, 0x418, 0x8}) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x1, &(0x7f0000000600)=0x0) io_submit(r2, 0x1, &(0x7f00000008c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7fff, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$kcm(0x11, 0x200000000000002, 0x300) sendmsg$sock(r3, &(0x7f0000000840)={&(0x7f0000000340)=@tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x3}}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x40812) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, 0x0) 1.792637108s ago: executing program 2 (id=1224): connect$unix(0xffffffffffffffff, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x8000, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x200c0800}, {&(0x7f00000001c0)=@in={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000280)="ea49796b84085d98c19f617c5c4e6079017d07dd9d108c3213d4113e6a9cf153a2e41612a7c733bbd2ba1ec6015d5c18aa997e3ca81cf18d406db2be644be16a4fd864e12c967b4ba73ba3e61020700e640a8bc7b297b9c3e85c0cebf65f37a656e7a645f93c2143cc85074c61bce2d087ef9195529765f65a90d134b0dad1b38c54fc13c2328943d531fcf2137f60e9a7286c4cc9be26f531687d68ce0f319bff36cd2b29d8170543152182d63d06efcbab5ba3441c04c5563ea807c9b0c8407c68b3ce5265c82ba28e7ca65493ac625b89380fb5bb036b1c94ccf591405706845d8cc2ee32bf70bd8426675475ca", 0xef}, {&(0x7f0000000380)="d0f3451de3ba017aea5da9f2feb268b112763423fb81b8db008f8cbfad197fe99e6a9a5cebc05ac9d2140003a8c102adb89aebbf04fad9639d", 0x39}, {&(0x7f0000000500)="487aca939bb371560a0d1e9593d5ca084ced95cd9c42df30bf11931f3f17e8ce16b6930775fee04e500a7e516ae9a5f0c6de60443c90b201965593d7f567c0c4445fee01a3efc30498f6925935cdffd4243625c03d0cd3565ef75255a3bf50f6ca89f3e6af42d3555ca28a7c68c61098f11743d118c0e2c41a9a2bb360e06f4716a95d80ebdeaeb257dc0238a0d7b4170ac6fbf8", 0x94}, {&(0x7f00000007c0)}], 0x4, &(0x7f0000000680)=[@sndinfo={0x20, 0x84, 0x2, {0x7, 0x4, 0xfffffff0, 0x1}}, @init={0x18, 0x84, 0x0, {0x70, 0x101, 0x7f, 0x40}}, @init={0x18, 0x84, 0x0, {0x1000, 0xa89, 0x8000, 0x7}}, @dstaddrv6={0x20, 0x84, 0x8, @remote}, @dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}], 0x90, 0x8000}], 0x2, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000080)='a', 0x4101}], 0x1, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000018c0)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001800)='&', 0x1}, 0x68) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r3 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$cgroup_ro(r3, &(0x7f0000000200)='memory.events\x00', 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 1.352514475s ago: executing program 0 (id=1225): connect$unix(0xffffffffffffffff, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000740)=[{&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x8000, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x200c0800}, {&(0x7f00000001c0)=@in={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000280)="ea49796b84085d98c19f617c5c4e6079017d07dd9d108c3213d4113e6a9cf153a2e41612a7c733bbd2ba1ec6015d5c18aa997e3ca81cf18d406db2be644be16a4fd864e12c967b4ba73ba3e61020700e640a8bc7b297b9c3e85c0cebf65f37a656e7a645f93c2143cc85074c61bce2d087ef9195529765f65a90d134b0dad1b38c54fc13c2328943d531fcf2137f60e9a7286c4cc9be26f531687d68ce0f319bff36cd2b29d8170543152182d63d06efcbab5ba3441c04c5563ea807c9b0c8407c68b3ce5265c82ba28e7ca65493ac625b89380fb5bb036b1c94ccf591405706845d8cc2ee32bf70bd8426675475ca", 0xef}, {&(0x7f0000000380)="d0f3451de3ba017aea5da9f2feb268b112763423fb81b8db008f8cbfad197fe99e6a9a5cebc05ac9d2140003a8c102adb89aebbf04fad9639d", 0x39}, {&(0x7f0000000500)="487aca939bb371560a0d1e9593d5ca084ced95cd9c42df30bf11931f3f17e8ce16b6930775fee04e500a7e516ae9a5f0c6de60443c90b201965593d7f567c0c4445fee01a3efc30498f6925935cdffd4243625c03d0cd3565ef75255a3bf50f6ca89f3e6af42d3555ca28a7c68c61098f11743d118c0e2c41a9a2bb360e06f4716a95d80ebdeaeb257dc0238a0d7b4170ac6fbf8560cd973485b3146f4bc0e8cc5e75e3e5fe9302600652df7b870e86b2199d66b25342750fdafdad3c8153d8fbff626e118", 0xc5}, {&(0x7f00000007c0)="25e05e9bf7a5d6ec79216f06bd204d6a1407ee2c090000000000000046fcaa08501523687709e51bd0f623620a84029397e891b68d8ea9a33f6aa2eb027aa596e040513c5b51211bb96ad59729e9cbef4954c8c242b7eef24e452f17583c96246e2abe2df40d421dcb2c68f57f1ecee2dddb45cdcaa9023d512fdb7f0f8b327d0f3c177003e375ce40348a90ecee7ed93898afaac187b742f00b5e", 0x9b}], 0x4, &(0x7f0000000680)=[@sndinfo={0x20, 0x84, 0x2, {0x7, 0x4, 0xfffffff0, 0x1}}, @init={0x18, 0x84, 0x0, {0x70, 0x101, 0x7f, 0x40}}, @init={0x18, 0x84, 0x0, {0x1000, 0xa89, 0x8000, 0x7}}, @dstaddrv6={0x20, 0x84, 0x8, @remote}, @dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}], 0x90, 0x8000}], 0x2, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000080)='a', 0x4101}], 0x1, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000018c0)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001800)='&', 0x1}, 0x68) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) socket$inet6_sctp(0xa, 0x1, 0x84) fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 1.345925898s ago: executing program 0 (id=1226): openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x2, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011003cc627508"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000089146420", @ANYRES64=r0], 0xb2) (fail_nth: 1) 1.341773174s ago: executing program 2 (id=1227): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x9, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044) 1.196635195s ago: executing program 2 (id=1228): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x4) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000340)={0x0, 0x0, 0x7ff, 0x3ff}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r3, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x5bc, 0x1100010000000000, 0x9, 0x9, 0xffffffffffffffff, 0x43ffffd, 0x400000000006, 0x5, 0x2, 0x6, 0xffffffffffff052e, 0x3fe, 0x4, 0x6, 0xffeffffffffffffb, 0xfffffffffffffffa], 0x808d004, 0x1314}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r4 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) r5 = socket$inet6(0x10, 0x3, 0x0) write(r5, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0)={0x0, 0x7f, 0xc95, 0x6}, 0x0) io_submit(0x0, 0x1, &(0x7f0000001f80)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xc2, 0xffffffffffffffff, 0x0, 0x0, 0x36}]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r6 = msgget(0x3, 0x585) msgrcv(r6, &(0x7f0000000480)={0x0, ""/168}, 0xb0, 0x3, 0x0) r7 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000000010000240001801400018008000100e000000108000200ac1414010c0002800500010001000000"], 0x38}}, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x6, 0x2, 0x4, 0x2}) ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000400)={0x2, r10, 0x2, 0x8000, 0x9, 0x2, 0xfffffff8, 0xffffff2f, 0xfffffff9}) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x0, 0x400, 0x80, 0x89, 0x0, 0x8, 0x8d], 0x100000, 0x240046}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 892.4667ms ago: executing program 3 (id=1229): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x5e}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000440)=[@code={0xa, 0x60, {"b805000000b9e8d100000f01c1f045802bbdc4417f5edd66b8dc008ed8660f104c878766460f38802cf26764440f01df266743250000008066baf80cb8289d308fef66bafc0cb81c350000ef660f08"}}], 0x60}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x10, 0x17, 0x0, 0x2d92119, 0xfc, 0x2, 0x4, 0xff, 0x0, 0x6, 0x1, 0x0, 0x7, 0x7, 0x4, 0x7, 0x6, 0xfa, '\x00', 0x3, 0x1ff}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) close(r4) setsockopt$sock_int(r4, 0x1, 0x2b, &(0x7f0000000080)=0x4, 0x4) (async, rerun: 32) write$eventfd(r4, &(0x7f0000000000)=0x4, 0xfffffffffffffe68) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async, rerun: 32) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x54, 0x2, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x4028055}, 0x0) (async) epoll_create1(0x0) r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='environ\x00') pread64(r8, 0x0, 0x0, 0x0) (async, rerun: 32) read$eventfd(r8, &(0x7f0000000040), 0x8) (async, rerun: 32) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x400454d4, 0x0) 466.67852ms ago: executing program 2 (id=1230): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) getdents64(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ffd000/0x2000)=nil, 0x4000) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r1, 0x3) accept4$bt_l2cap(r1, &(0x7f0000000200), 0x0, 0x800) (fail_nth: 1) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) 436.264795ms ago: executing program 3 (id=1231): r0 = socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475ae", 0x17}], 0x1}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007000010600000000000000000700"], 0x18}], 0x1}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) listen(r3, 0x0) accept4(r3, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000036000701fdffffff0180060005"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 0s ago: executing program 0 (id=1232): syz_open_dev$vim2m(&(0x7f0000000000), 0x1000, 0x2) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)="39000000140081380000dc676f97daf01e2357f9ffffffffffffff0521224070963c83ad2e6c8a06a6580e88378200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x40000c0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) mount$bind(0x0, 0x0, 0x0, 0x2a07404, 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) socket$inet6(0xa, 0x2, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0xb3d) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @meta={0x43425052, 0x7d1a8bdd, 0x2c39, 0xb4f5, 0x12224791}}) kernel console output (not intermixed with test programs): 8660] ? apparmor_file_permission+0x1f4/0x300 [ 296.975974][ T8660] ? rw_verify_area+0x2ac/0x4e0 [ 296.975992][ T8660] ? __pfx_vcs_read+0x10/0x10 [ 296.976012][ T8660] vfs_read+0x212/0xa80 [ 296.976044][ T8660] ? __pfx_vfs_read+0x10/0x10 [ 296.976068][ T8660] ? __fget_files+0x2a/0x420 [ 296.976089][ T8660] ? __fget_files+0x2a/0x420 [ 296.976102][ T8660] ? __fget_files+0x3a6/0x420 [ 296.976112][ T8660] ? __fget_files+0x2a/0x420 [ 296.976126][ T8660] ksys_read+0x156/0x270 [ 296.976145][ T8660] ? __pfx_ksys_read+0x10/0x10 [ 296.976173][ T8660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.976194][ T8660] do_syscall_64+0x174/0x580 [ 296.976218][ T8660] ? trace_irq_disable+0x3b/0x140 [ 296.976242][ T8660] ? clear_bhb_loop+0x40/0x90 [ 296.976264][ T8660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.976274][ T8660] RIP: 0033:0x7fa28cd1ce59 [ 296.976285][ T8660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 296.976294][ T8660] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 296.976305][ T8660] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 296.976315][ T8660] RDX: 00000000000000d4 RSI: 0000200000000080 RDI: 0000000000000003 [ 296.976327][ T8660] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 296.976339][ T8660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.976350][ T8660] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 296.976379][ T8660] [ 297.017489][ T1010] gspca_ov534_9: Unknown sensor 0000 [ 297.017596][ T1010] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 297.030528][ T1010] usb 3-1: USB disconnect, device number 43 [ 297.173485][ T8664] netlink: 20 bytes leftover after parsing attributes in process `syz.1.982'. [ 297.499637][ T8670] netlink: 20 bytes leftover after parsing attributes in process `syz.1.982'. [ 297.500501][ T8670] nbd: nbd64 already in use [ 297.690328][ T8682] FAULT_INJECTION: forcing a failure. [ 297.690328][ T8682] name failslab, interval 1, probability 0, space 0, times 0 [ 297.690366][ T8682] CPU: 1 UID: 0 PID: 8682 Comm: syz.0.989 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 297.690395][ T8682] Tainted: [L]=SOFTLOCKUP [ 297.690402][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 297.690413][ T8682] Call Trace: [ 297.690420][ T8682] [ 297.690428][ T8682] dump_stack_lvl+0xe8/0x150 [ 297.690456][ T8682] should_fail_ex+0x46b/0x600 [ 297.690487][ T8682] should_failslab+0xa8/0x100 [ 297.690511][ T8682] kmem_cache_alloc_noprof+0xa4/0x6c0 [ 297.690540][ T8682] ? do_getname+0x2e/0x250 [ 297.690563][ T8682] ? do_getname+0x2e/0x250 [ 297.690594][ T8682] do_getname+0x2e/0x250 [ 297.690619][ T8682] ? __se_sys_unlink+0x12/0x140 [ 297.690645][ T8682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.690665][ T8682] __se_sys_unlink+0x1e/0x140 [ 297.690692][ T8682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.690712][ T8682] do_syscall_64+0x174/0x580 [ 297.690736][ T8682] ? trace_irq_disable+0x3b/0x140 [ 297.690760][ T8682] ? clear_bhb_loop+0x40/0x90 [ 297.690783][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.690802][ T8682] RIP: 0033:0x7fa28cd1ce59 [ 297.690819][ T8682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 297.690835][ T8682] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 297.690856][ T8682] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 297.690870][ T8682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 297.690882][ T8682] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 297.690894][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.690904][ T8682] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 297.690932][ T8682] [ 298.051183][ T8464] udevd[8464]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 298.175234][ T8693] netlink: 12 bytes leftover after parsing attributes in process `syz.0.994'. [ 298.179023][ T8693] netlink: 24 bytes leftover after parsing attributes in process `syz.0.994'. [ 298.181743][ T8694] netlink: 12 bytes leftover after parsing attributes in process `syz.0.994'. [ 298.191121][ T8695] netlink: 24 bytes leftover after parsing attributes in process `syz.0.994'. [ 298.349537][ T8701] FAULT_INJECTION: forcing a failure. [ 298.349537][ T8701] name failslab, interval 1, probability 0, space 0, times 0 [ 298.349573][ T8701] CPU: 1 UID: 0 PID: 8701 Comm: syz.0.998 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 298.349602][ T8701] Tainted: [L]=SOFTLOCKUP [ 298.349608][ T8701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 298.349620][ T8701] Call Trace: [ 298.349627][ T8701] [ 298.349635][ T8701] dump_stack_lvl+0xe8/0x150 [ 298.349664][ T8701] should_fail_ex+0x46b/0x600 [ 298.349697][ T8701] should_failslab+0xa8/0x100 [ 298.349721][ T8701] __kmalloc_noprof+0xfe/0x7e0 [ 298.349739][ T8701] ? rcu_is_watching+0x15/0xb0 [ 298.349766][ T8701] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 298.349787][ T8701] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 298.349815][ T8701] tomoyo_realpath_from_path+0xe3/0x5d0 [ 298.349839][ T8701] ? tomoyo_domain+0xd7/0x130 [ 298.349862][ T8701] ? tomoyo_path_number_perm+0x219/0x630 [ 298.349891][ T8701] tomoyo_path_number_perm+0x246/0x630 [ 298.349922][ T8701] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 298.349948][ T8701] ? __lock_acquire+0x6b5/0x2d10 [ 298.349988][ T8701] ? do_raw_spin_lock+0x12b/0x2f0 [ 298.350036][ T8701] ? __fget_files+0x2a/0x420 [ 298.350058][ T8701] ? __fget_files+0x2a/0x420 [ 298.350075][ T8701] ? __fget_files+0x3a6/0x420 [ 298.350096][ T8701] ? __fget_files+0x2a/0x420 [ 298.350119][ T8701] security_file_ioctl+0xc3/0x2a0 [ 298.350149][ T8701] __se_sys_ioctl+0x47/0x170 [ 298.350173][ T8701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.350194][ T8701] do_syscall_64+0x174/0x580 [ 298.350218][ T8701] ? trace_irq_disable+0x3b/0x140 [ 298.350241][ T8701] ? clear_bhb_loop+0x40/0x90 [ 298.350265][ T8701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.350284][ T8701] RIP: 0033:0x7fa28cd1ce59 [ 298.350302][ T8701] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 298.350318][ T8701] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 298.350338][ T8701] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 298.350352][ T8701] RDX: 0000200000000100 RSI: 00000000000007a8 RDI: 0000000000000003 [ 298.350365][ T8701] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 298.350377][ T8701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.350388][ T8701] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 298.350418][ T8701] [ 298.351186][ T8701] ERROR: Out of memory at tomoyo_realpath_from_path. [ 298.518189][ T37] gspca_stk1135: reg_w 0xf err -71 [ 298.519239][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519247][ T37] gspca_stk1135: Sensor write failed [ 298.519261][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519266][ T37] gspca_stk1135: Sensor write failed [ 298.519282][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519287][ T37] gspca_stk1135: Sensor read failed [ 298.519302][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519307][ T37] gspca_stk1135: Sensor read failed [ 298.519310][ T37] gspca_stk1135: Detected sensor type unknown (0x0) [ 298.519327][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519332][ T37] gspca_stk1135: Sensor read failed [ 298.519346][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519350][ T37] gspca_stk1135: Sensor read failed [ 298.519364][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519368][ T37] gspca_stk1135: Sensor write failed [ 298.519382][ T37] gspca_stk1135: serial bus timeout: status=0x00 [ 298.519386][ T37] gspca_stk1135: Sensor write failed [ 298.519436][ T37] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 298.734359][ T37] usb 4-1: USB disconnect, device number 46 [ 298.750538][ T8703] FAULT_INJECTION: forcing a failure. [ 298.750538][ T8703] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.750572][ T8703] CPU: 0 UID: 0 PID: 8703 Comm: syz.1.996 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 298.750599][ T8703] Tainted: [L]=SOFTLOCKUP [ 298.750605][ T8703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 298.750617][ T8703] Call Trace: [ 298.750624][ T8703] [ 298.750632][ T8703] dump_stack_lvl+0xe8/0x150 [ 298.750661][ T8703] should_fail_ex+0x46b/0x600 [ 298.750694][ T8703] _copy_to_user+0x31/0xb0 [ 298.750717][ T8703] simple_read_from_buffer+0xe1/0x170 [ 298.750743][ T8703] proc_fail_nth_read+0x1be/0x230 [ 298.750766][ T8703] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.750789][ T8703] ? rw_verify_area+0x2ac/0x4e0 [ 298.750811][ T8703] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.750832][ T8703] vfs_read+0x212/0xa80 [ 298.750862][ T8703] ? __pfx_vfs_read+0x10/0x10 [ 298.750886][ T8703] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 298.750911][ T8703] ? lockdep_hardirqs_on+0x7a/0x110 [ 298.750933][ T8703] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 298.750959][ T8703] ? mutex_lock_nested+0x152/0x1d0 [ 298.750986][ T8703] ? fdget_pos+0x252/0x320 [ 298.751012][ T8703] ksys_read+0x156/0x270 [ 298.751030][ T8703] ? __pfx_filldir64+0x10/0x10 [ 298.751055][ T8703] ? __pfx_ksys_read+0x10/0x10 [ 298.751083][ T8703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.751105][ T8703] do_syscall_64+0x174/0x580 [ 298.751127][ T8703] ? trace_irq_disable+0x3b/0x140 [ 298.751146][ T8703] ? clear_bhb_loop+0x40/0x90 [ 298.751159][ T8703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.751170][ T8703] RIP: 0033:0x7f8b8b0bd68e [ 298.751181][ T8703] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 298.751190][ T8703] RSP: 002b:00007f8b89355fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 298.751202][ T8703] RAX: ffffffffffffffda RBX: 00007f8b893566c0 RCX: 00007f8b8b0bd68e [ 298.751209][ T8703] RDX: 000000000000000f RSI: 00007f8b893560a0 RDI: 0000000000000004 [ 298.751216][ T8703] RBP: 00007f8b89356090 R08: 0000000000000000 R09: 0000000000000000 [ 298.751222][ T8703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.751228][ T8703] R13: 00007f8b8b376038 R14: 00007f8b8b375fa0 R15: 00007ffecb0a5e68 [ 298.751244][ T8703] [ 299.406770][ T8731] FAULT_INJECTION: forcing a failure. [ 299.406770][ T8731] name failslab, interval 1, probability 0, space 0, times 0 [ 299.406810][ T8731] CPU: 0 UID: 0 PID: 8731 Comm: syz.2.1011 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 299.406837][ T8731] Tainted: [L]=SOFTLOCKUP [ 299.406843][ T8731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 299.406855][ T8731] Call Trace: [ 299.406863][ T8731] [ 299.406872][ T8731] dump_stack_lvl+0xe8/0x150 [ 299.406902][ T8731] should_fail_ex+0x46b/0x600 [ 299.406933][ T8731] should_failslab+0xa8/0x100 [ 299.406953][ T8731] __kvmalloc_node_noprof+0x181/0x910 [ 299.406971][ T8731] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 299.406994][ T8731] ? seq_read_iter+0x203/0xe20 [ 299.407015][ T8731] ? seq_read_iter+0x203/0xe20 [ 299.407035][ T8731] ? seq_read_iter+0xb8/0xe20 [ 299.407058][ T8731] seq_read_iter+0x203/0xe20 [ 299.407089][ T8731] ? __asan_memset+0x22/0x50 [ 299.407116][ T8731] seq_read+0x36a/0x490 [ 299.407142][ T8731] ? __pfx_seq_read+0x10/0x10 [ 299.407172][ T8731] ? rw_verify_area+0x2ac/0x4e0 [ 299.407189][ T8731] ? __pfx_seq_read+0x10/0x10 [ 299.407210][ T8731] vfs_read+0x212/0xa80 [ 299.407235][ T8731] ? __pfx_vfs_read+0x10/0x10 [ 299.407254][ T8731] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 299.407273][ T8731] ? lockdep_hardirqs_on+0x7a/0x110 [ 299.407293][ T8731] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 299.407314][ T8731] ? mutex_lock_nested+0x152/0x1d0 [ 299.407338][ T8731] ? fdget_pos+0x252/0x320 [ 299.407364][ T8731] ksys_read+0x156/0x270 [ 299.407384][ T8731] ? __pfx_ksys_read+0x10/0x10 [ 299.407408][ T8731] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.407425][ T8731] do_syscall_64+0x174/0x580 [ 299.407452][ T8731] ? trace_irq_disable+0x3b/0x140 [ 299.407472][ T8731] ? clear_bhb_loop+0x40/0x90 [ 299.407491][ T8731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.407506][ T8731] RIP: 0033:0x7fbaa25cce59 [ 299.407521][ T8731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.407535][ T8731] RSP: 002b:00007fbaa0826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 299.407554][ T8731] RAX: ffffffffffffffda RBX: 00007fbaa2845fa0 RCX: 00007fbaa25cce59 [ 299.407566][ T8731] RDX: 0000000000002020 RSI: 0000200000002a40 RDI: 0000000000000005 [ 299.407576][ T8731] RBP: 00007fbaa0826090 R08: 0000000000000000 R09: 0000000000000000 [ 299.407585][ T8731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.407595][ T8731] R13: 00007fbaa2846038 R14: 00007fbaa2845fa0 R15: 00007ffe1dc7ee78 [ 299.407619][ T8731] [ 299.750205][ T8740] FAULT_INJECTION: forcing a failure. [ 299.750205][ T8740] name failslab, interval 1, probability 0, space 0, times 0 [ 299.750238][ T8740] CPU: 1 UID: 0 PID: 8740 Comm: syz.2.1015 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 299.750260][ T8740] Tainted: [L]=SOFTLOCKUP [ 299.750265][ T8740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 299.750275][ T8740] Call Trace: [ 299.750281][ T8740] [ 299.750287][ T8740] dump_stack_lvl+0xe8/0x150 [ 299.750312][ T8740] should_fail_ex+0x46b/0x600 [ 299.750338][ T8740] should_failslab+0xa8/0x100 [ 299.750358][ T8740] __kmalloc_noprof+0xfe/0x7e0 [ 299.750374][ T8740] ? rcu_is_watching+0x15/0xb0 [ 299.750396][ T8740] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 299.750413][ T8740] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 299.750435][ T8740] tomoyo_realpath_from_path+0xe3/0x5d0 [ 299.750454][ T8740] ? tomoyo_domain+0xd7/0x130 [ 299.750475][ T8740] ? tomoyo_path_number_perm+0x219/0x630 [ 299.750499][ T8740] tomoyo_path_number_perm+0x246/0x630 [ 299.750525][ T8740] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 299.750548][ T8740] ? __lock_acquire+0x6b5/0x2d10 [ 299.750568][ T8740] ? do_raw_spin_lock+0x12b/0x2f0 [ 299.750605][ T8740] ? __fget_files+0x2a/0x420 [ 299.750623][ T8740] ? __fget_files+0x2a/0x420 [ 299.750635][ T8740] ? __fget_files+0x3a6/0x420 [ 299.750648][ T8740] ? __fget_files+0x2a/0x420 [ 299.750665][ T8740] security_file_ioctl+0xc3/0x2a0 [ 299.750689][ T8740] __se_sys_ioctl+0x47/0x170 [ 299.750710][ T8740] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.750730][ T8740] do_syscall_64+0x174/0x580 [ 299.750751][ T8740] ? trace_irq_disable+0x3b/0x140 [ 299.750769][ T8740] ? clear_bhb_loop+0x40/0x90 [ 299.750788][ T8740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.750807][ T8740] RIP: 0033:0x7fbaa25cce59 [ 299.750824][ T8740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.750839][ T8740] RSP: 002b:00007fbaa0826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 299.750858][ T8740] RAX: ffffffffffffffda RBX: 00007fbaa2845fa0 RCX: 00007fbaa25cce59 [ 299.750869][ T8740] RDX: 00002000000000c0 RSI: 000000004008ae9c RDI: 0000000000000005 [ 299.750878][ T8740] RBP: 00007fbaa0826090 R08: 0000000000000000 R09: 0000000000000000 [ 299.750886][ T8740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.750894][ T8740] R13: 00007fbaa2846038 R14: 00007fbaa2845fa0 R15: 00007ffe1dc7ee78 [ 299.750925][ T8740] [ 299.750932][ T8740] ERROR: Out of memory at tomoyo_realpath_from_path. [ 299.867503][ T10] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 300.003433][ T10] usb 4-1: device descriptor read/64, error -71 [ 300.158712][ T1010] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 300.237517][ T10] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 300.244416][ T8756] FAULT_INJECTION: forcing a failure. [ 300.244416][ T8756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.244441][ T8756] CPU: 1 UID: 0 PID: 8756 Comm: syz.0.1023 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 300.244456][ T8756] Tainted: [L]=SOFTLOCKUP [ 300.244460][ T8756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 300.244466][ T8756] Call Trace: [ 300.244471][ T8756] [ 300.244476][ T8756] dump_stack_lvl+0xe8/0x150 [ 300.244493][ T8756] should_fail_ex+0x46b/0x600 [ 300.244511][ T8756] strncpy_from_user+0x36/0x2b0 [ 300.244528][ T8756] path_setxattrat+0x191/0x440 [ 300.244546][ T8756] ? __pfx_path_setxattrat+0x10/0x10 [ 300.244571][ T8756] ? ksys_write+0x248/0x270 [ 300.244584][ T8756] ? __pfx_ksys_write+0x10/0x10 [ 300.244599][ T8756] __x64_sys_lsetxattr+0xbf/0xe0 [ 300.244610][ T8756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.244622][ T8756] do_syscall_64+0x174/0x580 [ 300.244635][ T8756] ? trace_irq_disable+0x3b/0x140 [ 300.244649][ T8756] ? clear_bhb_loop+0x40/0x90 [ 300.244661][ T8756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.244671][ T8756] RIP: 0033:0x7fa28cd1ce59 [ 300.244682][ T8756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 300.244691][ T8756] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 300.244703][ T8756] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 300.244710][ T8756] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 00002000000003c0 [ 300.244717][ T8756] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 300.244723][ T8756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.244729][ T8756] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 300.244745][ T8756] [ 300.327603][ T1010] usb 2-1: Using ep0 maxpacket: 8 [ 300.330910][ T1010] usb 2-1: config 3 has an invalid interface number: 16 but max is 0 [ 300.330937][ T1010] usb 2-1: config 3 has an invalid interface number: 25 but max is 0 [ 300.330957][ T1010] usb 2-1: config 3 has 2 interfaces, different from the descriptor's value: 1 [ 300.330978][ T1010] usb 2-1: config 3 has no interface number 0 [ 300.330993][ T1010] usb 2-1: config 3 has no interface number 1 [ 300.331046][ T1010] usb 2-1: config 3 interface 16 altsetting 4 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 300.331071][ T1010] usb 2-1: config 3 interface 16 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 300.331096][ T1010] usb 2-1: too many endpoints for config 3 interface 25 altsetting 231: 80, using maximum allowed: 30 [ 300.331139][ T1010] usb 2-1: config 3 interface 25 altsetting 231 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 300.331166][ T1010] usb 2-1: config 3 interface 25 altsetting 231 has a duplicate endpoint with address 0xE, skipping [ 300.331188][ T1010] usb 2-1: config 3 interface 25 altsetting 231 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 300.331213][ T1010] usb 2-1: config 3 interface 25 altsetting 231 has a duplicate endpoint with address 0xD, skipping [ 300.331234][ T1010] usb 2-1: config 3 interface 25 altsetting 231 has a duplicate endpoint with address 0x2, skipping [ 300.331256][ T1010] usb 2-1: config 3 interface 25 altsetting 231 has 7 endpoint descriptors, different from the interface descriptor's value: 80 [ 300.331289][ T1010] usb 2-1: config 3 interface 16 has no altsetting 0 [ 300.331305][ T1010] usb 2-1: config 3 interface 25 has no altsetting 0 [ 300.336502][ T1010] usb 2-1: string descriptor 0 read error: -22 [ 300.336636][ T1010] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0119, bcdDevice=dd.c6 [ 300.336658][ T1010] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.374230][ T10] usb 4-1: device descriptor read/64, error -71 [ 300.400087][ T1010] kvaser_usb 2-1:3.16: error -ENODEV: Cannot get usb endpoint(s) [ 300.438180][ T1010] kvaser_usb 2-1:3.25: error -ENODEV: Cannot get usb endpoint(s) [ 300.455215][ T9] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 300.482462][ T10] usb usb4-port1: attempt power cycle [ 300.607501][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 300.612704][ T9] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 300.612731][ T9] usb 3-1: config 0 has no interface number 0 [ 300.612774][ T9] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 300.615043][ T9] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 300.615068][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.615087][ T9] usb 3-1: Product: syz [ 300.615101][ T9] usb 3-1: Manufacturer: syz [ 300.615115][ T9] usb 3-1: SerialNumber: syz [ 300.633010][ T9] usb 3-1: config 0 descriptor?? [ 300.635389][ T8752] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 300.718457][ T5631] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 300.779099][ T32] usb 2-1: USB disconnect, device number 66 [ 300.821196][ T10] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 300.840790][ T8752] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 300.842515][ T10] usb 4-1: device descriptor read/8, error -71 [ 300.873413][ T5631] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 300.873441][ T5631] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.873487][ T5631] usb 1-1: Product: syz [ 300.873496][ T5631] usb 1-1: Manufacturer: syz [ 300.873503][ T5631] usb 1-1: SerialNumber: syz [ 300.915732][ T5631] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 301.078957][ T10] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 301.104851][ T10] usb 4-1: device descriptor read/8, error -71 [ 301.165615][ T5608] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 301.208114][ T10] usb usb4-port1: unable to enumerate USB device [ 301.445717][ T8766] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1026'. [ 301.567612][ T8768] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1026'. [ 301.567724][ T8768] nbd: nbd64 already in use [ 301.588681][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1024'. [ 301.602167][ T8493] block nbd64: NBD_DISCONNECT [ 301.613173][ T8770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.636556][ T8770] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.767419][ T9] asix 3-1:0.188 (unnamed net_device) (uninitialized): invalid PHY address: 130 [ 302.757391][ T5608] usb 1-1: Service connection timeout for: 256 [ 302.757430][ T5608] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 302.798251][ T9] usb 1-1: USB disconnect, device number 50 [ 302.860872][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 302.984530][ T5608] ath9k_htc: Failed to initialize the device [ 302.986730][ T9] usb 1-1: ath9k_htc: USB layer deinitialized [ 303.074148][ T8785] FAULT_INJECTION: forcing a failure. [ 303.074148][ T8785] name failslab, interval 1, probability 0, space 0, times 0 [ 303.074183][ T8785] CPU: 0 UID: 0 PID: 8785 Comm: syz.1.1029 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 303.074209][ T8785] Tainted: [L]=SOFTLOCKUP [ 303.074217][ T8785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 303.074228][ T8785] Call Trace: [ 303.074235][ T8785] [ 303.074243][ T8785] dump_stack_lvl+0xe8/0x150 [ 303.074271][ T8785] should_fail_ex+0x46b/0x600 [ 303.074304][ T8785] should_failslab+0xa8/0x100 [ 303.074328][ T8785] __kmalloc_noprof+0xfe/0x7e0 [ 303.074345][ T8785] ? rcu_is_watching+0x15/0xb0 [ 303.074372][ T8785] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 303.074393][ T8785] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 303.074419][ T8785] tomoyo_realpath_from_path+0xe3/0x5d0 [ 303.074441][ T8785] ? tomoyo_domain+0xd7/0x130 [ 303.074467][ T8785] ? tomoyo_path_number_perm+0x219/0x630 [ 303.074494][ T8785] tomoyo_path_number_perm+0x246/0x630 [ 303.074524][ T8785] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 303.074550][ T8785] ? __lock_acquire+0x6b5/0x2d10 [ 303.074576][ T8785] ? do_raw_spin_lock+0x12b/0x2f0 [ 303.074604][ T8785] ? lockdep_hardirqs_on+0x7a/0x110 [ 303.074628][ T8785] ? irqentry_exit+0x218/0x8c0 [ 303.074676][ T8785] ? __fget_files+0x2a/0x420 [ 303.074699][ T8785] ? __fget_files+0x2a/0x420 [ 303.074716][ T8785] ? __fget_files+0x3a6/0x420 [ 303.074734][ T8785] ? __fget_files+0x2a/0x420 [ 303.074757][ T8785] security_file_ioctl+0xc3/0x2a0 [ 303.074785][ T8785] __se_sys_ioctl+0x47/0x170 [ 303.074809][ T8785] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.074830][ T8785] do_syscall_64+0x174/0x580 [ 303.074849][ T8785] ? trace_irq_disable+0x3b/0x140 [ 303.074882][ T8785] ? clear_bhb_loop+0x40/0x90 [ 303.074905][ T8785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.074924][ T8785] RIP: 0033:0x7f8b8b0fce59 [ 303.074946][ T8785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.074962][ T8785] RSP: 002b:00007f8b89356028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.074981][ T8785] RAX: ffffffffffffffda RBX: 00007f8b8b375fa0 RCX: 00007f8b8b0fce59 [ 303.074995][ T8785] RDX: 0000200000000580 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 303.075006][ T8785] RBP: 00007f8b89356090 R08: 0000000000000000 R09: 0000000000000000 [ 303.075018][ T8785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.075030][ T8785] R13: 00007f8b8b376038 R14: 00007f8b8b375fa0 R15: 00007ffecb0a5e68 [ 303.075060][ T8785] [ 303.075068][ T8785] ERROR: Out of memory at tomoyo_realpath_from_path. [ 303.129421][ T8493] udevd[8493]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 303.484885][ T8793] FAULT_INJECTION: forcing a failure. [ 303.484885][ T8793] name failslab, interval 1, probability 0, space 0, times 0 [ 303.484920][ T8793] CPU: 1 UID: 0 PID: 8793 Comm: syz.0.1032 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 303.484950][ T8793] Tainted: [L]=SOFTLOCKUP [ 303.484957][ T8793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 303.484969][ T8793] Call Trace: [ 303.484975][ T8793] [ 303.484983][ T8793] dump_stack_lvl+0xe8/0x150 [ 303.485010][ T8793] should_fail_ex+0x46b/0x600 [ 303.485040][ T8793] should_failslab+0xa8/0x100 [ 303.485061][ T8793] __kmalloc_cache_noprof+0xa0/0x6d0 [ 303.485083][ T8793] ? __se_sys_mount+0x166/0x420 [ 303.485100][ T8793] ? __se_sys_mount+0x166/0x420 [ 303.485125][ T8793] __se_sys_mount+0x166/0x420 [ 303.485147][ T8793] ? __pfx___se_sys_mount+0x10/0x10 [ 303.485170][ T8793] ? __x64_sys_mount+0x20/0xc0 [ 303.485189][ T8793] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.485209][ T8793] do_syscall_64+0x174/0x580 [ 303.485232][ T8793] ? trace_irq_disable+0x3b/0x140 [ 303.485256][ T8793] ? clear_bhb_loop+0x40/0x90 [ 303.485278][ T8793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.485297][ T8793] RIP: 0033:0x7fa28cd1ce59 [ 303.485315][ T8793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.485331][ T8793] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 303.485352][ T8793] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 303.485365][ T8793] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000000 [ 303.485378][ T8793] RBP: 00007fa28af6e090 R08: 00002000000001c0 R09: 0000000000000000 [ 303.485390][ T8793] R10: 0000000001240020 R11: 0000000000000246 R12: 0000000000000001 [ 303.485402][ T8793] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 303.485431][ T8793] [ 303.700609][ T8795] FAULT_INJECTION: forcing a failure. [ 303.700609][ T8795] name failslab, interval 1, probability 0, space 0, times 0 [ 303.700645][ T8795] CPU: 1 UID: 0 PID: 8795 Comm: syz.2.1033 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 303.700672][ T8795] Tainted: [L]=SOFTLOCKUP [ 303.700679][ T8795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 303.700690][ T8795] Call Trace: [ 303.700697][ T8795] [ 303.700706][ T8795] dump_stack_lvl+0xe8/0x150 [ 303.700735][ T8795] should_fail_ex+0x46b/0x600 [ 303.700769][ T8795] should_failslab+0xa8/0x100 [ 303.700793][ T8795] __kvmalloc_node_noprof+0x181/0x910 [ 303.700814][ T8795] ? do_raw_spin_lock+0x12b/0x2f0 [ 303.700837][ T8795] ? traverse+0xde/0x580 [ 303.700860][ T8795] ? traverse+0xde/0x580 [ 303.700892][ T8795] traverse+0xde/0x580 [ 303.700915][ T8795] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 303.700942][ T8795] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 303.700966][ T8795] ? seq_lseek+0x55/0x260 [ 303.700994][ T8795] seq_lseek+0x137/0x260 [ 303.701023][ T8795] __x64_sys_lseek+0x155/0x1f0 [ 303.701045][ T8795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.701066][ T8795] do_syscall_64+0x174/0x580 [ 303.701089][ T8795] ? trace_irq_disable+0x3b/0x140 [ 303.701112][ T8795] ? clear_bhb_loop+0x40/0x90 [ 303.701135][ T8795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.701154][ T8795] RIP: 0033:0x7fbaa25cce59 [ 303.701172][ T8795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.701188][ T8795] RSP: 002b:00007fbaa0826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 303.701209][ T8795] RAX: ffffffffffffffda RBX: 00007fbaa2845fa0 RCX: 00007fbaa25cce59 [ 303.701223][ T8795] RDX: 0000000000000000 RSI: 000000000000fffd RDI: 0000000000000005 [ 303.701235][ T8795] RBP: 00007fbaa0826090 R08: 0000000000000000 R09: 0000000000000000 [ 303.701246][ T8795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.701258][ T8795] R13: 00007fbaa2846038 R14: 00007fbaa2845fa0 R15: 00007ffe1dc7ee78 [ 303.701289][ T8795] [ 304.042832][ T8805] FAULT_INJECTION: forcing a failure. [ 304.042832][ T8805] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.042863][ T8805] CPU: 1 UID: 0 PID: 8805 Comm: syz.0.1038 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 304.042883][ T8805] Tainted: [L]=SOFTLOCKUP [ 304.042888][ T8805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 304.042896][ T8805] Call Trace: [ 304.042902][ T8805] [ 304.042908][ T8805] dump_stack_lvl+0xe8/0x150 [ 304.042929][ T8805] should_fail_ex+0x46b/0x600 [ 304.042953][ T8805] _copy_from_user+0x2d/0xb0 [ 304.042970][ T8805] __sys_connect+0x156/0x450 [ 304.042988][ T8805] ? __pfx___sys_connect+0x10/0x10 [ 304.043011][ T8805] ? __pfx_ksys_write+0x10/0x10 [ 304.043032][ T8805] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.043048][ T8805] __x64_sys_connect+0x7a/0x90 [ 304.043063][ T8805] do_syscall_64+0x174/0x580 [ 304.043082][ T8805] ? trace_irq_disable+0x3b/0x140 [ 304.043099][ T8805] ? clear_bhb_loop+0x40/0x90 [ 304.043116][ T8805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.043129][ T8805] RIP: 0033:0x7fa28cd1ce59 [ 304.043143][ T8805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 304.043154][ T8805] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 304.043170][ T8805] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 304.043181][ T8805] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000003 [ 304.043190][ T8805] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 304.043198][ T8805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.043207][ T8805] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 304.043231][ T8805] [ 304.358700][ T5711] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 304.521125][ T5711] usb 4-1: unable to get BOS descriptor or descriptor too short [ 304.527539][ T5711] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 304.527579][ T5711] usb 4-1: can't read configurations, error -71 [ 305.050597][ T8841] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 305.089453][ T4933] Bluetooth: hci1: unexpected event for opcode 0x040d [ 305.090296][ T4933] Bluetooth: hci1: unexpected event for opcode 0x200a [ 305.311431][ T8858] FAULT_INJECTION: forcing a failure. [ 305.311431][ T8858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.311471][ T8858] CPU: 1 UID: 0 PID: 8858 Comm: syz.0.1059 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 305.311497][ T8858] Tainted: [L]=SOFTLOCKUP [ 305.311504][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 305.311516][ T8858] Call Trace: [ 305.311524][ T8858] [ 305.311532][ T8858] dump_stack_lvl+0xe8/0x150 [ 305.311561][ T8858] should_fail_ex+0x46b/0x600 [ 305.311594][ T8858] _copy_from_iter+0x1d3/0x1670 [ 305.311632][ T8858] ? __pfx__copy_from_iter+0x10/0x10 [ 305.311656][ T8858] ? file_tty_write+0x401/0x990 [ 305.311680][ T8858] ? file_tty_write+0x401/0x990 [ 305.311698][ T8858] ? mutex_lock_interruptible_nested+0x168/0x1d0 [ 305.311731][ T8858] file_tty_write+0x494/0x990 [ 305.311763][ T8858] vfs_write+0x629/0xba0 [ 305.311795][ T8858] ? __pfx_vfs_write+0x10/0x10 [ 305.311826][ T8858] ? __fget_files+0x2a/0x420 [ 305.311852][ T8858] ksys_write+0x156/0x270 [ 305.311873][ T8858] ? __pfx_ksys_write+0x10/0x10 [ 305.311901][ T8858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.311922][ T8858] do_syscall_64+0x174/0x580 [ 305.311948][ T8858] ? clear_bhb_loop+0x40/0x90 [ 305.311971][ T8858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.311990][ T8858] RIP: 0033:0x7fa28cd1ce59 [ 305.312008][ T8858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 305.312024][ T8858] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.312045][ T8858] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 305.312059][ T8858] RDX: 0000000000001006 RSI: 0000200000002140 RDI: 0000000000000004 [ 305.312071][ T8858] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 305.312082][ T8858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.312094][ T8858] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 305.312125][ T8858] [ 305.710946][ T8868] openvswitch: netlink: Message has 4 unknown bytes. [ 305.710983][ T8868] openvswitch: netlink: Actions may not be safe on all matching packets [ 305.767280][ T8872] FAULT_INJECTION: forcing a failure. [ 305.767280][ T8872] name failslab, interval 1, probability 0, space 0, times 0 [ 305.767319][ T8872] CPU: 0 UID: 0 PID: 8872 Comm: syz.0.1064 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 305.767342][ T8872] Tainted: [L]=SOFTLOCKUP [ 305.767349][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 305.767360][ T8872] Call Trace: [ 305.767367][ T8872] [ 305.767376][ T8872] dump_stack_lvl+0xe8/0x150 [ 305.767403][ T8872] should_fail_ex+0x46b/0x600 [ 305.767435][ T8872] should_failslab+0xa8/0x100 [ 305.767458][ T8872] kmem_cache_alloc_noprof+0xa4/0x6c0 [ 305.767488][ T8872] ? do_getname+0x2e/0x250 [ 305.767515][ T8872] ? do_getname+0x2e/0x250 [ 305.767547][ T8872] do_getname+0x2e/0x250 [ 305.767572][ T8872] ? getname_flags+0x11/0x20 [ 305.767601][ T8872] do_sys_openat2+0xcc/0x200 [ 305.767622][ T8872] ? __pfx_do_sys_openat2+0x10/0x10 [ 305.767642][ T8872] ? ksys_write+0x248/0x270 [ 305.767667][ T8872] ? __pfx_ksys_write+0x10/0x10 [ 305.767691][ T8872] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.767712][ T8872] __x64_sys_creat+0x8f/0xc0 [ 305.767734][ T8872] do_syscall_64+0x174/0x580 [ 305.767757][ T8872] ? trace_irq_disable+0x3b/0x140 [ 305.767781][ T8872] ? clear_bhb_loop+0x40/0x90 [ 305.767804][ T8872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.767823][ T8872] RIP: 0033:0x7fa28cd1ce59 [ 305.767841][ T8872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 305.767857][ T8872] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 305.767878][ T8872] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 305.767892][ T8872] RDX: 0000000000000000 RSI: 0000000000000104 RDI: 0000200000000080 [ 305.767905][ T8872] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 305.767916][ T8872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.767928][ T8872] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 305.767957][ T8872] [ 306.205882][ T8881] FAULT_INJECTION: forcing a failure. [ 306.205882][ T8881] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 306.205916][ T8881] CPU: 0 UID: 0 PID: 8881 Comm: syz.3.1068 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 306.205943][ T8881] Tainted: [L]=SOFTLOCKUP [ 306.205950][ T8881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 306.205961][ T8881] Call Trace: [ 306.205968][ T8881] [ 306.205976][ T8881] dump_stack_lvl+0xe8/0x150 [ 306.206002][ T8881] should_fail_ex+0x46b/0x600 [ 306.206030][ T8881] prepare_alloc_pages+0x22a/0x6b0 [ 306.206056][ T8881] __alloc_frozen_pages_noprof+0x12f/0x380 [ 306.206082][ T8881] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 306.206112][ T8881] ? alloc_pages_mpol+0x7d/0x380 [ 306.206139][ T8881] alloc_pages_mpol+0xd1/0x380 [ 306.206163][ T8881] folio_alloc_mpol_noprof+0x3b/0x1e0 [ 306.206187][ T8881] vma_alloc_folio_noprof+0xe1/0x1e0 [ 306.206212][ T8881] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 306.206237][ T8881] ? __pte_offset_map+0x29/0x200 [ 306.206272][ T8881] do_pte_missing+0x822/0x2940 [ 306.206310][ T8881] ? handle_mm_fault+0xed/0x14d0 [ 306.206333][ T8881] handle_mm_fault+0xdc2/0x14d0 [ 306.206355][ T8881] ? handle_mm_fault+0xed/0x14d0 [ 306.206378][ T8881] ? __pfx_handle_mm_fault+0x10/0x10 [ 306.206395][ T8881] ? lock_vma_under_rcu+0x45a/0x500 [ 306.206441][ T8881] do_user_addr_fault+0xa73/0x1340 [ 306.206474][ T8881] ? rcu_is_watching+0x15/0xb0 [ 306.206500][ T8881] ? trace_page_fault_user+0x84/0x1e0 [ 306.206526][ T8881] exc_page_fault+0x6a/0xc0 [ 306.206551][ T8881] asm_exc_page_fault+0x26/0x30 [ 306.206571][ T8881] RIP: 0033:0x7f417354e60b [ 306.206588][ T8881] Code: 00 00 00 48 8d 3d 8d a0 1a 00 48 89 c1 31 c0 e8 cb 2e ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d c1 a0 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 306.206605][ T8881] RSP: 002b:00007f41718e4fa0 EFLAGS: 00010206 [ 306.206622][ T8881] RAX: 0000000000000000 RBX: 00007f4173905fa0 RCX: 0000000000000000 [ 306.206634][ T8881] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000340 [ 306.206645][ T8881] RBP: 00007f41718e6090 R08: 0000000000000000 R09: 0000000000000000 [ 306.206656][ T8881] R10: 0000200000000340 R11: 0000000000000000 R12: 0000000000000001 [ 306.206668][ T8881] R13: 00007f4173906038 R14: 00007f4173905fa0 R15: 00007ffe46187848 [ 306.206697][ T8881] [ 306.216229][ T8881] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 306.621896][ T8893] FAULT_INJECTION: forcing a failure. [ 306.621896][ T8893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.621932][ T8893] CPU: 0 UID: 0 PID: 8893 Comm: syz.0.1072 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 306.621959][ T8893] Tainted: [L]=SOFTLOCKUP [ 306.621966][ T8893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 306.621977][ T8893] Call Trace: [ 306.621985][ T8893] [ 306.621993][ T8893] dump_stack_lvl+0xe8/0x150 [ 306.622022][ T8893] should_fail_ex+0x46b/0x600 [ 306.622054][ T8893] _copy_from_user+0x2d/0xb0 [ 306.622076][ T8893] __sys_connect+0x156/0x450 [ 306.622099][ T8893] ? __pfx___sys_connect+0x10/0x10 [ 306.622131][ T8893] ? __pfx_ksys_write+0x10/0x10 [ 306.622159][ T8893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.622180][ T8893] __x64_sys_connect+0x7a/0x90 [ 306.622201][ T8893] do_syscall_64+0x174/0x580 [ 306.622224][ T8893] ? trace_irq_disable+0x3b/0x140 [ 306.622248][ T8893] ? clear_bhb_loop+0x40/0x90 [ 306.622272][ T8893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.622291][ T8893] RIP: 0033:0x7fa28cd1ce59 [ 306.622309][ T8893] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 306.622323][ T8893] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 306.622343][ T8893] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 306.622357][ T8893] RDX: 000000000000000a RSI: 0000200000000140 RDI: 0000000000000005 [ 306.622368][ T8893] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 306.622380][ T8893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.622390][ T8893] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 306.622417][ T8893] [ 306.971946][ T8906] syzkaller1: entered promiscuous mode [ 306.971968][ T8906] syzkaller1: entered allmulticast mode [ 307.034900][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1078'. [ 307.034942][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1078'. [ 307.092475][ T8913] FAULT_INJECTION: forcing a failure. [ 307.092475][ T8913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 307.092513][ T8913] CPU: 0 UID: 0 PID: 8913 Comm: syz.0.1078 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 307.092540][ T8913] Tainted: [L]=SOFTLOCKUP [ 307.092547][ T8913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 307.092558][ T8913] Call Trace: [ 307.092566][ T8913] [ 307.092574][ T8913] dump_stack_lvl+0xe8/0x150 [ 307.092602][ T8913] should_fail_ex+0x46b/0x600 [ 307.092634][ T8913] _copy_from_user+0x2d/0xb0 [ 307.092664][ T8913] ___sys_sendmsg+0x1c6/0x360 [ 307.092688][ T8913] ? __lock_acquire+0x6b5/0x2d10 [ 307.092716][ T8913] ? __pfx____sys_sendmsg+0x10/0x10 [ 307.092772][ T8913] ? __fget_files+0x2a/0x420 [ 307.092791][ T8913] ? __fget_files+0x3a6/0x420 [ 307.092819][ T8913] __x64_sys_sendmsg+0x1b7/0x290 [ 307.092846][ T8913] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 307.092885][ T8913] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.092904][ T8913] do_syscall_64+0x174/0x580 [ 307.092926][ T8913] ? trace_irq_disable+0x3b/0x140 [ 307.092948][ T8913] ? clear_bhb_loop+0x40/0x90 [ 307.092970][ T8913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.092987][ T8913] RIP: 0033:0x7fa28cd1ce59 [ 307.093002][ T8913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.093016][ T8913] RSP: 002b:00007fa28af4d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 307.093035][ T8913] RAX: ffffffffffffffda RBX: 00007fa28cf96090 RCX: 00007fa28cd1ce59 [ 307.093047][ T8913] RDX: 0000000000000060 RSI: 0000200000000080 RDI: 0000000000000003 [ 307.093058][ T8913] RBP: 00007fa28af4d090 R08: 0000000000000000 R09: 0000000000000000 [ 307.093069][ T8913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.093081][ T8913] R13: 00007fa28cf96128 R14: 00007fa28cf96090 R15: 00007fff993917f8 [ 307.093111][ T8913] [ 307.563064][ T8919] FAULT_INJECTION: forcing a failure. [ 307.563064][ T8919] name failslab, interval 1, probability 0, space 0, times 0 [ 307.563089][ T8919] CPU: 0 UID: 0 PID: 8919 Comm: syz.0.1081 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 307.563105][ T8919] Tainted: [L]=SOFTLOCKUP [ 307.563108][ T8919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 307.563115][ T8919] Call Trace: [ 307.563120][ T8919] [ 307.563125][ T8919] dump_stack_lvl+0xe8/0x150 [ 307.563142][ T8919] should_fail_ex+0x46b/0x600 [ 307.563160][ T8919] should_failslab+0xa8/0x100 [ 307.563173][ T8919] __kmalloc_noprof+0xfe/0x7e0 [ 307.563184][ T8919] ? rcu_is_watching+0x15/0xb0 [ 307.563200][ T8919] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 307.563212][ T8919] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 307.563227][ T8919] tomoyo_realpath_from_path+0xe3/0x5d0 [ 307.563239][ T8919] ? tomoyo_domain+0xd7/0x130 [ 307.563253][ T8919] ? tomoyo_path_number_perm+0x219/0x630 [ 307.563269][ T8919] tomoyo_path_number_perm+0x246/0x630 [ 307.563286][ T8919] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.563301][ T8919] ? __lock_acquire+0x6b5/0x2d10 [ 307.563315][ T8919] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.563341][ T8919] ? __fget_files+0x2a/0x420 [ 307.563353][ T8919] ? __fget_files+0x2a/0x420 [ 307.563362][ T8919] ? __fget_files+0x3a6/0x420 [ 307.563372][ T8919] ? __fget_files+0x2a/0x420 [ 307.563384][ T8919] security_file_ioctl+0xc3/0x2a0 [ 307.563400][ T8919] __se_sys_ioctl+0x47/0x170 [ 307.563413][ T8919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.563425][ T8919] do_syscall_64+0x174/0x580 [ 307.563438][ T8919] ? trace_irq_disable+0x3b/0x140 [ 307.563451][ T8919] ? clear_bhb_loop+0x40/0x90 [ 307.563464][ T8919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.563474][ T8919] RIP: 0033:0x7fa28cd1ce59 [ 307.563485][ T8919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.563494][ T8919] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.563506][ T8919] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 307.563513][ T8919] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 307.563520][ T8919] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 307.563529][ T8919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.563535][ T8919] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 307.563551][ T8919] [ 307.563556][ T8919] ERROR: Out of memory at tomoyo_realpath_from_path. [ 308.014718][ T8936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 308.016152][ T8936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 308.080634][ T8938] FAULT_INJECTION: forcing a failure. [ 308.080634][ T8938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.080657][ T8938] CPU: 0 UID: 0 PID: 8938 Comm: syz.0.1085 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 308.080673][ T8938] Tainted: [L]=SOFTLOCKUP [ 308.080677][ T8938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 308.080684][ T8938] Call Trace: [ 308.080688][ T8938] [ 308.080693][ T8938] dump_stack_lvl+0xe8/0x150 [ 308.080711][ T8938] should_fail_ex+0x46b/0x600 [ 308.080730][ T8938] strncpy_from_user+0x36/0x2b0 [ 308.080746][ T8938] __x64_sys_lgetxattr+0x19c/0x2b0 [ 308.080762][ T8938] ? __pfx___x64_sys_lgetxattr+0x10/0x10 [ 308.080785][ T8938] ? __pfx_ksys_write+0x10/0x10 [ 308.080805][ T8938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.080824][ T8938] do_syscall_64+0x174/0x580 [ 308.080846][ T8938] ? trace_irq_disable+0x3b/0x140 [ 308.080880][ T8938] ? clear_bhb_loop+0x40/0x90 [ 308.080901][ T8938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.080919][ T8938] RIP: 0033:0x7fa28cd1ce59 [ 308.080935][ T8938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 308.080943][ T8938] RSP: 002b:00007fa28af2c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0 [ 308.080955][ T8938] RAX: ffffffffffffffda RBX: 00007fa28cf96180 RCX: 00007fa28cd1ce59 [ 308.080962][ T8938] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000200000000000 [ 308.080969][ T8938] RBP: 00007fa28af2c090 R08: 0000000000000000 R09: 0000000000000000 [ 308.080975][ T8938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.080981][ T8938] R13: 00007fa28cf96218 R14: 00007fa28cf96180 R15: 00007fff993917f8 [ 308.080996][ T8938] [ 308.086731][ T8937] 9pnet_fd: p9_fd_create_unix (8937): problem connecting socket: ./file0: -5 [ 308.102055][ T5631] usb 3-1: USB disconnect, device number 44 [ 308.667135][ T8952] FAULT_INJECTION: forcing a failure. [ 308.667135][ T8952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.667171][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.0.1092 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 308.667197][ T8952] Tainted: [L]=SOFTLOCKUP [ 308.667204][ T8952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 308.667215][ T8952] Call Trace: [ 308.667223][ T8952] [ 308.667231][ T8952] dump_stack_lvl+0xe8/0x150 [ 308.667259][ T8952] should_fail_ex+0x46b/0x600 [ 308.667294][ T8952] _copy_from_user+0x2d/0xb0 [ 308.667316][ T8952] ___sys_sendmsg+0x1c6/0x360 [ 308.667337][ T8952] ? __lock_acquire+0x6b5/0x2d10 [ 308.667361][ T8952] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.667389][ T8952] ? kstrtouint+0x6e/0xe0 [ 308.667434][ T8952] ? __fget_files+0x2a/0x420 [ 308.667452][ T8952] ? __fget_files+0x3a6/0x420 [ 308.667478][ T8952] __sys_sendmmsg+0x279/0x4d0 [ 308.667508][ T8952] ? __pfx___sys_sendmmsg+0x10/0x10 [ 308.667540][ T8952] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 308.667572][ T8952] ? ksys_write+0x248/0x270 [ 308.667597][ T8952] ? __pfx_ksys_write+0x10/0x10 [ 308.667626][ T8952] __x64_sys_sendmmsg+0xa0/0xc0 [ 308.667649][ T8952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.667670][ T8952] do_syscall_64+0x174/0x580 [ 308.667694][ T8952] ? trace_irq_disable+0x3b/0x140 [ 308.667718][ T8952] ? clear_bhb_loop+0x40/0x90 [ 308.667740][ T8952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.667760][ T8952] RIP: 0033:0x7fa28cd1ce59 [ 308.667777][ T8952] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 308.667792][ T8952] RSP: 002b:00007fa28af4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 308.667812][ T8952] RAX: ffffffffffffffda RBX: 00007fa28cf96090 RCX: 00007fa28cd1ce59 [ 308.667826][ T8952] RDX: 00000000ffffff80 RSI: 0000200000004100 RDI: 0000000000000004 [ 308.667839][ T8952] RBP: 00007fa28af4d090 R08: 0000000000000000 R09: 0000000000000000 [ 308.667851][ T8952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.667862][ T8952] R13: 00007fa28cf96128 R14: 00007fa28cf96090 R15: 00007fff993917f8 [ 308.667892][ T8952] [ 308.942712][ T8957] FAULT_INJECTION: forcing a failure. [ 308.942712][ T8957] name failslab, interval 1, probability 0, space 0, times 0 [ 308.942752][ T8957] CPU: 1 UID: 0 PID: 8957 Comm: syz.3.1094 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 308.942778][ T8957] Tainted: [L]=SOFTLOCKUP [ 308.942785][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 308.942796][ T8957] Call Trace: [ 308.942804][ T8957] [ 308.942812][ T8957] dump_stack_lvl+0xe8/0x150 [ 308.942844][ T8957] should_fail_ex+0x46b/0x600 [ 308.942877][ T8957] should_failslab+0xa8/0x100 [ 308.942902][ T8957] __kmalloc_noprof+0xfe/0x7e0 [ 308.942920][ T8957] ? rcu_is_watching+0x15/0xb0 [ 308.942950][ T8957] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 308.942972][ T8957] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 308.943001][ T8957] tomoyo_realpath_from_path+0xe3/0x5d0 [ 308.943023][ T8957] ? tomoyo_domain+0xd7/0x130 [ 308.943047][ T8957] ? tomoyo_path_number_perm+0x219/0x630 [ 308.943075][ T8957] tomoyo_path_number_perm+0x246/0x630 [ 308.943106][ T8957] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 308.943132][ T8957] ? __lock_acquire+0x6b5/0x2d10 [ 308.943159][ T8957] ? do_raw_spin_lock+0x12b/0x2f0 [ 308.943210][ T8957] ? __fget_files+0x2a/0x420 [ 308.943233][ T8957] ? __fget_files+0x2a/0x420 [ 308.943251][ T8957] ? __fget_files+0x3a6/0x420 [ 308.943270][ T8957] ? __fget_files+0x2a/0x420 [ 308.943293][ T8957] security_file_ioctl+0xc3/0x2a0 [ 308.943322][ T8957] __se_sys_ioctl+0x47/0x170 [ 308.943348][ T8957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.943370][ T8957] do_syscall_64+0x174/0x580 [ 308.943394][ T8957] ? trace_irq_disable+0x3b/0x140 [ 308.943418][ T8957] ? clear_bhb_loop+0x40/0x90 [ 308.943449][ T8957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.943477][ T8957] RIP: 0033:0x7f417368ce59 [ 308.943495][ T8957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 308.943512][ T8957] RSP: 002b:00007f41718e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 308.943534][ T8957] RAX: ffffffffffffffda RBX: 00007f4173905fa0 RCX: 00007f417368ce59 [ 308.943547][ T8957] RDX: 0000200000000340 RSI: 00000000000089f1 RDI: 0000000000000003 [ 308.943559][ T8957] RBP: 00007f41718e6090 R08: 0000000000000000 R09: 0000000000000000 [ 308.943571][ T8957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.943582][ T8957] R13: 00007f4173906038 R14: 00007f4173905fa0 R15: 00007ffe46187848 [ 308.943611][ T8957] [ 308.943619][ T8957] ERROR: Out of memory at tomoyo_realpath_from_path. [ 309.117812][ T5608] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 309.267507][ T5608] usb 2-1: Using ep0 maxpacket: 16 [ 309.275364][ T5608] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.275385][ T5608] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.275398][ T5608] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 309.275422][ T5608] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 309.275434][ T5608] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.328594][ T5608] usb 2-1: config 0 descriptor?? [ 309.591247][ T9] usb 4-1: new full-speed USB device number 53 using dummy_hcd [ 309.743815][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 309.743836][ T9] usb 4-1: config 0 has no interface number 0 [ 309.750494][ T9] usb 4-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 309.750522][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.750541][ T9] usb 4-1: Product: syz [ 309.750917][ T9] usb 4-1: Manufacturer: syz [ 309.750933][ T9] usb 4-1: SerialNumber: syz [ 309.802895][ T5608] usbhid 2-1:0.0: can't add hid device: -71 [ 309.803003][ T5608] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 309.807522][ T32] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 309.833977][ T9] usb 4-1: config 0 descriptor?? [ 309.853318][ T9] usb 4-1: selecting invalid altsetting 1 [ 309.855578][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 309.855593][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 309.859035][ T5608] usb 2-1: USB disconnect, device number 67 [ 309.920012][ T9] DVB: Unable to find symbol stv0299_attach() [ 309.948745][ T9] DVB: Unable to find symbol tda8083_attach() [ 309.948756][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 309.983013][ T32] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 309.983039][ T32] usb 1-1: config 0 has no interface number 0 [ 310.002107][ T32] usb 1-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 310.002125][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.002136][ T32] usb 1-1: Product: syz [ 310.002144][ T32] usb 1-1: Manufacturer: syz [ 310.002151][ T32] usb 1-1: SerialNumber: syz [ 310.007521][ T5631] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 310.051764][ T32] usb 1-1: config 0 descriptor?? [ 310.060222][ T32] usb 1-1: selecting invalid altsetting 1 [ 310.060355][ T32] dvb_ttusb_budget: ttusb_init_controller: error [ 310.060370][ T32] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 310.069634][ T10] usb 4-1: USB disconnect, device number 53 [ 310.148115][ T5631] usb 3-1: device descriptor read/64, error -71 [ 310.206412][ T32] DVB: Unable to find symbol stv0299_attach() [ 310.234322][ T32] DVB: Unable to find symbol tda8083_attach() [ 310.234334][ T32] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 310.254054][ T8965] FAULT_INJECTION: forcing a failure. [ 310.254054][ T8965] name failslab, interval 1, probability 0, space 0, times 0 [ 310.254089][ T8965] CPU: 0 UID: 0 PID: 8965 Comm: syz.0.1099 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 310.254114][ T8965] Tainted: [L]=SOFTLOCKUP [ 310.254120][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 310.254131][ T8965] Call Trace: [ 310.254138][ T8965] [ 310.254146][ T8965] dump_stack_lvl+0xe8/0x150 [ 310.254174][ T8965] should_fail_ex+0x46b/0x600 [ 310.254209][ T8965] should_failslab+0xa8/0x100 [ 310.254240][ T8965] __kmalloc_noprof+0xfe/0x7e0 [ 310.254259][ T8965] ? rcu_is_watching+0x15/0xb0 [ 310.254286][ T8965] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.254306][ T8965] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.254334][ T8965] tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.254357][ T8965] ? tomoyo_domain+0xd7/0x130 [ 310.254382][ T8965] ? tomoyo_path_number_perm+0x219/0x630 [ 310.254409][ T8965] tomoyo_path_number_perm+0x246/0x630 [ 310.254438][ T8965] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 310.254465][ T8965] ? __lock_acquire+0x6b5/0x2d10 [ 310.254491][ T8965] ? do_raw_spin_lock+0x12b/0x2f0 [ 310.254537][ T8965] ? __fget_files+0x2a/0x420 [ 310.254559][ T8965] ? __fget_files+0x2a/0x420 [ 310.254576][ T8965] ? __fget_files+0x3a6/0x420 [ 310.254593][ T8965] ? __fget_files+0x2a/0x420 [ 310.254616][ T8965] security_file_ioctl+0xc3/0x2a0 [ 310.254645][ T8965] __se_sys_ioctl+0x47/0x170 [ 310.254668][ T8965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.254688][ T8965] do_syscall_64+0x174/0x580 [ 310.254710][ T8965] ? trace_irq_disable+0x3b/0x140 [ 310.254731][ T8965] ? clear_bhb_loop+0x40/0x90 [ 310.254752][ T8965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.254771][ T8965] RIP: 0033:0x7fa28cd1ce59 [ 310.254790][ T8965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.254806][ T8965] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.254827][ T8965] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 310.254841][ T8965] RDX: 0000200000000000 RSI: 0000000000000707 RDI: 0000000000000004 [ 310.254853][ T8965] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 310.254864][ T8965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.254875][ T8965] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 310.254903][ T8965] [ 310.256597][ T8965] ERROR: Out of memory at tomoyo_realpath_from_path. [ 310.270823][ T5608] usb 1-1: USB disconnect, device number 51 [ 310.397471][ T5631] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 310.470998][ T8980] FAULT_INJECTION: forcing a failure. [ 310.470998][ T8980] name failslab, interval 1, probability 0, space 0, times 0 [ 310.471035][ T8980] CPU: 0 UID: 0 PID: 8980 Comm: syz.1.1101 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 310.471061][ T8980] Tainted: [L]=SOFTLOCKUP [ 310.471068][ T8980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 310.471079][ T8980] Call Trace: [ 310.471087][ T8980] [ 310.471094][ T8980] dump_stack_lvl+0xe8/0x150 [ 310.471121][ T8980] should_fail_ex+0x46b/0x600 [ 310.471152][ T8980] should_failslab+0xa8/0x100 [ 310.471178][ T8980] kmem_cache_alloc_noprof+0xa4/0x6c0 [ 310.471205][ T8980] ? do_getname+0x2e/0x250 [ 310.471231][ T8980] ? do_getname+0x2e/0x250 [ 310.471262][ T8980] do_getname+0x2e/0x250 [ 310.471287][ T8980] ? getname_uflags+0x11/0x30 [ 310.471314][ T8980] __x64_sys_execveat+0xad/0xf0 [ 310.471335][ T8980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.471356][ T8980] do_syscall_64+0x174/0x580 [ 310.471378][ T8980] ? trace_irq_disable+0x3b/0x140 [ 310.471402][ T8980] ? clear_bhb_loop+0x40/0x90 [ 310.471423][ T8980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.471441][ T8980] RIP: 0033:0x7f8b8b0fce59 [ 310.471458][ T8980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.471474][ T8980] RSP: 002b:00007f8b89335028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 310.471493][ T8980] RAX: ffffffffffffffda RBX: 00007f8b8b376090 RCX: 00007f8b8b0fce59 [ 310.471506][ T8980] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 310.471518][ T8980] RBP: 00007f8b89335090 R08: 0000000000000000 R09: 0000000000000000 [ 310.471530][ T8980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.471541][ T8980] R13: 00007f8b8b376128 R14: 00007f8b8b376090 R15: 00007ffecb0a5e68 [ 310.471569][ T8980] [ 310.567494][ T5631] usb 3-1: device descriptor read/64, error -71 [ 310.679679][ T5631] usb usb3-port1: attempt power cycle [ 310.833474][ T8983] process 'syz.3.1102' launched './file0' with NULL argv: empty string added [ 310.835032][ T8987] FAULT_INJECTION: forcing a failure. [ 310.835032][ T8987] name failslab, interval 1, probability 0, space 0, times 0 [ 310.835067][ T8987] CPU: 1 UID: 0 PID: 8987 Comm: syz.0.1104 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 310.835092][ T8987] Tainted: [L]=SOFTLOCKUP [ 310.835098][ T8987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 310.835109][ T8987] Call Trace: [ 310.835115][ T8987] [ 310.835123][ T8987] dump_stack_lvl+0xe8/0x150 [ 310.835153][ T8987] should_fail_ex+0x46b/0x600 [ 310.835193][ T8987] should_failslab+0xa8/0x100 [ 310.835211][ T8987] __kmalloc_noprof+0xfe/0x7e0 [ 310.835221][ T8987] ? rcu_is_watching+0x15/0xb0 [ 310.835237][ T8987] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.835249][ T8987] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.835263][ T8987] tomoyo_realpath_from_path+0xe3/0x5d0 [ 310.835276][ T8987] ? tomoyo_domain+0xd7/0x130 [ 310.835290][ T8987] ? tomoyo_path_number_perm+0x219/0x630 [ 310.835306][ T8987] tomoyo_path_number_perm+0x246/0x630 [ 310.835323][ T8987] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 310.835337][ T8987] ? __lock_acquire+0x6b5/0x2d10 [ 310.835352][ T8987] ? do_raw_spin_lock+0x12b/0x2f0 [ 310.835378][ T8987] ? __fget_files+0x2a/0x420 [ 310.835390][ T8987] ? __fget_files+0x2a/0x420 [ 310.835399][ T8987] ? __fget_files+0x3a6/0x420 [ 310.835409][ T8987] ? __fget_files+0x2a/0x420 [ 310.835421][ T8987] security_file_ioctl+0xc3/0x2a0 [ 310.835445][ T8987] __se_sys_ioctl+0x47/0x170 [ 310.835459][ T8987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.835471][ T8987] do_syscall_64+0x174/0x580 [ 310.835485][ T8987] ? trace_irq_disable+0x3b/0x140 [ 310.835498][ T8987] ? clear_bhb_loop+0x40/0x90 [ 310.835511][ T8987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.835521][ T8987] RIP: 0033:0x7fa28cd1ce59 [ 310.835532][ T8987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.835541][ T8987] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.835554][ T8987] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 310.835561][ T8987] RDX: 0000200000000440 RSI: 0000000040186f40 RDI: 0000000000000003 [ 310.835568][ T8987] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 310.835575][ T8987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.835581][ T8987] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 310.835597][ T8987] [ 310.835660][ T8987] ERROR: Out of memory at tomoyo_realpath_from_path. [ 311.018925][ T5631] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 311.038187][ T5631] usb 3-1: device descriptor read/8, error -71 [ 311.278991][ T5631] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 311.301046][ T5631] usb 3-1: device descriptor read/8, error -71 [ 311.352067][ T9001] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1109'. [ 311.408169][ T5631] usb usb3-port1: unable to enumerate USB device [ 311.617510][ T32] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 311.768244][ T32] usb 2-1: Using ep0 maxpacket: 32 [ 311.771576][ T32] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 311.771617][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 311.771643][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 311.771685][ T32] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 311.771708][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.780757][ T32] usb 2-1: config 0 descriptor?? [ 311.789409][ T9001] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 311.796132][ T32] hub 2-1:0.0: USB hub found [ 311.977610][ T5631] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 312.029668][ T32] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 312.041718][ T32] usbhid 2-1:0.0: can't add hid device: -71 [ 312.041832][ T32] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 312.075799][ T32] usb 2-1: USB disconnect, device number 68 [ 312.137517][ T5631] usb 4-1: Using ep0 maxpacket: 32 [ 312.139548][ T5631] usb 4-1: config 246 has an invalid interface number: 166 but max is 0 [ 312.139576][ T5631] usb 4-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 312.139595][ T5631] usb 4-1: config 246 has no interface number 0 [ 312.139652][ T5631] usb 4-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0 [ 312.139677][ T5631] usb 4-1: config 246 interface 166 altsetting 118 bulk endpoint 0xB has invalid maxpacket 0 [ 312.139690][ T5631] usb 4-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 312.139705][ T5631] usb 4-1: config 246 interface 166 has no altsetting 0 [ 312.141889][ T5631] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 312.141916][ T5631] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.141929][ T5631] usb 4-1: Product: syz [ 312.141937][ T5631] usb 4-1: Manufacturer: syz [ 312.141944][ T5631] usb 4-1: SerialNumber: syz [ 312.773193][ T5631] usb 4-1: Cannot retrieve CPort count: 0 [ 312.773220][ T5631] usb 4-1: Cannot retrieve CPort count: -5 [ 312.773241][ T5631] es2_ap_driver 4-1:246.166: probe with driver es2_ap_driver failed with error -5 [ 312.923757][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1127'. [ 312.962415][ T9041] FAULT_INJECTION: forcing a failure. [ 312.962415][ T9041] name failslab, interval 1, probability 0, space 0, times 0 [ 312.962442][ T9041] CPU: 0 UID: 0 PID: 9041 Comm: syz.0.1128 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 312.962467][ T9041] Tainted: [L]=SOFTLOCKUP [ 312.962472][ T9041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 312.962482][ T9041] Call Trace: [ 312.962487][ T9041] [ 312.962494][ T9041] dump_stack_lvl+0xe8/0x150 [ 312.962514][ T9041] should_fail_ex+0x46b/0x600 [ 312.962534][ T9041] should_failslab+0xa8/0x100 [ 312.962547][ T9041] __kmalloc_noprof+0xfe/0x7e0 [ 312.962558][ T9041] ? rcu_is_watching+0x15/0xb0 [ 312.962574][ T9041] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 312.962586][ T9041] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 312.962601][ T9041] tomoyo_realpath_from_path+0xe3/0x5d0 [ 312.962614][ T9041] ? tomoyo_domain+0xd7/0x130 [ 312.962628][ T9041] ? tomoyo_path_number_perm+0x219/0x630 [ 312.962644][ T9041] tomoyo_path_number_perm+0x246/0x630 [ 312.962661][ T9041] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 312.962676][ T9041] ? __lock_acquire+0x6b5/0x2d10 [ 312.962691][ T9041] ? do_raw_spin_lock+0x12b/0x2f0 [ 312.962723][ T9041] ? __fget_files+0x2a/0x420 [ 312.962742][ T9041] ? __fget_files+0x2a/0x420 [ 312.962758][ T9041] ? __fget_files+0x3a6/0x420 [ 312.962772][ T9041] ? __fget_files+0x2a/0x420 [ 312.962793][ T9041] security_file_ioctl+0xc3/0x2a0 [ 312.962819][ T9041] __se_sys_ioctl+0x47/0x170 [ 312.962844][ T9041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.962864][ T9041] do_syscall_64+0x174/0x580 [ 312.962881][ T9041] ? trace_irq_disable+0x3b/0x140 [ 312.962895][ T9041] ? clear_bhb_loop+0x40/0x90 [ 312.962908][ T9041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.962919][ T9041] RIP: 0033:0x7fa28cd1ce59 [ 312.962930][ T9041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 312.962939][ T9041] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 312.962955][ T9041] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 312.962962][ T9041] RDX: 0000200000000040 RSI: 00000000c0d05640 RDI: 0000000000000003 [ 312.962969][ T9041] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 312.962976][ T9041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.962981][ T9041] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 312.962997][ T9041] [ 312.963002][ T9041] ERROR: Out of memory at tomoyo_realpath_from_path. [ 312.976503][ T5727] usb 4-1: USB disconnect, device number 54 [ 313.431021][ T9058] FAULT_INJECTION: forcing a failure. [ 313.431021][ T9058] name failslab, interval 1, probability 0, space 0, times 0 [ 313.431046][ T9058] CPU: 0 UID: 0 PID: 9058 Comm: syz.0.1136 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 313.431062][ T9058] Tainted: [L]=SOFTLOCKUP [ 313.431066][ T9058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 313.431073][ T9058] Call Trace: [ 313.431077][ T9058] [ 313.431082][ T9058] dump_stack_lvl+0xe8/0x150 [ 313.431100][ T9058] should_fail_ex+0x46b/0x600 [ 313.431118][ T9058] should_failslab+0xa8/0x100 [ 313.431132][ T9058] __kvmalloc_node_noprof+0x181/0x910 [ 313.431146][ T9058] ? traverse+0xde/0x580 [ 313.431159][ T9058] ? traverse+0xde/0x580 [ 313.431176][ T9058] traverse+0xde/0x580 [ 313.431189][ T9058] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 313.431207][ T9058] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 313.431220][ T9058] ? seq_read_iter+0xb8/0xe20 [ 313.431235][ T9058] seq_read_iter+0xd09/0xe20 [ 313.431250][ T9058] ? apparmor_file_permission+0x1f4/0x300 [ 313.431272][ T9058] vfs_read+0x58b/0xa80 [ 313.431290][ T9058] ? __pfx_vfs_read+0x10/0x10 [ 313.431307][ T9058] ? __fget_files+0x2a/0x420 [ 313.431322][ T9058] __x64_sys_pread64+0x19c/0x230 [ 313.431336][ T9058] ? __pfx___x64_sys_pread64+0x10/0x10 [ 313.431354][ T9058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.431364][ T9058] do_syscall_64+0x174/0x580 [ 313.431378][ T9058] ? trace_irq_disable+0x3b/0x140 [ 313.431391][ T9058] ? clear_bhb_loop+0x40/0x90 [ 313.431404][ T9058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.431414][ T9058] RIP: 0033:0x7fa28cd1ce59 [ 313.431425][ T9058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.431434][ T9058] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 313.431446][ T9058] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 313.431456][ T9058] RDX: 000000000000006f RSI: 0000200000000080 RDI: 0000000000000003 [ 313.431463][ T9058] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 313.431469][ T9058] R10: 00000000000002fe R11: 0000000000000246 R12: 0000000000000001 [ 313.431475][ T9058] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 313.431491][ T9058] [ 313.585604][ T5727] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 313.753643][ T5727] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 313.753674][ T5727] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.753696][ T5727] usb 3-1: Product: syz [ 313.753709][ T5727] usb 3-1: Manufacturer: syz [ 313.753724][ T5727] usb 3-1: SerialNumber: syz [ 313.795854][ T5727] usb 3-1: config 0 descriptor?? [ 313.809142][ T5727] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 313.884112][ T9067] netlink: 'syz.3.1137': attribute type 11 has an invalid length. [ 314.210137][ T5727] gspca_stk1135: reg_w 0x0 err -71 [ 314.211176][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211189][ T5727] gspca_stk1135: Sensor write failed [ 314.211215][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211224][ T5727] gspca_stk1135: Sensor write failed [ 314.211248][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211257][ T5727] gspca_stk1135: Sensor read failed [ 314.211286][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211295][ T5727] gspca_stk1135: Sensor read failed [ 314.211302][ T5727] gspca_stk1135: Detected sensor type unknown (0x0) [ 314.211331][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211342][ T5727] gspca_stk1135: Sensor read failed [ 314.211367][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211383][ T5727] gspca_stk1135: Sensor read failed [ 314.211407][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211416][ T5727] gspca_stk1135: Sensor write failed [ 314.211438][ T5727] gspca_stk1135: serial bus timeout: status=0x00 [ 314.211447][ T5727] gspca_stk1135: Sensor write failed [ 314.211531][ T5727] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 314.231838][ T5727] usb 3-1: USB disconnect, device number 49 [ 314.239333][ T32] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 314.404618][ T32] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 314.404651][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.404670][ T32] usb 2-1: Product: syz [ 314.404685][ T32] usb 2-1: Manufacturer: syz [ 314.404698][ T32] usb 2-1: SerialNumber: syz [ 314.833500][ T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 314.833561][ T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 314.935177][ T9109] FAULT_INJECTION: forcing a failure. [ 314.935177][ T9109] name failslab, interval 1, probability 0, space 0, times 0 [ 314.935212][ T9109] CPU: 0 UID: 0 PID: 9109 Comm: syz.3.1157 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 314.935238][ T9109] Tainted: [L]=SOFTLOCKUP [ 314.935246][ T9109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 314.935257][ T9109] Call Trace: [ 314.935264][ T9109] [ 314.935272][ T9109] dump_stack_lvl+0xe8/0x150 [ 314.935300][ T9109] should_fail_ex+0x46b/0x600 [ 314.935330][ T9109] should_failslab+0xa8/0x100 [ 314.935354][ T9109] kmem_cache_alloc_noprof+0xa4/0x6c0 [ 314.935383][ T9109] ? do_getname+0x2e/0x250 [ 314.935409][ T9109] ? do_getname+0x2e/0x250 [ 314.935435][ T9109] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 314.935460][ T9109] do_getname+0x2e/0x250 [ 314.935485][ T9109] ? user_path_at+0x1e/0x160 [ 314.935508][ T9109] user_path_at+0x2a/0x160 [ 314.935530][ T9109] __se_sys_mount+0x2dc/0x420 [ 314.935554][ T9109] ? __pfx___se_sys_mount+0x10/0x10 [ 314.935578][ T9109] ? __x64_sys_mount+0x20/0xc0 [ 314.935595][ T9109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.935616][ T9109] do_syscall_64+0x174/0x580 [ 314.935638][ T9109] ? trace_irq_disable+0x3b/0x140 [ 314.935666][ T9109] ? clear_bhb_loop+0x40/0x90 [ 314.935688][ T9109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.935706][ T9109] RIP: 0033:0x7f417368ce59 [ 314.935724][ T9109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 314.935739][ T9109] RSP: 002b:00007f41718e6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 314.935759][ T9109] RAX: ffffffffffffffda RBX: 00007f4173905fa0 RCX: 00007f417368ce59 [ 314.935773][ T9109] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 314.935785][ T9109] RBP: 00007f41718e6090 R08: 0000000000000000 R09: 0000000000000000 [ 314.935796][ T9109] R10: 0000000000084000 R11: 0000000000000246 R12: 0000000000000001 [ 314.935816][ T9109] R13: 00007f4173906038 R14: 00007f4173905fa0 R15: 00007ffe46187848 [ 314.935844][ T9109] [ 315.106388][ T9107] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1156'. [ 315.590008][ T9126] FAULT_INJECTION: forcing a failure. [ 315.590008][ T9126] name failslab, interval 1, probability 0, space 0, times 0 [ 315.590043][ T9126] CPU: 1 UID: 0 PID: 9126 Comm: syz.2.1162 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 315.590069][ T9126] Tainted: [L]=SOFTLOCKUP [ 315.590077][ T9126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 315.590087][ T9126] Call Trace: [ 315.590094][ T9126] [ 315.590105][ T9126] dump_stack_lvl+0xe8/0x150 [ 315.590133][ T9126] should_fail_ex+0x46b/0x600 [ 315.590165][ T9126] should_failslab+0xa8/0x100 [ 315.590188][ T9126] __kmalloc_noprof+0xfe/0x7e0 [ 315.590207][ T9126] ? rcu_is_watching+0x15/0xb0 [ 315.590234][ T9126] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.590256][ T9126] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.590293][ T9126] tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.590317][ T9126] ? tomoyo_domain+0xd7/0x130 [ 315.590344][ T9126] ? tomoyo_path_number_perm+0x219/0x630 [ 315.590370][ T9126] tomoyo_path_number_perm+0x246/0x630 [ 315.590400][ T9126] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 315.590427][ T9126] ? __lock_acquire+0x6b5/0x2d10 [ 315.590453][ T9126] ? do_raw_spin_lock+0x12b/0x2f0 [ 315.590500][ T9126] ? __fget_files+0x2a/0x420 [ 315.590522][ T9126] ? __fget_files+0x2a/0x420 [ 315.590539][ T9126] ? __fget_files+0x3a6/0x420 [ 315.590557][ T9126] ? __fget_files+0x2a/0x420 [ 315.590579][ T9126] security_file_ioctl+0xc3/0x2a0 [ 315.590607][ T9126] __se_sys_ioctl+0x47/0x170 [ 315.590629][ T9126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.590649][ T9126] do_syscall_64+0x174/0x580 [ 315.590672][ T9126] ? trace_irq_disable+0x3b/0x140 [ 315.590695][ T9126] ? clear_bhb_loop+0x40/0x90 [ 315.590719][ T9126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.590737][ T9126] RIP: 0033:0x7fbaa25cce59 [ 315.590755][ T9126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.590770][ T9126] RSP: 002b:00007fbaa0826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.590791][ T9126] RAX: ffffffffffffffda RBX: 00007fbaa2845fa0 RCX: 00007fbaa25cce59 [ 315.590804][ T9126] RDX: 0000200000000000 RSI: 00000000000089f0 RDI: 0000000000000005 [ 315.590816][ T9126] RBP: 00007fbaa0826090 R08: 0000000000000000 R09: 0000000000000000 [ 315.590828][ T9126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.590840][ T9126] R13: 00007fbaa2846038 R14: 00007fbaa2845fa0 R15: 00007ffe1dc7ee78 [ 315.590869][ T9126] [ 315.590947][ T9126] ERROR: Out of memory at tomoyo_realpath_from_path. [ 315.677091][ T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPIPE [ 315.678486][ T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 315.683567][ T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 315.899953][ T9134] FAULT_INJECTION: forcing a failure. [ 315.899953][ T9134] name failslab, interval 1, probability 0, space 0, times 0 [ 315.899991][ T9134] CPU: 1 UID: 0 PID: 9134 Comm: syz.0.1165 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 315.900017][ T9134] Tainted: [L]=SOFTLOCKUP [ 315.900023][ T9134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 315.900034][ T9134] Call Trace: [ 315.900042][ T9134] [ 315.900049][ T9134] dump_stack_lvl+0xe8/0x150 [ 315.900078][ T9134] should_fail_ex+0x46b/0x600 [ 315.900110][ T9134] should_failslab+0xa8/0x100 [ 315.900132][ T9134] __kmalloc_noprof+0xfe/0x7e0 [ 315.900150][ T9134] ? rcu_is_watching+0x15/0xb0 [ 315.900182][ T9134] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.900202][ T9134] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.900228][ T9134] tomoyo_realpath_from_path+0xe3/0x5d0 [ 315.900251][ T9134] ? tomoyo_domain+0xd7/0x130 [ 315.900276][ T9134] ? tomoyo_path_number_perm+0x219/0x630 [ 315.900304][ T9134] tomoyo_path_number_perm+0x246/0x630 [ 315.900334][ T9134] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 315.900360][ T9134] ? __lock_acquire+0x6b5/0x2d10 [ 315.900386][ T9134] ? do_raw_spin_lock+0x12b/0x2f0 [ 315.900433][ T9134] ? __fget_files+0x2a/0x420 [ 315.900455][ T9134] ? __fget_files+0x2a/0x420 [ 315.900471][ T9134] ? __fget_files+0x3a6/0x420 [ 315.900489][ T9134] ? __fget_files+0x2a/0x420 [ 315.900512][ T9134] security_file_ioctl+0xc3/0x2a0 [ 315.900539][ T9134] __se_sys_ioctl+0x47/0x170 [ 315.900563][ T9134] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.900583][ T9134] do_syscall_64+0x174/0x580 [ 315.900606][ T9134] ? trace_irq_disable+0x3b/0x140 [ 315.900629][ T9134] ? clear_bhb_loop+0x40/0x90 [ 315.900651][ T9134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.900670][ T9134] RIP: 0033:0x7fa28cd1ce59 [ 315.900687][ T9134] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.900703][ T9134] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.900732][ T9134] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 315.900746][ T9134] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004 [ 315.900759][ T9134] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 315.900770][ T9134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.900781][ T9134] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 315.900810][ T9134] [ 315.906674][ T9134] ERROR: Out of memory at tomoyo_realpath_from_path. [ 315.953518][ T8493] udevd[8493]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 316.227825][ T32] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32 [ 316.748267][ T9157] FAULT_INJECTION: forcing a failure. [ 316.748267][ T9157] name failslab, interval 1, probability 0, space 0, times 0 [ 316.748303][ T9157] CPU: 1 UID: 0 PID: 9157 Comm: syz.3.1174 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 316.748330][ T9157] Tainted: [L]=SOFTLOCKUP [ 316.748336][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 316.748348][ T9157] Call Trace: [ 316.748356][ T9157] [ 316.748364][ T9157] dump_stack_lvl+0xe8/0x150 [ 316.748392][ T9157] should_fail_ex+0x46b/0x600 [ 316.748424][ T9157] should_failslab+0xa8/0x100 [ 316.748447][ T9157] __kmalloc_noprof+0xfe/0x7e0 [ 316.748465][ T9157] ? rcu_is_watching+0x15/0xb0 [ 316.748493][ T9157] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 316.748514][ T9157] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 316.748542][ T9157] tomoyo_realpath_from_path+0xe3/0x5d0 [ 316.748566][ T9157] ? tomoyo_domain+0xd7/0x130 [ 316.748592][ T9157] ? tomoyo_path_number_perm+0x219/0x630 [ 316.748620][ T9157] tomoyo_path_number_perm+0x246/0x630 [ 316.748650][ T9157] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 316.748677][ T9157] ? __lock_acquire+0x6b5/0x2d10 [ 316.748704][ T9157] ? do_raw_spin_lock+0x12b/0x2f0 [ 316.748755][ T9157] ? __fget_files+0x2a/0x420 [ 316.748778][ T9157] ? __fget_files+0x2a/0x420 [ 316.748796][ T9157] ? __fget_files+0x3a6/0x420 [ 316.748814][ T9157] ? __fget_files+0x2a/0x420 [ 316.748836][ T9157] security_file_ioctl+0xc3/0x2a0 [ 316.748865][ T9157] __se_sys_ioctl+0x47/0x170 [ 316.748889][ T9157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.748910][ T9157] do_syscall_64+0x174/0x580 [ 316.748934][ T9157] ? trace_irq_disable+0x3b/0x140 [ 316.748958][ T9157] ? clear_bhb_loop+0x40/0x90 [ 316.748981][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.749000][ T9157] RIP: 0033:0x7f417368ce59 [ 316.749018][ T9157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 316.749035][ T9157] RSP: 002b:00007f41718e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 316.749056][ T9157] RAX: ffffffffffffffda RBX: 00007f4173905fa0 RCX: 00007f417368ce59 [ 316.749070][ T9157] RDX: 0000200000000700 RSI: 0000000040186f40 RDI: 0000000000000003 [ 316.749083][ T9157] RBP: 00007f41718e6090 R08: 0000000000000000 R09: 0000000000000000 [ 316.749095][ T9157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.749114][ T9157] R13: 00007f4173906038 R14: 00007f4173905fa0 R15: 00007ffe46187848 [ 316.749145][ T9157] [ 316.749153][ T9157] ERROR: Out of memory at tomoyo_realpath_from_path. [ 316.897522][ T5608] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 317.022827][ T1328] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.022922][ T1328] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.047463][ T5608] usb 1-1: Using ep0 maxpacket: 16 [ 317.052011][ T5608] usb 1-1: config index 0 descriptor too short (expected 65, got 36) [ 317.052065][ T5608] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 317.052099][ T5608] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 317.052125][ T5608] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 317.052151][ T5608] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 317.052192][ T5608] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 317.052214][ T5608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.063740][ T5350] usb 2-1: USB disconnect, device number 69 [ 317.147264][ T5608] usb 1-1: config 0 descriptor?? [ 317.154596][ T9154] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 317.180912][ T5608] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input8 [ 317.410955][ T5608] usb 1-1: USB disconnect, device number 52 [ 317.678310][ T9170] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1179'. [ 318.050604][ T9173] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1179'. [ 318.050626][ T9173] nbd: nbd64 already in use [ 318.097519][ T5350] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 318.189413][ T5608] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 318.248323][ T5350] usb 2-1: Using ep0 maxpacket: 32 [ 318.250194][ T5350] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 318.250220][ T5350] usb 2-1: config 0 has no interface number 0 [ 318.276825][ T5350] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 318.276856][ T5350] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.276876][ T5350] usb 2-1: Product: syz [ 318.276893][ T5350] usb 2-1: Manufacturer: syz [ 318.276908][ T5350] usb 2-1: SerialNumber: syz [ 318.291566][ T5350] usb 2-1: config 0 descriptor?? [ 318.328915][ T5350] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 318.357418][ T5608] usb 3-1: Using ep0 maxpacket: 32 [ 318.358729][ T5608] usb 3-1: no configurations [ 318.358747][ T5608] usb 3-1: can't read configurations, error -22 [ 318.367508][ T5727] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 318.406141][ T8493] udevd[8493]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 318.507522][ T5608] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 318.534458][ T5350] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 318.570176][ T5350] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 318.573185][ T5727] usb 4-1: Using ep0 maxpacket: 32 [ 318.588593][ T5727] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 318.588620][ T5727] usb 4-1: config 0 has no interface number 0 [ 318.588720][ T5727] usb 4-1: config 0 interface 184 has no altsetting 0 [ 318.621785][ T5727] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 318.621815][ T5727] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.621834][ T5727] usb 4-1: Product: syz [ 318.621848][ T5727] usb 4-1: Manufacturer: syz [ 318.621861][ T5727] usb 4-1: SerialNumber: syz [ 318.690590][ T5727] usb 4-1: config 0 descriptor?? [ 318.708324][ T5608] usb 3-1: Using ep0 maxpacket: 32 [ 318.714113][ T5608] usb 3-1: no configurations [ 318.714133][ T5608] usb 3-1: can't read configurations, error -22 [ 318.731112][ T5608] usb usb3-port1: attempt power cycle [ 318.946322][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 318.955695][ T5631] usb 2-1: USB disconnect, device number 70 [ 318.969755][ T5631] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 318.975076][ T5631] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 319.001619][ T5631] quatech2 2-1:0.51: device disconnected [ 319.077511][ T5608] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 319.100317][ T5608] usb 3-1: Using ep0 maxpacket: 32 [ 319.101820][ T5608] usb 3-1: no configurations [ 319.101835][ T5608] usb 3-1: can't read configurations, error -22 [ 319.227494][ T5608] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 319.259802][ T5608] usb 3-1: Using ep0 maxpacket: 32 [ 319.262587][ T5608] usb 3-1: no configurations [ 319.262606][ T5608] usb 3-1: can't read configurations, error -22 [ 319.262953][ T5608] usb usb3-port1: unable to enumerate USB device [ 319.615674][ T9200] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 319.649956][ T9199] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 319.705631][ T9202] FAULT_INJECTION: forcing a failure. [ 319.705631][ T9202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.705668][ T9202] CPU: 0 UID: 0 PID: 9202 Comm: syz.0.1190 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 319.705695][ T9202] Tainted: [L]=SOFTLOCKUP [ 319.705701][ T9202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 319.705713][ T9202] Call Trace: [ 319.705720][ T9202] [ 319.705729][ T9202] dump_stack_lvl+0xe8/0x150 [ 319.705754][ T9202] should_fail_ex+0x46b/0x600 [ 319.705772][ T9202] strncpy_from_user+0x36/0x2b0 [ 319.705788][ T9202] __se_sys_request_key+0xb8/0x350 [ 319.705809][ T9202] ? __pfx___se_sys_request_key+0x10/0x10 [ 319.705844][ T9202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.705873][ T9202] do_syscall_64+0x174/0x580 [ 319.705896][ T9202] ? trace_irq_disable+0x3b/0x140 [ 319.705918][ T9202] ? clear_bhb_loop+0x40/0x90 [ 319.705931][ T9202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.705940][ T9202] RIP: 0033:0x7fa28cd1ce59 [ 319.705951][ T9202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 319.705960][ T9202] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 319.705977][ T9202] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 319.705991][ T9202] RDX: 0000200000000380 RSI: 0000200000000080 RDI: 0000200000000340 [ 319.706004][ T9202] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 319.706016][ T9202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.706027][ T9202] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 319.706057][ T9202] [ 320.147530][ T5608] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 320.187271][ T9222] FAULT_INJECTION: forcing a failure. [ 320.187271][ T9222] name failslab, interval 1, probability 0, space 0, times 0 [ 320.187295][ T9222] CPU: 0 UID: 0 PID: 9222 Comm: syz.0.1200 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 320.187325][ T9222] Tainted: [L]=SOFTLOCKUP [ 320.187331][ T9222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 320.187348][ T9222] Call Trace: [ 320.187355][ T9222] [ 320.187363][ T9222] dump_stack_lvl+0xe8/0x150 [ 320.187389][ T9222] should_fail_ex+0x46b/0x600 [ 320.187419][ T9222] should_failslab+0xa8/0x100 [ 320.187441][ T9222] __kmalloc_noprof+0xfe/0x7e0 [ 320.187459][ T9222] ? rcu_is_watching+0x15/0xb0 [ 320.187486][ T9222] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.187508][ T9222] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.187535][ T9222] tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.187548][ T9222] ? tomoyo_domain+0xd7/0x130 [ 320.187571][ T9222] ? tomoyo_path_number_perm+0x219/0x630 [ 320.187599][ T9222] tomoyo_path_number_perm+0x246/0x630 [ 320.187631][ T9222] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 320.187658][ T9222] ? __lock_acquire+0x6b5/0x2d10 [ 320.187680][ T9222] ? do_raw_spin_lock+0x12b/0x2f0 [ 320.187706][ T9222] ? __fget_files+0x2a/0x420 [ 320.187718][ T9222] ? __fget_files+0x2a/0x420 [ 320.187734][ T9222] ? __fget_files+0x3a6/0x420 [ 320.187751][ T9222] ? __fget_files+0x2a/0x420 [ 320.187774][ T9222] security_file_ioctl+0xc3/0x2a0 [ 320.187804][ T9222] __se_sys_ioctl+0x47/0x170 [ 320.187828][ T9222] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.187846][ T9222] do_syscall_64+0x174/0x580 [ 320.187859][ T9222] ? trace_irq_disable+0x3b/0x140 [ 320.187872][ T9222] ? clear_bhb_loop+0x40/0x90 [ 320.187885][ T9222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.187903][ T9222] RIP: 0033:0x7fa28cd1ce59 [ 320.187921][ T9222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 320.187937][ T9222] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.187957][ T9222] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 320.187971][ T9222] RDX: 00002000000000c0 RSI: 000000008010640b RDI: 0000000000000003 [ 320.187984][ T9222] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 320.187996][ T9222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.188005][ T9222] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 320.188021][ T9222] [ 320.189054][ T9222] ERROR: Out of memory at tomoyo_realpath_from_path. [ 320.259619][ T9224] FAULT_INJECTION: forcing a failure. [ 320.259619][ T9224] name failslab, interval 1, probability 0, space 0, times 0 [ 320.259655][ T9224] CPU: 0 UID: 0 PID: 9224 Comm: syz.0.1201 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 320.259682][ T9224] Tainted: [L]=SOFTLOCKUP [ 320.259688][ T9224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 320.259700][ T9224] Call Trace: [ 320.259708][ T9224] [ 320.259715][ T9224] dump_stack_lvl+0xe8/0x150 [ 320.259744][ T9224] should_fail_ex+0x46b/0x600 [ 320.259776][ T9224] should_failslab+0xa8/0x100 [ 320.259799][ T9224] __kmalloc_noprof+0xfe/0x7e0 [ 320.259817][ T9224] ? rcu_is_watching+0x15/0xb0 [ 320.259845][ T9224] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.259865][ T9224] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.259893][ T9224] tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.259917][ T9224] ? tomoyo_domain+0xd7/0x130 [ 320.259943][ T9224] ? tomoyo_path_number_perm+0x219/0x630 [ 320.259969][ T9224] tomoyo_path_number_perm+0x246/0x630 [ 320.260000][ T9224] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 320.260025][ T9224] ? __lock_acquire+0x6b5/0x2d10 [ 320.260050][ T9224] ? do_raw_spin_lock+0x12b/0x2f0 [ 320.260099][ T9224] ? __fget_files+0x2a/0x420 [ 320.260121][ T9224] ? __fget_files+0x2a/0x420 [ 320.260138][ T9224] ? __fget_files+0x3a6/0x420 [ 320.260155][ T9224] ? __fget_files+0x2a/0x420 [ 320.260177][ T9224] security_file_ioctl+0xc3/0x2a0 [ 320.260206][ T9224] __se_sys_ioctl+0x47/0x170 [ 320.260230][ T9224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.260251][ T9224] do_syscall_64+0x174/0x580 [ 320.260282][ T9224] ? trace_irq_disable+0x3b/0x140 [ 320.260304][ T9224] ? clear_bhb_loop+0x40/0x90 [ 320.260327][ T9224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.260345][ T9224] RIP: 0033:0x7fa28cd1ce59 [ 320.260363][ T9224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 320.260379][ T9224] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.260400][ T9224] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 320.260414][ T9224] RDX: 0000000000000000 RSI: 0000000000007c80 RDI: 0000000000000004 [ 320.260425][ T9224] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 320.260437][ T9224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.260448][ T9224] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 320.260477][ T9224] [ 320.260485][ T9224] ERROR: Out of memory at tomoyo_realpath_from_path. [ 320.268524][ T9224] No buffer was provided with the request [ 320.302971][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 320.303001][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 320.309079][ T5608] usb 2-1: not running at top speed; connect to a high speed hub [ 320.318411][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 320.318442][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 320.318462][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 320.318480][ T5727] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 320.318778][ T5727] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 320.398231][ T5608] usb 2-1: New USB device found, idVendor=0499, idProduct=1044, bcdDevice= 0.40 [ 320.398269][ T5608] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.398289][ T5608] usb 2-1: Product: syz [ 320.398302][ T5608] usb 2-1: Manufacturer: syz [ 320.398316][ T5608] usb 2-1: SerialNumber: syz [ 320.694252][ T5608] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 320.833326][ T5727] usb 4-1: USB disconnect, device number 55 [ 321.064627][ T9238] FAULT_INJECTION: forcing a failure. [ 321.064627][ T9238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.064660][ T9238] CPU: 1 UID: 0 PID: 9238 Comm: syz.3.1207 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 321.064681][ T9238] Tainted: [L]=SOFTLOCKUP [ 321.064686][ T9238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 321.064695][ T9238] Call Trace: [ 321.064701][ T9238] [ 321.064707][ T9238] dump_stack_lvl+0xe8/0x150 [ 321.064731][ T9238] should_fail_ex+0x46b/0x600 [ 321.064757][ T9238] _copy_from_user+0x2d/0xb0 [ 321.064775][ T9238] ___sys_sendmsg+0x1c6/0x360 [ 321.064794][ T9238] ? __lock_acquire+0x6b5/0x2d10 [ 321.064817][ T9238] ? __pfx____sys_sendmsg+0x10/0x10 [ 321.064860][ T9238] ? __fget_files+0x2a/0x420 [ 321.064876][ T9238] ? __fget_files+0x3a6/0x420 [ 321.064899][ T9238] __x64_sys_sendmsg+0x1b7/0x290 [ 321.064923][ T9238] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 321.064955][ T9238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.064972][ T9238] do_syscall_64+0x174/0x580 [ 321.064992][ T9238] ? trace_irq_disable+0x3b/0x140 [ 321.065013][ T9238] ? clear_bhb_loop+0x40/0x90 [ 321.065032][ T9238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.065046][ T9238] RIP: 0033:0x7f417368ce59 [ 321.065061][ T9238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 321.065076][ T9238] RSP: 002b:00007f41718e6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.065095][ T9238] RAX: ffffffffffffffda RBX: 00007f4173905fa0 RCX: 00007f417368ce59 [ 321.065105][ T9238] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 321.065113][ T9238] RBP: 00007f41718e6090 R08: 0000000000000000 R09: 0000000000000000 [ 321.065122][ T9238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.065129][ T9238] R13: 00007f4173906038 R14: 00007f4173905fa0 R15: 00007ffe46187848 [ 321.065161][ T9238] [ 321.106456][ T5608] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 321.116076][ T5608] usb 2-1: USB disconnect, device number 71 [ 321.197739][ T8464] udevd[8464]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 321.478910][ T9230] FAULT_INJECTION: forcing a failure. [ 321.478910][ T9230] name fail_futex, interval 1, probability 0, space 0, times 1 [ 321.478946][ T9230] CPU: 0 UID: 0 PID: 9230 Comm: syz.0.1204 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 321.478973][ T9230] Tainted: [L]=SOFTLOCKUP [ 321.478980][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 321.478992][ T9230] Call Trace: [ 321.478999][ T9230] [ 321.479008][ T9230] dump_stack_lvl+0xe8/0x150 [ 321.479040][ T9230] should_fail_ex+0x46b/0x600 [ 321.479070][ T9230] get_futex_key+0x1b0/0x1570 [ 321.479105][ T9230] ? __pfx_get_futex_key+0x10/0x10 [ 321.479128][ T9230] ? __lock_acquire+0x6b5/0x2d10 [ 321.479164][ T9230] futex_wake+0x119/0x5e0 [ 321.479190][ T9230] ? __pfx_futex_wake+0x10/0x10 [ 321.479210][ T9230] ? do_raw_spin_lock+0x12b/0x2f0 [ 321.479243][ T9230] do_futex+0x4a9/0x4f0 [ 321.479276][ T9230] ? __pfx_do_futex+0x10/0x10 [ 321.479308][ T9230] ? __might_fault+0xaf/0x130 [ 321.479330][ T9230] mm_release+0x101/0x290 [ 321.479361][ T9230] exit_mm+0x51/0x250 [ 321.479381][ T9230] ? unwind_deferred_task_exit+0x67/0xa0 [ 321.479412][ T9230] do_exit+0x6a2/0x22c0 [ 321.479436][ T9230] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 321.479464][ T9230] ? __pfx_do_exit+0x10/0x10 [ 321.479484][ T9230] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 321.479502][ T9230] ? reacquire_held_locks+0x104/0x190 [ 321.479529][ T9230] ? rt_spin_lock+0x1e0/0x400 [ 321.479557][ T9230] do_group_exit+0x21b/0x2d0 [ 321.479578][ T9230] ? rt_spin_unlock+0x160/0x200 [ 321.479598][ T9230] get_signal+0x1284/0x1330 [ 321.479649][ T9230] arch_do_signal_or_restart+0xbc/0x840 [ 321.479670][ T9230] ? __pfx___schedule+0x10/0x10 [ 321.479690][ T9230] ? schedule+0x90/0x360 [ 321.479709][ T9230] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 321.479737][ T9230] ? schedule+0x90/0x360 [ 321.479765][ T9230] exit_to_user_mode_loop+0x104/0x710 [ 321.479788][ T9230] ? rcu_is_watching+0x15/0xb0 [ 321.479816][ T9230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.479836][ T9230] do_syscall_64+0x353/0x580 [ 321.479860][ T9230] ? trace_irq_disable+0x3b/0x140 [ 321.479883][ T9230] ? clear_bhb_loop+0x40/0x90 [ 321.479906][ T9230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.479925][ T9230] RIP: 0033:0x7fa28cd1ce59 [ 321.479942][ T9230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 321.479959][ T9230] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000022 [ 321.479979][ T9230] RAX: fffffffffffffdfe RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 321.479994][ T9230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 321.480005][ T9230] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 321.480017][ T9230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.480029][ T9230] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 321.480059][ T9230] [ 321.577040][ T9248] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1211'. [ 321.796587][ T9254] FAULT_INJECTION: forcing a failure. [ 321.796587][ T9254] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.796628][ T9254] CPU: 0 UID: 0 PID: 9254 Comm: syz.0.1212 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 321.796654][ T9254] Tainted: [L]=SOFTLOCKUP [ 321.796661][ T9254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 321.796674][ T9254] Call Trace: [ 321.796682][ T9254] [ 321.796690][ T9254] dump_stack_lvl+0xe8/0x150 [ 321.796720][ T9254] should_fail_ex+0x46b/0x600 [ 321.796750][ T9254] _copy_from_user+0x2d/0xb0 [ 321.796774][ T9254] sg_write+0x3ee/0xf00 [ 321.796800][ T9254] ? __pfx_sg_write+0x10/0x10 [ 321.796822][ T9254] ? __pfx_aa_file_perm+0x10/0x10 [ 321.796873][ T9254] ? rw_verify_area+0x25b/0x4e0 [ 321.796896][ T9254] ? __pfx_sg_write+0x10/0x10 [ 321.796914][ T9254] vfs_write+0x2a3/0xba0 [ 321.796943][ T9254] ? __pfx_vfs_write+0x10/0x10 [ 321.796966][ T9254] ? __fget_files+0x2a/0x420 [ 321.796989][ T9254] ? __fget_files+0x2a/0x420 [ 321.797005][ T9254] ? __fget_files+0x3a6/0x420 [ 321.797023][ T9254] ? __fget_files+0x2a/0x420 [ 321.797049][ T9254] ksys_write+0x156/0x270 [ 321.797073][ T9254] ? __pfx_ksys_write+0x10/0x10 [ 321.797101][ T9254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.797122][ T9254] do_syscall_64+0x174/0x580 [ 321.797151][ T9254] ? trace_irq_disable+0x3b/0x140 [ 321.797175][ T9254] ? clear_bhb_loop+0x40/0x90 [ 321.797198][ T9254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.797218][ T9254] RIP: 0033:0x7fa28cd1ce59 [ 321.797235][ T9254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 321.797251][ T9254] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 321.797271][ T9254] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 321.797285][ T9254] RDX: 00000000000000b2 RSI: 0000200000000040 RDI: 0000000000000004 [ 321.797297][ T9254] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 321.797309][ T9254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.797319][ T9254] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 321.797342][ T9254] [ 322.027863][ T9252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1211'. [ 322.030638][ T9252] nbd: nbd64 already in use [ 322.051572][ T9258] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1213'. [ 322.051605][ T9258] nbd: nbd64 already in use [ 322.127722][ T9260] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1213'. [ 322.234586][ T9267] FAULT_INJECTION: forcing a failure. [ 322.234586][ T9267] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.234623][ T9267] CPU: 0 UID: 0 PID: 9267 Comm: syz.0.1215 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 322.234650][ T9267] Tainted: [L]=SOFTLOCKUP [ 322.234656][ T9267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 322.234668][ T9267] Call Trace: [ 322.234681][ T9267] [ 322.234689][ T9267] dump_stack_lvl+0xe8/0x150 [ 322.234720][ T9267] should_fail_ex+0x46b/0x600 [ 322.234754][ T9267] _copy_from_user+0x2d/0xb0 [ 322.234776][ T9267] do_fcntl+0x949/0x19e0 [ 322.234803][ T9267] ? __fget_files+0x2a/0x420 [ 322.234823][ T9267] ? __pfx_do_fcntl+0x10/0x10 [ 322.234852][ T9267] ? __fget_files+0x2a/0x420 [ 322.234872][ T9267] ? __fget_files+0x2a/0x420 [ 322.234897][ T9267] ? bpf_lsm_file_fcntl+0x9/0x20 [ 322.234921][ T9267] __se_sys_fcntl+0xcb/0x160 [ 322.234943][ T9267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.234963][ T9267] do_syscall_64+0x174/0x580 [ 322.234986][ T9267] ? trace_irq_disable+0x3b/0x140 [ 322.235007][ T9267] ? clear_bhb_loop+0x40/0x90 [ 322.235034][ T9267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.235051][ T9267] RIP: 0033:0x7fa28cd1ce59 [ 322.235068][ T9267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.235083][ T9267] RSP: 002b:00007fa28af4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 322.235102][ T9267] RAX: ffffffffffffffda RBX: 00007fa28cf96090 RCX: 00007fa28cd1ce59 [ 322.235115][ T9267] RDX: 0000200000000140 RSI: 0000000000000007 RDI: 0000000000000003 [ 322.235127][ T9267] RBP: 00007fa28af4d090 R08: 0000000000000000 R09: 0000000000000000 [ 322.235138][ T9267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.235150][ T9267] R13: 00007fa28cf96128 R14: 00007fa28cf96090 R15: 00007fff993917f8 [ 322.235177][ T9267] [ 322.335718][ T9269] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 322.594082][ T8464] udevd[8464]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 322.617838][ T9270] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 322.617866][ T9270] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 322.662475][ T9270] vhci_hcd vhci_hcd.0: Device attached [ 322.744213][ T9278] usbip_core: unknown command [ 322.744225][ T9278] vhci_hcd: unknown pdu 134223989 [ 322.744239][ T9278] usbip_core: unknown command [ 322.780785][ T3355] vhci_hcd vhci_hcd.2: stop threads [ 322.780804][ T3355] vhci_hcd vhci_hcd.2: release socket [ 322.781021][ T3355] vhci_hcd vhci_hcd.2: disconnect device [ 322.977527][ T37] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 323.128376][ T37] usb 2-1: Using ep0 maxpacket: 32 [ 323.132407][ T37] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.132440][ T37] usb 2-1: config 0 has no interfaces? [ 323.164480][ T37] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 323.164513][ T37] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.164533][ T37] usb 2-1: Product: syz [ 323.164546][ T37] usb 2-1: Manufacturer: syz [ 323.164559][ T37] usb 2-1: SerialNumber: syz [ 323.165963][ T9290] FAULT_INJECTION: forcing a failure. [ 323.165963][ T9290] name failslab, interval 1, probability 0, space 0, times 0 [ 323.165997][ T9290] CPU: 0 UID: 0 PID: 9290 Comm: syz.0.1222 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 323.166024][ T9290] Tainted: [L]=SOFTLOCKUP [ 323.166031][ T9290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 323.166043][ T9290] Call Trace: [ 323.166050][ T9290] [ 323.166057][ T9290] dump_stack_lvl+0xe8/0x150 [ 323.166085][ T9290] should_fail_ex+0x46b/0x600 [ 323.166110][ T9290] ? alloc_slab_obj_exts+0xb7/0x230 [ 323.166136][ T9290] should_failslab+0xa8/0x100 [ 323.166156][ T9290] __kmalloc_flags_noprof+0x120/0x850 [ 323.166176][ T9290] ? alloc_slab_obj_exts+0xb7/0x230 [ 323.166206][ T9290] alloc_slab_obj_exts+0xb7/0x230 [ 323.166233][ T9290] __memcg_slab_post_alloc_hook+0x5f3/0xff0 [ 323.166281][ T9290] kmem_cache_alloc_noprof+0x430/0x6c0 [ 323.166310][ T9290] ? alloc_buffer_head+0x2a/0x280 [ 323.166334][ T9290] ? alloc_buffer_head+0x2a/0x280 [ 323.166364][ T9290] alloc_buffer_head+0x2a/0x280 [ 323.166387][ T9290] ? folio_alloc_buffers+0x1dd/0x6f0 [ 323.166414][ T9290] folio_alloc_buffers+0x1fb/0x6f0 [ 323.166456][ T9290] create_empty_buffers+0x3a/0x530 [ 323.166488][ T9290] __block_write_full_folio+0xc5/0xdd0 [ 323.166514][ T9290] ? block_write_full_folio+0x23b/0x470 [ 323.166543][ T9290] ? __pfx_blkdev_get_block+0x10/0x10 [ 323.166573][ T9290] ? __pfx_blkdev_get_block+0x10/0x10 [ 323.166605][ T9290] blkdev_writepages+0xef/0x1b0 [ 323.166632][ T9290] ? __pfx_blkdev_writepages+0x10/0x10 [ 323.166666][ T9290] ? rt_spin_unlock+0x14f/0x200 [ 323.166687][ T9290] ? rt_spin_unlock+0x160/0x200 [ 323.166703][ T9290] ? __pfx_blkdev_writepages+0x10/0x10 [ 323.166732][ T9290] do_writepages+0x32e/0x550 [ 323.166758][ T9290] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 323.166778][ T9290] ? rt_spin_unlock+0x14f/0x200 [ 323.166805][ T9290] filemap_write_and_wait_range+0x338/0x3f0 [ 323.166837][ T9290] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 323.166896][ T9290] ? mnt_get_write_access+0x66/0x2d0 [ 323.166927][ T9290] ? rcu_is_watching+0x15/0xb0 [ 323.166958][ T9290] kiocb_invalidate_pages+0xb5/0x140 [ 323.166983][ T9290] blkdev_direct_write+0x48/0x140 [ 323.167004][ T9290] blkdev_write_iter+0x54a/0x720 [ 323.167041][ T9290] vfs_write+0x629/0xba0 [ 323.167072][ T9290] ? __pfx_vfs_write+0x10/0x10 [ 323.167104][ T9290] ? __fget_files+0x2a/0x420 [ 323.167131][ T9290] ksys_write+0x156/0x270 [ 323.167156][ T9290] ? __pfx_ksys_write+0x10/0x10 [ 323.167197][ T9290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.167218][ T9290] do_syscall_64+0x174/0x580 [ 323.167241][ T9290] ? trace_irq_disable+0x3b/0x140 [ 323.167265][ T9290] ? clear_bhb_loop+0x40/0x90 [ 323.167286][ T9290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.167306][ T9290] RIP: 0033:0x7fa28cd1ce59 [ 323.167323][ T9290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.167336][ T9290] RSP: 002b:00007fa28af4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 323.167354][ T9290] RAX: ffffffffffffffda RBX: 00007fa28cf96090 RCX: 00007fa28cd1ce59 [ 323.167367][ T9290] RDX: 00000000ffffffdb RSI: 0000000000000000 RDI: 0000000000000007 [ 323.167378][ T9290] RBP: 00007fa28af4d090 R08: 0000000000000000 R09: 0000000000000000 [ 323.167389][ T9290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.167399][ T9290] R13: 00007fa28cf96128 R14: 00007fa28cf96090 R15: 00007fff993917f8 [ 323.167456][ T9290] [ 323.279410][ T5608] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 323.441556][ T5608] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 323.441588][ T5608] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.441607][ T5608] usb 4-1: Product: syz [ 323.441622][ T5608] usb 4-1: Manufacturer: syz [ 323.441635][ T5608] usb 4-1: SerialNumber: syz [ 323.598542][ T37] usb 2-1: config 0 descriptor?? [ 323.652365][ T5608] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 323.742726][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 324.110460][ T9297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1224'. [ 324.388190][ T37] usb 4-1: USB disconnect, device number 56 [ 324.412538][ T9300] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1224'. [ 324.412600][ T8493] block nbd64: NBD_DISCONNECT [ 324.457597][ T9300] nbd: nbd64 already in use [ 324.625139][ T8464] udevd[8464]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 324.817566][ T5727] usb 1-1: new full-speed USB device number 53 using dummy_hcd [ 324.975549][ T9309] FAULT_INJECTION: forcing a failure. [ 324.975549][ T9309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.975573][ T9309] CPU: 1 UID: 0 PID: 9309 Comm: syz.0.1226 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 324.975588][ T9309] Tainted: [L]=SOFTLOCKUP [ 324.975593][ T9309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 324.975603][ T9309] Call Trace: [ 324.975613][ T9309] [ 324.975620][ T9309] dump_stack_lvl+0xe8/0x150 [ 324.975648][ T9309] should_fail_ex+0x46b/0x600 [ 324.975676][ T9309] _copy_from_user+0x2d/0xb0 [ 324.975697][ T9309] sg_write+0x3ee/0xf00 [ 324.975721][ T9309] ? __pfx_sg_write+0x10/0x10 [ 324.975733][ T9309] ? __pfx_aa_file_perm+0x10/0x10 [ 324.975767][ T9309] ? rw_verify_area+0x25b/0x4e0 [ 324.975780][ T9309] ? __pfx_sg_write+0x10/0x10 [ 324.975790][ T9309] vfs_write+0x2a3/0xba0 [ 324.975806][ T9309] ? __pfx_vfs_write+0x10/0x10 [ 324.975819][ T9309] ? __fget_files+0x2a/0x420 [ 324.975831][ T9309] ? __fget_files+0x2a/0x420 [ 324.975840][ T9309] ? __fget_files+0x3a6/0x420 [ 324.975850][ T9309] ? __fget_files+0x2a/0x420 [ 324.975863][ T9309] ksys_write+0x156/0x270 [ 324.975877][ T9309] ? __pfx_ksys_write+0x10/0x10 [ 324.975892][ T9309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.975904][ T9309] do_syscall_64+0x174/0x580 [ 324.975917][ T9309] ? trace_irq_disable+0x3b/0x140 [ 324.975931][ T9309] ? clear_bhb_loop+0x40/0x90 [ 324.975943][ T9309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.975953][ T9309] RIP: 0033:0x7fa28cd1ce59 [ 324.975964][ T9309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 324.975973][ T9309] RSP: 002b:00007fa28af6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 324.975985][ T9309] RAX: ffffffffffffffda RBX: 00007fa28cf95fa0 RCX: 00007fa28cd1ce59 [ 324.975993][ T9309] RDX: 00000000000000b2 RSI: 0000200000000040 RDI: 0000000000000007 [ 324.975999][ T9309] RBP: 00007fa28af6e090 R08: 0000000000000000 R09: 0000000000000000 [ 324.976006][ T9309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.976012][ T9309] R13: 00007fa28cf96038 R14: 00007fa28cf95fa0 R15: 00007fff993917f8 [ 324.976027][ T9309] [ 324.977901][ T5727] usb 1-1: unable to get BOS descriptor or descriptor too short [ 324.979168][ T5727] usb 1-1: no configurations [ 324.979183][ T5727] usb 1-1: can't read configurations, error -22 [ 325.157383][ T9] usb 4-1: Service connection timeout for: 256 [ 325.157398][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 325.289080][ T9] ath9k_htc: Failed to initialize the device [ 325.290135][ T37] usb 4-1: ath9k_htc: USB layer deinitialized [ 325.802454][ T9324] FAULT_INJECTION: forcing a failure. [ 325.802454][ T9324] name failslab, interval 1, probability 0, space 0, times 0 [ 325.802491][ T9324] CPU: 0 UID: 0 PID: 9324 Comm: syz.2.1230 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 325.802516][ T9324] Tainted: [L]=SOFTLOCKUP [ 325.802522][ T9324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 325.802534][ T9324] Call Trace: [ 325.802542][ T9324] [ 325.802550][ T9324] dump_stack_lvl+0xe8/0x150 [ 325.802576][ T9324] should_fail_ex+0x46b/0x600 [ 325.802604][ [ 325.802604][ T9324] ? __pfx_sock_alloc_inode+0x10/0x10 [ 325.802631][ T9324] should_failslab+0xa8/0x100 [ 325.802654][ T9324] ? __pfx_sock_alloc_inode+0x10/0x10 [ 325.802681][ T9324] kmem_cache_alloc_lru_noprof+0xa7/0x6b0 [ 325.802712][ T9324] ? sock_alloc_inode+0x2c/0x1a0 [ 325.802747][ T9324] ? sock_alloc_inode+0x2c/0x1a0 [ 325.802782][ T9324] ? __pfx_sock_alloc_inode+0x10/0x10 [ 325.802807][ T9324] sock_alloc_inode+0x2c/0x1a0 [ 325.802833][ T9324] ? __pfx_sock_alloc_inode+0x10/0x10 [ 325.802855][ T9324] alloc_inode+0x6a/0x1b0 [ 325.802883][ T9324] do_accept+0x147/0x930 [ 325.802904][ T9324] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 325.802928][ T9324] ? __pfx_do_accept+0x10/0x10 [ 325.802967][ T9324] __sys_accept4+0x139/0x230 [ 325.802989][ T9324] ? __pfx___sys_accept4+0x10/0x10 [ 325.803010][ T9324] ? __pfx_ksys_write+0x10/0x10 [ 325.803040][ T9324] __x64_sys_accept4+0x9a/0xb0 [ 325.803059][ T9324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.803080][ T9324] do_syscall_64+0x174/0x580 [ 325.803104][ T9324] ? trace_irq_disable+0x3b/0x140 [ 325.803127][ T9324] ? clear_bhb_loop+0x40/0x90 [ 325.803150][ T9324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.803169][ T9324] RIP: 0033:0x7fbaa25cce59 [ 325.803188][ T9324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.803204][ T9324] RSP: 002b:00007fbaa0826028 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 325.803225][ T9324] RAX: ffffffffffffffda RBX: 00007fbaa2845fa0 RCX: 00007fbaa25cce59 [ 325.803238][ T9324] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000005 [ 325.803251][ T9324] RBP: 00007fbaa0826090 R08: 0000000000000000 R09: 0000000000000000 [ 325.803263][ T9324] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 325.803275][ T9324] R13: 00007fbaa2846038 R14: 00007fbaa2845fa0 R15: 00007ffe1dc7ee78 [ 325.803304][ T9324] [ 325.852303][ T4933] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 325.852333][ T4933] CPU: 1 UID: 0 PID: 4933 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 325.852364][ T4933] Tainted: [L]=SOFTLOCKUP [ 325.852371][ T4933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 325.852385][ T4933] Workqueue: hci3 hci_rx_work [ 325.852412][ T4933] Call Trace: [ 325.852420][ T4933] [ 325.852429][ T4933] dump_stack_lvl+0xe8/0x150 [ 325.852459][ T4933] sysfs_create_dir_ns+0x271/0x2a0 [ 325.852493][ T4933] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 325.852515][ T4933] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 325.852552][ T4933] ? rt_spin_unlock+0x160/0x200 [ 325.852573][ T4933] kobject_add_internal+0x631/0xd10 [ 325.852614][ T4933] kobject_add+0x163/0x240 [ 325.852649][ T4933] ? __pfx_kobject_add+0x10/0x10 [ 325.852687][ T4933] ? get_device_parent+0x370/0x3a0 [ 325.852726][ T4933] device_add+0x408/0xb90 [ 325.852754][ T4933] hci_conn_add_sysfs+0xd5/0x210 [ 325.852779][ T4933] le_conn_complete_evt+0x10e6/0x16b0 [ 325.852818][ T4933] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 325.852845][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.852870][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.852899][ T4933] ? skb_pull_data+0xfb/0x200 [ 325.852933][ T4933] hci_le_conn_complete_evt+0x187/0x470 [ 325.852968][ T4933] hci_event_packet+0x659/0xef0 [ 325.852998][ T4933] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 325.853017][ T4933] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 325.853043][ T4933] ? __pfx_hci_event_packet+0x10/0x10 [ 325.853064][ T4933] ? rt_spin_unlock+0x14f/0x200 [ 325.853092][ T4933] ? hci_send_to_monitor+0xe2/0x590 [ 325.853123][ T4933] hci_rx_work+0x3ee/0x1040 [ 325.853155][ T4933] ? process_one_work+0x8be/0x1630 [ 325.853183][ T4933] process_one_work+0x98b/0x1630 [ 325.853209][ T4933] ? do_raw_spin_unlock+0xf5/0x210 [ 325.853252][ T4933] ? __pfx_process_one_work+0x10/0x10 [ 325.853278][ T4933] ? do_raw_spin_lock+0x12b/0x2f0 [ 325.853317][ T4933] worker_thread+0xb49/0x1140 [ 325.853358][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.853398][ T4933] kthread+0x388/0x470 [ 325.853421][ T4933] ? __pfx_worker_thread+0x10/0x10 [ 325.853450][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.853475][ T4933] ret_from_fork+0x514/0xb70 [ 325.853500][ T4933] ? __pfx_ret_from_fork+0x10/0x10 [ 325.853524][ T4933] ? __switch_to+0xc79/0x1410 [ 325.853547][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.853571][ T4933] ret_from_fork_asm+0x1a/0x30 [ 325.853619][ T4933] [ 325.870794][ T4933] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 325.870846][ T4933] Bluetooth: hci3: failed to register connection device [ 325.917816][ T4933] ================================================================== [ 325.917832][ T4933] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xe3/0x180 [ 325.917864][ T4933] Read of size 8 at addr ffff8880223d2200 by task kworker/u9:1/4933 [ 325.917881][ T4933] [ 325.917894][ T4933] CPU: 1 UID: 0 PID: 4933 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 325.917922][ T4933] Tainted: [L]=SOFTLOCKUP [ 325.917929][ T4933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 325.917943][ T4933] Workqueue: hci3 hci_rx_work [ 325.917965][ T4933] Call Trace: [ 325.917973][ T4933] [ 325.917981][ T4933] dump_stack_lvl+0xe8/0x150 [ 325.918006][ T4933] print_address_description+0x55/0x1e0 [ 325.918033][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.918051][ T4933] print_report+0x58/0x70 [ 325.918075][ T4933] kasan_report+0x117/0x150 [ 325.918099][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.918123][ T4933] l2cap_sock_ready_cb+0xe3/0x180 [ 325.918143][ T4933] l2cap_le_start+0x25b/0x1960 [ 325.918172][ T4933] ? __pfx_l2cap_le_start+0x10/0x10 [ 325.918200][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.918225][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.918249][ T4933] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 325.918273][ T4933] ? mutex_lock_nested+0x152/0x1d0 [ 325.918303][ T4933] ? l2cap_connect_cfm+0x894/0x1560 [ 325.918333][ T4933] l2cap_connect_cfm+0x8d5/0x1560 [ 325.918363][ T4933] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 325.918390][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.918412][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.918432][ T4933] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 325.918454][ T4933] ? mutex_lock_nested+0x152/0x1d0 [ 325.918481][ T4933] ? hci_connect_cfm+0x2c/0x140 [ 325.918505][ T4933] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 325.918534][ T4933] hci_connect_cfm+0x95/0x140 [ 325.918559][ T4933] le_conn_complete_evt+0x1134/0x16b0 [ 325.918590][ T4933] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 325.918615][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.918640][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.918664][ T4933] ? skb_pull_data+0xfb/0x200 [ 325.918703][ T4933] hci_le_conn_complete_evt+0x187/0x470 [ 325.918733][ T4933] hci_event_packet+0x659/0xef0 [ 325.918757][ T4933] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 325.918776][ T4933] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 325.918800][ T4933] ? __pfx_hci_event_packet+0x10/0x10 [ 325.918825][ T4933] ? rt_spin_unlock+0x14f/0x200 [ 325.918847][ T4933] ? hci_send_to_monitor+0xe2/0x590 [ 325.918876][ T4933] hci_rx_work+0x3ee/0x1040 [ 325.918901][ T4933] ? process_one_work+0x8be/0x1630 [ 325.918928][ T4933] process_one_work+0x98b/0x1630 [ 325.918954][ T4933] ? do_raw_spin_unlock+0xf5/0x210 [ 325.918983][ T4933] ? __pfx_process_one_work+0x10/0x10 [ 325.919010][ T4933] ? do_raw_spin_lock+0x12b/0x2f0 [ 325.919039][ T4933] worker_thread+0xb49/0x1140 [ 325.919072][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.919102][ T4933] kthread+0x388/0x470 [ 325.919124][ T4933] ? __pfx_worker_thread+0x10/0x10 [ 325.919152][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.919174][ T4933] ret_from_fork+0x514/0xb70 [ 325.919198][ T4933] ? __pfx_ret_from_fork+0x10/0x10 [ 325.919221][ T4933] ? __switch_to+0xc79/0x1410 [ 325.919241][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.919263][ T4933] ret_from_fork_asm+0x1a/0x30 [ 325.919296][ T4933] [ 325.919304][ T4933] [ 325.919308][ T4933] Allocated by task 9324: [ 325.919318][ T4933] kasan_save_track+0x3e/0x80 [ 325.919336][ T4933] __kasan_kmalloc+0x93/0xb0 [ 325.919355][ T4933] __kmalloc_noprof+0x420/0x7e0 [ 325.919372][ T4933] sk_prot_alloc+0xe7/0x210 [ 325.919394][ T4933] sk_alloc+0x3a/0x390 [ 325.919413][ T4933] bt_sock_alloc+0x3b/0x340 [ 325.919433][ T4933] l2cap_sock_create+0x147/0x330 [ 325.919450][ T4933] bt_sock_create+0x163/0x240 [ 325.919473][ T4933] __sock_create+0x4e3/0x960 [ 325.919501][ T4933] __sys_socket+0xd9/0x330 [ 325.919515][ T4933] __x64_sys_socket+0x7a/0x90 [ 325.919531][ T4933] do_syscall_64+0x174/0x580 [ 325.919554][ T4933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.919573][ T4933] [ 325.919577][ T4933] Freed by task 9323: [ 325.919586][ T4933] kasan_save_track+0x3e/0x80 [ 325.919601][ T4933] kasan_save_free_info+0x46/0x50 [ 325.919624][ T4933] __kasan_slab_free+0x5c/0x80 [ 325.919641][ T4933] kfree+0x1c5/0x6c0 [ 325.919666][ T4933] __sk_destruct+0x74b/0x9d0 [ 325.919685][ T4933] l2cap_sock_release+0x1c1/0x270 [ 325.919723][ T4933] __sock_release+0xb9/0x250 [ 325.919748][ T4933] sock_close+0x1c/0x30 [ 325.919772][ T4933] __fput+0x461/0xa70 [ 325.919788][ T4933] task_work_run+0x1d9/0x270 [ 325.919810][ T4933] exit_to_user_mode_loop+0x1fa/0x710 [ 325.919834][ T4933] do_syscall_64+0x353/0x580 [ 325.919857][ T4933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.919875][ T4933] [ 325.919880][ T4933] The buggy address belongs to the object at ffff8880223d2000 [ 325.919880][ T4933] which belongs to the cache kmalloc-4k of size 4096 [ 325.919897][ T4933] The buggy address is located 512 bytes inside of [ 325.919897][ T4933] freed 4096-byte region [ffff8880223d2000, ffff8880223d3000) [ 325.919918][ T4933] [ 325.919922][ T4933] The buggy address belongs to the physical page: [ 325.919947][ T4933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x223d0 [ 325.919967][ T4933] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 325.919984][ T4933] flags: 0x80000000000040(head|node=0|zone=1) [ 325.920001][ T4933] page_type: f5(slab) [ 325.920020][ T4933] raw: 0080000000000040 ffff88813fe31140 dead000000000100 dead000000000122 [ 325.920038][ T4933] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 325.920058][ T4933] head: 0080000000000040 ffff88813fe31140 dead000000000100 dead000000000122 [ 325.920076][ T4933] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 325.920094][ T4933] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 325.920112][ T4933] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 325.920123][ T4933] page dumped because: kasan: bad access detected [ 325.920140][ T4933] page_owner tracks the page as allocated [ 325.920148][ T4933] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 5060658868, free_ts 5049393818 [ 325.920183][ T4933] post_alloc_hook+0x1f9/0x250 [ 325.920212][ T4933] get_page_from_freelist+0x265c/0x26e0 [ 325.920234][ T4933] __alloc_frozen_pages_noprof+0x18d/0x380 [ 325.920255][ T4933] allocate_slab+0x76/0x5d0 [ 325.920279][ T4933] refill_objects+0x2d9/0x350 [ 325.920303][ T4933] __pcs_replace_empty_main+0x331/0x690 [ 325.920326][ T4933] __kmalloc_cache_noprof+0x482/0x6d0 [ 325.920344][ T4933] kobject_uevent_env+0x28f/0x9e0 [ 325.920362][ T4933] tty_register_device_attr+0x573/0x950 [ 325.920386][ T4933] tty_register_driver+0x808/0xdd0 [ 325.920424][ T4933] legacy_pty_init+0x3b2/0x5d0 [ 325.920445][ T4933] pty_init+0x9/0x20 [ 325.920462][ T4933] do_one_initcall+0x250/0x870 [ 325.920487][ T4933] do_initcall_level+0x104/0x190 [ 325.920514][ T4933] do_initcalls+0x59/0xa0 [ 325.920539][ T4933] kernel_init_freeable+0x2a6/0x3e0 [ 325.920567][ T4933] page last free pid 32 tgid 32 stack trace: [ 325.920579][ T4933] free_pages_prepare+0x947/0xa40 [ 325.920607][ T4933] __free_contig_range_common+0x174/0x340 [ 325.920633][ T4933] free_pages_bulk+0x48/0x120 [ 325.920653][ T4933] vfree+0x26f/0x500 [ 325.920679][ T4933] delayed_vfree_work+0x55/0x80 [ 325.920708][ T4933] process_one_work+0x98b/0x1630 [ 325.920735][ T4933] worker_thread+0xb49/0x1140 [ 325.920763][ T4933] kthread+0x388/0x470 [ 325.920784][ T4933] ret_from_fork+0x514/0xb70 [ 325.920806][ T4933] ret_from_fork_asm+0x1a/0x30 [ 325.920829][ T4933] [ 325.920834][ T4933] Memory state around the buggy address: [ 325.920844][ T4933] ffff8880223d2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.920857][ T4933] ffff8880223d2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.920871][ T4933] >ffff8880223d2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.920882][ T4933] ^ [ 325.920891][ T4933] ffff8880223d2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.920906][ T4933] ffff8880223d2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.920917][ T4933] ================================================================== [ 325.924429][ T4933] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 325.924454][ T4933] CPU: 1 UID: 0 PID: 4933 Comm: kworker/u9:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 325.924486][ T4933] Tainted: [L]=SOFTLOCKUP [ 325.924495][ T4933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 325.924510][ T4933] Workqueue: hci3 hci_rx_work [ 325.924536][ T4933] Call Trace: [ 325.924545][ T4933] [ 325.924554][ T4933] vpanic+0x56c/0xa60 [ 325.924587][ T4933] ? __pfx_vpanic+0x10/0x10 [ 325.924621][ T4933] panic+0xc5/0xd0 [ 325.924648][ T4933] ? __pfx_panic+0x10/0x10 [ 325.924678][ T4933] ? preempt_schedule_thunk+0x16/0x40 [ 325.924718][ T4933] ? preempt_schedule_thunk+0x16/0x40 [ 325.924751][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.924772][ T4933] check_panic_on_warn+0x89/0xb0 [ 325.924798][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.924818][ T4933] end_report+0x73/0x170 [ 325.924840][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.924859][ T4933] kasan_report+0x128/0x150 [ 325.924882][ T4933] ? l2cap_sock_ready_cb+0xe3/0x180 [ 325.924906][ T4933] l2cap_sock_ready_cb+0xe3/0x180 [ 325.924927][ T4933] l2cap_le_start+0x25b/0x1960 [ 325.924959][ T4933] ? __pfx_l2cap_le_start+0x10/0x10 [ 325.924988][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.925014][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.925039][ T4933] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 325.925061][ T4933] ? mutex_lock_nested+0x152/0x1d0 [ 325.925089][ T4933] ? l2cap_connect_cfm+0x894/0x1560 [ 325.925118][ T4933] l2cap_connect_cfm+0x8d5/0x1560 [ 325.925149][ T4933] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 325.925177][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.925200][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.925223][ T4933] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 325.925247][ T4933] ? mutex_lock_nested+0x152/0x1d0 [ 325.925275][ T4933] ? hci_connect_cfm+0x2c/0x140 [ 325.925299][ T4933] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 325.925329][ T4933] hci_connect_cfm+0x95/0x140 [ 325.925355][ T4933] le_conn_complete_evt+0x1134/0x16b0 [ 325.925386][ T4933] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 325.925413][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.925438][ T4933] ? lockdep_hardirqs_on+0x7a/0x110 [ 325.925462][ T4933] ? skb_pull_data+0xfb/0x200 [ 325.925492][ T4933] hci_le_conn_complete_evt+0x187/0x470 [ 325.925522][ T4933] hci_event_packet+0x659/0xef0 [ 325.925546][ T4933] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 325.925566][ T4933] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 325.925591][ T4933] ? __pfx_hci_event_packet+0x10/0x10 [ 325.925612][ T4933] ? rt_spin_unlock+0x14f/0x200 [ 325.925634][ T4933] ? hci_send_to_monitor+0xe2/0x590 [ 325.925670][ T4933] hci_rx_work+0x3ee/0x1040 [ 325.925706][ T4933] ? process_one_work+0x8be/0x1630 [ 325.925735][ T4933] process_one_work+0x98b/0x1630 [ 325.925763][ T4933] ? do_raw_spin_unlock+0xf5/0x210 [ 325.925795][ T4933] ? __pfx_process_one_work+0x10/0x10 [ 325.925822][ T4933] ? do_raw_spin_lock+0x12b/0x2f0 [ 325.925850][ T4933] worker_thread+0xb49/0x1140 [ 325.925889][ T4933] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 325.925920][ T4933] kthread+0x388/0x470 [ 325.925943][ T4933] ? __pfx_worker_thread+0x10/0x10 [ 325.925972][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.925994][ T4933] ret_from_fork+0x514/0xb70 [ 325.926019][ T4933] ? __pfx_ret_from_fork+0x10/0x10 [ 325.926041][ T4933] ? __switch_to+0xc79/0x1410 [ 325.926062][ T4933] ? __pfx_kthread+0x10/0x10 [ 325.926084][ T4933] ret_from_fork_asm+0x1a/0x30 [ 325.926118][ T4933] [ 325.926392][ T4933] Kernel Offset: disabled