last executing test programs: 2m36.033853152s ago: executing program 0 (id=522): r0 = socket(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) accept4(r2, 0x0, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x8002, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000003000000f0ff0000000000000000000005000000000000ffffffffffffff7f0100000000000080800000000300000000"]) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r6, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 2m33.014851001s ago: executing program 0 (id=541): r0 = syz_open_dev$radio(&(0x7f0000000f00), 0x2, 0x2) poll(&(0x7f0000000f40)=[{}, {r0, 0x2}], 0x2, 0x101) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xf648e000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000040)=r4, 0x4) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x200) listen(r5, 0x18006) mlock(&(0x7f0000904000/0x1000)=nil, 0x1000) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r6, &(0x7f0000001c00)={0xa, 0x4e20, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c) 2m32.700314513s ago: executing program 0 (id=545): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = socket(0x1e, 0x1, 0x0) connect$can_bcm(r2, &(0x7f00000000c0), 0x10) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0) 2m32.593861226s ago: executing program 0 (id=546): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000ec0), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 2m32.563312011s ago: executing program 0 (id=547): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r0, &(0x7f0000001c00)={0xa, 0x4e20, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c) 2m32.528077948s ago: executing program 0 (id=548): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) socket$inet(0x2, 0x3, 0xe2f) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$NBD_DO_IT(r0, 0xab03) 2m17.441850965s ago: executing program 32 (id=548): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) socket$inet(0x2, 0x3, 0xe2f) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$NBD_DO_IT(r0, 0xab03) 1m56.261138241s ago: executing program 3 (id=740): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000780)=""/253, 0xfd}], 0x1}, 0x933f}], 0x2, 0x10120, 0x0) close(r0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xd0}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) r6 = memfd_create(&(0x7f0000000200)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\xff\x0f\x00\x00\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x05\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^x\f\xf8\xa56\f\rjKo\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaafK\xe6\xdcb\x9fr\x18\xd3\x1cD%\x8b\xc8\xca\xfc!\x9bsO\x1f\xb1\xd9!\xd4\x97\x1bs\x83y$\xcb\xcb\xb6\xcd\x9f\xa5\v+\x10c\xfd\x97Kexd]\xe2[\x00\xb0\x84\xd8\x80\xf0b\xd8\x06-l\xe2e\xe6>\x10\xf0\xe0\xc0\xa7\xe4\x05/\xcc\x8cic\x9a\x05G%X,\xcc\x86\xf7\x91\xe2\x7f\xcf@\xc6\xf7\x02M\xf3\xe9\x1bD(\xd2]~0,z2\xa2\x1c\x1f*\r\xa4\x9d\xb0t\x063x\xf9\xc8\xfb\x00V\\\xe8L\xadK]\x9c\n\xc1j\xb3:$c\xe5\xc8\x14V\xf1\"@52\xa5\xc5\xff\xf1\xb9|\xba\xc8\x0f', 0x5) fallocate(r6, 0x0, 0x400000000000000, 0x2) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0) connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 1m55.881751963s ago: executing program 3 (id=744): r0 = socket(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8002, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000003000000f0ff0000000000000000000005000000000000ffffffffffffff7f0100000000000080800000000300000000"]) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 1m55.543445539s ago: executing program 3 (id=747): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0xb4, 0x2}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) (fail_nth: 6) 1m54.880784516s ago: executing program 3 (id=751): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) unshare(0x40020000) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r1, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1f}]}]}, 0x28}}, 0x0) 1m54.128116286s ago: executing program 3 (id=755): r0 = socket(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8002, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000003000000f0ff0000000000000000000005000000000000ffffffffffffff7f0100000000000080800000000300000000"]) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 1m53.714001746s ago: executing program 3 (id=759): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x8, 0x10000, 0x0, 0xffff82c4, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0xfff, 0x1de, 0x4000001, 0x7fffffff, 0x101, 0x1, 0x1a449, 0x3, 0x40000003, 0x89, 0x2, 0xf27, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x80000, 0xfffffff8]}) (fail_nth: 1) 1m53.17187977s ago: executing program 33 (id=759): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x8, 0x10000, 0x0, 0xffff82c4, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0xfff, 0x1de, 0x4000001, 0x7fffffff, 0x101, 0x1, 0x1a449, 0x3, 0x40000003, 0x89, 0x2, 0xf27, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x80000, 0xfffffff8]}) (fail_nth: 1) 4.85706462s ago: executing program 1 (id=1455): prctl$PR_SET_ENDIAN(0x14, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) r1 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setattr(r1, &(0x7f0000000000)={0x38, 0x0, 0x6, 0x6, 0xf, 0x3, 0x750c, 0x9, 0x554fd836, 0x5}, 0x0) sendfile(r0, r0, 0x0, 0x7ffff000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r4, 0x4068aea3, &(0x7f00000000c0)) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r3, 0x4068aea3, &(0x7f0000000040)) 4.505253199s ago: executing program 1 (id=1458): r0 = socket$pppoe(0x18, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket(0x18, 0x5, 0x6) bind$inet(r2, 0x0, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r3 = socket$pppoe(0x18, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x184, r5, 0x103, 0x70bd2a, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x9}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x80}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xfffffffe}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0xfeff, 0x16, 0x4}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x401}, {0x6, 0x16, 0x5}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x2}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6}, {0x5}}]}, 0x184}, 0x1, 0x0, 0x0, 0x35}, 0x4000800) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}, 'bond0\x00'}}, 0x1e) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005f8bfa4099115268345701020301090212000100000000090499", @ANYRES16, @ANYBLOB='\t'], 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000080)=0x9, 0x4) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000001080)=""/4068, &(0x7f0000000000)=0xfe4) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r7, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, r8, 0x0, 0x3, 0xa9, &(0x7f0000000180)="acf4fdd8b05af7ad46ea5086e641f78e1338e86dc0703ccc30611b72e0a0fc6d8ebb433fa6f047d862929c9c5528158152c27e3283b8bd675afaf707e9b4f7f0e7e19147ca40264a39cc28b376e07f7ff24dd88fb7e7eb50e66f7ee6f8293658e07a18dd553fb498ad9a9ba2315518a9ae18a5a9f369634185afbd77ade65d7bb29b21196dcf421bcd965773a0b98ceddd0f26d6560140ab8d6b55fa880486868d364999accaf4d601", 0x1}) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r10 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r12, 0x4008ae48, 0x0) ioctl$I2C_SMBUS(r10, 0x541b, 0x0) ioctl$PPPIOCBRIDGECHAN(r9, 0x40047435, &(0x7f0000000100)=0x2) 3.098114688s ago: executing program 4 (id=1469): r0 = socket(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8002, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000280)=ANY=[]) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 2.987015401s ago: executing program 4 (id=1471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000008c0)={0x84, @private=0xa010102, 0x4e22, 0x1, 'none\x00', 0x0, 0x10000, 0x100000}, 0x2c) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x200000001, 'ovf\x00', 0x0, 0x821, 0x2000}, 0x2c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff038}, {0xb1, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) sendmmsg(r2, &(0x7f0000001c00), 0x400000000000159, 0x40840) getsockopt$sock_buf(r2, 0x1, 0x1f, &(0x7f0000000280)=""/204, &(0x7f0000000380)=0xcc) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x70d2, 0x212541) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_MODIFY(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00082dbd7000fcdbdf250700000300080000c90a00000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 2.701861418s ago: executing program 1 (id=1473): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@host, 0x1}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@host}) (fail_nth: 5) 2.380516963s ago: executing program 1 (id=1474): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @remote}, {0x2, 0x4, @multicast1}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x200}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x4e24, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'}) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r1) write(r2, &(0x7f0000000100)='{', 0x1) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x0, 0x0) 2.348483984s ago: executing program 4 (id=1475): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x224aae9ca469fa23, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r2, 0x400454ce, r3) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) socket$kcm(0x29, 0x0, 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="080008000700000000031400000045f0002800000000002f9078ac1414bbac1414aa22004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="000000a7f77a4a40"], 0x36) 2.165833009s ago: executing program 4 (id=1476): mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x7, @remote, 0x2}, 0x1c) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x1, @remote, 0xa25}, 0x1c) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, '\x00', 0x3c}, 0xea}, 0x1c) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000), 0x0) 2.068546725s ago: executing program 2 (id=1477): syz_open_dev$radio(&(0x7f0000000f00), 0x2, 0x2) poll(0x0, 0x0, 0x101) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648e000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000040), 0x4) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x200) listen(r3, 0x18006) mlock(&(0x7f0000904000/0x1000)=nil, 0x1000) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r5, &(0x7f0000001c00)={0xa, 0x4e20, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000b40)=0xe) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f00000006c0)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00', 0x8}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) close_range(r4, 0xffffffffffffffff, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$BLKRASET(r0, 0x1262, &(0x7f0000000000)=0x4) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f00000001c0)=0x7) mlock(&(0x7f00007c0000/0x1000)=nil, 0x1000) 1.838937245s ago: executing program 5 (id=1478): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3d}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x79f464ec881632fa}]}}}]}]}], {0x14, 0x11, 0x102}}, 0x7c}}, 0x0) (async) r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0x4, 0x2) listxattr(&(0x7f0000001b00)='./cgroup\x00', &(0x7f0000001cc0)=""/47, 0x2f) (async) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f00000000c0)={0x0, 'ipvlan0\x00', {0x4}, 0xb}) (async, rerun: 64) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000100)='btrfs\x00', 0x300008, 0x0) (rerun: 64) 1.717692448s ago: executing program 5 (id=1479): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}, 0x45c) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_SLAVE(r1, 0x703, 0x26b) r2 = dup(r0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r2, 0x5501) write$uinput_user_dev(r2, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xfffff5ee, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0xa, 0x2, 0x5, 0x0, 0x4, 0x6, 0x7, 0x4c, 0xfffffffd, 0x80, 0x8, 0x8, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x27f8, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0xa3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adeb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x7fff, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x5ef, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c) 1.701379473s ago: executing program 2 (id=1480): r0 = socket(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8002, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB]) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 1.649940154s ago: executing program 5 (id=1481): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket(0x10, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x300, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="10007d80", @ANYRES32=r2, @ANYRESDEC=r1], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) 1.541570214s ago: executing program 5 (id=1482): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0) ioctl$FBIOBLANK(r0, 0x4611, 0x2) mount(&(0x7f0000000000)=@filename='./cgroup\x00', &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x14, 0x1e, 0x21, 0x0, 0x0, {0x7}}, 0x14}}, 0x0) (async) chroot(&(0x7f0000000080)='./cgroup\x00') 1.536365845s ago: executing program 2 (id=1483): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x81c0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETINFO(r0, 0xffffffff80000602, 0x0, &(0x7f0000000180)={0x0, 0x2b, 0x1, 0x4}) execveat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x2000, 0x103) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) clock_adjtime(0x0, &(0x7f0000000100)={0x540, 0x7, 0xd26, 0xfffffffffffffff6, 0x4, 0x8, 0x8000, 0x194d, 0x7ba, 0x7fffffffffffffff, 0x7, 0x7f, 0x8000000000000000, 0x0, 0x100000000, 0x0, 0x14000000, 0x400, 0x5, 0x39d, 0x8, 0x715, 0x1ff, 0xff, 0x5f1, 0x6}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@x86={0x2, 0xf, 0x44, 0x0, 0xfff, 0x1, 0x4, 0x37, 0x2, 0x7, 0x0, 0x0, 0x0, 0xfffffff9, 0x2, 0x7, 0x8, 0x85, 0x0, '\x00', 0x9, 0xa499}) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), r2) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000d80)=ANY=[@ANYRES8=r0, @ANYRES16=r1, @ANYBLOB="01200000000000000000010000001d000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804424000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e7b6060005000021000024000100f44da367a88ee6564f0202114567341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000002000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c00008006000100020000000800020000000000050003000000000008000500010000000800010066e8eba514fbf9c3f2b403edc340bbc87635bcb70574295ddcc68e587e44394bccbd577873b15133c20fc4484a6117f04e75920c4b43eb49dd6c608fbf9a8c7f749b2d8731d2d20798ce2793e31f7afa19b54bda323c38421c0e0261a6ba4da7180d593e8ac78f45ca4ee2ff293611502834341d112f9d066d23c9db43b49448cb56282375f83033915f1bb017dd018e8e3ebab390cd51e025c3071a5e685b5a573257669ab7454fa5731e8a555a15eedb84d6f1313b5abb4578069e93c4f1e08e1eea0dd219a901542fa6d5baeab33d82f56a", @ANYRESHEX=r6], 0x22c}}, 0x0) socket$packet(0x11, 0x2, 0x300) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r7, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x1a, 0x0) getsockopt$inet_tcp_buf(r1, 0x6, 0x1a, 0x0, &(0x7f00000000c0)) 1.473629393s ago: executing program 5 (id=1484): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) read$midi(r0, &(0x7f0000000280)=""/236, 0xec) read$midi(r0, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100) read$midi(r0, &(0x7f0000000380)=""/250, 0xfa) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = add_key$keyring(&(0x7f0000000240), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fde000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f0000000140)="470f230ff00fb142438ed066bad004b000669af16b66edbf4cbf4c0569b56400000006c744240200000000c7442406000000000f011c24670fc77507420f0765f3410f0966baf80cb8d2128189ef66bafc0c66b86815450fc79800000000", 0x5e}], 0x1, 0x33, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r9, 0x400442c8, &(0x7f0000000480)=ANY=[@ANYRES32=r8, @ANYBLOB="fe1c9e284af5cdeda0559011a4bde921deb8f4fde4a56d2ad005a63b49274a6f3d3caccbc2ffd9ea73697d4b1576a142b0ca9f5bec133ecce0aa76a5fc9119091c084437c0859425048a7d848711e6f941dc9e7fa66bca2ad96e48d27c25b949baa4c488d6e879c741bf0301743fada2a03de7c8d1c9152e1dcad243929d066e1d360cabf2325fc6a5ff87d68bd6e200"/158]) ioctl$KVM_RUN(r7, 0xae80, 0x0) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="3079de29", 0x4, r3) openat$cgroup_ro(r2, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) 1.375576262s ago: executing program 2 (id=1485): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000080), 0x12) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x3}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000840)={0x0, @in6={{0xa, 0x4e1c, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0x10, 0x7, 0x4}, 0x9c) sendmsg$inet(r2, &(0x7f00000011c0)={&(0x7f0000000740)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000f80)=[{&(0x7f0000000780)='*', 0x1}], 0x1}, 0x84) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0) 1.306257074s ago: executing program 4 (id=1486): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket(0x10, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="10007d80", @ANYRES32=r2, @ANYRESDEC=r1], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) (fail_nth: 5) 901.886605ms ago: executing program 4 (id=1487): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x1, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 5) 291.227715ms ago: executing program 2 (id=1488): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async) r2 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=@flushpolicy={0x10, 0x1d, 0x1, 0x70bd29, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x4004800}, 0x40000800) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) (async) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000007c0)=0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000800)=0x41e5fe88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000880)={0x44, r1, 0x1, 0x20080002, 0x4000000, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9}]]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$nl_crypto(r6, &(0x7f0000000700)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000900)=ANY=[@ANYBLOB="f00000001000000828bd7000fddbdf25647262675f70725f686d61635f73686135313200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000011abbadc56c605917e650000000000000000000000002200000020000000000000000000000800010021050000080001002c000000"], 0xf0}, 0x1, 0x0, 0x0, 0xa000}, 0x20000000) (async) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e22, 0x13000000, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8}, 0x1c) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) sendmmsg$inet6(r8, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="cf18ed", 0x3}], 0x1}}], 0x1, 0x14890) r9 = syz_clone(0xa0000280, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) (async) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r9, 0x0, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x2c, 0x2, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}, 0x1, 0x0, 0x0, 0x4008084}, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) faccessat(r6, &(0x7f0000000840)='./file0\x00', 0x20) (async) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r6) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r10, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20008000) (async) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r6) (async) r12 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$USBDEVFS_CONNECTINFO(r12, 0x80045503, &(0x7f0000002a40)) (async) sendmsg$MPTCP_PM_CMD_REMOVE(r6, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x84, r11, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2d}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x24001844}, 0x20000001) (async) mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0) 262.759782ms ago: executing program 5 (id=1489): syz_open_dev$radio(&(0x7f0000000f00), 0x2, 0x2) poll(0x0, 0x0, 0x101) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648e000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000040), 0x4) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x200) listen(r3, 0x18006) mlock(&(0x7f0000904000/0x1000)=nil, 0x1000) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r5, &(0x7f0000001c00)={0xa, 0x4e20, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000b40)=0xe) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f00000006c0)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00', 0x8}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) close_range(r4, 0xffffffffffffffff, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$BLKRASET(r0, 0x1262, &(0x7f0000000000)=0x4) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f00000001c0)=0x7) mlock(&(0x7f00007c0000/0x1000)=nil, 0x1000) 101.743472ms ago: executing program 1 (id=1490): ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, 0x0, 0x4) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$nl_rdma(0x10, 0x3, 0x14) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x1) ioprio_set$pid(0x1, 0x0, 0x0) r2 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendfile(r2, r2, 0x0, 0x800000009) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_le_read_max_data_len={{0x5}, {0x2, 0x2, 0x56, 0x7, 0x1}}}}, 0xf) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000080)={r5, 0x9}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={r5, 0xfffffffe}, 0xc) 45.572187ms ago: executing program 1 (id=1491): r0 = socket(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8002, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB]) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x22500, 0x0) syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000100)="2e36660f680a66b9800000c00f326635000400000f30660f38821d2e67263e0f01c966b9800000c00f326635002000000f301980c9006665660fd5cb0f3766b9800000c00f326635004000000f300fb46dbe", 0x52}], 0x1, 0x63, &(0x7f00000001c0)=[@vmwrite={0x8, 0x0, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x7}], 0x1) 0s ago: executing program 2 (id=1492): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 5) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) kernel console output (not intermixed with test programs): 3] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 273.762438][ T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 273.772713][ T43] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 273.784146][ T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 273.799165][ T43] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 273.812247][ T43] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 273.821503][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.036391][ T43] usb 2-1: usb_control_msg returned -32 [ 274.045400][ T43] usbtmc 2-1:16.0: can't read capabilities [ 274.046347][ T9685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.083717][ T9685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.305409][ T5947] usb 2-1: USB disconnect, device number 50 [ 274.527062][ T43] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 274.606994][ T10] usb 6-1: new low-speed USB device number 16 using dummy_hcd [ 274.676994][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 274.683627][ T43] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 274.693457][ T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 274.703363][ T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 274.708125][ T7085] wlan0: Trigger new scan to find an IBSS to join [ 274.716797][ T43] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 274.735638][ T43] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 274.744744][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.747112][ T10] usb 6-1: device descriptor read/64, error -71 [ 274.973115][ T43] usb 5-1: GET_CAPABILITIES returned 0 [ 274.978938][ T43] usbtmc 5-1:16.0: can't read capabilities [ 275.007993][ T10] usb 6-1: new low-speed USB device number 17 using dummy_hcd [ 275.157025][ T10] usb 6-1: device descriptor read/64, error -71 [ 275.178546][ T43] usb 5-1: USB disconnect, device number 25 [ 275.267686][ T10] usb usb6-port1: attempt power cycle [ 275.527078][ T92] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 275.616994][ T10] usb 6-1: new low-speed USB device number 18 using dummy_hcd [ 275.637614][ T10] usb 6-1: device descriptor read/8, error -71 [ 275.690792][ T92] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 275.700205][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.708686][ T92] usb 2-1: Product: syz [ 275.713475][ T92] usb 2-1: Manufacturer: syz [ 275.718834][ T92] usb 2-1: SerialNumber: syz [ 275.726483][ T92] usb 2-1: config 0 descriptor?? [ 275.877138][ T10] usb 6-1: new low-speed USB device number 19 using dummy_hcd [ 275.897627][ T10] usb 6-1: device descriptor read/8, error -71 [ 275.942993][ T92] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 276.007238][ T10] usb usb6-port1: unable to enumerate USB device [ 276.037106][ T984] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 276.189826][ T984] usb 5-1: config 0 has an invalid interface number: 179 but max is 0 [ 276.199733][ T984] usb 5-1: config 0 has no interface number 0 [ 276.210764][ T984] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 276.219933][ T984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.231013][ T984] usb 5-1: Product: syz [ 276.235192][ T984] usb 5-1: Manufacturer: syz [ 276.240048][ T984] usb 5-1: SerialNumber: syz [ 276.247516][ T984] usb 5-1: config 0 descriptor?? [ 276.259874][ T984] usb-storage 5-1:0.179: USB Mass Storage device detected [ 276.261000][ T92] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 276.281215][ T984] usb-storage 5-1:0.179: device ignored [ 276.286410][ T92] usb 2-1: USB disconnect, device number 51 [ 276.462595][ T43] usb 5-1: USB disconnect, device number 26 [ 276.813579][ T9736] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1174'. [ 277.019559][ T30] audit: type=1800 audit(1752719537.360:15): pid=9741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1176" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 277.659245][ T7085] wlan0: Trigger new scan to find an IBSS to join [ 277.925842][ T9754] FAULT_INJECTION: forcing a failure. [ 277.925842][ T9754] name failslab, interval 1, probability 0, space 0, times 0 [ 277.939899][ T9754] CPU: 0 UID: 0 PID: 9754 Comm: syz.5.1181 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 277.939925][ T9754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.939937][ T9754] Call Trace: [ 277.939944][ T9754] [ 277.939952][ T9754] dump_stack_lvl+0x189/0x250 [ 277.939989][ T9754] ? __pfx____ratelimit+0x10/0x10 [ 277.940009][ T9754] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.940035][ T9754] ? __pfx__printk+0x10/0x10 [ 277.940065][ T9754] ? __pfx___might_resched+0x10/0x10 [ 277.940088][ T9754] ? fs_reclaim_acquire+0x7d/0x100 [ 277.940113][ T9754] should_fail_ex+0x414/0x560 [ 277.940148][ T9754] should_failslab+0xa8/0x100 [ 277.940168][ T9754] __kmalloc_noprof+0xcb/0x4f0 [ 277.940195][ T9754] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 277.940229][ T9754] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 277.940264][ T9754] genl_family_rcv_msg_doit+0xb8/0x300 [ 277.940304][ T9754] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 277.940333][ T9754] ? rcu_is_watching+0x15/0xb0 [ 277.940361][ T9754] ? apparmor_capable+0x137/0x1b0 [ 277.940391][ T9754] ? bpf_lsm_capable+0x9/0x20 [ 277.940407][ T9754] ? security_capable+0x7e/0x2e0 [ 277.940445][ T9754] genl_rcv_msg+0x60e/0x790 [ 277.940475][ T9754] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.940498][ T9754] ? __pfx_nfc_genl_dev_up+0x10/0x10 [ 277.940536][ T9754] netlink_rcv_skb+0x205/0x470 [ 277.940556][ T9754] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.940581][ T9754] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 277.940615][ T9754] ? down_read+0x1ad/0x2e0 [ 277.940638][ T9754] genl_rcv+0x28/0x40 [ 277.940659][ T9754] netlink_unicast+0x75c/0x8e0 [ 277.940698][ T9754] netlink_sendmsg+0x805/0xb30 [ 277.940726][ T9754] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.940749][ T9754] ? aa_sock_msg_perm+0xf1/0x1d0 [ 277.940773][ T9754] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 277.940794][ T9754] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.940815][ T9754] __sock_sendmsg+0x21c/0x270 [ 277.940845][ T9754] ____sys_sendmsg+0x505/0x830 [ 277.940872][ T9754] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.940904][ T9754] ? import_iovec+0x74/0xa0 [ 277.940931][ T9754] ___sys_sendmsg+0x21f/0x2a0 [ 277.940956][ T9754] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.941013][ T9754] ? __fget_files+0x2a/0x420 [ 277.941035][ T9754] ? __fget_files+0x3a0/0x420 [ 277.941067][ T9754] __x64_sys_sendmsg+0x19b/0x260 [ 277.941091][ T9754] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 277.941123][ T9754] ? __pfx_ksys_write+0x10/0x10 [ 277.941139][ T9754] ? rcu_is_watching+0x15/0xb0 [ 277.941165][ T9754] ? do_syscall_64+0xbe/0x3b0 [ 277.941188][ T9754] do_syscall_64+0xfa/0x3b0 [ 277.941204][ T9754] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.941220][ T9754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.941237][ T9754] ? clear_bhb_loop+0x60/0xb0 [ 277.941258][ T9754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.941280][ T9754] RIP: 0033:0x7fea7fb8e929 [ 277.941295][ T9754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.941309][ T9754] RSP: 002b:00007fea809bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 277.941327][ T9754] RAX: ffffffffffffffda RBX: 00007fea7fdb5fa0 RCX: 00007fea7fb8e929 [ 277.941341][ T9754] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005 [ 277.941351][ T9754] RBP: 00007fea809bb090 R08: 0000000000000000 R09: 0000000000000000 [ 277.941362][ T9754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.941372][ T9754] R13: 0000000000000000 R14: 00007fea7fdb5fa0 R15: 00007fffc6ada868 [ 277.941399][ T9754] [ 278.633801][ T9763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.635801][ T9765] FAULT_INJECTION: forcing a failure. [ 278.635801][ T9765] name failslab, interval 1, probability 0, space 0, times 0 [ 278.648083][ T9763] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.656453][ T9765] CPU: 0 UID: 0 PID: 9765 Comm: syz.4.1185 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 278.656484][ T9765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.656499][ T9765] Call Trace: [ 278.656508][ T9765] [ 278.656517][ T9765] dump_stack_lvl+0x189/0x250 [ 278.656554][ T9765] ? __pfx____ratelimit+0x10/0x10 [ 278.656589][ T9765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.656620][ T9765] ? __pfx__printk+0x10/0x10 [ 278.656646][ T9765] ? rcu_is_watching+0x15/0xb0 [ 278.656688][ T9765] should_fail_ex+0x414/0x560 [ 278.656725][ T9765] should_failslab+0xa8/0x100 [ 278.656750][ T9765] kmem_cache_alloc_noprof+0x73/0x3c0 [ 278.656782][ T9765] ? skb_clone+0x212/0x3a0 [ 278.656815][ T9765] skb_clone+0x212/0x3a0 [ 278.656847][ T9765] __netlink_deliver_tap+0x404/0x850 [ 278.656887][ T9765] ? netlink_deliver_tap+0x2e/0x1b0 [ 278.656912][ T9765] netlink_deliver_tap+0x19c/0x1b0 [ 278.656935][ T9765] netlink_dump+0x91c/0xe60 [ 278.656970][ T9765] ? __pfx_netlink_dump+0x10/0x10 [ 278.657008][ T9765] ? kmem_cache_free+0x18f/0x400 [ 278.657044][ T9765] netlink_recvmsg+0x676/0xa30 [ 278.657084][ T9765] ? __pfx_netlink_recvmsg+0x10/0x10 [ 278.657112][ T9765] ? __lock_acquire+0xab9/0xd20 [ 278.657134][ T9765] ? aa_sock_msg_perm+0xf1/0x1d0 [ 278.657162][ T9765] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 278.657187][ T9765] ? security_socket_recvmsg+0x7e/0x2e0 [ 278.657219][ T9765] ? __pfx_netlink_recvmsg+0x10/0x10 [ 278.657243][ T9765] sock_recvmsg+0x22c/0x270 [ 278.657279][ T9765] ____sys_recvmsg+0x1c9/0x460 [ 278.657316][ T9765] ? __pfx_____sys_recvmsg+0x10/0x10 [ 278.657360][ T9765] ? import_iovec+0x74/0xa0 [ 278.657392][ T9765] ___sys_recvmsg+0x1b5/0x510 [ 278.657425][ T9765] ? __pfx____sys_recvmsg+0x10/0x10 [ 278.657498][ T9765] ? __fget_files+0x3a0/0x420 [ 278.657541][ T9765] do_recvmmsg+0x307/0x770 [ 278.657584][ T9765] ? __pfx_do_recvmmsg+0x10/0x10 [ 278.657629][ T9765] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 278.657676][ T9765] __x64_sys_recvmmsg+0x190/0x240 [ 278.657709][ T9765] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 278.657738][ T9765] ? rcu_is_watching+0x15/0xb0 [ 278.657772][ T9765] ? do_syscall_64+0xbe/0x3b0 [ 278.657802][ T9765] do_syscall_64+0xfa/0x3b0 [ 278.657824][ T9765] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.657848][ T9765] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.657870][ T9765] ? clear_bhb_loop+0x60/0xb0 [ 278.657898][ T9765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.657920][ T9765] RIP: 0033:0x7f3de0d8e929 [ 278.657942][ T9765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.657962][ T9765] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 278.657985][ T9765] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 278.658003][ T9765] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003 [ 278.658018][ T9765] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 278.658032][ T9765] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001 [ 278.658047][ T9765] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 278.658090][ T9765] [ 279.228566][ T7086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.487006][ T92] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 279.653718][ T92] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.665564][ T92] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 279.684371][ T92] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.693876][ T92] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.709124][ T92] usb 6-1: Product: syz [ 279.713448][ T92] usb 6-1: Manufacturer: syz [ 279.725880][ T92] usb 6-1: SerialNumber: syz [ 279.743119][ T9778] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1190'. [ 279.943422][ T9787] netlink: 'syz.1.1193': attribute type 29 has an invalid length. [ 279.953862][ T9787] netlink: 'syz.1.1193': attribute type 29 has an invalid length. [ 280.133945][ T9794] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 280.253051][ T9799] FAULT_INJECTION: forcing a failure. [ 280.253051][ T9799] name failslab, interval 1, probability 0, space 0, times 0 [ 280.265924][ T9799] CPU: 1 UID: 0 PID: 9799 Comm: syz.1.1198 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 280.265948][ T9799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.265958][ T9799] Call Trace: [ 280.265965][ T9799] [ 280.265973][ T9799] dump_stack_lvl+0x189/0x250 [ 280.266002][ T9799] ? __pfx____ratelimit+0x10/0x10 [ 280.266021][ T9799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.266049][ T9799] ? __pfx__printk+0x10/0x10 [ 280.266077][ T9799] ? __pfx___might_resched+0x10/0x10 [ 280.266098][ T9799] ? fs_reclaim_acquire+0x7d/0x100 [ 280.266121][ T9799] should_fail_ex+0x414/0x560 [ 280.266153][ T9799] should_failslab+0xa8/0x100 [ 280.266172][ T9799] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 280.266200][ T9799] ? __alloc_skb+0x112/0x2d0 [ 280.266223][ T9799] __alloc_skb+0x112/0x2d0 [ 280.266246][ T9799] alloc_skb_with_frags+0xca/0x890 [ 280.266266][ T9799] ? __might_fault+0xb0/0x130 [ 280.266303][ T9799] sock_alloc_send_pskb+0x857/0x990 [ 280.266345][ T9799] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 280.266380][ T9799] ? iov_iter_advance+0x8b/0x1c0 [ 280.266404][ T9799] tun_get_user+0xa43/0x3e20 [ 280.266442][ T9799] ? aa_file_perm+0x13e/0x11b0 [ 280.266467][ T9799] ? aa_file_perm+0x3ed/0x11b0 [ 280.266489][ T9799] ? __pfx_tun_get_user+0x10/0x10 [ 280.266510][ T9799] ? _parse_integer_limit+0x1ae/0x1f0 [ 280.266537][ T9799] ? __lock_acquire+0xab9/0xd20 [ 280.266562][ T9799] ? ref_tracker_alloc+0x318/0x460 [ 280.266578][ T9799] ? __lock_acquire+0xab9/0xd20 [ 280.266599][ T9799] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 280.266620][ T9799] ? tun_get+0x1c/0x2f0 [ 280.266647][ T9799] ? tun_get+0x1c/0x2f0 [ 280.266668][ T9799] ? tun_get+0x1c/0x2f0 [ 280.266694][ T9799] tun_chr_write_iter+0x113/0x200 [ 280.266719][ T9799] vfs_write+0x54b/0xa90 [ 280.266743][ T9799] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 280.266766][ T9799] ? __pfx_vfs_write+0x10/0x10 [ 280.266794][ T9799] ? __fget_files+0x2a/0x420 [ 280.266825][ T9799] ksys_write+0x145/0x250 [ 280.266846][ T9799] ? __pfx_ksys_write+0x10/0x10 [ 280.266880][ T9799] ? rcu_is_watching+0x15/0xb0 [ 280.266908][ T9799] ? do_syscall_64+0xbe/0x3b0 [ 280.266931][ T9799] do_syscall_64+0xfa/0x3b0 [ 280.266949][ T9799] ? lockdep_hardirqs_on+0x9c/0x150 [ 280.266966][ T9799] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.266984][ T9799] ? clear_bhb_loop+0x60/0xb0 [ 280.267005][ T9799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.267023][ T9799] RIP: 0033:0x7fbd8378e929 [ 280.267039][ T9799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.267054][ T9799] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 280.267073][ T9799] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 280.267087][ T9799] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003 [ 280.267098][ T9799] RBP: 00007fbd84644090 R08: 0000000000000000 R09: 0000000000000000 [ 280.267109][ T9799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.267120][ T9799] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 280.267147][ T9799] [ 280.674321][ T9802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.684095][ T9802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.723703][ T9802] usb usb8: usbfs: process 9802 (syz.2.1199) did not claim interface 0 before use [ 280.734006][ T5859] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 280.815929][ T9810] 9pnet_fd: Insufficient options for proto=fd [ 281.008187][ T9773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.022030][ T9773] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.238806][ T92] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 281.243079][ T9819] FAULT_INJECTION: forcing a failure. [ 281.243079][ T9819] name failslab, interval 1, probability 0, space 0, times 0 [ 281.246059][ T92] cdc_ncm 6-1:1.0: dwNtbInMaxSize=256 is too small. Using 2048 [ 281.258320][ T9819] CPU: 0 UID: 0 PID: 9819 Comm: syz.1.1203 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 281.258354][ T9819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.258371][ T9819] Call Trace: [ 281.258380][ T9819] [ 281.258390][ T9819] dump_stack_lvl+0x189/0x250 [ 281.258432][ T9819] ? __pfx____ratelimit+0x10/0x10 [ 281.258456][ T9819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.258490][ T9819] ? __pfx__printk+0x10/0x10 [ 281.258528][ T9819] ? __pfx___might_resched+0x10/0x10 [ 281.258559][ T9819] ? fs_reclaim_acquire+0x7d/0x100 [ 281.258591][ T9819] should_fail_ex+0x414/0x560 [ 281.258636][ T9819] should_failslab+0xa8/0x100 [ 281.258662][ T9819] __kmalloc_noprof+0xcb/0x4f0 [ 281.258696][ T9819] ? kobject_get_path+0xc5/0x2d0 [ 281.258734][ T9819] kobject_get_path+0xc5/0x2d0 [ 281.258762][ T9819] kobject_uevent_env+0x292/0x8c0 [ 281.258805][ T9819] device_del+0x73a/0x8e0 [ 281.258841][ T9819] ? __pfx_device_del+0x10/0x10 [ 281.258878][ T9819] rfkill_unregister+0xba/0x220 [ 281.258902][ T9819] nfc_unregister_device+0x96/0x2a0 [ 281.258929][ T9819] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 281.258958][ T9819] virtual_ncidev_close+0x56/0x90 [ 281.258988][ T9819] __fput+0x449/0xa70 [ 281.259029][ T9819] task_work_run+0x1d1/0x260 [ 281.259052][ T9819] ? __pfx_task_work_run+0x10/0x10 [ 281.259078][ T9819] ? exit_to_user_mode_loop+0x40/0x110 [ 281.259104][ T9819] exit_to_user_mode_loop+0xec/0x110 [ 281.259127][ T9819] do_syscall_64+0x2bd/0x3b0 [ 281.259148][ T9819] ? lockdep_hardirqs_on+0x9c/0x150 [ 281.259167][ T9819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.259188][ T9819] ? clear_bhb_loop+0x60/0xb0 [ 281.259213][ T9819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.259231][ T9819] RIP: 0033:0x7fbd8378e929 [ 281.259251][ T9819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.259268][ T9819] RSP: 002b:00007fbd84623038 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 281.259290][ T9819] RAX: 0000000000000003 RBX: 00007fbd839b6080 RCX: 00007fbd8378e929 [ 281.259304][ T9819] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 281.259316][ T9819] RBP: 00007fbd84623090 R08: 0000000000000000 R09: 0000000000000000 [ 281.259329][ T9819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.259340][ T9819] R13: 0000000000000001 R14: 00007fbd839b6080 R15: 00007fffaaaa2dd8 [ 281.259371][ T9819] [ 281.522386][ T92] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 281.547096][ T92] cdc_ncm 6-1:1.0: setting tx_max = 184 [ 281.561524][ T92] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 281.751633][ T10] usb 6-1: USB disconnect, device number 20 [ 281.759133][ T10] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 281.785501][ T9833] netlink: 42496 bytes leftover after parsing attributes in process `syz.1.1207'. [ 281.994474][ T9841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1208'. [ 282.603061][ T9870] /dev/rnullb0: Can't open blockdev [ 282.633328][ T9872] /dev/rnullb0: Can't open blockdev [ 282.836257][ T9882] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 282.970695][ T984] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 283.137034][ T984] usb 5-1: Using ep0 maxpacket: 32 [ 283.148458][ T984] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 283.161940][ T984] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 283.175096][ T984] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 283.183740][ T984] usb 5-1: Product: syz [ 283.192123][ T984] usb 5-1: Manufacturer: syz [ 283.196819][ T984] usb 5-1: SerialNumber: syz [ 283.205225][ T984] usb 5-1: config 0 descriptor?? [ 283.211308][ T9880] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 283.432977][ T9880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.444137][ T9880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.456181][ T5946] usb 5-1: USB disconnect, device number 27 [ 284.404172][ T9896] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 284.410583][ T9896] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 284.416715][ T9896] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.018788][ T9902] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 285.039404][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1221'. [ 285.915952][ T9926] netlink: 'syz.5.1228': attribute type 1 has an invalid length. [ 286.072519][ T9933] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 286.376992][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout [ 286.457706][ T5859] Bluetooth: hci3: command 0x0c1a tx timeout [ 286.463830][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 286.647065][ T5946] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 286.677149][ T92] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 286.818761][ T5946] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 286.831341][ T5946] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 286.842954][ T5946] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 286.852071][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.863483][ T92] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 286.873753][ T92] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 286.884387][ T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.894018][ T9945] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 286.902530][ T92] usb 2-1: config 0 descriptor?? [ 286.911192][ T5946] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 286.930054][ T92] pwc: Askey VC010 type 2 USB webcam detected. [ 287.026996][ T984] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 287.133992][ T92] pwc: send_video_command error -71 [ 287.149809][ T5946] usb 5-1: USB disconnect, device number 28 [ 287.159236][ T92] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 287.167753][ T92] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 287.177695][ T984] usb 6-1: Using ep0 maxpacket: 32 [ 287.185234][ T984] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 287.212615][ T92] usb 2-1: USB disconnect, device number 52 [ 287.227340][ T984] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 287.240677][ T984] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 287.256141][ T984] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 287.277704][ T984] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 287.289145][ T984] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.299411][ T984] usb 6-1: Product: syz [ 287.305294][ T984] usb 6-1: Manufacturer: syz [ 287.310456][ T984] usb 6-1: SerialNumber: syz [ 287.323801][ T984] usb 6-1: config 0 descriptor?? [ 287.633862][ T5946] usb 6-1: USB disconnect, device number 21 [ 287.746990][ T92] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 287.897496][ T92] usb 2-1: Using ep0 maxpacket: 32 [ 287.908770][ T92] usb 2-1: config 0 interface 0 has no altsetting 0 [ 287.922949][ T92] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 287.932519][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.941597][ T92] usb 2-1: Product: syz [ 287.945907][ T92] usb 2-1: Manufacturer: syz [ 287.951991][ T92] usb 2-1: SerialNumber: syz [ 287.960065][ T92] usb 2-1: config 0 descriptor?? [ 287.971134][ T92] gs_usb 2-1:0.0: Required endpoints not found [ 288.000676][ T9967] netlink: 'syz.4.1243': attribute type 29 has an invalid length. [ 288.009360][ T9967] FAULT_INJECTION: forcing a failure. [ 288.009360][ T9967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.022886][ T9967] CPU: 1 UID: 0 PID: 9967 Comm: syz.4.1243 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 288.022911][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.022924][ T9967] Call Trace: [ 288.022931][ T9967] [ 288.022939][ T9967] dump_stack_lvl+0x189/0x250 [ 288.022969][ T9967] ? __pfx____ratelimit+0x10/0x10 [ 288.022989][ T9967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.023015][ T9967] ? __pfx__printk+0x10/0x10 [ 288.023042][ T9967] ? __might_fault+0xb0/0x130 [ 288.023082][ T9967] should_fail_ex+0x414/0x560 [ 288.023116][ T9967] _copy_to_iter+0x575/0x16f0 [ 288.023151][ T9967] ? __pfx__copy_to_iter+0x10/0x10 [ 288.023172][ T9967] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 288.023204][ T9967] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 288.023263][ T9967] __skb_datagram_iter+0xf8/0x990 [ 288.023293][ T9967] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 288.023330][ T9967] skb_copy_datagram_iter+0xc5/0x230 [ 288.023363][ T9967] netlink_recvmsg+0x2ab/0xa30 [ 288.023392][ T9967] ? __pfx_netlink_recvmsg+0x10/0x10 [ 288.023412][ T9967] ? aa_sock_msg_perm+0xf1/0x1d0 [ 288.023432][ T9967] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 288.023450][ T9967] ? security_socket_recvmsg+0x7e/0x2e0 [ 288.023471][ T9967] ? __pfx_netlink_recvmsg+0x10/0x10 [ 288.023488][ T9967] sock_recvmsg+0x22c/0x270 [ 288.023515][ T9967] ____sys_recvmsg+0x1c9/0x460 [ 288.023540][ T9967] ? __pfx_____sys_recvmsg+0x10/0x10 [ 288.023570][ T9967] ? import_iovec+0x74/0xa0 [ 288.023592][ T9967] ___sys_recvmsg+0x1b5/0x510 [ 288.023615][ T9967] ? __pfx____sys_recvmsg+0x10/0x10 [ 288.023651][ T9967] ? __fget_files+0x3a0/0x420 [ 288.023678][ T9967] __x64_sys_recvmsg+0x198/0x260 [ 288.023698][ T9967] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 288.023724][ T9967] ? __pfx_ksys_write+0x10/0x10 [ 288.023744][ T9967] ? rcu_is_watching+0x15/0xb0 [ 288.023777][ T9967] ? do_syscall_64+0xbe/0x3b0 [ 288.023803][ T9967] do_syscall_64+0xfa/0x3b0 [ 288.023823][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.023837][ T9967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.023852][ T9967] ? clear_bhb_loop+0x60/0xb0 [ 288.023869][ T9967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.023884][ T9967] RIP: 0033:0x7f3de0d8e929 [ 288.023898][ T9967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.023910][ T9967] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 288.023925][ T9967] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 288.023936][ T9967] RDX: 0000000000014000 RSI: 0000200000000280 RDI: 0000000000000003 [ 288.023945][ T9967] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 288.023954][ T9967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.023963][ T9967] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 288.023985][ T9967] [ 288.024046][ T9967] netlink: 'syz.4.1243': attribute type 29 has an invalid length. [ 288.796553][ T9988] NILFS (rnullb0): couldn't find nilfs on the device [ 289.216963][ T43] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 289.379796][ T43] usb 6-1: unable to get BOS descriptor or descriptor too short [ 289.389121][ T43] usb 6-1: not running at top speed; connect to a high speed hub [ 289.400034][ T43] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 289.412057][ T43] usb 6-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=af.16 [ 289.421810][ T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.429885][ T43] usb 6-1: Product: syz [ 289.434070][ T43] usb 6-1: Manufacturer: syz [ 289.438763][ T43] usb 6-1: SerialNumber: syz [ 289.477049][ T5946] usb 2-1: USB disconnect, device number 53 [ 289.657633][ T43] pwc: Visionite VCS-UC300 USB webcam detected. [ 289.681679][ T43] pwc: Failed to set LED on/off time (-71) [ 289.688109][ T43] pwc: send_video_command error -71 [ 289.700224][ T43] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 289.721790][ T43] Philips webcam 6-1:1.0: probe with driver Philips webcam failed with error -71 [ 289.748875][ T43] usb 6-1: USB disconnect, device number 22 [ 289.830395][T10006] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 289.841833][T10006] UDF-fs: Scanning with blocksize 4096 failed [ 290.315213][T10020] FAULT_INJECTION: forcing a failure. [ 290.315213][T10020] name failslab, interval 1, probability 0, space 0, times 0 [ 290.332182][T10020] CPU: 0 UID: 0 PID: 10020 Comm: syz.2.1264 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 290.332206][T10020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.332218][T10020] Call Trace: [ 290.332225][T10020] [ 290.332233][T10020] dump_stack_lvl+0x189/0x250 [ 290.332263][T10020] ? __pfx____ratelimit+0x10/0x10 [ 290.332279][T10020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.332299][T10020] ? __pfx__printk+0x10/0x10 [ 290.332324][T10020] ? __pfx___might_resched+0x10/0x10 [ 290.332342][T10020] ? fs_reclaim_acquire+0x7d/0x100 [ 290.332366][T10020] should_fail_ex+0x414/0x560 [ 290.332399][T10020] should_failslab+0xa8/0x100 [ 290.332419][T10020] __kmalloc_cache_noprof+0x70/0x3d0 [ 290.332445][T10020] ? drm_atomic_helper_setup_commit+0x7ae/0x1370 [ 290.332479][T10020] drm_atomic_helper_setup_commit+0x7ae/0x1370 [ 290.332524][T10020] drm_atomic_helper_commit+0x6a/0xb10 [ 290.332558][T10020] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 290.332585][T10020] drm_atomic_commit+0x25f/0x2c0 [ 290.332612][T10020] ? __pfx_drm_atomic_commit+0x10/0x10 [ 290.332632][T10020] ? __pfx___drm_printfn_info+0x10/0x10 [ 290.332667][T10020] ? drm_atomic_state_init+0x231/0x310 [ 290.332696][T10020] drm_atomic_helper_set_config+0xe2/0x160 [ 290.332717][T10020] drm_mode_setcrtc+0x9a1/0x1c50 [ 290.332745][T10020] ? kfree+0x18e/0x440 [ 290.332768][T10020] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 290.332811][T10020] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 290.332857][T10020] ? do_raw_spin_unlock+0x122/0x240 [ 290.332887][T10020] ? _raw_spin_unlock+0x28/0x50 [ 290.332911][T10020] ? drm_is_current_master+0x19f/0x200 [ 290.332939][T10020] drm_ioctl_kernel+0x2cf/0x390 [ 290.332958][T10020] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 290.332977][T10020] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 290.333004][T10020] drm_ioctl+0x67f/0xb10 [ 290.333025][T10020] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 290.333047][T10020] ? __pfx_drm_ioctl+0x10/0x10 [ 290.333087][T10020] ? __fget_files+0x2a/0x420 [ 290.333113][T10020] ? bpf_lsm_file_ioctl+0x9/0x20 [ 290.333139][T10020] ? __pfx_drm_ioctl+0x10/0x10 [ 290.333156][T10020] __se_sys_ioctl+0xfc/0x170 [ 290.333194][T10020] do_syscall_64+0xfa/0x3b0 [ 290.333213][T10020] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.333231][T10020] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.333250][T10020] ? clear_bhb_loop+0x60/0xb0 [ 290.333274][T10020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.333292][T10020] RIP: 0033:0x7faad8d8e929 [ 290.333327][T10020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.333342][T10020] RSP: 002b:00007faad9c9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.333361][T10020] RAX: ffffffffffffffda RBX: 00007faad8fb5fa0 RCX: 00007faad8d8e929 [ 290.333374][T10020] RDX: 00002000000002c0 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 290.333386][T10020] RBP: 00007faad9c9d090 R08: 0000000000000000 R09: 0000000000000000 [ 290.333397][T10020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 290.333407][T10020] R13: 0000000000000000 R14: 00007faad8fb5fa0 R15: 00007ffdf5aead58 [ 290.333436][T10020] [ 290.687580][ T5923] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 290.893510][ T5923] usb 2-1: Using ep0 maxpacket: 8 [ 290.902265][ T5923] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 290.928085][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.936841][ T5923] usb 2-1: Product: syz [ 290.941921][ T5923] usb 2-1: Manufacturer: syz [ 290.946554][ T5923] usb 2-1: SerialNumber: syz [ 290.953875][ T5923] usb 2-1: config 0 descriptor?? [ 291.027630][ T43] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 291.171838][ T5923] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 291.191268][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.203849][ T43] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 291.213240][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.227642][ T43] usb 5-1: config 0 descriptor?? [ 291.240902][ T43] pwc: Askey VC010 type 2 USB webcam detected. [ 291.375877][T10013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.422341][T10013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.447672][ T43] pwc: send_video_command error -71 [ 291.458160][ T43] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 291.469964][T10032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.479800][ T43] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 291.499535][T10032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.507699][ T43] usb 5-1: USB disconnect, device number 29 [ 291.534931][T10032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.558860][T10032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.590873][T10032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.599913][T10032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.957103][ T43] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 292.122840][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 292.133292][ T43] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 292.152475][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.186362][ T43] usb 5-1: config 0 descriptor?? [ 292.207335][ T43] pwc: Askey VC010 type 2 USB webcam detected. [ 292.219538][T10040] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1273'. [ 292.272458][T10013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.280566][ T5849] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 292.289229][T10013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.399538][T10042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.408566][T10042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.607256][ T43] pwc: recv_control_msg error -32 req 02 val 2b00 [ 292.610161][T10026] overlay: Unknown parameter 'subj_role' [ 292.825307][ T43] pwc: recv_control_msg error -32 req 02 val 2c00 [ 292.832582][ T43] pwc: recv_control_msg error -32 req 04 val 1000 [ 292.839654][ T43] pwc: recv_control_msg error -32 req 04 val 1300 [ 292.846717][ T43] pwc: recv_control_msg error -32 req 04 val 1400 [ 292.854866][ T43] pwc: recv_control_msg error -32 req 02 val 2000 [ 292.862373][ T43] pwc: recv_control_msg error -32 req 02 val 2100 [ 292.869652][ T43] pwc: recv_control_msg error -32 req 04 val 1500 [ 293.081737][ T43] pwc: recv_control_msg error -71 req 02 val 2400 [ 293.091723][ T43] pwc: recv_control_msg error -71 req 02 val 2600 [ 293.103919][ T5923] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 293.107538][ T43] pwc: recv_control_msg error -71 req 02 val 2900 [ 293.125585][ T43] pwc: recv_control_msg error -71 req 02 val 2800 [ 293.134188][ T43] pwc: recv_control_msg error -71 req 04 val 1100 [ 293.153685][ T5923] usb 2-1: USB disconnect, device number 54 [ 293.154506][ T43] pwc: recv_control_msg error -71 req 04 val 1200 [ 293.181600][ T43] pwc: Registered as video103. [ 293.195348][T10052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.213644][ T43] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input21 [ 293.243941][T10052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.259855][ T43] usb 5-1: USB disconnect, device number 30 [ 293.290010][T10052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.312589][T10052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.676072][T10058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1279'. [ 293.872443][T10065] FAULT_INJECTION: forcing a failure. [ 293.872443][T10065] name failslab, interval 1, probability 0, space 0, times 0 [ 293.886419][T10065] CPU: 1 UID: 0 PID: 10065 Comm: syz.2.1282 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 293.886446][T10065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 293.886458][T10065] Call Trace: [ 293.886466][T10065] [ 293.886474][T10065] dump_stack_lvl+0x189/0x250 [ 293.886506][T10065] ? __pfx____ratelimit+0x10/0x10 [ 293.886525][T10065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.886552][T10065] ? __pfx__printk+0x10/0x10 [ 293.886584][T10065] ? __pfx___might_resched+0x10/0x10 [ 293.886607][T10065] ? fs_reclaim_acquire+0x7d/0x100 [ 293.886633][T10065] should_fail_ex+0x414/0x560 [ 293.886667][T10065] should_failslab+0xa8/0x100 [ 293.886687][T10065] __kmalloc_cache_noprof+0x70/0x3d0 [ 293.886721][T10065] ? rtnl_newlink+0xed/0x1c70 [ 293.886738][T10065] ? kasan_save_free_info+0x46/0x50 [ 293.886763][T10065] rtnl_newlink+0xed/0x1c70 [ 293.886780][T10065] ? netlink_sendmsg+0x805/0xb30 [ 293.886808][T10065] ? __sock_sendmsg+0x21c/0x270 [ 293.886833][T10065] ? ____sys_sendmsg+0x505/0x830 [ 293.886854][T10065] ? ___sys_sendmsg+0x21f/0x2a0 [ 293.886879][T10065] ? __x64_sys_sendmsg+0x19b/0x260 [ 293.886900][T10065] ? do_syscall_64+0xfa/0x3b0 [ 293.886919][T10065] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.886944][T10065] ? __pfx_rtnl_newlink+0x10/0x10 [ 293.886987][T10065] ? kasan_quarantine_put+0xdd/0x220 [ 293.887013][T10065] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.887038][T10065] ? nlmon_xmit+0xb0/0x100 [ 293.887060][T10065] ? kmem_cache_free+0x18f/0x400 [ 293.887095][T10065] ? __local_bh_enable_ip+0x12d/0x1c0 [ 293.887119][T10065] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.887138][T10065] ? __local_bh_enable_ip+0x12d/0x1c0 [ 293.887160][T10065] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 293.887186][T10065] ? __dev_queue_xmit+0x27b/0x3b50 [ 293.887213][T10065] ? __lock_acquire+0xab9/0xd20 [ 293.887245][T10065] ? __pfx_rtnl_newlink+0x10/0x10 [ 293.887259][T10065] rtnetlink_rcv_msg+0x7cc/0xb70 [ 293.887275][T10065] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 293.887288][T10065] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 293.887301][T10065] ? ref_tracker_free+0x63a/0x7d0 [ 293.887314][T10065] ? __copy_skb_header+0xa7/0x550 [ 293.887333][T10065] ? __pfx_ref_tracker_free+0x10/0x10 [ 293.887346][T10065] ? __skb_clone+0x63/0x7a0 [ 293.887368][T10065] netlink_rcv_skb+0x205/0x470 [ 293.887383][T10065] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 293.887398][T10065] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 293.887421][T10065] ? netlink_deliver_tap+0x2e/0x1b0 [ 293.887440][T10065] ? netlink_deliver_tap+0x2e/0x1b0 [ 293.887458][T10065] netlink_unicast+0x75c/0x8e0 [ 293.887505][T10065] netlink_sendmsg+0x805/0xb30 [ 293.887528][T10065] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.887547][T10065] ? aa_sock_msg_perm+0xf1/0x1d0 [ 293.887568][T10065] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 293.887587][T10065] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.887604][T10065] __sock_sendmsg+0x21c/0x270 [ 293.887629][T10065] ____sys_sendmsg+0x505/0x830 [ 293.887651][T10065] ? __pfx_____sys_sendmsg+0x10/0x10 [ 293.887677][T10065] ? import_iovec+0x74/0xa0 [ 293.887699][T10065] ___sys_sendmsg+0x21f/0x2a0 [ 293.887720][T10065] ? __pfx____sys_sendmsg+0x10/0x10 [ 293.887764][T10065] ? __fget_files+0x2a/0x420 [ 293.887783][T10065] ? __fget_files+0x3a0/0x420 [ 293.887815][T10065] __x64_sys_sendmsg+0x19b/0x260 [ 293.887836][T10065] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 293.887862][T10065] ? __pfx_ksys_write+0x10/0x10 [ 293.887883][T10065] ? do_syscall_64+0xbe/0x3b0 [ 293.887901][T10065] do_syscall_64+0xfa/0x3b0 [ 293.887916][T10065] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.887930][T10065] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.887945][T10065] ? clear_bhb_loop+0x60/0xb0 [ 293.887964][T10065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.887978][T10065] RIP: 0033:0x7faad8d8e929 [ 293.887992][T10065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.888004][T10065] RSP: 002b:00007faad9c9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.888020][T10065] RAX: ffffffffffffffda RBX: 00007faad8fb5fa0 RCX: 00007faad8d8e929 [ 293.888032][T10065] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000005 [ 293.888043][T10065] RBP: 00007faad9c9d090 R08: 0000000000000000 R09: 0000000000000000 [ 293.888054][T10065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.888063][T10065] R13: 0000000000000000 R14: 00007faad8fb5fa0 R15: 00007ffdf5aead58 [ 293.888085][T10065] [ 293.947044][ T5905] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 293.950446][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.335537][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.441554][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.484040][ T5905] usb 5-1: device descriptor read/64, error -71 [ 294.517498][T10073] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1286'. [ 294.532723][T10073] omfs: Invalid superblock (0) [ 294.610991][T10077] FAULT_INJECTION: forcing a failure. [ 294.610991][T10077] name failslab, interval 1, probability 0, space 0, times 0 [ 294.625289][T10077] CPU: 1 UID: 0 PID: 10077 Comm: syz.2.1288 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 294.625315][T10077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.625328][T10077] Call Trace: [ 294.625336][T10077] [ 294.625344][T10077] dump_stack_lvl+0x189/0x250 [ 294.625376][T10077] ? __pfx____ratelimit+0x10/0x10 [ 294.625396][T10077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.625423][T10077] ? __pfx__printk+0x10/0x10 [ 294.625454][T10077] ? __pfx___might_resched+0x10/0x10 [ 294.625477][T10077] ? fs_reclaim_acquire+0x7d/0x100 [ 294.625503][T10077] should_fail_ex+0x414/0x560 [ 294.625538][T10077] should_failslab+0xa8/0x100 [ 294.625558][T10077] __kmalloc_noprof+0xcb/0x4f0 [ 294.625586][T10077] ? tomoyo_encode+0x28b/0x550 [ 294.625615][T10077] tomoyo_encode+0x28b/0x550 [ 294.625646][T10077] tomoyo_realpath_from_path+0x58d/0x5d0 [ 294.625682][T10077] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 294.625703][T10077] tomoyo_path_number_perm+0x1e8/0x5a0 [ 294.625726][T10077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 294.625772][T10077] ? __lock_acquire+0xab9/0xd20 [ 294.625814][T10077] ? __fget_files+0x2a/0x420 [ 294.625841][T10077] ? __fget_files+0x2a/0x420 [ 294.625863][T10077] ? __fget_files+0x3a0/0x420 [ 294.625886][T10077] ? __fget_files+0x2a/0x420 [ 294.625914][T10077] security_file_ioctl+0xcb/0x2d0 [ 294.625936][T10077] __se_sys_ioctl+0x47/0x170 [ 294.625958][T10077] do_syscall_64+0xfa/0x3b0 [ 294.625978][T10077] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.625997][T10077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.626016][T10077] ? clear_bhb_loop+0x60/0xb0 [ 294.626040][T10077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.626058][T10077] RIP: 0033:0x7faad8d8e52b [ 294.626075][T10077] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 294.626091][T10077] RSP: 002b:00007faad9c9b490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.626111][T10077] RAX: ffffffffffffffda RBX: 00007faad9c9bbe0 RCX: 00007faad8d8e52b [ 294.626126][T10077] RDX: 00007faad9c9bbe0 RSI: 00000000c008ae05 RDI: 0000000000000009 [ 294.626138][T10077] RBP: 0000200000001000 R08: 0000000000000000 R09: 0000000000000009 [ 294.626150][T10077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.626179][T10077] R13: 0000000000000063 R14: 0000200000000000 R15: 0000200000001800 [ 294.626211][T10077] [ 294.626231][T10077] ERROR: Out of memory at tomoyo_realpath_from_path. [ 294.727161][ T5905] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 295.009454][ T5905] usb 5-1: device descriptor read/64, error -71 [ 295.117363][ T5905] usb usb5-port1: attempt power cycle [ 295.287055][ T5923] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 295.450217][ T5923] usb 6-1: Using ep0 maxpacket: 8 [ 295.457905][ T5905] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 295.478878][ T5923] usb 6-1: config 127 has an invalid interface number: 171 but max is 1 [ 295.492987][ T5923] usb 6-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 295.503699][ T5923] usb 6-1: config 127 has 1 interface, different from the descriptor's value: 2 [ 295.513022][ T5923] usb 6-1: config 127 has no interface number 0 [ 295.520188][ T5905] usb 5-1: device descriptor read/8, error -71 [ 295.526537][ T5923] usb 6-1: config 127 interface 171 has no altsetting 0 [ 295.540036][ T5923] usb 6-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 295.553728][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.562383][ T5923] usb 6-1: Product: syz [ 295.566560][ T5923] usb 6-1: Manufacturer: syz [ 295.575205][ T5923] usb 6-1: SerialNumber: syz [ 295.684602][T10100] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1298'. [ 295.694400][T10100] netlink: zone id is out of range [ 295.704472][T10100] netlink: get zone limit has 8 unknown bytes [ 295.760000][ T5905] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 295.807855][ T5905] usb 5-1: device descriptor read/8, error -71 [ 295.844368][ T5923] usb 6-1: USB disconnect, device number 23 [ 295.949775][ T5905] usb usb5-port1: unable to enumerate USB device [ 296.103041][T10108] sctp: [Deprecated]: syz.2.1300 (pid 10108) Use of struct sctp_assoc_value in delayed_ack socket option. [ 296.103041][T10108] Use struct sctp_sack_info instead [ 296.606965][ T43] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 296.683949][T10113] FAULT_INJECTION: forcing a failure. [ 296.683949][T10113] name failslab, interval 1, probability 0, space 0, times 0 [ 296.704498][T10113] CPU: 1 UID: 0 PID: 10113 Comm: syz.4.1302 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 296.704523][T10113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.704535][T10113] Call Trace: [ 296.704543][T10113] [ 296.704552][T10113] dump_stack_lvl+0x189/0x250 [ 296.704589][T10113] ? __pfx____ratelimit+0x10/0x10 [ 296.704609][T10113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.704635][T10113] ? __pfx__printk+0x10/0x10 [ 296.704663][T10113] ? __pfx___might_resched+0x10/0x10 [ 296.704697][T10113] ? fs_reclaim_acquire+0x7d/0x100 [ 296.704720][T10113] should_fail_ex+0x414/0x560 [ 296.704752][T10113] should_failslab+0xa8/0x100 [ 296.704770][T10113] __kmalloc_noprof+0xcb/0x4f0 [ 296.704795][T10113] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 296.704815][T10113] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 296.704845][T10113] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 296.704876][T10113] genl_family_rcv_msg_doit+0xb8/0x300 [ 296.704906][T10113] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 296.704934][T10113] ? __pfx_genl_get_cmd+0x10/0x10 [ 296.704955][T10113] ? __pfx_ovs_ct_limit_cmd_get+0x10/0x10 [ 296.704992][T10113] genl_rcv_msg+0x60e/0x790 [ 296.705020][T10113] ? __pfx_genl_rcv_msg+0x10/0x10 [ 296.705041][T10113] ? ref_tracker_free+0x63a/0x7d0 [ 296.705057][T10113] ? __pfx_ovs_ct_limit_cmd_get+0x10/0x10 [ 296.705081][T10113] ? __pfx_ref_tracker_free+0x10/0x10 [ 296.705109][T10113] netlink_rcv_skb+0x205/0x470 [ 296.705128][T10113] ? __pfx_genl_rcv_msg+0x10/0x10 [ 296.705153][T10113] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 296.705185][T10113] ? down_read+0x1ad/0x2e0 [ 296.705208][T10113] genl_rcv+0x28/0x40 [ 296.705228][T10113] netlink_unicast+0x75c/0x8e0 [ 296.705264][T10113] netlink_sendmsg+0x805/0xb30 [ 296.705292][T10113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 296.705314][T10113] ? aa_sock_msg_perm+0xf1/0x1d0 [ 296.705337][T10113] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 296.705358][T10113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 296.705378][T10113] __sock_sendmsg+0x21c/0x270 [ 296.705407][T10113] ____sys_sendmsg+0x505/0x830 [ 296.705434][T10113] ? __pfx_____sys_sendmsg+0x10/0x10 [ 296.705463][T10113] ? import_iovec+0x74/0xa0 [ 296.705490][T10113] ___sys_sendmsg+0x21f/0x2a0 [ 296.705514][T10113] ? __pfx____sys_sendmsg+0x10/0x10 [ 296.705567][T10113] ? __fget_files+0x2a/0x420 [ 296.705595][T10113] ? __fget_files+0x3a0/0x420 [ 296.705625][T10113] __x64_sys_sendmsg+0x19b/0x260 [ 296.705650][T10113] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 296.705680][T10113] ? __pfx_ksys_write+0x10/0x10 [ 296.705703][T10113] ? do_syscall_64+0xbe/0x3b0 [ 296.705724][T10113] do_syscall_64+0xfa/0x3b0 [ 296.705741][T10113] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.705758][T10113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.705775][T10113] ? clear_bhb_loop+0x60/0xb0 [ 296.705796][T10113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.705812][T10113] RIP: 0033:0x7f3de0d8e929 [ 296.705827][T10113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.705842][T10113] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 296.705859][T10113] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 296.705872][T10113] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 296.705883][T10113] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 296.705894][T10113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.705904][T10113] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 296.705930][T10113] [ 297.057554][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.065209][ T43] usb 6-1: device descriptor read/64, error -71 [ 297.216093][T10120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.232811][T10120] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.307102][ T43] usb 6-1: new full-speed USB device number 25 using dummy_hcd [ 297.446957][ T43] usb 6-1: device descriptor read/64, error -71 [ 297.557301][ T43] usb usb6-port1: attempt power cycle [ 297.791243][ T5923] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 297.898962][ T43] usb 6-1: new full-speed USB device number 26 using dummy_hcd [ 297.927640][ T43] usb 6-1: device descriptor read/8, error -71 [ 297.971080][ T5923] usb 5-1: config 1 descriptor has 1 excess byte, ignoring [ 297.981715][ T5923] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 297.990902][ T5923] usb 5-1: config 1 has no interface number 1 [ 297.997165][ T5923] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 298.010869][ T5923] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 298.024274][ T5923] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 298.033531][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.041765][ T5923] usb 5-1: Product: syz [ 298.046408][ T5923] usb 5-1: Manufacturer: syz [ 298.049333][T10127] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1308'. [ 298.051366][ T5923] usb 5-1: SerialNumber: syz [ 298.064248][T10127] netlink: zone id is out of range [ 298.070266][T10127] netlink: zone id is out of range [ 298.075408][T10127] netlink: zone id is out of range [ 298.083739][T10127] netlink: get zone limit has 8 unknown bytes [ 298.167095][ T43] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 298.207646][ T43] usb 6-1: device descriptor read/8, error -71 [ 298.281117][T10125] BFS-fs: bfs_fill_super(): No BFS filesystem on rnullb0 (magic=ec6d192b) [ 298.296536][ T5923] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 298.315215][ T5923] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 298.318975][ T43] usb usb6-port1: unable to enumerate USB device [ 298.335746][ T5923] usb 5-1: 2:1 : sample bitwidth 189 in over sample bytes 3 [ 298.386230][ T5923] usb 5-1: USB disconnect, device number 35 [ 298.469221][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 298.543626][T10136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 298.560075][T10136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.117775][T10147] dvmrp0: entered allmulticast mode [ 299.159498][T10147] syzkaller0: entered promiscuous mode [ 299.164982][T10147] syzkaller0: entered allmulticast mode [ 299.174322][T10147] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1316'. [ 300.366304][T10158] FAULT_INJECTION: forcing a failure. [ 300.366304][T10158] name failslab, interval 1, probability 0, space 0, times 0 [ 300.384507][T10158] CPU: 1 UID: 0 PID: 10158 Comm: syz.1.1321 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 300.384533][T10158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.384554][T10158] Call Trace: [ 300.384562][T10158] [ 300.384570][T10158] dump_stack_lvl+0x189/0x250 [ 300.384599][T10158] ? __pfx____ratelimit+0x10/0x10 [ 300.384617][T10158] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.384642][T10158] ? __pfx__printk+0x10/0x10 [ 300.384672][T10158] ? __pfx___might_resched+0x10/0x10 [ 300.384694][T10158] ? fs_reclaim_acquire+0x7d/0x100 [ 300.384718][T10158] should_fail_ex+0x414/0x560 [ 300.384750][T10158] should_failslab+0xa8/0x100 [ 300.384770][T10158] __kmalloc_noprof+0xcb/0x4f0 [ 300.384796][T10158] ? rds_info_getsockopt+0x1db/0x470 [ 300.384828][T10158] rds_info_getsockopt+0x1db/0x470 [ 300.384860][T10158] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 300.384890][T10158] ? __might_fault+0xb0/0x130 [ 300.384921][T10158] ? rds_getsockopt+0x31d/0x500 [ 300.384947][T10158] do_sock_getsockopt+0x360/0x650 [ 300.384972][T10158] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 300.384993][T10158] ? do_syscall_64+0x20/0x3b0 [ 300.385011][T10158] ? __fget_files+0x3a0/0x420 [ 300.385033][T10158] ? __fget_files+0x2a/0x420 [ 300.385062][T10158] __x64_sys_getsockopt+0x1a5/0x250 [ 300.385083][T10158] ? do_syscall_64+0x20/0x3b0 [ 300.385103][T10158] ? do_syscall_64+0x20/0x3b0 [ 300.385125][T10158] do_syscall_64+0xfa/0x3b0 [ 300.385142][T10158] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.385160][T10158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.385177][T10158] ? clear_bhb_loop+0x60/0xb0 [ 300.385199][T10158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.385217][T10158] RIP: 0033:0x7fbd8378e929 [ 300.385233][T10158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.385250][T10158] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 300.385269][T10158] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 300.385281][T10158] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000003 [ 300.385292][T10158] RBP: 00007fbd84644090 R08: 0000200000000000 R09: 0000000000000000 [ 300.385304][T10158] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 300.385314][T10158] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 300.385339][T10158] [ 300.938613][ T55] block nbd0: Possible stuck request ffff8880255e7000: control (read@0,1024B). Runtime 150 seconds [ 300.950358][ T55] block nbd0: Possible stuck request ffff8880255e71c0: control (read@1024,1024B). Runtime 150 seconds [ 300.961564][ T55] block nbd0: Possible stuck request ffff8880255e7380: control (read@2048,1024B). Runtime 150 seconds [ 300.973496][ T55] block nbd0: Possible stuck request ffff8880255e7540: control (read@3072,1024B). Runtime 150 seconds [ 301.330627][T10167] exFAT-fs (rnullb0): invalid boot record signature [ 301.338103][T10167] exFAT-fs (rnullb0): failed to read boot sector [ 301.344529][T10167] exFAT-fs (rnullb0): failed to recognize exfat type [ 301.534530][T10179] use of bytesused == 0 is deprecated and will be removed in the future, [ 301.543750][T10179] use the actual size instead. [ 301.586209][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1331'. [ 301.623115][T10182] binder: BINDER_SET_CONTEXT_MGR bad uid 0 != 255 [ 301.637631][T10182] binder: 10181:10182 ioctl 4018620d 2000000000c0 returned -1 [ 301.672288][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1331'. [ 301.684477][T10184] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1332'. [ 301.695050][T10184] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 301.798172][T10190] netlink: 'syz.5.1334': attribute type 8 has an invalid length. [ 302.393078][T10213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.404308][T10213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.516956][ T5923] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 302.599398][T10215] binder: 10214:10215 unknown command 1078485782 [ 302.605786][T10215] binder: 10214:10215 ioctl c0306201 2000000002c0 returned -22 [ 302.672764][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.683964][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.694264][ T5923] usb 5-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 302.712597][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.723663][ T5923] usb 5-1: config 0 descriptor?? [ 302.997244][ T5923] usbhid 5-1:0.0: can't add hid device: -71 [ 303.003309][ T5923] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 303.023623][T10228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.057377][T10228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.061835][ T5923] usb 5-1: USB disconnect, device number 36 [ 303.095202][T10228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.111098][T10232] FAULT_INJECTION: forcing a failure. [ 303.111098][T10232] name failslab, interval 1, probability 0, space 0, times 0 [ 303.140627][T10228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.150574][T10228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.162456][T10232] CPU: 1 UID: 0 PID: 10232 Comm: syz.4.1350 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 303.162482][T10232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.162494][T10232] Call Trace: [ 303.162501][T10232] [ 303.162509][T10232] dump_stack_lvl+0x189/0x250 [ 303.162543][T10232] ? __pfx____ratelimit+0x10/0x10 [ 303.162563][T10232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.162590][T10232] ? __pfx__printk+0x10/0x10 [ 303.162621][T10232] ? __pfx___might_resched+0x10/0x10 [ 303.162645][T10232] ? fs_reclaim_acquire+0x7d/0x100 [ 303.162671][T10232] should_fail_ex+0x414/0x560 [ 303.162706][T10232] should_failslab+0xa8/0x100 [ 303.162727][T10232] __kmalloc_noprof+0xcb/0x4f0 [ 303.162755][T10232] ? tomoyo_encode+0x28b/0x550 [ 303.162784][T10232] tomoyo_encode+0x28b/0x550 [ 303.162815][T10232] tomoyo_realpath_from_path+0x58d/0x5d0 [ 303.162851][T10232] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 303.162873][T10232] tomoyo_path_number_perm+0x1e8/0x5a0 [ 303.162897][T10232] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 303.162935][T10232] ? __lock_acquire+0xab9/0xd20 [ 303.162996][T10232] ? __fget_files+0x2a/0x420 [ 303.163024][T10232] ? __fget_files+0x2a/0x420 [ 303.163047][T10232] ? __fget_files+0x3a0/0x420 [ 303.163069][T10232] ? __fget_files+0x2a/0x420 [ 303.163098][T10232] security_file_ioctl+0xcb/0x2d0 [ 303.163119][T10232] __se_sys_ioctl+0x47/0x170 [ 303.163140][T10232] do_syscall_64+0xfa/0x3b0 [ 303.163160][T10232] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.163178][T10232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.163197][T10232] ? clear_bhb_loop+0x60/0xb0 [ 303.163220][T10232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.163240][T10232] RIP: 0033:0x7f3de0d8e929 [ 303.163256][T10232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.163273][T10232] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.163294][T10232] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 303.163309][T10232] RDX: 0000200000000480 RSI: 0000000080045519 RDI: 0000000000000003 [ 303.163321][T10232] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 303.163333][T10232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.163351][T10232] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 303.163381][T10232] [ 303.163402][T10232] ERROR: Out of memory at tomoyo_realpath_from_path. [ 303.199884][T10228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.545123][T10244] FAULT_INJECTION: forcing a failure. [ 303.545123][T10244] name failslab, interval 1, probability 0, space 0, times 0 [ 303.562280][T10244] CPU: 0 UID: 0 PID: 10244 Comm: syz.5.1355 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 303.562314][T10244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.562327][T10244] Call Trace: [ 303.562335][T10244] [ 303.562344][T10244] dump_stack_lvl+0x189/0x250 [ 303.562376][T10244] ? __pfx____ratelimit+0x10/0x10 [ 303.562396][T10244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.562423][T10244] ? __pfx__printk+0x10/0x10 [ 303.562453][T10244] ? __pfx___might_resched+0x10/0x10 [ 303.562479][T10244] ? fs_reclaim_acquire+0x7d/0x100 [ 303.562504][T10244] should_fail_ex+0x414/0x560 [ 303.562540][T10244] should_failslab+0xa8/0x100 [ 303.562561][T10244] __kmalloc_noprof+0xcb/0x4f0 [ 303.562589][T10244] ? tomoyo_encode+0x28b/0x550 [ 303.562619][T10244] tomoyo_encode+0x28b/0x550 [ 303.562650][T10244] tomoyo_realpath_from_path+0x58d/0x5d0 [ 303.562687][T10244] ? tomoyo_mount_permission+0x27a/0x970 [ 303.562711][T10244] tomoyo_mount_permission+0x377/0x970 [ 303.562738][T10244] ? tomoyo_mount_permission+0x27a/0x970 [ 303.562762][T10244] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 303.562851][T10244] security_sb_mount+0xec/0x350 [ 303.562878][T10244] path_mount+0xbc/0xfe0 [ 303.562899][T10244] ? user_path_at+0x44/0x60 [ 303.562929][T10244] ? kmem_cache_free+0x18f/0x400 [ 303.562983][T10244] __se_sys_mount+0x317/0x410 [ 303.563014][T10244] ? __pfx___se_sys_mount+0x10/0x10 [ 303.563037][T10244] ? rcu_is_watching+0x15/0xb0 [ 303.563077][T10244] ? do_syscall_64+0xbe/0x3b0 [ 303.563095][T10244] ? __x64_sys_mount+0x20/0xc0 [ 303.563120][T10244] do_syscall_64+0xfa/0x3b0 [ 303.563138][T10244] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.563155][T10244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.563173][T10244] ? clear_bhb_loop+0x60/0xb0 [ 303.563195][T10244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.563212][T10244] RIP: 0033:0x7fea7fb8e929 [ 303.563228][T10244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.563244][T10244] RSP: 002b:00007fea809bb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 303.563263][T10244] RAX: ffffffffffffffda RBX: 00007fea7fdb5fa0 RCX: 00007fea7fb8e929 [ 303.563277][T10244] RDX: 0000200000000080 RSI: 0000200000000400 RDI: 0000000000000000 [ 303.563289][T10244] RBP: 00007fea809bb090 R08: 0000200000000280 R09: 0000000000000000 [ 303.563306][T10244] R10: 0000000003000492 R11: 0000000000000246 R12: 0000000000000001 [ 303.563318][T10244] R13: 0000000000000000 R14: 00007fea7fdb5fa0 R15: 00007fffc6ada868 [ 303.563346][T10244] [ 303.563365][T10244] ERROR: Out of memory at tomoyo_realpath_from_path. [ 303.777185][ T43] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 303.981674][ T43] usb 5-1: device descriptor read/64, error -71 [ 304.070841][T10258] FAULT_INJECTION: forcing a failure. [ 304.070841][T10258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.086465][T10258] CPU: 1 UID: 0 PID: 10258 Comm: syz.5.1362 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 304.086503][T10258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.086523][T10258] Call Trace: [ 304.086530][T10258] [ 304.086538][T10258] dump_stack_lvl+0x189/0x250 [ 304.086568][T10258] ? __pfx____ratelimit+0x10/0x10 [ 304.086587][T10258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.086612][T10258] ? __pfx__printk+0x10/0x10 [ 304.086639][T10258] ? __might_fault+0xb0/0x130 [ 304.086676][T10258] should_fail_ex+0x414/0x560 [ 304.086708][T10258] _copy_from_iter+0x1db/0x16f0 [ 304.086733][T10258] ? __lock_acquire+0xab9/0xd20 [ 304.086759][T10258] ? __pfx__copy_from_iter+0x10/0x10 [ 304.086795][T10258] tun_get_user+0x488/0x3e20 [ 304.086834][T10258] ? aa_file_perm+0x13e/0x11b0 [ 304.086862][T10258] ? aa_file_perm+0x3ed/0x11b0 [ 304.086885][T10258] ? __pfx_tun_get_user+0x10/0x10 [ 304.086924][T10258] ? _parse_integer_limit+0x1ae/0x1f0 [ 304.086953][T10258] ? __lock_acquire+0xab9/0xd20 [ 304.086980][T10258] ? ref_tracker_alloc+0x318/0x460 [ 304.086997][T10258] ? __lock_acquire+0xab9/0xd20 [ 304.087028][T10258] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 304.087052][T10258] ? tun_get+0x1c/0x2f0 [ 304.087080][T10258] ? tun_get+0x1c/0x2f0 [ 304.087103][T10258] ? tun_get+0x1c/0x2f0 [ 304.087131][T10258] tun_chr_write_iter+0x113/0x200 [ 304.087158][T10258] vfs_write+0x54b/0xa90 [ 304.087184][T10258] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 304.087209][T10258] ? __pfx_vfs_write+0x10/0x10 [ 304.087239][T10258] ? __fget_files+0x2a/0x420 [ 304.087273][T10258] ksys_write+0x145/0x250 [ 304.087297][T10258] ? __pfx_ksys_write+0x10/0x10 [ 304.087315][T10258] ? rcu_is_watching+0x15/0xb0 [ 304.087344][T10258] ? do_syscall_64+0xbe/0x3b0 [ 304.087368][T10258] do_syscall_64+0xfa/0x3b0 [ 304.087387][T10258] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.087406][T10258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.087425][T10258] ? clear_bhb_loop+0x60/0xb0 [ 304.087448][T10258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.087467][T10258] RIP: 0033:0x7fea7fb8e929 [ 304.087501][T10258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.087520][T10258] RSP: 002b:00007fea809bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 304.087542][T10258] RAX: ffffffffffffffda RBX: 00007fea7fdb5fa0 RCX: 00007fea7fb8e929 [ 304.087557][T10258] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003 [ 304.087571][T10258] RBP: 00007fea809bb090 R08: 0000000000000000 R09: 0000000000000000 [ 304.087584][T10258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.087596][T10258] R13: 0000000000000000 R14: 00007fea7fdb5fa0 R15: 00007fffc6ada868 [ 304.087628][T10258] [ 304.360134][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.510235][ T43] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 304.530321][T10263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.540266][T10263] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.554680][T10264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.580540][T10264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.657265][ T43] usb 5-1: device descriptor read/64, error -71 [ 304.769021][ T43] usb usb5-port1: attempt power cycle [ 304.977327][ T5946] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 305.127051][ T43] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 305.157876][ T5946] usb 6-1: Using ep0 maxpacket: 8 [ 305.160979][T10291] MTD: Couldn't look up '': -22 [ 305.164556][ T43] usb 5-1: device descriptor read/8, error -71 [ 305.171082][T10291] : Can't lookup blockdev [ 305.191029][ T5946] usb 6-1: config 1 has an invalid descriptor of length 228, skipping remainder of the config [ 305.210593][ T5946] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 305.229693][ T5946] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.242246][ T5946] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.271629][ T5946] usb 6-1: Product: syz [ 305.275828][ T5946] usb 6-1: Manufacturer: syz [ 305.291420][ T5946] usb 6-1: SerialNumber: syz [ 305.319306][T10297] syzkaller1: entered promiscuous mode [ 305.324890][T10297] syzkaller1: entered allmulticast mode [ 305.391947][T10299] syzkaller1: entered promiscuous mode [ 305.398511][T10299] syzkaller1: entered allmulticast mode [ 305.411191][T10299] FAULT_INJECTION: forcing a failure. [ 305.411191][T10299] name failslab, interval 1, probability 0, space 0, times 0 [ 305.425218][T10299] CPU: 1 UID: 0 PID: 10299 Comm: syz.2.1373 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 305.425242][T10299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.425254][T10299] Call Trace: [ 305.425261][T10299] [ 305.425269][T10299] dump_stack_lvl+0x189/0x250 [ 305.425303][T10299] ? __pfx____ratelimit+0x10/0x10 [ 305.425321][T10299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.425347][T10299] ? __pfx__printk+0x10/0x10 [ 305.425375][T10299] ? __pfx___might_resched+0x10/0x10 [ 305.425398][T10299] ? fs_reclaim_acquire+0x7d/0x100 [ 305.425421][T10299] should_fail_ex+0x414/0x560 [ 305.425453][T10299] should_failslab+0xa8/0x100 [ 305.425473][T10299] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 305.425500][T10299] ? __alloc_skb+0x112/0x2d0 [ 305.425524][T10299] __alloc_skb+0x112/0x2d0 [ 305.425547][T10299] alloc_skb_with_frags+0xca/0x890 [ 305.425567][T10299] ? __might_fault+0xb0/0x130 [ 305.425605][T10299] sock_alloc_send_pskb+0x857/0x990 [ 305.425646][T10299] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 305.425681][T10299] ? iov_iter_advance+0x8b/0x1c0 [ 305.425706][T10299] tun_get_user+0xa43/0x3e20 [ 305.425744][T10299] ? aa_file_perm+0x13e/0x11b0 [ 305.425769][T10299] ? aa_file_perm+0x3ed/0x11b0 [ 305.425792][T10299] ? __pfx_tun_get_user+0x10/0x10 [ 305.425831][T10299] ? _parse_integer_limit+0x1ae/0x1f0 [ 305.425860][T10299] ? __lock_acquire+0xab9/0xd20 [ 305.425888][T10299] ? ref_tracker_alloc+0x318/0x460 [ 305.425906][T10299] ? __lock_acquire+0xab9/0xd20 [ 305.425929][T10299] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 305.425953][T10299] ? tun_get+0x1c/0x2f0 [ 305.425982][T10299] ? tun_get+0x1c/0x2f0 [ 305.426005][T10299] ? tun_get+0x1c/0x2f0 [ 305.426033][T10299] tun_chr_write_iter+0x113/0x200 [ 305.426060][T10299] vfs_write+0x54b/0xa90 [ 305.426086][T10299] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 305.426111][T10299] ? __pfx_vfs_write+0x10/0x10 [ 305.426142][T10299] ? __fget_files+0x2a/0x420 [ 305.426188][T10299] ksys_write+0x145/0x250 [ 305.426211][T10299] ? __pfx_ksys_write+0x10/0x10 [ 305.426230][T10299] ? rcu_is_watching+0x15/0xb0 [ 305.426260][T10299] ? do_syscall_64+0xbe/0x3b0 [ 305.426284][T10299] do_syscall_64+0xfa/0x3b0 [ 305.426305][T10299] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.426323][T10299] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 305.426341][T10299] ? clear_bhb_loop+0x60/0xb0 [ 305.426363][T10299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.426382][T10299] RIP: 0033:0x7faad8d8e929 [ 305.426399][T10299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.426415][T10299] RSP: 002b:00007faad9c9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.426435][T10299] RAX: ffffffffffffffda RBX: 00007faad8fb5fa0 RCX: 00007faad8d8e929 [ 305.426449][T10299] RDX: 0000000000000036 RSI: 0000200000000440 RDI: 0000000000000003 [ 305.426462][T10299] RBP: 00007faad9c9d090 R08: 0000000000000000 R09: 0000000000000000 [ 305.426474][T10299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.426485][T10299] R13: 0000000000000000 R14: 00007faad8fb5fa0 R15: 00007ffdf5aead58 [ 305.426519][T10299] [ 305.736261][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.770761][T10272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.774817][ T43] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 305.781086][T10272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.813754][ T43] usb 5-1: device descriptor read/8, error -71 [ 305.829359][ T5946] usb 6-1: invalid UAC_HEADER (v1) [ 305.853334][ T5946] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 305.865571][ T5946] usb 6-1: USB disconnect, device number 28 [ 305.926750][ T6214] udevd[6214]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 305.927849][ T43] usb usb5-port1: unable to enumerate USB device [ 306.072215][ T30] audit: type=1400 audit(1752719566.380:16): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=10307 comm="syz.1.1377" [ 306.081377][ T5849] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 306.235726][T10315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 306.245148][T10315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 306.471644][T10327] FAULT_INJECTION: forcing a failure. [ 306.471644][T10327] name failslab, interval 1, probability 0, space 0, times 0 [ 306.484881][T10327] CPU: 1 UID: 0 PID: 10327 Comm: syz.1.1384 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 306.484907][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.484926][T10327] Call Trace: [ 306.484935][T10327] [ 306.484943][T10327] dump_stack_lvl+0x189/0x250 [ 306.484975][T10327] ? __pfx____ratelimit+0x10/0x10 [ 306.484995][T10327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.485022][T10327] ? __pfx__printk+0x10/0x10 [ 306.485055][T10327] ? __pfx___might_resched+0x10/0x10 [ 306.485084][T10327] should_fail_ex+0x414/0x560 [ 306.485118][T10327] should_failslab+0xa8/0x100 [ 306.485139][T10327] kmem_cache_alloc_noprof+0x73/0x3c0 [ 306.485167][T10327] ? getname_flags+0xb8/0x540 [ 306.485198][T10327] getname_flags+0xb8/0x540 [ 306.485228][T10327] __x64_sys_execveat+0xad/0xe0 [ 306.485251][T10327] do_syscall_64+0xfa/0x3b0 [ 306.485271][T10327] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.485290][T10327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.485309][T10327] ? clear_bhb_loop+0x60/0xb0 [ 306.485332][T10327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.485351][T10327] RIP: 0033:0x7fbd8378e929 [ 306.485367][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.485383][T10327] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 306.485403][T10327] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 306.485417][T10327] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 306.485430][T10327] RBP: 00007fbd84644090 R08: 0000000000000000 R09: 0000000000000000 [ 306.485442][T10327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.485453][T10327] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 306.485481][T10327] [ 306.669305][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.810605][T10332] overlayfs: failed to resolve './file1': -2 [ 306.822615][T10334] gfs2: not a GFS2 filesystem [ 306.924612][T10338] XFS (rnullb0): Invalid superblock magic number [ 307.215206][T10358] dummy0: entered promiscuous mode [ 307.432247][T10351] dummy0: left promiscuous mode [ 307.462463][T10361] syzkaller1: entered promiscuous mode [ 307.470282][T10361] syzkaller1: entered allmulticast mode [ 308.573397][T10383] 9pnet_fd: Insufficient options for proto=fd [ 308.604712][T10383] binder: 10371:10383 ioctl c0306201 0 returned -14 [ 308.617322][T10385] vxfs: WRONG superblock magic 00000000 at 1 [ 308.623868][T10385] vxfs: WRONG superblock magic 00000000 at 8 [ 308.630780][T10385] vxfs: can't find superblock. [ 308.833266][T10390] FAULT_INJECTION: forcing a failure. [ 308.833266][T10390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.848997][T10390] CPU: 0 UID: 0 PID: 10390 Comm: syz.1.1406 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 308.849023][T10390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.849035][T10390] Call Trace: [ 308.849043][T10390] [ 308.849051][T10390] dump_stack_lvl+0x189/0x250 [ 308.849083][T10390] ? __pfx____ratelimit+0x10/0x10 [ 308.849102][T10390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.849128][T10390] ? __pfx__printk+0x10/0x10 [ 308.849165][T10390] should_fail_ex+0x414/0x560 [ 308.849197][T10390] _copy_to_user+0x31/0xb0 [ 308.849225][T10390] simple_read_from_buffer+0xe1/0x170 [ 308.849253][T10390] proc_fail_nth_read+0x1df/0x250 [ 308.849283][T10390] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 308.849313][T10390] ? rw_verify_area+0x2a6/0x4d0 [ 308.849332][T10390] ? __lock_acquire+0xab9/0xd20 [ 308.849350][T10390] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 308.849378][T10390] vfs_read+0x1fd/0x980 [ 308.849402][T10390] ? __pfx___mutex_lock+0x10/0x10 [ 308.849422][T10390] ? __pfx_vfs_read+0x10/0x10 [ 308.849443][T10390] ? __fget_files+0x2a/0x420 [ 308.849470][T10390] ? __fget_files+0x3a0/0x420 [ 308.849492][T10390] ? __fget_files+0x2a/0x420 [ 308.849523][T10390] ksys_read+0x145/0x250 [ 308.849545][T10390] ? __pfx_ksys_read+0x10/0x10 [ 308.849563][T10390] ? fput+0xa0/0xd0 [ 308.849593][T10390] ? do_syscall_64+0xbe/0x3b0 [ 308.849616][T10390] do_syscall_64+0xfa/0x3b0 [ 308.849642][T10390] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.849659][T10390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.849677][T10390] ? clear_bhb_loop+0x60/0xb0 [ 308.849700][T10390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.849717][T10390] RIP: 0033:0x7fbd8378d33c [ 308.849733][T10390] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 308.849747][T10390] RSP: 002b:00007fbd84644030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 308.849767][T10390] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378d33c [ 308.849780][T10390] RDX: 000000000000000f RSI: 00007fbd846440a0 RDI: 0000000000000004 [ 308.849797][T10390] RBP: 00007fbd84644090 R08: 0000000000000000 R09: 0000000000000000 [ 308.849808][T10390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.849819][T10390] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 308.849848][T10390] [ 309.332720][T10397] binder: BINDER_SET_CONTEXT_MGR bad uid 0 != 255 [ 309.339318][T10397] binder: 10396:10397 ioctl 4018620d 2000000000c0 returned -1 [ 309.356829][T10397] binder: BINDER_SET_CONTEXT_MGR bad uid 0 != 255 [ 309.363471][T10397] binder: 10396:10397 ioctl 4018620d 200000000040 returned -1 [ 309.507104][ T984] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 309.667435][ T984] usb 2-1: Using ep0 maxpacket: 16 [ 309.675919][ T5946] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 309.680175][ T984] usb 2-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 64 [ 309.695191][ T984] usb 2-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 16 [ 309.708997][ T984] usb 2-1: config 1 interface 0 has no altsetting 0 [ 309.718483][ T984] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 309.732552][ T984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.741810][ T984] usb 2-1: Product: syz [ 309.746016][ T984] usb 2-1: Manufacturer: syz [ 309.750951][ T984] usb 2-1: SerialNumber: syz [ 309.768340][T10393] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 309.776298][T10393] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 309.841702][ T5946] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 309.860543][ T5946] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.911474][ T5946] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 309.920965][ T5946] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 309.930488][ T5946] usb 6-1: Manufacturer: syz [ 309.949286][ T5946] usb 6-1: config 0 descriptor?? [ 310.037209][ T5946] rc_core: IR keymap rc-hauppauge not found [ 310.048092][ T5946] Registered IR keymap rc-empty [ 310.054459][ T5946] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 310.068037][ T5946] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input24 [ 310.101194][T10417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 310.112111][T10417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 310.194768][T10393] /dev/rnullb0: Can't open blockdev [ 310.206183][ T984] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 55 if 0 alt 2 proto 1 vid 0x0525 pid 0xA4A8 [ 310.233136][ T984] usb 2-1: USB disconnect, device number 55 [ 310.246589][ T984] usblp0: removed [ 311.064154][T10432] input: syz1 as /devices/virtual/input/input25 [ 311.079211][T10432] FAULT_INJECTION: forcing a failure. [ 311.079211][T10432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.104871][T10432] CPU: 0 UID: 0 PID: 10432 Comm: syz.4.1421 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 311.104897][T10432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.104908][T10432] Call Trace: [ 311.104916][T10432] [ 311.104924][T10432] dump_stack_lvl+0x189/0x250 [ 311.104955][T10432] ? __pfx____ratelimit+0x10/0x10 [ 311.104974][T10432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.105000][T10432] ? __pfx__printk+0x10/0x10 [ 311.105027][T10432] ? __might_fault+0xb0/0x130 [ 311.105065][T10432] should_fail_ex+0x414/0x560 [ 311.105098][T10432] _copy_from_user+0x2d/0xb0 [ 311.105124][T10432] input_event_from_user+0xb2/0x280 [ 311.105146][T10432] ? __pfx_input_event_from_user+0x10/0x10 [ 311.105173][T10432] ? input_event+0xa6/0xc0 [ 311.105217][T10432] uinput_write+0x279/0xfc0 [ 311.105251][T10432] ? __pfx_uinput_write+0x10/0x10 [ 311.105276][T10432] ? bpf_lsm_file_permission+0x9/0x20 [ 311.105302][T10432] ? security_file_permission+0x75/0x290 [ 311.105323][T10432] ? rw_verify_area+0x255/0x4d0 [ 311.105343][T10432] ? __lock_acquire+0xab9/0xd20 [ 311.105363][T10432] ? __pfx_uinput_write+0x10/0x10 [ 311.105388][T10432] vfs_write+0x27b/0xa90 [ 311.105418][T10432] ? __pfx_vfs_write+0x10/0x10 [ 311.105444][T10432] ? __fget_files+0x2a/0x420 [ 311.105472][T10432] ? __fget_files+0x2a/0x420 [ 311.105496][T10432] ? __fget_files+0x3a0/0x420 [ 311.105519][T10432] ? __fget_files+0x2a/0x420 [ 311.105551][T10432] ksys_write+0x145/0x250 [ 311.105575][T10432] ? __pfx_ksys_write+0x10/0x10 [ 311.105594][T10432] ? rcu_is_watching+0x15/0xb0 [ 311.105625][T10432] ? do_syscall_64+0xbe/0x3b0 [ 311.105650][T10432] do_syscall_64+0xfa/0x3b0 [ 311.105668][T10432] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.105696][T10432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.105715][T10432] ? clear_bhb_loop+0x60/0xb0 [ 311.105738][T10432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.105757][T10432] RIP: 0033:0x7f3de0d8e929 [ 311.105774][T10432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.105797][T10432] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 311.105817][T10432] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 311.105831][T10432] RDX: 000000000000045c RSI: 00002000000000c0 RDI: 0000000000000004 [ 311.105843][T10432] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 311.105853][T10432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.105864][T10432] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 311.105892][T10432] [ 311.374394][ T984] usb 2-1: new full-speed USB device number 56 using dummy_hcd [ 311.502911][T10440] qnx4: no qnx4 filesystem (no root dir). [ 311.531051][ T984] usb 2-1: not running at top speed; connect to a high speed hub [ 311.540447][ T984] usb 2-1: config 5 has an invalid interface number: 218 but max is 0 [ 311.549171][ T984] usb 2-1: config 5 has no interface number 0 [ 311.555407][ T984] usb 2-1: config 5 interface 218 altsetting 2 endpoint 0x8 has invalid maxpacket 1056, setting to 64 [ 311.566837][ T984] usb 2-1: config 5 interface 218 altsetting 2 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 311.578322][ T984] usb 2-1: config 5 interface 218 has no altsetting 0 [ 311.588188][ T984] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=3a.bc [ 311.597360][ T984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.605393][ T984] usb 2-1: Product: syz [ 311.609662][ T984] usb 2-1: Manufacturer: syz [ 311.614310][ T984] usb 2-1: SerialNumber: syz [ 311.628386][T10428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 311.681450][T10442] input: syz1 as /devices/virtual/input/input26 [ 311.783057][T10444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.799168][T10444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.868956][ T984] ir_toy 2-1:5.218: required endpoints not found [ 311.882500][ T984] usb 2-1: USB disconnect, device number 56 [ 312.026978][ T5946] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 312.166972][ T5946] usb 5-1: device descriptor read/64, error -71 [ 312.322147][T10448] FAULT_INJECTION: forcing a failure. [ 312.322147][T10448] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.344764][T10448] CPU: 1 UID: 0 PID: 10448 Comm: syz.2.1427 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 312.344791][T10448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.344802][T10448] Call Trace: [ 312.344812][T10448] [ 312.344821][T10448] dump_stack_lvl+0x189/0x250 [ 312.344851][T10448] ? __pfx____ratelimit+0x10/0x10 [ 312.344870][T10448] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.344895][T10448] ? __pfx__printk+0x10/0x10 [ 312.344921][T10448] ? __might_fault+0xb0/0x130 [ 312.344958][T10448] should_fail_ex+0x414/0x560 [ 312.344990][T10448] _copy_from_user+0x2d/0xb0 [ 312.345016][T10448] memdup_user+0x5e/0xd0 [ 312.345040][T10448] strndup_user+0x68/0xd0 [ 312.345062][T10448] __se_sys_request_key+0x15f/0x340 [ 312.345091][T10448] ? ksys_write+0x22a/0x250 [ 312.345110][T10448] ? __pfx___se_sys_request_key+0x10/0x10 [ 312.345146][T10448] ? do_syscall_64+0xbe/0x3b0 [ 312.345168][T10448] do_syscall_64+0xfa/0x3b0 [ 312.345185][T10448] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.345203][T10448] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.345220][T10448] ? clear_bhb_loop+0x60/0xb0 [ 312.345241][T10448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.345259][T10448] RIP: 0033:0x7faad8d8e929 [ 312.345274][T10448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.345290][T10448] RSP: 002b:00007faad9c9d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 312.345309][T10448] RAX: ffffffffffffffda RBX: 00007faad8fb5fa0 RCX: 00007faad8d8e929 [ 312.345322][T10448] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000200000000080 [ 312.345334][T10448] RBP: 00007faad9c9d090 R08: 0000000000000000 R09: 0000000000000000 [ 312.345345][T10448] R10: 000000001897d8d6 R11: 0000000000000246 R12: 0000000000000001 [ 312.345356][T10448] R13: 0000000000000000 R14: 00007faad8fb5fa0 R15: 00007ffdf5aead58 [ 312.345408][T10448] [ 312.538104][ C1] vkms_vblank_simulate: vblank timer overrun [ 312.555609][ T10] usb 6-1: USB disconnect, device number 29 [ 312.667069][ T5946] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 312.806984][ T5946] usb 5-1: device descriptor read/64, error -71 [ 312.917215][ T5946] usb usb5-port1: attempt power cycle [ 312.951523][T10464] FAULT_INJECTION: forcing a failure. [ 312.951523][T10464] name failslab, interval 1, probability 0, space 0, times 0 [ 312.964642][T10464] CPU: 1 UID: 0 PID: 10464 Comm: syz.5.1433 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 312.964669][T10464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.964682][T10464] Call Trace: [ 312.964690][T10464] [ 312.964698][T10464] dump_stack_lvl+0x189/0x250 [ 312.964730][T10464] ? __pfx____ratelimit+0x10/0x10 [ 312.964750][T10464] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.964785][T10464] ? __pfx__printk+0x10/0x10 [ 312.964807][T10464] ? __pfx___might_resched+0x10/0x10 [ 312.964827][T10464] should_fail_ex+0x414/0x560 [ 312.964851][T10464] should_failslab+0xa8/0x100 [ 312.964865][T10464] kmem_cache_alloc_noprof+0x73/0x3c0 [ 312.964884][T10464] ? mas_alloc_nodes+0x2e9/0x8e0 [ 312.964900][T10464] mas_alloc_nodes+0x2e9/0x8e0 [ 312.964917][T10464] mas_preallocate+0x3ad/0x6f0 [ 312.964938][T10464] ? mt_find+0x15c/0x5f0 [ 312.964951][T10464] ? __pfx_mas_preallocate+0x10/0x10 [ 312.964978][T10464] ? __mas_set_range+0x12f/0x3c0 [ 312.964999][T10464] vma_link+0x102/0x450 [ 312.965016][T10464] ? __pfx_vma_link+0x10/0x10 [ 312.965037][T10464] ? percpu_counter_add_batch+0xea/0x1e0 [ 312.965059][T10464] ? __vm_enough_memory+0x11b/0x380 [ 312.965079][T10464] insert_vm_struct+0x199/0x260 [ 312.965099][T10464] create_init_stack_vma+0x2de/0x680 [ 312.965122][T10464] alloc_bprm+0x496/0x5c0 [ 312.965139][T10464] do_execveat_common+0x1b3/0x6a0 [ 312.965160][T10464] __x64_sys_execve+0x94/0xb0 [ 312.965175][T10464] do_syscall_64+0xfa/0x3b0 [ 312.965188][T10464] ? lockdep_hardirqs_on+0x9c/0x150 [ 312.965200][T10464] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.965213][T10464] ? clear_bhb_loop+0x60/0xb0 [ 312.965229][T10464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.965241][T10464] RIP: 0033:0x7fea7fb8e929 [ 312.965252][T10464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.965263][T10464] RSP: 002b:00007fea8099a038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 312.965276][T10464] RAX: ffffffffffffffda RBX: 00007fea7fdb6080 RCX: 00007fea7fb8e929 [ 312.965285][T10464] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 312.965293][T10464] RBP: 00007fea8099a090 R08: 0000000000000000 R09: 0000000000000000 [ 312.965301][T10464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.965308][T10464] R13: 0000000000000001 R14: 00007fea7fdb6080 R15: 00007fffc6ada868 [ 312.965327][T10464] [ 313.207955][ C1] vkms_vblank_simulate: vblank timer overrun [ 313.291690][T10468] FAULT_INJECTION: forcing a failure. [ 313.291690][T10468] name failslab, interval 1, probability 0, space 0, times 0 [ 313.304474][T10468] CPU: 0 UID: 0 PID: 10468 Comm: syz.5.1435 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 313.304500][T10468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.304510][T10468] Call Trace: [ 313.304515][T10468] [ 313.304521][T10468] dump_stack_lvl+0x189/0x250 [ 313.304545][T10468] ? __pfx____ratelimit+0x10/0x10 [ 313.304559][T10468] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.304578][T10468] ? __pfx__printk+0x10/0x10 [ 313.304601][T10468] ? __pfx___might_resched+0x10/0x10 [ 313.304618][T10468] ? fs_reclaim_acquire+0x7d/0x100 [ 313.304636][T10468] should_fail_ex+0x414/0x560 [ 313.304666][T10468] should_failslab+0xa8/0x100 [ 313.304680][T10468] __kmalloc_node_noprof+0xd1/0x4e0 [ 313.304700][T10468] ? crypto_create_tfm_node+0x83/0x3f0 [ 313.304719][T10468] crypto_create_tfm_node+0x83/0x3f0 [ 313.304737][T10468] crypto_alloc_tfm_node+0x172/0x3f0 [ 313.304758][T10468] kdf_alloc+0x21/0x100 [ 313.304777][T10468] __keyctl_dh_compute+0x455/0xca0 [ 313.304801][T10468] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 313.304820][T10468] ? __lock_acquire+0xab9/0xd20 [ 313.304842][T10468] ? __might_fault+0xb0/0x130 [ 313.304877][T10468] keyctl_dh_compute+0x109/0x160 [ 313.304897][T10468] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 313.304927][T10468] __se_sys_keyctl+0x423/0x910 [ 313.304943][T10468] ? __pfx___se_sys_keyctl+0x10/0x10 [ 313.304959][T10468] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 313.304977][T10468] ? __fget_files+0x3a0/0x420 [ 313.305000][T10468] ? fput+0xa0/0xd0 [ 313.305019][T10468] ? ksys_write+0x22a/0x250 [ 313.305035][T10468] ? __pfx_ksys_write+0x10/0x10 [ 313.305048][T10468] ? rcu_is_watching+0x15/0xb0 [ 313.305069][T10468] ? do_syscall_64+0xbe/0x3b0 [ 313.305082][T10468] ? __x64_sys_keyctl+0x20/0xc0 [ 313.305098][T10468] do_syscall_64+0xfa/0x3b0 [ 313.305111][T10468] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.305124][T10468] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.305137][T10468] ? clear_bhb_loop+0x60/0xb0 [ 313.305153][T10468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.305166][T10468] RIP: 0033:0x7fea7fb8e929 [ 313.305182][T10468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.305194][T10468] RSP: 002b:00007fea809bb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 313.305209][T10468] RAX: ffffffffffffffda RBX: 00007fea7fdb5fa0 RCX: 00007fea7fb8e929 [ 313.305219][T10468] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000017 [ 313.305228][T10468] RBP: 00007fea809bb090 R08: 0000200000000280 R09: 0000000000000000 [ 313.305237][T10468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.305245][T10468] R13: 0000000000000000 R14: 00007fea7fdb5fa0 R15: 00007fffc6ada868 [ 313.305265][T10468] [ 313.305339][T10468] could not allocate digest TFM handle sha384 [ 313.497104][ T5946] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 313.640092][ T5946] usb 5-1: device descriptor read/8, error -71 [ 313.697151][T10477] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1438'. [ 313.888426][ T5946] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 313.908261][ T5946] usb 5-1: device descriptor read/8, error -71 [ 314.027216][ T5946] usb usb5-port1: unable to enumerate USB device [ 314.124613][T10470] FAULT_INJECTION: forcing a failure. [ 314.124613][T10470] name failslab, interval 1, probability 0, space 0, times 0 [ 314.137527][T10470] CPU: 1 UID: 0 PID: 10470 Comm: syz.1.1436 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 314.137556][T10470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.137569][T10470] Call Trace: [ 314.137578][T10470] [ 314.137588][T10470] dump_stack_lvl+0x189/0x250 [ 314.137623][T10470] ? __pfx____ratelimit+0x10/0x10 [ 314.137644][T10470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 314.137674][T10470] ? __pfx__printk+0x10/0x10 [ 314.137709][T10470] ? __pfx___might_resched+0x10/0x10 [ 314.137739][T10470] should_fail_ex+0x414/0x560 [ 314.137776][T10470] should_failslab+0xa8/0x100 [ 314.137798][T10470] kmem_cache_alloc_noprof+0x73/0x3c0 [ 314.137829][T10470] ? taskstats_exit+0x14a/0xa30 [ 314.137854][T10470] taskstats_exit+0x14a/0xa30 [ 314.137876][T10470] ? tty_audit_exit+0x153/0x200 [ 314.137902][T10470] do_exit+0x630/0x2300 [ 314.137939][T10470] ? do_raw_spin_lock+0x121/0x290 [ 314.137973][T10470] ? __pfx_do_exit+0x10/0x10 [ 314.138021][T10470] do_group_exit+0x21c/0x2d0 [ 314.138039][T10470] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.138063][T10470] get_signal+0x1286/0x1340 [ 314.138109][T10470] arch_do_signal_or_restart+0x9a/0x750 [ 314.138141][T10470] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 314.138182][T10470] ? exit_to_user_mode_loop+0x40/0x110 [ 314.138209][T10470] exit_to_user_mode_loop+0x75/0x110 [ 314.138233][T10470] do_syscall_64+0x2bd/0x3b0 [ 314.138261][T10470] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.138282][T10470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.138302][T10470] ? clear_bhb_loop+0x60/0xb0 [ 314.138328][T10470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.138351][T10470] RIP: 0033:0x7fbd8378e929 [ 314.138370][T10470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.138388][T10470] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 314.138410][T10470] RAX: fffffffffffffdff RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 314.138426][T10470] RDX: 0000000000000004 RSI: 000000000000000b RDI: 000020000000cffc [ 314.138439][T10470] RBP: 00007fbd84644090 R08: 0000200000048000 R09: 0000000000000000 [ 314.138454][T10470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.138467][T10470] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 314.138499][T10470] [ 314.382009][ T92] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 314.546393][ T92] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 314.555630][ T92] usb 6-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3 [ 314.567686][ T92] usb 6-1: Product: syz [ 314.571893][ T92] usb 6-1: Manufacturer: syz [ 314.576500][ T92] usb 6-1: SerialNumber: syz [ 314.602843][T10488] FAULT_INJECTION: forcing a failure. [ 314.602843][T10488] name failslab, interval 1, probability 0, space 0, times 0 [ 314.615772][T10488] CPU: 0 UID: 0 PID: 10488 Comm: syz.1.1443 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 314.615798][T10488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.615810][T10488] Call Trace: [ 314.615818][T10488] [ 314.615826][T10488] dump_stack_lvl+0x189/0x250 [ 314.615858][T10488] ? __pfx____ratelimit+0x10/0x10 [ 314.615868][ T92] r8152-cfgselector 6-1: Unknown version 0x0000 [ 314.615879][T10488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 314.615907][T10488] ? __pfx__printk+0x10/0x10 [ 314.615942][T10488] ? ref_tracker_alloc+0x318/0x460 [ 314.615970][T10488] should_fail_ex+0x414/0x560 [ 314.616011][T10488] should_failslab+0xa8/0x100 [ 314.616035][T10488] kmem_cache_alloc_noprof+0x73/0x3c0 [ 314.616068][T10488] ? skb_clone+0x212/0x3a0 [ 314.616102][T10488] skb_clone+0x212/0x3a0 [ 314.616134][T10488] __netlink_deliver_tap+0x404/0x850 [ 314.616172][T10488] ? netlink_deliver_tap+0x2e/0x1b0 [ 314.616196][T10488] netlink_deliver_tap+0x19c/0x1b0 [ 314.616221][T10488] netlink_unicast+0x730/0x8e0 [ 314.616266][T10488] netlink_sendmsg+0x805/0xb30 [ 314.616300][T10488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.616329][T10488] ? aa_sock_msg_perm+0xf1/0x1d0 [ 314.616358][T10488] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 314.616385][T10488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.616411][T10488] __sock_sendmsg+0x21c/0x270 [ 314.616447][T10488] ____sys_sendmsg+0x505/0x830 [ 314.616488][T10488] ? __pfx_____sys_sendmsg+0x10/0x10 [ 314.616527][T10488] ? import_iovec+0x74/0xa0 [ 314.616560][T10488] ___sys_sendmsg+0x21f/0x2a0 [ 314.616595][T10488] ? __pfx____sys_sendmsg+0x10/0x10 [ 314.616662][T10488] ? __fget_files+0x2a/0x420 [ 314.616690][T10488] ? __fget_files+0x3a0/0x420 [ 314.616728][T10488] __x64_sys_sendmsg+0x19b/0x260 [ 314.616759][T10488] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 314.616796][T10488] ? __pfx_ksys_write+0x10/0x10 [ 314.616818][T10488] ? rcu_is_watching+0x15/0xb0 [ 314.616852][T10488] ? do_syscall_64+0xbe/0x3b0 [ 314.616884][T10488] do_syscall_64+0xfa/0x3b0 [ 314.616905][T10488] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.616926][T10488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.616947][T10488] ? clear_bhb_loop+0x60/0xb0 [ 314.616974][T10488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.616995][T10488] RIP: 0033:0x7fbd8378e929 [ 314.617015][T10488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.617034][T10488] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 314.617056][T10488] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 314.617072][T10488] RDX: 0000000000000840 RSI: 00002000000000c0 RDI: 0000000000000003 [ 314.617086][T10488] RBP: 00007fbd84644090 R08: 0000000000000000 R09: 0000000000000000 [ 314.617100][T10488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.617112][T10488] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 314.617145][T10488] [ 314.617971][T10488] netlink: 'syz.1.1443': attribute type 10 has an invalid length. [ 314.628582][ T92] r8152-cfgselector 6-1: config 0 descriptor?? [ 314.766976][T10488] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1443'. [ 314.941027][T10488] batadv0: entered promiscuous mode [ 314.946259][T10488] batadv0: entered allmulticast mode [ 314.953246][T10488] bridge0: port 3(batadv0) entered blocking state [ 314.964657][T10488] bridge0: port 3(batadv0) entered disabled state [ 314.976982][T10488] bridge0: port 3(batadv0) entered blocking state [ 314.984531][T10488] bridge0: port 3(batadv0) entered forwarding state [ 315.009707][ T92] r8152-cfgselector 6-1: Unknown version 0x0000 [ 315.040728][T10494] netlink: 'syz.4.1446': attribute type 10 has an invalid length. [ 315.043739][ T92] r8152-cfgselector 6-1: bad CDC descriptors [ 315.050147][T10494] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1446'. [ 315.067678][T10494] batadv0: entered promiscuous mode [ 315.072922][T10494] batadv0: entered allmulticast mode [ 315.082236][ T92] r8152-cfgselector 6-1: USB disconnect, device number 30 [ 315.099932][T10494] bridge0: port 3(batadv0) entered blocking state [ 315.114627][T10494] bridge0: port 3(batadv0) entered disabled state [ 315.129396][T10494] bridge0: port 3(batadv0) entered blocking state [ 315.136013][T10494] bridge0: port 3(batadv0) entered forwarding state [ 315.409503][ T49] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 315.419539][ T49] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 315.429207][ T5946] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 315.438712][ T7089] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 315.448167][ T7089] batman_adv: batadv0: MLD Querier appeared [ 315.594276][ T5946] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 315.615170][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.624111][ T5946] usb 5-1: Product: syz [ 315.630288][ T5946] usb 5-1: Manufacturer: syz [ 315.635051][ T5946] usb 5-1: SerialNumber: syz [ 315.653830][ T5946] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 315.688242][ T43] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 315.796066][T10508] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 315.804684][T10508] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 316.156976][ T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 316.310102][T10499] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 316.322490][T10499] VFS: Can't find a romfs filesystem on dev rnullb0. [ 316.322490][T10499] [ 316.336605][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 316.352702][ T10] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 316.359886][T10523] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1458'. [ 316.364229][ T10] usb 6-1: can't read configurations, error -61 [ 316.384904][ T984] usb 5-1: USB disconnect, device number 45 [ 316.517004][ T10] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 316.562944][T10525] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1459'. [ 316.576373][T10525] NILFS (rnullb0): couldn't find nilfs on the device [ 316.617124][ T92] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 316.667219][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 316.674219][ T10] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 316.683896][ T10] usb 6-1: can't read configurations, error -61 [ 316.697657][ T10] usb usb6-port1: attempt power cycle [ 316.792998][ T92] usb 2-1: config 0 has an invalid interface number: 153 but max is 0 [ 316.803164][ T92] usb 2-1: config 0 has no interface number 0 [ 316.811618][ T92] usb 2-1: too many endpoints for config 0 interface 153 altsetting 255: 255, using maximum allowed: 30 [ 316.832535][ T92] usb 2-1: config 0 interface 153 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 316.851888][ T92] usb 2-1: config 0 interface 153 has no altsetting 0 [ 316.869788][ T92] usb 2-1: New USB device found, idVendor=1199, idProduct=6852, bcdDevice=57.34 [ 316.883453][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.891611][ T92] usb 2-1: Product: syz [ 316.895991][ T92] usb 2-1: Manufacturer: syz [ 316.904893][ T92] usb 2-1: SerialNumber: syz [ 316.921390][ T92] usb 2-1: config 0 descriptor?? [ 316.933562][ T92] hub 2-1:0.153: bad descriptor, ignoring hub [ 316.949925][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.956349][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.964427][ T92] hub 2-1:0.153: probe with driver hub failed with error -5 [ 316.984670][ T92] sierra 2-1:0.153: Sierra USB modem converter detected [ 317.037289][ T10] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 317.067804][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 317.075004][ T10] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 317.084229][ T10] usb 6-1: can't read configurations, error -61 [ 317.171862][T10542] QAT: Invalid ioctl 21531 [ 317.192808][ T43] usb 5-1: Service connection timeout for: 256 [ 317.202047][ T43] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 317.210615][ T43] ath9k_htc: Failed to initialize the device [ 317.220585][ T984] usb 5-1: ath9k_htc: USB layer deinitialized [ 317.228798][ T10] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 317.257986][ T92] usb 2-1: USB disconnect, device number 57 [ 317.268743][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 317.270032][ T92] sierra 2-1:0.153: device disconnected [ 317.287827][ T10] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 317.297950][ T10] usb 6-1: can't read configurations, error -61 [ 317.304704][ T10] usb usb6-port1: unable to enumerate USB device [ 317.345131][T10548] syzkaller1: entered promiscuous mode [ 317.351568][T10548] syzkaller1: entered allmulticast mode [ 317.360229][T10548] FAULT_INJECTION: forcing a failure. [ 317.360229][T10548] name failslab, interval 1, probability 0, space 0, times 0 [ 317.373236][T10548] CPU: 0 UID: 0 PID: 10548 Comm: syz.2.1468 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 317.373259][T10548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.373271][T10548] Call Trace: [ 317.373279][T10548] [ 317.373286][T10548] dump_stack_lvl+0x189/0x250 [ 317.373317][T10548] ? __pfx____ratelimit+0x10/0x10 [ 317.373337][T10548] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.373362][T10548] ? __pfx__printk+0x10/0x10 [ 317.373390][T10548] ? __pfx___might_resched+0x10/0x10 [ 317.373413][T10548] ? fs_reclaim_acquire+0x7d/0x100 [ 317.373437][T10548] should_fail_ex+0x414/0x560 [ 317.373469][T10548] should_failslab+0xa8/0x100 [ 317.373488][T10548] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 317.373516][T10548] ? __alloc_skb+0x112/0x2d0 [ 317.373540][T10548] __alloc_skb+0x112/0x2d0 [ 317.373563][T10548] alloc_skb_with_frags+0xca/0x890 [ 317.373584][T10548] ? __might_fault+0xb0/0x130 [ 317.373641][T10548] sock_alloc_send_pskb+0x857/0x990 [ 317.373697][T10548] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 317.373732][T10548] ? iov_iter_advance+0x8b/0x1c0 [ 317.373757][T10548] tun_get_user+0xa43/0x3e20 [ 317.373795][T10548] ? aa_file_perm+0x13e/0x11b0 [ 317.373820][T10548] ? aa_file_perm+0x3ed/0x11b0 [ 317.373843][T10548] ? __pfx_tun_get_user+0x10/0x10 [ 317.373865][T10548] ? _parse_integer_limit+0x1ae/0x1f0 [ 317.373892][T10548] ? __lock_acquire+0xab9/0xd20 [ 317.373918][T10548] ? ref_tracker_alloc+0x318/0x460 [ 317.373934][T10548] ? __lock_acquire+0xab9/0xd20 [ 317.373954][T10548] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 317.373978][T10548] ? tun_get+0x1c/0x2f0 [ 317.374012][T10548] ? tun_get+0x1c/0x2f0 [ 317.374034][T10548] ? tun_get+0x1c/0x2f0 [ 317.374059][T10548] tun_chr_write_iter+0x113/0x200 [ 317.374085][T10548] vfs_write+0x54b/0xa90 [ 317.374109][T10548] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 317.374133][T10548] ? __pfx_vfs_write+0x10/0x10 [ 317.374162][T10548] ? __fget_files+0x2a/0x420 [ 317.374194][T10548] ksys_write+0x145/0x250 [ 317.374217][T10548] ? __pfx_ksys_write+0x10/0x10 [ 317.374235][T10548] ? rcu_is_watching+0x15/0xb0 [ 317.374262][T10548] ? do_syscall_64+0xbe/0x3b0 [ 317.374286][T10548] do_syscall_64+0xfa/0x3b0 [ 317.374303][T10548] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.374321][T10548] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.374339][T10548] ? clear_bhb_loop+0x60/0xb0 [ 317.374361][T10548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.374378][T10548] RIP: 0033:0x7faad8d8e929 [ 317.374395][T10548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.374409][T10548] RSP: 002b:00007faad9c9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.374428][T10548] RAX: ffffffffffffffda RBX: 00007faad8fb5fa0 RCX: 00007faad8d8e929 [ 317.374441][T10548] RDX: 0000000000000036 RSI: 0000200000000240 RDI: 0000000000000003 [ 317.374453][T10548] RBP: 00007faad9c9d090 R08: 0000000000000000 R09: 0000000000000000 [ 317.374464][T10548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.374475][T10548] R13: 0000000000000000 R14: 00007faad8fb5fa0 R15: 00007ffdf5aead58 [ 317.374502][T10548] [ 317.804235][T10552] syzkaller1: entered promiscuous mode [ 317.816040][T10552] syzkaller1: entered allmulticast mode [ 317.885157][T10554] XFS (rnullb0): Invalid superblock magic number [ 318.014442][T10564] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 318.116164][T10567] FAULT_INJECTION: forcing a failure. [ 318.116164][T10567] name failslab, interval 1, probability 0, space 0, times 0 [ 318.135730][T10567] CPU: 1 UID: 0 PID: 10567 Comm: syz.1.1473 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 318.135758][T10567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 318.135771][T10567] Call Trace: [ 318.135779][T10567] [ 318.135788][T10567] dump_stack_lvl+0x189/0x250 [ 318.135822][T10567] ? __pfx____ratelimit+0x10/0x10 [ 318.135843][T10567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.135870][T10567] ? __pfx__printk+0x10/0x10 [ 318.135910][T10567] should_fail_ex+0x414/0x560 [ 318.135945][T10567] should_failslab+0xa8/0x100 [ 318.135967][T10567] __kmalloc_noprof+0xcb/0x4f0 [ 318.135994][T10567] ? vmci_handle_arr_create+0x71/0x140 [ 318.136014][T10567] ? __raw_spin_lock_init+0x45/0x100 [ 318.136047][T10567] vmci_handle_arr_create+0x71/0x140 [ 318.136071][T10567] vmci_ctx_create+0x1fe/0x650 [ 318.136108][T10567] vmci_host_unlocked_ioctl+0x1a55/0x2650 [ 318.136137][T10567] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 318.136182][T10567] ? kasan_quarantine_put+0xdd/0x220 [ 318.136227][T10567] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 318.136250][T10567] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 318.136272][T10567] ? do_vfs_ioctl+0xbe8/0x1430 [ 318.136295][T10567] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 318.136328][T10567] ? __lock_acquire+0xab9/0xd20 [ 318.136370][T10567] ? __fget_files+0x2a/0x420 [ 318.136398][T10567] ? __fget_files+0x2a/0x420 [ 318.136421][T10567] ? __fget_files+0x3a0/0x420 [ 318.136444][T10567] ? __fget_files+0x2a/0x420 [ 318.136472][T10567] ? bpf_lsm_file_ioctl+0x9/0x20 [ 318.136500][T10567] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 318.136523][T10567] __se_sys_ioctl+0xfc/0x170 [ 318.136544][T10567] do_syscall_64+0xfa/0x3b0 [ 318.136564][T10567] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.136582][T10567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.136602][T10567] ? clear_bhb_loop+0x60/0xb0 [ 318.136626][T10567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.136645][T10567] RIP: 0033:0x7fbd8378e929 [ 318.136662][T10567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.136679][T10567] RSP: 002b:00007fbd84644038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.136702][T10567] RAX: ffffffffffffffda RBX: 00007fbd839b5fa0 RCX: 00007fbd8378e929 [ 318.136717][T10567] RDX: 0000200000000040 RSI: 00000000000007a0 RDI: 0000000000000004 [ 318.136729][T10567] RBP: 00007fbd84644090 R08: 0000000000000000 R09: 0000000000000000 [ 318.136742][T10567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.136753][T10567] R13: 0000000000000000 R14: 00007fbd839b5fa0 R15: 00007fffaaaa2dd8 [ 318.136783][T10567] [ 318.508003][T10579] syzkaller1: entered promiscuous mode [ 318.513620][T10579] syzkaller1: entered allmulticast mode [ 318.697390][ T92] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 318.856987][ T92] usb 2-1: Using ep0 maxpacket: 8 [ 318.865745][ T92] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 318.874318][ T92] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 318.884218][ T92] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 318.895650][ T92] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 318.909584][ T92] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 318.923601][ T92] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 318.935567][ T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.088563][T10596] input: syz1 as /devices/virtual/input/input27 [ 319.155766][ T92] usb 2-1: GET_CAPABILITIES returned 0 [ 319.169309][ T92] usbtmc 2-1:16.0: can't read capabilities [ 319.271172][T10602] ./cgroup: Can't lookup blockdev [ 319.363020][ T43] usb 2-1: USB disconnect, device number 58 [ 319.533483][T10615] gfs2: not a GFS2 filesystem [ 319.536374][T10614] FAULT_INJECTION: forcing a failure. [ 319.536374][T10614] name failslab, interval 1, probability 0, space 0, times 0 [ 319.554951][T10614] CPU: 1 UID: 0 PID: 10614 Comm: syz.4.1486 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 319.554969][T10614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.554978][T10614] Call Trace: [ 319.554984][T10614] [ 319.554991][T10614] dump_stack_lvl+0x189/0x250 [ 319.555014][T10614] ? __pfx____ratelimit+0x10/0x10 [ 319.555029][T10614] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.555049][T10614] ? __pfx__printk+0x10/0x10 [ 319.555075][T10614] ? ref_tracker_alloc+0x318/0x460 [ 319.555099][T10614] should_fail_ex+0x414/0x560 [ 319.555134][T10614] should_failslab+0xa8/0x100 [ 319.555166][T10614] kmem_cache_alloc_noprof+0x73/0x3c0 [ 319.555187][T10614] ? skb_clone+0x212/0x3a0 [ 319.555209][T10614] skb_clone+0x212/0x3a0 [ 319.555229][T10614] __netlink_deliver_tap+0x404/0x850 [ 319.555252][T10614] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.555268][T10614] netlink_deliver_tap+0x19c/0x1b0 [ 319.555283][T10614] netlink_unicast+0x730/0x8e0 [ 319.555313][T10614] netlink_sendmsg+0x805/0xb30 [ 319.555334][T10614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.555352][T10614] ? aa_sock_msg_perm+0xf1/0x1d0 [ 319.555370][T10614] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 319.555387][T10614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.555403][T10614] __sock_sendmsg+0x21c/0x270 [ 319.555426][T10614] ____sys_sendmsg+0x505/0x830 [ 319.555447][T10614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.555470][T10614] ? import_iovec+0x74/0xa0 [ 319.555492][T10614] ___sys_sendmsg+0x21f/0x2a0 [ 319.555510][T10614] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.555552][T10614] ? __fget_files+0x2a/0x420 [ 319.555569][T10614] ? __fget_files+0x3a0/0x420 [ 319.555594][T10614] __x64_sys_sendmsg+0x19b/0x260 [ 319.555613][T10614] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 319.555637][T10614] ? __pfx_ksys_write+0x10/0x10 [ 319.555650][T10614] ? rcu_is_watching+0x15/0xb0 [ 319.555672][T10614] ? do_syscall_64+0xbe/0x3b0 [ 319.555689][T10614] do_syscall_64+0xfa/0x3b0 [ 319.555703][T10614] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.555716][T10614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.555729][T10614] ? clear_bhb_loop+0x60/0xb0 [ 319.555746][T10614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.555760][T10614] RIP: 0033:0x7f3de0d8e929 [ 319.555772][T10614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.555783][T10614] RSP: 002b:00007f3de1c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.555798][T10614] RAX: ffffffffffffffda RBX: 00007f3de0fb5fa0 RCX: 00007f3de0d8e929 [ 319.555808][T10614] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000009 [ 319.555816][T10614] RBP: 00007f3de1c31090 R08: 0000000000000000 R09: 0000000000000000 [ 319.555824][T10614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.555832][T10614] R13: 0000000000000000 R14: 00007f3de0fb5fa0 R15: 00007fff3198c358 [ 319.555852][T10614] [ 319.857979][T10576] omfs: Invalid superblock (0) [ 319.939621][T10620] FAULT_INJECTION: forcing a failure. [ 319.939621][T10620] name failslab, interval 1, probability 0, space 0, times 0 [ 319.961524][T10620] CPU: 1 UID: 0 PID: 10620 Comm: syz.4.1487 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 319.961550][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.961561][T10620] Call Trace: [ 319.961569][T10620] [ 319.961577][T10620] dump_stack_lvl+0x189/0x250 [ 319.961608][T10620] ? __pfx____ratelimit+0x10/0x10 [ 319.961626][T10620] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.961669][T10620] ? __pfx__printk+0x10/0x10 [ 319.961718][T10620] ? __lock_acquire+0xab9/0xd20 [ 319.961745][T10620] should_fail_ex+0x414/0x560 [ 319.961780][T10620] should_failslab+0xa8/0x100 [ 319.961801][T10620] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 319.961831][T10620] ? __alloc_skb+0x112/0x2d0 [ 319.961856][T10620] __alloc_skb+0x112/0x2d0 [ 319.961882][T10620] xfrm_send_acquire+0x154/0xee0 [ 319.961911][T10620] ? __pfx_xfrm_send_acquire+0x10/0x10 [ 319.961933][T10620] ? xfrm_init_tempstate+0xab6/0x1290 [ 319.961962][T10620] ? km_query+0x2e/0x210 [ 319.961992][T10620] km_query+0x11c/0x210 [ 319.962017][T10620] ? km_query+0x2e/0x210 [ 319.962046][T10620] xfrm_state_find+0x3bca/0x5400 [ 319.962073][T10620] ? __lock_acquire+0xab9/0xd20 [ 319.962115][T10620] ? xfrm_state_find+0x1da/0x5400 [ 319.962153][T10620] ? __pfx_xfrm_state_find+0x10/0x10 [ 319.962192][T10620] ? __lock_acquire+0xab9/0xd20 [ 319.962220][T10620] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 319.962275][T10620] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 319.962296][T10620] ? __lock_acquire+0xab9/0xd20 [ 319.962338][T10620] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 319.962365][T10620] ? rt_set_nexthop+0x693/0xa80 [ 319.962399][T10620] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 319.962426][T10620] ? xfrm_expand_policies+0x41f/0x6a0 [ 319.962453][T10620] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 319.962484][T10620] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 319.962520][T10620] xfrm_lookup_route+0x3c/0x1c0 [ 319.962544][T10620] udp_sendmsg+0x140c/0x2300 [ 319.962575][T10620] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 319.962609][T10620] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 319.962635][T10620] ? __pfx_udp_sendmsg+0x10/0x10 [ 319.962670][T10620] ? count_memcg_event_mm+0x21/0x260 [ 319.962703][T10620] ? count_memcg_event_mm+0x21/0x260 [ 319.962743][T10620] ? __pfx_aa_sk_perm+0x10/0x10 [ 319.962763][T10620] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 319.962793][T10620] ? sock_rps_record_flow+0x19/0x410 [ 319.962824][T10620] ? inet_sendmsg+0x29c/0x370 [ 319.962850][T10620] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 319.962887][T10620] __sock_sendmsg+0x19c/0x270 [ 319.962917][T10620] ____sys_sendmsg+0x52d/0x830 [ 319.962945][T10620] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.962977][T10620] ? import_iovec+0x74/0xa0 [ 319.963005][T10620] ___sys_sendmsg+0x21f/0x2a0 [ 319.963030][T10620] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.963088][T10620] ? __fget_files+0x2a/0x420 [ 319.963111][T10620] ? __fget_files+0x3a0/0x420 [ 319.963150][T10620] __sys_sendmmsg+0x227/0x430 [ 319.963178][T10620] ? __pfx___sys_sendmmsg+0x10/0x10 [ 319.963199][T10620] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 319.963244][T10620] ? ksys_write+0x22a/0x250 [ 319.963267][T10620] ? __pfx_ksys_write+0x10/0x10 [ 319.963284][T10620] ? rcu_is_watching+0x15/0xb0 [ 319.963314][T10620] __x64_sys_sendmmsg+0xa0/0xc0 [ 319.963339][T10620] do_syscall_64+0xfa/0x3b0 [ 319.963357][T10620] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.963374][T10620] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.963392][T10620] ? clear_bhb_loop+0x60/0xb0 [ 319.963414][T10620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.963432][T10620] RIP: 0033:0x7f3de0d8e929 [ 319.963449][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.963482][T10620] RSP: 002b:00007f3de1c10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 319.963502][T10620] RAX: ffffffffffffffda RBX: 00007f3de0fb6080 RCX: 00007f3de0d8e929 [ 319.963516][T10620] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003 [ 319.963527][T10620] RBP: 00007f3de1c10090 R08: 0000000000000000 R09: 0000000000000000 [ 319.963539][T10620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.963550][T10620] R13: 0000000000000000 R14: 00007f3de0fb6080 R15: 00007fff3198c358 [ 319.963578][T10620] [ 320.777364][ T31] INFO: task syz.0.548:7604 blocked for more than 143 seconds. [ 320.835576][ T31] Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 [ 320.869399][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 320.906246][ T31] task:syz.0.548 state:D stack:27296 pid:7604 tgid:7603 ppid:5843 task_flags:0x400040 flags:0x00004004 [ 320.938284][ T31] Call Trace: [ 320.941621][ T31] [ 320.944652][ T31] __schedule+0x16fd/0x4cf0 [ 320.966841][T10648] FAULT_INJECTION: forcing a failure. [ 320.966841][T10648] name failslab, interval 1, probability 0, space 0, times 0 [ 320.985060][ T31] ? do_filp_open+0x1fa/0x410 [ 320.990319][ T31] ? do_sys_openat2+0x121/0x1c0 [ 320.995509][T10648] CPU: 1 UID: 0 PID: 10648 Comm: syz.2.1492 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 320.995533][T10648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.995545][T10648] Call Trace: [ 320.995553][T10648] [ 320.995560][T10648] dump_stack_lvl+0x189/0x250 [ 320.995589][T10648] ? __pfx____ratelimit+0x10/0x10 [ 320.995608][T10648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.995633][T10648] ? __pfx__printk+0x10/0x10 [ 320.995663][T10648] ? __lock_acquire+0xab9/0xd20 [ 320.995706][T10648] should_fail_ex+0x414/0x560 [ 320.995740][T10648] should_failslab+0xa8/0x100 [ 320.995761][T10648] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 320.995789][T10648] ? __alloc_skb+0x112/0x2d0 [ 320.995814][T10648] __alloc_skb+0x112/0x2d0 [ 320.995839][T10648] xfrm_send_acquire+0x154/0xee0 [ 320.995867][T10648] ? __pfx_xfrm_send_acquire+0x10/0x10 [ 320.995888][T10648] ? xfrm_init_tempstate+0xab6/0x1290 [ 320.995918][T10648] ? km_query+0x2e/0x210 [ 320.995954][T10648] km_query+0x11c/0x210 [ 320.995978][T10648] ? km_query+0x2e/0x210 [ 320.996008][T10648] xfrm_state_find+0x3bca/0x5400 [ 320.996034][T10648] ? __lock_acquire+0xab9/0xd20 [ 320.996075][T10648] ? xfrm_state_find+0x1da/0x5400 [ 320.996108][T10648] ? __pfx_xfrm_state_find+0x10/0x10 [ 320.996145][T10648] ? __lock_acquire+0xab9/0xd20 [ 320.996171][T10648] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 320.996223][T10648] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 320.996245][T10648] ? __lock_acquire+0xab9/0xd20 [ 320.996286][T10648] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 320.996312][T10648] ? rt_set_nexthop+0x693/0xa80 [ 320.996350][T10648] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 320.996375][T10648] ? xfrm_expand_policies+0x41f/0x6a0 [ 320.996401][T10648] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 320.996431][T10648] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 320.996466][T10648] xfrm_lookup_route+0x3c/0x1c0 [ 320.996489][T10648] udp_sendmsg+0x140c/0x2300 [ 320.996520][T10648] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 320.996552][T10648] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 320.996578][T10648] ? __pfx_udp_sendmsg+0x10/0x10 [ 320.996612][T10648] ? count_memcg_event_mm+0x21/0x260 [ 320.996645][T10648] ? count_memcg_event_mm+0x21/0x260 [ 320.996683][T10648] ? __pfx_aa_sk_perm+0x10/0x10 [ 320.996703][T10648] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 320.996732][T10648] ? sock_rps_record_flow+0x19/0x410 [ 320.996762][T10648] ? inet_sendmsg+0x29c/0x370 [ 320.996787][T10648] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 320.996814][T10648] __sock_sendmsg+0x19c/0x270 [ 320.996845][T10648] ____sys_sendmsg+0x52d/0x830 [ 320.996874][T10648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 320.996907][T10648] ? import_iovec+0x74/0xa0 [ 320.996943][T10648] ___sys_sendmsg+0x21f/0x2a0 [ 320.996968][T10648] ? __pfx____sys_sendmsg+0x10/0x10 [ 320.997024][T10648] ? __fget_files+0x2a/0x420 [ 320.997048][T10648] ? __fget_files+0x3a0/0x420 [ 320.997101][T10648] __sys_sendmmsg+0x227/0x430 [ 320.997133][T10648] ? __pfx___sys_sendmmsg+0x10/0x10 [ 320.997156][T10648] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 320.997227][T10648] ? ksys_write+0x22a/0x250 [ 320.997254][T10648] ? __pfx_ksys_write+0x10/0x10 [ 320.997275][T10648] ? rcu_is_watching+0x15/0xb0 [ 320.997310][T10648] __x64_sys_sendmmsg+0xa0/0xc0 [ 320.997338][T10648] do_syscall_64+0xfa/0x3b0 [ 320.997360][T10648] ? lockdep_hardirqs_on+0x9c/0x150 [ 320.997380][T10648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.997402][T10648] ? clear_bhb_loop+0x60/0xb0 [ 320.997427][T10648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.997446][T10648] RIP: 0033:0x7faad8d8e929 [ 320.997467][T10648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.997485][T10648] RSP: 002b:00007faad9c7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 320.997506][T10648] RAX: ffffffffffffffda RBX: 00007faad8fb6080 RCX: 00007faad8d8e929 [ 320.997522][T10648] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005 [ 320.997536][T10648] RBP: 00007faad9c7c090 R08: 0000000000000000 R09: 0000000000000000 [ 320.997549][T10648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.997562][T10648] R13: 0000000000000000 R14: 00007faad8fb6080 R15: 00007ffdf5aead58 [ 320.997593][T10648] [ 321.024797][ T31] ? __lock_acquire+0xab9/0xd20 [ 321.045021][T10648] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 321.058673][ T31] ? schedule+0x165/0x360 [ 321.437752][ T31] ? __pfx___schedule+0x10/0x10 [ 321.442673][ T31] ? schedule+0x91/0x360 [ 321.447009][ T31] schedule+0x165/0x360 [ 321.452161][ T31] schedule_preempt_disabled+0x13/0x30 [ 321.457724][ T31] __mutex_lock+0x724/0xe80 [ 321.462256][ T31] ? __mutex_lock+0x51b/0xe80 [ 321.467085][ T31] ? bdev_open+0xe0/0xd30 [ 321.471448][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 321.476492][ T31] ? wait_on_inode+0xc0/0x230 [ 321.481276][ T31] ? kobject_get_unless_zero+0x161/0x1f0 [ 321.487143][ T31] ? disk_block_events+0xab/0x120 [ 321.492218][ T31] ? bdev_open+0xaf/0xd30 [ 321.496589][ T31] bdev_open+0xe0/0xd30 [ 321.500877][ T31] blkdev_open+0x3a8/0x510 [ 321.505348][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 321.510386][ T31] do_dentry_open+0x950/0x13f0 [ 321.515194][ T31] vfs_open+0x3b/0x340 [ 321.519343][ T31] ? path_openat+0x2ecd/0x3830 [ 321.524137][ T31] path_openat+0x2ee5/0x3830 [ 321.528822][ T31] ? arch_stack_walk+0xfc/0x150 [ 321.533742][ T31] ? __pfx_path_openat+0x10/0x10 [ 321.538743][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.544847][ T31] do_filp_open+0x1fa/0x410 [ 321.549608][ T31] ? __lock_acquire+0xab9/0xd20 [ 321.555122][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 321.560253][ T31] ? _raw_spin_unlock+0x28/0x50 [ 321.565130][ T31] ? alloc_fd+0x64c/0x6c0 [ 321.569558][ T31] do_sys_openat2+0x121/0x1c0 [ 321.574266][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 321.579522][ T31] ? exc_page_fault+0x76/0xf0 [ 321.584218][ T31] ? do_user_addr_fault+0xc8a/0x1390 [ 321.589572][ T31] __x64_sys_openat+0x138/0x170 [ 321.594455][ T31] do_syscall_64+0xfa/0x3b0 [ 321.599030][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.604250][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.610413][ T31] ? clear_bhb_loop+0x60/0xb0 [ 321.615111][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.621054][ T31] RIP: 0033:0x7f95baf8d290 [ 321.625484][ T31] RSP: 002b:00007f95bbe2fb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 321.633983][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95baf8d290 [ 321.642919][ T31] RDX: 0000000000000000 RSI: 00007f95bbe2fc10 RDI: 00000000ffffff9c [ 321.651605][ T31] RBP: 00007f95bbe2fc10 R08: 0000000000000000 R09: 002364626e2f7665 [ 321.661665][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 321.696950][ T31] R13: 0000000000000001 R14: 00007f95bb1b5fa0 R15: 00007ffe46269cb8 [ 321.704996][ T31] [ 321.737055][ T31] [ 321.737055][ T31] Showing all locks held in the system: [ 321.744818][ T31] 1 lock held by khungtaskd/31: [ 321.775533][ T31] #0: ffffffff8e53e2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 321.786251][ T31] 2 locks held by getty/5607: [ 321.791834][ T31] #0: ffff8880301c70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 321.801929][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 321.812167][ T31] 1 lock held by udevd/5847: [ 321.816762][ T31] #0: ffff888142f95358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 321.826140][ T31] 1 lock held by syz.0.548/7604: [ 321.831129][ T31] #0: ffff888142f95358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 321.840443][ T31] 1 lock held by syz.1.1491/10646: [ 321.845556][ T31] #0: ffffffff8e543d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 321.855597][ T31] [ 321.860790][ T31] ============================================= [ 321.860790][ T31] [ 321.873238][ T31] NMI backtrace for cpu 0 [ 321.873255][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 321.873287][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 321.873299][ T31] Call Trace: [ 321.873306][ T31] [ 321.873315][ T31] dump_stack_lvl+0x189/0x250 [ 321.873361][ T31] ? __wake_up_klogd+0xd9/0x110 [ 321.873394][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.873421][ T31] ? __pfx__printk+0x10/0x10 [ 321.873460][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 321.873490][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 321.873515][ T31] ? _printk+0xcf/0x120 [ 321.873546][ T31] ? __pfx__printk+0x10/0x10 [ 321.873576][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 321.873601][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 321.873630][ T31] watchdog+0xfee/0x1030 [ 321.873652][ T31] ? watchdog+0x1de/0x1030 [ 321.873681][ T31] kthread+0x70e/0x8a0 [ 321.873712][ T31] ? __pfx_watchdog+0x10/0x10 [ 321.873731][ T31] ? __pfx_kthread+0x10/0x10 [ 321.873761][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 321.873789][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.873806][ T31] ? __pfx_kthread+0x10/0x10 [ 321.873836][ T31] ret_from_fork+0x3f9/0x770 [ 321.873862][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 321.873901][ T31] ? __switch_to_asm+0x39/0x70 [ 321.873918][ T31] ? __switch_to_asm+0x33/0x70 [ 321.873934][ T31] ? __pfx_kthread+0x10/0x10 [ 321.873963][ T31] ret_from_fork_asm+0x1a/0x30 [ 321.873996][ T31] [ 321.874003][ T31] Sending NMI from CPU 0 to CPUs 1: [ 322.037597][ C1] NMI backtrace for cpu 1 [ 322.037615][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 322.037642][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.037654][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 322.037678][ C1] Code: 93 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 8a 28 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 322.037692][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 322.037708][ C1] RAX: 6eed4188760a8500 RBX: ffffffff8196d288 RCX: 6eed4188760a8500 [ 322.037721][ C1] RDX: 0000000000000001 RSI: ffffffff8dc6ad3b RDI: ffffffff8c04f280 [ 322.037733][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 322.037746][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fe40a30 [ 322.037758][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a57b40 [ 322.037770][ C1] FS: 0000000000000000(0000) GS:ffff8881258aa000(0000) knlGS:0000000000000000 [ 322.037783][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 322.037795][ C1] CR2: 00007faad8f85338 CR3: 0000000077eac000 CR4: 00000000003526f0 [ 322.037810][ C1] DR0: 0000000000008000 DR1: 0000000000000000 DR2: 0000000000000000 [ 322.037821][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 322.037832][ C1] Call Trace: [ 322.037839][ C1] [ 322.037845][ C1] default_idle+0x13/0x20 [ 322.037866][ C1] default_idle_call+0x74/0xb0 [ 322.037888][ C1] do_idle+0x1e8/0x510 [ 322.037909][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 322.037930][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.037947][ C1] ? __pfx_do_idle+0x10/0x10 [ 322.037974][ C1] ? do_idle+0x4ef/0x510 [ 322.037998][ C1] cpu_startup_entry+0x44/0x60 [ 322.038020][ C1] start_secondary+0x101/0x110 [ 322.038039][ C1] common_startup_64+0x13e/0x147 [ 322.038064][ C1] [ 322.038634][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 322.238301][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 322.249582][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.259638][ T31] Call Trace: [ 322.262916][ T31] [ 322.265842][ T31] dump_stack_lvl+0x99/0x250 [ 322.270444][ T31] ? __asan_memcpy+0x40/0x70 [ 322.275035][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.280232][ T31] ? __pfx__printk+0x10/0x10 [ 322.284854][ T31] vpanic+0x281/0x750 [ 322.288844][ T31] ? __pfx_vpanic+0x10/0x10 [ 322.293345][ T31] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 322.298887][ T31] ? preempt_schedule+0xae/0xc0 [ 322.303750][ T31] ? preempt_schedule_common+0x83/0xd0 [ 322.309216][ T31] panic+0xb9/0xc0 [ 322.312940][ T31] ? __pfx_panic+0x10/0x10 [ 322.317357][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 322.322730][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 322.328888][ T31] watchdog+0x102d/0x1030 [ 322.333218][ T31] ? watchdog+0x1de/0x1030 [ 322.337646][ T31] kthread+0x70e/0x8a0 [ 322.341731][ T31] ? __pfx_watchdog+0x10/0x10 [ 322.346406][ T31] ? __pfx_kthread+0x10/0x10 [ 322.351001][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 322.356200][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.361394][ T31] ? __pfx_kthread+0x10/0x10 [ 322.365982][ T31] ret_from_fork+0x3f9/0x770 [ 322.370575][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 322.375709][ T31] ? __switch_to_asm+0x39/0x70 [ 322.380470][ T31] ? __switch_to_asm+0x33/0x70 [ 322.385223][ T31] ? __pfx_kthread+0x10/0x10 [ 322.389816][ T31] ret_from_fork_asm+0x1a/0x30 [ 322.394583][ T31] [ 322.397860][ T31] Kernel Offset: disabled [ 322.402179][ T31] Rebooting in 86400 seconds..