last executing test programs: 5.002555845s ago: executing program 2 (id=1693): r0 = socket(0xa, 0x3, 0x3a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68736c00000000140001"], 0xfc}}, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x8, 0x12, 0xffffffffffffffff, 0xfffff000) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f3", 0x74}], 0x1}, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000001c0)=0x1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0xf, 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r5, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) sendfile(r6, r5, &(0x7f0000000080)=0x1, 0x5) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0xac, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x71}, {0x6, 0x16, 0x8}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0x3}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r7, &(0x7f0000000240)=ANY=[@ANYBLOB="0000020008"], 0xe) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYRES64=r7, @ANYRES16=r3, @ANYRES32=r1], 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, &(0x7f0000000000)=0x9, 0x4) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x6}, 0xc) 4.76468363s ago: executing program 2 (id=1697): syz_emit_ethernet(0x3e, &(0x7f0000000240)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x30, 0x80, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x6, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x69, 0x4, 0x0, 0x33, 0x0, @rand_addr=0x64010101, @local}}}}}}, 0x0) 4.575435509s ago: executing program 2 (id=1699): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) accept4(r0, 0x0, 0x0, 0x80000) 4.296803421s ago: executing program 2 (id=1703): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, 0x1403, 0x1, 0x70bd27, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x20000800) 4.083122007s ago: executing program 4 (id=1707): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000280)=0x100, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 3.925333353s ago: executing program 4 (id=1710): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = getuid() sendmsg$nl_generic(r2, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="cc0100003500000226bd7000fcdbdf25000000f207bb3002000000011400ef0000000000000000000000ffffe000000108004a00", @ANYRES32=r3, @ANYBLOB="a4644521cd99f5c34f02c974a44cd27d721820e53718dd84a9dd16436af512dd9665297bbbf3e4b56feea906df283a96a75d8ec74ef4f671d9396cd3b2a163d6ee7bfd21066481c4d8b8349d18e5d18f8313cd7487d93f88e24739db2f058f7085637eea21c59558e7304bb7fec7bf2247ef8d75c253e95276ccd1a0bb8594e8858a6c1d8d9f3e8313349d66fb42f23da065e39ef041339a8856b6f96337b74921c65c8c74ec0a30e0c2ba6c0022bea2e60284026bc32804472138070bb0d355083cfd87e8c03914bf3425262ba5bee593673cb14f07ad2c376c05dddfdd6809f46d425e6767ec40612c9f62842291ccb5b1f7f3080092000400000076b7954c76e161e89a720cecf75315a08b366e5aff3e25458da66fab74887e1be2348cc778fba23c9fc26d03c41308c3135fd633650ddf516b947757755ed8"], 0x1cc}}, 0x801) sendmsg$netlink(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000640)=ANY=[@ANYBLOB="100000002e0001002abd7000000000003065390aa02c2110b684793f375a6ec6324879052a5f077a58ea68cc250d16a6b4e98e43c2cf5b5fa8b56a60151d30a433963ee90259467cdcd19dcc06a4c763f9cffa579aa08f"], 0x10}], 0x1}, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0)="230000000100", 0x6) getsockname$packet(0xffffffffffffffff, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000800)=0x14) socket$nl_route(0x10, 0x3, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendto$isdn(r2, &(0x7f0000000580)={0x200, 0x6, "2e15e70449612961e82ba3e090ae7ccafce6b348db4feab34744efee0b16b5851966fced460d1ef2507d2ef42e8192b0acdc160f849984b59e0a9f2f1860e86673cd99539a3c6667c5689531e3"}, 0x55, 0x40000c1, &(0x7f00000006c0)={0x22, 0x7, 0x59, 0x8, 0x80}, 0x6) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000740)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) sendmmsg(r0, &(0x7f000000ca40)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000000c0)="cfe6dde0c37efdbb43dc9b530735ea4ad3bf3cff834a5e80ea0801a83a3b9dbe6b7bf3c289f5c083a73c6d1fdf2caec8388cccb3f13cca087d2a42b6fd5cbcfc4812ae7551c08ea285e17540f689e769433ab0eefa6e88bc818c9c6e10753912699110c240bcbdefe5", 0x69}, {&(0x7f0000000940)="0f68da5a969f8065e077d661a4d4c420863c8d5411b307e80c362c2a68c3cde331099ed6ee5b6fff63348a99366160fd681719cebc59944d79891173a4de56bfe45f5d9ae359d3577da2701a78de9ada0ec6beec3ad73156b4a1871b6a760f952a2ade1d8439fc64ccd9812604f898227ecb6a317553390de3068b6060865184ba9ff9684bf5b527929482dee1f75506fb6966bc2536c68df99d385523ee0c1d6b03f4baf35ead8ea429e820f2dfbcab27fb62840c28438b0004e5214e4388a28be416f31a2c954d0f59ac5a13259880523a499ead753ff73d024d0ca8b36b80d16f106f961a78228e8fd83510cb571e3f8f189646289bc3846918c066142131433a589be2d5b10a24a6789f95a8dbb8977366af96ae9ac7f2b995a7d0ce0690b69816082103d8f663b76f2a08be5e710cf1039ba7988f5b42647f237c506c100086d235eead18e977e3371ba1cd12e1ed774039bb233d4693825237f8b20dcb803c13b135da186c684a5f4d3126222b48015b3059d1620446a43d21a58bf089443b0a32b5abddf203c9eaf9fd4037062527a1298817ee5dbcfd605c2bfd98b2bc01ed856de96e7e28cc86c4f2802b607fe1f4f09d1c2172a983b75f454ed7b8ddc09287a730b9c99814cb7f3755dc83477de169dc9fc20790c7745c083f850238fabf3cf12a033866f7aa7539ba92c7b03c30a2a9825aebc79a737500012f9e90b970716a5d72e0dfce8f37980dcc529476a42268c7522801fd5ff8d6d716814a267f9beee53892be8a682eaf3d8e00ab87c61ab01852c44d0e7698c07854f3409e787cc8fd9a734e60e4cb934b26694d8f9533cb8c18a12922d29cd826b6189686d1ec06786adbb85cb67eefb96507222535847c1c500cc974dc67ad94d8ca5d848b4569734ae78e9bda931ec633192fcfe0041f698f508e36c647f442779fb1517f03c17b384ed5db98932fb610cc84b31c0215558a5dfe78e9363fa03e13b52db2052cbbbf6920f20df9b47468927c1675ecffffffff5cc36031a5bd70f7839a92cecd7f9f7150e22bfe486e3c5ab29dd4e64837f1995d2281662e81e72a1f7f9e438d2fa375dbbeb5f300fdc4f5c1a9632e5adbac40d0b8480147a4634b9b0d6d15cf54849733284e59650a01cef9fe49285f1c9083bcd6e60736906965a5bcc15b3cd85c585fdedf92fac9750ed88fca2dd32141eceef68ca74be399d0fc2543ce927ed237d1f2a0a26895be2f9fa8d5c4fddc224ae36575dc61c5560bbdeac3e93d163750ab82b9cccd14d75fb48becf02dd3be945e9c9373385e53ea2e1fa93da7a6ffb3aa59698b034266fc12a2c52f2c98c13329ac7cd2bbe04922e1fd6bbe1a0d0070713425fe2fe438ef6df7edea827614b75a40e91fa82eee91e4e7ae04b2681be125db4e21ee3c5ce9a0964d9e4171fd69d02f05ee71b27b3f8094a52ca1e8f29c9a2d6c7e2b4702aec5a86362dffecb35af08342f57518574559b08ca1b5419753d8c1647a57e172c26fecacf989f900f6e60842f1d86bee0649efd59d6d349d84af9cfdb9556e3f34de726a0e282bf13828d81e24567b259ebde085212aa7c1ab4e92801b8afaf522c298537bb5d2e4bf460d05685a4942679c7b4ca2176e5e663262f67b1e50cc4ee713284e1656d0227bf4d40aa47afdc4401004460b8e691e442c4d554a70a655d135d904d2c0103cf4f1639df5084e144b6", 0x4c2}], 0x2}}], 0x1, 0x40) 3.799248022s ago: executing program 0 (id=1712): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000002000000040000000640000045000000", @ANYRES32=r0], 0x50) 3.702894692s ago: executing program 0 (id=1713): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000ff7f0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) pipe(&(0x7f0000000480)={0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0xc) splice(r1, 0x0, r2, 0x0, 0x10d00, 0xf) 3.543647955s ago: executing program 0 (id=1715): unshare(0x22020600) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000000)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffffc, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast]}, 0x40) 3.512878647s ago: executing program 0 (id=1716): unshare(0x2000400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0xc, 0x42, 0x40, 0xc0, 0x1}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x16c5, r0, 0x0, 0x500}, 0x38) 3.347235905s ago: executing program 0 (id=1718): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x3e, &(0x7f0000000700)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000}}}}}}, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000000314010028bd7000f6dbdf250900020073797a31001800000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x884}, 0x810) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x1, 0x9}, 0x50) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x7, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r4, @ANYBLOB="000000000000000018100000", @ANYRES32=r5, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r7 = socket(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x44}}, 0x400c4) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x9, 0x42, 0x8}, 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r6, r10}, 0xc) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r11}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r6, r10}, 0xc) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r12}]}, 0x3c}, 0x1, 0x300000000000000, 0x0, 0xc004}, 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401002abd700001dcdf25080001000000000005005400"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) syz_emit_ethernet(0x3e, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @multicast2}}}}}}, 0x0) 2.993390325s ago: executing program 4 (id=1723): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1200000007000000080000000b"], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000380)={r0, &(0x7f0000000280), 0x0}, 0x20) 2.662632677s ago: executing program 4 (id=1725): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmmsg$inet6(r1, &(0x7f0000002ec0), 0x0, 0x4040) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) getsockopt(r0, 0xa4, 0x2, &(0x7f0000000000)=""/67, &(0x7f00000002c0)=0x43) r2 = socket$netlink(0x10, 0x3, 0x8) r3 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r3, &(0x7f0000000280)={0x18, 0x2, {0x2, @local}}, 0x1e) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2) syz_emit_ethernet(0x5e, &(0x7f0000000080)={@local, @random="c4bc9cac9686", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x28, 0x2b, 0xff, @remote, @local, {[], {{0x2, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @md5sig={0x13, 0x12, "899de4841185de6f281d2503a1cc72f6"}]}}}}}}}}, 0x0) r4 = socket(0x2a, 0x2, 0x0) getsockname$packet(r4, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) 2.28281107s ago: executing program 1 (id=1730): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=@newtfilter={0x3c, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xa, 0x1}}]}}]}, 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.111493546s ago: executing program 1 (id=1733): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c9", 0x1) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.955593707s ago: executing program 1 (id=1735): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff000) accept4$llc(r0, &(0x7f0000000440)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000480)=0x10, 0x80000) 1.228161132s ago: executing program 3 (id=1740): r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000240)="20a0218aa5", 0x5}], 0x1) 1.02959173s ago: executing program 3 (id=1741): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x5}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={r1, 0x1}, &(0x7f0000000300)=0x8) 872.522277ms ago: executing program 3 (id=1742): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x4, &(0x7f0000000140)={0x11, 0x10, r1}, 0x14) 822.259798ms ago: executing program 1 (id=1743): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0x56760003ded1ddd3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5}]}}}]}, 0x3c}}, 0x0) 710.224592ms ago: executing program 3 (id=1744): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}}, 0x80) 523.440442ms ago: executing program 3 (id=1745): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000480001002abd7000fddbdf250a002000", @ANYRES32=0x0, @ANYBLOB="02000000080002000100000014000100ff"], 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800) 523.116832ms ago: executing program 2 (id=1746): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x13, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x324}, 0x94) 522.741988ms ago: executing program 0 (id=1747): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$inet(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, 0x0, 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000240)=0x10000, 0x12) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(0x0, r4) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 478.172544ms ago: executing program 1 (id=1748): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4028055}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000b4000000060a010400000000000000000100000008000b40000000008c000480340001800b000100657874686472000024000280080001400000000e080003400000000008000440000000220500020007000000540001800c0001006269747769736500440002800800034000000002080001400000001408000240000000121c000580040001008b6074f501258cfeb4b4dac46617946e69a517c50c000480060001008a9500000900010073797a30"], 0x128}, 0x1, 0x0, 0x0, 0x1}, 0x0) 360.693182ms ago: executing program 4 (id=1749): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000118ec0)={0x1, [], 0x7, "7d8d1f6a8be40c"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000119ec0)={0x0, 0x0, "11c1d828fdd1894da86d8330bf8b9587dcb479c6bf43a89896469a1493605184645d860f5786f355a7ce4b2c229605874c498163817b40273e067def8f9e2ac1c01a989066677c29ee0a086ace033ca040acf84ff3f9e6ac7a0bb8fc4d4b7c5c8516c630f89f382f5b8909212a88992aa21943b40095d051faf595cf55117224055765215f32f8cd0e1556db566b76c6843b412d23955505890630a0414cb0730a632302a693c6b62f9607aa0f1f240ada5f227f48c9e34cb72178b1c3b8bf5e12187b977020b1a0f31223f96d7daa902d207b0b59508afda2f28661b818a23abab59197ebb9a4425c66c19b017ee95bd0e7620da1f0cbef9194ba5df11b80e5", "104c9d10445c88ed41e1e905773fa45e65e869abfca1d544b30f06ee2d679b1948212f18630a55c146c2c1721dba85be825a0b9a1da3ed9e73dffad00d82808dfe3c58f372644fe1ca6ccf6d7f8010c478df4918d0d1010c4f1354d57d28110f169be8978025ae2f17fc99269f5140706cd068d670d9d56638c2d5c16483d6576d3fc96d8d84a550985d9c7c92180bbb20759bad7ee613a219c3a88d4213fd4e4fe1f036a8ad08591a84bc93d5a9efde15300352e5cf673fa08f568f23b3d7abfb8778b77c53ec94ec07f0f06fbe7d470da4a0142f63b70cb21abbab797277213549893693705c1c6d122509f3ad6bdeaf12906f99044861e493a013ca75677c90c7c4760bf2223b31a5cc4f4bbe3b8393df16e98230ee274fae1ef50ba8cf62ac26533612f190d5335940e125ea833b0f6585546f7a4a97ac68a51a474480569596c82fae7b94b1f18fd1fdd5015685d02eaf050130e96837f488897e415838c1496897c03e5432cbdba8dcb132a2d7cf5944802ec7bfc3c3774d1e8bfcd74fc7f3c4bd7e3f240289cec75c0dae043ad8e880f1ac930294df37875e3dadb09c2288f2c49b89ee7e711c0048cdee0c4d4248c89cb0b46505a766011919ec6f1fd6b46933ad6ed8886a292981323cf68cab9158cab172e9bce9fd7915f5c6249fa63f9d6d2244b993621d918130b5b4a545cb9f8fc09aa0fc5eb9c2981356d06e8543d9469e300bf27003b8abed2a97e7c45aab112d2c6bd3ffe9642b616439d3f4b491b7dd9554e895cc58af232b24dbbbfcb151d90477f28e4cfc7a9bdb7b1b27c909c8b1d63ce5982a5100ea2fa78df88562b7c14235f1a20c10b6a817ec67d26e3ff4628a1e2a4a20f9ffc9229fbd212bf4653995830841d1cad6434d4beaf9fe72a78b8388068584e96bd810bb5aaad38de1616cdd97e2839fd4de8e3b037631dcf256fb74cc01afa407de4d71287c6ca0c3969d953e91c5f17e71defe22e92bdf48c15fe47c01408ca16a595cdcef3e8bda0c83d4104b3fea8d04099364cb75ffe54f56c38219867a0c2d0182441441ec1b5335e7d3560babd3952d0303873501483dc8f3bb811a4d98420335e69f8895be16066fab82c793db5fc5d5936f3d1128641ac157dbefdad4e9dfab477894c8c11b95a106035078d2229a4d5a24453345c23521e404b355ef2807b92b2eb738a3ccf9382079393d1b7652ab3755bcfc6eaae37e66976f5c5b74e49a8046e957c22550b26dd9681605a899854ce475610656ca6bb66281b3f0c0c7885b507e53e122d51a346f2a9f31af586650f072033c5cf51dce27b38074d635130c322636dd233f64abc08938234937863272e5036002eacf601a3aa2a3b013b5cd7c2dac0e0f8122a8f44f5f179d42a824cfb3fc091930865edf139bf83c08436c4d4b67ab7851eba2b9a1e4b7b9de9ea5cc070688a442b458ef575478c2a17a464c4fd2b1fda3ce9a2183336684b1230b9a08bc432cef8fd9d5ab48c51756528125c708c29a4ed7aa555505d09b0d7e52861502ea05d528042494d2a987d63f9326c4d5f3df62327f9ec74c6946f9753f6f07fdd7d3d7eca82431e52b450e3a6f9100cd299b15b77e50fc9abec0aeb78f34d8a135577939473931183930cd74414896c73b0bcdbcf9025efc4ecb3ce2af245a4704b85ebbb35fc02a8a6056e65fd6532ac47e92e7c0db3769298cc39ce67a711a9968416aaeccba890246e9f5a85d664a3cf685f31032e410e5f0fcfdafcceed437919888a72ddeba3728599c53f75d955d76f7c868e27ee87a86770cb99d2a3ebea7ed1ded515ea9c3052b071a116ccb9c253980451ee1d6c556c0c464712c989411e120d0dbae249ebfe18d134a25e3c8c70100db18bf394cceabba1df624ac57195dd0f030cf6133d11d51939372305520eda87f10cf6867d68adac6c9270d12bcd31eb499eb608e6c7bdf14c805c514de43836e70b70d44f11ba1a9aca32932445c6d936e2bd0839d6cf52f23fc99bccaf8803c97b2033ad47e2899867cdb89702cb2c1ad584d2556856810675dfd13fdf07f34ed9cdca0dd0b8e3c1bd2c1d4a8fdf97e2f3893de0d2643e3cfd2333fea1aae4317e2bf329bcb35d91dbf6da007623c5692e5d4d1ad79574e2d20d0f60cabcdf7d2cc0f6a908fa98dc5fa99f25293c6f01c63f3beb09a843ee0d40861fd0b98de768a81f2fa8b5d79ff15cdcd87f49a9b80c08587d90c8e41911d3aa815338a141f3ac5c2e068055dc7472ffdf94d5fdfeeb4b87555111808695ecf25a90500899215871b1170c31e9a99fad498d44598d664472a0951d126169bd90ab68a6e4037cd52e4408f877a1d8448f1036e1c591ab87d259a439cc771b466c3801b07c2e873fb6c901cbe7c4426e79f91f2fda4d06a5b8b1113114e5d5c6fbbeca2ab5188fac1931ecbc4d8176435d1ebe999a366d2c822ae177b203ce9fb5dea607b4a7bc9f6548dc4b677bb70078ab92361e8752f1cf0000f0c7e70e5fa786ec35b3fb58e349f0e8f297ba874248855c85f2cb8fd5670c177ee80e0efbf18853954a228858c7f814c80feb0fa6d70a268ba6598008cc8dcef33bbe04952c4537a04cc7f90a67583d7bb5a2f6555cb409ddbb7f2da72ee1b7cbbfcba5ca4a6f4c1b6415ed62f3fed62cbb632a81c7713c7f252e83bd98c46188ad48b66361f0e191a6479ad2a9eeacdb54252ae2feaecd65b49ee5c6b12c6cea3d1a0004c0ff30349351954054bd0556193eb1e0c7f21500c38924aa6cd89e2af51ee757b078c3a720d7439d13215ebdada766a6e2b8f0b57453de9892e0ffedf8cdddd7913146f58095b7316ba3d50c127c3661c40b958f4e9754b4d94c083f4d973542dd283395ff99b796af06f29a893fa4c6f6aa42184099703b38a2576a090d9a5882279d4fc4cc9949e337c50b30a52a2c468157eb883dabc6499a6c52f50d1e33a578a51acd1485833289311c9517a4dea59268fd197b2546253efda25e97a005c62770d95ae830245037dc50981f7544ef73abab2d2a45195dfd971a0ab8a3a091a82aba569dc6a2ed318a49289e95833bd14a8b49a25fe3404aa790e46608d56451e76ea7a83b41e4b7bcb2b6a18cffd455d52e338ead1ca5b5de85dcbf1bb43b58521da9e4d1a66b73d4c004aebe94a14dcd2d24972bc63da83e712f1764f7525b6fd4b8e138fcec9bd9678fd1026cf7c8231c873c2d998b0fed91832dc29299c5cc01bdc5c71b7deb07fff38ff5af4bfc581dd3063f6047c04807706ef69085b0d50720d035897d255e94fb8f50e77730b1278631e92b74d4bf770f0f44effafc891c9334dd010f25e5c3ceac0d96ef37beb3a220165483437a08f3a3675c6581c82ce8625e6f470e31856cd5e9f89b12ad63a4dabda73077a6b45ea70b66cd3318e5dda5831d0162c597051a6f8aaac833d113e6a69320ac34c5f72d33b1d87381875342bcb74b7db66d33eacb65896e3fa2edd55f6a239c836c8e6c6bd75f2071394410e1a10b7bd299e8f730e33567c7773c2da26a7acd0c8218bb02108582df6364bf69c5a4ea8392a659fa53a61fb114739ea7ea29497616718fe5c36c280cc67e1c7c72569065f6c0350e8a94bed68f8ad27033f41c060d0eeae7b6280f9378e526935281a67df5bed715e9597676596b0f68c86a6d035752c956e228be3641bd4d6354cf49e0c1f3356108eb907bd7a3f7f9b65d1755236b03feeabf22cdbe5d59b6b55b75de0338986a6e06b7aa18b6689d97119e783a82f73e7c10286272303e14a0def572e75978c351e8152e9123797bcca76db5baa4234e05035fe2f0e59969d91c51b8d9dd9bfbd95431709b027888d1f6392014f4e3f0918d0a478a9b1e09af91fffd1b7bf3a15b4b0adbae53992a3faea295dd529ca7c28b50222e1502c08fabf5162520be4e4df1c01e2915c4a2aa005c7b6808af2f5eb59d8e58ccbed09ca1d5fc3cb80e8fba29315630452b391228252632a5ebf949e2e6cc70746c88dbb7c8ec0abbcd7f8903e52cb80010ecd0fac017ad0d23de6834c95b2f3a940c456443c4933855264eba4bdabd7ddad6fe64aceb63ffc5c80adea7a2299d7b137791650758b360b33ad70730a0b48cca0e75a38d4e622f38f01edbbedae8fbf20acc702363c9e3dea5acd14fe8a4295999758e6c71e69e68ce4e7121c1d5f08a7af28d318466a1ba3d4cb2139510fbedfd1c865abc7d44f8516b1c5e58fd60e7dfe037ce8cfaeedc8ba43a6dfc6558b53a1748a45bb2875a6e9e53e0a943d6a63ba264499ae7c217529abf314604bb95e13be0bb0d52547016c17357716bd27bfe17c6b9bf52d414a8cce5406c3e1c18f43925427a9923d5eeea9a6a9a4126cc349dfacf1f39e6cf2eb1ba6e08ae16d6f3a8b44b04b5cdedf51be358917769d691bb7e62bdf707878487e5edcecde27e259eea5a46131e288266b70248d9fa5d2d8eca93bba90e405cb9a5373d0c1daf0793976216339b16db4a6a7025c757ef5bb4f3a94c2578089276952519da51c45c67dfc7862d10c60763e3230d26177e28d356506fa747a7445eba48d5b9dfb6d78257a09c88659c79600a6060fed7b14972fa998354e7a2ff19053514c19af7f96e58625184295afca406acae2a89f9942f8a200dd485d94283ccf50422bfa34d99681eedbe35c71aa27db016df7e94b242e4ba98a94e3dc448321e59f9e4b4723737ebbe93436591a3147fdb8a37cbbae42630be6e3a7f20e9b638ce337b666ad723d811abd1b95a8ee3d8730b6ea682e8bee97bb3041bdfc53a0c7e562a03e6fe26e67b6d16563d12164eaa8d9e7f2ffb8b17125492d841c3ccf74764031c7552a4fd4997925833438625ab9984e966c08fa22dd3a3242ac067228036b428da1bcc90b66003e03d5bc1b46fbdd6a728a03c630fdb536f80433ea090d80d15d2c5ceba50257f5275fc00e3e640cd57483c99a063fd3ba06380a0bb24fdb8e626fd0048fbb29de7c1cac7d02e10b3a5c46991bc3c3562df07cdf3ff50d784136f229c0c06ac3d4427c3a58ecb04ad3a95dacaec758f787313ccc612d112cd7bb148ada137dd91af98e0a69b1bbad1b494a9f5c4d6ad7fdf19cc1100d5243f61e2f39871f345c8a91d84ca6f8c94d9a718cf20becfd3c3344419b029ed2ea15fd263a3cc3bc0331add532cab6840d2182bbda7e6494f71cf231252727cc69692a8454e05b0362a71b2ec2e67487e3047aa7011b4273066c109eda18ec3c27088922b1b8467ebc1a8300e18f8a9ea1d55d4588e8a87bde7886823399072523c0c36030a72761e03d5d63755877a9b252a949d697a535e75dc0c1b233df003ffd4eaefaeafe3ff1416eade00d6827cdd049b1aa64c6e63bb205e56ffe1ba7fd5101da43117e94d0"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f000011aec0)={0x0, 0x0, "d3701a8c416eeabd230f62f7080b8ae15bb5ca6b2db22ed1c4748fff87c732078cf3b5f2dd3917d139646792f1b2cda79ce824c48274080ee0e7d05aadde6c1c9c7095bc353a2c72e3c658a0df7531f6176955cf5444f639966799cb5137247923e0cb4924186de860c73fab55b5b7924ec9ab3e49b2ede58336008e9b14ffdb6149a2278f371410497476bf7916d6a0a874ec3fe04440b4ef9f7ae1414aa7e61e41e10d15c07c12a1cd718e655a9933eacfb7db7aa8d499ab311f5b6a91f8240ced774ed56a57a81cc8387233ed74200810d3695b72067bb5cbc7253f88c101b6faf91270db04a0740f33cac8bbd718b91d9228e2872b58fd32122a0b97da3c", "5f203b156adef54b08b8f6283d95224ba8eeb13fee4cde38407325b808e43cc004c8744b4a9488cabdef04a771fc996cf628cf62d791a3273bd46ded26944d32f86de021b7d639de588ceaaacd49ae9d6d7749c4068560a073996e7f9aa7d31771199fe35286003f96bceef935867624c1675351f4079424c93c2d025d8b181745b0d6a4f9d1817234d3dcb0027a3433b825b57150d40577a76d4f48a1572c810dc19b1fbe19849796d37370cf0eeaab4a3899145c6da52f19aa941c7fa772b2bc5622a9f0dc1e378b6c096c1010491480d7f71b10ee9a8453f534ce04aaa6b2a8c7a1faee2430a93fabc1bb5b09dc1db9d5d10cacc8d5ef71272b302f9062cfe4d12b5ec2fe33196feacd490e1b606dbeadce3600681ee68c7666d635a5bcf01cf2a05ba3b5331aea455995b7238b3a1205a2b85dc8295880601eb3b683531ec6c595279292c6885f56028fb5da1ef9eb443db8d72e24eb9d76becd7d3e643adfdb6107e816e858a87f2450db50713f45234871a8c61600c65eeef586283b6801fb7f258b596e26157c0ad49f45b0dc9ab9b8e484e0a2dc1f1240f84d720ff169f2512755172da5571c9e45600bacfcd651b7d5b626b24fe9cef8ed93afd933d063a6817423ac5085cf61276b4952b1fc6e43072d27dcadd2a06be4ce5ab371a4b7ec086484645afe69ccd4777996e593ed0856ea8e9e11eb8953a8da9deaea327a52e4ad793a6355cbc15f1bff483d4a8ca6c409f31d8e8400e2f156fb93af4328057652c8a1901a79eb86de4679264c8ff81c106f7c585a73075a4cb11c9eaaed0a422c6cfcf4203b38376cd3157b004ef0ed25c4a4f193f6313eefe39b7d19265aa797cc7a2ca3939efb62a08a0c28901a5053c64f29ccce382c3417117607b96f92053090d3f0ca0560f11f943291d05d57b62f81aafa83693068ec78a84a7ada6fbbbdbffa680abd0d42fb107d68b3b758adb5b7a13fc59c39ec34221e157535095cb666480cd7c72d730ad39b9b24b49b880948768db2d1bfb284619861d2123cd9af991180ae506d5e028d6b965a283ddd6afc0bc74db26d2ca3fba3a72f0cc76f6e2535e55ffa22b6c4483522cc8eae5152a9530ee9e841068db104936c3697a0282aa9fa8d6cf3029f1013863b441564ed4cf4864e48f03085f822eded8ae7404018bc041b2e626328ced5747cf9b60b015c6d1c4c6c68c7cea3fa4d2cacb3eb58de13db61403f5a4f50592be75d5a0fb5b306a30a6ad4a01f91a6fec9ebbe0587e13a6e2563ef4fbf52237caa72cc5b2f8911340e7dbbe4443d5bf726f8f0e97db7e101fd121f0a87e563ed8733b29ddfa85c7126d73a4ca635ef58c9ba9f6f960e60206315778a5e7368415de7ded072b72da7fbcc4d56af73d4961b493ff4f72f5df2978771056360fb5219b7961d7c8cb923c1a79de06ef3f75ee8827e540b10532866921378d8a0d1f55f04c2ee21be0e04dd4c8dd28ff81998c94d03d2fea32e226f10538a593eae72d77464be7dd5fd4965713a4db511b5ca7343a999c9474b5e5223bf69c66b8c0ff6447475df52044657c308ff4e13014fc660a72f4565b138ddab88670f0ced87f3f0b6a609e66214be53963bedfe9381305daf23b046ce808e90491a1a45dd36f7e5fc2d82e03bad7680afa06b5efc1186ec9e395723a94d6d45e98ffac03eaae8141db58e6f4bd7323b0202a604ff8a482fca7f170c4cef0f223adbd6b35e7f731a0e66bebfda2e5890498f9bd57b22b1f0ed0f6146a7f7ac5bbe6debe204a5f472006f76a12ae15bc8f05e7d0cab752d887354dc76f4c3e0ceea98f0eb5caa154130340cac5018c59f7f479bf6b6472b686079546acae6cc0bc098a52b943d4d64d60c1a7430e1f42ec3d7ebf19f8085134e14588e56ac9ad3d03ddb21a70ff3b1211395d50f9811bf4f63656a13bb1cbdb3e39b143764407a7acd488335cdde74b2fad999739b211eb2151914a05abe8b91ded1b3e1ef81b255364c0085cec545c29d70a5cc1dc87fc0ce133c33cbc0de263c463ee457dcd8e3d86f41d2790b3cf8a095c43ff5bad50db832f50d6a569b007593a24aac1772955252ff30e6e8a33e7f331eaf565ae4c3596c7db2276b321f9547f92e009247df09e1bf5125947e4b1c98727bb675684003ab47d92b9de45c7e2657a327f47bd37744e1fa33a9df2652fc38e81b9b1b1b91cddf442664b4b0c6426cccb42e3c29debb0338132f0939d3308111c5b31a62700b7ac1af878d58ce3b7867c76966332738e744b9381c30caa011b2175437b33f31d37f8f9271052c24e9fd752b25382803375f72bfdeabd5a1aa1915b0ce4c0ac6611cfe1be147b09d08bce3ac74a90b54c78777cf22490fb4cffc4761bc000b4701cbf9126edf8ce4bb041e4088e9863a9f4b290f3553058e4b853b1be4d831eb709098d9b26c3d0647fd1da1423c1dc5207c005b0d41095cf5b60900aeae8350e681614497c6efc6019e3ee6a3fedd9f49b3a90d6760a17583a6a48042e84b67ded0d71233b7a33f42c0e8fc5ff73ac3e9f1c13fbb99eaed712ed563f67d797c436c4262735e3e5f4928f83ed6f6f1442c5fb840731a6f861d9a254477cbc5b33725ea041c199a19d879bd2171874d520f20b62287fcce70665ac29059c4b133e45c7141ab700d4195d593e63ed0a42b8e7d94d0c2a511d87402c215ab6cd31fb97f8adb2058ff3f6c90e5217166f2355a9f6962f1ed6225cee9b112704c94fdf4480c8b1d36a19e0b7b961a32f9dc2cee11beaa33827561f45415de90eb4ef04d5a67e6c319ef1ac6afc6b695b220b5213d6f0d8bad45d77ae21e3b53585531657b3a8beceb13bc3de437bc56e4fb84d6b447a606343795921e67bea7721219d215748734a3a7e05ada827d641a588c3957db130ad44c687f377abd0917292fd053485c3f312c8c381e4648f948d079ad2954e6a1f3925c0fa082dc0130626ef754caeb5f086168b41d2c6c2480ac84045cba684f38b10d948eef25617533952b3bbe9a7f062225138e4e3d63d108932e17055068fe6d4529b171af01cf9e8370b4e2488189e87ea52830ff3e8928d758cdae9414f38881513143ff83e1716df70a27f6bbc029db8c9652174697857b41ad8028bce8d7b35123d0cece712bafab7ea330b05fa75e5f69803a16b8ef8550bf1a469198ba9933db5f94029f7882d1205950543c4b4d935d8f93e45eac1db8dd4a5dd5fca0e2b98445f3bd622bfd4fcfc6b6869319f399b05ff0a72eacb265fb24aadb3932f26596f667559506c81dd1318e8048da94669cd8bcfa26dc4aacd1ae559e498d2243421ef4f77c99b6fa0e6decac91b993fb4e8726dbdfcfac22a062314c017ee50e589e6e556fe88a54db6eed1ff378f3cd7d8a4e1d9c391c87ed7a793469f39454e9f145bbdc4e4bff707a79afa65eb66e21ef47a5f314cae329f45562f00f0518ca6da7cb033d5ffd42d2caadae0c60fa0f53b586d133818dad2caff28a3090354f26acdbf7cb69d8b2ef2c99c9296c89e40a0e9e729db92d404e66d5c1381b60227e2ba7ead7a905db9a3a9e91d8272918fcd0fbf5d4d2223a834b3eb66119374470ffe0795ba165c4686894779bab5e509f77ed998e1a0e0e7afa38fcf40d47ae8eefdcf51ff90dcde2e8c3ca54f9a12c4c8b19764a28068cdebc3cc61f547784d82b15505742c5e75d9b41b206cb067bfe75d9f2006f6a41b57421e4264bb2630c2e98edf9a1c2962896d5f3e2d8c091d60289adfb22e230ef79c16c5bf72b483b936647cc0970d04abaaa61f62bb29a31eb8e8b55fb7553561b6c41036d57f1fdf17808610b1ead15545ec459c32345379128778841bcb7ab21035fbca1eee935b52bb9665fbc4b48abb515b0431e838d897ee48af981de03572b060e531efa930bde3cf60e6e1088cfefbd3fdd449121bdb5d0c13077b36faf2d271229586d1780b16d62ccdd49313f0b6791edaf8a5bb69765f59d4ee5ed25516b2aeccf2e1f6de919493a98b23e2a5ae05a5377c7e9a5a7cc7b6fb9271473807e6487d501c04f2b91f81c495fdd33f98714b2b20618bd8ac16d0f2010443298e294bf504c6fbcd704ef503f31f73b073bd7bffc1154b35c44a05f9de74004d008e5476fb6f82b98907619f313be70c29c00c194040436b9439178db1e26e80338833a6dd18f286827425009e24003ac25d5ffbcde17d9d147b584ac80de6156ddaa681cc1b48c011102dc1d2ba5cb147b53891e7938525164d6ed4c37c57c15a8a9042d10c94865cc2f8a6afb58b3fe89bd7d750d4239fff306d9386366ebc0fec358a7b238ecc1f22fbf72497d1c5e3a880d38ac239e51e5eeef7909f824c93bf8c73dd63737ae62cfce4f3e1286ee7bd8b4d0d93dbddf87d3777be71814eb92fbbb76f6f3908f7f75804a5462b30458a58da0d2d1bc4400641a56ccaa1bea5aa04bf62205f836e662d2d48979d9a9338ef310efc35d56661ffe5eb92b3037fc481e6e8b0030a97b3ead2c7fcf03cf24018674bb4112a2e3b87da5d2d0fa36e1f078466c3019861185575f38ba679a0a038ab56c46681b6997ad92be5761e8d2718763c80cafc6cae9771bd516b35438b66af9f2c33d3afd33e50d0da4673770737ed15a0c9e991d6d46bd97f26fde0cd35c9f5efb57d4bbc8a5dec116c4f502f7146e73ffba4261ff25864db8c4b019c2e69ede4361644934ec771d6b817b1adc77f76d614e58b744ab3bc1b5ad397a7f164bca5fb51b385c50ad53963e8dfdcef6ae64e51cfad695428703b708d22b70404d97b3a86151afed34b9038fda1781fefbb7528329a7cc4164870cb6837c4850d652d99c5e2c83b1b8c1aeca44d41f5d212f5cad769fa0b8b09de38610924fc0e65830a8fc25ebf8d541f24f8233abd687340b6ca39bff01dc8306c9824a94a37e5e29badbf421a668a46a524a2fc953d625281e6d0ab9d7de8afa5f9cbf926d98b77c69f4662a865e5bd9e6bb39802520f21e5bceb01627f8cc7d660338310783d690c6e22b964965e380f6a86246412e2f87637e160bd2871ec4c2eaca01b4f2854cd002f7e5aba565ae0ea25a81dea7526b4573672652171ce880fccfa3fbf02fc0b2b22ea591e3003ecb55e37eac271412c5824bc3c64b050694c84b7a4304f19de40f01afcda5edef7706958418f28684759a91112236b2d661ca6325baaa1e56a3691896454b5cacd5f17b4385260d8987ff2dfad3efcb489c451d88f0365eec3c344a161b9fc9b1cf180c4ec5b7d9e9bf2872a6354c37f4f7a727c14ba859f14f6d08b656ce879ef02423958bc6845760a03ec7f52fe27d1485d822d9429a827e848c0818900aba325be5de01f899e726e4331457052d5fa90abdc0f4e16204c03f872ebcfac9"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r1, 0x0, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021300011800b00010074617267657400002000028005000300c4000000080002400000000009000100534e"], 0xb4}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) unshare(0x22020600) socket$inet6(0xa, 0x80002, 0x88) 8.603142ms ago: executing program 3 (id=1750): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x2f, 0x2, 0x6, {0xe, @usr_ip6_spec={@empty, @dev={0xfe, 0x80, '\x00', 0x24}, 0xfffffff8, 0x3d, 0xe}, {0x0, @remote, 0xe, 0x4, [0x7, 0x6]}, @ah_ip4_spec={@remote, @initdev={0xac, 0x1e, 0x40, 0x0}, 0x0, 0x5}, {0x0, @broadcast, 0x8, 0x5, [0xf, 0x9]}, 0xff, 0x3}}}) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000440)={0x0, 0x0, 0x3, 0xfffffffffffffff9, 0x9, 0x0, 0x8000000000, 0x800000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cgroup.controllers\x00', 0x275a, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = accept4(r6, 0x0, 0x0, 0x80000) setsockopt(r7, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) recvmmsg(r7, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)=""/94, 0x5e}], 0x1}, 0x5076}], 0x1, 0x20, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000540)={'sit0\x00', 0x0, 0x40, 0x7800, 0x7, 0x7, {{0x19, 0x4, 0x1, 0x1, 0x64, 0x64, 0x0, 0x1, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x15}, {[@lsrr={0x83, 0x23, 0x6b, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @remote, @multicast1, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @multicast2]}, @ssrr={0x89, 0xb, 0x9, [@multicast1, @local]}, @ssrr={0x89, 0x13, 0x3e, [@multicast2, @empty, @dev={0xac, 0x14, 0x14, 0x42}, @loopback]}, @rr={0x7, 0xb, 0x78, [@multicast1, @local]}, @ra={0x94, 0x4}]}}}}}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x306, @multicast}, 0x14, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'team0\x00'}) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f0000000180)=0x5, 0x8) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x3c1, 0x1a6cc7, 0x390, 0x1d0, 0x5802, 0x294, 0x0, 0x294, 0x310, 0x378, 0x378, 0x310, 0x378, 0x3, 0x0, {[{{@ipv6={@mcast2, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, [0xffffff00, 0xff, 0xff000000, 0xff000000], [0xff, 0xff, 0xff, 0xff000000], 'veth0_to_hsr\x00', 'vlan0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x2, 0x80}, 0x0, 0xa8, 0x1d0, 0x52020000}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xe5f6, 'system_u:object_r:etc_aliases_t:s0\x00'}}}, {{@ipv6={@loopback, @remote, [], [0x0, 0x0, 0x0, 0xffffffff], 'ip6erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x81}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x3, 0x1, 0x0, 'netbios-ns\x00', {0x5}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f0) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000000)=ANY=[@ANYBLOB='fi'], &(0x7f0000000100)=0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r4, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0) 6.581439ms ago: executing program 2 (id=1751): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x210, 0x65, 0x8, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0xb, 0x6}, {0x6, 0xc5b377f61037765b}}, [@filter_kind_options=@f_flow={{0x9}, {0x1b0, 0x2, [@TCA_FLOW_ADDEND={0x8}, @TCA_FLOW_XOR={0x8, 0x7, 0x1ff}, @TCA_FLOW_XOR={0x8, 0x7, 0xfffffff9}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x134, 0x9, 0x0, 0x1, [@m_ct={0x8c, 0x1b, 0x0, 0x0, {{0x7}, {0x4}, {0x61, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_nat={0xa4, 0x2, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x80000001, 0x7, 0x6, 0x6, 0x4}, @multicast2, @rand_addr=0x64010101, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x6, 0x2, 0x5, 0xff}, @remote, @rand_addr=0x64010100, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x5, 0x3, 0x5, 0x5}, @rand_addr=0x64010102, @multicast1, 0xffffff00}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}, @TCA_FLOW_MODE={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x6a9}, @TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2aab, 0x0, 0x401, 0xfffffffd, 0xed1, {0x0, 0x0, 0x2, 0x0, 0x6dd0, 0x2}, {0xff, 0x0, 0x9, 0xfe4e, 0x7, 0xfffffc01}, 0x32, 0x7, 0xb}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x2}}, @TCA_CHAIN={0x8, 0xb, 0x441d}, @filter_kind_options=@f_fw={{0x7}, {0x18, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'pimreg\x00'}]}}]}, 0x210}, 0x1, 0x0, 0x0, 0x80}, 0x20000080) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000000)=0x800, 0x4) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x6, 0x8012, r0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0xc, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8967}, 0x1c) r2 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e20, 0x1, @private2, 0x100}], 0x2c) sendmmsg$inet6(r2, &(0x7f0000002580)=[{{&(0x7f0000000080)={0xa, 0x8000, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000380)="d0", 0x1}], 0x1}}], 0x1, 0x4000040) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2083, 0x501c6}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x2}, @IFLA_GENEVE_ID={0x8, 0x1, 0x1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x40050}, 0x4000880) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000440)=0x1, 0x4) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x4}, 0x1c) socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 867.049µs ago: executing program 1 (id=1752): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000140)=0x416, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0xb2c, 0x4) recvmmsg(r0, &(0x7f0000004c00)=[{{0x0, 0x0, 0x0}, 0xb393}], 0x1, 0x0, 0x0) 0s ago: executing program 4 (id=1753): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@printk={@s, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) kernel console output (not intermixed with test programs): ition table partially beyond EOD, truncated [ 560.581670][T10113] loop8: p1 start 1601398130 is beyond EOD, truncated [ 560.588510][T10113] loop8: p2 start 1702059890 is beyond EOD, truncated [ 561.036047][T10119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1141'. [ 564.179339][T10137] FAT-fs (loop7): bogus number of reserved sectors [ 564.227871][T10137] FAT-fs (loop7): Can't find a valid FAT filesystem [ 564.269792][T10138] FAT-fs (loop7): bogus number of reserved sectors [ 564.295291][T10138] FAT-fs (loop7): Can't find a valid FAT filesystem [ 564.373615][T10141] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1146'. [ 566.235859][T10165] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1153'. [ 566.259879][T10164] netlink: 'syz.1.1150': attribute type 3 has an invalid length. [ 566.329785][T10166] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1153'. [ 569.062284][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 569.072306][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.235937][T10189] fuse: Unknown parameter '`fd' [ 572.798996][T10216] affs: No valid root block on device nullb0 [ 573.528147][ T9538] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 574.152782][ T9548] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 574.979896][ T9548] usb 3-1: Using ep0 maxpacket: 16 [ 575.006425][ T9548] usb 3-1: config 0 has an invalid descriptor of length 207, skipping remainder of the config [ 575.026152][ T9548] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 235, using maximum allowed: 30 [ 575.049778][ T9548] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 235 [ 575.066329][ T9548] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.40 [ 575.075799][ T9548] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.089174][ T9548] usb 3-1: config 0 descriptor?? [ 575.243497][ T9538] usb 1-1: Using ep0 maxpacket: 32 [ 575.637980][ T9548] usb 3-1: can't set config #0, error -71 [ 575.643037][ T9538] usb 1-1: device descriptor read/all, error -71 [ 575.739498][ T9548] usb 3-1: USB disconnect, device number 26 [ 575.947892][T10243] netlink: 'syz.3.1176': attribute type 3 has an invalid length. [ 576.367210][T10252] netlink: 'syz.4.1178': attribute type 10 has an invalid length. [ 576.375407][T10252] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1178'. [ 576.389365][T10252] batman_adv: batadv0: Adding interface: virt_wifi0 [ 576.396144][T10252] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.422180][T10252] batman_adv: batadv0: Not using interface virt_wifi0 (retrying later): interface not active [ 576.970886][T10255] xt_connbytes: Forcing CT accounting to be enabled [ 577.148935][T10255] set match dimension is over the limit! [ 578.084393][T10269] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 579.015219][T10277] FAULT_INJECTION: forcing a failure. [ 579.015219][T10277] name failslab, interval 1, probability 0, space 0, times 0 [ 579.025569][T10278] fuse: Unknown parameter '`fd' [ 579.067422][T10277] CPU: 0 UID: 0 PID: 10277 Comm: syz.0.1184 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 579.067447][T10277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 579.067457][T10277] Call Trace: [ 579.067464][T10277] [ 579.067471][T10277] dump_stack_lvl+0x189/0x250 [ 579.067493][T10277] ? __pfx____ratelimit+0x10/0x10 [ 579.067510][T10277] ? __pfx_dump_stack_lvl+0x10/0x10 [ 579.067528][T10277] ? __pfx__printk+0x10/0x10 [ 579.067552][T10277] ? __pfx___might_resched+0x10/0x10 [ 579.067568][T10277] ? fs_reclaim_acquire+0x7d/0x100 [ 579.067591][T10277] should_fail_ex+0x414/0x560 [ 579.067611][T10277] should_failslab+0xa8/0x100 [ 579.067629][T10277] kmem_cache_alloc_noprof+0x73/0x3c0 [ 579.067644][T10277] ? fuse_get_req+0x7b9/0x10b0 [ 579.067671][T10277] fuse_get_req+0x7b9/0x10b0 [ 579.067704][T10277] ? __pfx_fuse_get_req+0x10/0x10 [ 579.067741][T10277] __fuse_simple_request+0x2aa/0x18d0 [ 579.067768][T10277] ? __lock_acquire+0xab9/0xd20 [ 579.067785][T10277] ? __pfx___fuse_simple_request+0x10/0x10 [ 579.067820][T10277] ? is_bpf_text_address+0x26/0x2b0 [ 579.067840][T10277] ? is_bpf_text_address+0x292/0x2b0 [ 579.067854][T10277] ? is_bpf_text_address+0x26/0x2b0 [ 579.067874][T10277] fuse_do_getattr+0x33b/0x620 [ 579.067893][T10277] ? unwind_get_return_address+0x4d/0x90 [ 579.067914][T10277] ? __pfx_fuse_do_getattr+0x10/0x10 [ 579.067970][T10277] fuse_permission+0x4e5/0xdc0 [ 579.067996][T10277] ? __pfx_fuse_permission+0x10/0x10 [ 579.068018][T10277] ? __pfx_mntput_no_expire+0x10/0x10 [ 579.068042][T10277] ? dput+0x37/0x2b0 [ 579.068066][T10277] ? step_into+0x435/0xf30 [ 579.068085][T10277] ? __asan_memcpy+0x40/0x70 [ 579.068107][T10277] ? step_into+0x435/0xf30 [ 579.068123][T10277] ? __d_lookup+0x6df/0x780 [ 579.068145][T10277] ? __d_lookup+0x66/0x780 [ 579.068172][T10277] inode_permission+0x285/0x470 [ 579.068191][T10277] ? __pfx_fuse_permission+0x10/0x10 [ 579.068213][T10277] may_open+0x325/0x4c0 [ 579.068238][T10277] path_openat+0x2d91/0x3830 [ 579.068286][T10277] ? __pfx_path_openat+0x10/0x10 [ 579.068308][T10277] ? unwind_get_return_address+0x4d/0x90 [ 579.068324][T10277] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 579.068345][T10277] ? arch_stack_walk+0xfc/0x150 [ 579.068375][T10277] do_filp_open+0x1fa/0x410 [ 579.068396][T10277] ? stack_depot_save_flags+0x40/0x900 [ 579.068414][T10277] ? __pfx_do_filp_open+0x10/0x10 [ 579.068465][T10277] ? do_open_execat+0x93/0x540 [ 579.068491][T10277] do_open_execat+0x135/0x540 [ 579.068514][T10277] ? __pfx_do_open_execat+0x10/0x10 [ 579.068549][T10277] alloc_bprm+0x28/0x5b0 [ 579.068575][T10277] do_execveat_common+0x1b3/0x6a0 [ 579.068599][T10277] __x64_sys_execve+0x94/0xb0 [ 579.068625][T10277] do_syscall_64+0xfa/0x3b0 [ 579.068642][T10277] ? lockdep_hardirqs_on+0x9c/0x150 [ 579.068658][T10277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.068674][T10277] ? clear_bhb_loop+0x60/0xb0 [ 579.068692][T10277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.068707][T10277] RIP: 0033:0x7fc66e18ebe9 [ 579.068721][T10277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.068735][T10277] RSP: 002b:00007fc66ef88038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 579.068751][T10277] RAX: ffffffffffffffda RBX: 00007fc66e3b6090 RCX: 00007fc66e18ebe9 [ 579.068762][T10277] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 579.068772][T10277] RBP: 00007fc66ef88090 R08: 0000000000000000 R09: 0000000000000000 [ 579.068782][T10277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 579.068791][T10277] R13: 00007fc66e3b6128 R14: 00007fc66e3b6090 R15: 00007fff860c84b8 [ 579.068815][T10277] [ 580.232869][ T9538] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 580.282932][ T120] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 580.394599][ T9538] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 580.419732][ T9538] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 580.432711][ T120] usb 2-1: Using ep0 maxpacket: 32 [ 580.440225][ T9538] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.468154][ T9538] usb 3-1: Product: syz [ 580.478548][ T120] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 580.500996][ T9538] usb 3-1: Manufacturer: syz [ 580.508366][ T9538] usb 3-1: SerialNumber: syz [ 580.516007][ T120] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 580.530007][ T9538] usb 3-1: config 0 descriptor?? [ 580.543559][ T120] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 580.569384][ T120] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 580.589981][ T120] usb 2-1: Product: syz [ 580.594403][ T120] usb 2-1: Manufacturer: syz [ 580.609989][ T120] hub 2-1:4.0: USB hub found [ 580.698224][T10289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1188'. [ 580.746911][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 580.746934][ T30] audit: type=1326 audit(1755799073.231:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10287 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac75b8ebe9 code=0x7fc00000 [ 580.822770][ T120] hub 2-1:4.0: 2 ports detected [ 580.941830][T10281] FAULT_INJECTION: forcing a failure. [ 580.941830][T10281] name failslab, interval 1, probability 0, space 0, times 0 [ 580.972938][T10281] CPU: 1 UID: 0 PID: 10281 Comm: syz.2.1185 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 580.972974][T10281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 580.972987][T10281] Call Trace: [ 580.972996][T10281] [ 580.973005][T10281] dump_stack_lvl+0x189/0x250 [ 580.973036][T10281] ? __pfx____ratelimit+0x10/0x10 [ 580.973060][T10281] ? __pfx_dump_stack_lvl+0x10/0x10 [ 580.973085][T10281] ? __pfx__printk+0x10/0x10 [ 580.973119][T10281] ? __pfx___might_resched+0x10/0x10 [ 580.973141][T10281] ? fs_reclaim_acquire+0x7d/0x100 [ 580.973183][T10281] should_fail_ex+0x414/0x560 [ 580.973211][T10281] should_failslab+0xa8/0x100 [ 580.973236][T10281] __kmalloc_noprof+0xcb/0x4f0 [ 580.973255][T10281] ? kfree+0x4d/0x440 [ 580.973285][T10281] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 580.973320][T10281] tomoyo_realpath_from_path+0xe3/0x5d0 [ 580.973365][T10281] tomoyo_check_open_permission+0x1c1/0x3b0 [ 580.973391][T10281] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 580.973415][T10281] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 580.973483][T10281] ? tomoyo_file_open+0x166/0x220 [ 580.973519][T10281] security_file_open+0xb1/0x270 [ 580.973545][T10281] do_dentry_open+0x35e/0x1970 [ 580.973591][T10281] vfs_open+0x3b/0x340 [ 580.973616][T10281] ? path_openat+0x2ecd/0x3830 [ 580.973651][T10281] path_openat+0x2ee5/0x3830 [ 580.973680][T10281] ? arch_stack_walk+0xfc/0x150 [ 580.973744][T10281] ? __pfx_path_openat+0x10/0x10 [ 580.973773][T10281] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.973819][T10281] do_filp_open+0x1fa/0x410 [ 580.973848][T10281] ? __lock_acquire+0xab9/0xd20 [ 580.973871][T10281] ? __pfx_do_filp_open+0x10/0x10 [ 580.973929][T10281] ? _raw_spin_unlock+0x28/0x50 [ 580.973961][T10281] ? alloc_fd+0x64c/0x6c0 [ 580.973996][T10281] do_sys_openat2+0x121/0x1c0 [ 580.974027][T10281] ? __pfx_do_sys_openat2+0x10/0x10 [ 580.974056][T10281] ? ksys_write+0x22a/0x250 [ 580.974079][T10281] ? __pfx_ksys_write+0x10/0x10 [ 580.974096][T10281] ? rcu_is_watching+0x15/0xb0 [ 580.974125][T10281] __x64_sys_openat+0x138/0x170 [ 580.974167][T10281] do_syscall_64+0xfa/0x3b0 [ 580.974191][T10281] ? lockdep_hardirqs_on+0x9c/0x150 [ 580.974214][T10281] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.974236][T10281] ? clear_bhb_loop+0x60/0xb0 [ 580.974263][T10281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.974283][T10281] RIP: 0033:0x7f8dc698d550 [ 580.974304][T10281] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 580.974324][T10281] RSP: 002b:00007f8dc78b2b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 580.974347][T10281] RAX: ffffffffffffffda RBX: 00000000008c4201 RCX: 00007f8dc698d550 [ 580.974364][T10281] RDX: 00000000008c4201 RSI: 00007f8dc78b2c10 RDI: 00000000ffffff9c [ 580.974379][T10281] RBP: 00007f8dc78b2c10 R08: 0000000000000000 R09: 00236f696475612f [ 580.974393][T10281] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 580.974407][T10281] R13: 00007f8dc6bb6038 R14: 00007f8dc6bb5fa0 R15: 00007ffe326a6cb8 [ 580.974443][T10281] [ 580.974478][T10281] ERROR: Out of memory at tomoyo_realpath_from_path. [ 581.344138][ T9548] usb 3-1: USB disconnect, device number 27 [ 581.399506][ T30] audit: type=1326 audit(1755799073.881:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10287 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac75b8ebe9 code=0x7fc00000 [ 581.690012][T10303] Can't find a SQUASHFS superblock on nullb0 [ 581.772190][T10306] FAULT_INJECTION: forcing a failure. [ 581.772190][T10306] name failslab, interval 1, probability 0, space 0, times 0 [ 581.789912][T10306] CPU: 1 UID: 0 PID: 10306 Comm: syz.3.1194 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 581.789944][T10306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 581.789959][T10306] Call Trace: [ 581.789967][T10306] [ 581.789977][T10306] dump_stack_lvl+0x189/0x250 [ 581.790008][T10306] ? __pfx____ratelimit+0x10/0x10 [ 581.790032][T10306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 581.790057][T10306] ? __pfx__printk+0x10/0x10 [ 581.790091][T10306] ? ref_tracker_alloc+0x318/0x460 [ 581.790120][T10306] should_fail_ex+0x414/0x560 [ 581.790148][T10306] should_failslab+0xa8/0x100 [ 581.790174][T10306] kmem_cache_alloc_noprof+0x73/0x3c0 [ 581.790195][T10306] ? skb_clone+0x212/0x3a0 [ 581.790222][T10306] skb_clone+0x212/0x3a0 [ 581.790248][T10306] __netlink_deliver_tap+0x404/0x850 [ 581.790294][T10306] ? netlink_deliver_tap+0x2e/0x1b0 [ 581.790326][T10306] netlink_deliver_tap+0x19c/0x1b0 [ 581.790359][T10306] netlink_unicast+0x730/0x8e0 [ 581.790399][T10306] netlink_sendmsg+0x805/0xb30 [ 581.790442][T10306] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.790483][T10306] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 581.790504][T10306] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.790537][T10306] __sock_sendmsg+0x21c/0x270 [ 581.790566][T10306] ____sys_sendmsg+0x505/0x830 [ 581.790607][T10306] ? __pfx_____sys_sendmsg+0x10/0x10 [ 581.790653][T10306] ? import_iovec+0x74/0xa0 [ 581.790687][T10306] ___sys_sendmsg+0x21f/0x2a0 [ 581.790725][T10306] ? __pfx____sys_sendmsg+0x10/0x10 [ 581.790800][T10306] ? __fget_files+0x2a/0x420 [ 581.790824][T10306] ? __fget_files+0x3a0/0x420 [ 581.790860][T10306] __x64_sys_sendmsg+0x19b/0x260 [ 581.790906][T10306] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 581.790951][T10306] ? __pfx_ksys_write+0x10/0x10 [ 581.790968][T10306] ? rcu_is_watching+0x15/0xb0 [ 581.790998][T10306] ? do_syscall_64+0xbe/0x3b0 [ 581.791027][T10306] do_syscall_64+0xfa/0x3b0 [ 581.791050][T10306] ? lockdep_hardirqs_on+0x9c/0x150 [ 581.791073][T10306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.791095][T10306] ? clear_bhb_loop+0x60/0xb0 [ 581.791122][T10306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.791144][T10306] RIP: 0033:0x7fd53998ebe9 [ 581.791163][T10306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 581.791183][T10306] RSP: 002b:00007fd537bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 581.791206][T10306] RAX: ffffffffffffffda RBX: 00007fd539bb5fa0 RCX: 00007fd53998ebe9 [ 581.791222][T10306] RDX: 0000000020004840 RSI: 0000200000000100 RDI: 0000000000000003 [ 581.791236][T10306] RBP: 00007fd537bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 581.791250][T10306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 581.791262][T10306] R13: 00007fd539bb6038 R14: 00007fd539bb5fa0 R15: 00007fff0c7a8128 [ 581.791298][T10306] [ 582.274617][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 582.297728][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 582.316650][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 582.328022][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 582.835234][ T9538] usb 2-1: USB disconnect, device number 20 [ 583.423601][T10326] netlink: 440 bytes leftover after parsing attributes in process `syz.0.1199'. [ 583.433555][T10326] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1199'. [ 583.443442][T10326] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1199'. [ 584.455141][ T9548] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 584.478341][T10333] vivid-000: disconnect [ 584.486807][T10332] vivid-000: reconnect [ 584.641557][ T9548] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 584.652743][ T9538] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 584.682891][ T9548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.742095][ T9548] usb 4-1: config 0 descriptor?? [ 585.290871][T10340] --map-set only usable from mangle table [ 585.344921][ T9538] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 585.481246][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.489759][ T9548] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 585.502443][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.525754][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.541325][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.580261][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.610410][T10346] FAULT_INJECTION: forcing a failure. [ 585.610410][T10346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 585.662686][T10346] CPU: 1 UID: 0 PID: 10346 Comm: syz.1.1207 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 585.662718][T10346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 585.662730][T10346] Call Trace: [ 585.662739][T10346] [ 585.662748][T10346] dump_stack_lvl+0x189/0x250 [ 585.662778][T10346] ? __pfx____ratelimit+0x10/0x10 [ 585.662803][T10346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 585.662827][T10346] ? __pfx__printk+0x10/0x10 [ 585.662868][T10346] should_fail_ex+0x414/0x560 [ 585.662896][T10346] _copy_to_user+0x31/0xb0 [ 585.662928][T10346] simple_read_from_buffer+0xe1/0x170 [ 585.662957][T10346] proc_fail_nth_read+0x1df/0x250 [ 585.662987][T10346] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 585.663016][T10346] ? rw_verify_area+0x258/0x650 [ 585.663048][T10346] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 585.663075][T10346] vfs_read+0x200/0x980 [ 585.663113][T10346] ? __pfx___mutex_lock+0x10/0x10 [ 585.663138][T10346] ? __pfx_vfs_read+0x10/0x10 [ 585.663173][T10346] ? __fget_files+0x2a/0x420 [ 585.663201][T10346] ? __fget_files+0x3a0/0x420 [ 585.663223][T10346] ? __fget_files+0x2a/0x420 [ 585.663255][T10346] ksys_read+0x145/0x250 [ 585.663277][T10346] ? __pfx_ksys_read+0x10/0x10 [ 585.663303][T10346] ? do_syscall_64+0xbe/0x3b0 [ 585.663330][T10346] do_syscall_64+0xfa/0x3b0 [ 585.663350][T10346] ? lockdep_hardirqs_on+0x9c/0x150 [ 585.663372][T10346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.663393][T10346] ? clear_bhb_loop+0x60/0xb0 [ 585.663417][T10346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.663438][T10346] RIP: 0033:0x7fe617b8d5fc [ 585.663456][T10346] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 585.663475][T10346] RSP: 002b:00007fe61895e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 585.663496][T10346] RAX: ffffffffffffffda RBX: 00007fe617db5fa0 RCX: 00007fe617b8d5fc [ 585.663511][T10346] RDX: 000000000000000f RSI: 00007fe61895e0a0 RDI: 0000000000000004 [ 585.663524][T10346] RBP: 00007fe61895e090 R08: 0000000000000000 R09: 0000000000000000 [ 585.663547][T10346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 585.663560][T10346] R13: 00007fe617db6038 R14: 00007fe617db5fa0 R15: 00007ffef2ab9e48 [ 585.663594][T10346] [ 585.866317][ T9548] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 585.951914][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.962871][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 585.973918][ T9538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 586.022131][ T9538] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 586.031491][ T9538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.039620][ T9538] usb 1-1: Product: syz [ 586.044023][ T9538] usb 1-1: Manufacturer: syz [ 586.048639][ T9538] usb 1-1: SerialNumber: syz [ 586.071466][ T9548] [drm] Initialized udl on minor 2 [ 586.091581][ T9538] usb 1-1: config 0 descriptor?? [ 586.140659][ T9548] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 586.245547][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1209'. [ 586.533374][T10353] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 586.542204][T10353] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 586.551130][T10353] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 586.559940][T10353] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 587.243631][ T9548] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 587.255938][ T9544] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 587.265341][ T9544] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 587.275966][ T9548] usb 4-1: USB disconnect, device number 24 [ 587.421723][ T9538] usb 1-1: USB disconnect, device number 28 [ 587.511210][T10362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'. [ 587.531190][T10362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'. [ 587.547169][T10362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'. [ 587.564618][T10362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'. [ 588.242869][ T120] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 588.656881][T10371] Can't find a SQUASHFS superblock on nullb0 [ 588.686470][ T120] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 588.716802][ T120] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 588.895074][ T120] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 588.918788][ T120] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.071205][T10383] FAULT_INJECTION: forcing a failure. [ 589.071205][T10383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.276545][T10383] CPU: 0 UID: 0 PID: 10383 Comm: syz.2.1218 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 589.276578][T10383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 589.276592][T10383] Call Trace: [ 589.276600][T10383] [ 589.276608][T10383] dump_stack_lvl+0x189/0x250 [ 589.276639][T10383] ? __pfx____ratelimit+0x10/0x10 [ 589.276662][T10383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 589.276687][T10383] ? __pfx__printk+0x10/0x10 [ 589.276729][T10383] should_fail_ex+0x414/0x560 [ 589.276757][T10383] _copy_to_user+0x31/0xb0 [ 589.276790][T10383] drm_ioctl+0x6a4/0xb10 [ 589.276811][T10383] ? smk_tskacc+0x2fc/0x370 [ 589.276846][T10383] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 589.276876][T10383] ? __pfx_drm_ioctl+0x10/0x10 [ 589.276921][T10383] ? bpf_lsm_file_ioctl+0x9/0x20 [ 589.276946][T10383] ? __pfx_drm_ioctl+0x10/0x10 [ 589.276969][T10383] __se_sys_ioctl+0xfc/0x170 [ 589.277006][T10383] do_syscall_64+0xfa/0x3b0 [ 589.277031][T10383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.277052][T10383] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 589.277078][T10383] ? clear_bhb_loop+0x60/0xb0 [ 589.277105][T10383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.277125][T10383] RIP: 0033:0x7f8dc698ebe9 [ 589.277143][T10383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.277162][T10383] RSP: 002b:00007f8dc78b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.277185][T10383] RAX: ffffffffffffffda RBX: 00007f8dc6bb5fa0 RCX: 00007f8dc698ebe9 [ 589.277201][T10383] RDX: 0000200000000340 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 589.277216][T10383] RBP: 00007f8dc78b3090 R08: 0000000000000000 R09: 0000000000000000 [ 589.277230][T10383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 589.277243][T10383] R13: 00007f8dc6bb6038 R14: 00007f8dc6bb5fa0 R15: 00007ffe326a6cb8 [ 589.277277][T10383] [ 589.279180][ T120] usb 5-1: GET_CAPABILITIES returned 0 [ 589.513550][ T120] usbtmc 5-1:16.0: can't read capabilities [ 589.573446][ T120] usb 5-1: USB disconnect, device number 21 [ 589.728304][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1219'. [ 589.751100][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1219'. [ 589.760623][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1219'. [ 589.769908][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1219'. [ 590.336196][T10393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 591.770006][T10404] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1223'. [ 591.802755][T10404] netlink: zone id is out of range [ 591.808957][T10404] netlink: zone id is out of range [ 591.858184][T10404] netlink: zone id is out of range [ 592.049134][T10404] netlink: zone id is out of range [ 592.062844][T10404] netlink: zone id is out of range [ 592.072728][T10404] netlink: zone id is out of range [ 592.078405][T10404] netlink: zone id is out of range [ 592.085008][T10404] netlink: zone id is out of range [ 592.090859][T10404] netlink: zone id is out of range [ 592.158918][T10406] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 592.168841][T10406] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 595.061671][T10440] FAULT_INJECTION: forcing a failure. [ 595.061671][T10440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 595.090575][T10440] CPU: 1 UID: 0 PID: 10440 Comm: syz.0.1230 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 595.090598][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 595.090607][T10440] Call Trace: [ 595.090620][T10440] [ 595.090628][T10440] dump_stack_lvl+0x189/0x250 [ 595.090650][T10440] ? __pfx____ratelimit+0x10/0x10 [ 595.090667][T10440] ? __pfx_dump_stack_lvl+0x10/0x10 [ 595.090684][T10440] ? __pfx__printk+0x10/0x10 [ 595.090714][T10440] should_fail_ex+0x414/0x560 [ 595.090734][T10440] _copy_to_user+0x31/0xb0 [ 595.090758][T10440] simple_read_from_buffer+0xe1/0x170 [ 595.090779][T10440] proc_fail_nth_read+0x1df/0x250 [ 595.090800][T10440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 595.090822][T10440] ? rw_verify_area+0x258/0x650 [ 595.090846][T10440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 595.090866][T10440] vfs_read+0x200/0x980 [ 595.090894][T10440] ? __pfx___mutex_lock+0x10/0x10 [ 595.090913][T10440] ? __pfx_vfs_read+0x10/0x10 [ 595.090938][T10440] ? __fget_files+0x2a/0x420 [ 595.090959][T10440] ? __fget_files+0x3a0/0x420 [ 595.090975][T10440] ? __fget_files+0x2a/0x420 [ 595.090999][T10440] ksys_read+0x145/0x250 [ 595.091015][T10440] ? __pfx_ksys_read+0x10/0x10 [ 595.091027][T10440] ? rcu_is_watching+0x15/0xb0 [ 595.091048][T10440] ? do_syscall_64+0xbe/0x3b0 [ 595.091069][T10440] do_syscall_64+0xfa/0x3b0 [ 595.091085][T10440] ? lockdep_hardirqs_on+0x9c/0x150 [ 595.091102][T10440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.091117][T10440] ? clear_bhb_loop+0x60/0xb0 [ 595.091136][T10440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.091151][T10440] RIP: 0033:0x7fc66e18d5fc [ 595.091165][T10440] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 595.091179][T10440] RSP: 002b:00007fc66ef88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 595.091195][T10440] RAX: ffffffffffffffda RBX: 00007fc66e3b6090 RCX: 00007fc66e18d5fc [ 595.091206][T10440] RDX: 000000000000000f RSI: 00007fc66ef880a0 RDI: 0000000000000009 [ 595.091216][T10440] RBP: 00007fc66ef88090 R08: 0000000000000000 R09: 0000000000000000 [ 595.091225][T10440] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 595.091234][T10440] R13: 00007fc66e3b6128 R14: 00007fc66e3b6090 R15: 00007fff860c84b8 [ 595.091259][T10440] [ 595.902879][ T9548] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 596.892825][T10449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1231'. [ 596.962940][ T9548] usb 3-1: Using ep0 maxpacket: 16 [ 597.384640][T10449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1231'. [ 597.394119][T10449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1231'. [ 597.403255][T10449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1231'. [ 597.414490][ T9548] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 597.428713][ T9548] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 597.462513][ T9548] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 597.478362][ T9548] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.624618][ T9548] usb 3-1: Product: syz [ 597.641520][ T9548] usb 3-1: Manufacturer: syz [ 597.656371][ T9548] usb 3-1: SerialNumber: syz [ 597.832730][ T9538] usb 2-1: new low-speed USB device number 21 using dummy_hcd [ 597.924898][ T9548] usb 3-1: 0:2 : does not exist [ 597.988171][ T9538] usb 2-1: device descriptor read/64, error -71 [ 598.001289][ T9548] usb 3-1: USB disconnect, device number 28 [ 598.337605][T10464] affs: No valid root block on device nullb0 [ 599.063011][ T9538] usb 2-1: new low-speed USB device number 22 using dummy_hcd [ 599.223047][ T9538] usb 2-1: device descriptor read/64, error -71 [ 599.333243][ T9538] usb usb2-port1: attempt power cycle [ 599.684937][T10478] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 599.761149][T10478] cramfs: wrong magic [ 599.862779][ T9538] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 600.143816][ T9538] usb 2-1: device descriptor read/8, error -71 [ 600.392729][ T9538] usb 2-1: new low-speed USB device number 24 using dummy_hcd [ 600.443273][ T9538] usb 2-1: device descriptor read/8, error -71 [ 600.509879][T10487] FAULT_INJECTION: forcing a failure. [ 600.509879][T10487] name failslab, interval 1, probability 0, space 0, times 0 [ 600.542853][T10487] CPU: 1 UID: 0 PID: 10487 Comm: syz.2.1244 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 600.542885][T10487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 600.542900][T10487] Call Trace: [ 600.542909][T10487] [ 600.542919][T10487] dump_stack_lvl+0x189/0x250 [ 600.542950][T10487] ? __pfx____ratelimit+0x10/0x10 [ 600.542975][T10487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 600.543000][T10487] ? __pfx__printk+0x10/0x10 [ 600.543036][T10487] ? __pfx___might_resched+0x10/0x10 [ 600.543059][T10487] ? fs_reclaim_acquire+0x7d/0x100 [ 600.543091][T10487] should_fail_ex+0x414/0x560 [ 600.543121][T10487] should_failslab+0xa8/0x100 [ 600.543263][T10487] __kmalloc_cache_noprof+0x70/0x3d0 [ 600.543286][T10487] ? __inet_diag_dump_start+0x9d/0xa10 [ 600.543317][T10487] __inet_diag_dump_start+0x9d/0xa10 [ 600.543343][T10487] ? netlink_lookup+0x30/0x200 [ 600.543370][T10487] ? netlink_lookup+0x30/0x200 [ 600.543405][T10487] __netlink_dump_start+0x466/0x7e0 [ 600.543445][T10487] inet_diag_handler_cmd+0x1bf/0x290 [ 600.543473][T10487] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 600.543497][T10487] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 600.543520][T10487] ? __pfx_inet_diag_dump+0x10/0x10 [ 600.543542][T10487] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 600.543570][T10487] ? sock_diag_lock_handler+0x19/0x290 [ 600.543603][T10487] ? sock_diag_lock_handler+0x19/0x290 [ 600.543637][T10487] sock_diag_rcv_msg+0x4c9/0x600 [ 600.543671][T10487] netlink_rcv_skb+0x205/0x470 [ 600.543702][T10487] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 600.543733][T10487] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 600.543779][T10487] ? netlink_deliver_tap+0x2e/0x1b0 [ 600.543809][T10487] ? netlink_deliver_tap+0x2e/0x1b0 [ 600.543846][T10487] netlink_unicast+0x75c/0x8e0 [ 600.543888][T10487] netlink_sendmsg+0x805/0xb30 [ 600.543931][T10487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 600.543972][T10487] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 600.543995][T10487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 600.544027][T10487] __sock_sendmsg+0x21c/0x270 [ 600.544058][T10487] sock_write_iter+0x258/0x330 [ 600.544086][T10487] ? __pfx_sock_write_iter+0x10/0x10 [ 600.544124][T10487] ? __lock_acquire+0xab9/0xd20 [ 600.544163][T10487] do_iter_readv_writev+0x56b/0x7f0 [ 600.544191][T10487] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 600.544221][T10487] ? bpf_lsm_file_permission+0x9/0x20 [ 600.544245][T10487] ? security_file_permission+0x75/0x290 [ 600.544271][T10487] ? rw_verify_area+0x258/0x650 [ 600.544309][T10487] vfs_writev+0x31a/0x960 [ 600.544341][T10487] ? __lock_acquire+0xab9/0xd20 [ 600.544364][T10487] ? __pfx_vfs_writev+0x10/0x10 [ 600.544409][T10487] ? __fget_files+0x2a/0x420 [ 600.544439][T10487] ? __fget_files+0x3a0/0x420 [ 600.544467][T10487] ? __fget_files+0x2a/0x420 [ 600.544503][T10487] do_writev+0x14d/0x2d0 [ 600.544533][T10487] ? __pfx_do_writev+0x10/0x10 [ 600.544557][T10487] ? rcu_is_watching+0x15/0xb0 [ 600.544588][T10487] ? do_syscall_64+0xbe/0x3b0 [ 600.544617][T10487] do_syscall_64+0xfa/0x3b0 [ 600.544640][T10487] ? lockdep_hardirqs_on+0x9c/0x150 [ 600.544663][T10487] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.544684][T10487] ? clear_bhb_loop+0x60/0xb0 [ 600.544710][T10487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.544731][T10487] RIP: 0033:0x7f8dc698ebe9 [ 600.544750][T10487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.544770][T10487] RSP: 002b:00007f8dc78b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 600.544794][T10487] RAX: ffffffffffffffda RBX: 00007f8dc6bb5fa0 RCX: 00007f8dc698ebe9 [ 600.544810][T10487] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000005 [ 600.544824][T10487] RBP: 00007f8dc78b3090 R08: 0000000000000000 R09: 0000000000000000 [ 600.544837][T10487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 600.544850][T10487] R13: 00007f8dc6bb6038 R14: 00007f8dc6bb5fa0 R15: 00007ffe326a6cb8 [ 600.544885][T10487] [ 600.939755][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.142768][ T9538] usb usb2-port1: unable to enumerate USB device [ 601.616742][T10495] veth0_macvtap: entered allmulticast mode [ 602.481269][T10501] No buffer was provided with the request [ 604.242473][T10512] FAULT_INJECTION: forcing a failure. [ 604.242473][T10512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.256094][T10512] CPU: 1 UID: 0 PID: 10512 Comm: syz.3.1245 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 604.256123][T10512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 604.256138][T10512] Call Trace: [ 604.256147][T10512] [ 604.256156][T10512] dump_stack_lvl+0x189/0x250 [ 604.256187][T10512] ? __pfx____ratelimit+0x10/0x10 [ 604.256211][T10512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 604.256236][T10512] ? __pfx__printk+0x10/0x10 [ 604.256266][T10512] ? __might_fault+0xb0/0x130 [ 604.256300][T10512] should_fail_ex+0x414/0x560 [ 604.256330][T10512] _copy_from_user+0x2d/0xb0 [ 604.256363][T10512] __se_sys_add_key+0x28f/0x400 [ 604.256389][T10512] ? __pfx___se_sys_add_key+0x10/0x10 [ 604.256423][T10512] ? do_syscall_64+0xbe/0x3b0 [ 604.256446][T10512] ? __x64_sys_add_key+0x20/0xc0 [ 604.256472][T10512] do_syscall_64+0xfa/0x3b0 [ 604.256497][T10512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.256519][T10512] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 604.256541][T10512] ? clear_bhb_loop+0x60/0xb0 [ 604.256568][T10512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.256590][T10512] RIP: 0033:0x7fd53998ebe9 [ 604.256610][T10512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.256630][T10512] RSP: 002b:00007fd537bb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 604.256653][T10512] RAX: ffffffffffffffda RBX: 00007fd539bb6180 RCX: 00007fd53998ebe9 [ 604.256670][T10512] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140 [ 604.256686][T10512] RBP: 00007fd537bb4090 R08: fffffffffffffffe R09: 0000000000000000 [ 604.256701][T10512] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001 [ 604.256715][T10512] R13: 00007fd539bb6218 R14: 00007fd539bb6180 R15: 00007fff0c7a8128 [ 604.256750][T10512] [ 604.442904][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.672699][ T120] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 604.752997][T10516] netlink: 4528 bytes leftover after parsing attributes in process `syz.2.1252'. [ 604.915471][T10516] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1252'. [ 604.935391][T10516] netlink: 4528 bytes leftover after parsing attributes in process `syz.2.1252'. [ 605.207089][T10523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'. [ 605.218361][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'. [ 605.228330][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'. [ 605.238704][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'. [ 606.288418][T10537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1258'. [ 606.467476][T10542] netlink: 'syz.0.1257': attribute type 1 has an invalid length. [ 606.475652][T10542] netlink: 'syz.0.1257': attribute type 4 has an invalid length. [ 606.484030][T10542] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1257'. [ 606.505785][T10542] netlink: 'syz.0.1257': attribute type 1 has an invalid length. [ 606.514096][T10542] netlink: 'syz.0.1257': attribute type 4 has an invalid length. [ 606.522128][T10542] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1257'. [ 607.037510][T10537] : left promiscuous mode [ 607.368639][T10547] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 607.387955][T10547] cramfs: wrong magic [ 608.097529][T10558] overlay: Unknown parameter '/syz2:M:00288230376151711938:::./file0:' [ 608.296584][T10562] FAULT_INJECTION: forcing a failure. [ 608.296584][T10562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.310857][T10562] CPU: 0 UID: 0 PID: 10562 Comm: syz.0.1265 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 608.310887][T10562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 608.310901][T10562] Call Trace: [ 608.310910][T10562] [ 608.310919][T10562] dump_stack_lvl+0x189/0x250 [ 608.310949][T10562] ? __pfx____ratelimit+0x10/0x10 [ 608.310973][T10562] ? __pfx_dump_stack_lvl+0x10/0x10 [ 608.310997][T10562] ? __pfx__printk+0x10/0x10 [ 608.311027][T10562] ? __might_fault+0xb0/0x130 [ 608.311061][T10562] should_fail_ex+0x414/0x560 [ 608.311091][T10562] _copy_from_user+0x2d/0xb0 [ 608.311124][T10562] ___sys_recvmsg+0x12e/0x510 [ 608.311153][T10562] ? __pfx____sys_recvmsg+0x10/0x10 [ 608.311211][T10562] ? __might_fault+0xb0/0x130 [ 608.311238][T10562] do_recvmmsg+0x307/0x770 [ 608.311270][T10562] ? __pfx_do_recvmmsg+0x10/0x10 [ 608.311307][T10562] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 608.311354][T10562] __x64_sys_recvmmsg+0x190/0x240 [ 608.311380][T10562] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 608.311400][T10562] ? rcu_is_watching+0x15/0xb0 [ 608.311430][T10562] ? do_syscall_64+0xbe/0x3b0 [ 608.311460][T10562] do_syscall_64+0xfa/0x3b0 [ 608.311483][T10562] ? lockdep_hardirqs_on+0x9c/0x150 [ 608.311506][T10562] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.311528][T10562] ? clear_bhb_loop+0x60/0xb0 [ 608.311556][T10562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.311577][T10562] RIP: 0033:0x7fc66e18ebe9 [ 608.311597][T10562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.311616][T10562] RSP: 002b:00007fc66ef67038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 608.311639][T10562] RAX: ffffffffffffffda RBX: 00007fc66e3b6180 RCX: 00007fc66e18ebe9 [ 608.311656][T10562] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000008 [ 608.311670][T10562] RBP: 00007fc66ef67090 R08: 0000000000000000 R09: 0000000000000000 [ 608.311692][T10562] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001 [ 608.311706][T10562] R13: 00007fc66e3b6218 R14: 00007fc66e3b6180 R15: 00007fff860c84b8 [ 608.311741][T10562] [ 608.702830][ T9538] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 608.964922][ T9538] usb 3-1: Using ep0 maxpacket: 8 [ 609.003039][ T9538] usb 3-1: config 0 has no interfaces? [ 609.055792][ T9538] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 609.232641][ T9538] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.261347][ T9538] usb 3-1: Product: syz [ 609.281467][ T9538] usb 3-1: Manufacturer: syz [ 609.345693][T10569] xt_CT: You must specify a L4 protocol and not use inversions on it [ 609.544107][ T9538] usb 3-1: SerialNumber: syz [ 609.560483][ T9538] usb 3-1: config 0 descriptor?? [ 610.125508][T10558] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1264'. [ 610.219792][T10574] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1269'. [ 610.241794][ T9548] usb 3-1: USB disconnect, device number 29 [ 612.817025][T10606] FAULT_INJECTION: forcing a failure. [ 612.817025][T10606] name failslab, interval 1, probability 0, space 0, times 0 [ 612.830335][T10606] CPU: 0 UID: 0 PID: 10606 Comm: syz.3.1274 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 612.830365][T10606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 612.830378][T10606] Call Trace: [ 612.830390][T10606] [ 612.830400][T10606] dump_stack_lvl+0x189/0x250 [ 612.830431][T10606] ? __pfx____ratelimit+0x10/0x10 [ 612.830456][T10606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.830482][T10606] ? __pfx__printk+0x10/0x10 [ 612.830514][T10606] ? __pfx___might_resched+0x10/0x10 [ 612.830540][T10606] ? fs_reclaim_acquire+0x7d/0x100 [ 612.830572][T10606] should_fail_ex+0x414/0x560 [ 612.830602][T10606] should_failslab+0xa8/0x100 [ 612.830629][T10606] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 612.830653][T10606] ? dup_task_struct+0x52/0x860 [ 612.830685][T10606] dup_task_struct+0x52/0x860 [ 612.830718][T10606] copy_process+0x544/0x3b80 [ 612.830744][T10606] ? stack_depot_save_flags+0x334/0x900 [ 612.830769][T10606] ? trace_sched_exit_tp+0x38/0x120 [ 612.830818][T10606] ? kasan_save_track+0x4f/0x80 [ 612.830851][T10606] ? kasan_save_track+0x3e/0x80 [ 612.830882][T10606] ? __kasan_kmalloc+0x93/0xb0 [ 612.830903][T10606] ? io_submit_sqes+0xe22/0x1c50 [ 612.830935][T10606] ? __se_sys_io_uring_enter+0x2df/0x2b20 [ 612.830955][T10606] ? do_syscall_64+0xfa/0x3b0 [ 612.831037][T10606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.831070][T10606] ? __pfx_copy_process+0x10/0x10 [ 612.831103][T10606] ? __pfx_io_wq_worker+0x10/0x10 [ 612.831138][T10606] ? __pfx_io_wq_worker+0x10/0x10 [ 612.831174][T10606] create_io_thread+0xef/0x150 [ 612.831201][T10606] ? __pfx_create_io_thread+0x10/0x10 [ 612.831240][T10606] ? __pfx_io_wq_worker+0x10/0x10 [ 612.831282][T10606] ? __raw_spin_lock_init+0x45/0x100 [ 612.831314][T10606] ? __init_swait_queue_head+0xa9/0x150 [ 612.831346][T10606] ? create_io_worker+0x27/0x5d0 [ 612.831367][T10606] create_io_worker+0x182/0x5d0 [ 612.831393][T10606] io_wq_enqueue+0x62c/0x850 [ 612.831425][T10606] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 612.831466][T10606] io_submit_sqes+0xe22/0x1c50 [ 612.831535][T10606] __se_sys_io_uring_enter+0x2df/0x2b20 [ 612.831581][T10606] ? ksys_write+0x1cb/0x250 [ 612.831607][T10606] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 612.831627][T10606] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 612.831653][T10606] ? __pfx_vfs_write+0x10/0x10 [ 612.831677][T10606] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 612.831708][T10606] ? __fget_files+0x3a0/0x420 [ 612.831748][T10606] ? fput+0xa0/0xd0 [ 612.831777][T10606] ? ksys_write+0x22a/0x250 [ 612.831801][T10606] ? __pfx_ksys_write+0x10/0x10 [ 612.831829][T10606] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 612.831855][T10606] do_syscall_64+0xfa/0x3b0 [ 612.831879][T10606] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.831903][T10606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.831925][T10606] ? clear_bhb_loop+0x60/0xb0 [ 612.831953][T10606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.831990][T10606] RIP: 0033:0x7fd53998ebe9 [ 612.832011][T10606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.832031][T10606] RSP: 002b:00007fd537bd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 612.832061][T10606] RAX: ffffffffffffffda RBX: 00007fd539bb6090 RCX: 00007fd53998ebe9 [ 612.832078][T10606] RDX: 00000000000004c1 RSI: 0000000000003d0e RDI: 0000000000000007 [ 612.832092][T10606] RBP: 00007fd537bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 612.832106][T10606] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001 [ 612.832119][T10606] R13: 00007fd539bb6128 R14: 00007fd539bb6090 R15: 00007fff0c7a8128 [ 612.832156][T10606] [ 613.207296][T10607] FAULT_INJECTION: forcing a failure. [ 613.207296][T10607] name failslab, interval 1, probability 0, space 0, times 0 [ 613.220510][T10607] CPU: 0 UID: 0 PID: 10607 Comm: syz.4.1277 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 613.220541][T10607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 613.220555][T10607] Call Trace: [ 613.220567][T10607] [ 613.220578][T10607] dump_stack_lvl+0x189/0x250 [ 613.220610][T10607] ? __pfx____ratelimit+0x10/0x10 [ 613.220635][T10607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 613.220660][T10607] ? __pfx__printk+0x10/0x10 [ 613.220693][T10607] ? __pfx___might_resched+0x10/0x10 [ 613.220718][T10607] ? fs_reclaim_acquire+0x7d/0x100 [ 613.220751][T10607] should_fail_ex+0x414/0x560 [ 613.220782][T10607] should_failslab+0xa8/0x100 [ 613.220810][T10607] __kmalloc_noprof+0xcb/0x4f0 [ 613.220842][T10607] ? tomoyo_encode+0x28b/0x550 [ 613.220882][T10607] tomoyo_encode+0x28b/0x550 [ 613.220919][T10607] tomoyo_realpath_from_path+0x58d/0x5d0 [ 613.220962][T10607] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 613.220987][T10607] tomoyo_path_number_perm+0x1e8/0x5a0 [ 613.221015][T10607] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 613.221040][T10607] ? __lock_acquire+0xab9/0xd20 [ 613.221110][T10607] ? __pfx_current_check_access_path+0x10/0x10 [ 613.221152][T10607] ? lookup_one_qstr_excl_raw+0x126/0x280 [ 613.221188][T10607] tomoyo_path_mkdir+0xa8/0xe0 [ 613.221228][T10607] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 613.221265][T10607] ? __pfx_filename_create+0x10/0x10 [ 613.221306][T10607] security_path_mkdir+0x171/0x380 [ 613.221344][T10607] do_mkdirat+0x1bd/0x590 [ 613.221377][T10607] ? strncpy_from_user+0xbb/0x290 [ 613.221413][T10607] ? __pfx_do_mkdirat+0x10/0x10 [ 613.221452][T10607] ? getname_flags+0x1e5/0x540 [ 613.221484][T10607] __x64_sys_mkdirat+0x87/0xa0 [ 613.221521][T10607] do_syscall_64+0xfa/0x3b0 [ 613.221549][T10607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.221570][T10607] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 613.221592][T10607] ? clear_bhb_loop+0x60/0xb0 [ 613.221620][T10607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.221643][T10607] RIP: 0033:0x7fac75b8ebe9 [ 613.221663][T10607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.221682][T10607] RSP: 002b:00007fac76ac3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 613.221706][T10607] RAX: ffffffffffffffda RBX: 00007fac75db6090 RCX: 00007fac75b8ebe9 [ 613.221722][T10607] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 613.221737][T10607] RBP: 00007fac76ac3090 R08: 0000000000000000 R09: 0000000000000000 [ 613.221751][T10607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.221764][T10607] R13: 00007fac75db6128 R14: 00007fac75db6090 R15: 00007ffeec8b6b18 [ 613.221801][T10607] [ 613.222039][T10607] ERROR: Out of memory at tomoyo_realpath_from_path. [ 613.593549][ T9551] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 613.911315][ T9551] usb 2-1: not running at top speed; connect to a high speed hub [ 613.935801][ T9551] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 613.988945][ T9551] usb 2-1: can't read configurations, error -22 [ 614.152691][ T9551] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 614.333989][ T9551] usb 2-1: not running at top speed; connect to a high speed hub [ 614.354438][ T9551] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 614.377615][ T9551] usb 2-1: can't read configurations, error -22 [ 614.414073][ T9551] usb usb2-port1: attempt power cycle [ 615.503665][ T9551] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 615.556045][ T9551] usb 2-1: not running at top speed; connect to a high speed hub [ 615.575866][ T9551] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 615.593584][ T9551] usb 2-1: can't read configurations, error -22 [ 617.199117][ T9551] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 617.233369][ T9551] usb 2-1: Using ep0 maxpacket: 8 [ 617.243049][ T9551] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 617.277527][ T9551] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 617.306377][ T9551] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 617.341448][ T9551] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 617.433861][ T9551] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 617.478583][ T9551] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.551476][T10637] FAULT_INJECTION: forcing a failure. [ 617.551476][T10637] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.622756][T10637] CPU: 0 UID: 0 PID: 10637 Comm: syz.3.1285 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 617.622790][T10637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 617.622803][T10637] Call Trace: [ 617.622813][T10637] [ 617.622823][T10637] dump_stack_lvl+0x189/0x250 [ 617.622854][T10637] ? __pfx____ratelimit+0x10/0x10 [ 617.622877][T10637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.622902][T10637] ? __pfx__printk+0x10/0x10 [ 617.622931][T10637] ? __might_fault+0xb0/0x130 [ 617.622965][T10637] should_fail_ex+0x414/0x560 [ 617.622993][T10637] _copy_from_iter+0x1db/0x16f0 [ 617.623025][T10637] ? rcu_is_watching+0x15/0xb0 [ 617.623049][T10637] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 617.623073][T10637] ? __pfx__copy_from_iter+0x10/0x10 [ 617.623102][T10637] ? __build_skb_around+0x257/0x3e0 [ 617.623135][T10637] ? netlink_sendmsg+0x642/0xb30 [ 617.623164][T10637] ? skb_put+0x11b/0x210 [ 617.623199][T10637] netlink_sendmsg+0x6b2/0xb30 [ 617.623241][T10637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.623281][T10637] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 617.623302][T10637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.623332][T10637] __sock_sendmsg+0x21c/0x270 [ 617.623359][T10637] ____sys_sendmsg+0x505/0x830 [ 617.623398][T10637] ? __pfx_____sys_sendmsg+0x10/0x10 [ 617.623440][T10637] ? import_iovec+0x74/0xa0 [ 617.623473][T10637] ___sys_sendmsg+0x21f/0x2a0 [ 617.623508][T10637] ? __pfx____sys_sendmsg+0x10/0x10 [ 617.623594][T10637] ? __fget_files+0x2a/0x420 [ 617.623619][T10637] ? __fget_files+0x3a0/0x420 [ 617.623655][T10637] __x64_sys_sendmsg+0x19b/0x260 [ 617.623692][T10637] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 617.623736][T10637] ? __pfx_ksys_write+0x10/0x10 [ 617.623754][T10637] ? rcu_is_watching+0x15/0xb0 [ 617.623783][T10637] ? do_syscall_64+0xbe/0x3b0 [ 617.623813][T10637] do_syscall_64+0xfa/0x3b0 [ 617.623836][T10637] ? lockdep_hardirqs_on+0x9c/0x150 [ 617.623858][T10637] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.623880][T10637] ? clear_bhb_loop+0x60/0xb0 [ 617.623907][T10637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.623928][T10637] RIP: 0033:0x7fd53998ebe9 [ 617.623948][T10637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.623968][T10637] RSP: 002b:00007fd537bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.623991][T10637] RAX: ffffffffffffffda RBX: 00007fd539bb5fa0 RCX: 00007fd53998ebe9 [ 617.624007][T10637] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 617.624021][T10637] RBP: 00007fd537bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 617.624035][T10637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.624047][T10637] R13: 00007fd539bb6038 R14: 00007fd539bb5fa0 R15: 00007fff0c7a8128 [ 617.624082][T10637] [ 617.909717][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.011812][ T9551] usb 2-1: GET_CAPABILITIES returned 0 [ 618.017630][ T9551] usbtmc 2-1:16.0: can't read capabilities [ 618.323472][T10633] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1283'. [ 618.361738][T10633] net_ratelimit: 75 callbacks suppressed [ 618.361761][T10633] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 618.408367][T10633] netlink: 'syz.1.1283': attribute type 3 has an invalid length. [ 618.419858][T10633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1283'. [ 618.502093][T10651] FAULT_INJECTION: forcing a failure. [ 618.502093][T10651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 618.515784][T10651] CPU: 0 UID: 0 PID: 10651 Comm: syz.3.1288 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 618.515815][T10651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 618.515829][T10651] Call Trace: [ 618.515839][T10651] [ 618.515850][T10651] dump_stack_lvl+0x189/0x250 [ 618.515881][T10651] ? __pfx____ratelimit+0x10/0x10 [ 618.515906][T10651] ? __pfx_dump_stack_lvl+0x10/0x10 [ 618.515932][T10651] ? __pfx__printk+0x10/0x10 [ 618.515961][T10651] ? __might_fault+0xb0/0x130 [ 618.515997][T10651] should_fail_ex+0x414/0x560 [ 618.516027][T10651] _copy_from_user+0x2d/0xb0 [ 618.516059][T10651] kstrtouint_from_user+0xc4/0x170 [ 618.516089][T10651] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 618.516135][T10651] proc_fail_nth_write+0x88/0x240 [ 618.516164][T10651] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 618.516198][T10651] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 618.516228][T10651] vfs_write+0x27e/0xa90 [ 618.516259][T10651] ? __pfx_vfs_write+0x10/0x10 [ 618.516282][T10651] ? __fget_files+0x2a/0x420 [ 618.516313][T10651] ? __fget_files+0x3a0/0x420 [ 618.516337][T10651] ? __fget_files+0x2a/0x420 [ 618.516374][T10651] ksys_write+0x145/0x250 [ 618.516398][T10651] ? __pfx_ksys_write+0x10/0x10 [ 618.516426][T10651] ? do_syscall_64+0xbe/0x3b0 [ 618.516456][T10651] do_syscall_64+0xfa/0x3b0 [ 618.516490][T10651] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.516512][T10651] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 618.516534][T10651] ? clear_bhb_loop+0x60/0xb0 [ 618.516561][T10651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.516584][T10651] RIP: 0033:0x7fd53998d69f [ 618.516604][T10651] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 618.516624][T10651] RSP: 002b:00007fd537bb4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 618.516648][T10651] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd53998d69f [ 618.516664][T10651] RDX: 0000000000000001 RSI: 00007fd537bb40a0 RDI: 0000000000000006 [ 618.516678][T10651] RBP: 00007fd537bb4090 R08: 0000000000000000 R09: 0000000000000000 [ 618.516692][T10651] R10: 0000000000000141 R11: 0000000000000293 R12: 0000000000000001 [ 618.516705][T10651] R13: 00007fd539bb6218 R14: 00007fd539bb6180 R15: 00007fff0c7a8128 [ 618.516738][T10651] [ 618.749800][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.827988][ T9551] usb 2-1: USB disconnect, device number 28 [ 619.164412][T10657] Can't find a SQUASHFS superblock on nullb0 [ 619.872024][T10669] netlink: 'syz.1.1294': attribute type 3 has an invalid length. [ 620.231859][T10672] fuse: Unknown parameter '`fd' [ 621.123951][T10677] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1293'. [ 621.166369][T10677] openvswitch: netlink: Flow key attr not present in new flow. [ 621.243062][T10680] trusted_key: encrypted_key: insufficient parameters specified [ 622.484329][T10694] FAULT_INJECTION: forcing a failure. [ 622.484329][T10694] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.508447][T10694] CPU: 0 UID: 0 PID: 10694 Comm: syz.0.1299 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 622.508479][T10694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 622.508493][T10694] Call Trace: [ 622.508501][T10694] [ 622.508511][T10694] dump_stack_lvl+0x189/0x250 [ 622.508537][T10694] ? __pfx____ratelimit+0x10/0x10 [ 622.508554][T10694] ? __pfx_dump_stack_lvl+0x10/0x10 [ 622.508571][T10694] ? __pfx__printk+0x10/0x10 [ 622.508591][T10694] ? __might_fault+0xb0/0x130 [ 622.508615][T10694] should_fail_ex+0x414/0x560 [ 622.508636][T10694] _copy_from_user+0x2d/0xb0 [ 622.508659][T10694] generic_map_update_batch+0x572/0x7f0 [ 622.508688][T10694] ? __pfx_generic_map_update_batch+0x10/0x10 [ 622.508707][T10694] ? __fget_files+0x2a/0x420 [ 622.508731][T10694] ? __pfx_generic_map_update_batch+0x10/0x10 [ 622.508749][T10694] bpf_map_do_batch+0x36c/0x5f0 [ 622.508768][T10694] __sys_bpf+0x384/0x860 [ 622.508792][T10694] ? __pfx___sys_bpf+0x10/0x10 [ 622.508825][T10694] ? ksys_write+0x22a/0x250 [ 622.508841][T10694] ? __pfx_ksys_write+0x10/0x10 [ 622.508861][T10694] __x64_sys_bpf+0x7c/0x90 [ 622.508883][T10694] do_syscall_64+0xfa/0x3b0 [ 622.508902][T10694] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.508917][T10694] ? asm_sysvec_call_function_single+0x1a/0x20 [ 622.508932][T10694] ? clear_bhb_loop+0x60/0xb0 [ 622.508951][T10694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.508966][T10694] RIP: 0033:0x7fc66e18ebe9 [ 622.508980][T10694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.508992][T10694] RSP: 002b:00007fc66ef88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 622.509009][T10694] RAX: ffffffffffffffda RBX: 00007fc66e3b6090 RCX: 00007fc66e18ebe9 [ 622.509020][T10694] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a [ 622.509030][T10694] RBP: 00007fc66ef88090 R08: 0000000000000000 R09: 0000000000000000 [ 622.509040][T10694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.509049][T10694] R13: 00007fc66e3b6128 R14: 00007fc66e3b6090 R15: 00007fff860c84b8 [ 622.509073][T10694] [ 622.723707][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.046695][T10700] FAULT_INJECTION: forcing a failure. [ 623.046695][T10700] name failslab, interval 1, probability 0, space 0, times 0 [ 623.060842][T10700] CPU: 0 UID: 0 PID: 10700 Comm: syz.1.1302 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 623.060872][T10700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 623.060886][T10700] Call Trace: [ 623.060896][T10700] [ 623.060905][T10700] dump_stack_lvl+0x189/0x250 [ 623.060937][T10700] ? __pfx____ratelimit+0x10/0x10 [ 623.060962][T10700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 623.060988][T10700] ? __pfx__printk+0x10/0x10 [ 623.061023][T10700] ? __pfx___might_resched+0x10/0x10 [ 623.061047][T10700] ? fs_reclaim_acquire+0x7d/0x100 [ 623.061080][T10700] should_fail_ex+0x414/0x560 [ 623.061111][T10700] should_failslab+0xa8/0x100 [ 623.061137][T10700] __kmalloc_cache_noprof+0x70/0x3d0 [ 623.061160][T10700] ? ip_set_create+0x348/0x1940 [ 623.061191][T10700] ip_set_create+0x348/0x1940 [ 623.061227][T10700] ? trace_contention_end+0x39/0x120 [ 623.061259][T10700] ? __pfx_ip_set_create+0x10/0x10 [ 623.061326][T10700] nfnetlink_rcv_msg+0xb4d/0x1130 [ 623.061358][T10700] ? irq_work_queue+0xbc/0x140 [ 623.061390][T10700] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 623.061437][T10700] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 623.061521][T10700] netlink_rcv_skb+0x205/0x470 [ 623.061550][T10700] ? finish_task_switch+0x18b/0x950 [ 623.061584][T10700] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 623.061611][T10700] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 623.061656][T10700] ? bpf_lsm_capable+0x9/0x20 [ 623.061684][T10700] ? security_capable+0x7e/0x2e0 [ 623.061721][T10700] nfnetlink_rcv+0x26a/0x2520 [ 623.061751][T10700] ? arch_stack_walk+0xfc/0x150 [ 623.061785][T10700] ? preempt_schedule_irq+0xb5/0x150 [ 623.061815][T10700] ? __pfx___schedule+0x10/0x10 [ 623.061843][T10700] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 623.061871][T10700] ? kasan_save_track+0x4f/0x80 [ 623.061913][T10700] ? __lock_acquire+0xab9/0xd20 [ 623.061962][T10700] ? __lock_acquire+0xab9/0xd20 [ 623.061996][T10700] ? netlink_deliver_tap+0x2e/0x1b0 [ 623.062035][T10700] ? netlink_deliver_tap+0x2e/0x1b0 [ 623.062066][T10700] ? netlink_deliver_tap+0x2e/0x1b0 [ 623.062105][T10700] netlink_unicast+0x75c/0x8e0 [ 623.062147][T10700] netlink_sendmsg+0x805/0xb30 [ 623.062177][T10700] ? bpf_trace_run4+0x19c/0x4a0 [ 623.062216][T10700] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.062259][T10700] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 623.062281][T10700] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.062314][T10700] __sock_sendmsg+0x21c/0x270 [ 623.062352][T10700] ____sys_sendmsg+0x505/0x830 [ 623.062394][T10700] ? __pfx_____sys_sendmsg+0x10/0x10 [ 623.062439][T10700] ? import_iovec+0x74/0xa0 [ 623.062475][T10700] ___sys_sendmsg+0x21f/0x2a0 [ 623.062513][T10700] ? __pfx____sys_sendmsg+0x10/0x10 [ 623.062591][T10700] ? __fget_files+0x2a/0x420 [ 623.062616][T10700] ? __fget_files+0x3a0/0x420 [ 623.062653][T10700] __x64_sys_sendmsg+0x19b/0x260 [ 623.062691][T10700] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 623.062755][T10700] do_syscall_64+0xfa/0x3b0 [ 623.062783][T10700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.062805][T10700] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 623.062826][T10700] ? clear_bhb_loop+0x60/0xb0 [ 623.062853][T10700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.062875][T10700] RIP: 0033:0x7fe617b8ebe9 [ 623.062895][T10700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.062914][T10700] RSP: 002b:00007fe61893d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 623.062937][T10700] RAX: ffffffffffffffda RBX: 00007fe617db6090 RCX: 00007fe617b8ebe9 [ 623.062954][T10700] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000008 [ 623.062968][T10700] RBP: 00007fe61893d090 R08: 0000000000000000 R09: 0000000000000000 [ 623.062982][T10700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.062994][T10700] R13: 00007fe617db6128 R14: 00007fe617db6090 R15: 00007ffef2ab9e48 [ 623.063030][T10700] [ 623.103125][ T9538] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 623.104903][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.457100][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.463195][ C0] hrtimer: interrupt took 400145210 ns [ 623.563215][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.812760][ T9538] usb 5-1: unable to get BOS descriptor or descriptor too short [ 623.947805][ T9538] usb 5-1: config 3 has an invalid interface number: 8 but max is 3 [ 623.959994][ T9538] usb 5-1: config 3 has an invalid descriptor of length 70, skipping remainder of the config [ 623.970955][ T9538] usb 5-1: config 3 has 1 interface, different from the descriptor's value: 4 [ 623.981945][ T9538] usb 5-1: config 3 has no interface number 0 [ 623.989270][ T9538] usb 5-1: config 3 interface 8 altsetting 6 endpoint 0x82 has an invalid bInterval 248, changing to 11 [ 624.001628][ T9538] usb 5-1: config 3 interface 8 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 624.015574][ T9538] usb 5-1: config 3 interface 8 has no altsetting 0 [ 624.026802][ T9538] usb 5-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=c2.be [ 624.103156][ T9538] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.111921][ T9538] usb 5-1: Product: syz [ 624.120675][ T9538] usb 5-1: Manufacturer: syz [ 624.125639][ T9538] usb 5-1: SerialNumber: syz [ 624.203037][ T9551] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 624.362781][ T9551] usb 3-1: Using ep0 maxpacket: 8 [ 624.379244][ T9551] usb 3-1: New USB device found, idVendor=10fd, idProduct=de00, bcdDevice= 0.01 [ 624.393402][ T9538] appledisplay 5-1:3.8: Error while getting initial brightness: -71 [ 624.399360][ T9551] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.422180][ C1] usb 5-1: appledisplay_complete - usb_submit_urb failed with result -1 [ 624.430556][ T9551] usb 3-1: Product: syz [ 624.434796][ T9538] appledisplay 5-1:3.8: probe with driver appledisplay failed with error -71 [ 624.460657][ T9538] usbhid 5-1:3.8: can't add hid device: -22 [ 624.472876][ T9551] usb 3-1: Manufacturer: syz [ 624.483564][ T9538] usbhid 5-1:3.8: probe with driver usbhid failed with error -22 [ 624.500019][ T9551] usb 3-1: SerialNumber: syz [ 624.503737][ T9538] usb 5-1: USB disconnect, device number 23 [ 624.511841][T10708] netlink: 'syz.1.1305': attribute type 3 has an invalid length. [ 624.663862][ T9551] usb 3-1: config 0 descriptor?? [ 624.674198][ T9551] go7007 3-1:0.0: The Lifeview TV Walker Ultra is not supported. Sorry! [ 624.787573][T10710] fuse: Unknown parameter '`fd' [ 625.177256][ T9551] usb 3-1: USB disconnect, device number 30 [ 628.153283][ T9548] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 628.312728][ T9548] usb 3-1: Using ep0 maxpacket: 16 [ 628.322868][ T9548] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.345092][ T9548] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.371806][ T9548] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 628.400807][ T9548] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.430614][ T9548] usb 3-1: config 0 descriptor?? [ 628.922232][ T9548] corsair 0003:1B1C:1B02.0005: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.2-1/input0 [ 629.894103][T10747] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1311'. [ 629.904806][T10747] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1311'. [ 629.992949][T10747] netlink: 'syz.2.1311': attribute type 5 has an invalid length. [ 630.019033][T10747] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1311'. [ 630.237870][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.248064][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.542784][T10765] netlink: 'syz.0.1317': attribute type 3 has an invalid length. [ 634.625581][T10780] Can't find a SQUASHFS superblock on nullb0 [ 636.304224][T10791] Invalid logical block size (6) [ 636.455970][ T9538] usb 3-1: USB disconnect, device number 31 [ 636.620743][T10798] Can't find a SQUASHFS superblock on nullb0 [ 637.913582][ T9538] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 638.152744][ T9538] usb 3-1: Using ep0 maxpacket: 8 [ 638.448475][ T9538] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 638.448512][ T9538] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.448535][ T9538] usb 3-1: Product: syz [ 638.448553][ T9538] usb 3-1: Manufacturer: syz [ 638.448570][ T9538] usb 3-1: SerialNumber: syz [ 638.456140][ T9538] usb 3-1: config 0 descriptor?? [ 638.661780][ T9538] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 639.012312][T10816] dlm: no local IP address has been set [ 639.012377][T10816] dlm: cannot start dlm midcomms -107 [ 639.081350][T10818] FAULT_INJECTION: forcing a failure. [ 639.081350][T10818] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 639.144803][T10818] CPU: 1 UID: 0 PID: 10818 Comm: syz.3.1335 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 639.144836][T10818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 639.144850][T10818] Call Trace: [ 639.144858][T10818] [ 639.144879][T10818] dump_stack_lvl+0x189/0x250 [ 639.144911][T10818] ? __pfx____ratelimit+0x10/0x10 [ 639.144935][T10818] ? __pfx_dump_stack_lvl+0x10/0x10 [ 639.144960][T10818] ? __pfx__printk+0x10/0x10 [ 639.144988][T10818] ? __might_fault+0xb0/0x130 [ 639.145023][T10818] should_fail_ex+0x414/0x560 [ 639.145053][T10818] _copy_from_iter+0x1db/0x16f0 [ 639.145080][T10818] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 639.145121][T10818] ? __pfx__copy_from_iter+0x10/0x10 [ 639.145148][T10818] ? policy_nodemask+0x27c/0x720 [ 639.145177][T10818] ? page_copy_sane+0x4e/0x280 [ 639.145205][T10818] copy_page_from_iter+0xdd/0x170 [ 639.145237][T10818] anon_pipe_write+0x99a/0x1360 [ 639.145288][T10818] ? __pfx_anon_pipe_write+0x10/0x10 [ 639.145311][T10818] ? io_submit_one+0x11f/0x1310 [ 639.145332][T10818] ? __se_sys_io_submit+0x185/0x2f0 [ 639.145350][T10818] ? do_syscall_64+0xfa/0x3b0 [ 639.145371][T10818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.145397][T10818] ? bpf_lsm_file_permission+0x9/0x20 [ 639.145419][T10818] ? security_file_permission+0x75/0x290 [ 639.145445][T10818] ? rw_verify_area+0x258/0x650 [ 639.145482][T10818] aio_write+0x535/0x7a0 [ 639.145513][T10818] ? __pfx_aio_write+0x10/0x10 [ 639.145552][T10818] ? __might_fault+0xb0/0x130 [ 639.145595][T10818] io_submit_one+0x78b/0x1310 [ 639.145638][T10818] ? __pfx_io_submit_one+0x10/0x10 [ 639.145664][T10818] ? __might_fault+0xb0/0x130 [ 639.145698][T10818] ? __might_fault+0xb0/0x130 [ 639.145724][T10818] __se_sys_io_submit+0x185/0x2f0 [ 639.145750][T10818] ? __pfx___se_sys_io_submit+0x10/0x10 [ 639.145770][T10818] ? ksys_write+0x22a/0x250 [ 639.145803][T10818] ? do_syscall_64+0xbe/0x3b0 [ 639.145832][T10818] do_syscall_64+0xfa/0x3b0 [ 639.145855][T10818] ? lockdep_hardirqs_on+0x9c/0x150 [ 639.145886][T10818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.145908][T10818] ? clear_bhb_loop+0x60/0xb0 [ 639.145935][T10818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.145957][T10818] RIP: 0033:0x7fd53998ebe9 [ 639.145975][T10818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.145995][T10818] RSP: 002b:00007fd537bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 639.146019][T10818] RAX: ffffffffffffffda RBX: 00007fd539bb5fa0 RCX: 00007fd53998ebe9 [ 639.146035][T10818] RDX: 0000200000000300 RSI: 0000000000000002 RDI: 00007fd53a703000 [ 639.146049][T10818] RBP: 00007fd537bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 639.146064][T10818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.146077][T10818] R13: 00007fd539bb6038 R14: 00007fd539bb5fa0 R15: 00007fff0c7a8128 [ 639.146112][T10818] [ 639.148812][T10803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 639.453627][T10803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 639.794408][ T9538] usb write operation failed. (-71) [ 639.816657][T10832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 639.826985][ T9538] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 639.853033][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 639.883423][ T9538] dvbdev: DVB: registering new adapter (Terratec H7) [ 639.890770][ T9538] usb 3-1: media controller created [ 639.961418][ T9538] usb read operation failed. (-71) [ 640.013124][ T9538] usb write operation failed. (-71) [ 640.035591][ T9538] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 640.076031][T10829] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 640.086391][ T9538] usb 3-1: USB disconnect, device number 32 [ 640.097247][T10829] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 640.146512][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 640.206764][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 640.702859][ T9544] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 640.874607][T10845] netlink: 'syz.4.1343': attribute type 3 has an invalid length. [ 641.045240][ T9544] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.065837][ T9544] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 641.150848][T10847] fuse: Unknown parameter '`fd' [ 641.245910][ T9544] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 641.417139][ T9544] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.563221][ T9544] usb 1-1: Product: syz [ 641.640200][ T9544] usb 1-1: Manufacturer: syz [ 641.954958][ T9544] usb 1-1: SerialNumber: syz [ 642.199395][T10840] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 643.009379][T10855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1345'. [ 643.082512][T10840] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 643.299548][ T9544] cdc_mbim 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 643.338935][ T9544] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 643.381011][ T9544] cdc_mbim 1-1:1.0: setting rx_max = 2048 [ 643.406541][ T9544] cdc_mbim 1-1:1.0: setting tx_max = 184 [ 643.449991][ T9544] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 643.486714][ T9544] wwan wwan0: port wwan0mbim0 attached [ 643.518852][ T9544] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 42:42:42:42:42:42 [ 643.647652][ T9538] usb 1-1: USB disconnect, device number 29 [ 643.659370][ T9538] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 643.768398][ T9538] wwan wwan0: port wwan0mbim0 disconnected [ 644.925918][T10875] Can't find a SQUASHFS superblock on nullb0 [ 646.339304][T10887] netlink: 'syz.0.1355': attribute type 3 has an invalid length. [ 646.626577][T10890] fuse: Unknown parameter '`fd' [ 646.649594][ T9551] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 647.480973][ T9551] usb 3-1: Using ep0 maxpacket: 32 [ 647.641488][ T9551] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 647.772690][ T9551] usb 3-1: config 0 has no interface number 0 [ 647.778897][ T9551] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 647.935913][ T9551] usb 3-1: config 0 interface 85 has no altsetting 0 [ 647.960546][T10892] Can't find a SQUASHFS superblock on nullb0 [ 647.970951][T10896] bridge: RTM_NEWNEIGH with invalid ether address [ 649.418204][T10898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 649.446752][T10898] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 649.596152][T10894] geneve3: entered promiscuous mode [ 649.601761][T10894] geneve3: entered allmulticast mode [ 649.711621][ T9551] usb 3-1: string descriptor 0 read error: -71 [ 649.745443][ T9551] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 649.773292][ T9551] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.813649][ T9551] usb 3-1: config 0 descriptor?? [ 649.821166][ T9551] usb 3-1: can't set config #0, error -71 [ 649.849812][ T9551] usb 3-1: USB disconnect, device number 33 [ 649.945515][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 650.552279][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 650.600176][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 650.640426][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 651.591129][T10921] xt_connbytes: Forcing CT accounting to be enabled [ 651.608942][T10921] Cannot find set identified by id 0 to match [ 652.432815][ T9544] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 653.214521][ T9544] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 653.332880][ T9544] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 653.373095][ T9544] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.386007][ T9544] usb 2-1: Product: syz [ 653.390529][ T9544] usb 2-1: Manufacturer: syz [ 653.395475][ T9544] usb 2-1: SerialNumber: syz [ 653.418930][ T9544] usb 2-1: config 0 descriptor?? [ 653.692726][T10935] netlink: 'syz.3.1368': attribute type 3 has an invalid length. [ 653.990837][T10937] fuse: Unknown parameter '`fd' [ 654.890619][T10942] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.898068][T10942] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.070783][T10942] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.079279][T10942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.087769][T10942] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.094949][T10942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 656.593048][T10952] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 656.599886][T10952] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 656.608607][T10952] vhci_hcd vhci_hcd.0: Device attached [ 656.890100][T10954] vhci_hcd: connection closed [ 656.897878][ T13] vhci_hcd: stop threads [ 656.913501][ T13] vhci_hcd: release socket [ 656.925890][ T13] vhci_hcd: disconnect device [ 656.960725][ T9544] usb 2-1: USB disconnect, device number 29 [ 657.006828][T10942] team0: Port device bridge0 added [ 658.576694][T10976] bridge2: entered allmulticast mode [ 658.657590][T10981] netlink: 'syz.1.1379': attribute type 3 has an invalid length. [ 658.941552][T10987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 658.964293][T10987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.172778][ T5914] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 659.372781][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 659.533450][ T5914] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 659.543767][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.551844][ T5914] usb 4-1: Product: syz [ 659.559617][ T5914] usb 4-1: Manufacturer: syz [ 659.564320][ T5914] usb 4-1: SerialNumber: syz [ 659.576915][ T5914] usb 4-1: config 0 descriptor?? [ 659.777235][T10994] fuse: Unknown parameter '`fd' [ 660.242467][T10996] Invalid logical block size (673) [ 660.352813][ T5914] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 660.386091][ T5914] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 660.411738][ T5914] usb 4-1: USB disconnect, device number 26 [ 661.103148][ T9544] libceph: connect (1)[c::]:6789 error -101 [ 661.112415][ T9544] libceph: mon0 (1)[c::]:6789 connect error [ 661.384887][ T9544] libceph: connect (1)[c::]:6789 error -101 [ 661.391218][ T9544] libceph: mon0 (1)[c::]:6789 connect error [ 661.705150][T11016] netlink: 'syz.3.1387': attribute type 1 has an invalid length. [ 661.899828][T11005] ceph: No mds server is up or the cluster is laggy [ 661.954886][T11016] 8021q: adding VLAN 0 to HW filter on device bond2 [ 661.986591][T11019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1388'. [ 662.092692][ T9544] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 662.300290][T11028] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 662.307894][ T9544] usb 4-1: Using ep0 maxpacket: 32 [ 662.346406][T11028] cramfs: wrong magic [ 662.377115][ T9544] usb 4-1: unable to get BOS descriptor or descriptor too short [ 662.396350][ T9544] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 662.814572][ T9544] usb 4-1: can't read configurations, error -71 [ 664.460944][T11048] FAULT_INJECTION: forcing a failure. [ 664.460944][T11048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 664.476400][T11048] CPU: 1 UID: 0 PID: 11048 Comm: syz.2.1396 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 664.476433][T11048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 664.476447][T11048] Call Trace: [ 664.476456][T11048] [ 664.476465][T11048] dump_stack_lvl+0x189/0x250 [ 664.476497][T11048] ? __pfx____ratelimit+0x10/0x10 [ 664.476520][T11048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 664.476545][T11048] ? __pfx__printk+0x10/0x10 [ 664.476573][T11048] ? __might_fault+0xb0/0x130 [ 664.476605][T11048] should_fail_ex+0x414/0x560 [ 664.476632][T11048] _copy_from_user+0x2d/0xb0 [ 664.476662][T11048] ___sys_recvmsg+0x12e/0x510 [ 664.476689][T11048] ? __pfx____sys_recvmsg+0x10/0x10 [ 664.476745][T11048] ? __might_fault+0xb0/0x130 [ 664.476770][T11048] do_recvmmsg+0x307/0x770 [ 664.476801][T11048] ? __pfx_do_recvmmsg+0x10/0x10 [ 664.476836][T11048] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 664.476882][T11048] __x64_sys_recvmmsg+0x190/0x240 [ 664.476906][T11048] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 664.476934][T11048] ? do_syscall_64+0xbe/0x3b0 [ 664.476963][T11048] do_syscall_64+0xfa/0x3b0 [ 664.476985][T11048] ? lockdep_hardirqs_on+0x9c/0x150 [ 664.477007][T11048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.477028][T11048] ? clear_bhb_loop+0x60/0xb0 [ 664.477054][T11048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.477075][T11048] RIP: 0033:0x7f8dc698ebe9 [ 664.477094][T11048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.477112][T11048] RSP: 002b:00007f8dc7892038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 664.477135][T11048] RAX: ffffffffffffffda RBX: 00007f8dc6bb6090 RCX: 00007f8dc698ebe9 [ 664.477151][T11048] RDX: 0000000000000414 RSI: 0000200000000840 RDI: 0000000000000005 [ 664.477165][T11048] RBP: 00007f8dc7892090 R08: 0000000000000000 R09: 0000000000000000 [ 664.477179][T11048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 664.477191][T11048] R13: 00007f8dc6bb6128 R14: 00007f8dc6bb6090 R15: 00007ffe326a6cb8 [ 664.477237][T11048] [ 665.379235][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 665.400668][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 665.409985][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 665.419175][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 665.608765][T11070] FAULT_INJECTION: forcing a failure. [ 665.608765][T11070] name failslab, interval 1, probability 0, space 0, times 0 [ 665.658374][T11070] CPU: 1 UID: 0 PID: 11070 Comm: syz.3.1405 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 665.658412][T11070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 665.658426][T11070] Call Trace: [ 665.658434][T11070] [ 665.658445][T11070] dump_stack_lvl+0x189/0x250 [ 665.658476][T11070] ? __pfx____ratelimit+0x10/0x10 [ 665.658500][T11070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 665.658525][T11070] ? __pfx__printk+0x10/0x10 [ 665.658561][T11070] ? __pfx___might_resched+0x10/0x10 [ 665.658584][T11070] ? fs_reclaim_acquire+0x7d/0x100 [ 665.658616][T11070] should_fail_ex+0x414/0x560 [ 665.658645][T11070] should_failslab+0xa8/0x100 [ 665.658671][T11070] kmem_cache_alloc_noprof+0x73/0x3c0 [ 665.658692][T11070] ? skb_clone+0x212/0x3a0 [ 665.658719][T11070] skb_clone+0x212/0x3a0 [ 665.658739][T11070] ? nfnetlink_rcv+0x486/0x2520 [ 665.658766][T11070] nfnetlink_rcv+0x4b4/0x2520 [ 665.658795][T11070] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 665.658824][T11070] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 665.658848][T11070] ? __dev_queue_xmit+0x27e/0x3a70 [ 665.658872][T11070] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.658906][T11070] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 665.658949][T11070] ? ref_tracker_free+0x63a/0x7d0 [ 665.658972][T11070] ? __copy_skb_header+0xa7/0x550 [ 665.658995][T11070] ? __pfx_ref_tracker_free+0x10/0x10 [ 665.659019][T11070] ? __skb_clone+0x63/0x7a0 [ 665.659045][T11070] ? __skb_clone+0x483/0x7a0 [ 665.659073][T11070] ? skb_clone+0x246/0x3a0 [ 665.659098][T11070] ? __netlink_deliver_tap+0x807/0x850 [ 665.659130][T11070] ? netlink_deliver_tap+0x2e/0x1b0 [ 665.659168][T11070] ? netlink_deliver_tap+0x2e/0x1b0 [ 665.659198][T11070] ? netlink_deliver_tap+0x2e/0x1b0 [ 665.659234][T11070] netlink_unicast+0x75c/0x8e0 [ 665.659275][T11070] netlink_sendmsg+0x805/0xb30 [ 665.659317][T11070] ? __pfx_netlink_sendmsg+0x10/0x10 [ 665.659365][T11070] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 665.659387][T11070] ? __pfx_netlink_sendmsg+0x10/0x10 [ 665.659420][T11070] __sock_sendmsg+0x21c/0x270 [ 665.659450][T11070] ____sys_sendmsg+0x505/0x830 [ 665.659491][T11070] ? __pfx_____sys_sendmsg+0x10/0x10 [ 665.659536][T11070] ? import_iovec+0x74/0xa0 [ 665.659571][T11070] ___sys_sendmsg+0x21f/0x2a0 [ 665.659608][T11070] ? __pfx____sys_sendmsg+0x10/0x10 [ 665.659683][T11070] ? __fget_files+0x2a/0x420 [ 665.659706][T11070] ? __fget_files+0x3a0/0x420 [ 665.659743][T11070] __x64_sys_sendmsg+0x19b/0x260 [ 665.659780][T11070] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 665.659825][T11070] ? __pfx_ksys_write+0x10/0x10 [ 665.659843][T11070] ? rcu_is_watching+0x15/0xb0 [ 665.659873][T11070] ? do_syscall_64+0xbe/0x3b0 [ 665.659902][T11070] do_syscall_64+0xfa/0x3b0 [ 665.659925][T11070] ? lockdep_hardirqs_on+0x9c/0x150 [ 665.659948][T11070] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.659970][T11070] ? clear_bhb_loop+0x60/0xb0 [ 665.659997][T11070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.660018][T11070] RIP: 0033:0x7fd53998ebe9 [ 665.660038][T11070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.660057][T11070] RSP: 002b:00007fd537bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 665.660081][T11070] RAX: ffffffffffffffda RBX: 00007fd539bb5fa0 RCX: 00007fd53998ebe9 [ 665.660097][T11070] RDX: 0000000024000000 RSI: 0000200000009b40 RDI: 0000000000000003 [ 665.660111][T11070] RBP: 00007fd537bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 665.660124][T11070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.660137][T11070] R13: 00007fd539bb6038 R14: 00007fd539bb5fa0 R15: 00007fff0c7a8128 [ 665.660170][T11070] [ 667.979468][T11092] sctp: [Deprecated]: syz.3.1407 (pid 11092) Use of struct sctp_assoc_value in delayed_ack socket option. [ 667.979468][T11092] Use struct sctp_sack_info instead [ 670.518628][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'. [ 670.573463][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'. [ 670.584362][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'. [ 670.594112][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'. [ 671.142730][T11117] Invalid source name [ 671.671163][T11119] Bluetooth: MGMT ver 1.23 [ 673.584515][T11135] affs: No valid root block on device nullb0 [ 673.653924][T11132] 9pnet_fd: Insufficient options for proto=fd [ 675.162902][T11148] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1427'. [ 675.172011][T11148] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1427'. [ 675.185064][T11148] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1427'. [ 675.198433][T11148] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1427'. [ 675.300493][T11157] Can't find a SQUASHFS superblock on nullb0 [ 676.868084][T11176] affs: No valid root block on device nullb0 [ 679.525888][ T5928] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 679.683022][ T5928] usb 2-1: Using ep0 maxpacket: 16 [ 679.905957][ T5928] usb 2-1: config 8 has an invalid interface number: 39 but max is 0 [ 679.920918][ T5928] usb 2-1: config 8 has no interface number 0 [ 679.947797][ T5928] usb 2-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 680.004632][T11223] affs: No valid root block on device nullb0 [ 680.184587][ T5928] usb 2-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 680.201324][ T5928] usb 2-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 680.212487][ T5928] usb 2-1: config 8 interface 39 has no altsetting 0 [ 680.377883][ T5928] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 680.393101][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 680.402377][ T5928] usb 2-1: Product: syz [ 680.964367][ T5928] usb 2-1: Manufacturer: syz [ 680.993125][ T5928] usb 2-1: SerialNumber: syz [ 682.033230][T11210] : entered promiscuous mode [ 682.041107][T11210] : left promiscuous mode [ 682.080858][ T5928] ipheth 2-1:8.39: ipheth_enable_ncm: usb_control_msg: 0 [ 682.093055][T11209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 682.332397][T11209] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 682.863168][ T5928] ipheth 2-1:8.39: Apple iPhone USB Ethernet device attached [ 683.060357][ T9535] usb 2-1: USB disconnect, device number 30 [ 683.063133][T11243] vlan2: entered promiscuous mode [ 683.121572][ T5856] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 683.132231][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: kworker/u9:7 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 683.132252][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 683.132264][ T5856] Workqueue: hci4 hci_rx_work [ 683.132283][ T5856] Call Trace: [ 683.132290][ T5856] [ 683.132298][ T5856] dump_stack_lvl+0x189/0x250 [ 683.132319][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 683.132341][ T5856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 683.132358][ T5856] ? __pfx__printk+0x10/0x10 [ 683.132380][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 683.132399][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 683.132419][ T5856] ? kernfs_path_from_node+0x22c/0x260 [ 683.132437][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 683.132459][ T5856] sysfs_create_dir_ns+0x259/0x280 [ 683.132504][ T5856] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 683.132525][ T5856] ? do_raw_spin_unlock+0x122/0x240 [ 683.132564][ T5856] kobject_add_internal+0x59f/0xb40 [ 683.132602][ T5856] kobject_add+0x155/0x220 [ 683.132636][ T5856] ? __pfx_kobject_add+0x10/0x10 [ 683.132661][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 683.132690][ T5856] ? get_device_parent+0x366/0x3a0 [ 683.132717][ T5856] device_add+0x408/0xb50 [ 683.132745][ T5856] hci_conn_add_sysfs+0xd5/0x1e0 [ 683.132774][ T5856] le_conn_complete_evt+0xc3a/0x1220 [ 683.132805][ T5856] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 683.132827][ T5856] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 683.132844][ T5856] ? __asan_memcpy+0x40/0x70 [ 683.132868][ T5856] ? __pfx___mutex_lock+0x10/0x10 [ 683.132886][ T5856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 683.132903][ T5856] ? skb_pull_data+0xfb/0x200 [ 683.132924][ T5856] hci_le_conn_complete_evt+0x187/0x450 [ 683.132950][ T5856] hci_event_packet+0x78c/0x1200 [ 683.132969][ T5856] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 683.132991][ T5856] ? __pfx_hci_event_packet+0x10/0x10 [ 683.133009][ T5856] ? kcov_remote_start+0x4d3/0x7f0 [ 683.133032][ T5856] ? lockdep_hardirqs_on+0x90/0x150 [ 683.133051][ T5856] ? hci_send_to_monitor+0xe2/0x570 [ 683.133075][ T5856] hci_rx_work+0x46a/0xe80 [ 683.133098][ T5856] ? process_scheduled_works+0x9ef/0x17b0 [ 683.133117][ T5856] process_scheduled_works+0xade/0x17b0 [ 683.133156][ T5856] ? __pfx_process_scheduled_works+0x10/0x10 [ 683.133187][ T5856] worker_thread+0x8a0/0xda0 [ 683.133225][ T5856] kthread+0x70e/0x8a0 [ 683.133249][ T5856] ? __pfx_worker_thread+0x10/0x10 [ 683.133265][ T5856] ? __pfx_kthread+0x10/0x10 [ 683.133287][ T5856] ? _raw_spin_unlock_irq+0x23/0x50 [ 683.133301][ T5856] ? lockdep_hardirqs_on+0x9c/0x150 [ 683.133316][ T5856] ? __pfx_kthread+0x10/0x10 [ 683.133337][ T5856] ret_from_fork+0x3fc/0x770 [ 683.133355][ T5856] ? __pfx_ret_from_fork+0x10/0x10 [ 683.133375][ T5856] ? __switch_to_asm+0x39/0x70 [ 683.133394][ T5856] ? __switch_to_asm+0x33/0x70 [ 683.133412][ T5856] ? __pfx_kthread+0x10/0x10 [ 683.133434][ T5856] ret_from_fork_asm+0x1a/0x30 [ 683.133466][ T5856] [ 683.420684][ T5856] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 683.435031][ T5856] Bluetooth: hci4: failed to register connection device [ 683.804818][ T9535] ipheth 2-1:8.39: Apple iPhone USB Ethernet now disconnected [ 685.379325][T11258] loop2: detected capacity change from 0 to 7 [ 685.411401][T11258] Dev loop2: unable to read RDB block 7 [ 685.544145][T11258] loop2: unable to read partition table [ 685.560466][T11258] loop2: partition table beyond EOD, truncated [ 685.579527][T11258] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 685.940717][T11273] xt_bpf: check failed: parse error [ 685.949076][T11273] overlayfs: failed to resolve './file1/file0': -2 [ 686.017455][T11275] affs: No valid root block on device nullb0 [ 687.395053][T11286] syz.4.1464: attempt to access beyond end of device [ 687.395053][T11286] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 687.408760][T11286] gfs2: error -5 reading superblock [ 688.112658][T11295] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1467'. [ 689.077021][T11301] netlink: 'syz.3.1470': attribute type 12 has an invalid length. [ 689.461931][T11315] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1473'. [ 689.472470][T11315] openvswitch: netlink: Flow key attr not present in new flow. [ 689.585947][ T5845] Bluetooth: hci4: command 0x0406 tx timeout [ 690.008332][T11322] affs: No valid root block on device nullb0 [ 691.020048][T11331] Can't find a SQUASHFS superblock on nullb0 [ 691.527736][ T30] audit: type=1326 audit(1755799184.011:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 691.679893][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.694103][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.974715][ T30] audit: type=1326 audit(1755799184.011:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.145929][ T30] audit: type=1326 audit(1755799184.061:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.198628][ T30] audit: type=1326 audit(1755799184.071:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.249533][ T30] audit: type=1326 audit(1755799184.261:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.322398][ T30] audit: type=1326 audit(1755799184.301:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.360417][ T30] audit: type=1326 audit(1755799184.301:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.383390][ T30] audit: type=1326 audit(1755799184.311:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.445933][T11346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 692.452754][ T30] audit: type=1326 audit(1755799184.311:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.486222][T11346] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 692.516594][ T30] audit: type=1326 audit(1755799184.321:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11332 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc66e18ebe9 code=0x7ffc0000 [ 692.774441][T11355] affs: No valid root block on device nullb0 [ 692.819555][T11358] xt_TPROXY: Can be used only with -p tcp or -p udp [ 693.282948][ T9544] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 693.518012][T11366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'. [ 693.527586][T11366] netlink: 'syz.4.1483': attribute type 14 has an invalid length. [ 693.545387][T11366] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 693.554609][T11366] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 693.563409][T11366] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 693.572161][T11366] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 693.584287][T11366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'. [ 693.593488][T11366] netlink: 'syz.4.1483': attribute type 14 has an invalid length. [ 693.733290][ T9544] usb 3-1: Using ep0 maxpacket: 16 [ 693.974750][T11369] syz.1.1490: attempt to access beyond end of device [ 693.974750][T11369] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 693.988008][T11369] syz.1.1490: attempt to access beyond end of device [ 693.988008][T11369] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 694.001020][T11369] Mount JFS Failure: -5 [ 696.073420][ T9544] usb 3-1: unable to get BOS descriptor or descriptor too short [ 696.083955][ T9544] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 696.103107][ T9544] usb 3-1: can't read configurations, error -71 [ 696.399721][T11380] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1491'. [ 697.347856][T11385] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1494'. [ 697.979767][T11390] block device autoloading is deprecated and will be removed. [ 698.530996][T11401] --map-set only usable from mangle table [ 699.169603][ T5935] IPVS: starting estimator thread 0... [ 699.263127][T11399] IPVS: using max 27 ests per chain, 64800 per kthread [ 701.377652][T11422] netlink: 'syz.4.1504': attribute type 3 has an invalid length. [ 701.649188][T11426] fuse: Unknown parameter '`fd' [ 705.041860][ T9548] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 705.208386][ T9548] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 705.219224][ T9548] usb 4-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 705.414726][ T9548] usb 4-1: config 2 interface 0 has no altsetting 0 [ 705.474290][T11450] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1511'. [ 705.820228][ T9548] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47 [ 705.833002][ T9548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.857008][ T9548] usb 4-1: Product: syz [ 705.871051][ T9548] usb 4-1: Manufacturer: syz [ 705.875947][ T9548] usb 4-1: SerialNumber: syz [ 706.150602][ T9548] usb 4-1: USB disconnect, device number 29 [ 706.393907][T11457] netlink: 'syz.1.1514': attribute type 3 has an invalid length. [ 707.015260][T11461] fuse: Unknown parameter '`fd' [ 707.888703][T11467] netlink: 'syz.0.1516': attribute type 3 has an invalid length. [ 708.272625][T11470] affs: No valid root block on device nullb0 [ 708.277335][T11476] fuse: Unknown parameter '`fd' [ 709.244320][T11485] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1523'. [ 709.254123][T11485] openvswitch: netlink: Flow key attr not present in new flow. [ 712.205203][T11516] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 712.222296][T11516] cramfs: wrong magic [ 712.755324][T11520] binder: 11518:11520 ioctl 400c620e 200000000000 returned -22 [ 713.071269][T11525] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1532'. [ 713.847653][T11527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1533'. [ 713.858021][T11527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1533'. [ 714.266414][T11531] netlink: 'syz.0.1535': attribute type 3 has an invalid length. [ 714.812978][ T9552] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 714.994842][ T9552] usb 3-1: Using ep0 maxpacket: 32 [ 715.018304][ T9552] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 715.027939][ T9552] usb 3-1: New USB device strings: Mfr=0, Product=151, SerialNumber=247 [ 715.039485][ T9552] usb 3-1: Product: syz [ 715.049767][ T9552] usb 3-1: SerialNumber: syz [ 715.101485][ T9552] usb 3-1: config 0 descriptor?? [ 715.474608][ T9552] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 716.089415][ T9552] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 716.114154][ T9552] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 716.121402][ T9552] usb 3-1: media controller created [ 716.195620][ T9552] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 716.439392][ T9552] az6027: usb out operation failed. (-71) [ 716.449850][ T9552] az6027: usb out operation failed. (-71) [ 716.458310][ T9552] stb0899_attach: Driver disabled by Kconfig [ 716.462219][T11531] fuse: Unknown parameter '`fd' [ 716.494584][ T9552] az6027: no front-end attached [ 716.494584][ T9552] [ 717.374206][ T9552] az6027: usb out operation failed. (-71) [ 717.380027][ T9552] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 717.390008][ T9552] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input16 [ 717.489225][ T9552] dvb-usb: schedule remote query interval to 400 msecs. [ 717.512753][ T9552] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 717.534788][ T9552] usb 3-1: USB disconnect, device number 36 [ 717.745758][T11560] netlink: 'syz.3.1543': attribute type 1 has an invalid length. [ 717.865320][ T9552] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 718.027953][T11560] 8021q: adding VLAN 0 to HW filter on device bond3 [ 718.154852][T11559] bond3: (slave gretap1): making interface the new active one [ 718.166190][T11559] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 718.324764][T11559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1543'. [ 719.833489][T11566] bond3 (unregistering): (slave gretap1): Releasing active interface [ 719.865101][T11566] bond3 (unregistering): Released all slaves [ 720.592180][T11580] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1549'. [ 722.214003][ T9548] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 722.315586][T11598] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 722.389262][ T9548] usb 5-1: config 0 has an invalid interface number: 207 but max is 0 [ 722.405842][ T9548] usb 5-1: config 0 has no interface number 0 [ 722.425402][ T9548] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 722.442709][ T9548] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.461274][ T9548] usb 5-1: Product: syz [ 722.470965][ T9548] usb 5-1: Manufacturer: syz [ 722.483415][ T9548] usb 5-1: SerialNumber: syz [ 722.500506][ T9548] usb 5-1: config 0 descriptor?? [ 722.524997][ T9548] qmi_wwan 5-1:0.207: bogus CDC Union: master=0, slave=1 [ 722.739305][T11594] overlayfs: missing 'lowerdir' [ 724.275115][ T5935] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 724.579128][ T5935] usb 4-1: Using ep0 maxpacket: 32 [ 724.590053][ T9548] qmi_wwan 5-1:0.207: probe with driver qmi_wwan failed with error -22 [ 724.617508][ T5935] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 724.647957][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=151, SerialNumber=247 [ 724.652875][ T9548] usb 5-1: USB disconnect, device number 24 [ 724.693076][ T5935] usb 4-1: Product: syz [ 724.707435][ T5935] usb 4-1: SerialNumber: syz [ 724.872428][ T6679] Bluetooth: hci5: Frame reassembly failed (-84) [ 724.940207][ T5935] usb 4-1: config 0 descriptor?? [ 725.281881][ T5935] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 725.318115][ T5935] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 725.542817][ T5935] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 726.476282][ T9536] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 726.633150][ T9536] usb 5-1: Using ep0 maxpacket: 32 [ 726.641931][ T9536] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 726.659172][ T9536] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 726.688422][ T9536] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 726.717560][ T9536] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.907667][ T9536] usb 5-1: config 0 descriptor?? [ 726.923586][ T9536] hub 5-1:0.0: USB hub found [ 726.942666][T11247] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 726.944101][ T5845] Bluetooth: hci5: command 0x1003 tx timeout [ 727.282469][ T9536] hub 5-1:0.0: 2 ports detected [ 728.307931][ T9536] hub 5-1:0.0: hub_hub_status failed (err = -32) [ 728.320481][ T9536] hub 5-1:0.0: config failed, can't get hub status (err -32) [ 728.335356][ T9536] usbhid 5-1:0.0: can't add hid device: -32 [ 728.348589][ T9536] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 728.613793][ T9536] usb 5-1: USB disconnect, device number 25 [ 730.252821][ T9536] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 730.434899][ T9536] usb 1-1: config 0 has an invalid interface number: 207 but max is 0 [ 730.453066][ T9536] usb 1-1: config 0 has no interface number 0 [ 730.474051][ T9536] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 730.487181][ T9536] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.496621][ T9536] usb 1-1: Product: syz [ 730.501473][ T9536] usb 1-1: Manufacturer: syz [ 730.511494][ T9536] usb 1-1: SerialNumber: syz [ 730.555256][ T9536] usb 1-1: config 0 descriptor?? [ 730.585006][ T9536] qmi_wwan 1-1:0.207: bogus CDC Union: master=0, slave=1 [ 730.603098][ T9535] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 730.773110][T11661] overlayfs: missing 'lowerdir' [ 730.783727][ T9535] usb 2-1: Using ep0 maxpacket: 32 [ 730.798057][ T9535] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 730.822006][ T9535] usb 2-1: New USB device strings: Mfr=0, Product=151, SerialNumber=247 [ 730.844781][ T9535] usb 2-1: Product: syz [ 730.859659][ T9535] usb 2-1: SerialNumber: syz [ 730.888655][ T9535] usb 2-1: config 0 descriptor?? [ 731.123219][ T9535] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 732.702384][T11680] syz.4.1575: attempt to access beyond end of device [ 732.702384][T11680] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 732.751814][T11680] gfs2: error -5 reading superblock [ 732.853049][ T9536] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22 [ 733.379968][T11682] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1576'. [ 733.389387][T11682] openvswitch: netlink: Flow key attr not present in new flow. [ 733.510140][ T9536] usb 1-1: USB disconnect, device number 30 [ 733.998292][T11690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1579'. [ 734.017130][T11690] : left promiscuous mode [ 734.746082][T11698] tipc: Started in network mode [ 734.751279][T11698] tipc: Node identity 8285c29cecf4, cluster identity 4711 [ 734.906893][T11698] tipc: Enabled bearer , priority 0 [ 735.040302][T11695] syzkaller0: entered promiscuous mode [ 735.046072][T11695] syzkaller0: entered allmulticast mode [ 735.092396][T11695] sch_tbf: peakrate 1 is lower than or equals to rate 6351032987968737070 ! [ 735.210365][T11694] tipc: Resetting bearer [ 735.254653][T11694] tipc: Disabling bearer [ 736.566509][T11708] Can't find a SQUASHFS superblock on nullb0 [ 737.245871][T11712] 9pnet_fd: Insufficient options for proto=fd [ 737.614189][T11719] netlink: 4528 bytes leftover after parsing attributes in process `syz.0.1588'. [ 737.666087][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1588'. [ 737.686754][T11719] netlink: 4528 bytes leftover after parsing attributes in process `syz.0.1588'. [ 738.513387][ T120] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 738.730615][ T120] usb 3-1: config 0 has an invalid interface number: 207 but max is 0 [ 738.787756][ T120] usb 3-1: config 0 has no interface number 0 [ 738.970553][ T120] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 739.018690][ T120] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.058329][ T120] usb 3-1: Product: syz [ 739.104273][ T120] usb 3-1: Manufacturer: syz [ 739.146687][ T120] usb 3-1: SerialNumber: syz [ 739.374574][ T120] usb 3-1: config 0 descriptor?? [ 739.627882][T11725] overlayfs: missing 'lowerdir' [ 739.704748][ T120] qmi_wwan 3-1:0.207: bogus CDC Union: master=0, slave=1 [ 741.050956][ T120] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22 [ 741.088504][ T120] usb 3-1: USB disconnect, device number 37 [ 741.481829][T11741] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1596'. [ 741.635687][T11746] hugetlbfs: syz.3.1595 (11746): Using mlock ulimits for SHM_HUGETLB is obsolete [ 742.150640][T11749] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 742.179158][T11749] cramfs: wrong magic [ 742.705817][T11752] netlink: 'syz.0.1597': attribute type 3 has an invalid length. [ 742.990216][T11755] fuse: Unknown parameter '`fd' [ 744.020173][T11756] 9pnet_fd: Insufficient options for proto=fd [ 746.987018][T11769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1601'. [ 747.033099][T11769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1601'. [ 747.727853][T11789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1607'. [ 748.403528][T11793] random: crng reseeded on system resumption [ 748.463079][T11800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1614'. [ 749.633008][ T120] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 749.763394][T11817] SET target dimension over the limit! [ 749.777069][ T120] usb 1-1: device descriptor read/64, error -71 [ 750.293122][ T9548] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 750.323067][ T120] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 750.462891][ T120] usb 1-1: device descriptor read/64, error -71 [ 750.462924][ T9548] usb 3-1: device descriptor read/64, error -71 [ 750.489130][T11823] netlink: 'syz.4.1620': attribute type 20 has an invalid length. [ 750.912676][ T9548] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 750.933762][ T120] usb usb1-port1: attempt power cycle [ 751.102705][ T9548] usb 3-1: device descriptor read/64, error -71 [ 751.333389][ T9548] usb usb3-port1: attempt power cycle [ 751.502765][ T120] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 751.534143][ T120] usb 1-1: device descriptor read/8, error -71 [ 751.674415][ T9548] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 751.900253][ T9548] usb 3-1: device not accepting address 40, error -71 [ 751.909820][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1623'. [ 751.924137][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1623'. [ 751.933481][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1623'. [ 751.942721][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1623'. [ 751.951745][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1623'. [ 752.145119][T11838] FAULT_INJECTION: forcing a failure. [ 752.145119][T11838] name failslab, interval 1, probability 0, space 0, times 0 [ 752.192810][T11838] CPU: 1 UID: 0 PID: 11838 Comm: syz.3.1627 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 752.192843][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 752.192857][T11838] Call Trace: [ 752.192867][T11838] [ 752.192877][T11838] dump_stack_lvl+0x189/0x250 [ 752.192908][T11838] ? __pfx____ratelimit+0x10/0x10 [ 752.192932][T11838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 752.192957][T11838] ? __pfx__printk+0x10/0x10 [ 752.192992][T11838] ? __pfx___might_resched+0x10/0x10 [ 752.193015][T11838] ? fs_reclaim_acquire+0x7d/0x100 [ 752.193047][T11838] should_fail_ex+0x414/0x560 [ 752.193076][T11838] should_failslab+0xa8/0x100 [ 752.193102][T11838] __kmalloc_noprof+0xcb/0x4f0 [ 752.193123][T11838] ? security_prepare_creds+0x52/0x390 [ 752.193155][T11838] security_prepare_creds+0x52/0x390 [ 752.193186][T11838] prepare_creds+0x497/0x6c0 [ 752.193221][T11838] lookup_user_key+0x2dd/0x1090 [ 752.193259][T11838] ? __pfx_lookup_user_key+0x10/0x10 [ 752.193284][T11838] ? __might_fault+0xb0/0x130 [ 752.193308][T11838] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 752.193356][T11838] __se_sys_add_key+0x2f5/0x400 [ 752.193382][T11838] ? __pfx___se_sys_add_key+0x10/0x10 [ 752.193422][T11838] ? do_syscall_64+0xbe/0x3b0 [ 752.193445][T11838] ? __x64_sys_add_key+0x20/0xc0 [ 752.193469][T11838] do_syscall_64+0xfa/0x3b0 [ 752.193492][T11838] ? lockdep_hardirqs_on+0x9c/0x150 [ 752.193515][T11838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.193537][T11838] ? clear_bhb_loop+0x60/0xb0 [ 752.193564][T11838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.193585][T11838] RIP: 0033:0x7fd53998ebe9 [ 752.193604][T11838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.193624][T11838] RSP: 002b:00007fd537bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 752.193653][T11838] RAX: ffffffffffffffda RBX: 00007fd539bb5fa0 RCX: 00007fd53998ebe9 [ 752.193670][T11838] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140 [ 752.193685][T11838] RBP: 00007fd537bf6090 R08: fffffffffffffffe R09: 0000000000000000 [ 752.193700][T11838] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001 [ 752.193713][T11838] R13: 00007fd539bb6038 R14: 00007fd539bb5fa0 R15: 00007fff0c7a8128 [ 752.193747][T11838] [ 753.165130][ T120] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 753.182378][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.188872][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.196241][ T120] usb 1-1: Using ep0 maxpacket: 16 [ 753.208240][ T120] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 753.220364][ T120] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 753.235616][ T120] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 753.246660][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.256811][ T120] usb 1-1: Product: syz [ 753.262212][ T120] usb 1-1: Manufacturer: syz [ 753.267444][ T120] usb 1-1: SerialNumber: syz [ 753.278813][ T120] usb 1-1: config 0 descriptor?? [ 753.288497][ T120] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 753.300502][ T120] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 753.522650][ T9548] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 753.653954][ T9548] usb 5-1: device descriptor read/64, error -71 [ 753.912917][ T9548] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 754.431322][ T120] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 754.441223][ T120] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 754.449033][ T120] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 754.456139][ T120] em28xx 1-1:0.0: No AC97 audio processor [ 754.575594][ T120] usb 1-1: USB disconnect, device number 34 [ 754.585564][ T120] em28xx 1-1:0.0: Disconnecting em28xx [ 754.598938][ T120] em28xx 1-1:0.0: Freeing device [ 754.624410][ T9548] usb 5-1: device descriptor read/64, error -71 [ 754.792877][ T9548] usb usb5-port1: attempt power cycle [ 754.975523][T11867] xt_CT: You must specify a L4 protocol and not use inversions on it [ 756.851522][T11878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1637'. [ 758.405350][T11894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1639'. [ 758.732071][ T9552] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 759.253069][ T9552] usb 3-1: Using ep0 maxpacket: 16 [ 759.291232][ T9552] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 759.311252][ T9552] usb 3-1: config 0 has no interface number 0 [ 759.328433][ T9552] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 759.377094][ T9552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.498574][T11914] tipc: Started in network mode [ 759.504653][T11914] tipc: Node identity ba418cc6189f, cluster identity 4711 [ 759.512781][T11914] tipc: Enabled bearer , priority 0 [ 759.530361][ T9552] usb 3-1: Product: syz [ 759.535808][ T9552] usb 3-1: Manufacturer: syz [ 759.540775][ T9552] usb 3-1: SerialNumber: syz [ 759.572810][T11914] syzkaller0: entered promiscuous mode [ 759.579095][T11914] syzkaller0: entered allmulticast mode [ 759.917107][ T9552] usb 3-1: config 0 descriptor?? [ 759.943063][ T9552] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 759.957803][T11912] delete_channel: no stack [ 760.000785][T11912] tipc: Resetting bearer [ 760.103930][T11912] tipc: Disabling bearer [ 760.981003][T11927] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1648'. [ 761.705476][ T9552] gspca_spca1528: reg_w err -110 [ 761.826423][ T9552] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110 [ 763.273403][ T9552] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 763.568486][ T9552] usb 5-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 763.605587][ T9552] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.656015][ T9552] usb 5-1: Product: syz [ 763.670627][ T9552] usb 5-1: Manufacturer: syz [ 763.688621][ T9552] usb 5-1: SerialNumber: syz [ 763.736912][ T9552] usb 5-1: config 0 descriptor?? [ 763.799516][ T9552] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 763.966087][ T9544] usb 3-1: USB disconnect, device number 42 [ 764.347476][ T9552] sonixb 5-1:0.0: Error reading register 00: -110 [ 764.456101][T11942] xt_bpf: check failed: parse error [ 764.464871][T11942] overlayfs: failed to resolve './file1/file0': -2 [ 764.478052][ T9536] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 764.686818][ T9536] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 764.706925][ T9536] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 764.730419][ T9536] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 764.760710][ T9536] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.954111][ T9544] usb 5-1: USB disconnect, device number 29 [ 765.468998][ T9536] usb 3-1: GET_CAPABILITIES returned 0 [ 765.478766][ T9536] usbtmc 3-1:16.0: can't read capabilities [ 765.522300][ T9552] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 765.546906][ T9552] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 765.682278][ T9536] usb 3-1: USB disconnect, device number 43 [ 768.746457][T11998] netlink: 'syz.4.1668': attribute type 10 has an invalid length. [ 768.772337][T11998] team0: Device veth0_vlan failed to register rx_handler [ 770.160505][T12000] 9pnet_fd: Insufficient options for proto=fd [ 770.862982][T12023] 9pnet_fd: Insufficient options for proto=fd [ 771.091542][T12027] vxcan1: entered allmulticast mode [ 771.383221][T12040] syz_tun: entered allmulticast mode [ 771.399314][T12038] syz_tun: left allmulticast mode [ 771.516637][T12049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1687'. [ 771.570391][T12043] netlink: 'syz.1.1685': attribute type 1 has an invalid length. [ 771.751932][T12057] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 772.658505][T12088] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1700'. [ 772.694676][T12088] openvswitch: netlink: Flow actions attr not present in new flow. [ 773.377514][T12096] infiniband syz1: set down [ 773.390197][T12096] infiniband syz1: added ipvlan0 [ 773.506423][T12096] RDS/IB: syz1: added [ 773.511638][T12096] smc: adding ib device syz1 with port count 1 [ 773.531690][T12096] smc: ib device syz1 port 1 has pnetid [ 773.667724][T12127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1717'. [ 773.677231][T12127] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1717'. [ 773.801971][T12131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1719'. [ 773.827361][T12131] macvtap1: entered promiscuous mode [ 773.833400][T12131] syz_tun: entered promiscuous mode [ 773.838991][T12131] macvtap1: entered allmulticast mode [ 773.848537][T12131] syz_tun: entered allmulticast mode [ 773.995514][T12136] tipc: Enabling of bearer rejected, failed to enable media [ 774.732006][T12165] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1728'. [ 776.126583][T12194] sctp: [Deprecated]: syz.3.1741 (pid 12194) Use of struct sctp_assoc_value in delayed_ack socket option. [ 776.126583][T12194] Use struct sctp_sack_info instead [ 776.436796][T12130] siw: device registration error -23 [ 776.632228][T12202] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.641289][T12202] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.686883][T12202] team0: Port device bridge0 removed [ 776.698334][T12202] bridge_slave_0: left allmulticast mode [ 776.705199][T12202] bridge_slave_0: left promiscuous mode [ 776.711078][T12202] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.766305][T12210] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1748'. [ 776.789649][T12202] bridge_slave_1: left allmulticast mode [ 776.804432][T12202] bridge_slave_1: left promiscuous mode [ 776.810644][T12202] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.843707][T12202] bond0: (slave bond_slave_0): Releasing backup interface [ 776.892156][T12202] bond0: (slave bond_slave_1): Releasing backup interface [ 776.961364][T12202] team0: Failed to send options change via netlink (err -105) [ 776.972217][T12202] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 777.024283][T12202] team0: Port device team_slave_0 removed [ 777.048620][T12202] team0: Failed to send options change via netlink (err -105) [ 777.069756][T12202] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 777.089289][T12202] team0: Port device team_slave_1 removed [ 777.098421][T12202] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 777.107340][T12202] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 777.117991][T12202] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 777.126210][T12202] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 777.152094][T12229] [ 777.155447][T12229] ============================= [ 777.160374][T12229] WARNING: suspicious RCU usage [ 777.165655][T12229] 6.16.0-syzkaller #0 Not tainted [ 777.171045][T12229] ----------------------------- [ 777.176550][T12229] net/core/netclassid_cgroup.c:24 suspicious rcu_dereference_check() usage! [ 777.185691][T12229] [ 777.185691][T12229] other info that might help us debug this: [ 777.185691][T12229] [ 777.196394][T12229] [ 777.196394][T12229] rcu_scheduler_active = 2, debug_locks = 1 [ 777.204744][T12229] 1 lock held by syz.4.1753/12229: [ 777.209958][T12229] #0: ffffffff8e13f2c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80 [ 777.220391][T12229] [ 777.220391][T12229] stack backtrace: [ 777.226400][T12229] CPU: 0 UID: 0 PID: 12229 Comm: syz.4.1753 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 777.226429][T12229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 777.226444][T12229] Call Trace: [ 777.226453][T12229] [ 777.226463][T12229] dump_stack_lvl+0x189/0x250 [ 777.226500][T12229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 777.226527][T12229] ? __pfx__printk+0x10/0x10 [ 777.226562][T12229] ? print_lock_name+0xde/0x100 [ 777.226597][T12229] lockdep_rcu_suspicious+0x140/0x1d0 [ 777.226627][T12229] task_cls_state+0x1a5/0x1d0 [ 777.226653][T12229] bpf_get_cgroup_classid_curr+0x18/0x60 [ 777.226684][T12229] bpf_prog_c722f05f3cd1c514+0x77/0x7d [ 777.226708][T12229] bpf_prog_run_pin_on_cpu+0x67/0x150 [ 777.226748][T12229] bpf_prog_test_run_syscall+0x312/0x4b0 [ 777.226786][T12229] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 777.226818][T12229] ? __fget_files+0x2a/0x420 [ 777.226850][T12229] ? __pfx_bpf_prog_test_run_syscall+0x10/0x10 [ 777.226886][T12229] bpf_prog_test_run+0x2c7/0x340 [ 777.226927][T12229] __sys_bpf+0x4a4/0x860 [ 777.226963][T12229] ? __pfx___sys_bpf+0x10/0x10 [ 777.227017][T12229] ? rcu_is_watching+0x15/0xb0 [ 777.227050][T12229] __x64_sys_bpf+0x7c/0x90 [ 777.227079][T12229] do_syscall_64+0xfa/0x3b0 [ 777.227112][T12229] ? lockdep_hardirqs_on+0x9c/0x150 [ 777.227135][T12229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.227157][T12229] ? clear_bhb_loop+0x60/0xb0 [ 777.227186][T12229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.227209][T12229] RIP: 0033:0x7fac75b8ebe9 [ 777.227229][T12229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 777.227250][T12229] RSP: 002b:00007fac76ae4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 777.227274][T12229] RAX: ffffffffffffffda RBX: 00007fac75db5fa0 RCX: 00007fac75b8ebe9 [ 777.227292][T12229] RDX: 0000000000000048 RSI: 0000200000000500 RDI: 000000000000000a [ 777.227307][T12229] RBP: 00007fac75c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 777.227321][T12229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 777.227335][T12229] R13: 00007fac75db6038 R14: 00007fac75db5fa0 R15: 00007ffeec8b6b18 [ 777.227372][T12229]