last executing test programs: 7.244740966s ago: executing program 0 (id=1097): r0 = socket(0x10, 0x807, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$audio(0xffffffffffffff9c, 0x0, 0x109142, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r3, 0x8010500d, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1) r6 = eventfd(0x5f0) r7 = accept4$inet6(r0, 0x0, &(0x7f00000002c0), 0x80800) setsockopt(r7, 0x2, 0x9, &(0x7f0000000300)="1122ab09f8c6d13e32c5a43ec57a6d8b14edc0b145c03667f141eccfc56862f72fbd0c415253a21f71c638ca15f0d81afffbfe076a24c1229b15e20192d2d1d4c4097121635ae076db4415c6241dd8beeef00e9924a0fae85583b698a0c917d8b68f4c6bfe86d73b8204c772cb364ba354cf9742c05115c2f5c66a1bb4df50ff9ad54b849fc0d83b57e55189e0929c8eb8291223ffb4ed5c55e2261de6a3dd8c7fce140b4ddbdfc7512c9fe19a125744f92a24235758f3020f8800a166a9e5a419b5bc30c10e30faf2b9229f6058e264b50004a3a148bd3c405eeed7ff60c76832faabc581ca2e4c9a59b3cb", 0xec) ioctl$KVM_IOEVENTFD(r5, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x5000, 0x0, r6}) 6.967967678s ago: executing program 1 (id=1099): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cf", 0x2, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0x10, 0x80000, 0x3) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x0) unlinkat(r4, &(0x7f00000000c0)='./bus\x00', 0x200) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) socket(0x400000000010, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r5, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x36, r4}, 0x94) r7 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000000)=r6, 0x4) 5.76408369s ago: executing program 4 (id=1102): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x30bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x700}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c014) 4.976379312s ago: executing program 4 (id=1104): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1, 0x8}, &(0x7f00000000c0)=0x8) sendmmsg$inet_sctp(r0, &(0x7f0000003640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@sndinfo={0x24, 0x84, 0x2, {0x6, 0x208, 0xff, 0x8, r2}}], 0x20, 0x4c004}], 0x1, 0x10) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={r1, 0x100}, 0x8) 4.766504146s ago: executing program 0 (id=1105): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x28}, 0x1, 0x0, 0x0, 0xc00}, 0x0) r0 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/120, 0x78}], 0x1) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x2936, 0x100000000000000, 0x0, 0x0) 4.632103022s ago: executing program 4 (id=1107): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x40000005, 0x4) recvmmsg(r0, &(0x7f0000001140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001100)=""/28, 0x1c}, 0x3ff}], 0x1, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000001c0)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESDEC=r0, @ANYBLOB="aea090aa80fe9d6c433cf5837acafbfc6fb4a180450593fabdca807f8e8aafb9c30749fdbb1877e0c43bbe0752759b2ea466d08a1cfe91df69429d564eb6448e70e0cfa5ec7be2fb465460e82aed2e56e5cfba80cc830cfe9488c979a63844c22a7f521700dcb10c4149", @ANYRESOCT=r0], 0x0) 4.465846708s ago: executing program 0 (id=1109): pipe2(&(0x7f0000000040)={0x0, 0x0}, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) socket(0x26, 0x4, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) pivot_root(&(0x7f0000002780)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r4]) r5 = getpid() syz_pidfd_open(r5, 0x0) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) kcmp(r5, r6, 0x4, r1, 0xffffffffffffffff) ioctl$KVM_GET_VCPU_EVENTS(r4, 0xc048aeca, &(0x7f0000000080)) 4.304189578s ago: executing program 2 (id=1110): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000006800010028bd70000000000002000000000000000600070008000000100008800c000100000000000000000008000500", @ANYRES32=r2], 0x38}}, 0x44010) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000580b68180000000000000000000200003332600700552d8d8477fc91abc99800000900020073797a3100000000bb000780080013000000000008001240fffffff70500050002000000050004000100000016000310dffc510dd4e1b7972456686173683a6e657404709a53f2b69841c255a0c9c57747a7141aa371739dc2cbf86fd5495436aa63fbaf3d8893b67e392b56b5bfa7dd99548b12d51eefc6d639fb76cd4dcd507f36dfb25444ef4d415f94443378ad126c8b801697e5cc8c7e7c41c6377fe2440090ae55f3824e44aaaafd277440d0b7c01ee86f74f9f66a0e8e0399abce317c2e79a1d6a2006b5729d3a799dd46aa040bcbf495280910f486078ffdb18708b5012103518899b2b416639c81c32bfe5fc5d7208a0b16a50336dc3d390044c8db0a6c734934e74fa9251620e55bdaea6f79ee63da3cc6522e1106c042e7653f6728bfc2943c6702000000"], 0x64}, 0x1, 0x0, 0x0, 0x4004800}, 0x20048888) 4.188852143s ago: executing program 2 (id=1111): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, 0x0) 4.159341259s ago: executing program 1 (id=1112): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001e00)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, '\x00', 0xc}, 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000180)="9d7bb8233d3efd0c277310535f2c161fb583696bdbb5a02c2269ef3c3cd11028792d4f2e80030d5de75cfb267c2e4b68ec0ddbd5a82130d2886d677054525217a109315b808bd3fcf0162ab2d66b010b17f14f5d78f57e6778e2594de9be8167147b8442db108f64b8841d4ff090ce899e9a64010da0a017d0b4453c0930c24b23882fcfa7de55e9a153cf2ea7ce39d1750f3b1744f4673bd1b3abb7c2c42ae88366d8ef", 0xa4}, {&(0x7f0000000400)="0d571f7af9f7ffae118c786ae0fb1291c3ba3b724d5209e4c211e2fb825ca23fd253e98cfd95ffdeafbfeb6039f8ee34d38faa0a5aa4f6a238b1867760c0d1ad8bd315e109a4a48e90f9d3bdd71bd873e83b15ad4f74c27c4d7fdfd4c3bc736302f9bc007a540cd6cf7bfff30944e7e9bce4d241988e8f02c28dc40c58a01f420f5bcee785d20a836b911cd7fe6f8b2157414007421a1856a8a05164eca1d0907655f786e3067edf892bc3d5ad83dc447c89d88f4a4c8a633cc39cb2ddbf3f6c7733fbc188490fb9a129c9343280752fcefba107af4bb02264", 0xd9}, {&(0x7f0000000500)="5d179e642885b6471aea0d92c7c14695e0fa90c0c265e4eed581d0202ebbbc40d248b053c3705a12f1c10421b4c984ed154846540876bfa3af97262d0d79313f974921261e209931b8db5dc888008169d223bf339ba5a6c7563cc2ab301a4ba737b390139d3d2d1dc9a89c664f49599e7083f87bca163bf69298a477692cd2f297ff3acdb4c99fc281cefaba751e2693", 0x90}], 0x3}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000005c0)="c153d97274263f3f873099d172189fd329f8f5cbbc", 0x15}, {&(0x7f0000000600)="bc545688631e58f560b4a724d67bcebcaacb24da78ca3bb5c7a3227d04e4e613ec80e96bef992bef7663aa18bf2c088e925f6c8ee02238fe595a3833cf78f7b4368ed3162af6c783de96190e717e52397f4871ed95ec269c6d3d2434d1f2a1156ccd8cb1d98f96c44082dc371f0b19b9c7c618cca5caa8fcaf426c35304ec7c925d8aa0d8d940e944065b0cba8de324d37e938f7d366d63ae99ea9ec11", 0x9d}, {&(0x7f00000006c0)="b179a8d5ee75d56f25769421405562ec2b", 0x11}, {&(0x7f0000000700)="51e8e4df8ed385e9b52249589b5d06d3ea9034ed9147b503e296b2edaa90fd88ef3cec148bb3bccb581aa9efb4c152dac0fa1914d62f25e2f10cb418c0bbd90dcf684f020c638c8af9ec87ff1034bc6ce753214478b788ee9e7a78ea752f3c919e116dcdb8dc012704ab3e8b2f0dcd1e9779458fc19e739e7df8ed2afbd53dce3e3132ba7e792537ddcb85a8aed56ec85cc7a80b08ddc5c94fa676674057e515563238e29c343eb960d66af4090fbfc7e41bd02d1a4cc750f7a7a024f2b14a168969dae34fa4be9fd4d2e8d9f9333e4bc76752f10c69e495ff6480473f55a6a5ae94445a44", 0xe5}, {&(0x7f0000000800)="49383c4aeb9c12bead1a80c1487c656b32a7104ba1713b0eb9dc4a564045a550dd8027ab9c7fde3c4064d9a6e4af884f6ea337929ff0657d938d40cc14be552f34212efc0fd1af1e2121f4c772533bbc4dc2", 0x52}, {&(0x7f0000000880)="e85df881885056d782603f2d984367a9d459163aed32f89e72b2d6e4975c0af88cffd2a8dde6bae8ef21b4c09112782543e3063060933cc77252204e97bdc10bb6e43b3a17509505e4a41f199cca753079fa9bc39c46f30d57ec995d1c0a0cd947a6e1e0fc9bd103fea8826a1f4332bc96df4933af289996445914352f9214bf2eea37911fd197d13cc9cb35deba8ca5dc1d3aafb4585146f9bc7eccdc607b3865c21e6eff65ab4b449db40ef719b7", 0xaf}, {&(0x7f0000000940)="d19c761822f05e713bd19c72bb935c89a8aad4b7edfe6db0375dd3bd7d192e22159e50a18bd91d7dc45bf73aef72b44b8306e86089e950e5b89e366c5d6a49fdf212a2228031c48afe0d666f65e648c88384f75cde651c3f4ded9ed39e4658bd4c6d56f875cc6ca3a0959084", 0x6c}, {&(0x7f00000009c0)="baabfe1fccc0cc245c68f92ef0f767ff5fe963ddca77029ef3034b737fbc0923ccd3431d751eef833daa3bf78771835d90a536542c27c52bc7952bcdb58b310987c904129e525699e2e586e51b1b4195b48d34014114898ced47fce30ab962f9287e5ba17ce075986b5ebf73bac2228d4d81b0d6", 0x74}], 0x8}}], 0x2, 0x24048040) 4.012052819s ago: executing program 0 (id=1113): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x3, 0x9, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0xe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0xd], [0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x9fb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}, 0x45c) ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) write$input_event(r0, 0x0, 0x0) 3.93420204s ago: executing program 2 (id=1114): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100)=0x1) syz_clone3(&(0x7f00000007c0)={0x140201100, 0x0, 0x0, 0x0, {0x40000c}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) lseek(r1, 0xfffffffffffffffe, 0x4) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) madvise(&(0x7f0000a10000/0x3000)=nil, 0x3000, 0x11) munlock(&(0x7f0000a0e000/0x4000)=nil, 0x4000) r2 = socket$inet(0x2, 0x2000000080002, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, 0x0, 0x108) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, &(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x200, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0x0, 0x6a9f0eede9332711}, {0x2, 0xffff}, {0xe, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44041}, 0x10) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000080)=""/4060, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r4, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000004c40)={'syztnl0\x00', &(0x7f0000004b80)={'syztnl2\x00', 0x0, 0x7800, 0x8, 0x0, 0x25, {{0x24, 0x4, 0x0, 0x9, 0x90, 0x65, 0x0, 0x7, 0x29, 0x0, @loopback, @broadcast, {[@timestamp_addr={0x44, 0x34, 0xe2, 0x1, 0xc, [{@dev={0xac, 0x14, 0x14, 0x34}, 0xbf}, {@private=0xa010101, 0xa2c}, {@local, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x80000001}, {@private=0xa010101, 0x6}, {@local, 0x10000}]}, @generic={0x83, 0xf, "eea411ad2a0e7f45cfd9cfeb19"}, @rr={0x7, 0xf, 0x8, [@multicast2, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0x28}]}, @timestamp={0x44, 0x28, 0x55, 0x0, 0x9, [0x5, 0x5, 0x1, 0x4, 0x3ff, 0x0, 0x5, 0x3, 0x6]}]}}}}}) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x61, &(0x7f00000004c0)={0x0, 0x3, 0x14}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) 3.924137652s ago: executing program 1 (id=1115): r0 = socket(0x10, 0x807, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$audio(0xffffffffffffff9c, 0x0, 0x109142, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r3, 0x8010500d, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1) r6 = eventfd(0x5f0) r7 = accept4$inet6(r0, 0x0, &(0x7f00000002c0), 0x80800) setsockopt(r7, 0x2, 0x9, &(0x7f0000000300)="1122ab09f8c6d13e32c5a43ec57a6d8b14edc0b145c03667f141eccfc56862f72fbd0c415253a21f71c638ca15f0d81afffbfe076a24c1229b15e20192d2d1d4c4097121635ae076db4415c6241dd8beeef00e9924a0fae85583b698a0c917d8b68f4c6bfe86d73b8204c772cb364ba354cf9742c05115c2f5c66a1bb4df50ff9ad54b849fc0d83b57e55189e0929c8eb8291223ffb4ed5c55e2261de6a3dd8c7fce140b4ddbdfc7512c9fe19a125744f92a24235758f3020f8800a166a9e5a419b5bc30c10e30faf2b9229f6058e264b50004a3a148bd3c405eeed7ff60c76832faabc581ca2e4c9a59b3cb", 0xec) ioctl$KVM_IOEVENTFD(r5, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x5000, 0x0, r6}) 3.80474286s ago: executing program 0 (id=1116): r0 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000080)=ANY=[], 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000000140)={&(0x7f0000000180), 0x0, 0xffa2}) r3 = dup3(r1, r2, 0x0) ioctl$MON_IOCX_GETX(r3, 0x4018920a, &(0x7f00000000c0)={&(0x7f00000012c0), &(0x7f0000002340)=""/4118, 0x1016}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2) syz_usb_connect$cdc_ncm(0x3, 0x94, &(0x7f00000001c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x82, 0x2, 0x1, 0xff, 0x50, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "1d6051"}, {0x5, 0x24, 0x0, 0x66d5}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x8, 0x3, 0x5}, {0x6, 0x24, 0x1a, 0x1, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x281f, 0x9, 0x6}, @mdlm_detail={0x1b, 0x24, 0x13, 0x9, "b020ceb5edeb48feae460eb7afdb98d42964dee5ac3441"}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x4, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x7, 0x64, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x2, 0x1, 0x9}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0x1, 0x9, 0xd, 0x10, 0x3}, 0x25, &(0x7f0000000280)={0x5, 0xf, 0x25, 0x1, [@ssp_cap={0x20, 0x10, 0xa, 0xa9, 0x5, 0x7, 0xf, 0x7fff, [0xff0000, 0xf, 0xc0ff, 0xff0030, 0x0]}]}, 0x2, [{0x9f, &(0x7f0000000380)=@string={0x9f, 0x3, "c62421c73512231ef709b800cc5b9990f53a7f6372665643c56e7f562a91e708844222e48d14fcc01a856c3f14b706cb93db3101cbdb12ed7292b160a6095e767a79d48713efa8cfc7f29ddcd5d6aa03b8c0f8645dbec53b6cc86a68275482dbf2dfd05ba600741e23b86081a3383fa4b53db2339f06f72e2bb9c766e67f4f280c2aa66d0c4bba186944bb0a527fc48c6677484d9ebf15e847b2a0640a"}}, {0x40, &(0x7f00000002c0)=@string={0x40, 0x3, "b43db4315a0ea16acc4db06eec65717a133409de2f04c4d621ed88f705bf3df9e3535604989a0d05d6078bab832010f80a9c9b45341a321d2b9ecff99339"}}]}) lsm_get_self_attr(0x68, 0x0, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r4 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x20000) ioctl$HIDIOCGUSAGE(r4, 0xc018480b, 0x0) 3.80330428s ago: executing program 2 (id=1117): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af83, 0x0) socket(0x400000000010, 0x3, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112}) r5 = socket$packet(0x11, 0x3, 0x300) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r7], 0x20}}, 0x0) unshare(0x20000400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) r9 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r9, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000040)) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000080)={{@hyper, 0x40000002}, @local, 0x1, 0x0, 0x5c, 0x4, 0x0, 0x200}) r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000240)={@hyper}) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) close(r11) socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r2, &(0x7f0000000340)={&(0x7f00000001c0)=@qipcrtr={0x2a, 0x1, 0x1}, 0x80, 0x0}, 0x200ce0c0) 3.295311559s ago: executing program 2 (id=1119): syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) semtimedop(0x0, 0x0, 0x0, 0x0) semop(0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x3, "abe763"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x104, 0x0) r2 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r3 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x18, 0x6000, @fd=r1, 0x3, 0x0, 0x0, 0x2, 0x1, {0x0, r6}}) io_uring_enter(r3, 0x47ba, 0x98f1, 0x2a, 0x0, 0x0) mq_timedsend(r2, 0x0, 0x0, 0x6, 0x0) 3.072018567s ago: executing program 3 (id=1121): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f00000001c0)=""/4103, 0x0, 0x0, 0x0, 0x0}) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0xfffffff8, @loopback, 0x401}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4}, 0x94) io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000001f00)=""/4093, 0xffd) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) 2.572641226s ago: executing program 1 (id=1122): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b700000000fcff204e000000000000000ca00000000000009504000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xe}, 0x23) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x0) getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000370400000000ffdbdf2500000000", @ANYRES32=r3, @ANYBLOB="83450500010000001c0012800b00010067656e65766500000c00028005000d0002"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty}}}], 0x20}}, {{&(0x7f00000000c0)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @dev={0xac, 0x14, 0x14, 0x2e}, @local}}}], 0x20}}], 0x2, 0x4000084) 2.341670209s ago: executing program 1 (id=1123): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000000)={0xffffffff, 0x3, 0xe90, 0x19}) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20040800) io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x5f41, 0x10, 0x0, 0x160}) pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff}, 0x80) r4 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x0) keyctl$revoke(0x3, r4) syz_open_procfs(0x0, &(0x7f00000000c0)='cmdline\x00') socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000180)={{}, 'syz0\x00'}) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0xee) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000900)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x0, 0x111, 0x4b4, 0x1d8, 0xd4feffff, 0x300, 0x20a, 0x278, 0x300, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @remote, [0x0, 0x0, 0x0, 0xff], [0x0, 0xff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x7a, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x7fffffff, 0x8, 0x80000001, 0x10f, 0x2, 0x4, 0x7}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa395e046d7c8e944613a407abbf4ed3e800000000000000082a850e79009e2905d2f98ba18f91f3c93686e9bee067f4e77d9ad6623805004100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9528c46178ed5f9192dae000e579c80eca35a58dc47d1d5e4ff6e216c724e88c70244858700", 0x28, 0x2}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x6, 0x8}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x2, 0x4}, {0x0, 0x1, 0x5}, {0xffffffffffffffff, 0x5, 0x5}, 0x3, 0xd}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) ioctl$UI_DEV_CREATE(r5, 0x5501) syz_open_dev$tty1(0xc, 0x4, 0x2) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$DRM_IOCTL_VERSION(r7, 0xc0406400, &(0x7f0000000480)={0x8, 0x4, 0x4, 0x1000, &(0x7f0000001280)=""/4096, 0x0, 0x0, 0x0, 0x0}) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f01f}) 1.706018881s ago: executing program 3 (id=1124): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, 0x0) 1.63175956s ago: executing program 3 (id=1125): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001e00)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, '\x00', 0xc}, 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000180)="9d7bb8233d3efd0c277310535f2c161fb583696bdbb5a02c2269ef3c3cd11028792d4f2e80030d5de75cfb267c2e4b68ec0ddbd5a82130d2886d677054525217a109315b808bd3fcf0162ab2d66b010b17f14f5d78f57e6778e2594de9be8167147b8442db108f64b8841d4ff090ce899e9a64010da0a017d0b4453c0930c24b23882fcfa7de55e9a153cf2ea7ce39d1750f3b1744f4673bd1b3abb7c2c42ae88366d8ef", 0xa4}, {&(0x7f0000000400)="0d571f7af9f7ffae118c786ae0fb1291c3ba3b724d5209e4c211e2fb825ca23fd253e98cfd95ffdeafbfeb6039f8ee34d38faa0a5aa4f6a238b1867760c0d1ad8bd315e109a4a48e90f9d3bdd71bd873e83b15ad4f74c27c4d7fdfd4c3bc736302f9bc007a540cd6cf7bfff30944e7e9bce4d241988e8f02c28dc40c58a01f420f5bcee785d20a836b911cd7fe6f8b2157414007421a1856a8a05164eca1d0907655f786e3067edf892bc3d5ad83dc447c89d88f4a4c8a633cc39cb2ddbf3f6c7733fbc188490fb9a129c9343280752fcefba107af4bb02264", 0xd9}, {&(0x7f0000000500)="5d179e642885b6471aea0d92c7c14695e0fa90c0c265e4eed581d0202ebbbc40d248b053c3705a12f1c10421b4c984ed154846540876bfa3af97262d0d79313f974921261e209931b8db5dc888008169d223bf339ba5a6c7563cc2ab301a4ba737b390139d3d2d1dc9a89c664f49599e7083f87bca163bf69298a477692cd2f297ff3acdb4c99fc281cefaba751e2693", 0x90}], 0x3}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000005c0)="c153d97274263f3f873099d172189fd329f8f5cbbc", 0x15}, {&(0x7f0000000600)="bc545688631e58f560b4a724d67bcebcaacb24da78ca3bb5c7a3227d04e4e613ec80e96bef992bef7663aa18bf2c088e925f6c8ee02238fe595a3833cf78f7b4368ed3162af6c783de96190e717e52397f4871ed95ec269c6d3d2434d1f2a1156ccd8cb1d98f96c44082dc371f0b19b9c7c618cca5caa8fcaf426c35304ec7c925d8aa0d8d940e944065b0cba8de324d37e938f7d366d63ae99ea9ec11", 0x9d}, {&(0x7f00000006c0)="b179a8d5ee75d56f25769421405562ec2b", 0x11}, {&(0x7f0000000700)="51e8e4df8ed385e9b52249589b5d06d3ea9034ed9147b503e296b2edaa90fd88ef3cec148bb3bccb581aa9efb4c152dac0fa1914d62f25e2f10cb418c0bbd90dcf684f020c638c8af9ec87ff1034bc6ce753214478b788ee9e7a78ea752f3c919e116dcdb8dc012704ab3e8b2f0dcd1e9779458fc19e739e7df8ed2afbd53dce3e3132ba7e792537ddcb85a8aed56ec85cc7a80b08ddc5c94fa676674057e515563238e29c343eb960d66af4090fbfc7e41bd02d1a4cc750f7a7a024f2b14a168969dae34fa4be9fd4d2e8d9f9333e4bc76752f10c69e495ff6480473f55a6a5ae94445a44", 0xe5}, {&(0x7f0000000800)="49383c4aeb9c12bead1a80c1487c656b32a7104ba1713b0eb9dc4a564045a550dd8027ab9c7fde3c4064d9a6e4af884f6ea337929ff0657d938d40cc14be552f34212efc0fd1af1e2121f4c772533bbc4dc2", 0x52}, {&(0x7f0000000880)="e85df881885056d782603f2d984367a9d459163aed32f89e72b2d6e4975c0af88cffd2a8dde6bae8ef21b4c09112782543e3063060933cc77252204e97bdc10bb6e43b3a17509505e4a41f199cca753079fa9bc39c46f30d57ec995d1c0a0cd947a6e1e0fc9bd103fea8826a1f4332bc96df4933af289996445914352f9214bf2eea37911fd197d13cc9cb35deba8ca5dc1d3aafb4585146f9bc7eccdc607b3865c21e6eff65ab4b449db40ef719b7", 0xaf}, {&(0x7f0000000940)="d19c761822f05e713bd19c72bb935c89a8aad4b7edfe6db0375dd3bd7d192e22159e50a18bd91d7dc45bf73aef72b44b8306e86089e950e5b89e366c5d6a49fdf212a2228031c48afe0d666f65e648c88384f75cde651c3f4ded9ed39e4658bd4c6d56f875cc6ca3a0959084", 0x6c}], 0x7}}], 0x2, 0x24048040) 1.550837415s ago: executing program 4 (id=1126): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x74, 0x2, 0x8, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x165bfc37}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8b9}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x10001}]}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x114d}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x83cb}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x48040}, 0xc000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8}, @TCA_FLOWER_KEY_MPLS_OPTS={0x8, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x4}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.497224269s ago: executing program 3 (id=1127): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000210001000000000000000000020000000000000000000000050019"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) 1.28416036s ago: executing program 4 (id=1128): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x10100000}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x58}}, 0x8000) (fail_nth: 8) 1.205392022s ago: executing program 3 (id=1129): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x4001, 0x3, 0x388, 0x120, 0x0, 0x148, 0x120, 0x148, 0x3e8, 0x240, 0x240, 0x3e8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @multicast1, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x16, 0x3, 0x10}, 0x0, 0xf0, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x100000, 0x1ff, 0x100000, 0x0, 0xed, 0x7, 0x0, 0x80}, {0x4}}}, @inet=@rpfilter={{0x28}, {0xa}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x4, 0x1, 0x6}, {0x1, 0x1, 0x7}, 0x6}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x2e, 0x2, 0x4}, 0x0, 0x168, 0x1d0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x6}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x4e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e8) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68af5f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005800800014008000008080002"], 0x1ec}}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e1f, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffd}, 0x1c) listen(0xffffffffffffffff, 0x5) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x710b, 0x101083) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000200), 0x1) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) ioctl$BLKRASET(r1, 0x1262, &(0x7f0000000040)=0xe) r2 = syz_io_uring_setup(0x132a, &(0x7f0000000000)={0x0, 0x5042, 0x40, 0x1, 0x3df}, &(0x7f0000000080), &(0x7f00000000c0)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0xa, 0x0, r3) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r4, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="16010700", @ANYRES16=r5, @ANYBLOB="100026bd7000ffdbdf25180000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b000200000006001600480e0000050012000100000006001100f9ff000008000b0005000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000000000006001600001000000500120000000000060011001cac000008000b00040000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b004000000006001600ee070000050012000000000006001100ff0f000008000b0002000000"], 0x100}, 0x1, 0x0, 0x0, 0x50}, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 781.355903ms ago: executing program 4 (id=1130): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0x3a0af83a) listen(r0, 0x1e) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$inet6_tcp(0xa, 0x1, 0x0) epoll_create1(0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x40000000002, 0xbc, 0x8000e, 0x2, 0x0, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x0, 0x4, 0x2, 0x0, 0x2, 0x7}, 0x0, 0x0) shutdown(r0, 0x500000) 672.010934ms ago: executing program 0 (id=1131): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x9, 0x5, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) read(r0, &(0x7f0000000840)=""/40, 0x28) write$sndseq(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10000, 0x0, 0x4, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r7 = fanotify_init(0x200, 0x101000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000200)={0x284, 0x1, {0x0, 0x2, 0x9, 0x2, 0x4}, 0x7ff}) readv(r7, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/136, 0x88}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x381, @time={0x5, 0x400}, 0x40, {0xc0, 0xff}, 0x46, 0x1, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a}) 500.446639ms ago: executing program 1 (id=1132): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x40202, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x40) socket(0xb, 0x3, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x0, 0x0) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r9, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x1f, 0x3}]}, 0x1, 0x1}, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x2, r8, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}}) io_uring_enter(r9, 0x3516, 0x0, 0x0, 0x0, 0x0) 195.525776ms ago: executing program 3 (id=1133): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f00000001c0)=""/4103, 0x0, 0x0, 0x0, 0x0}) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0xfffffff8, @loopback, 0x401}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4}, 0x94) io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000001f00)=""/4093, 0xffd) 0s ago: executing program 2 (id=1134): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f00000001c0)=""/4103, 0x0, 0x0, 0x0, 0x0}) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0xfffffff8, @loopback, 0x401}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4}, 0x94) io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000001f00)=""/4093, 0xffd) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) kernel console output (not intermixed with test programs): liver_tap+0x807/0x850 [ 315.346034][ T8686] ? netlink_deliver_tap+0x2e/0x1b0 [ 315.346060][ T8686] netlink_unicast+0x82c/0x9e0 [ 315.346080][ T8686] ? __pfx_netlink_unicast+0x10/0x10 [ 315.346095][ T8686] ? netlink_sendmsg+0x642/0xb30 [ 315.346110][ T8686] ? skb_put+0x11b/0x210 [ 315.346123][ T8686] netlink_sendmsg+0x805/0xb30 [ 315.346144][ T8686] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.346163][ T8686] ? aa_sock_msg_perm+0x94/0x160 [ 315.346180][ T8686] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 315.346192][ T8686] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.346209][ T8686] __sock_sendmsg+0x21c/0x270 [ 315.346226][ T8686] ____sys_sendmsg+0x505/0x830 [ 315.346241][ T8686] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.346258][ T8686] ? import_iovec+0x74/0xa0 [ 315.346275][ T8686] ___sys_sendmsg+0x21f/0x2a0 [ 315.346288][ T8686] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.346320][ T8686] ? __fget_files+0x2a/0x420 [ 315.346330][ T8686] ? __fget_files+0x3a0/0x420 [ 315.346347][ T8686] __x64_sys_sendmsg+0x19b/0x260 [ 315.346360][ T8686] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 315.346377][ T8686] ? __pfx_ksys_write+0x10/0x10 [ 315.346391][ T8686] ? rcu_is_watching+0x15/0xb0 [ 315.346411][ T8686] ? do_syscall_64+0xbe/0x3b0 [ 315.346429][ T8686] do_syscall_64+0xfa/0x3b0 [ 315.346444][ T8686] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.346460][ T8686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.346471][ T8686] ? clear_bhb_loop+0x60/0xb0 [ 315.346485][ T8686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.346496][ T8686] RIP: 0033:0x7f2a9ef8e9a9 [ 315.346508][ T8686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.346517][ T8686] RSP: 002b:00007f2a9feaf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.346532][ T8686] RAX: ffffffffffffffda RBX: 00007f2a9f1b5fa0 RCX: 00007f2a9ef8e9a9 [ 315.346541][ T8686] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 315.346548][ T8686] RBP: 00007f2a9feaf090 R08: 0000000000000000 R09: 0000000000000000 [ 315.346555][ T8686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.346562][ T8686] R13: 0000000000000000 R14: 00007f2a9f1b5fa0 R15: 00007f2a9f2dfa28 [ 315.346579][ T8686] [ 315.859538][ T8691] FAULT_INJECTION: forcing a failure. [ 315.859538][ T8691] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 315.922808][ T8691] CPU: 1 UID: 0 PID: 8691 Comm: syz.0.766 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 315.922835][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 315.922845][ T8691] Call Trace: [ 315.922854][ T8691] [ 315.922862][ T8691] dump_stack_lvl+0x189/0x250 [ 315.922887][ T8691] ? __pfx____ratelimit+0x10/0x10 [ 315.922909][ T8691] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.922925][ T8691] ? __pfx__printk+0x10/0x10 [ 315.922946][ T8691] ? fs_reclaim_acquire+0x7d/0x100 [ 315.922972][ T8691] should_fail_ex+0x414/0x560 [ 315.923001][ T8691] prepare_alloc_pages+0x213/0x610 [ 315.923026][ T8691] __alloc_frozen_pages_noprof+0x123/0x370 [ 315.923049][ T8691] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 315.923077][ T8691] ? policy_nodemask+0x27c/0x720 [ 315.923098][ T8691] ? __lock_acquire+0xab9/0xd20 [ 315.923132][ T8691] alloc_pages_mpol+0x232/0x4a0 [ 315.923161][ T8691] vma_alloc_folio_noprof+0xe4/0x200 [ 315.923187][ T8691] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 315.923233][ T8691] folio_prealloc+0x30/0x180 [ 315.923258][ T8691] __handle_mm_fault+0x2c88/0x5620 [ 315.923300][ T8691] ? __pfx___handle_mm_fault+0x10/0x10 [ 315.923343][ T8691] ? find_vma+0xe7/0x160 [ 315.923363][ T8691] ? __pfx_find_vma+0x10/0x10 [ 315.923387][ T8691] handle_mm_fault+0x40a/0x8e0 [ 315.923419][ T8691] do_user_addr_fault+0x764/0x1390 [ 315.923464][ T8691] exc_page_fault+0x76/0xf0 [ 315.923484][ T8691] ? __might_fault+0xb0/0x130 [ 315.923508][ T8691] asm_exc_page_fault+0x26/0x30 [ 315.923523][ T8691] RIP: 0010:rep_stos_alternative+0x40/0x80 [ 315.923541][ T8691] Code: c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 [ 315.923555][ T8691] RSP: 0018:ffffc900124a7c50 EFLAGS: 00050246 [ 315.923571][ T8691] RAX: 0000000000000000 RBX: 0000000000006000 RCX: 0000000000000040 [ 315.923582][ T8691] RDX: 0000000000000000 RSI: ffffffff8db664d4 RDI: 0000200000007000 [ 315.923593][ T8691] RBP: 0000200000006040 R08: 0000000000000000 R09: ffffffff820b53d0 [ 315.923603][ T8691] R10: dffffc0000000000 R11: ffffed100d175001 R12: dffffc0000000000 [ 315.923614][ T8691] R13: 0000000000001000 R14: 000000007fff9000 R15: 00007ffffffff000 [ 315.923632][ T8691] ? __might_fault+0xb0/0x130 [ 315.923662][ T8691] read_zero+0x9f/0x1e0 [ 315.923681][ T8691] ? __pfx_read_zero+0x10/0x10 [ 315.923701][ T8691] vfs_read+0x1fd/0x980 [ 315.923733][ T8691] ? __pfx_vfs_read+0x10/0x10 [ 315.923759][ T8691] ? __fget_files+0x2a/0x420 [ 315.923778][ T8691] ? __fget_files+0x2a/0x420 [ 315.923791][ T8691] ? __fget_files+0x3a0/0x420 [ 315.923805][ T8691] ? __fget_files+0x2a/0x420 [ 315.923831][ T8691] ksys_read+0x145/0x250 [ 315.923856][ T8691] ? __pfx_ksys_read+0x10/0x10 [ 315.923876][ T8691] ? rcu_is_watching+0x15/0xb0 [ 315.923908][ T8691] ? do_syscall_64+0xbe/0x3b0 [ 315.923959][ T8691] do_syscall_64+0xfa/0x3b0 [ 315.923981][ T8691] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.924004][ T8691] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.924019][ T8691] ? clear_bhb_loop+0x60/0xb0 [ 315.924042][ T8691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.924059][ T8691] RIP: 0033:0x7f3aab38e9a9 [ 315.924072][ T8691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.924088][ T8691] RSP: 002b:00007f3aac1c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 315.924107][ T8691] RAX: ffffffffffffffda RBX: 00007f3aab5b5fa0 RCX: 00007f3aab38e9a9 [ 315.924117][ T8691] RDX: 00000000ffffff96 RSI: 0000200000000040 RDI: 0000000000000003 [ 315.924126][ T8691] RBP: 00007f3aac1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 315.924135][ T8691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.924143][ T8691] R13: 0000000000000000 R14: 00007f3aab5b5fa0 R15: 00007f3aab6dfa28 [ 315.924166][ T8691] [ 316.464462][ T8699] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 316.476021][ T8699] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 316.929543][ T8713] kvm: pic: level sensitive irq not supported [ 316.929787][ T8713] kvm: pic: non byte read [ 316.942674][ T8713] kvm: pic: non byte read [ 316.957286][ T8713] kvm: pic: non byte read [ 316.977638][ T8713] kvm: pic: non byte read [ 316.996716][ T8713] kvm: pic: non byte read [ 317.050823][ T8713] kvm: pic: non byte read [ 317.056041][ T8713] kvm: pic: non byte read [ 317.069524][ T8713] kvm: pic: non byte read [ 317.093596][ T8713] kvm: pic: non byte read [ 317.122237][ T8713] kvm: pic: non byte read [ 317.163235][ T8722] vlan2: entered promiscuous mode [ 317.450205][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.456840][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.607520][ T5832] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 317.762545][ T8736] netlink: 72 bytes leftover after parsing attributes in process `syz.4.783'. [ 317.783992][ T8736] FAULT_INJECTION: forcing a failure. [ 317.783992][ T8736] name failslab, interval 1, probability 0, space 0, times 0 [ 317.815019][ T8736] CPU: 1 UID: 0 PID: 8736 Comm: syz.4.783 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 317.815049][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 317.815061][ T8736] Call Trace: [ 317.815068][ T8736] [ 317.815077][ T8736] dump_stack_lvl+0x189/0x250 [ 317.815103][ T8736] ? __pfx____ratelimit+0x10/0x10 [ 317.815131][ T8736] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.815150][ T8736] ? __pfx__printk+0x10/0x10 [ 317.815181][ T8736] ? __pfx___might_resched+0x10/0x10 [ 317.815207][ T8736] ? fs_reclaim_acquire+0x7d/0x100 [ 317.815234][ T8736] should_fail_ex+0x414/0x560 [ 317.815269][ T8736] should_failslab+0xa8/0x100 [ 317.815290][ T8736] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 317.815319][ T8736] ? __alloc_skb+0x112/0x2d0 [ 317.815352][ T8736] __alloc_skb+0x112/0x2d0 [ 317.815385][ T8736] netlink_ack+0x146/0xa50 [ 317.815411][ T8736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 317.815431][ T8736] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 317.815452][ T8736] ? __pfx_nl80211_post_doit+0x10/0x10 [ 317.815475][ T8736] ? __asan_memcpy+0x40/0x70 [ 317.815498][ T8736] ? __pfx_ref_tracker_free+0x10/0x10 [ 317.815527][ T8736] netlink_rcv_skb+0x28c/0x470 [ 317.815552][ T8736] ? __lock_acquire+0xab9/0xd20 [ 317.815578][ T8736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 317.815602][ T8736] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 317.815652][ T8736] ? down_read+0x1ad/0x2e0 [ 317.815675][ T8736] genl_rcv+0x28/0x40 [ 317.815694][ T8736] netlink_unicast+0x82c/0x9e0 [ 317.815730][ T8736] ? __pfx_netlink_unicast+0x10/0x10 [ 317.815757][ T8736] ? netlink_sendmsg+0x642/0xb30 [ 317.815783][ T8736] ? skb_put+0x11b/0x210 [ 317.815805][ T8736] netlink_sendmsg+0x805/0xb30 [ 317.815845][ T8736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.815877][ T8736] ? aa_sock_msg_perm+0x94/0x160 [ 317.815904][ T8736] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 317.815925][ T8736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.815962][ T8736] __sock_sendmsg+0x21c/0x270 [ 317.815990][ T8736] ____sys_sendmsg+0x505/0x830 [ 317.816018][ T8736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.816047][ T8736] ? import_iovec+0x74/0xa0 [ 317.816074][ T8736] ___sys_sendmsg+0x21f/0x2a0 [ 317.816097][ T8736] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.816157][ T8736] ? __fget_files+0x2a/0x420 [ 317.816174][ T8736] ? __fget_files+0x3a0/0x420 [ 317.816202][ T8736] __x64_sys_sendmsg+0x19b/0x260 [ 317.816222][ T8736] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 317.816252][ T8736] ? __pfx_ksys_write+0x10/0x10 [ 317.816275][ T8736] ? rcu_is_watching+0x15/0xb0 [ 317.816309][ T8736] ? do_syscall_64+0xbe/0x3b0 [ 317.816341][ T8736] do_syscall_64+0xfa/0x3b0 [ 317.816366][ T8736] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.816391][ T8736] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.816410][ T8736] ? clear_bhb_loop+0x60/0xb0 [ 317.816433][ T8736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.816451][ T8736] RIP: 0033:0x7f7f96d8e9a9 [ 317.816469][ T8736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.816486][ T8736] RSP: 002b:00007f7f97c6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.816509][ T8736] RAX: ffffffffffffffda RBX: 00007f7f96fb5fa0 RCX: 00007f7f96d8e9a9 [ 317.816522][ T8736] RDX: 0000000020000014 RSI: 00002000000001c0 RDI: 0000000000000003 [ 317.816535][ T8736] RBP: 00007f7f97c6b090 R08: 0000000000000000 R09: 0000000000000000 [ 317.816547][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.816557][ T8736] R13: 0000000000000000 R14: 00007f7f96fb5fa0 R15: 00007f7f970dfa28 [ 317.816589][ T8736] [ 318.232752][ T5832] usb 4-1: no configurations [ 318.238306][ T5832] usb 4-1: can't read configurations, error -22 [ 318.377148][ T5832] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 318.538179][ T5832] usb 4-1: no configurations [ 318.542936][ T5832] usb 4-1: can't read configurations, error -22 [ 318.550221][ T5832] usb usb4-port1: attempt power cycle [ 318.827154][ T10] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 318.887277][ T5832] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 318.969398][ T971] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.999153][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 319.047291][ T10] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 319.047340][ T5832] usb 4-1: no configurations [ 319.124785][ T5832] usb 4-1: can't read configurations, error -22 [ 319.377117][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.540781][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 319.584569][ T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 319.618729][ T5832] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 319.627736][ T8758] netlink: 'syz.0.791': attribute type 3 has an invalid length. [ 319.635500][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.791'. [ 319.668079][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.680867][ T5832] usb 4-1: no configurations [ 319.686164][ T5832] usb 4-1: can't read configurations, error -22 [ 319.701438][ T10] usb 3-1: Product: syz [ 319.713091][ T10] usb 3-1: Manufacturer: syz [ 319.719402][ T5832] usb usb4-port1: unable to enumerate USB device [ 319.832888][ T10] usb 3-1: SerialNumber: syz [ 320.260752][ T10] usb 3-1: 0:2 : does not exist [ 321.041280][ T8772] tipc: Enabled bearer , priority 0 [ 321.073665][ T8772] syzkaller0: entered promiscuous mode [ 321.094727][ T8772] syzkaller0: entered allmulticast mode [ 321.609858][ T8781] syz.1.798 (8781): attempted to duplicate a private mapping with mremap. This is not supported. [ 321.721893][ T10] usb 3-1: 1:0: cannot get min/max values for control 6 (id 1) [ 321.877390][ T10] usb 3-1: USB disconnect, device number 41 [ 322.022451][ T8771] tipc: Resetting bearer [ 322.116999][ T8771] tipc: Disabling bearer [ 322.200434][ T8795] Invalid logical block size (34) [ 322.571141][ T8801] netlink: 24 bytes leftover after parsing attributes in process `syz.0.806'. [ 322.740505][ T5839] usb 3-1: new full-speed USB device number 42 using dummy_hcd [ 322.908672][ T5839] usb 3-1: no configurations [ 322.953139][ T5839] usb 3-1: can't read configurations, error -22 [ 323.259010][ T5839] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 323.442082][ T5839] usb 3-1: no configurations [ 323.446805][ T5839] usb 3-1: can't read configurations, error -22 [ 323.472764][ T5839] usb usb3-port1: attempt power cycle [ 324.207258][ T5839] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 324.274261][ T5839] usb 3-1: no configurations [ 324.293618][ T5839] usb 3-1: can't read configurations, error -22 [ 324.518622][ T5839] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 324.697253][ T5839] usb 3-1: no configurations [ 324.711364][ T5839] usb 3-1: can't read configurations, error -22 [ 324.797538][ T5839] usb usb3-port1: unable to enumerate USB device [ 324.985860][ T8829] vlan2: entered promiscuous mode [ 326.471029][ T8854] FAULT_INJECTION: forcing a failure. [ 326.471029][ T8854] name failslab, interval 1, probability 0, space 0, times 0 [ 326.484593][ T8856] netlink: 272 bytes leftover after parsing attributes in process `syz.3.818'. [ 326.500554][ T8854] CPU: 0 UID: 0 PID: 8854 Comm: syz.2.817 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 326.500585][ T8854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 326.500596][ T8854] Call Trace: [ 326.500604][ T8854] [ 326.500612][ T8854] dump_stack_lvl+0x189/0x250 [ 326.500639][ T8854] ? __pfx____ratelimit+0x10/0x10 [ 326.500666][ T8854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.500686][ T8854] ? __pfx__printk+0x10/0x10 [ 326.500716][ T8854] ? __pfx___might_resched+0x10/0x10 [ 326.500744][ T8854] ? fs_reclaim_acquire+0x7d/0x100 [ 326.500781][ T8854] should_fail_ex+0x414/0x560 [ 326.500816][ T8854] should_failslab+0xa8/0x100 [ 326.500836][ T8854] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 326.500864][ T8854] ? __alloc_skb+0x112/0x2d0 [ 326.500904][ T8854] __alloc_skb+0x112/0x2d0 [ 326.500937][ T8854] netlink_ack+0x146/0xa50 [ 326.500962][ T8854] ? __pfx_genl_rcv_msg+0x10/0x10 [ 326.500982][ T8854] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 326.501003][ T8854] ? __pfx_nl80211_post_doit+0x10/0x10 [ 326.501025][ T8854] ? __asan_memcpy+0x40/0x70 [ 326.501048][ T8854] ? __pfx_ref_tracker_free+0x10/0x10 [ 326.501077][ T8854] netlink_rcv_skb+0x28c/0x470 [ 326.501102][ T8854] ? __lock_acquire+0xab9/0xd20 [ 326.501128][ T8854] ? __pfx_genl_rcv_msg+0x10/0x10 [ 326.501150][ T8854] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 326.501200][ T8854] ? down_read+0x1ad/0x2e0 [ 326.501223][ T8854] genl_rcv+0x28/0x40 [ 326.501242][ T8854] netlink_unicast+0x82c/0x9e0 [ 326.501287][ T8854] ? __pfx_netlink_unicast+0x10/0x10 [ 326.501314][ T8854] ? netlink_sendmsg+0x642/0xb30 [ 326.501338][ T8854] ? skb_put+0x11b/0x210 [ 326.501362][ T8854] netlink_sendmsg+0x805/0xb30 [ 326.501401][ T8854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.501432][ T8854] ? aa_sock_msg_perm+0x94/0x160 [ 326.501459][ T8854] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 326.501480][ T8854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.501509][ T8854] __sock_sendmsg+0x21c/0x270 [ 326.501537][ T8854] ____sys_sendmsg+0x505/0x830 [ 326.501565][ T8854] ? __pfx_____sys_sendmsg+0x10/0x10 [ 326.501602][ T8854] ? import_iovec+0x74/0xa0 [ 326.501633][ T8854] ___sys_sendmsg+0x21f/0x2a0 [ 326.501656][ T8854] ? __pfx____sys_sendmsg+0x10/0x10 [ 326.501720][ T8854] ? __fget_files+0x2a/0x420 [ 326.501737][ T8854] ? __fget_files+0x3a0/0x420 [ 326.501768][ T8854] __x64_sys_sendmsg+0x19b/0x260 [ 326.501792][ T8854] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 326.501824][ T8854] ? __pfx_ksys_write+0x10/0x10 [ 326.501847][ T8854] ? rcu_is_watching+0x15/0xb0 [ 326.501882][ T8854] ? do_syscall_64+0xbe/0x3b0 [ 326.501922][ T8854] do_syscall_64+0xfa/0x3b0 [ 326.501948][ T8854] ? lockdep_hardirqs_on+0x9c/0x150 [ 326.501973][ T8854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.501993][ T8854] ? clear_bhb_loop+0x60/0xb0 [ 326.502017][ T8854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.502035][ T8854] RIP: 0033:0x7f44ef78e9a9 [ 326.502052][ T8854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.502068][ T8854] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.502089][ T8854] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 326.502103][ T8854] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 326.502116][ T8854] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 326.502126][ T8854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.502137][ T8854] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 326.502167][ T8854] [ 327.805795][ T5832] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 328.023345][ T5832] usb 2-1: config 0 has no interfaces? [ 328.085781][ T5832] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 328.101802][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.133587][ T5832] usb 2-1: Product: syz [ 328.191200][ T5832] usb 2-1: Manufacturer: syz [ 328.217817][ T5832] usb 2-1: SerialNumber: syz [ 328.306815][ T5832] usb 2-1: config 0 descriptor?? [ 328.649721][ T5948] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 328.846188][ T5948] usb 4-1: Using ep0 maxpacket: 32 [ 329.243153][ T5948] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 329.325147][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.375803][ T5948] usb 4-1: config 0 descriptor?? [ 329.502627][ T5948] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 330.101211][ T5948] gspca_vc032x: reg_w err -71 [ 330.168778][ T8890] netlink: 56 bytes leftover after parsing attributes in process `syz.4.826'. [ 330.182839][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.242009][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.261095][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz.4.826'. [ 330.322270][ T8891] netlink: 8 bytes leftover after parsing attributes in process `syz.0.825'. [ 330.370392][ T8891] vlan2: entered allmulticast mode [ 330.409142][ T5839] usb 2-1: USB disconnect, device number 25 [ 330.413786][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.437403][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.469849][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.475467][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.484166][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.496144][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.516325][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.550708][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.579027][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.600174][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.605554][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.614179][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.624416][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.633817][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.645810][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.669423][ T5948] gspca_vc032x: I2c Bus Busy Wait 00 [ 330.675924][ T5948] gspca_vc032x: Unknown sensor... [ 330.697610][ T5948] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 330.727493][ T5948] usb 4-1: USB disconnect, device number 38 [ 331.174535][ T8896] tipc: Started in network mode [ 331.180047][ T8896] tipc: Node identity 8a7dcf81763f, cluster identity 4711 [ 331.204262][ T5856] cgroup: fork rejected by pids controller in /syz3 [ 331.209085][ T8896] tipc: Enabled bearer , priority 0 [ 331.462451][ T8897] syzkaller0: entered promiscuous mode [ 331.507146][ T5839] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 331.517804][ T8897] syzkaller0: entered allmulticast mode [ 331.643004][ T8906] input: syz1 as /devices/virtual/input/input15 [ 331.686778][ T8897] tipc: Resetting bearer [ 331.742402][ T8908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.830'. [ 331.819469][ T8906] program syz.4.830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 331.985650][ T8893] tipc: Resetting bearer [ 332.057962][ T5839] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 332.089897][ T5839] usb 2-1: can't read configurations, error -61 [ 332.120588][ T8893] tipc: Disabling bearer [ 332.257141][ T5839] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 332.303089][ T5963] tipc: Node number set to 4232236929 [ 332.513153][ T8917] program syz.4.831 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 332.581690][ T5839] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 332.656682][ T5839] usb 2-1: can't read configurations, error -61 [ 332.763680][ T5839] usb usb2-port1: attempt power cycle [ 333.137268][ T5839] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 333.229886][ T5839] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 333.253633][ T5839] usb 2-1: can't read configurations, error -61 [ 333.397310][ T5839] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 333.742793][ T8920] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 334.257985][ T8924] FAULT_INJECTION: forcing a failure. [ 334.257985][ T8924] name failslab, interval 1, probability 0, space 0, times 0 [ 334.268709][ T8926] netlink: 'syz.0.835': attribute type 4 has an invalid length. [ 334.296044][ T8926] netlink: 24 bytes leftover after parsing attributes in process `syz.0.835'. [ 334.333930][ T8924] CPU: 0 UID: 0 PID: 8924 Comm: syz.2.834 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 334.333961][ T8924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 334.333972][ T8924] Call Trace: [ 334.333980][ T8924] [ 334.333989][ T8924] dump_stack_lvl+0x189/0x250 [ 334.334015][ T8924] ? __pfx____ratelimit+0x10/0x10 [ 334.334042][ T8924] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.334060][ T8924] ? __pfx__printk+0x10/0x10 [ 334.334084][ T8924] ? __pfx___might_resched+0x10/0x10 [ 334.334109][ T8924] ? fs_reclaim_acquire+0x7d/0x100 [ 334.334137][ T8924] should_fail_ex+0x414/0x560 [ 334.334183][ T8924] should_failslab+0xa8/0x100 [ 334.334203][ T8924] kmem_cache_alloc_noprof+0x73/0x3c0 [ 334.334229][ T8924] ? wg_peer_create+0xe8/0x8a0 [ 334.334258][ T8924] wg_peer_create+0xe8/0x8a0 [ 334.334294][ T8924] wg_set_device+0x10f3/0x1fe0 [ 334.334338][ T8924] ? __pfx_wg_set_device+0x10/0x10 [ 334.334402][ T8924] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 334.334434][ T8924] genl_family_rcv_msg_doit+0x215/0x300 [ 334.334464][ T8924] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 334.334501][ T8924] ? bpf_lsm_capable+0x9/0x20 [ 334.334524][ T8924] ? security_capable+0x7e/0x2e0 [ 334.334555][ T8924] genl_rcv_msg+0x60e/0x790 [ 334.334583][ T8924] ? __pfx_genl_rcv_msg+0x10/0x10 [ 334.334603][ T8924] ? __pfx_wg_set_device+0x10/0x10 [ 334.334630][ T8924] ? __asan_memcpy+0x40/0x70 [ 334.334653][ T8924] ? __pfx_ref_tracker_free+0x10/0x10 [ 334.334681][ T8924] netlink_rcv_skb+0x205/0x470 [ 334.334703][ T8924] ? __lock_acquire+0xab9/0xd20 [ 334.334726][ T8924] ? __pfx_genl_rcv_msg+0x10/0x10 [ 334.334748][ T8924] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 334.334795][ T8924] ? down_read+0x1ad/0x2e0 [ 334.334815][ T8924] genl_rcv+0x28/0x40 [ 334.334833][ T8924] netlink_unicast+0x82c/0x9e0 [ 334.334868][ T8924] ? __pfx_netlink_unicast+0x10/0x10 [ 334.334893][ T8924] ? netlink_sendmsg+0x642/0xb30 [ 334.334915][ T8924] ? skb_put+0x11b/0x210 [ 334.334937][ T8924] netlink_sendmsg+0x805/0xb30 [ 334.334979][ T8924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.335009][ T8924] ? aa_sock_msg_perm+0x94/0x160 [ 334.335035][ T8924] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 334.335057][ T8924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.335086][ T8924] __sock_sendmsg+0x21c/0x270 [ 334.335115][ T8924] ____sys_sendmsg+0x505/0x830 [ 334.335151][ T8924] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.335182][ T8924] ? import_iovec+0x74/0xa0 [ 334.335214][ T8924] ___sys_sendmsg+0x21f/0x2a0 [ 334.335239][ T8924] ? __pfx____sys_sendmsg+0x10/0x10 [ 334.335304][ T8924] ? __fget_files+0x2a/0x420 [ 334.335322][ T8924] ? __fget_files+0x3a0/0x420 [ 334.335355][ T8924] __x64_sys_sendmsg+0x19b/0x260 [ 334.335379][ T8924] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 334.335411][ T8924] ? __pfx_ksys_write+0x10/0x10 [ 334.335434][ T8924] ? rcu_is_watching+0x15/0xb0 [ 334.335471][ T8924] ? do_syscall_64+0xbe/0x3b0 [ 334.335504][ T8924] do_syscall_64+0xfa/0x3b0 [ 334.335532][ T8924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.335550][ T8924] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 334.335567][ T8924] ? clear_bhb_loop+0x60/0xb0 [ 334.335591][ T8924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.335609][ T8924] RIP: 0033:0x7f44ef78e9a9 [ 334.335627][ T8924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.335642][ T8924] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 334.335663][ T8924] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 334.335676][ T8924] RDX: 0000000004008804 RSI: 0000200000000d00 RDI: 0000000000000003 [ 334.335688][ T8924] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 334.335700][ T8924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.335711][ T8924] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 334.335745][ T8924] [ 334.828698][ T5839] usb 2-1: device descriptor read/8, error -71 [ 334.977456][ T5839] usb usb2-port1: unable to enumerate USB device [ 335.633584][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 335.644550][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 335.653432][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 335.667634][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 335.712985][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 335.767457][ T10] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 336.107179][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 336.118799][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11 [ 336.130383][ T10] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 336.177000][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40 [ 336.207253][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.228273][ T10] usb 2-1: Product: syz [ 336.232600][ T10] usb 2-1: Manufacturer: syz [ 336.272653][ T10] usb 2-1: SerialNumber: syz [ 337.090645][ T5928] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 337.221747][ T8953] netlink: 56 bytes leftover after parsing attributes in process `syz.2.842'. [ 337.258752][ T8953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.842'. [ 337.281674][ T8942] chnl_net:caif_netlink_parms(): no params data found [ 337.293330][ T5928] usb 5-1: config 0 has no interfaces? [ 337.305740][ T5928] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 337.316408][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.385816][ T5928] usb 5-1: Product: syz [ 337.404471][ T5928] usb 5-1: Manufacturer: syz [ 337.514766][ T5928] usb 5-1: SerialNumber: syz [ 337.552706][ T5928] usb 5-1: config 0 descriptor?? [ 337.767681][ T5844] Bluetooth: hci4: command tx timeout [ 337.796058][ T8948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.811994][ T8948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.390198][ T10] usbhid 2-1:1.0: can't add hid device: -71 [ 338.396441][ T10] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 338.412016][ T10] usb 2-1: USB disconnect, device number 30 [ 338.727397][ T8942] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.738518][ T8942] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.809410][ T8942] bridge_slave_0: entered allmulticast mode [ 338.937419][ T8942] bridge_slave_0: entered promiscuous mode [ 338.967986][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.997336][ T8942] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.047333][ T8942] bridge_slave_1: entered allmulticast mode [ 339.085010][ T8942] bridge_slave_1: entered promiscuous mode [ 339.344667][ T8942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.396609][ T8942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.451569][ T8942] team0: Port device team_slave_0 added [ 339.532776][ T8942] team0: Port device team_slave_1 added [ 339.570205][ T8973] ptrace attach of "./syz-executor exec"[6751] was attempted by "./syz-executor exec"[8973] [ 339.584152][ T8974] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.846'. [ 339.837671][ T5844] Bluetooth: hci4: command tx timeout [ 339.889428][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.919654][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.946007][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.012551][ T8942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 340.041013][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 340.048309][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.074576][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.184365][ T8942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 340.230662][ T5928] usb 5-1: USB disconnect, device number 31 [ 340.507906][ T8942] hsr_slave_0: entered promiscuous mode [ 340.523316][ T8942] hsr_slave_1: entered promiscuous mode [ 340.558301][ T8942] debugfs: 'hsr0' already exists in 'hsr' [ 340.577198][ T8942] Cannot create hsr debugfs directory [ 340.743767][ T8991] FAULT_INJECTION: forcing a failure. [ 340.743767][ T8991] name failslab, interval 1, probability 0, space 0, times 0 [ 340.761971][ T8991] CPU: 0 UID: 0 PID: 8991 Comm: syz.0.850 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 340.762001][ T8991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 340.762012][ T8991] Call Trace: [ 340.762020][ T8991] [ 340.762029][ T8991] dump_stack_lvl+0x189/0x250 [ 340.762055][ T8991] ? __pfx____ratelimit+0x10/0x10 [ 340.762083][ T8991] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.762111][ T8991] ? __pfx__printk+0x10/0x10 [ 340.762138][ T8991] ? __pfx___might_resched+0x10/0x10 [ 340.762166][ T8991] ? fs_reclaim_acquire+0x7d/0x100 [ 340.762192][ T8991] should_fail_ex+0x414/0x560 [ 340.762228][ T8991] should_failslab+0xa8/0x100 [ 340.762249][ T8991] __kmalloc_noprof+0xcb/0x4f0 [ 340.762275][ T8991] ? tomoyo_encode+0x28b/0x550 [ 340.762308][ T8991] tomoyo_encode+0x28b/0x550 [ 340.762342][ T8991] tomoyo_realpath_from_path+0x58d/0x5d0 [ 340.762373][ T8991] ? tomoyo_domain+0xd9/0x130 [ 340.762407][ T8991] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 340.762431][ T8991] tomoyo_path_number_perm+0x1e8/0x5a0 [ 340.762457][ T8991] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 340.762500][ T8991] ? __lock_acquire+0xab9/0xd20 [ 340.762549][ T8991] ? __fget_files+0x2a/0x420 [ 340.762571][ T8991] ? __fget_files+0x2a/0x420 [ 340.762586][ T8991] ? __fget_files+0x3a0/0x420 [ 340.762602][ T8991] ? __fget_files+0x2a/0x420 [ 340.762623][ T8991] security_file_ioctl+0xcb/0x2d0 [ 340.762647][ T8991] __se_sys_ioctl+0x47/0x170 [ 340.762674][ T8991] do_syscall_64+0xfa/0x3b0 [ 340.762698][ T8991] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.762721][ T8991] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.762740][ T8991] ? clear_bhb_loop+0x60/0xb0 [ 340.762763][ T8991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.762781][ T8991] RIP: 0033:0x7f3aab38e9a9 [ 340.762798][ T8991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.762815][ T8991] RSP: 002b:00007f3aac1c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.762836][ T8991] RAX: ffffffffffffffda RBX: 00007f3aab5b5fa0 RCX: 00007f3aab38e9a9 [ 340.762849][ T8991] RDX: 0000000000000000 RSI: 0000000000005411 RDI: 0000000000000003 [ 340.762860][ T8991] RBP: 00007f3aac1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 340.762871][ T8991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.762881][ T8991] R13: 0000000000000000 R14: 00007f3aab5b5fa0 R15: 00007f3aab6dfa28 [ 340.762912][ T8991] [ 340.762934][ T8991] ERROR: Out of memory at tomoyo_realpath_from_path. [ 340.853142][ T8994] netlink: 24 bytes leftover after parsing attributes in process `syz.2.851'. [ 340.920812][ T8985] program syz.4.848 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.503800][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.854'. [ 341.585338][ T9003] netlink: 4 bytes leftover after parsing attributes in process `syz.4.854'. [ 341.853565][ T9007] netlink: 20 bytes leftover after parsing attributes in process `syz.2.856'. [ 341.917606][ T5844] Bluetooth: hci4: command tx timeout [ 341.939828][ T8942] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.044708][ T8942] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.230889][ T8942] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.256531][ T8942] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.447280][ T5832] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 342.611971][ T5832] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 342.622672][ T5832] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 342.630120][ T8942] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.636687][ T5832] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 342.663846][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.688720][ T8942] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.727472][ T5928] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 342.879225][ T5832] usb 2-1: GET_CAPABILITIES returned 0 [ 342.889108][ T5928] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 342.913666][ T5832] usbtmc 2-1:16.0: can't read capabilities [ 342.934734][ T5928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 342.970646][ T5928] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 343.042989][ T5928] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 343.068276][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.092896][ T5923] usb 2-1: USB disconnect, device number 31 [ 343.140461][ T5928] usb 5-1: config 0 descriptor?? [ 343.248101][ T8942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 343.273197][ T8942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 343.298260][ T8942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 343.337005][ T8942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 343.592341][ T9017] IPVS: set_ctl: invalid protocol: 59 255.255.255.255:20000 [ 343.611203][ T5928] holtek_kbd 0003:04D9:A055.0008: unbalanced delimiter at end of report description [ 343.648038][ T5928] holtek_kbd 0003:04D9:A055.0008: probe with driver holtek_kbd failed with error -22 [ 343.821406][ T5928] usb 5-1: USB disconnect, device number 32 [ 343.874413][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.997823][ T5844] Bluetooth: hci4: command tx timeout [ 344.019147][ T8942] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.181653][ T6545] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.188900][ T6545] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.224118][ T6545] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.231645][ T6545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.004663][ T8942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 345.125661][ T9045] input: syz0 as /devices/virtual/input/input16 [ 345.293750][ T9046] fuse: Bad value for 'fd' [ 345.470139][ T9047] ip6erspan0: entered promiscuous mode [ 345.579447][ T8942] veth0_vlan: entered promiscuous mode [ 345.635597][ T9050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.868'. [ 345.660022][ T9050] vlan2: entered promiscuous mode [ 345.843746][ T8942] veth1_vlan: entered promiscuous mode [ 345.988831][ T8942] veth0_macvtap: entered promiscuous mode [ 346.032865][ T8942] veth1_macvtap: entered promiscuous mode [ 346.348377][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 346.410484][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.569605][ T6271] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.611833][ T6271] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.834965][ T971] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.857555][ T971] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.176863][ T6271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.207672][ T6271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.332033][ T6271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.340528][ T6271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.331158][ T9108] warning: `syz.1.883' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 350.381596][ T9108] ip6tnl1: entered promiscuous mode [ 350.754847][ T9127] tun0: tun_chr_ioctl cmd 2147767517 [ 350.997331][ T5923] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 351.310109][ T5923] usb 2-1: device descriptor read/64, error -71 [ 351.597861][ T5923] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 351.645103][ T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 351.847400][ T5923] usb 2-1: device descriptor read/64, error -71 [ 351.896292][ T9] usb 3-1: config index 0 descriptor too short (expected 65297, got 77) [ 351.905206][ T9] usb 3-1: config 0 has too many interfaces: 252, using maximum allowed: 32 [ 351.915365][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 351.958973][ T5923] usb usb2-port1: attempt power cycle [ 352.080343][ T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 252 [ 352.517461][ T10] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 352.647257][ T5923] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 352.676188][ T9] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 352.686257][ T5923] usb 2-1: device descriptor read/8, error -71 [ 352.710933][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.756518][ T9] usb 3-1: Product: syz [ 352.763136][ T10] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 352.773681][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 352.790475][ T9] usb 3-1: Manufacturer: syz [ 352.817005][ T9] usb 3-1: SerialNumber: syz [ 352.834363][ T10] usb 5-1: string descriptor 0 read error: -22 [ 352.843837][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 352.854669][ T9] usb 3-1: config 0 descriptor?? [ 352.873949][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.977231][ T5923] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 353.031381][ T10] usb 5-1: 0:2 : does not exist [ 353.039491][ T5923] usb 2-1: device descriptor read/8, error -71 [ 353.070880][ T9133] FAULT_INJECTION: forcing a failure. [ 353.070880][ T9133] name failslab, interval 1, probability 0, space 0, times 0 [ 353.086168][ T9133] CPU: 0 UID: 0 PID: 9133 Comm: syz.2.891 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 353.086197][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 353.086208][ T9133] Call Trace: [ 353.086217][ T9133] [ 353.086226][ T9133] dump_stack_lvl+0x189/0x250 [ 353.086253][ T9133] ? __pfx____ratelimit+0x10/0x10 [ 353.086281][ T9133] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.086301][ T9133] ? __pfx__printk+0x10/0x10 [ 353.086332][ T9133] ? __pfx___might_resched+0x10/0x10 [ 353.086365][ T9133] should_fail_ex+0x414/0x560 [ 353.086401][ T9133] should_failslab+0xa8/0x100 [ 353.086422][ T9133] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 353.086451][ T9133] ? __alloc_skb+0x112/0x2d0 [ 353.086477][ T9133] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 353.086504][ T9133] __alloc_skb+0x112/0x2d0 [ 353.086535][ T9133] pfkey_sendmsg+0x1dd/0x1090 [ 353.086560][ T9133] ? __pfx___might_resched+0x10/0x10 [ 353.086584][ T9133] ? __lock_acquire+0xab9/0xd20 [ 353.086611][ T9133] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 353.086631][ T9133] ? aa_sk_perm+0x81e/0x950 [ 353.086652][ T9133] ? __pfx_aa_sk_perm+0x10/0x10 [ 353.086667][ T9133] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 353.086694][ T9133] ? aa_sock_msg_perm+0x94/0x160 [ 353.086713][ T9133] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 353.086730][ T9133] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 353.086744][ T9133] __sock_sendmsg+0x21c/0x270 [ 353.086766][ T9133] ____sys_sendmsg+0x505/0x830 [ 353.086787][ T9133] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.086810][ T9133] ? import_iovec+0x74/0xa0 [ 353.086832][ T9133] ___sys_sendmsg+0x21f/0x2a0 [ 353.086849][ T9133] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.086903][ T9133] ? __fget_files+0x2a/0x420 [ 353.086916][ T9133] ? __fget_files+0x3a0/0x420 [ 353.086939][ T9133] __x64_sys_sendmsg+0x19b/0x260 [ 353.086957][ T9133] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 353.086980][ T9133] ? __pfx_ksys_write+0x10/0x10 [ 353.086997][ T9133] ? rcu_is_watching+0x15/0xb0 [ 353.087033][ T9133] ? do_syscall_64+0xbe/0x3b0 [ 353.087064][ T9133] do_syscall_64+0xfa/0x3b0 [ 353.087090][ T9133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.087108][ T9133] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 353.087126][ T9133] ? clear_bhb_loop+0x60/0xb0 [ 353.087146][ T9133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.087160][ T9133] RIP: 0033:0x7f44ef78e9a9 [ 353.087174][ T9133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.087187][ T9133] RSP: 002b:00007f44f05d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.087206][ T9133] RAX: ffffffffffffffda RBX: 00007f44ef9b6160 RCX: 00007f44ef78e9a9 [ 353.087217][ T9133] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000007 [ 353.087227][ T9133] RBP: 00007f44f05d5090 R08: 0000000000000000 R09: 0000000000000000 [ 353.087236][ T9133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.087245][ T9133] R13: 0000000000000000 R14: 00007f44ef9b6160 R15: 00007f44efadfa28 [ 353.087268][ T9133] [ 353.842665][ T5923] usb usb2-port1: unable to enumerate USB device [ 354.280984][ T9154] netlink: 28 bytes leftover after parsing attributes in process `syz.3.897'. [ 354.657228][ T5928] usb 3-1: USB disconnect, device number 46 [ 355.236758][ T9172] tipc: Started in network mode [ 355.242061][ T9172] tipc: Node identity ff, cluster identity 4711 [ 355.248725][ T9172] tipc: Enabling of bearer rejected, failed to enable media [ 356.642400][ T9175] netlink: 'syz.1.903': attribute type 21 has an invalid length. [ 356.763692][ T5928] usb 5-1: USB disconnect, device number 33 [ 357.587424][ T10] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 357.747323][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 357.756661][ T10] usb 4-1: config 5 has an invalid interface number: 206 but max is 11 [ 357.790634][ T10] usb 4-1: config 5 has 1 interface, different from the descriptor's value: 12 [ 357.814568][ T10] usb 4-1: config 5 has no interface number 0 [ 357.821678][ T10] usb 4-1: config 5 interface 206 has no altsetting 0 [ 357.844150][ T10] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=60.44 [ 357.862896][ T10] usb 4-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3 [ 357.882071][ T10] usb 4-1: Product: syz [ 357.901454][ T10] usb 4-1: Manufacturer: syz [ 357.922508][ T10] usb 4-1: SerialNumber: syz [ 358.192246][ T9200] kvm: pic: non byte write [ 358.583303][ T9204] netlink: 28 bytes leftover after parsing attributes in process `syz.1.911'. [ 358.941389][ T10] usb_ehset_test 4-1:5.206: probe with driver usb_ehset_test failed with error -32 [ 359.305358][ T9197] netlink: 'syz.2.908': attribute type 2 has an invalid length. [ 359.320570][ T10] usb 4-1: USB disconnect, device number 39 [ 360.210081][ T9224] tipc: Enabling of bearer rejected, failed to enable media [ 360.372015][ T9226] vlan3: entered promiscuous mode [ 361.314322][ T9244] netlink: 'syz.2.922': attribute type 1 has an invalid length. [ 361.340161][ T9244] FAULT_INJECTION: forcing a failure. [ 361.340161][ T9244] name failslab, interval 1, probability 0, space 0, times 0 [ 361.361118][ T9244] CPU: 0 UID: 0 PID: 9244 Comm: syz.2.922 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 361.361149][ T9244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 361.361161][ T9244] Call Trace: [ 361.361169][ T9244] [ 361.361178][ T9244] dump_stack_lvl+0x189/0x250 [ 361.361204][ T9244] ? __pfx____ratelimit+0x10/0x10 [ 361.361231][ T9244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 361.361251][ T9244] ? __pfx__printk+0x10/0x10 [ 361.361270][ T9244] ? netlink_unicast+0x82c/0x9e0 [ 361.361295][ T9244] ? ___sys_sendmsg+0x21f/0x2a0 [ 361.361312][ T9244] ? do_syscall_64+0xfa/0x3b0 [ 361.361349][ T9244] should_fail_ex+0x414/0x560 [ 361.361380][ T9244] should_failslab+0xa8/0x100 [ 361.361399][ T9244] kmem_cache_alloc_noprof+0x73/0x3c0 [ 361.361424][ T9244] ? skb_clone+0x212/0x3a0 [ 361.361451][ T9244] skb_clone+0x212/0x3a0 [ 361.361475][ T9244] __netlink_deliver_tap+0x404/0x850 [ 361.361516][ T9244] ? netlink_deliver_tap+0x2e/0x1b0 [ 361.361543][ T9244] netlink_deliver_tap+0x19c/0x1b0 [ 361.361569][ T9244] netlink_sendskb+0x68/0x140 [ 361.361595][ T9244] netlink_unicast+0x397/0x9e0 [ 361.361614][ T9244] ? __asan_memcpy+0x40/0x70 [ 361.361646][ T9244] ? __pfx_netlink_unicast+0x10/0x10 [ 361.361678][ T9244] netlink_rcv_skb+0x28c/0x470 [ 361.361699][ T9244] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 361.361723][ T9244] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 361.361766][ T9244] ? netlink_deliver_tap+0x2e/0x1b0 [ 361.361794][ T9244] netlink_unicast+0x82c/0x9e0 [ 361.361821][ T9244] ? __pfx_netlink_unicast+0x10/0x10 [ 361.361841][ T9244] ? netlink_sendmsg+0x642/0xb30 [ 361.361860][ T9244] ? skb_put+0x11b/0x210 [ 361.361877][ T9244] netlink_sendmsg+0x805/0xb30 [ 361.361906][ T9244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 361.361930][ T9244] ? aa_sock_msg_perm+0x94/0x160 [ 361.361955][ T9244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 361.361973][ T9244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 361.361996][ T9244] __sock_sendmsg+0x21c/0x270 [ 361.362020][ T9244] ____sys_sendmsg+0x505/0x830 [ 361.362042][ T9244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 361.362066][ T9244] ? import_iovec+0x74/0xa0 [ 361.362091][ T9244] ___sys_sendmsg+0x21f/0x2a0 [ 361.362109][ T9244] ? __pfx____sys_sendmsg+0x10/0x10 [ 361.362157][ T9244] ? __fget_files+0x2a/0x420 [ 361.362171][ T9244] ? __fget_files+0x3a0/0x420 [ 361.362195][ T9244] __x64_sys_sendmsg+0x19b/0x260 [ 361.362214][ T9244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 361.362239][ T9244] ? __pfx_ksys_write+0x10/0x10 [ 361.362258][ T9244] ? rcu_is_watching+0x15/0xb0 [ 361.362285][ T9244] ? do_syscall_64+0xbe/0x3b0 [ 361.362310][ T9244] do_syscall_64+0xfa/0x3b0 [ 361.362329][ T9244] ? lockdep_hardirqs_on+0x9c/0x150 [ 361.362350][ T9244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.362365][ T9244] ? clear_bhb_loop+0x60/0xb0 [ 361.362383][ T9244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.362398][ T9244] RIP: 0033:0x7f44ef78e9a9 [ 361.362413][ T9244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.362426][ T9244] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 361.362445][ T9244] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 361.362456][ T9244] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 361.362466][ T9244] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 361.362476][ T9244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.362485][ T9244] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 361.362510][ T9244] [ 361.834050][ T9249] netlink: 28 bytes leftover after parsing attributes in process `syz.0.923'. [ 361.942543][ T30] audit: type=1326 audit(1753927677.484:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 361.966333][ T30] audit: type=1326 audit(1753927677.514:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 361.993822][ T30] audit: type=1326 audit(1753927677.534:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.016582][ T30] audit: type=1326 audit(1753927677.534:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.039446][ T30] audit: type=1326 audit(1753927677.534:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.062573][ T30] audit: type=1326 audit(1753927677.534:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.085328][ T30] audit: type=1326 audit(1753927677.534:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.109177][ T30] audit: type=1326 audit(1753927677.534:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f44ef78d310 code=0x7ffc0000 [ 362.132174][ T30] audit: type=1326 audit(1753927677.534:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.168501][ T30] audit: type=1326 audit(1753927677.534:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.2.927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44ef78e9a9 code=0x7ffc0000 [ 362.198994][ T9262] netlink: 8 bytes leftover after parsing attributes in process `syz.1.928'. [ 362.221834][ T9262] netlink: 12 bytes leftover after parsing attributes in process `syz.1.928'. [ 362.412733][ T9265] vti0: entered promiscuous mode [ 362.454242][ T9265] loop6: detected capacity change from 0 to 7 [ 362.498867][ T9265] Dev loop6: unable to read RDB block 7 [ 362.511272][ T9265] loop6: AHDI p1 p2 p3 [ 362.515589][ T9265] loop6: partition table partially beyond EOD, truncated [ 362.537884][ T9265] loop6: p1 start 1405162169 is beyond EOD, truncated [ 362.544846][ T9265] loop6: p2 size 46 extends beyond EOD, truncated [ 362.627909][ T5923] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 362.677285][ T10] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 362.777380][ T5928] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 362.793878][ T5923] usb 2-1: not running at top speed; connect to a high speed hub [ 362.804115][ T5923] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 362.821103][ T5923] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 362.835944][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.846616][ T5923] usb 2-1: Product: syz [ 362.851617][ T5923] usb 2-1: Manufacturer: ᇠ[ 362.857893][ T10] usb 3-1: New USB device found, idVendor=041e, idProduct=400c, bcdDevice=af.98 [ 362.867501][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.938953][ T5923] usb 2-1: SerialNumber: syz [ 362.953462][ T10] usb 3-1: config 0 descriptor?? [ 362.964507][ T10] pwc: Creative Labs Webcam 5 detected. [ 362.969728][ T5928] usb 4-1: config 8 has an invalid interface number: 177 but max is 0 [ 362.982896][ T5928] usb 4-1: config 8 has an invalid descriptor of length 183, skipping remainder of the config [ 363.007402][ T5928] usb 4-1: config 8 has no interface number 0 [ 363.025068][ T5928] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1043, setting to 64 [ 363.153861][ T5928] usb 4-1: config 8 interface 177 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 363.167165][ T10] pwc: Failed to set LED on/off time (-71) [ 363.167923][ T10] pwc: send_video_command error -71 [ 363.183454][ T10] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 363.183765][ T9262] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 363.192753][ T10] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 363.217583][ T5928] usb 4-1: config 8 interface 177 has no altsetting 0 [ 363.223616][ T10] usb 3-1: USB disconnect, device number 47 [ 363.279948][ T5928] usb 4-1: New USB device found, idVendor=04c7, idProduct=fd08, bcdDevice=59.b1 [ 363.452574][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.474133][ T9272] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 363.479265][ T5923] cdc_ncm 2-1:1.0: bind() failure [ 363.594309][ T5923] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 363.617219][ T5923] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 363.643577][ T5923] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 363.663036][ T5923] usb 2-1: USB disconnect, device number 36 [ 363.832958][ T5928] usb 4-1: string descriptor 0 read error: -71 [ 363.874377][ T5928] usb 4-1: USB disconnect, device number 40 [ 364.394598][ T9297] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.937'. [ 364.540350][ T9301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.939'. [ 364.707639][ T5963] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 364.857161][ T5963] usb 2-1: device descriptor read/64, error -71 [ 364.966549][ T9309] bridge0: entered promiscuous mode [ 364.972608][ T9309] macvlan2: entered promiscuous mode [ 365.158023][ T5963] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 365.387237][ T5963] usb 2-1: device descriptor read/64, error -71 [ 365.497653][ T5963] usb usb2-port1: attempt power cycle [ 366.027177][ T5963] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 366.061244][ T5963] usb 2-1: device descriptor read/8, error -71 [ 366.421025][ T5963] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 366.480739][ T5963] usb 2-1: device descriptor read/8, error -71 [ 366.545879][ T9325] io-wq is not configured for unbound workers [ 366.557227][ T5923] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 366.597738][ T5963] usb usb2-port1: unable to enumerate USB device [ 366.719971][ T5923] usb 3-1: unable to get BOS descriptor or descriptor too short [ 366.728843][ T5923] usb 3-1: not running at top speed; connect to a high speed hub [ 366.749434][ T5923] usb 3-1: config 1 has an invalid interface number: 94 but max is 0 [ 366.767111][ T5923] usb 3-1: config 1 has no interface number 0 [ 366.832165][ T5923] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=51.70 [ 366.851826][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.879460][ T5923] usb 3-1: Product: syz [ 366.887135][ T5923] usb 3-1: Manufacturer: syz [ 366.902157][ T5923] usb 3-1: SerialNumber: syz [ 366.978256][ T9327] program syz.3.946 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 367.126892][ C0] IPv4: Oversized IP packet from 127.0.0.1 [ 367.136783][ T9323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.156558][ T9323] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.224432][ T5923] usb 3-1: Invalid firmware size=18. [ 367.233729][ T5923] usb 3-1: USB disconnect, device number 48 [ 367.467303][ T5839] usb 4-1: new full-speed USB device number 41 using dummy_hcd [ 367.533849][ T9339] netlink: 28 bytes leftover after parsing attributes in process `syz.1.951'. [ 367.619979][ T5839] usb 4-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config [ 367.634126][ T5839] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 367.648395][ T5839] usb 4-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 367.661880][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.688440][ T5839] usb 4-1: config 0 descriptor?? [ 367.719310][ T5839] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 367.803363][ T9351] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 367.811287][ T9351] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 367.892238][ T9354] random: crng reseeded on system resumption [ 368.449672][ T9367] program syz.1.958 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 369.097870][ T5923] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 369.308812][ T5923] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.338903][ T5923] usb 5-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 369.355030][ T5923] usb 5-1: config 0 interface 0 has no altsetting 0 [ 369.365893][ T5923] usb 5-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.00 [ 369.376091][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.393527][ T5923] usb 5-1: config 0 descriptor?? [ 369.620948][ T5923] usb 5-1: string descriptor 0 read error: -71 [ 369.656798][ T5923] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input18 [ 369.682502][ T5191] bcm5974 5-1:0.0: could not read from device [ 369.690713][ T9383] netlink: 'syz.2.962': attribute type 29 has an invalid length. [ 369.701731][ T5191] bcm5974 5-1:0.0: could not read from device [ 369.702300][ T9383] netlink: 'syz.2.962': attribute type 29 has an invalid length. [ 369.720231][ T5923] usb 5-1: USB disconnect, device number 34 [ 369.729878][ T9383] FAULT_INJECTION: forcing a failure. [ 369.729878][ T9383] name failslab, interval 1, probability 0, space 0, times 0 [ 369.730148][ T5191] bcm5974 5-1:0.0: could not read from device [ 369.744424][ T9383] CPU: 0 UID: 0 PID: 9383 Comm: syz.2.962 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 369.744451][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 369.744462][ T9383] Call Trace: [ 369.744471][ T9383] [ 369.744479][ T9383] dump_stack_lvl+0x189/0x250 [ 369.744504][ T9383] ? __pfx____ratelimit+0x10/0x10 [ 369.744529][ T9383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.744547][ T9383] ? __pfx__printk+0x10/0x10 [ 369.744565][ T9383] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 369.744605][ T9383] should_fail_ex+0x414/0x560 [ 369.744635][ T9383] should_failslab+0xa8/0x100 [ 369.744654][ T9383] kmem_cache_alloc_noprof+0x73/0x3c0 [ 369.744677][ T9383] ? skb_clone+0x212/0x3a0 [ 369.744701][ T9383] skb_clone+0x212/0x3a0 [ 369.744724][ T9383] __netlink_deliver_tap+0x404/0x850 [ 369.744761][ T9383] ? netlink_deliver_tap+0x2e/0x1b0 [ 369.744787][ T9383] netlink_deliver_tap+0x19c/0x1b0 [ 369.744812][ T9383] netlink_dump+0x92b/0xe90 [ 369.744849][ T9383] ? __pfx_netlink_dump+0x10/0x10 [ 369.744891][ T9383] ? kmem_cache_free+0x18f/0x400 [ 369.744920][ T9383] netlink_recvmsg+0x676/0xa30 [ 369.744954][ T9383] ? __pfx_netlink_recvmsg+0x10/0x10 [ 369.744983][ T9383] ? aa_sock_msg_perm+0x94/0x160 [ 369.745016][ T9383] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 369.745035][ T9383] ? security_socket_recvmsg+0x7e/0x2e0 [ 369.745052][ T9383] ? __pfx_netlink_recvmsg+0x10/0x10 [ 369.745077][ T9383] sock_recvmsg+0x22c/0x270 [ 369.745103][ T9383] ____sys_recvmsg+0x1c9/0x460 [ 369.745132][ T9383] ? __pfx_____sys_recvmsg+0x10/0x10 [ 369.745167][ T9383] ? import_iovec+0x74/0xa0 [ 369.745195][ T9383] ___sys_recvmsg+0x1b5/0x510 [ 369.745231][ T9383] ? __pfx____sys_recvmsg+0x10/0x10 [ 369.745277][ T9383] ? __fget_files+0x3a0/0x420 [ 369.745306][ T9383] __x64_sys_recvmsg+0x198/0x260 [ 369.745328][ T9383] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 369.745358][ T9383] ? __pfx_ksys_write+0x10/0x10 [ 369.745378][ T9383] ? rcu_is_watching+0x15/0xb0 [ 369.745408][ T9383] ? do_syscall_64+0xbe/0x3b0 [ 369.745436][ T9383] do_syscall_64+0xfa/0x3b0 [ 369.745458][ T9383] ? lockdep_hardirqs_on+0x9c/0x150 [ 369.745480][ T9383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.745497][ T9383] ? clear_bhb_loop+0x60/0xb0 [ 369.745518][ T9383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.745535][ T9383] RIP: 0033:0x7f44ef78e9a9 [ 369.745552][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.745566][ T9383] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 369.745585][ T9383] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 369.745598][ T9383] RDX: 0000000040012100 RSI: 0000200000000640 RDI: 0000000000000003 [ 369.745610][ T9383] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 369.745621][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.745631][ T9383] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 369.745661][ T9383] [ 369.922627][ T9385] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.963'. [ 370.275393][ T5928] usb 4-1: USB disconnect, device number 41 [ 370.445526][ T9399] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 370.459171][ T9399] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 371.112928][ T9412] fuse: Unknown parameter 'user_id00000000000000000000' [ 371.257205][ T5923] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 371.291296][ T9417] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 371.300676][ T9417] netlink: 17 bytes leftover after parsing attributes in process `syz.0.975'. [ 371.419341][ T9421] netlink: 'syz.0.977': attribute type 9 has an invalid length. [ 371.430083][ T5923] usb 4-1: unable to get BOS descriptor or descriptor too short [ 371.432936][ T5844] Bluetooth: hci2: Malformed HCI Event: 0x22 [ 371.449124][ T5923] usb 4-1: not running at top speed; connect to a high speed hub [ 371.464423][ T5923] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 371.476482][ T5923] usb 4-1: config 1 has an invalid descriptor of length 36, skipping remainder of the config [ 371.493599][ T5923] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 371.503608][ T5923] usb 4-1: config 1 has no interface number 1 [ 371.513868][ T5923] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 371.546319][ T5923] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 371.561668][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.577905][ T5923] usb 4-1: Product: syz [ 371.582464][ T5923] usb 4-1: Manufacturer: syz [ 371.598438][ T9425] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 371.619751][ T5923] usb 4-1: SerialNumber: syz [ 371.635863][ T9425] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 371.864903][ T9410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.913816][ T9410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.961814][ T9410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.006951][ T9410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.283992][ T5923] usb 4-1: USB disconnect, device number 42 [ 372.495769][ T9445] FAULT_INJECTION: forcing a failure. [ 372.495769][ T9445] name failslab, interval 1, probability 0, space 0, times 0 [ 372.571004][ T9445] CPU: 1 UID: 0 PID: 9445 Comm: syz.4.984 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 372.571025][ T9445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 372.571033][ T9445] Call Trace: [ 372.571039][ T9445] [ 372.571045][ T9445] dump_stack_lvl+0x189/0x250 [ 372.571063][ T9445] ? __pfx____ratelimit+0x10/0x10 [ 372.571081][ T9445] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.571093][ T9445] ? __pfx__printk+0x10/0x10 [ 372.571110][ T9445] ? __pfx___might_resched+0x10/0x10 [ 372.571127][ T9445] ? fs_reclaim_acquire+0x7d/0x100 [ 372.571143][ T9445] should_fail_ex+0x414/0x560 [ 372.571164][ T9445] should_failslab+0xa8/0x100 [ 372.571177][ T9445] __kmalloc_noprof+0xcb/0x4f0 [ 372.571194][ T9445] ? cfg80211_connect+0x105c/0x21a0 [ 372.571213][ T9445] cfg80211_connect+0x105c/0x21a0 [ 372.571247][ T9445] nl80211_connect+0x17bc/0x1cd0 [ 372.571267][ T9445] ? rcu_is_watching+0x15/0xb0 [ 372.571286][ T9445] ? __pfx_nl80211_connect+0x10/0x10 [ 372.571300][ T9445] ? __mutex_lock+0x335/0x1340 [ 372.571344][ T9445] ? nl80211_pre_doit+0x4f1/0x930 [ 372.571361][ T9445] genl_family_rcv_msg_doit+0x215/0x300 [ 372.571381][ T9445] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 372.571402][ T9445] ? bpf_lsm_capable+0x9/0x20 [ 372.571418][ T9445] ? security_capable+0x7e/0x2e0 [ 372.571437][ T9445] genl_rcv_msg+0x60e/0x790 [ 372.571454][ T9445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 372.571467][ T9445] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 372.571478][ T9445] ? __pfx_nl80211_connect+0x10/0x10 [ 372.571492][ T9445] ? __pfx_nl80211_post_doit+0x10/0x10 [ 372.571506][ T9445] ? __asan_memcpy+0x40/0x70 [ 372.571519][ T9445] ? __pfx_ref_tracker_free+0x10/0x10 [ 372.571536][ T9445] netlink_rcv_skb+0x205/0x470 [ 372.571557][ T9445] ? __lock_acquire+0xab9/0xd20 [ 372.571572][ T9445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 372.571587][ T9445] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 372.571616][ T9445] ? down_read+0x1ad/0x2e0 [ 372.571628][ T9445] genl_rcv+0x28/0x40 [ 372.571640][ T9445] netlink_unicast+0x82c/0x9e0 [ 372.571662][ T9445] ? __pfx_netlink_unicast+0x10/0x10 [ 372.571678][ T9445] ? netlink_sendmsg+0x642/0xb30 [ 372.571699][ T9445] ? skb_put+0x11b/0x210 [ 372.571731][ T9445] netlink_sendmsg+0x805/0xb30 [ 372.571768][ T9445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.571799][ T9445] ? aa_sock_msg_perm+0x94/0x160 [ 372.571826][ T9445] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 372.571848][ T9445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.571877][ T9445] __sock_sendmsg+0x21c/0x270 [ 372.571908][ T9445] ____sys_sendmsg+0x505/0x830 [ 372.571937][ T9445] ? __pfx_____sys_sendmsg+0x10/0x10 [ 372.571969][ T9445] ? import_iovec+0x74/0xa0 [ 372.572001][ T9445] ___sys_sendmsg+0x21f/0x2a0 [ 372.572026][ T9445] ? __pfx____sys_sendmsg+0x10/0x10 [ 372.572092][ T9445] ? __fget_files+0x2a/0x420 [ 372.572110][ T9445] ? __fget_files+0x3a0/0x420 [ 372.572142][ T9445] __x64_sys_sendmsg+0x19b/0x260 [ 372.572168][ T9445] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 372.572201][ T9445] ? __pfx_ksys_write+0x10/0x10 [ 372.572222][ T9445] ? rcu_is_watching+0x15/0xb0 [ 372.572254][ T9445] ? do_syscall_64+0xbe/0x3b0 [ 372.572280][ T9445] do_syscall_64+0xfa/0x3b0 [ 372.572296][ T9445] ? lockdep_hardirqs_on+0x9c/0x150 [ 372.572312][ T9445] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.572324][ T9445] ? clear_bhb_loop+0x60/0xb0 [ 372.572338][ T9445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.572349][ T9445] RIP: 0033:0x7f7f96d8e9a9 [ 372.572361][ T9445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.572371][ T9445] RSP: 002b:00007f7f97c4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 372.572386][ T9445] RAX: ffffffffffffffda RBX: 00007f7f96fb6080 RCX: 00007f7f96d8e9a9 [ 372.572394][ T9445] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 372.572402][ T9445] RBP: 00007f7f97c4a090 R08: 0000000000000000 R09: 0000000000000000 [ 372.572409][ T9445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.572416][ T9445] R13: 0000000000000001 R14: 00007f7f96fb6080 R15: 00007f7f970dfa28 [ 372.572435][ T9445] [ 372.985695][ C1] vkms_vblank_simulate: vblank timer overrun [ 373.002913][ T9449] fuse: Unknown parameter 'Y0x0000000000000003' [ 373.150254][ T9452] netlink: 12 bytes leftover after parsing attributes in process `syz.1.988'. [ 373.334244][ T9452] macvlan2: entered promiscuous mode [ 373.355469][ T9452] macvlan2: entered allmulticast mode [ 373.364523][ T9452] bond1: entered promiscuous mode [ 373.372922][ T9452] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 373.449185][ T9462] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 373.460807][ T9462] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 373.473220][ T9455] netlink: 16 bytes leftover after parsing attributes in process `syz.1.988'. [ 373.490004][ T9461] FAULT_INJECTION: forcing a failure. [ 373.490004][ T9461] name failslab, interval 1, probability 0, space 0, times 0 [ 373.521908][ T9461] CPU: 0 UID: 0 PID: 9461 Comm: syz.4.992 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 373.521937][ T9461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 373.521947][ T9461] Call Trace: [ 373.521956][ T9461] [ 373.521965][ T9461] dump_stack_lvl+0x189/0x250 [ 373.521991][ T9461] ? __pfx____ratelimit+0x10/0x10 [ 373.522012][ T9461] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.522025][ T9461] ? __pfx__printk+0x10/0x10 [ 373.522040][ T9461] ? __pfx___might_resched+0x10/0x10 [ 373.522064][ T9461] ? fs_reclaim_acquire+0x7d/0x100 [ 373.522080][ T9461] should_fail_ex+0x414/0x560 [ 373.522101][ T9461] should_failslab+0xa8/0x100 [ 373.522113][ T9461] __kmalloc_noprof+0xcb/0x4f0 [ 373.522128][ T9461] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 373.522145][ T9461] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 373.522164][ T9461] genl_family_rcv_msg_doit+0xb8/0x300 [ 373.522181][ T9461] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 373.522196][ T9461] ? rcu_is_watching+0x15/0xb0 [ 373.522215][ T9461] ? apparmor_capable+0x137/0x1b0 [ 373.522228][ T9461] ? bpf_lsm_capable+0x9/0x20 [ 373.522243][ T9461] ? security_capable+0x7e/0x2e0 [ 373.522261][ T9461] genl_rcv_msg+0x60e/0x790 [ 373.522278][ T9461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.522290][ T9461] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 373.522302][ T9461] ? __pfx_nl80211_set_station+0x10/0x10 [ 373.522315][ T9461] ? __pfx_nl80211_post_doit+0x10/0x10 [ 373.522328][ T9461] ? __asan_memcpy+0x40/0x70 [ 373.522342][ T9461] ? __pfx_ref_tracker_free+0x10/0x10 [ 373.522359][ T9461] netlink_rcv_skb+0x205/0x470 [ 373.522374][ T9461] ? __lock_acquire+0xab9/0xd20 [ 373.522389][ T9461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.522403][ T9461] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 373.522431][ T9461] ? down_read+0x1ad/0x2e0 [ 373.522444][ T9461] genl_rcv+0x28/0x40 [ 373.522456][ T9461] netlink_unicast+0x82c/0x9e0 [ 373.522477][ T9461] ? __pfx_netlink_unicast+0x10/0x10 [ 373.522493][ T9461] ? netlink_sendmsg+0x642/0xb30 [ 373.522509][ T9461] ? skb_put+0x11b/0x210 [ 373.522522][ T9461] netlink_sendmsg+0x805/0xb30 [ 373.522545][ T9461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.522564][ T9461] ? aa_sock_msg_perm+0x94/0x160 [ 373.522580][ T9461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 373.522593][ T9461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.522609][ T9461] __sock_sendmsg+0x21c/0x270 [ 373.522626][ T9461] ____sys_sendmsg+0x505/0x830 [ 373.522642][ T9461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 373.522660][ T9461] ? import_iovec+0x74/0xa0 [ 373.522678][ T9461] ___sys_sendmsg+0x21f/0x2a0 [ 373.522692][ T9461] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.522726][ T9461] ? __fget_files+0x2a/0x420 [ 373.522737][ T9461] ? __fget_files+0x3a0/0x420 [ 373.522754][ T9461] __x64_sys_sendmsg+0x19b/0x260 [ 373.522768][ T9461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 373.522786][ T9461] ? __pfx_ksys_write+0x10/0x10 [ 373.522802][ T9461] ? rcu_is_watching+0x15/0xb0 [ 373.522823][ T9461] ? do_syscall_64+0xbe/0x3b0 [ 373.522842][ T9461] do_syscall_64+0xfa/0x3b0 [ 373.522857][ T9461] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.522873][ T9461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.522884][ T9461] ? clear_bhb_loop+0x60/0xb0 [ 373.522898][ T9461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.522909][ T9461] RIP: 0033:0x7f7f96d8e9a9 [ 373.522921][ T9461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.522936][ T9461] RSP: 002b:00007f7f97c6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 373.522951][ T9461] RAX: ffffffffffffffda RBX: 00007f7f96fb5fa0 RCX: 00007f7f96d8e9a9 [ 373.522960][ T9461] RDX: 0000000004000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 373.522967][ T9461] RBP: 00007f7f97c6b090 R08: 0000000000000000 R09: 0000000000000000 [ 373.522978][ T9461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.522989][ T9461] R13: 0000000000000000 R14: 00007f7f96fb5fa0 R15: 00007f7f970dfa28 [ 373.523021][ T9461] [ 374.079087][ T9452] bond1: left promiscuous mode [ 374.492912][ T9479] ALSA: mixer_oss: invalid OSS volume '' [ 374.771057][ T5923] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 374.802349][ T5923] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 374.911818][ T9493] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1001'. [ 374.949606][ T9490] FAULT_INJECTION: forcing a failure. [ 374.949606][ T9490] name failslab, interval 1, probability 0, space 0, times 0 [ 374.994835][ T9490] CPU: 1 UID: 0 PID: 9490 Comm: syz.0.1000 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 374.994865][ T9490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 374.994877][ T9490] Call Trace: [ 374.994886][ T9490] [ 374.994896][ T9490] dump_stack_lvl+0x189/0x250 [ 374.994924][ T9490] ? __pfx____ratelimit+0x10/0x10 [ 374.994965][ T9490] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.994986][ T9490] ? __pfx__printk+0x10/0x10 [ 374.995018][ T9490] ? __pfx___might_resched+0x10/0x10 [ 374.995047][ T9490] ? fs_reclaim_acquire+0x7d/0x100 [ 374.995075][ T9490] should_fail_ex+0x414/0x560 [ 374.995112][ T9490] should_failslab+0xa8/0x100 [ 374.995134][ T9490] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 374.995163][ T9490] ? __d_alloc+0x36/0x7a0 [ 374.995191][ T9490] __d_alloc+0x36/0x7a0 [ 374.995221][ T9490] d_alloc_parallel+0xe5/0x15e0 [ 374.995263][ T9490] ? __lock_acquire+0xab9/0xd20 [ 374.995298][ T9490] ? __pfx_d_alloc_parallel+0x10/0x10 [ 374.995328][ T9490] ? __raw_spin_lock_init+0x45/0x100 [ 374.995355][ T9490] ? __init_waitqueue_head+0xa9/0x150 [ 374.995383][ T9490] __lookup_slow+0x116/0x3d0 [ 374.995412][ T9490] ? __pfx___lookup_slow+0x10/0x10 [ 374.995448][ T9490] ? d_lookup+0x8a/0xa0 [ 374.995472][ T9490] ? lookup_noperm+0x112/0x220 [ 374.995500][ T9490] simple_start_creating+0xfd/0x1e0 [ 374.995521][ T9490] ? __pfx_simple_start_creating+0x10/0x10 [ 374.995556][ T9490] start_creating+0x10f/0x180 [ 374.995584][ T9490] __debugfs_create_file+0x79/0x4f0 [ 374.995616][ T9490] debugfs_create_file_full+0x3f/0x60 [ 374.995646][ T9490] ref_tracker_dir_debugfs+0x14e/0x270 [ 374.995668][ T9490] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 374.995720][ T9490] ? rcu_is_watching+0x15/0xb0 [ 374.995752][ T9490] ? alloc_netdev_mqs+0xa3/0x1170 [ 374.995781][ T9490] ? __raw_spin_lock_init+0x45/0x100 [ 374.995805][ T9490] alloc_netdev_mqs+0x26f/0x1170 [ 374.995825][ T9490] ? __pfx_macsec_setup+0x10/0x10 [ 374.995853][ T9490] rtnl_create_link+0x31f/0xd10 [ 374.995884][ T9490] rtnl_newlink_create+0x25c/0xb00 [ 374.995912][ T9490] ? __mutex_lock+0x5b6/0x1340 [ 374.995951][ T9490] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 374.995976][ T9490] ? __pfx___mutex_lock+0x10/0x10 [ 374.996016][ T9490] ? ns_capable+0x8a/0xf0 [ 374.996050][ T9490] rtnl_newlink+0x16d6/0x1c70 [ 374.996080][ T9490] ? netlink_sendmsg+0x805/0xb30 [ 374.996125][ T9490] ? __pfx_rtnl_newlink+0x10/0x10 [ 374.996180][ T9490] ? kasan_quarantine_put+0xdd/0x220 [ 374.996206][ T9490] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.996241][ T9490] ? nlmon_xmit+0xb0/0x100 [ 374.996259][ T9490] ? kmem_cache_free+0x18f/0x400 [ 374.996296][ T9490] ? __local_bh_enable_ip+0x12d/0x1c0 [ 374.996324][ T9490] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.996349][ T9490] ? __local_bh_enable_ip+0x12d/0x1c0 [ 374.996376][ T9490] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 374.996407][ T9490] ? __dev_queue_xmit+0x27b/0x3b50 [ 374.996445][ T9490] ? __lock_acquire+0xab9/0xd20 [ 374.996502][ T9490] ? __pfx_rtnl_newlink+0x10/0x10 [ 374.996530][ T9490] rtnetlink_rcv_msg+0x7cc/0xb70 [ 374.996562][ T9490] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 374.996589][ T9490] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 374.996614][ T9490] ? ref_tracker_free+0x63a/0x7d0 [ 374.996634][ T9490] ? __asan_memcpy+0x40/0x70 [ 374.996658][ T9490] ? __pfx_ref_tracker_free+0x10/0x10 [ 374.996676][ T9490] ? __skb_clone+0x63/0x7a0 [ 374.996708][ T9490] netlink_rcv_skb+0x205/0x470 [ 374.996738][ T9490] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 374.996768][ T9490] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 374.996811][ T9490] ? netlink_deliver_tap+0x2e/0x1b0 [ 374.996849][ T9490] netlink_unicast+0x82c/0x9e0 [ 374.996887][ T9490] ? __pfx_netlink_unicast+0x10/0x10 [ 374.996916][ T9490] ? netlink_sendmsg+0x642/0xb30 [ 374.996941][ T9490] ? skb_put+0x11b/0x210 [ 374.996973][ T9490] netlink_sendmsg+0x805/0xb30 [ 374.997012][ T9490] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.997043][ T9490] ? aa_sock_msg_perm+0x94/0x160 [ 374.997071][ T9490] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 374.997093][ T9490] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.997122][ T9490] __sock_sendmsg+0x21c/0x270 [ 374.997151][ T9490] ____sys_sendmsg+0x505/0x830 [ 374.997177][ T9490] ? __pfx_____sys_sendmsg+0x10/0x10 [ 374.997208][ T9490] ? import_iovec+0x74/0xa0 [ 374.997236][ T9490] ___sys_sendmsg+0x21f/0x2a0 [ 374.997260][ T9490] ? __pfx____sys_sendmsg+0x10/0x10 [ 374.997324][ T9490] ? __fget_files+0x2a/0x420 [ 374.997341][ T9490] ? __fget_files+0x3a0/0x420 [ 374.997370][ T9490] __x64_sys_sendmsg+0x19b/0x260 [ 374.997394][ T9490] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 374.997428][ T9490] ? __pfx_ksys_write+0x10/0x10 [ 374.997451][ T9490] ? rcu_is_watching+0x15/0xb0 [ 374.997486][ T9490] ? do_syscall_64+0xbe/0x3b0 [ 374.997520][ T9490] do_syscall_64+0xfa/0x3b0 [ 374.997546][ T9490] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.997571][ T9490] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.997590][ T9490] ? clear_bhb_loop+0x60/0xb0 [ 374.997615][ T9490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.997634][ T9490] RIP: 0033:0x7f3aab38e9a9 [ 374.997653][ T9490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.997671][ T9490] RSP: 002b:00007f3aac1c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 374.997694][ T9490] RAX: ffffffffffffffda RBX: 00007f3aab5b5fa0 RCX: 00007f3aab38e9a9 [ 374.997708][ T9490] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 374.997721][ T9490] RBP: 00007f3aac1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 374.997733][ T9490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 374.997746][ T9490] R13: 0000000000000000 R14: 00007f3aab5b5fa0 R15: 00007f3aab6dfa28 [ 374.997781][ T9490] [ 375.558791][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.767173][ T5839] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 375.956395][ T5839] usb 3-1: config 0 has no interfaces? [ 375.964889][ T5839] usb 3-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e [ 375.974108][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.982554][ T9486] hid-generic 0000:0000:0000.0009: pid 9486 passed too short report [ 375.994691][ T5839] usb 3-1: Product: syz [ 375.999175][ T5839] usb 3-1: Manufacturer: syz [ 376.003791][ T5839] usb 3-1: SerialNumber: syz [ 376.028590][ T5839] usb 3-1: config 0 descriptor?? [ 376.045902][ T30] kauditd_printk_skb: 67 callbacks suppressed [ 376.045923][ T30] audit: type=1326 audit(1753927691.584:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.1.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9ef8e9a9 code=0x7fc00000 [ 376.310912][ T30] audit: type=1326 audit(1753927691.584:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.1.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9ef8e9a9 code=0x7fc00000 [ 376.904424][ T30] audit: type=1326 audit(1753927691.634:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.1.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a9ef8e9a9 code=0x7fc00000 [ 376.997223][ T30] audit: type=1326 audit(1753927691.794:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9485 comm="syz.2.999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44ef78e9a9 code=0x0 [ 377.117327][ T5948] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 378.835573][ T30] audit: type=1326 audit(1753927694.334:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.1.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a9ef2ab89 code=0x7fc00000 [ 378.892171][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.898789][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.938936][ T5923] usb 3-1: USB disconnect, device number 49 [ 379.147149][ T5948] usb 2-1: device descriptor read/64, error -71 [ 379.147319][ T9514] FAULT_INJECTION: forcing a failure. [ 379.147319][ T9514] name failslab, interval 1, probability 0, space 0, times 0 [ 379.233683][ T9514] CPU: 0 UID: 0 PID: 9514 Comm: syz.2.1008 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 379.233714][ T9514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 379.233734][ T9514] Call Trace: [ 379.233744][ T9514] [ 379.233753][ T9514] dump_stack_lvl+0x189/0x250 [ 379.233780][ T9514] ? __pfx____ratelimit+0x10/0x10 [ 379.233808][ T9514] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.233828][ T9514] ? __pfx__printk+0x10/0x10 [ 379.233860][ T9514] ? __pfx___might_resched+0x10/0x10 [ 379.233887][ T9514] ? fs_reclaim_acquire+0x7d/0x100 [ 379.233914][ T9514] should_fail_ex+0x414/0x560 [ 379.233948][ T9514] should_failslab+0xa8/0x100 [ 379.233968][ T9514] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 379.233995][ T9514] ? __alloc_skb+0x112/0x2d0 [ 379.234028][ T9514] __alloc_skb+0x112/0x2d0 [ 379.234059][ T9514] netlink_ack+0x146/0xa50 [ 379.234088][ T9514] ? rcu_is_watching+0x15/0xb0 [ 379.234115][ T9514] ? trace_contention_end+0x39/0x120 [ 379.234146][ T9514] netlink_rcv_skb+0x28c/0x470 [ 379.234175][ T9514] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 379.234201][ T9514] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 379.234247][ T9514] ? netlink_deliver_tap+0x2e/0x1b0 [ 379.234275][ T9514] ? netlink_deliver_tap+0x2e/0x1b0 [ 379.234307][ T9514] xfrm_netlink_rcv+0x79/0x90 [ 379.234332][ T9514] netlink_unicast+0x82c/0x9e0 [ 379.234368][ T9514] ? __pfx_netlink_unicast+0x10/0x10 [ 379.234398][ T9514] ? netlink_sendmsg+0x642/0xb30 [ 379.234423][ T9514] ? skb_put+0x11b/0x210 [ 379.234446][ T9514] netlink_sendmsg+0x805/0xb30 [ 379.234486][ T9514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.234518][ T9514] ? aa_sock_msg_perm+0x94/0x160 [ 379.234546][ T9514] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 379.234568][ T9514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.234603][ T9514] __sock_sendmsg+0x21c/0x270 [ 379.234633][ T9514] ____sys_sendmsg+0x505/0x830 [ 379.234661][ T9514] ? __pfx_____sys_sendmsg+0x10/0x10 [ 379.234694][ T9514] ? import_iovec+0x74/0xa0 [ 379.234725][ T9514] ___sys_sendmsg+0x21f/0x2a0 [ 379.234760][ T9514] ? __pfx____sys_sendmsg+0x10/0x10 [ 379.234825][ T9514] ? __fget_files+0x2a/0x420 [ 379.234843][ T9514] ? __fget_files+0x3a0/0x420 [ 379.234875][ T9514] __x64_sys_sendmsg+0x19b/0x260 [ 379.234899][ T9514] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 379.234932][ T9514] ? __pfx_ksys_write+0x10/0x10 [ 379.234957][ T9514] ? rcu_is_watching+0x15/0xb0 [ 379.234991][ T9514] ? do_syscall_64+0xbe/0x3b0 [ 379.235023][ T9514] do_syscall_64+0xfa/0x3b0 [ 379.235049][ T9514] ? lockdep_hardirqs_on+0x9c/0x150 [ 379.235078][ T9514] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.235098][ T9514] ? clear_bhb_loop+0x60/0xb0 [ 379.235123][ T9514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.235142][ T9514] RIP: 0033:0x7f44ef78e9a9 [ 379.235161][ T9514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.235177][ T9514] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 379.235200][ T9514] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 379.235215][ T9514] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 379.235228][ T9514] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 379.235240][ T9514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.235252][ T9514] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 379.235286][ T9514] [ 379.837484][ T5948] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 380.003347][ T5948] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 380.015804][ T5948] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 380.068867][ T5948] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 380.094338][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 380.112740][ T5948] usb 2-1: SerialNumber: syz [ 380.348183][ T5948] usb 2-1: 0:2 : does not exist [ 380.377825][ T5948] usb 2-1: USB disconnect, device number 42 [ 381.043318][ T10] usb 4-1: new low-speed USB device number 43 using dummy_hcd [ 381.127480][ T9540] program syz.4.1014 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 381.275027][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 381.302479][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.351645][ T10] usb 4-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 381.411744][ T9555] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1018'. [ 381.421517][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.477807][ T10] usb 4-1: config 0 descriptor?? [ 381.737554][ T9560] bridge0: left allmulticast mode [ 381.957754][ T10] glorious 0003:258A:0036.000A: item fetching failed at offset 0/2 [ 382.015475][ T10] glorious 0003:258A:0036.000A: probe with driver glorious failed with error -22 [ 382.146307][ T9560] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 382.182328][ T9560] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.263275][ T9537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 382.273507][ T9537] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 382.808893][ T9560] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 383.001047][ T9560] vlan2: left allmulticast mode [ 383.105991][ T6271] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.116001][ T6271] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.208843][ T6271] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.311928][ T9574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1026'. [ 383.945699][ T9537] syz.3.1013 (9537): drop_caches: 2 [ 384.167471][ T9580] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1028'. [ 384.170453][ T981] usb 4-1: USB disconnect, device number 43 [ 384.208920][ T9580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1028'. [ 384.485943][ T9585] FAULT_INJECTION: forcing a failure. [ 384.485943][ T9585] name failslab, interval 1, probability 0, space 0, times 0 [ 384.517344][ T9585] CPU: 0 UID: 0 PID: 9585 Comm: syz.3.1030 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 384.517365][ T9585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 384.517373][ T9585] Call Trace: [ 384.517378][ T9585] [ 384.517384][ T9585] dump_stack_lvl+0x189/0x250 [ 384.517401][ T9585] ? __pfx____ratelimit+0x10/0x10 [ 384.517418][ T9585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.517430][ T9585] ? __pfx__printk+0x10/0x10 [ 384.517448][ T9585] ? __pfx___might_resched+0x10/0x10 [ 384.517464][ T9585] ? fs_reclaim_acquire+0x7d/0x100 [ 384.517479][ T9585] should_fail_ex+0x414/0x560 [ 384.517499][ T9585] should_failslab+0xa8/0x100 [ 384.517511][ T9585] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 384.517528][ T9585] ? __alloc_skb+0x112/0x2d0 [ 384.517547][ T9585] __alloc_skb+0x112/0x2d0 [ 384.517566][ T9585] netlink_ack+0x146/0xa50 [ 384.517592][ T9585] netlink_rcv_skb+0x28c/0x470 [ 384.517609][ T9585] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 384.517625][ T9585] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 384.517648][ T9585] ? bpf_lsm_capable+0x9/0x20 [ 384.517663][ T9585] ? security_capable+0x7e/0x2e0 [ 384.517682][ T9585] nfnetlink_rcv+0x26a/0x2520 [ 384.517706][ T9585] ? __dev_queue_xmit+0x1d79/0x3b50 [ 384.517725][ T9585] ? __dev_queue_xmit+0x27b/0x3b50 [ 384.517745][ T9585] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 384.517759][ T9585] ? __pfx___dev_queue_xmit+0x10/0x10 [ 384.517780][ T9585] ? ref_tracker_free+0x63a/0x7d0 [ 384.517792][ T9585] ? __asan_memcpy+0x40/0x70 [ 384.517806][ T9585] ? __pfx_ref_tracker_free+0x10/0x10 [ 384.517816][ T9585] ? __skb_clone+0x63/0x7a0 [ 384.517831][ T9585] ? __skb_clone+0x483/0x7a0 [ 384.517847][ T9585] ? skb_clone+0x246/0x3a0 [ 384.517861][ T9585] ? __netlink_deliver_tap+0x807/0x850 [ 384.517878][ T9585] ? netlink_deliver_tap+0x2e/0x1b0 [ 384.517898][ T9585] ? netlink_deliver_tap+0x2e/0x1b0 [ 384.517919][ T9585] netlink_unicast+0x82c/0x9e0 [ 384.517943][ T9585] ? __pfx_netlink_unicast+0x10/0x10 [ 384.517959][ T9585] ? netlink_sendmsg+0x642/0xb30 [ 384.517975][ T9585] ? skb_put+0x11b/0x210 [ 384.517987][ T9585] netlink_sendmsg+0x805/0xb30 [ 384.518009][ T9585] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.518028][ T9585] ? aa_sock_msg_perm+0x94/0x160 [ 384.518053][ T9585] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 384.518066][ T9585] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.518083][ T9585] __sock_sendmsg+0x21c/0x270 [ 384.518101][ T9585] ____sys_sendmsg+0x505/0x830 [ 384.518116][ T9585] ? __pfx_____sys_sendmsg+0x10/0x10 [ 384.518134][ T9585] ? import_iovec+0x74/0xa0 [ 384.518151][ T9585] ___sys_sendmsg+0x21f/0x2a0 [ 384.518165][ T9585] ? __pfx____sys_sendmsg+0x10/0x10 [ 384.518197][ T9585] ? __fget_files+0x2a/0x420 [ 384.518208][ T9585] ? __fget_files+0x3a0/0x420 [ 384.518225][ T9585] __x64_sys_sendmsg+0x19b/0x260 [ 384.518239][ T9585] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 384.518256][ T9585] ? __pfx_ksys_write+0x10/0x10 [ 384.518270][ T9585] ? rcu_is_watching+0x15/0xb0 [ 384.518290][ T9585] ? do_syscall_64+0xbe/0x3b0 [ 384.518309][ T9585] do_syscall_64+0xfa/0x3b0 [ 384.518325][ T9585] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.518340][ T9585] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.518352][ T9585] ? clear_bhb_loop+0x60/0xb0 [ 384.518366][ T9585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.518377][ T9585] RIP: 0033:0x7ff5f238e9a9 [ 384.518388][ T9585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.518398][ T9585] RSP: 002b:00007ff5f322c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 384.518414][ T9585] RAX: ffffffffffffffda RBX: 00007ff5f25b5fa0 RCX: 00007ff5f238e9a9 [ 384.518423][ T9585] RDX: 0000000004008050 RSI: 0000200000000200 RDI: 0000000000000003 [ 384.518431][ T9585] RBP: 00007ff5f322c090 R08: 0000000000000000 R09: 0000000000000000 [ 384.518438][ T9585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.518445][ T9585] R13: 0000000000000000 R14: 00007ff5f25b5fa0 R15: 00007ff5f26dfa28 [ 384.518463][ T9585] [ 385.050421][ T9589] FAULT_INJECTION: forcing a failure. [ 385.050421][ T9589] name failslab, interval 1, probability 0, space 0, times 0 [ 385.108341][ T9589] CPU: 1 UID: 0 PID: 9589 Comm: syz.2.1032 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 385.108372][ T9589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 385.108384][ T9589] Call Trace: [ 385.108393][ T9589] [ 385.108402][ T9589] dump_stack_lvl+0x189/0x250 [ 385.108429][ T9589] ? __pfx____ratelimit+0x10/0x10 [ 385.108457][ T9589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 385.108477][ T9589] ? __pfx__printk+0x10/0x10 [ 385.108498][ T9589] ? trace_contention_end+0x39/0x120 [ 385.108536][ T9589] should_fail_ex+0x414/0x560 [ 385.108572][ T9589] should_failslab+0xa8/0x100 [ 385.108593][ T9589] kmem_cache_alloc_noprof+0x73/0x3c0 [ 385.108620][ T9589] ? skb_clone+0x212/0x3a0 [ 385.108648][ T9589] skb_clone+0x212/0x3a0 [ 385.108673][ T9589] __netlink_deliver_tap+0x404/0x850 [ 385.108717][ T9589] ? netlink_deliver_tap+0x2e/0x1b0 [ 385.108757][ T9589] netlink_deliver_tap+0x19c/0x1b0 [ 385.108787][ T9589] netlink_dump+0x92b/0xe90 [ 385.108829][ T9589] ? __pfx_netlink_dump+0x10/0x10 [ 385.108879][ T9589] ? kmem_cache_free+0x18f/0x400 [ 385.108913][ T9589] netlink_recvmsg+0x676/0xa30 [ 385.108953][ T9589] ? __pfx_netlink_recvmsg+0x10/0x10 [ 385.108984][ T9589] ? __lock_acquire+0xab9/0xd20 [ 385.109008][ T9589] ? aa_sock_msg_perm+0x94/0x160 [ 385.109035][ T9589] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 385.109059][ T9589] ? __pfx_netlink_recvmsg+0x10/0x10 [ 385.109088][ T9589] sock_recvmsg_nosec+0x183/0x1c0 [ 385.109119][ T9589] ____sys_recvmsg+0x3aa/0x460 [ 385.109152][ T9589] ? __pfx_____sys_recvmsg+0x10/0x10 [ 385.109192][ T9589] ? import_iovec+0x74/0xa0 [ 385.109223][ T9589] ___sys_recvmsg+0x1b5/0x510 [ 385.109252][ T9589] ? __pfx____sys_recvmsg+0x10/0x10 [ 385.109311][ T9589] ? __might_fault+0xb0/0x130 [ 385.109343][ T9589] do_recvmmsg+0x307/0x770 [ 385.109381][ T9589] ? __pfx_do_recvmmsg+0x10/0x10 [ 385.109417][ T9589] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 385.109468][ T9589] __x64_sys_recvmmsg+0x190/0x240 [ 385.109494][ T9589] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 385.109513][ T9589] ? rcu_is_watching+0x15/0xb0 [ 385.109549][ T9589] ? do_syscall_64+0xbe/0x3b0 [ 385.109582][ T9589] do_syscall_64+0xfa/0x3b0 [ 385.109608][ T9589] ? lockdep_hardirqs_on+0x9c/0x150 [ 385.109635][ T9589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.109655][ T9589] ? clear_bhb_loop+0x60/0xb0 [ 385.109680][ T9589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.109699][ T9589] RIP: 0033:0x7f44ef78e9a9 [ 385.109717][ T9589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.109740][ T9589] RSP: 002b:00007f44f0617038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 385.109763][ T9589] RAX: ffffffffffffffda RBX: 00007f44ef9b5fa0 RCX: 00007f44ef78e9a9 [ 385.109777][ T9589] RDX: 0000000000000004 RSI: 0000200000002c00 RDI: 0000000000000003 [ 385.109790][ T9589] RBP: 00007f44f0617090 R08: 0000000000000000 R09: 0000000000000000 [ 385.109803][ T9589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.109815][ T9589] R13: 0000000000000000 R14: 00007f44ef9b5fa0 R15: 00007f44efadfa28 [ 385.109848][ T9589] [ 385.462369][ T9590] netlink: 'syz.1.1027': attribute type 4 has an invalid length. [ 386.229886][ T5923] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 386.398039][ T5923] usb 3-1: Using ep0 maxpacket: 16 [ 386.435749][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.474165][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.508311][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 386.573833][ T5923] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 386.644546][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1039'. [ 386.678756][ T9619] vlan2: entered allmulticast mode [ 386.726605][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.803084][ T5923] usb 3-1: config 0 descriptor?? [ 387.221511][ T9604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.233782][ T9604] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 387.379205][ T9604] syzkaller1: entered promiscuous mode [ 387.385453][ T9604] syzkaller1: entered allmulticast mode [ 387.404243][ T9622] vlan2: entered promiscuous mode [ 387.409793][ T9622] bond0: entered promiscuous mode [ 387.415499][ T9622] bond_slave_0: entered promiscuous mode [ 387.467592][ T9622] bond_slave_1: entered promiscuous mode [ 387.543356][ T5923] usbhid 3-1:0.0: can't add hid device: -71 [ 387.551231][ T5923] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 387.711600][ T5923] usb 3-1: USB disconnect, device number 50 [ 387.943894][ T9628] tipc: Enabled bearer , priority 0 [ 387.952057][ T9628] syzkaller0: entered promiscuous mode [ 387.957644][ T9628] syzkaller0: entered allmulticast mode [ 388.021175][ T9628] tipc: Resetting bearer [ 388.061668][ T9627] tipc: Resetting bearer [ 388.117848][ T9627] tipc: Disabling bearer [ 388.192875][ T9630] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1042'. [ 388.221547][ T9630] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1042'. [ 388.231865][ T6545] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.247386][ T6545] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.306869][ T6545] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.340220][ T6545] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 388.474377][ T30] audit: type=1326 audit(1753927704.014:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9637 comm="syz.3.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f238e9a9 code=0x7ffc0000 [ 388.535809][ T30] audit: type=1326 audit(1753927704.044:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9637 comm="syz.3.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7ff5f238e9a9 code=0x7ffc0000 [ 388.667449][ T30] audit: type=1326 audit(1753927704.044:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9637 comm="syz.3.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f238e9a9 code=0x7ffc0000 [ 388.733932][ T30] audit: type=1326 audit(1753927704.044:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9637 comm="syz.3.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f238e9a9 code=0x7ffc0000 [ 389.837672][ T9660] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 390.064772][ T9663] FAULT_INJECTION: forcing a failure. [ 390.064772][ T9663] name failslab, interval 1, probability 0, space 0, times 0 [ 390.122529][ T9663] CPU: 0 UID: 0 PID: 9663 Comm: syz.1.1054 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 390.122560][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 390.122571][ T9663] Call Trace: [ 390.122580][ T9663] [ 390.122590][ T9663] dump_stack_lvl+0x189/0x250 [ 390.122616][ T9663] ? __pfx____ratelimit+0x10/0x10 [ 390.122642][ T9663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 390.122658][ T9663] ? __pfx__printk+0x10/0x10 [ 390.122684][ T9663] ? __pfx___might_resched+0x10/0x10 [ 390.122712][ T9663] should_fail_ex+0x414/0x560 [ 390.122743][ T9663] should_failslab+0xa8/0x100 [ 390.122764][ T9663] __kmalloc_noprof+0xcb/0x4f0 [ 390.122789][ T9663] ? __kasan_kmalloc+0x93/0xb0 [ 390.122811][ T9663] ? nla_strdup+0x9d/0x140 [ 390.122936][ T9663] nla_strdup+0x9d/0x140 [ 390.122957][ T9663] nf_tables_newtable+0x491/0x1890 [ 390.122970][ T9663] ? __pfx_nfnetlink_has_listeners+0x1/0x10 [ 390.122998][ T9663] nfnetlink_rcv+0x112f/0x2520 [ 390.123041][ T9663] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 390.123067][ T9663] ? ref_tracker_free+0x63a/0x7d0 [ 390.123104][ T9663] ? __netlink_deliver_tap+0x807/0x850 [ 390.123122][ T9663] ? netlink_deliver_tap+0x2e/0x1b0 [ 390.123152][ T9663] netlink_unicast+0x82c/0x9e0 [ 390.123176][ T9663] ? __pfx_netlink_unicast+0x10/0x10 [ 390.123194][ T9663] ? netlink_sendmsg+0x642/0xb30 [ 390.123211][ T9663] ? skb_put+0x11b/0x210 [ 390.123226][ T9663] netlink_sendmsg+0x805/0xb30 [ 390.123251][ T9663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.123271][ T9663] ? aa_sock_msg_perm+0x94/0x160 [ 390.123287][ T9663] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 390.123302][ T9663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.123321][ T9663] __sock_sendmsg+0x21c/0x270 [ 390.123339][ T9663] ____sys_sendmsg+0x505/0x830 [ 390.123357][ T9663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 390.123376][ T9663] ? import_iovec+0x74/0xa0 [ 390.123395][ T9663] ___sys_sendmsg+0x21f/0x2a0 [ 390.123409][ T9663] ? __pfx____sys_sendmsg+0x10/0x10 [ 390.123446][ T9663] ? __fget_files+0x2a/0x420 [ 390.123458][ T9663] ? __fget_files+0x3a0/0x420 [ 390.123476][ T9663] __x64_sys_sendmsg+0x19b/0x260 [ 390.123490][ T9663] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 390.123509][ T9663] ? __pfx_ksys_write+0x10/0x10 [ 390.123523][ T9663] ? rcu_is_watching+0x15/0xb0 [ 390.123549][ T9663] ? do_syscall_64+0xbe/0x3b0 [ 390.123568][ T9663] do_syscall_64+0xfa/0x3b0 [ 390.123584][ T9663] ? lockdep_hardirqs_on+0x9c/0x150 [ 390.123600][ T9663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.123612][ T9663] ? clear_bhb_loop+0x60/0xb0 [ 390.123644][ T9663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.123656][ T9663] RIP: 0033:0x7f2a9ef8e9a9 [ 390.123670][ T9663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.123680][ T9663] RSP: 002b:00007f2a9feaf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 390.123694][ T9663] RAX: ffffffffffffffda RBX: 00007f2a9f1b5fa0 RCX: 00007f2a9ef8e9a9 [ 390.123703][ T9663] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 390.123711][ T9663] RBP: 00007f2a9feaf090 R08: 0000000000000000 R09: 0000000000000000 [ 390.123718][ T9663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 390.123725][ T9663] R13: 0000000000000000 R14: 00007f2a9f1b5fa0 R15: 00007f2a9f2dfa28 [ 390.123744][ T9663] [ 391.012482][ T9673] loop6: detected capacity change from 0 to 63 [ 391.021537][ T6011] buffer_io_error: 8 callbacks suppressed [ 391.021557][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read [ 391.039615][ T6011] Buffer I/O error on dev loop6, logical block 0, async page read [ 391.107491][ T9676] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 391.116161][ T6011] loop6: unable to read partition table [ 391.142624][ T9673] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 391.228703][ T9676] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 391.331317][ T9676] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 391.374697][ T9683] FAULT_INJECTION: forcing a failure. [ 391.374697][ T9683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.396689][ T9676] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 391.427200][ T9676] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 391.435867][ T9683] CPU: 1 UID: 0 PID: 9683 Comm: syz.1.1059 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 391.435888][ T9683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 391.435895][ T9683] Call Trace: [ 391.435903][ T9683] [ 391.435909][ T9683] dump_stack_lvl+0x189/0x250 [ 391.435926][ T9683] ? __pfx____ratelimit+0x10/0x10 [ 391.435943][ T9683] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.435955][ T9683] ? __pfx__printk+0x10/0x10 [ 391.435970][ T9683] ? __might_fault+0xb0/0x130 [ 391.435993][ T9683] should_fail_ex+0x414/0x560 [ 391.436018][ T9683] _copy_from_user+0x2d/0xb0 [ 391.436035][ T9683] snd_seq_oss_write+0x515/0x930 [ 391.436059][ T9683] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 391.436074][ T9683] ? common_file_perm+0x199/0x200 [ 391.436093][ T9683] ? security_file_permission+0x75/0x290 [ 391.436109][ T9683] odev_write+0x5a/0x80 [ 391.436120][ T9683] ? __pfx_odev_write+0x10/0x10 [ 391.436131][ T9683] vfs_write+0x27b/0xa90 [ 391.436153][ T9683] ? __pfx_vfs_write+0x10/0x10 [ 391.436170][ T9683] ? __fget_files+0x2a/0x420 [ 391.436184][ T9683] ? __fget_files+0x2a/0x420 [ 391.436194][ T9683] ? __fget_files+0x3a0/0x420 [ 391.436204][ T9683] ? __fget_files+0x2a/0x420 [ 391.436220][ T9683] ksys_write+0x145/0x250 [ 391.436238][ T9683] ? __pfx_ksys_write+0x10/0x10 [ 391.436252][ T9683] ? rcu_is_watching+0x15/0xb0 [ 391.436273][ T9683] ? do_syscall_64+0xbe/0x3b0 [ 391.436291][ T9683] do_syscall_64+0xfa/0x3b0 [ 391.436307][ T9683] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.436322][ T9683] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.436334][ T9683] ? clear_bhb_loop+0x60/0xb0 [ 391.436347][ T9683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.436358][ T9683] RIP: 0033:0x7f2a9ef8e9a9 [ 391.436370][ T9683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.436380][ T9683] RSP: 002b:00007f2a9feaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 391.436394][ T9683] RAX: ffffffffffffffda RBX: 00007f2a9f1b5fa0 RCX: 00007f2a9ef8e9a9 [ 391.436403][ T9683] RDX: 000000000000022c RSI: 00002000000007c0 RDI: 0000000000000004 [ 391.436410][ T9683] RBP: 00007f2a9feaf090 R08: 0000000000000000 R09: 0000000000000000 [ 391.436418][ T9683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.436425][ T9683] R13: 0000000000000000 R14: 00007f2a9f1b5fa0 R15: 00007f2a9f2dfa28 [ 391.436443][ T9683] [ 391.790128][ T9676] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 391.907768][ T9673] Buffer I/O error on dev loop6, logical block 0, async page read [ 392.005413][ T9673] ldm_validate_partition_table(): Disk read failed. [ 392.029219][ T9673] Dev loop6: unable to read RDB block 0 [ 392.035750][ T9673] loop6: unable to read partition table [ 392.057497][ T9673] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 392.065229][ T9687] binder: 9686:9687 ioctl 4018620d 0 returned -22 [ 392.370457][ T9694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1063'. [ 392.557444][ T5923] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 392.687363][ T5923] usb 3-1: device descriptor read/64, error -71 [ 392.927193][ T5923] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 393.098168][ T5923] usb 3-1: device descriptor read/64, error -71 [ 393.207561][ T5923] usb usb3-port1: attempt power cycle [ 393.706931][ T5923] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 393.796378][ T5923] usb 3-1: device descriptor read/8, error -71 [ 394.197306][ T5923] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 394.230903][ T5923] usb 3-1: device descriptor read/8, error -71 [ 394.357538][ T5923] usb usb3-port1: unable to enumerate USB device [ 394.707185][ T5923] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 394.896939][ T5923] usb 5-1: unable to get BOS descriptor or descriptor too short [ 394.905476][ T5923] usb 5-1: not running at top speed; connect to a high speed hub [ 394.915098][ T5923] usb 5-1: config 11 has an invalid interface number: 3 but max is 1 [ 394.924794][ T5923] usb 5-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config [ 394.940496][ T5923] usb 5-1: config 11 has 1 interface, different from the descriptor's value: 2 [ 394.950517][ T5923] usb 5-1: config 11 has no interface number 0 [ 394.967338][ T5923] usb 5-1: New USB device found, idVendor=0582, idProduct=0120, bcdDevice=9c.cd [ 394.980705][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.990215][ T5923] usb 5-1: Product: syz [ 394.994677][ T5923] usb 5-1: Manufacturer: syz [ 395.002265][ T5923] usb 5-1: SerialNumber: syz [ 395.336850][ T9730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1074'. [ 396.886302][ T9747] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1079'. [ 397.115756][ T9749] geneve2: entered promiscuous mode [ 397.136134][ T9749] geneve2: entered allmulticast mode [ 397.507370][ T5923] usb 5-1: USB disconnect, device number 35 [ 397.633910][ T30] audit: type=1800 audit(1753927713.174:436): pid=9758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1082" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 397.923571][ T9766] input: syz0 as /devices/virtual/input/input20 [ 398.067153][ T5923] usb 5-1: new full-speed USB device number 36 using dummy_hcd [ 398.277228][ T5923] usb 5-1: config 0 has no interfaces? [ 398.434764][ T5923] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 398.463162][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.491773][ T5923] usb 5-1: Product: syz [ 398.514899][ T5923] usb 5-1: Manufacturer: syz [ 398.535516][ T5923] usb 5-1: SerialNumber: syz [ 398.560469][ T5923] usb 5-1: config 0 descriptor?? [ 398.566739][ T9781] tipc: Enabling of bearer rejected, failed to enable media [ 398.843125][ T9786] FAULT_INJECTION: forcing a failure. [ 398.843125][ T9786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.893774][ T9760] program syz.4.1083 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 398.933265][ T9786] CPU: 0 UID: 0 PID: 9786 Comm: syz.1.1087 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 398.933307][ T9786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 398.933320][ T9786] Call Trace: [ 398.933328][ T9786] [ 398.933338][ T9786] dump_stack_lvl+0x189/0x250 [ 398.933365][ T9786] ? __pfx____ratelimit+0x10/0x10 [ 398.933403][ T9786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.933424][ T9786] ? __pfx__printk+0x10/0x10 [ 398.933449][ T9786] ? __might_fault+0xb0/0x130 [ 398.933488][ T9786] should_fail_ex+0x414/0x560 [ 398.933524][ T9786] _copy_from_user+0x2d/0xb0 [ 398.933551][ T9786] snd_seq_ioctl+0x1d8/0x420 [ 398.933582][ T9786] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 398.933635][ T9786] ? __fget_files+0x3a0/0x420 [ 398.933654][ T9786] ? __fget_files+0x2a/0x420 [ 398.933677][ T9786] ? bpf_lsm_file_ioctl+0x9/0x20 [ 398.933701][ T9786] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 398.933729][ T9786] __se_sys_ioctl+0xf9/0x170 [ 398.933758][ T9786] do_syscall_64+0xfa/0x3b0 [ 398.933784][ T9786] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.933810][ T9786] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.933830][ T9786] ? clear_bhb_loop+0x60/0xb0 [ 398.933881][ T9786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.933923][ T9786] RIP: 0033:0x7f2a9ef8e9a9 [ 398.933974][ T9786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.933999][ T9786] RSP: 002b:00007f2a9fe6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.934022][ T9786] RAX: ffffffffffffffda RBX: 00007f2a9f1b6160 RCX: 00007f2a9ef8e9a9 [ 398.934036][ T9786] RDX: 0000200000002380 RSI: 00000000c058534f RDI: 0000000000000005 [ 398.934049][ T9786] RBP: 00007f2a9fe6d090 R08: 0000000000000000 R09: 0000000000000000 [ 398.934062][ T9786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.934074][ T9786] R13: 0000000000000000 R14: 00007f2a9f1b6160 R15: 00007f2a9f2dfa28 [ 398.934106][ T9786] [ 401.576922][ T981] usb 5-1: USB disconnect, device number 36 [ 401.718780][ T9814] FAULT_INJECTION: forcing a failure. [ 401.718780][ T9814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 401.896969][ T9814] CPU: 0 UID: 0 PID: 9814 Comm: syz.4.1098 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 401.897004][ T9814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 401.897016][ T9814] Call Trace: [ 401.897024][ T9814] [ 401.897034][ T9814] dump_stack_lvl+0x189/0x250 [ 401.897059][ T9814] ? __pfx____ratelimit+0x10/0x10 [ 401.897083][ T9814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.897103][ T9814] ? __pfx__printk+0x10/0x10 [ 401.897126][ T9814] ? __might_fault+0xb0/0x130 [ 401.897167][ T9814] should_fail_ex+0x414/0x560 [ 401.897205][ T9814] _copy_from_user+0x2d/0xb0 [ 401.897227][ T9814] __sys_sendto+0x25c/0x520 [ 401.897252][ T9814] ? __pfx___sys_sendto+0x10/0x10 [ 401.897303][ T9814] ? fd_install+0x97/0x540 [ 401.897321][ T9814] ? fd_install+0x30d/0x540 [ 401.897345][ T9814] __x64_sys_sendto+0xde/0x100 [ 401.897375][ T9814] do_syscall_64+0xfa/0x3b0 [ 401.897401][ T9814] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.897424][ T9814] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.897443][ T9814] ? clear_bhb_loop+0x60/0xb0 [ 401.897466][ T9814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.897483][ T9814] RIP: 0033:0x7f7f96d9083c [ 401.897501][ T9814] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 401.897517][ T9814] RSP: 002b:00007f7f97c69e90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 401.897538][ T9814] RAX: ffffffffffffffda RBX: 00007f7f97c69fa0 RCX: 00007f7f96d9083c [ 401.897552][ T9814] RDX: 0000000000000028 RSI: 00007f7f97c69ff0 RDI: 0000000000000005 [ 401.897564][ T9814] RBP: 0000000000000000 R08: 00007f7f97c69ee4 R09: 000000000000000c [ 401.897577][ T9814] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 401.897590][ T9814] R13: 00007f7f97c69f38 R14: 00007f7f97c69ff0 R15: 0000000000000000 [ 401.897620][ T9814] [ 402.318456][ T9813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.784106][ T9822] dlm: no locking on control device [ 404.517784][ T9850] netlink: 'syz.3.1108': attribute type 1 has an invalid length. [ 404.577318][ T5839] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 404.791461][ T5839] usb 5-1: device descriptor read/64, error -71 [ 404.814960][ T9858] input: syz0 as /devices/virtual/input/input22 [ 404.919141][ T9862] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 404.930365][ T9862] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 405.157262][ T5839] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 405.297210][ T5839] usb 5-1: device descriptor read/64, error -71 [ 405.438362][ T5839] usb usb5-port1: attempt power cycle [ 405.797310][ T5839] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 405.822905][ T5839] usb 5-1: device descriptor read/8, error -71 [ 406.047117][ T5923] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 406.077204][ T5839] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 406.128083][ T5839] usb 5-1: device descriptor read/8, error -71 [ 406.227274][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 406.235944][ T5923] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 406.237745][ T5839] usb usb5-port1: unable to enumerate USB device [ 406.289615][ T5923] usb 3-1: config 0 has no interface number 0 [ 406.295918][ T5923] usb 3-1: config 0 interface 184 has no altsetting 0 [ 406.321847][ T5923] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 406.334913][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.353792][ T5923] usb 3-1: Product: syz [ 406.422089][ T5923] usb 3-1: Manufacturer: syz [ 406.439295][ T5923] usb 3-1: SerialNumber: syz [ 406.457598][ T5923] usb 3-1: config 0 descriptor?? [ 406.475500][ T5923] smsc75xx v1.0.0 [ 406.771034][ T9888] input: syz0 as /devices/virtual/input/input23 [ 406.920874][ T5923] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 406.956110][ T5923] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 406.988428][ T5923] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 407.021851][ T5923] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61 [ 407.541319][ T9900] FAULT_INJECTION: forcing a failure. [ 407.541319][ T9900] name failslab, interval 1, probability 0, space 0, times 0 [ 407.561168][ T9900] CPU: 1 UID: 0 PID: 9900 Comm: syz.4.1128 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 407.561199][ T9900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.561211][ T9900] Call Trace: [ 407.561219][ T9900] [ 407.561229][ T9900] dump_stack_lvl+0x189/0x250 [ 407.561256][ T9900] ? __pfx____ratelimit+0x10/0x10 [ 407.561285][ T9900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 407.561305][ T9900] ? __pfx__printk+0x10/0x10 [ 407.561336][ T9900] ? __pfx___might_resched+0x10/0x10 [ 407.561364][ T9900] ? fs_reclaim_acquire+0x7d/0x100 [ 407.561391][ T9900] should_fail_ex+0x414/0x560 [ 407.561427][ T9900] should_failslab+0xa8/0x100 [ 407.561448][ T9900] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 407.561476][ T9900] ? __alloc_skb+0x112/0x2d0 [ 407.561510][ T9900] __alloc_skb+0x112/0x2d0 [ 407.561543][ T9900] netlink_ack+0x146/0xa50 [ 407.561592][ T9900] netlink_rcv_skb+0x28c/0x470 [ 407.561619][ T9900] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 407.561657][ T9900] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 407.561698][ T9900] ? bpf_lsm_capable+0x9/0x20 [ 407.561724][ T9900] ? security_capable+0x7e/0x2e0 [ 407.561757][ T9900] nfnetlink_rcv+0x26a/0x2520 [ 407.561787][ T9900] ? __dev_queue_xmit+0x1d79/0x3b50 [ 407.561821][ T9900] ? __dev_queue_xmit+0x27b/0x3b50 [ 407.561858][ T9900] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 407.561883][ T9900] ? __pfx___dev_queue_xmit+0x10/0x10 [ 407.561924][ T9900] ? ref_tracker_free+0x63a/0x7d0 [ 407.561945][ T9900] ? __asan_memcpy+0x40/0x70 [ 407.561967][ T9900] ? __pfx_ref_tracker_free+0x10/0x10 [ 407.561983][ T9900] ? __skb_clone+0x63/0x7a0 [ 407.562007][ T9900] ? __skb_clone+0x483/0x7a0 [ 407.562035][ T9900] ? skb_clone+0x246/0x3a0 [ 407.562060][ T9900] ? __netlink_deliver_tap+0x807/0x850 [ 407.562084][ T9900] ? netlink_deliver_tap+0x2e/0x1b0 [ 407.562117][ T9900] ? netlink_deliver_tap+0x2e/0x1b0 [ 407.562153][ T9900] netlink_unicast+0x82c/0x9e0 [ 407.562189][ T9900] ? __pfx_netlink_unicast+0x10/0x10 [ 407.562227][ T9900] ? netlink_sendmsg+0x642/0xb30 [ 407.562251][ T9900] ? skb_put+0x11b/0x210 [ 407.562274][ T9900] netlink_sendmsg+0x805/0xb30 [ 407.562309][ T9900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 407.562339][ T9900] ? aa_sock_msg_perm+0x94/0x160 [ 407.562363][ T9900] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 407.562383][ T9900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 407.562410][ T9900] __sock_sendmsg+0x21c/0x270 [ 407.562439][ T9900] ____sys_sendmsg+0x505/0x830 [ 407.562465][ T9900] ? __pfx_____sys_sendmsg+0x10/0x10 [ 407.562495][ T9900] ? import_iovec+0x74/0xa0 [ 407.562526][ T9900] ___sys_sendmsg+0x21f/0x2a0 [ 407.562547][ T9900] ? __pfx____sys_sendmsg+0x10/0x10 [ 407.562605][ T9900] ? __fget_files+0x2a/0x420 [ 407.562624][ T9900] ? __fget_files+0x3a0/0x420 [ 407.562663][ T9900] __x64_sys_sendmsg+0x19b/0x260 [ 407.562686][ T9900] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 407.562716][ T9900] ? __pfx_ksys_write+0x10/0x10 [ 407.562739][ T9900] ? rcu_is_watching+0x15/0xb0 [ 407.562771][ T9900] ? do_syscall_64+0xbe/0x3b0 [ 407.562804][ T9900] do_syscall_64+0xfa/0x3b0 [ 407.562829][ T9900] ? lockdep_hardirqs_on+0x9c/0x150 [ 407.562856][ T9900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.562875][ T9900] ? clear_bhb_loop+0x60/0xb0 [ 407.562898][ T9900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.562915][ T9900] RIP: 0033:0x7f7f96d8e9a9 [ 407.562933][ T9900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.562949][ T9900] RSP: 002b:00007f7f97c6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 407.562970][ T9900] RAX: ffffffffffffffda RBX: 00007f7f96fb5fa0 RCX: 00007f7f96d8e9a9 [ 407.562985][ T9900] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000003 [ 407.562998][ T9900] RBP: 00007f7f97c6b090 R08: 0000000000000000 R09: 0000000000000000 [ 407.563011][ T9900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.563022][ T9900] R13: 0000000000000000 R14: 00007f7f96fb5fa0 R15: 00007f7f970dfa28 [ 407.563051][ T9900] [ 408.285903][ T9908] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1129'. [ 408.321984][ T9908] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1129'. [ 408.662503][ T5923] usb 3-1: USB disconnect, device number 55 [ 408.958083][ T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds. [ 408.965706][ T31] Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 [ 408.973209][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 408.981978][ T31] task:kworker/1:0 state:D stack:21272 pid:24 tgid:24 ppid:2 task_flags:0x4288060 flags:0x00004000 [ 408.994871][ T31] Workqueue: usb_hub_wq hub_event [ 409.000212][ T31] Call Trace: [ 409.003990][ T31] [ 409.011630][ T31] __schedule+0x1737/0x4d30 [ 409.016359][ T31] ? check_path+0x21/0x40 [ 409.020808][ T31] ? schedule+0x165/0x360 [ 409.025358][ T31] ? __lock_acquire+0xab9/0xd20 [ 409.030412][ T31] ? __pfx___schedule+0x10/0x10 [ 409.035329][ T31] ? schedule+0x91/0x360 [ 409.045514][ T31] schedule+0x165/0x360 [ 409.049894][ T31] schedule_timeout+0x9a/0x270 [ 409.054808][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 409.060511][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 409.065764][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 409.071048][ T31] ? wait_for_completion+0x267/0x5d0 [ 409.076468][ T31] wait_for_completion+0x2bf/0x5d0 [ 409.081678][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 409.342799][ T31] i2c_del_adapter+0x581/0x6e0 [ 409.348344][ T31] ? __pfx_i2c_del_adapter+0x10/0x10 [ 409.353988][ T31] ? rcu_is_watching+0x15/0xb0 [ 409.359640][ T31] ? dvb_usb_adapter_exit+0xd7/0x240 [ 409.365272][ T31] dvb_usb_i2c_exit+0x64/0xb0 [ 409.370793][ T31] dvb_usb_device_exit+0x1be/0x350 [ 409.376238][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 409.382259][ T31] ? __pfx_dvb_usb_device_exit+0x10/0x10 [ 409.751083][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 409.851165][ T31] ? usb_disable_interface+0x31d/0x350 [ 409.861402][ T31] usb_unbind_interface+0x26e/0x910 [ 409.869207][ T31] ? __pfx_usb_unbind_interface+0x10/0x10 [ 409.875544][ T31] device_release_driver_internal+0x4d9/0x800 [ 409.883571][ T31] bus_remove_device+0x34d/0x410 [ 409.896039][ T31] device_del+0x511/0x8e0 [ 409.906431][ T31] ? __pfx_device_del+0x10/0x10 [ 410.011956][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 410.020600][ T31] usb_disable_device+0x3e9/0x8a0 [ 410.029753][ T31] usb_disconnect+0x330/0x950 [ 410.049470][ T31] hub_event+0x1cf5/0x4a20 [ 410.067890][ T31] ? do_raw_spin_lock+0x121/0x290 [ 410.093769][ T31] ? register_lock_class+0x51/0x320 [ 410.113577][ T31] ? __pfx_hub_event+0x10/0x10 [ 410.141792][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 410.159237][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 410.165987][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 410.183574][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 410.202774][ T31] process_scheduled_works+0xade/0x17b0 [ 410.232474][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 410.239354][ T31] worker_thread+0x8a0/0xda0 [ 410.244399][ T31] kthread+0x711/0x8a0 [ 410.248996][ T31] ? __pfx_worker_thread+0x10/0x10 [ 410.263126][ T31] ? __pfx_kthread+0x10/0x10 [ 410.268970][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 410.274312][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.281289][ T31] ? __pfx_kthread+0x10/0x10 [ 410.332454][ T31] ret_from_fork+0x3fc/0x770 [ 410.337682][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 410.343245][ T31] ? __switch_to_asm+0x39/0x70 [ 410.351450][ T31] ? __switch_to_asm+0x33/0x70 [ 410.361173][ T31] ? __pfx_kthread+0x10/0x10 [ 410.381975][ T31] ret_from_fork_asm+0x1a/0x30 [ 410.388911][ T31] [ 410.393455][ T31] [ 410.393455][ T31] Showing all locks held in the system: [ 410.463531][ T31] 5 locks held by kworker/1:0/24: [ 410.487371][ T31] #0: ffff888144e81948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 410.520780][ T31] #1: ffffc900001e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 410.553543][ T31] #2: ffff8881453af198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20 [ 410.585456][ T31] #3: ffff88807c2bb198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950 [ 410.612270][ T31] #4: ffff88807a79f160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800 [ 410.623903][ T31] 1 lock held by khungtaskd/31: [ 410.633225][ T31] #0: ffffffff8e13c5a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 410.663067][ T31] 2 locks held by getty/5594: [ 410.668094][ T31] #0: ffff88814db870a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 410.678175][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 410.688737][ T31] 4 locks held by udevd/5889: [ 410.694498][ T31] #0: ffff8880757ab790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 410.706185][ T31] #1: ffff88805559f088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 410.719991][ T31] #2: ffff888056d9dc38 (kn->active#27){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 410.731333][ T31] #3: ffff88807c2bb198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 410.745567][ T31] 2 locks held by syz.2.1134/9927: [ 410.753230][ T31] [ 410.755648][ T31] ============================================= [ 410.755648][ T31] [ 410.766333][ T31] NMI backtrace for cpu 0 [ 410.766348][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 410.766362][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 410.766370][ T31] Call Trace: [ 410.766375][ T31] [ 410.766381][ T31] dump_stack_lvl+0x189/0x250 [ 410.766400][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.766412][ T31] ? __pfx__printk+0x10/0x10 [ 410.766432][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 410.766448][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 410.766462][ T31] ? __pfx__printk+0x10/0x10 [ 410.766478][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 410.766495][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 410.766510][ T31] watchdog+0xf93/0xfe0 [ 410.766529][ T31] ? watchdog+0x1de/0xfe0 [ 410.766552][ T31] kthread+0x711/0x8a0 [ 410.766567][ T31] ? __pfx_watchdog+0x10/0x10 [ 410.766581][ T31] ? __pfx_kthread+0x10/0x10 [ 410.766594][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 410.766609][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.766623][ T31] ? __pfx_kthread+0x10/0x10 [ 410.766636][ T31] ret_from_fork+0x3fc/0x770 [ 410.766654][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 410.766673][ T31] ? __switch_to_asm+0x39/0x70 [ 410.766685][ T31] ? __switch_to_asm+0x33/0x70 [ 410.766696][ T31] ? __pfx_kthread+0x10/0x10 [ 410.766709][ T31] ret_from_fork_asm+0x1a/0x30 [ 410.766729][ T31] [ 410.766734][ T31] Sending NMI from CPU 0 to CPUs 1: [ 410.919558][ C1] NMI backtrace for cpu 1 [ 410.919578][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 410.919598][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 410.919607][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 410.919634][ C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 5f 18 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 410.919648][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2 [ 410.919665][ C1] RAX: 44758119802b7000 RBX: ffffffff81969b38 RCX: 44758119802b7000 [ 410.919677][ C1] RDX: 0000000000000001 RSI: ffffffff8d979737 RDI: ffffffff8be30a80 [ 410.919689][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 410.919700][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa08df0 [ 410.919713][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d6b40 [ 410.919724][ C1] FS: 0000000000000000(0000) GS:ffff888125d7e000(0000) knlGS:0000000000000000 [ 410.919737][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 410.919749][ C1] CR2: 0000200000400000 CR3: 000000002e2e0000 CR4: 00000000003526f0 [ 410.919767][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 410.919777][ C1] DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 410.919787][ C1] Call Trace: [ 410.919797][ C1] [ 410.919812][ C1] default_idle+0x13/0x20 [ 410.919828][ C1] default_idle_call+0x74/0xb0 [ 410.919844][ C1] do_idle+0x1e8/0x510 [ 410.919870][ C1] ? __pfx_do_idle+0x10/0x10 [ 410.919896][ C1] ? do_idle+0xc/0x510 [ 410.919916][ C1] cpu_startup_entry+0x44/0x60 [ 410.919937][ C1] start_secondary+0x101/0x110 [ 410.919957][ C1] common_startup_64+0x13e/0x147 [ 410.919982][ C1] [ 411.005391][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 411.005413][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(full) [ 411.005435][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 411.005447][ T31] Call Trace: [ 411.005456][ T31] [ 411.005466][ T31] dump_stack_lvl+0x99/0x250 [ 411.005491][ T31] ? __asan_memcpy+0x40/0x70 [ 411.005514][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.005533][ T31] ? __pfx__printk+0x10/0x10 [ 411.005567][ T31] panic+0x2db/0x790 [ 411.005590][ T31] ? __pfx_panic+0x10/0x10 [ 411.005609][ T31] ? __pfx___x2apic_send_IPI_mask+0x10/0x10 [ 411.005640][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 411.005669][ T31] watchdog+0xfd2/0xfe0 [ 411.005697][ T31] ? watchdog+0x1de/0xfe0 [ 411.005725][ T31] kthread+0x711/0x8a0 [ 411.005750][ T31] ? __pfx_watchdog+0x10/0x10 [ 411.005771][ T31] ? __pfx_kthread+0x10/0x10 [ 411.005793][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 411.005816][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.005846][ T31] ? __pfx_kthread+0x10/0x10 [ 411.005867][ T31] ret_from_fork+0x3fc/0x770 [ 411.005894][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 411.005925][ T31] ? __switch_to_asm+0x39/0x70 [ 411.005944][ T31] ? __switch_to_asm+0x33/0x70 [ 411.005962][ T31] ? __pfx_kthread+0x10/0x10 [ 411.005983][ T31] ret_from_fork_asm+0x1a/0x30 [ 411.006015][ T31] [ 411.015017][ T31] Kernel Offset: disabled