last executing test programs: 3m58.398238381s ago: executing program 2 (id=1403): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000240)}, 0x80000010}], 0x4, 0x122, 0x0) 3m58.29666502s ago: executing program 2 (id=1404): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x30) 3m58.190705586s ago: executing program 2 (id=1405): r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0xa5df, 0x50380) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x10001, 0x7, 0x7, 0x2, 0x9, 0x0, [{0x5c5, 0x0, 0x4, '\x00', 0x9}, {0x2, 0x1, 0xffff, '\x00', 0xe80}, {0x9cb6, 0x4b26, 0x9, '\x00', 0x2480}, {0x80000001, 0x5, 0x2, '\x00', 0x806}, {0x7, 0x1, 0x0, '\x00', 0xe04}, {0xa89f, 0x100000000, 0x0, '\x00', 0x80}, {0x2, 0x7fffffff, 0x1, '\x00', 0x300}, {0x9d47, 0x4, 0x1, '\x00', 0x1}, {0x1c97, 0x9, 0x4, '\x00', 0x3208}]}) r1 = openat(r0, &(0x7f0000000340)='./cgroup\x00', 0x0, 0x111) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000380)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0) 3m58.174154367s ago: executing program 2 (id=1406): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7ffd}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}, 0x1, 0x0, 0x0, 0x24004081}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305829, 0x0) r2 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000580)={0x0, 0x50565559, 0x640, 0x4b0, 0x0, @stepwise={{0x9, 0x1}, {0xf7ffffff}}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_DIRTYFB(r5, 0xc01864b1, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00') listen(r4, 0x0) ioctl$sock_TIOCINQ(r3, 0x541b, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x4, 0x6, 0x0, 0x81, 0x333fdddb9fae5ea1, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x8000, 0x10, 0xfffffff8, 0x40}}) r9 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMGETDEVINFO(r9, 0x80044944, &(0x7f0000000280)={0x7fffffff}) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x1d, r8}, 0x10, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="06000000140400000700000000000000", @ANYRES64=r8, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYBLOB="e554f766eb00000002000080080300008c248fc516862fc5"], 0x48}, 0x1, 0x0, 0x0, 0x4041000}, 0x20004) 3m58.10009311s ago: executing program 2 (id=1407): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x1100, 0x20, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x61, 0x0, 0x0, 0x2f, 0x0, @empty, @private}}}}) 3m57.910860294s ago: executing program 2 (id=1409): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="040027bd6f00fcdbdf250210000008000800e000000206000a004e220000"], 0x24}, 0x1, 0x0, 0x0, 0x80000}, 0x40020) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000080)={0x1, 0x0, 0x2, &(0x7f0000000040)={0x0, "382e6e21119a6aa44c408088742b68394c1b283bf2b43ff3374bbfb96033882324"}}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r3, 0x1, 0x22, &(0x7f0000000180)=0x38, 0x4) 3m57.356439005s ago: executing program 32 (id=1409): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="040027bd6f00fcdbdf250210000008000800e000000206000a004e220000"], 0x24}, 0x1, 0x0, 0x0, 0x80000}, 0x40020) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000080)={0x1, 0x0, 0x2, &(0x7f0000000040)={0x0, "382e6e21119a6aa44c408088742b68394c1b283bf2b43ff3374bbfb96033882324"}}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r3, 0x1, 0x22, &(0x7f0000000180)=0x38, 0x4) 2m39.626492435s ago: executing program 3 (id=1618): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000580)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x20000000) (fail_nth: 8) 2m38.282809296s ago: executing program 3 (id=1624): sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000840)={0x20, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x4}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x4000004) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000900)={'syztnl1\x00', &(0x7f0000000840)={'tunl0\x00', 0x0, 0x40, 0x1, 0x4, 0xa926, {{0x28, 0x4, 0x1, 0x4, 0xa0, 0x67, 0x0, 0x2, 0x2f, 0x0, @private=0xa010102, @broadcast, {[@end, @cipso={0x86, 0x1c, 0x0, [{0x7, 0x4, "60c2"}, {0x6, 0xb, "edfebc63b9994356cb"}, {0x1, 0x7, "b8318a2392"}]}, @ssrr={0x89, 0xf, 0xf5, [@empty, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_prespec={0x44, 0x1c, 0x44, 0x3, 0x0, [{@remote, 0xf6f}, {@remote, 0x300}, {@multicast1, 0x1}]}, @timestamp_addr={0x44, 0x44, 0x3c, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x80000001}, {@rand_addr=0x64010100, 0x8}, {@private=0xa010101, 0x7fff}, {@dev={0xac, 0x14, 0x14, 0xa}, 0x3}, {@empty, 0x9a}, {@local, 0x9}, {@private=0xa010102}, {@multicast2, 0x3}]}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'vxcan0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000a00)={'ip6tnl0\x00', &(0x7f0000000980)={'ip6_vti0\x00', 0x0, 0x2f, 0x6, 0x8, 0x7731, 0x30, @private0, @local, 0x20, 0x1, 0x7f, 0x1ff}}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', 0x0}) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0xe, r5, 0x39}, 0x10) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000a40)={@rand_addr, @dev, 0x0}, &(0x7f0000000a80)=0xc) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b40)={'syztnl0\x00', &(0x7f0000000ac0)={'syztnl2\x00', 0x0, 0x4, 0x3, 0x0, 0x0, 0x20, @private0, @mcast2, 0x20, 0x700, 0x9, 0x610a1bb6}}) r8 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r8, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r10}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000c00)={'ip6tnl0\x00', &(0x7f0000000b80)={'ip6_vti0\x00', 0x0, 0x4, 0x7, 0x6, 0x6, 0x42, @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20, 0x20, 0x3, 0x1000}}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000e00)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x17c, 0x0, 0x600, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x44000}, 0x50000) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r12, &(0x7f0000000100)={0x0, 0x9, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r13, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r15 = socket$nl_generic(0x10, 0x3, 0x10) r16 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r15, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r16, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x49}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x4}]}, 0x3c}}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x35, 0xc6, 0xd, 0x10, 0x6f8, 0x1, 0x7d3b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x95, 0x0, 0x2, 0x48, 0xbd, 0x8, 0x0, [], [{{0x9, 0x5, 0x6, 0x10, 0x200, 0x6, 0x4, 0x9}}, {{0x9, 0x5, 0xb, 0x4, 0x400, 0x10, 0x4, 0x24}}]}}]}}]}}, 0x0) sendmsg$NL80211_CMD_START_AP(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0xf4, r13, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x37, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7ff, 0x1, @void, @void, @val={0x3, 0x1, 0x3}, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa706}}, @val={0x6, 0x2, 0x6}, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_BEACON_TAIL={0x88, 0xf, [@random={0x1, 0x82, "baf7a750654c42aef847e6d410aa3fb66ecc860c4696a377ad611c103e7fcf858650ec50863609f55ddee251072d02b6a7f03a6d61ee618f5efe2f7ff585d9ccaa6ef9c6f48c38f0792664da7bcb82532f722093d07aac081a582e6c7886c56e0b88e21e2960aa5cea4682ce342c3212979b86a7647290ff33f00d9946d6b17e1a24"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xf4}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x94, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x0, 0x1, {0x9, 0x21, 0x4, 0xc, 0x1, {0x22, 0x5c4}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x4a, 0x81, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x81, 0x7, 0x7d}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x300, 0x5, 0x6, 0x0, 0x0, 0xda}, 0x1e2, &(0x7f0000000280)={0x5, 0xf, 0x1e2, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0xfff, 0xf, 0x6, [0x0, 0x3f00]}, @generic={0xb1, 0x10, 0x4, "1e61e86d8f5b5b083d115a7b792f082e6c77a69a34c0a43e60464d7481c2654c08781eea209920f94645c47318b84b56242f873102ec8340d38821734c2d84bfdac799558317b8560fc10d855e871d821dd4203cc49ea00be1998f87fec4f959daaf77a152e83d22bf380543e78e5b74f568f53b3d2dd25311a8ea547e3349e592da42c3fa1a75662c3fa5dc9957e57b25454240cbc630afb5c283505ec926a1ec4dba0b8415d83eeb7167dfcf77"}, @generic={0xd0, 0x10, 0xa, "73f932ba0744daa32177ac940cb0b7c49440a68b375523e8596429d02df92499d8524789f658f5139974f159dc484b578a7e64ea9d3ec1d59024eb8a66bd5f884c1c1a1a0d0489a98a9bbaac0fb2162d2e97a7d344a29beaa64f6652f4e2d2e62861521ab0c01c35b21136fe96efd0ea6ba5d12989bd9fe44ec7fc9a01ba1daa00c6c893ac637708a68241f3bfb53d544ec0b8fb5120d03e414715983fc5ab8b16a15fdd2f670404a0cafa9724e41a08d8c80983f81c136a247193b6b6effd5e7f2587a5985e5871910e6bad6a"}, @ssp_cap={0x24, 0x10, 0xa, 0x7b, 0x6, 0x7ffffff, 0x0, 0x4, [0x0, 0xc030, 0x3f00, 0xff0000, 0xc0, 0xffc0c0]}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "db67618e47a44d4cf8a0da4789670e72"}, @ssp_cap={0x10, 0x10, 0xa, 0x4, 0x1, 0x7, 0x0, 0xb, [0xffff30]}]}, 0x5, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x4001}}, {0x2c, &(0x7f00000004c0)=@string={0x2c, 0x3, "fb4cd1ce7d497bdbc98154e92b8f9b5a8f29472180cb9e04551ca0c8d9d96bf6ad2da6f5d251c86ff7e3"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0xfcff}}, {0xc0, &(0x7f0000000640)=@string={0xc0, 0x3, "99d3490671a79bf4ace0504011103e69057960a9fe05ce20079453b3ba58a8970d320c41a13159a4bf47380e57f879de79b62ceab2a1d7881e58c66b4c19b017a4c8b63df3de6d13e987b2a1b399387e8866401a303adf01558bc4a79c7d7f8c43552ee02bcc3d58dddd92395630d2be239ed80f861fed4f0cbd142612fb1c33c2dd47fa6bb9442e9e993f303717673f11ee2a2044dea5f250ce8dcdec81e6a3dd1bff8ccba7d939e63e2d3ed76e747c96c8f77e03da56e12abece4c1463"}}, {0x7a, &(0x7f0000000700)=@string={0x7a, 0x3, "a558bed46d0526fae222e0b7820b97252999c5f138fb5f208433a2f5b7d7aea4acf67a798303e2e3e485813d341a40905d3165ec1f6357d0e14b6b67ca6276b3f95da0fb3422bfe22170e39ed9a2358df61523bec82343872384b4ac290f54dfb29de1d8b54968e76e637a75de491e680bd7900143106419"}}]}) 2m36.039881447s ago: executing program 3 (id=1633): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{}, {r1, r2+10000000}}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001"], 0x1c}}, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) rt_sigtimedwait(&(0x7f0000000100)={[0x6]}, &(0x7f0000000140), &(0x7f0000000200)={r4, r5+10000000}, 0x8) pipe(&(0x7f0000000000)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000180)=[{&(0x7f0000000080)="4af3c21c0b", 0x5}], 0x1, 0x0) ioctl$HIDIOCSFEATURE(r6, 0xc0404806, &(0x7f0000000300)="3c7daf1cc8ef085ceacec2f394c945713b28b0d779b15126260e48595bc3736809a3ad22a78e044f28f0738becfab3c5e0a23bb2db32e1ccb7d8dd23f23df74c1edb9c323f4c72dc60be81f23eaea866a86d3f05bf4241e136abffa6ad443d4b366587e2e21e9bad964bdf369aacbd1ce9f06dd4eb818d613077ad060b548767b8df7003b7564d8c7a071621b568") r7 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x4010, r7, 0x1000) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r7, 0x0, 0x82, &(0x7f0000000240)={'nat\x00', 0x0, 0x0, 0x0, [0xffffffffffffffff, 0x1, 0x7496bec8, 0x50, 0xa, 0x4]}, &(0x7f00000002c0)=0x78) socket$inet_tcp(0x2, 0x1, 0x0) r9 = dup(r8) write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) 2m34.829610673s ago: executing program 3 (id=1635): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000340)={0x1, 0x0, 0x3, 0x0, 0x2}) clock_gettime(0x0, &(0x7f0000000000)) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000140)={0x8, r0, 'id0\x00'}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@fd={0x5, 0x2, 0x4, 0x400, 0x146, {r1, r2/1000+10000}, {0x2, 0x2, 0x8, 0x1, 0xb0, 0xee, "8ab3b919"}, 0x5, 0x4, {}, 0x9, 0x0, r3}) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r4, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) write$tun(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000000111ff00000000000000000000000000000000ff0200000000000000000000000000014f194e20"], 0x4b) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@mmap={0x1, 0x2, 0x4, 0x8, 0x81, {0x0, 0x2710}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "10db3fa0"}, 0x5}) 2m34.270373355s ago: executing program 3 (id=1637): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f00000006c0)=""/229, 0xe5}, {&(0x7f0000000580)=""/94, 0x5e}, {&(0x7f0000000040)=""/103, 0x67}, {&(0x7f00000000c0)=""/137, 0x89}], 0x6}, 0x80000010}], 0x4, 0x122, 0x0) 2m33.750082226s ago: executing program 3 (id=1639): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x6d42, 0x22) writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x20000}], 0x1) 2m18.626193856s ago: executing program 33 (id=1639): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x6d42, 0x22) writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x20000}], 0x1) 12.869036553s ago: executing program 0 (id=2079): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r2, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)="886a572b", 0x4}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="98000000000000002900000004"], 0x98}}], 0x2, 0x1004) r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x402, @loopback}], 0x1c) sendto$inet6(r4, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x7f, @empty, 0x2}}, 0x3, 0x0, 0x9, 0x386, 0xd8, 0x2, 0x6}, &(0x7f0000000080)=0x9c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) sendmsg$can_bcm(r5, &(0x7f00000004c0)={&(0x7f0000000300)={0x1d, r6}, 0x10, &(0x7f00000003c0)={&(0x7f0000000440)={0x2, 0x0, 0x400, {0x77359400}, {r7, r8/1000+10000}, {0x1}, 0x1, @canfd={{0x2, 0x1, 0x1, 0x1}, 0x31, 0x0, 0x0, 0x0, "470329b9971dd5d60d6a7f0fdb5471e957f5700e5ccfe31126cae89b86f36542c4123dabb7752b5ab60cf8df0f1d961d5d0d5f70f99641724a68ba01678e9c6f"}}, 0x80}, 0x1, 0x0, 0x0, 0x20040000}, 0x24000881) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 11.898230743s ago: executing program 1 (id=2081): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) r2 = landlock_create_ruleset(&(0x7f00000000c0)={0x5140, 0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) r4 = socket$unix(0x1, 0x2, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x7000000) accept4$nfc_llcp(r5, &(0x7f0000000180), &(0x7f0000000080)=0x60, 0x80000) socket$inet(0x2, 0x0, 0x9) bind$unix(r4, &(0x7f0000003000)=@file={0x1}, 0x6e) r6 = landlock_create_ruleset(&(0x7f0000000000)={0x1, 0x2, 0x1}, 0x18, 0x0) landlock_restrict_self(r6, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1}, 0x6e) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) 11.459373487s ago: executing program 4 (id=2082): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x6, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$kcm(0x2d, 0x2, 0x0) (async) r1 = socket$kcm(0x2d, 0x2, 0x0) r2 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000380)={r1}) bind$xdp(r3, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xa}, 0x10) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 11.322575408s ago: executing program 0 (id=2083): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000009800)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3ff}, 0x4}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f00000032c0)=""/219, 0xdb}, {&(0x7f00000033c0)=""/231, 0xe7}, {&(0x7f00000034c0)=""/211, 0xd3}, {&(0x7f0000000000)=""/87, 0x57}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000680)=""/148, 0x94}, {&(0x7f0000000780)=""/83, 0x53}], 0x9}, 0x81}], 0x3, 0x2100, 0x0) 11.289868014s ago: executing program 5 (id=2084): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x33, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb601288763608646667011"], 0xffdd) r4 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1e) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f00000001c0)={0x1c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2000}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x24000000) ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f00000001c0)={0x980000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000100)={0x1, 0x3, [@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}]}) 10.934888362s ago: executing program 0 (id=2085): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/consoles\x00', 0x0, 0x0) read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc) (async) preadv(r0, &(0x7f0000001300)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x0, 0x0) read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) (async) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) 10.90958219s ago: executing program 1 (id=2086): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0) (fail_nth: 1) 10.081881731s ago: executing program 0 (id=2087): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0) 9.946486221s ago: executing program 1 (id=2088): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f00007b2000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0xf9ed000) r3 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) write(r3, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r4) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1c, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) write$6lowpan_enable(r2, &(0x7f0000000100)='0', 0x1) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r7, &(0x7f0000000a80)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_RELBIT(r7, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x2) ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r7, 0x5501) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) 9.879028623s ago: executing program 4 (id=2089): io_setup(0x8, &(0x7f0000000000)=0x0) r1 = eventfd2(0x0, 0x80001) io_submit(r0, 0x2, &(0x7f00000005c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000280)="d1f7624a630e53c3", 0x8, 0x2, 0x0, 0x0, r1}, 0x0]) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="3c0002"], 0x58}, 0x1, 0x0, 0x0, 0x24004000}, 0x24040840) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10) socket$packet(0x11, 0x3, 0x300) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000780)={&(0x7f0000000680)=""/252, 0x31f000, 0x800, 0x0, 0x3}, 0x20) setsockopt$sock_int(r5, 0x1, 0x29, &(0x7f00000000c0)=0x401, 0x4) r7 = syz_open_dev$vcsa(&(0x7f0000000140), 0xfd, 0x140) ioctl$TCSETSW(r7, 0x5403, &(0x7f00000001c0)={0x1, 0x9, 0x6, 0x1, 0x17, "c0521da3e841a6b55a733b45774b9ddc99b0bb"}) sendto$inet(r5, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r5, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000980)={'wg2\x00', 0x0}) r11 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000100)={0xf000, 0x117800}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, &(0x7f0000000080)={0xdddd1000, 0x0, 0x1}) sendto$packet(r9, &(0x7f0000000180)="0b031407e0ff640f0200475400f6a13bb1000e00080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x12, r10}, 0x14) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x10) 9.839373786s ago: executing program 0 (id=2090): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a8090902"], 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_usb_connect$hid(0x5, 0x3f, 0x0, 0x0) syz_usb_control_io(r5, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, 0x0, 0x0) write(r6, 0x0, 0x0) recvmmsg$unix(r6, 0x0, 0x0, 0x2, 0x0) sendmsg$NFT_MSG_GETRULE(r4, 0x0, 0x0) r7 = syz_open_procfs(0x0, 0x0) preadv(r7, 0x0, 0x0, 0x2000000, 0x0) sendmsg$WG_CMD_SET_DEVICE(r3, 0x0, 0x20000040) memfd_secret(0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000000a02000000000000e2ffeb0000000000025fe8b39617559d4b40823eb732f33931773465bf5376337251fdbadcf573fdaeb2be8f6cc9f216e5f31480e3f884c914bdac1227002da5497ba1237934fe4ac2e78808de718625c4f7bd77b16a32a0284200"/119]) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="bc4d16943c3f6db1e0f0fd7d20bcdbde72677b31ca1847b56e897b6ff62d2e2927dae08ccccf6cf3ce90ee9feb007a02f0f48554f1a26cf4028a2f476b3e817f164c5335bdf02da584318891c65d87c8525ebb307fcaa05ede14c20985ef175e945bb0a2887d8b57a8597fa0a4", 0x6d}], 0x1) r11 = socket$unix(0x1, 0x5, 0x0) bind$unix(r11, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) listen(r11, 0x0) 2.940424777s ago: executing program 1 (id=2091): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68200, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x40011, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000003, 0x20000000ec071, r0, 0xef52000) 2.939811689s ago: executing program 5 (id=2092): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000440)=""/162, 0xa2}, {&(0x7f0000001a40)=""/4103, 0x1007}, {&(0x7f0000002c40)=""/196, 0xc4}], 0x3}, 0x12}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000680)=""/199, 0xc7}, {&(0x7f0000001940)=""/215, 0xd7}, {&(0x7f0000000140)=""/53, 0x35}, {&(0x7f0000000280)=""/84, 0x54}, {&(0x7f0000002d40)=""/4099, 0x1003}, {&(0x7f00000000c0)=""/66, 0x42}, {&(0x7f0000000840)=""/231, 0xe7}], 0x7}, 0x2}, {{0x0, 0x0, 0x0}, 0x827}], 0x5, 0x10102, 0x0) (fail_nth: 18) 2.782888138s ago: executing program 0 (id=2093): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) close(r1) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e42000c371303ed6a33f2ff8689b3f20e"]) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000a40)=ANY=[@ANYBLOB="00000300aaaaabaaaa330180c2000000aaeaaaaaaabb"]) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000004c0)={0x14, &(0x7f0000000740)=ANY=[@ANYBLOB="0007400000004007aec1370ae0776632c570c9985048534e9af76833c6f60944467f08573ea2d6c91051d0e006012383444b2d313b8d32724c896a0393196175544927cad531b489c451b4abe2c311fa106ead51c7e29d489ff2c0965e7149dc18dba52ee1f6f781004172aa849f82d36e361be99346404350baaa8fd3ec9749abfe83f11d949ac56458beac6465dd02906731f22b9e9f6aaad70eca0433c7816ae0485a79d0cc3be0ba23c3407acaed8c85d1243742b70361688b95a31c9821f7b6f61b72d64d371e47e79d18546eca1a9582e3e871c42aa04525383b4e6b08226f08ba076260f22e6ae754202cf953c4b2121c6a7a6c45863c9b74c8ed9c8013f39163fddd9921170502a0839d530bced5026ba74bd92a24216a6e67f9fa876ce6c17f6652ec14a0e2f69dc959cbad7feefa3e93148838d55cc59e0e26b241ce1e3862a6472c630b5fdf47ed02113f92756d68d1cf8d91eaae4ccf312a99a8235ffae531ad129870597552a121784ff09bf7be2dedcce344f508cc81108bb1184b0fa03718b049d5355b9821ee0a9212338a406f103d9205d1bb3518ba826d994db0f6c237da2382184d1f43836ef81d11c8f8c2166cbee6d3dfa288"], &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000700)={0x1c, &(0x7f0000000680)=ANY=[], &(0x7f0000000540)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x3}}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x3, "b0de8faa"}, @main=@item_4={0x3, 0x0, 0x0, "322a6c03"}, @main=@item_4={0x3, 0x0, 0x8, "418cf528"}]}}, 0x0}, 0x0) syz_usb_ep_write(r2, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 2.723625455s ago: executing program 4 (id=2094): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014, 0x7000000}) 2.09225639s ago: executing program 5 (id=2095): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x4004804) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x1c, r3, 0x7d243a6ea807936d, 0xf, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c891}, 0x880) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000) 2.091898092s ago: executing program 4 (id=2096): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000b00)=""/255, 0xff}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000003100)=""/4059, 0xfdb}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000000940)=""/188, 0xbc}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/199, 0xc7}, {&(0x7f0000000c00)=""/208, 0xd0}, {&(0x7f0000000700)=""/93, 0x5d}, {&(0x7f0000000140)=""/98, 0x62}, {&(0x7f0000000a00)=""/182, 0xb6}], 0xc}, 0x40012100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc3ff}, 0x40000002) 1.912489653s ago: executing program 5 (id=2097): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x5}, 0x18) 1.681125968s ago: executing program 1 (id=2098): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioprio_set$uid(0x3, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) (async, rerun: 64) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (rerun: 64) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) setns(0xffffffffffffffff, 0x2000000) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x14d142, 0x0) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=@alg={0xe8, 0x10, 0x1, 0x70bd26, 0x25dfdbfc, {{'ctr-cast6-avx\x00'}, '\x00', '\x00', 0x2000, 0x400}, [{0x8, 0x1, 0x8}]}, 0xe8}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendfile(r2, r2, 0x0, 0x7ffff000) 1.531318031s ago: executing program 5 (id=2099): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000080)={0x7fffffff, 0xfff}) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd(0xff7ffff7) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000280)={r5, 0x202, 0x2}) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000100001009bbcf1d6d764e500000a34000000160a01020000000000000000010000000900010073797a30000000000900020073797a300034004000160a00000000000000000000020000000c000540000000003ccc04d47bdaaaa0e5ae49c790f90000000208000733000000020c0003800800024000000006140000081000010000000000000000060000000000"], 0x90}}, 0x0) r6 = getpid() r7 = syz_pidfd_open(r6, 0x0) ioctl$FS_IOC_GETVERSION(r7, 0xff07, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r8, 0xc0286405, &(0x7f0000000280)={0x7, 0x0, {r6}}) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000002c0)={0x4, 0x0, [{0x1, 0x2, 0x0, 0x0, @irqchip={0x1, 0xe}}, {0xfffffffb, 0x4, 0x1, 0x0, @sint={0x2, 0x44}}, {0x0, 0x3, 0x0, 0x0, @irqchip={0x6, 0xf5}}, {0x6, 0x1, 0x1, 0x0, @adapter={0x3, 0x8, 0x4, 0xe58d, 0x6}}]}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'dvmrp0\x00', 0x2}) 1.525192141s ago: executing program 4 (id=2100): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0, 0xc3}, 0x9}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f00000033c0)=""/231, 0xe7}, {&(0x7f00000034c0)=""/211, 0xd3}, {&(0x7f00000035c0)=""/76, 0x4c}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000680)=""/148, 0x94}, {&(0x7f0000000780)=""/83, 0x53}], 0x9}, 0x81}, {{0x0, 0x0, 0x0}, 0x8}], 0x4, 0x2100, 0x0) 1.158458908s ago: executing program 4 (id=2101): ioprio_set$pid(0x1, 0x0, 0x0) (async) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000f16000000090282"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000) (async, rerun: 64) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x5, 0x1, 0xff, 0xf, 0x4, 0x7}, 0x20) (async, rerun: 64) socket$xdp(0x2c, 0x3, 0x0) 575.826835ms ago: executing program 1 (id=2102): mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7065726d70726f66696c65515d9625292f2f2e"], 0x16) r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8936, &(0x7f0000000000)) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x5) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYBLOB="070000000000000007000000ffffffff"]) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="0f01bcf92ebd0000c4c17e5b9200000100c4e1ac59490c660f30b9f70300000f32ca0e00f40f01bb0c000000f23eeb000f01c5", 0x33}], 0x1, 0x20, &(0x7f0000000080)=[@cr0={0x0, 0x80000001}], 0x1) 0s ago: executing program 5 (id=2103): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000002c0)="92a00c028f76d58ddd", 0x9}}, 0xee) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0xfeffffff}, 0x18, &(0x7f0000000180)={&(0x7f0000000280)="4dfb0cf0d556f1327d", 0x9}}, 0xee) kernel console output (not intermixed with test programs): mp-b7:4' failed: Read-only file system [ 485.223034][T11652] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1892'. [ 485.235723][T11652] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 485.324083][ T5202] Dev loop4: unable to read RDB block 7 [ 485.336304][ T5202] loop4: unable to read partition table [ 485.355035][ T5202] loop4: partition table beyond EOD, truncated [ 485.432409][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 485.456826][ T847] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 485.530901][ T5202] Dev loop4: unable to read RDB block 7 [ 485.539382][ T5202] loop4: unable to read partition table [ 485.547518][ T5202] loop4: partition table beyond EOD, truncated [ 485.598244][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 485.643672][ T847] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 485.669541][ T847] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 485.696708][ T847] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 485.740026][ T847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 485.776370][ T847] usb 6-1: SerialNumber: syz [ 485.863764][ T5202] Dev loop4: unable to read RDB block 7 [ 485.880802][ T5202] loop4: unable to read partition table [ 485.901356][ T5202] loop4: partition table beyond EOD, truncated [ 486.016440][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 486.029677][T11650] qnx4: no qnx4 filesystem (no root dir). [ 486.040707][T11660] 9p: Unknown access argument Š: -22 [ 486.082633][ T847] usb 6-1: 0:2 : does not exist [ 486.097903][T11663] netlink: 'syz.0.1897': attribute type 10 has an invalid length. [ 486.131636][T11663] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1897'. [ 486.186951][ T847] usb 6-1: USB disconnect, device number 11 [ 486.207137][ T24] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 486.237568][T11212] udevd[11212]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 486.322080][ T5202] Dev loop4: unable to read RDB block 7 [ 486.349671][ T5202] loop4: unable to read partition table [ 486.372887][ T5202] loop4: partition table beyond EOD, truncated [ 486.385223][T11663] team0: Port device geneve0 added [ 486.476486][T11213] udevd[11213]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 487.133498][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1902'. [ 487.327541][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.348953][ T24] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 487.372283][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.376394][ T5202] Dev loop4: unable to read RDB block 7 [ 487.389679][ T5202] loop4: unable to read partition table [ 487.399139][ T5202] loop4: partition table beyond EOD, truncated [ 487.471248][ T24] usb 2-1: config 0 descriptor?? [ 487.554752][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 487.604042][ C1] net_ratelimit: 5118 callbacks suppressed [ 487.604065][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 487.623041][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 487.636111][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 487.649256][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 487.662591][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 487.675794][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 487.688929][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 487.701981][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 487.715083][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 487.728488][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 487.922766][T11656] vivid-000: disconnect [ 488.186414][ T24] keytouch 0003:0926:3333.003E: fixing up Keytouch IEC report descriptor [ 488.338427][ T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.003E/input/input81 [ 488.664012][ T5202] Dev loop4: unable to read RDB block 7 [ 488.669695][ T5202] loop4: unable to read partition table [ 488.694595][ T5202] loop4: partition table beyond EOD, truncated [ 488.751565][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 489.042349][ T5202] Dev loop4: unable to read RDB block 7 [ 489.059010][ T5202] loop4: unable to read partition table [ 489.079777][ T5202] loop4: partition table beyond EOD, truncated [ 489.103208][ T847] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 489.188772][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 489.203719][ T983] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 489.284513][ T847] usb 1-1: config 0 has an invalid interface number: 153 but max is 0 [ 489.295059][ T847] usb 1-1: config 0 has no interface number 0 [ 489.301448][ T847] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=b4.98 [ 489.311395][ T847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.330396][ T847] usb 1-1: config 0 descriptor?? [ 489.354332][ T847] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 489.362983][ T983] usb 6-1: Using ep0 maxpacket: 16 [ 489.380324][ T983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.412167][ T983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.439210][ T983] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 489.455387][T11656] vivid-000: reconnect [ 489.483597][ T5915] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 489.500640][ T983] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 489.525918][ T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.563381][ T983] usb 6-1: config 0 descriptor?? [ 489.648305][T11702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 489.659276][T11701] FAULT_INJECTION: forcing a failure. [ 489.659276][T11701] name failslab, interval 1, probability 0, space 0, times 0 [ 489.680742][T11702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 489.724663][T11701] CPU: 0 UID: 0 PID: 11701 Comm: syz.1.1912 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 489.724698][T11701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 489.724710][T11701] Call Trace: [ 489.724718][T11701] [ 489.724727][T11701] dump_stack_lvl+0x189/0x250 [ 489.724757][T11701] ? __pfx____ratelimit+0x10/0x10 [ 489.724786][T11701] ? __pfx_dump_stack_lvl+0x10/0x10 [ 489.724808][T11701] ? __pfx__printk+0x10/0x10 [ 489.724836][T11701] ? __pfx___might_resched+0x10/0x10 [ 489.724857][T11701] ? fs_reclaim_acquire+0x7d/0x100 [ 489.724889][T11701] should_fail_ex+0x414/0x560 [ 489.724919][T11701] should_failslab+0xa8/0x100 [ 489.724946][T11701] __kmalloc_cache_noprof+0x70/0x3d0 [ 489.724969][T11701] ? nfnetlink_rcv+0xeff/0x2520 [ 489.725002][T11701] nfnetlink_rcv+0xeff/0x2520 [ 489.725067][T11701] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 489.725116][T11701] ? ref_tracker_free+0x63a/0x7d0 [ 489.725184][T11701] ? __netlink_deliver_tap+0x807/0x850 [ 489.725219][T11701] ? netlink_deliver_tap+0x2e/0x1b0 [ 489.725240][T11701] ? netlink_deliver_tap+0x2e/0x1b0 [ 489.725270][T11701] netlink_unicast+0x75b/0x8d0 [ 489.725304][T11701] netlink_sendmsg+0x805/0xb30 [ 489.725339][T11701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 489.725367][T11701] ? aa_sock_msg_perm+0x94/0x160 [ 489.725390][T11701] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 489.725417][T11701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 489.725440][T11701] __sock_sendmsg+0x21c/0x270 [ 489.725463][T11701] ____sys_sendmsg+0x505/0x830 [ 489.725495][T11701] ? __pfx_____sys_sendmsg+0x10/0x10 [ 489.725530][T11701] ? import_iovec+0x74/0xa0 [ 489.725554][T11701] ___sys_sendmsg+0x21f/0x2a0 [ 489.725591][T11701] ? __pfx____sys_sendmsg+0x10/0x10 [ 489.725658][T11701] ? __fget_files+0x2a/0x420 [ 489.725682][T11701] ? __fget_files+0x3a0/0x420 [ 489.725724][T11701] __x64_sys_sendmsg+0x19b/0x260 [ 489.725751][T11701] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 489.725786][T11701] ? __pfx_ksys_write+0x10/0x10 [ 489.725808][T11701] ? rcu_is_watching+0x15/0xb0 [ 489.725836][T11701] ? do_syscall_64+0xbe/0x3b0 [ 489.725860][T11701] do_syscall_64+0xfa/0x3b0 [ 489.725879][T11701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.725896][T11701] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 489.725915][T11701] ? clear_bhb_loop+0x60/0xb0 [ 489.725939][T11701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.725958][T11701] RIP: 0033:0x7f76ab58e929 [ 489.725976][T11701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.725992][T11701] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 489.726013][T11701] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 489.726026][T11701] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000003 [ 489.726038][T11701] RBP: 00007f76ac409090 R08: 0000000000000000 R09: 0000000000000000 [ 489.726050][T11701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.726061][T11701] R13: 0000000000000000 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 489.726094][T11701] [ 489.726903][ T5915] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 489.857354][T11702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 489.891665][ T5915] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 489.891814][ T5915] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 489.891840][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.894692][ T847] gspca_vc032x: reg_w err -110 [ 489.894713][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894725][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894737][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894749][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894760][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894772][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894782][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894823][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894835][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894846][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894856][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894868][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894878][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894888][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894898][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894908][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894919][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894929][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894969][ T847] gspca_vc032x: I2c Bus Busy Wait 00 [ 489.894980][ T847] gspca_vc032x: Unknown sensor... [ 489.895071][ T847] vc032x 1-1:0.153: probe with driver vc032x failed with error -22 [ 489.934100][ T5915] usb 5-1: config 0 descriptor?? [ 490.312725][T11702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.331201][T11695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.341827][T11695] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.378514][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x2 [ 490.386792][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.395054][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.404627][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.419910][ T24] keytouch 0003:0926:3333.003E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 490.422209][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.432569][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880598ba000: rx timeout, send abort [ 490.442551][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880598ba000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 490.501779][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.509202][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.517231][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.532017][ T983] microsoft 0003:045E:07DA.003F: unknown main item tag 0x0 [ 490.582228][ T983] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.003F/input/input82 [ 490.774740][ T5915] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 490.781448][ T5915] dvb-usb: bulk message failed: -22 (3/0) [ 490.797014][ T983] microsoft 0003:045E:07DA.003F: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 490.957525][ T983] usb 6-1: USB disconnect, device number 12 [ 490.968145][T11699] omfs: Invalid superblock (0) [ 490.988719][ T5915] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 491.051199][ T5915] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 491.089320][ T5915] usb 5-1: media controller created [ 491.140762][ T5915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 491.230475][ T5915] dvb-usb: bulk message failed: -22 (6/0) [ 491.286808][T11706] fido_id[11706]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 491.313409][ T5915] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 491.342403][ T5915] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input83 [ 491.424183][ T5915] dvb-usb: schedule remote query interval to 150 msecs. [ 491.470141][ T5915] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 491.634432][ T5915] dvb-usb: bulk message failed: -22 (1/0) [ 491.648068][ T5915] dvb-usb: error while querying for an remote control event. [ 491.891530][ T5915] dvb-usb: bulk message failed: -22 (1/0) [ 491.915178][ T5915] dvb-usb: error while querying for an remote control event. [ 491.924493][ T983] usb 1-1: USB disconnect, device number 105 [ 492.101617][T11698] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 492.153538][ T983] dvb-usb: bulk message failed: -22 (1/0) [ 492.159439][ T983] dvb-usb: error while querying for an remote control event. [ 492.215848][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802f9bf400: rx timeout, send abort [ 492.226778][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802f9bf400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 492.273679][ T10] usb 5-1: USB disconnect, device number 22 [ 492.485368][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 492.548207][T11726] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 492.596987][T11726] cramfs: wrong magic [ 492.610958][ C1] net_ratelimit: 5049 callbacks suppressed [ 492.610978][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 492.629985][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 492.643282][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 492.656499][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 492.660201][T11728] syzkaller1: entered promiscuous mode [ 492.669563][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 492.687494][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 492.692411][T11728] syzkaller1: entered allmulticast mode [ 492.700674][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 492.717924][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 492.731220][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 492.744045][ T24] usb 2-1: USB disconnect, device number 99 [ 492.750772][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 492.930807][ T983] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 493.113783][ T983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.155421][ T983] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 493.188420][ T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.214810][ T983] usb 6-1: config 0 descriptor?? [ 493.313889][ T5202] Dev loop4: unable to read RDB block 7 [ 493.327198][ T5202] loop4: unable to read partition table [ 493.345290][ T5202] loop4: partition table beyond EOD, truncated [ 493.454041][T11730] vivid-000: disconnect [ 493.677027][ T5202] Dev loop4: unable to read RDB block 7 [ 493.693292][ T5202] loop4: unable to read partition table [ 493.699354][ T5202] loop4: partition table beyond EOD, truncated [ 493.744839][ T983] keytouch 0003:0926:3333.0040: fixing up Keytouch IEC report descriptor [ 493.806916][ T983] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0040/input/input84 [ 494.110978][ T983] keytouch 0003:0926:3333.0040: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 494.200693][T11176] udevd[11176]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 494.228101][T11729] vivid-000: reconnect [ 494.307718][ T983] usb 6-1: USB disconnect, device number 13 [ 494.497737][T11169] udevd[11169]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 494.866878][T11752] fido_id[11752]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 494.875670][ T5202] Dev loop4: unable to read RDB block 7 [ 494.875722][ T5202] loop4: unable to read partition table [ 494.875977][ T5202] loop4: partition table beyond EOD, truncated [ 495.124806][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 495.195688][T11758] vxfs: WRONG superblock magic 00000000 at 1 [ 495.195724][T11758] vxfs: WRONG superblock magic 00000000 at 8 [ 495.195741][T11758] vxfs: can't find superblock. [ 495.238718][ T5202] Dev loop4: unable to read RDB block 7 [ 495.238771][ T5202] loop4: unable to read partition table [ 495.239028][ T5202] loop4: partition table beyond EOD, truncated [ 495.407310][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 495.679483][ T983] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 495.863259][ T983] usb 5-1: config 0 has an invalid interface number: 93 but max is 0 [ 495.894983][ T983] usb 5-1: config 0 has no interface number 0 [ 495.932000][ T983] usb 5-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 495.969309][ T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.008518][ T983] usb 5-1: Product: syz [ 496.035459][ T983] usb 5-1: Manufacturer: syz [ 496.063092][ T983] usb 5-1: SerialNumber: syz [ 496.101225][ T983] usb 5-1: config 0 descriptor?? [ 496.310701][ T983] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 496.366723][ T983] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 496.418647][ T983] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 496.448960][ T983] usb 5-1: media controller created [ 496.475512][ T983] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 496.494270][ T10] usb 2-1: new full-speed USB device number 100 using dummy_hcd [ 496.747418][ T10] usb 2-1: config 0 has an invalid interface number: 93 but max is 0 [ 496.782272][ T983] DVB: Unable to find symbol dib7000p_attach() [ 496.788501][ T983] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 496.801717][ T10] usb 2-1: config 0 has no interface number 0 [ 496.858813][ T10] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 496.868486][ T983] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 496.879931][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.888060][ T10] usb 2-1: Product: syz [ 496.919494][ T983] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 496.931357][ T10] usb 2-1: Manufacturer: syz [ 496.936137][ T10] usb 2-1: SerialNumber: syz [ 496.955759][ T983] usb 5-1: media controller created [ 496.961446][ T847] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 496.977461][ T983] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 497.000373][ T10] usb 2-1: config 0 descriptor?? [ 497.067037][ T983] dib0700: the master dib7090 has to be initialized first [ 497.084766][ T983] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 497.110177][ T5202] Dev loop4: unable to read RDB block 7 [ 497.136362][ T5202] loop4: unable to read partition table [ 497.163986][ T847] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.178848][ T5202] loop4: partition table beyond EOD, truncated [ 497.222794][ T847] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 497.248539][ T10] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 497.295732][ T847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.359730][ T10] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 497.384376][T11213] udevd[11213]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 497.417487][ T847] usb 1-1: config 0 descriptor?? [ 497.465385][ T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 497.519250][ T983] rc_core: IR keymap rc-dib0700-rc5 not found [ 497.543904][ T10] usb 2-1: media controller created [ 497.563629][ T983] Registered IR keymap rc-empty [ 497.618583][ C1] net_ratelimit: 5269 callbacks suppressed [ 497.618603][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 497.621086][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 497.625282][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 497.637943][ T983] dvb-usb: could not initialize remote control. [ 497.646100][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 497.676607][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 497.689728][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 497.702786][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 497.716270][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 497.725425][T11784] vivid-000: disconnect [ 497.729165][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 497.745661][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 497.758672][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 497.792394][ T983] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 497.888764][ T983] usb 5-1: USB disconnect, device number 23 [ 498.074310][ T847] keytouch 0003:0926:3333.0041: fixing up Keytouch IEC report descriptor [ 498.231532][ T983] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 498.250437][ T847] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0041/input/input86 [ 498.318245][ T10] DVB: Unable to find symbol dib7000p_attach() [ 498.494286][ T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 498.593693][ T10] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 498.688615][T11783] vivid-000: reconnect [ 498.727412][ T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 498.773367][ T10] usb 2-1: media controller created [ 498.819889][ T847] keytouch 0003:0926:3333.0041: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 498.868903][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 498.951845][ T847] usb 1-1: USB disconnect, device number 106 [ 499.018209][ T10] dib0700: the master dib7090 has to be initialized first [ 499.101334][ T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 499.336537][T11803] /dev/nullb0: Can't open blockdev [ 499.491787][T11800] fido_id[11800]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 499.527114][ T10] rc_core: IR keymap rc-dib0700-rc5 not found [ 499.564244][ T10] Registered IR keymap rc-empty [ 499.586386][ T5202] Dev loop4: unable to read RDB block 7 [ 499.594724][ T10] dvb-usb: could not initialize remote control. [ 499.635913][ T5202] loop4: unable to read partition table [ 499.720639][ T10] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 499.757452][ T5202] loop4: partition table beyond EOD, truncated [ 499.834128][ T10] usb 2-1: USB disconnect, device number 100 [ 500.078171][ T10] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 500.167935][T11213] udevd[11213]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 500.517130][ T10] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 500.652405][ T5202] Dev loop4: unable to read RDB block 7 [ 500.679537][ T5202] loop4: unable to read partition table [ 500.708821][ T5202] loop4: partition table beyond EOD, truncated [ 500.760799][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 500.819671][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 500.865084][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 500.924067][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 500.954938][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.999546][ T10] usb 2-1: Product: syz [ 501.040042][ T10] usb 2-1: Manufacturer: syz [ 501.056401][T11815] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1948'. [ 501.076211][ T10] usb 2-1: SerialNumber: syz [ 501.100296][ T10] usb 2-1: config 0 descriptor?? [ 501.134652][ T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 501.290072][ T5202] Dev loop4: unable to read RDB block 7 [ 501.295767][ T5202] loop4: unable to read partition table [ 501.347933][ T5202] loop4: partition table beyond EOD, truncated [ 501.485266][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.527279][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 501.621076][T11821] FAULT_INJECTION: forcing a failure. [ 501.621076][T11821] name failslab, interval 1, probability 0, space 0, times 0 [ 501.684342][T11821] CPU: 0 UID: 0 PID: 11821 Comm: syz.4.1950 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 501.684373][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 501.684391][T11821] Call Trace: [ 501.684401][T11821] [ 501.684411][T11821] dump_stack_lvl+0x189/0x250 [ 501.684439][T11821] ? __pfx____ratelimit+0x10/0x10 [ 501.684468][T11821] ? __pfx_dump_stack_lvl+0x10/0x10 [ 501.684491][T11821] ? __pfx__printk+0x10/0x10 [ 501.684520][T11821] ? __pfx___might_resched+0x10/0x10 [ 501.684540][T11821] ? fs_reclaim_acquire+0x7d/0x100 [ 501.684572][T11821] should_fail_ex+0x414/0x560 [ 501.684603][T11821] should_failslab+0xa8/0x100 [ 501.684630][T11821] __kmalloc_cache_noprof+0x70/0x3d0 [ 501.684652][T11821] ? nfnetlink_rcv+0xeff/0x2520 [ 501.684685][T11821] nfnetlink_rcv+0xeff/0x2520 [ 501.684750][T11821] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 501.684796][T11821] ? ref_tracker_free+0x63a/0x7d0 [ 501.684856][T11821] ? __netlink_deliver_tap+0x807/0x850 [ 501.684890][T11821] ? netlink_deliver_tap+0x2e/0x1b0 [ 501.684912][T11821] ? netlink_deliver_tap+0x2e/0x1b0 [ 501.684940][T11821] netlink_unicast+0x75b/0x8d0 [ 501.684975][T11821] netlink_sendmsg+0x805/0xb30 [ 501.685010][T11821] ? __pfx_netlink_sendmsg+0x10/0x10 [ 501.685059][T11821] ? aa_sock_msg_perm+0x94/0x160 [ 501.685082][T11821] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 501.685110][T11821] ? __pfx_netlink_sendmsg+0x10/0x10 [ 501.685134][T11821] __sock_sendmsg+0x21c/0x270 [ 501.685158][T11821] ____sys_sendmsg+0x505/0x830 [ 501.685191][T11821] ? __pfx_____sys_sendmsg+0x10/0x10 [ 501.685227][T11821] ? import_iovec+0x74/0xa0 [ 501.685251][T11821] ___sys_sendmsg+0x21f/0x2a0 [ 501.685279][T11821] ? __pfx____sys_sendmsg+0x10/0x10 [ 501.685346][T11821] ? __fget_files+0x2a/0x420 [ 501.685373][T11821] ? __fget_files+0x3a0/0x420 [ 501.685411][T11821] __x64_sys_sendmsg+0x19b/0x260 [ 501.685438][T11821] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 501.685474][T11821] ? __pfx_ksys_write+0x10/0x10 [ 501.685496][T11821] ? rcu_is_watching+0x15/0xb0 [ 501.685524][T11821] ? do_syscall_64+0xbe/0x3b0 [ 501.685548][T11821] do_syscall_64+0xfa/0x3b0 [ 501.685564][T11821] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.685591][T11821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.685610][T11821] ? clear_bhb_loop+0x60/0xb0 [ 501.685633][T11821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.685652][T11821] RIP: 0033:0x7f0d1718e929 [ 501.685670][T11821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.685688][T11821] RSP: 002b:00007f0d17ff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 501.685709][T11821] RAX: ffffffffffffffda RBX: 00007f0d173b5fa0 RCX: 00007f0d1718e929 [ 501.685724][T11821] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000003 [ 501.685736][T11821] RBP: 00007f0d17ff1090 R08: 0000000000000000 R09: 0000000000000000 [ 501.685748][T11821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 501.685760][T11821] R13: 0000000000000000 R14: 00007f0d173b5fa0 R15: 00007ffdd6b783b8 [ 501.685790][T11821] [ 502.214309][ T10] gspca_zc3xx: reg_w_i err -110 [ 502.249553][T11819] /dev/nullb0: Can't open blockdev [ 502.259717][T11819] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 502.271734][T11819] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock [ 502.378625][T11819] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 502.398152][T11819] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock [ 502.594680][ T5202] Dev loop4: unable to read RDB block 7 [ 502.608754][ T5202] loop4: unable to read partition table [ 502.621413][ T5202] loop4: partition table beyond EOD, truncated [ 502.626124][ C1] net_ratelimit: 5448 callbacks suppressed [ 502.626142][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 502.646777][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 502.659970][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 502.673546][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 502.681767][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 502.686721][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 502.709896][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 502.723162][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 502.736640][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 502.749851][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 502.762967][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 502.823334][ T10] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 502.830688][ T10] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 503.000427][ T983] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 503.210246][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.270900][ T983] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 503.301109][T11846] 9pnet: p9_errstr2errno: server reported unknown error Çpî‘AçÁ›¬ž;KZì44§/@®qæž [ 503.324590][ T983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.357685][T11848] netlink: 'syz.0.1958': attribute type 1 has an invalid length. [ 503.390227][ T983] usb 5-1: config 0 descriptor?? [ 503.400337][T11848] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1958'. [ 503.634210][T11836] vivid-000: disconnect [ 503.699049][ T10] usb 2-1: USB disconnect, device number 101 [ 503.888680][ T983] keytouch 0003:0926:3333.0042: fixing up Keytouch IEC report descriptor [ 504.001189][ T983] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0042/input/input88 [ 504.352756][ T983] keytouch 0003:0926:3333.0042: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 504.408969][T11835] vivid-000: reconnect [ 504.502576][ T983] usb 5-1: USB disconnect, device number 24 [ 504.555068][ T10] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 504.773154][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.826880][ T10] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 504.857162][T11865] fido_id[11865]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 504.881255][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.935882][ T10] usb 1-1: config 0 descriptor?? [ 505.034424][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 505.153050][ T5202] Dev loop4: unable to read RDB block 7 [ 505.173009][ T5202] loop4: unable to read partition table [ 505.194007][ T5202] loop4: partition table beyond EOD, truncated [ 505.385739][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 505.405023][ T847] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 505.433872][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 505.445791][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 505.481719][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 505.515039][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 505.544077][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 505.571532][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 505.586588][ T847] usb 6-1: Using ep0 maxpacket: 32 [ 505.606736][ T5202] Dev loop4: unable to read RDB block 7 [ 505.633246][ T5202] loop4: unable to read partition table [ 505.662502][ T847] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 505.672427][ T5202] loop4: partition table beyond EOD, truncated [ 505.700264][ T847] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.746492][ T847] usb 6-1: Product: syz [ 505.768599][ T847] usb 6-1: Manufacturer: syz [ 505.813178][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 505.834235][ T847] usb 6-1: SerialNumber: syz [ 505.861314][ T847] usb 6-1: config 0 descriptor?? [ 505.940827][ T847] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 506.385408][T11877] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1969'. [ 506.911324][T11880] FAULT_INJECTION: forcing a failure. [ 506.911324][T11880] name failslab, interval 1, probability 0, space 0, times 0 [ 507.001102][T11880] CPU: 0 UID: 0 PID: 11880 Comm: syz.1.1970 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 507.001132][T11880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 507.001150][T11880] Call Trace: [ 507.001159][T11880] [ 507.001168][T11880] dump_stack_lvl+0x189/0x250 [ 507.001197][T11880] ? __pfx____ratelimit+0x10/0x10 [ 507.001226][T11880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 507.001248][T11880] ? __pfx__printk+0x10/0x10 [ 507.001273][T11880] ? __pfx___might_resched+0x10/0x10 [ 507.001294][T11880] ? fs_reclaim_acquire+0x7d/0x100 [ 507.001326][T11880] should_fail_ex+0x414/0x560 [ 507.001355][T11880] should_failslab+0xa8/0x100 [ 507.001382][T11880] kmem_cache_alloc_noprof+0x73/0x3c0 [ 507.001404][T11880] ? getname_kernel+0x5a/0x2f0 [ 507.001428][T11880] getname_kernel+0x5a/0x2f0 [ 507.001450][T11880] kern_path+0x1d/0x50 [ 507.001471][T11880] lookup_bdev+0xc0/0x280 [ 507.001498][T11880] ? __pfx_lookup_bdev+0x10/0x10 [ 507.001521][T11880] ? vfs_parse_fs_string+0x101/0x170 [ 507.001555][T11880] ? __pfx_f2fs_fill_super+0x10/0x10 [ 507.001578][T11880] mount_bdev+0x96/0x2c0 [ 507.001603][T11880] ? __pfx_aa_get_newest_label+0x10/0x10 [ 507.001624][T11880] ? __pfx_mount_bdev+0x10/0x10 [ 507.001649][T11880] ? rcu_is_watching+0x15/0xb0 [ 507.001677][T11880] legacy_get_tree+0xfa/0x1a0 [ 507.001693][T11880] ? __pfx_f2fs_mount+0x10/0x10 [ 507.001717][T11880] vfs_get_tree+0x8f/0x2b0 [ 507.001744][T11880] do_new_mount+0x24a/0xa40 [ 507.001789][T11880] __se_sys_mount+0x317/0x410 [ 507.001824][T11880] ? __pfx___se_sys_mount+0x10/0x10 [ 507.001855][T11880] ? __x64_sys_mount+0x3a/0xc0 [ 507.001882][T11880] ? __x64_sys_mount+0x20/0xc0 [ 507.001911][T11880] do_syscall_64+0xfa/0x3b0 [ 507.001929][T11880] ? lockdep_hardirqs_on+0x9c/0x150 [ 507.001957][T11880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.001977][T11880] ? clear_bhb_loop+0x60/0xb0 [ 507.002000][T11880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.002018][T11880] RIP: 0033:0x7f76ab58e929 [ 507.002035][T11880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.002051][T11880] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 507.002073][T11880] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 507.002087][T11880] RDX: 0000200000000000 RSI: 0000200000001440 RDI: 0000200000001400 [ 507.002099][T11880] RBP: 00007f76ac409090 R08: 0000000000000000 R09: 0000000000000000 [ 507.002111][T11880] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 507.002123][T11880] R13: 0000000000000000 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 507.002154][T11880] [ 507.364515][T11884] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 507.371977][T11884] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 507.465444][ T5202] Dev loop4: unable to read RDB block 7 [ 507.471162][ T5202] loop4: unable to read partition table [ 507.477650][ T5202] loop4: partition table beyond EOD, truncated [ 507.538556][T11886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1972'. [ 507.588098][ T5202] Dev loop4: unable to read RDB block 7 [ 507.593978][ T5202] loop4: unable to read partition table [ 507.602031][ T5202] loop4: partition table beyond EOD, truncated [ 507.622980][T11887] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1972'. [ 507.633898][ C1] net_ratelimit: 5385 callbacks suppressed [ 507.633919][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 507.652935][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 507.659102][T11213] udevd[11213]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 507.665864][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 507.689392][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 507.702383][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 507.715545][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 507.726837][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 507.728586][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 507.751943][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 507.765263][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 507.778332][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 507.845823][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 507.865363][ T5202] Dev loop4: unable to read RDB block 7 [ 507.871055][ T5202] loop4: unable to read partition table [ 507.886883][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 507.942025][ T5202] loop4: partition table beyond EOD, truncated [ 507.953268][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 508.020288][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 508.065407][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 508.130941][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 508.184735][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 508.201682][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 508.227751][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 508.280372][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 508.340244][ T10] pwc: Registered as video103. [ 508.418385][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input89 [ 508.550802][ T10] usb 1-1: USB disconnect, device number 107 [ 509.026912][ T847] gspca_stk1135: reg_w 0x351 err -71 [ 509.033711][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.040111][ T847] gspca_stk1135: Sensor write failed [ 509.104203][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.157211][ T847] gspca_stk1135: Sensor write failed [ 509.167662][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.182611][ T10] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 509.190426][ T983] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 509.219971][ T5202] Dev loop4: unable to read RDB block 7 [ 509.226109][ T847] gspca_stk1135: Sensor read failed [ 509.259788][ T5202] loop4: unable to read partition table [ 509.268033][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.280298][ T5202] loop4: partition table beyond EOD, truncated [ 509.296045][ T847] gspca_stk1135: Sensor read failed [ 509.320610][ T847] gspca_stk1135: Detected sensor type unknown (0x0) [ 509.365825][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.379964][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.412662][ T983] usb 2-1: Using ep0 maxpacket: 8 [ 509.433348][ T847] gspca_stk1135: Sensor read failed [ 509.452485][ T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 509.482670][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.490515][ T847] gspca_stk1135: Sensor read failed [ 509.521263][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 509.549310][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.564677][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.581554][ T983] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 509.609985][ T847] gspca_stk1135: Sensor write failed [ 509.618442][ T10] usb 1-1: config 0 descriptor?? [ 509.641943][ T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.663274][ T847] gspca_stk1135: serial bus timeout: status=0x00 [ 509.669680][ T847] gspca_stk1135: Sensor write failed [ 509.792539][ T847] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 509.861384][ T983] pvrusb2: Hardware description: Terratec Grabster AV400 [ 509.896980][T11896] vivid-000: disconnect [ 509.917744][ T847] usb 6-1: USB disconnect, device number 14 [ 509.998822][ T983] pvrusb2: ********** [ 510.057423][ T983] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 510.135598][T11910] netlink: 'syz.5.1979': attribute type 1 has an invalid length. [ 510.168621][ T983] pvrusb2: Important functionality might not be entirely working. [ 510.212249][T11910] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1979'. [ 510.230442][ T10] keytouch 0003:0926:3333.0043: fixing up Keytouch IEC report descriptor [ 510.246301][ T983] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 510.275633][T11910] FAULT_INJECTION: forcing a failure. [ 510.275633][T11910] name failslab, interval 1, probability 0, space 0, times 0 [ 510.301141][ T983] pvrusb2: ********** [ 510.343174][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0043/input/input90 [ 510.392165][T11910] CPU: 0 UID: 0 PID: 11910 Comm: syz.5.1979 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 510.392196][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.392208][T11910] Call Trace: [ 510.392216][T11910] [ 510.392225][T11910] dump_stack_lvl+0x189/0x250 [ 510.392254][T11910] ? __pfx____ratelimit+0x10/0x10 [ 510.392284][T11910] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.392306][T11910] ? __pfx__printk+0x10/0x10 [ 510.392334][T11910] ? __pfx___might_resched+0x10/0x10 [ 510.392356][T11910] ? fs_reclaim_acquire+0x7d/0x100 [ 510.392387][T11910] should_fail_ex+0x414/0x560 [ 510.392418][T11910] should_failslab+0xa8/0x100 [ 510.392443][T11910] __kmalloc_cache_noprof+0x70/0x3d0 [ 510.392466][T11910] ? hwsim_add_one+0x365/0x1420 [ 510.392495][T11910] hwsim_add_one+0x365/0x1420 [ 510.392518][T11910] ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0 [ 510.392557][T11910] genl_family_rcv_msg_doit+0x215/0x300 [ 510.392593][T11910] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 510.392637][T11910] ? bpf_lsm_capable+0x9/0x20 [ 510.392658][T11910] ? security_capable+0x7e/0x2e0 [ 510.392687][T11910] genl_rcv_msg+0x60e/0x790 [ 510.392722][T11910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 510.392747][T11910] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 510.392800][T11910] netlink_rcv_skb+0x208/0x470 [ 510.392824][T11910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 510.392854][T11910] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 510.392898][T11910] ? down_read+0x1ad/0x2e0 [ 510.392923][T11910] genl_rcv+0x28/0x40 [ 510.392948][T11910] netlink_unicast+0x75b/0x8d0 [ 510.392990][T11910] netlink_sendmsg+0x805/0xb30 [ 510.393026][T11910] ? __pfx_netlink_sendmsg+0x10/0x10 [ 510.393053][T11910] ? aa_sock_msg_perm+0x94/0x160 [ 510.393075][T11910] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 510.393108][T11910] ? __pfx_netlink_sendmsg+0x10/0x10 [ 510.393132][T11910] __sock_sendmsg+0x21c/0x270 [ 510.393156][T11910] ____sys_sendmsg+0x505/0x830 [ 510.393194][T11910] ? __pfx_____sys_sendmsg+0x10/0x10 [ 510.393216][T11910] ? __copy_msghdr+0x301/0x5b0 [ 510.393241][T11910] ? __asan_memset+0x22/0x50 [ 510.393266][T11910] ? import_iovec+0x74/0xa0 [ 510.393290][T11910] ___sys_sendmsg+0x21f/0x2a0 [ 510.393318][T11910] ? __pfx____sys_sendmsg+0x10/0x10 [ 510.393388][T11910] ? __fget_files+0x2a/0x420 [ 510.393414][T11910] ? __fget_files+0x3a0/0x420 [ 510.393454][T11910] __x64_sys_sendmsg+0x19b/0x260 [ 510.393483][T11910] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 510.393519][T11910] ? __pfx_ksys_write+0x10/0x10 [ 510.393540][T11910] ? rcu_is_watching+0x15/0xb0 [ 510.393569][T11910] ? do_syscall_64+0xbe/0x3b0 [ 510.393592][T11910] do_syscall_64+0xfa/0x3b0 [ 510.393608][T11910] ? lockdep_hardirqs_on+0x9c/0x150 [ 510.393636][T11910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.393654][T11910] ? clear_bhb_loop+0x60/0xb0 [ 510.393678][T11910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.393696][T11910] RIP: 0033:0x7f0ad778e929 [ 510.393715][T11910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.393731][T11910] RSP: 002b:00007f0ad852f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 510.393751][T11910] RAX: ffffffffffffffda RBX: 00007f0ad79b5fa0 RCX: 00007f0ad778e929 [ 510.393765][T11910] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 510.393778][T11910] RBP: 00007f0ad852f090 R08: 0000000000000000 R09: 0000000000000000 [ 510.393789][T11910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.393800][T11910] R13: 0000000000000000 R14: 00007f0ad79b5fa0 R15: 00007ffecb42af08 [ 510.393834][T11910] [ 511.269520][ T983] usb 2-1: USB disconnect, device number 102 [ 511.303779][ T2346] pvrusb2: Invalid write control endpoint [ 511.622517][T11916] raw_sendmsg: syz.5.1980 forgot to set AF_INET. Fix it! [ 511.766618][T11913] vivid-000: reconnect [ 511.804540][ T10] keytouch 0003:0926:3333.0043: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 511.858564][ T5832] Bluetooth: hci4: command tx timeout [ 512.008856][ T10] usb 1-1: USB disconnect, device number 108 [ 512.017868][ T2346] pvrusb2: Invalid write control endpoint [ 512.036325][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 512.049681][T11922] netlink: 'syz.0.1982': attribute type 1 has an invalid length. [ 512.081261][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 512.095807][T11922] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1982'. [ 512.122692][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 512.133072][T11922] FAULT_INJECTION: forcing a failure. [ 512.133072][T11922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 512.176349][ T2346] pvrusb2: Device being rendered inoperable [ 512.186772][T11922] CPU: 0 UID: 0 PID: 11922 Comm: syz.0.1982 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 512.186802][T11922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 512.186814][T11922] Call Trace: [ 512.186822][T11922] [ 512.186832][T11922] dump_stack_lvl+0x189/0x250 [ 512.186859][T11922] ? __pfx____ratelimit+0x10/0x10 [ 512.186889][T11922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 512.186911][T11922] ? __pfx__printk+0x10/0x10 [ 512.186947][T11922] should_fail_ex+0x414/0x560 [ 512.186976][T11922] _copy_to_user+0x31/0xb0 [ 512.186999][T11922] simple_read_from_buffer+0xe1/0x170 [ 512.187032][T11922] proc_fail_nth_read+0x1df/0x250 [ 512.187055][T11922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.187077][T11922] ? rw_verify_area+0x258/0x650 [ 512.187101][T11922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.187122][T11922] vfs_read+0x1fd/0x980 [ 512.187152][T11922] ? __pfx___mutex_lock+0x10/0x10 [ 512.187173][T11922] ? __pfx_vfs_read+0x10/0x10 [ 512.187200][T11922] ? __fget_files+0x2a/0x420 [ 512.187232][T11922] ? __fget_files+0x3a0/0x420 [ 512.187258][T11922] ? __fget_files+0x2a/0x420 [ 512.187295][T11922] ksys_read+0x145/0x250 [ 512.187323][T11922] ? __pfx_ksys_read+0x10/0x10 [ 512.187343][T11922] ? rcu_is_watching+0x15/0xb0 [ 512.187371][T11922] ? do_syscall_64+0xbe/0x3b0 [ 512.187395][T11922] do_syscall_64+0xfa/0x3b0 [ 512.187411][T11922] ? lockdep_hardirqs_on+0x9c/0x150 [ 512.187437][T11922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.187456][T11922] ? clear_bhb_loop+0x60/0xb0 [ 512.187480][T11922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.187498][T11922] RIP: 0033:0x7f47c538d33c [ 512.187516][T11922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 512.187533][T11922] RSP: 002b:00007f47c61fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 512.187554][T11922] RAX: ffffffffffffffda RBX: 00007f47c55b5fa0 RCX: 00007f47c538d33c [ 512.187568][T11922] RDX: 000000000000000f RSI: 00007f47c61fa0a0 RDI: 0000000000000003 [ 512.187581][T11922] RBP: 00007f47c61fa090 R08: 0000000000000000 R09: 0000000000000000 [ 512.187593][T11922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.187605][T11922] R13: 0000000000000000 R14: 00007f47c55b5fa0 R15: 00007ffcf1f42248 [ 512.187637][T11922] [ 512.465029][T11917] fido_id[11917]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 512.641130][ C1] net_ratelimit: 5543 callbacks suppressed [ 512.641156][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 512.660123][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 512.670858][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 512.673145][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 512.679202][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 512.692247][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 512.712183][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 512.725205][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 512.738322][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 512.751435][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 512.764444][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 512.777538][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 512.831711][ T2346] pvrusb2: Attached sub-driver cx25840 [ 512.837239][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 512.850001][T11924] FAULT_INJECTION: forcing a failure. [ 512.850001][T11924] name failslab, interval 1, probability 0, space 0, times 0 [ 512.862957][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 512.900218][T11924] CPU: 0 UID: 0 PID: 11924 Comm: syz.1.1983 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 512.900246][T11924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 512.900258][T11924] Call Trace: [ 512.900267][T11924] [ 512.900276][T11924] dump_stack_lvl+0x189/0x250 [ 512.900305][T11924] ? __pfx____ratelimit+0x10/0x10 [ 512.900335][T11924] ? __pfx_dump_stack_lvl+0x10/0x10 [ 512.900357][T11924] ? __pfx__printk+0x10/0x10 [ 512.900385][T11924] ? __pfx___might_resched+0x10/0x10 [ 512.900407][T11924] ? fs_reclaim_acquire+0x7d/0x100 [ 512.900439][T11924] should_fail_ex+0x414/0x560 [ 512.900469][T11924] should_failslab+0xa8/0x100 [ 512.900497][T11924] __kmalloc_cache_noprof+0x70/0x3d0 [ 512.900520][T11924] ? nfnetlink_rcv+0xeff/0x2520 [ 512.900555][T11924] nfnetlink_rcv+0xeff/0x2520 [ 512.900624][T11924] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 512.900666][T11924] ? ref_tracker_free+0x63a/0x7d0 [ 512.900725][T11924] ? __netlink_deliver_tap+0x807/0x850 [ 512.900760][T11924] ? netlink_deliver_tap+0x2e/0x1b0 [ 512.900781][T11924] ? netlink_deliver_tap+0x2e/0x1b0 [ 512.900810][T11924] netlink_unicast+0x75b/0x8d0 [ 512.900845][T11924] netlink_sendmsg+0x805/0xb30 [ 512.900879][T11924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.900907][T11924] ? aa_sock_msg_perm+0x94/0x160 [ 512.900929][T11924] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 512.900957][T11924] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.900994][T11924] __sock_sendmsg+0x21c/0x270 [ 512.901018][T11924] ____sys_sendmsg+0x505/0x830 [ 512.901050][T11924] ? __pfx_____sys_sendmsg+0x10/0x10 [ 512.901085][T11924] ? import_iovec+0x74/0xa0 [ 512.901108][T11924] ___sys_sendmsg+0x21f/0x2a0 [ 512.901137][T11924] ? __pfx____sys_sendmsg+0x10/0x10 [ 512.901204][T11924] ? __fget_files+0x2a/0x420 [ 512.901231][T11924] ? __fget_files+0x3a0/0x420 [ 512.901270][T11924] __x64_sys_sendmsg+0x19b/0x260 [ 512.901298][T11924] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 512.901334][T11924] ? __pfx_ksys_write+0x10/0x10 [ 512.901357][T11924] ? rcu_is_watching+0x15/0xb0 [ 512.901386][T11924] ? do_syscall_64+0xbe/0x3b0 [ 512.901409][T11924] do_syscall_64+0xfa/0x3b0 [ 512.901426][T11924] ? lockdep_hardirqs_on+0x9c/0x150 [ 512.901453][T11924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.901472][T11924] ? clear_bhb_loop+0x60/0xb0 [ 512.901496][T11924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.901514][T11924] RIP: 0033:0x7f76ab58e929 [ 512.901532][T11924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.901548][T11924] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 512.901569][T11924] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 512.901583][T11924] RDX: 0000000004048010 RSI: 0000200000000080 RDI: 0000000000000003 [ 512.901596][T11924] RBP: 00007f76ac409090 R08: 0000000000000000 R09: 0000000000000000 [ 512.901608][T11924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.901620][T11924] R13: 0000000000000000 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 512.901653][T11924] [ 513.435806][T11930] netlink: 'syz.0.1986': attribute type 1 has an invalid length. [ 513.443751][T11930] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1986'. [ 513.790939][ T9] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 513.960312][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 513.967834][ T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 513.991556][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.044313][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 514.053536][T11934] netlink: 'syz.0.1988': attribute type 1 has an invalid length. [ 514.080271][T11934] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1988'. [ 514.093329][ T9] pvrusb2: ********** [ 514.097387][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 514.139671][ T9] pvrusb2: Important functionality might not be entirely working. [ 514.190325][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 514.232919][T11938] FAULT_INJECTION: forcing a failure. [ 514.232919][T11938] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 514.256720][ T9] pvrusb2: ********** [ 514.268073][ T2346] pvrusb2: Invalid write control endpoint [ 514.378671][T11938] CPU: 0 UID: 0 PID: 11938 Comm: syz.1.1989 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 514.378701][T11938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.378713][T11938] Call Trace: [ 514.378722][T11938] [ 514.378731][T11938] dump_stack_lvl+0x189/0x250 [ 514.378760][T11938] ? __pfx____ratelimit+0x10/0x10 [ 514.378790][T11938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.378813][T11938] ? __pfx__printk+0x10/0x10 [ 514.378838][T11938] ? fs_reclaim_acquire+0x7d/0x100 [ 514.378875][T11938] should_fail_ex+0x414/0x560 [ 514.378904][T11938] prepare_alloc_pages+0x213/0x610 [ 514.378941][T11938] __alloc_frozen_pages_noprof+0x123/0x370 [ 514.378975][T11938] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 514.379014][T11938] ? policy_nodemask+0x27c/0x720 [ 514.379036][T11938] ? __lock_acquire+0xab9/0xd20 [ 514.379062][T11938] alloc_pages_mpol+0x232/0x4a0 [ 514.379094][T11938] vma_alloc_folio_noprof+0xe4/0x200 [ 514.379118][T11938] ? page_table_check_set+0x18d/0x730 [ 514.379144][T11938] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 514.379184][T11938] folio_prealloc+0x30/0x180 [ 514.379211][T11938] __handle_mm_fault+0x2c88/0x5620 [ 514.379256][T11938] ? __pfx___handle_mm_fault+0x10/0x10 [ 514.379295][T11938] ? follow_page_pte+0x8d6/0x14b0 [ 514.379328][T11938] handle_mm_fault+0x40a/0x8e0 [ 514.379363][T11938] __get_user_pages+0x1af4/0x30b0 [ 514.379381][T11938] ? stack_depot_save_flags+0x40/0x900 [ 514.379420][T11938] ? __kvmalloc_node_noprof+0x30d/0x5f0 [ 514.379466][T11938] ? __pfx___get_user_pages+0x10/0x10 [ 514.379499][T11938] __gup_longterm_locked+0x3e3/0x15b0 [ 514.379530][T11938] ? xdp_umem_pin_pages+0xc6/0x340 [ 514.379564][T11938] ? rcu_is_watching+0x15/0xb0 [ 514.379585][T11938] ? xdp_umem_pin_pages+0x52/0x340 [ 514.379616][T11938] pin_user_pages+0x9e/0xd0 [ 514.379656][T11938] xdp_umem_pin_pages+0x117/0x340 [ 514.379691][T11938] xdp_umem_create+0x677/0x8e0 [ 514.379731][T11938] xsk_setsockopt+0x62a/0x710 [ 514.379761][T11938] ? __pfx_xsk_setsockopt+0x10/0x10 [ 514.379785][T11938] ? __lock_acquire+0xab9/0xd20 [ 514.379810][T11938] ? aa_sock_opt_perm+0x74/0x110 [ 514.379833][T11938] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 514.379851][T11938] ? __pfx_xsk_setsockopt+0x10/0x10 [ 514.379877][T11938] do_sock_setsockopt+0x25a/0x3e0 [ 514.379902][T11938] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 514.379929][T11938] ? __fget_files+0x2a/0x420 [ 514.379966][T11938] __x64_sys_setsockopt+0x18b/0x220 [ 514.379996][T11938] do_syscall_64+0xfa/0x3b0 [ 514.380014][T11938] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.380040][T11938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.380059][T11938] ? clear_bhb_loop+0x60/0xb0 [ 514.380083][T11938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.380101][T11938] RIP: 0033:0x7f76ab58e929 [ 514.380120][T11938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.380136][T11938] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 514.380158][T11938] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 514.380172][T11938] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 514.380184][T11938] RBP: 00007f76ac409090 R08: 0000000000000020 R09: 0000000000000000 [ 514.380196][T11938] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000002 [ 514.380208][T11938] R13: 0000000000000000 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 514.380241][T11938] [ 514.800974][ T2346] pvrusb2: Invalid write control endpoint [ 514.806865][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 514.817389][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 514.825497][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 514.835673][ T2346] pvrusb2: Device being rendered inoperable [ 514.841861][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 514.850702][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 514.859326][ T2346] pvrusb2: Attached sub-driver cx25840 [ 514.865049][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 514.875195][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 514.933004][ T10] usb 6-1: USB disconnect, device number 15 [ 515.172208][ T9] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 515.329604][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 515.347404][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.359201][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.435518][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 515.477367][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.523347][ T9] usb 1-1: config 0 descriptor?? [ 515.574942][ T9] hub 1-1:0.0: USB hub found [ 515.699539][ T10] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 515.764755][ T9] hub 1-1:0.0: config failed, can't read hub descriptor (err -90) [ 515.893904][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.905534][ T10] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 515.917893][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.931674][ T10] usb 2-1: config 0 descriptor?? [ 515.939830][ T5915] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 515.978988][T11941] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 515.996868][T11941] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 516.022455][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 516.049845][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 516.112740][ T9] usb 1-1: USB disconnect, device number 109 [ 516.130111][ T5915] usb 6-1: Using ep0 maxpacket: 8 [ 516.152736][ T5915] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 516.169622][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.189986][T11944] vivid-000: disconnect [ 516.225901][ T5915] pvrusb2: Hardware description: Terratec Grabster AV400 [ 516.237618][ T5915] pvrusb2: ********** [ 516.246194][ T5915] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 516.257250][ T5915] pvrusb2: Important functionality might not be entirely working. [ 516.269128][ T5915] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 516.283584][ T5915] pvrusb2: ********** [ 516.429604][ T2346] pvrusb2: Invalid write control endpoint [ 516.439428][ T10] keytouch 0003:0926:3333.0044: fixing up Keytouch IEC report descriptor [ 516.496802][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0044/input/input91 [ 516.622955][ T2346] pvrusb2: Invalid write control endpoint [ 516.664123][ T5915] usb 6-1: USB disconnect, device number 16 [ 516.702562][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 516.794986][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 516.819958][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 516.847590][ T2346] pvrusb2: Device being rendered inoperable [ 516.894194][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 516.924031][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 516.953067][ T10] keytouch 0003:0926:3333.0044: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 516.988471][ T2346] pvrusb2: Attached sub-driver cx25840 [ 517.038840][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 517.063218][T11943] vivid-000: reconnect [ 517.142977][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 517.153805][ T10] usb 2-1: USB disconnect, device number 103 [ 517.400454][T11951] fido_id[11951]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 517.648952][ C1] net_ratelimit: 5573 callbacks suppressed [ 517.648975][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 517.668184][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 517.681364][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 517.694465][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 517.707668][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 517.720748][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 517.733897][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 517.746924][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 517.760036][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 517.773061][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 518.092745][T11964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1998'. [ 519.345817][T11973] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 519.807661][ T5915] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 519.952047][ T5202] Dev loop4: unable to read RDB block 7 [ 519.986193][ T5202] loop4: unable to read partition table [ 519.993171][ T5202] loop4: partition table beyond EOD, truncated [ 520.009754][ T5915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.048802][ T5915] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 520.089186][ T10] usb 2-1: new low-speed USB device number 104 using dummy_hcd [ 520.098250][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.114178][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 520.151106][ T5915] usb 1-1: config 0 descriptor?? [ 520.257628][ T10] usb 2-1: device descriptor read/64, error -71 [ 520.324814][T11992] FAULT_INJECTION: forcing a failure. [ 520.324814][T11992] name failslab, interval 1, probability 0, space 0, times 0 [ 520.341285][T11992] CPU: 0 UID: 0 PID: 11992 Comm: syz.5.2011 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 520.341320][T11992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 520.341331][T11992] Call Trace: [ 520.341340][T11992] [ 520.341350][T11992] dump_stack_lvl+0x189/0x250 [ 520.341379][T11992] ? __pfx____ratelimit+0x10/0x10 [ 520.341410][T11992] ? __pfx_dump_stack_lvl+0x10/0x10 [ 520.341432][T11992] ? __pfx__printk+0x10/0x10 [ 520.341458][T11992] ? __pfx___might_resched+0x10/0x10 [ 520.341480][T11992] ? fs_reclaim_acquire+0x7d/0x100 [ 520.341512][T11992] should_fail_ex+0x414/0x560 [ 520.341543][T11992] should_failslab+0xa8/0x100 [ 520.341570][T11992] __kmalloc_noprof+0xcb/0x4f0 [ 520.341592][T11992] ? tomoyo_encode+0x28b/0x550 [ 520.341619][T11992] tomoyo_encode+0x28b/0x550 [ 520.341647][T11992] tomoyo_realpath_from_path+0x58d/0x5d0 [ 520.341694][T11992] tomoyo_check_open_permission+0x1c1/0x3b0 [ 520.341722][T11992] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 520.341745][T11992] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 520.341773][T11992] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 520.341800][T11992] ? __se_sys_ioctl+0xfc/0x170 [ 520.341865][T11992] ? tomoyo_file_open+0x165/0x220 [ 520.341895][T11992] security_file_open+0xb1/0x270 [ 520.341921][T11992] do_dentry_open+0x35e/0x1970 [ 520.341959][T11992] vfs_open+0x3b/0x340 [ 520.341983][T11992] dentry_open+0x61/0xa0 [ 520.342002][T11992] ptm_open_peer+0x1b2/0x230 [ 520.342033][T11992] ? __pfx_ptm_open_peer+0x10/0x10 [ 520.342059][T11992] ? __fget_files+0x2a/0x420 [ 520.342086][T11992] ? __fget_files+0x3a0/0x420 [ 520.342111][T11992] ? __fget_files+0x2a/0x420 [ 520.342141][T11992] tty_ioctl+0x4a5/0xde0 [ 520.342160][T11992] ? __pfx_tty_ioctl+0x10/0x10 [ 520.342180][T11992] __se_sys_ioctl+0xfc/0x170 [ 520.342206][T11992] do_syscall_64+0xfa/0x3b0 [ 520.342224][T11992] ? lockdep_hardirqs_on+0x9c/0x150 [ 520.342252][T11992] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.342270][T11992] ? clear_bhb_loop+0x60/0xb0 [ 520.342295][T11992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.342313][T11992] RIP: 0033:0x7f0ad778e929 [ 520.342332][T11992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.342349][T11992] RSP: 002b:00007f0ad852f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 520.342370][T11992] RAX: ffffffffffffffda RBX: 00007f0ad79b5fa0 RCX: 00007f0ad778e929 [ 520.342384][T11992] RDX: 0000000000001000 RSI: 0000000000005441 RDI: 0000000000000003 [ 520.342397][T11992] RBP: 00007f0ad852f090 R08: 0000000000000000 R09: 0000000000000000 [ 520.342409][T11992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 520.342422][T11992] R13: 0000000000000000 R14: 00007f0ad79b5fa0 R15: 00007ffecb42af08 [ 520.342455][T11992] [ 520.342510][T11992] ERROR: Out of memory at tomoyo_realpath_from_path. [ 520.650429][T11984] vivid-000: disconnect [ 520.705701][ T5202] Dev loop4: unable to read RDB block 7 [ 520.711733][ T5202] loop4: unable to read partition table [ 520.733382][ T5202] loop4: partition table beyond EOD, truncated [ 520.776950][ T10] usb 2-1: new low-speed USB device number 105 using dummy_hcd [ 520.882597][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 520.899079][ T5915] keytouch 0003:0926:3333.0045: fixing up Keytouch IEC report descriptor [ 520.926879][ T10] usb 2-1: device descriptor read/64, error -71 [ 520.942667][ T5915] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0045/input/input92 [ 521.003758][T11994] netlink: 'syz.5.2012': attribute type 1 has an invalid length. [ 521.042428][T11994] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2012'. [ 521.084756][ T10] usb usb2-port1: attempt power cycle [ 521.186213][ T5915] keytouch 0003:0926:3333.0045: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 521.248446][T11999] FAT-fs (rnullb0): bogus number of reserved sectors [ 521.278923][T11999] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 521.429124][T11983] vivid-000: reconnect [ 521.447793][ T5915] usb 1-1: USB disconnect, device number 110 [ 521.458470][ T10] usb 2-1: new low-speed USB device number 106 using dummy_hcd [ 521.537931][ T10] usb 2-1: device descriptor read/8, error -71 [ 521.624502][T12000] fido_id[12000]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 521.643220][T12002] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 521.653251][T12002] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 521.822740][ T5202] Dev loop4: unable to read RDB block 7 [ 521.829471][ T10] usb 2-1: new low-speed USB device number 107 using dummy_hcd [ 521.848537][ T5202] loop4: unable to read partition table [ 521.854771][ T5202] loop4: partition table beyond EOD, truncated [ 521.867337][ T10] usb 2-1: device descriptor read/8, error -71 [ 521.896279][ T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 521.999394][ T10] usb usb2-port1: unable to enumerate USB device [ 522.063519][T11211] udevd[11211]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 522.093371][ T9] usb 5-1: config 1 interface 0 altsetting 64 bulk endpoint 0x82 has invalid maxpacket 8 [ 522.128217][ T9] usb 5-1: config 1 interface 0 altsetting 64 bulk endpoint 0x3 has invalid maxpacket 1024 [ 522.175540][ T9] usb 5-1: config 1 interface 0 has no altsetting 0 [ 522.203202][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 522.215246][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.234941][ T9] usb 5-1: Product: syz [ 522.247867][ T9] usb 5-1: Manufacturer: ਜ਼㸗ἒ삳åå—­î’酃笡쓹á˜îš‹î–˜è‘¸ê±¹ì¦í”±8ãƒî³’뤤旎ïæ«’í–³íšä±§á•»æ§¥çª˜éªŽã¹•åž”è‚¢ [ 522.284075][ T9] usb 5-1: SerialNumber: syz [ 522.324503][T12003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 522.344060][T12003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 522.594920][ T9] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 522.656146][ C1] net_ratelimit: 5578 callbacks suppressed [ 522.656168][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 522.675024][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 522.687951][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 522.700414][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 522.712923][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 522.725227][ T9] usb 5-1: USB disconnect, device number 25 [ 522.732130][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 522.745438][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 522.758030][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 522.770580][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 522.783737][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 523.251306][ T30] audit: type=1400 audit(1750644087.229:3115): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12012 comm="syz.1.2017" [ 523.395690][ T5202] Dev loop4: unable to read RDB block 7 [ 523.401403][ T5202] loop4: unable to read partition table [ 523.449220][ T5202] loop4: partition table beyond EOD, truncated [ 523.563647][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 523.850835][T12020] FAULT_INJECTION: forcing a failure. [ 523.850835][T12020] name failslab, interval 1, probability 0, space 0, times 0 [ 523.871570][T12020] CPU: 0 UID: 0 PID: 12020 Comm: syz.1.2020 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 523.871600][T12020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 523.871612][T12020] Call Trace: [ 523.871621][T12020] [ 523.871630][T12020] dump_stack_lvl+0x189/0x250 [ 523.871658][T12020] ? __pfx____ratelimit+0x10/0x10 [ 523.871698][T12020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 523.871721][T12020] ? __pfx__printk+0x10/0x10 [ 523.871750][T12020] ? __pfx___might_resched+0x10/0x10 [ 523.871771][T12020] ? fs_reclaim_acquire+0x7d/0x100 [ 523.871803][T12020] should_fail_ex+0x414/0x560 [ 523.871833][T12020] should_failslab+0xa8/0x100 [ 523.871860][T12020] kmem_cache_alloc_noprof+0x73/0x3c0 [ 523.871890][T12020] ? alloc_empty_file+0x55/0x1d0 [ 523.871916][T12020] alloc_empty_file+0x55/0x1d0 [ 523.871938][T12020] alloc_file_pseudo+0x13d/0x210 [ 523.871961][T12020] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 523.871981][T12020] ? security_socket_post_create+0x83/0x360 [ 523.872016][T12020] sock_alloc_file+0xb8/0x2e0 [ 523.872049][T12020] __sys_socketpair+0x387/0x560 [ 523.872077][T12020] __x64_sys_socketpair+0x9b/0xb0 [ 523.872100][T12020] do_syscall_64+0xfa/0x3b0 [ 523.872118][T12020] ? lockdep_hardirqs_on+0x9c/0x150 [ 523.872144][T12020] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.872164][T12020] ? clear_bhb_loop+0x60/0xb0 [ 523.872188][T12020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.872206][T12020] RIP: 0033:0x7f76ab58e929 [ 523.872225][T12020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.872242][T12020] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 523.872264][T12020] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 523.872278][T12020] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 523.872290][T12020] RBP: 00007f76ac409090 R08: 0000000000000000 R09: 0000000000000000 [ 523.872302][T12020] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000002 [ 523.872314][T12020] R13: 0000000000000001 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 523.872346][T12020] [ 524.093054][ C0] vkms_vblank_simulate: vblank timer overrun [ 524.110790][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 524.448762][ T10] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 17 [ 524.465320][ T10] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 524.498806][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.540274][ T10] usb 5-1: config 0 descriptor?? [ 524.811470][T12033] vxfs: WRONG superblock magic 00000000 at 1 [ 524.824856][T12033] vxfs: WRONG superblock magic 00000000 at 8 [ 524.831051][T12033] vxfs: can't find superblock. [ 524.945069][ T10] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 525.132443][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.165969][ T10] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 525.194526][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.215016][ T10] usb 2-1: config 0 descriptor?? [ 525.423058][T12031] vivid-000: disconnect [ 525.492365][T12041] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 525.512015][T12042] vxfs: WRONG superblock magic 00000000 at 1 [ 525.538240][T12041] /dev/rnullb0: Can't open blockdev [ 525.566428][T12042] vxfs: WRONG superblock magic 00000000 at 8 [ 525.572585][T12042] vxfs: can't find superblock. [ 525.643251][ T10] keytouch 0003:0926:3333.0046: fixing up Keytouch IEC report descriptor [ 525.709922][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0046/input/input93 [ 525.921633][ T10] keytouch 0003:0926:3333.0046: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 526.079214][T12047] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2031'. [ 526.121370][T12051] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 526.159365][T12051] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 526.178895][T12030] vivid-000: reconnect [ 526.194920][ T9] usb 2-1: USB disconnect, device number 108 [ 526.402385][T12050] fido_id[12050]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 526.422334][ T10] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 526.604075][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 526.625779][ T10] usb 1-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 526.660796][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.724223][ T10] usb 1-1: config 0 descriptor?? [ 526.807056][ T9] usb 5-1: USB disconnect, device number 26 [ 526.907087][ T5202] Dev loop4: unable to read RDB block 7 [ 526.916534][ T5202] loop4: unable to read partition table [ 526.922602][ T5202] loop4: partition table beyond EOD, truncated [ 527.016320][T12058] vxfs: WRONG superblock magic 00000000 at 1 [ 527.034193][T12058] vxfs: WRONG superblock magic 00000000 at 8 [ 527.041813][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 527.055974][T12058] vxfs: can't find superblock. [ 527.173921][ T10] uclogic 0003:145F:0212.0047: interface is invalid, ignoring [ 527.203969][ T5202] Dev loop4: unable to read RDB block 7 [ 527.230741][ T5202] loop4: unable to read partition table [ 527.249381][ T5202] loop4: partition table beyond EOD, truncated [ 527.403512][ T10] usb 1-1: USB disconnect, device number 111 [ 527.420128][T12062] sp0: Synchronizing with TNC [ 527.433556][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 527.552707][T12061] 8021q: VLANs not supported on lo [ 527.663602][ C1] net_ratelimit: 7054 callbacks suppressed [ 527.663624][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 527.682592][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 527.695634][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 527.708405][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 527.721105][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 527.734317][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 527.735886][ T5944] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 527.747364][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 527.766896][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 527.779411][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 527.792527][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 527.938884][ T5944] usb 2-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 527.960745][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.980927][ T5944] usb 2-1: Product: syz [ 527.991048][ T5944] usb 2-1: Manufacturer: syz [ 528.008299][ T5944] usb 2-1: SerialNumber: syz [ 528.037960][ T5944] usb 2-1: config 0 descriptor?? [ 528.068801][ T5944] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 528.279452][ T5202] Dev loop4: unable to read RDB block 7 [ 528.291528][ T5944] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 528.319215][ T5202] loop4: unable to read partition table [ 528.326669][ T5944] sq905c 2-1:0.0: Get version command failed [ 528.332813][ T5944] sq905c 2-1:0.0: probe with driver sq905c failed with error -71 [ 528.363903][ T5202] loop4: partition table beyond EOD, truncated [ 528.416293][ T5944] usb 2-1: USB disconnect, device number 109 [ 528.436720][T12072] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 528.443300][T12072] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 528.507837][T12072] vhci_hcd vhci_hcd.0: Device attached [ 528.772135][ T10] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 528.799627][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 529.040301][T12090] FAULT_INJECTION: forcing a failure. [ 529.040301][T12090] name failslab, interval 1, probability 0, space 0, times 0 [ 529.070486][T12090] CPU: 0 UID: 0 PID: 12090 Comm: syz.0.2043 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 529.070519][T12090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 529.070530][T12090] Call Trace: [ 529.070539][T12090] [ 529.070548][T12090] dump_stack_lvl+0x189/0x250 [ 529.070578][T12090] ? __pfx____ratelimit+0x10/0x10 [ 529.070624][T12090] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.070648][T12090] ? __pfx__printk+0x10/0x10 [ 529.070678][T12090] ? __pfx___might_resched+0x10/0x10 [ 529.070700][T12090] ? fs_reclaim_acquire+0x7d/0x100 [ 529.070732][T12090] should_fail_ex+0x414/0x560 [ 529.070761][T12090] should_failslab+0xa8/0x100 [ 529.070789][T12090] kmem_cache_alloc_noprof+0x73/0x3c0 [ 529.070811][T12090] ? __kernfs_new_node+0xd7/0x7e0 [ 529.070835][T12090] __kernfs_new_node+0xd7/0x7e0 [ 529.070852][T12090] ? __lock_acquire+0xab9/0xd20 [ 529.070880][T12090] ? __pfx___kernfs_new_node+0x10/0x10 [ 529.070900][T12090] ? kernfs_root+0x1c/0x230 [ 529.070926][T12090] ? kernfs_root+0x1c/0x230 [ 529.070943][T12090] ? kernfs_root+0x1c/0x230 [ 529.070958][T12090] ? kernfs_root+0x1c/0x230 [ 529.070982][T12090] kernfs_new_node+0x102/0x210 [ 529.071007][T12090] __kernfs_create_file+0x4b/0x2e0 [ 529.071035][T12090] sysfs_add_file_mode_ns+0x238/0x300 [ 529.071071][T12090] internal_create_group+0x66d/0x1110 [ 529.071110][T12090] ? __pfx_internal_create_group+0x10/0x10 [ 529.071131][T12090] ? kernfs_add_one+0xf0/0x520 [ 529.071159][T12090] sysfs_create_groups+0x59/0x120 [ 529.071182][T12090] device_add_attrs+0xe0/0x5a0 [ 529.071211][T12090] ? __pfx_device_add_attrs+0x10/0x10 [ 529.071238][T12090] ? device_add_class_symlinks+0x21f/0x240 [ 529.071262][T12090] device_add+0x496/0xb50 [ 529.071280][T12090] ? device_initialize+0x24b/0x440 [ 529.071303][T12090] netdev_register_kobject+0x156/0x2f0 [ 529.071333][T12090] register_netdevice+0x126c/0x1ae0 [ 529.071378][T12090] ? __pfx_register_netdevice+0x10/0x10 [ 529.071409][T12090] ? tun_net_initialize+0x13f/0x450 [ 529.071429][T12090] ? __pfx_tun_net_initialize+0x10/0x10 [ 529.071449][T12090] ? alloc_netdev_mqs+0xdb2/0x11e0 [ 529.071484][T12090] tun_set_iff+0x844/0xef0 [ 529.071513][T12090] __tun_chr_ioctl+0x788/0x1df0 [ 529.071540][T12090] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 529.071565][T12090] ? __fget_files+0x2a/0x420 [ 529.071598][T12090] ? __fget_files+0x3a0/0x420 [ 529.071624][T12090] ? __fget_files+0x2a/0x420 [ 529.071654][T12090] ? bpf_lsm_file_ioctl+0x9/0x20 [ 529.071674][T12090] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 529.071699][T12090] __se_sys_ioctl+0xfc/0x170 [ 529.071726][T12090] do_syscall_64+0xfa/0x3b0 [ 529.071743][T12090] ? lockdep_hardirqs_on+0x9c/0x150 [ 529.071771][T12090] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.071789][T12090] ? clear_bhb_loop+0x60/0xb0 [ 529.071813][T12090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.071830][T12090] RIP: 0033:0x7f47c538e929 [ 529.071847][T12090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.071863][T12090] RSP: 002b:00007f47c61fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 529.071885][T12090] RAX: ffffffffffffffda RBX: 00007f47c55b5fa0 RCX: 00007f47c538e929 [ 529.071899][T12090] RDX: 00002000000008c0 RSI: 00000000400454ca RDI: 0000000000000003 [ 529.071911][T12090] RBP: 00007f47c61fa090 R08: 0000000000000000 R09: 0000000000000000 [ 529.071924][T12090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 529.071936][T12090] R13: 0000000000000000 R14: 00007f47c55b5fa0 R15: 00007ffcf1f42248 [ 529.071969][T12090] [ 529.862589][ T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 529.873180][ T5202] Dev loop4: unable to read RDB block 7 [ 529.878858][ T5202] loop4: unable to read partition table [ 529.909351][ T5202] loop4: partition table beyond EOD, truncated [ 530.000531][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 530.023553][T12101] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2047'. [ 530.030629][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.057806][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 530.071226][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.117579][ T9] usb 5-1: config 0 descriptor?? [ 530.143055][ T5937] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 530.340315][T12095] vivid-000: disconnect [ 530.382206][ T5944] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 530.556107][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.569107][ T9] keytouch 0003:0926:3333.0048: fixing up Keytouch IEC report descriptor [ 530.591170][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.619523][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0048/input/input94 [ 530.645543][ T5944] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 530.663888][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.691270][ T5944] usb 2-1: config 0 descriptor?? [ 530.844038][ T9] keytouch 0003:0926:3333.0048: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 530.862321][ T5937] usb 6-1: config 1 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 530.932201][T12101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 530.970226][ T5937] usb 6-1: config 1 interface 0 has no altsetting 0 [ 530.998610][T12101] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 531.097552][T12094] vivid-000: reconnect [ 531.118465][ T9] usb 5-1: USB disconnect, device number 27 [ 531.227219][ T5937] usb 6-1: New USB device found, idVendor=04b3, idProduct=3105, bcdDevice= 0.40 [ 531.239633][T12107] fido_id[12107]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 531.311052][ T5944] kone 0003:1E7D:2CED.0049: unknown main item tag 0x0 [ 531.364885][ T5944] kone 0003:1E7D:2CED.0049: unknown main item tag 0x0 [ 531.408776][ T5944] kone 0003:1E7D:2CED.0049: unknown main item tag 0x0 [ 531.434088][ T5944] kone 0003:1E7D:2CED.0049: unknown main item tag 0x0 [ 531.477720][ T5944] kone 0003:1E7D:2CED.0049: unknown main item tag 0x0 [ 531.541571][ T5944] kone 0003:1E7D:2CED.0049: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0 [ 531.569624][T12073] vhci_hcd: connection reset by peer [ 531.611075][ T1060] vhci_hcd: stop threads [ 531.651214][ T1060] vhci_hcd: release socket [ 531.695151][ T5944] usb 2-1: USB disconnect, device number 110 [ 531.725328][ T1060] vhci_hcd: disconnect device [ 531.810481][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.835185][ T5937] usb 6-1: Product: syz [ 531.839420][ T5937] usb 6-1: Manufacturer: syz [ 531.885589][ T5937] usb 6-1: SerialNumber: syz [ 531.957499][T12112] fido_id[12112]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 532.154859][ T5937] usb 6-1: can't set config #1, error -71 [ 532.258089][ T5937] usb 6-1: USB disconnect, device number 17 [ 532.264255][ T5202] Dev loop4: unable to read RDB block 7 [ 532.264309][ T5202] loop4: unable to read partition table [ 532.264563][ T5202] loop4: partition table beyond EOD, truncated [ 532.339030][T12120] qnx4: no qnx4 filesystem (no root dir). [ 532.364049][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 532.449744][T12125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2055'. [ 532.466240][T12120] qnx4: no qnx4 filesystem (no root dir). [ 532.600890][ T9] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 532.648248][T12129] binder: 12128:12129 ioctl c0f8565c 200000000000 returned -22 [ 532.671151][ C1] net_ratelimit: 7356 callbacks suppressed [ 532.671174][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 532.689597][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 532.702113][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 532.715324][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 532.728264][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 532.740733][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 532.753534][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 532.766705][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 532.779835][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 532.792355][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 532.800962][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 532.831054][ T9] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 532.857390][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 532.882739][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=029c, bcdDevice= 0.00 [ 532.910782][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.970021][ T9] usb 1-1: config 0 descriptor?? [ 533.125560][T12133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2058'. [ 533.137202][ T5202] Dev loop4: unable to read RDB block 7 [ 533.153178][ T5202] loop4: unable to read partition table [ 533.173855][T12133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2058'. [ 533.190947][ T5202] loop4: partition table beyond EOD, truncated [ 533.214780][T12122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.255520][T12122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.318522][ T9] usb 1-1: USB disconnect, device number 112 [ 533.397261][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 533.530997][ T983] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 533.700432][ T983] usb 2-1: Using ep0 maxpacket: 16 [ 533.718216][ T983] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 533.750272][ T983] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 533.791412][ T983] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 533.813215][ T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 533.847555][ T983] usb 2-1: SerialNumber: syz [ 533.856436][T12142] gfs2: not a GFS2 filesystem [ 533.931762][ T10] vhci_hcd: vhci_device speed not set [ 534.101951][ T983] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 534.145588][ T983] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 534.182481][ T983] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 534.256094][ T983] usb 2-1: USB disconnect, device number 111 [ 534.358602][ T5202] Dev loop4: unable to read RDB block 7 [ 534.383490][ T5202] loop4: unable to read partition table [ 534.399707][ T5202] loop4: partition table beyond EOD, truncated [ 534.601294][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 534.949864][ T5944] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 535.040035][ T5202] Dev loop4: unable to read RDB block 7 [ 535.045718][ T5202] loop4: unable to read partition table [ 535.079657][ T5202] loop4: partition table beyond EOD, truncated [ 535.138112][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 535.169711][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 535.207635][T12160] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2070'. [ 535.218096][ T5944] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 535.233854][T12162] FAULT_INJECTION: forcing a failure. [ 535.233854][T12162] name failslab, interval 1, probability 0, space 0, times 0 [ 535.256870][ T5944] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.292067][T12162] CPU: 1 UID: 0 PID: 12162 Comm: syz.0.2071 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 535.292095][T12162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 535.292107][T12162] Call Trace: [ 535.292115][T12162] [ 535.292125][T12162] dump_stack_lvl+0x189/0x250 [ 535.292153][T12162] ? __pfx____ratelimit+0x10/0x10 [ 535.292183][T12162] ? __pfx_dump_stack_lvl+0x10/0x10 [ 535.292204][T12162] ? __pfx__printk+0x10/0x10 [ 535.292232][T12162] ? __pfx___might_resched+0x10/0x10 [ 535.292252][T12162] ? fs_reclaim_acquire+0x7d/0x100 [ 535.292281][T12162] should_fail_ex+0x414/0x560 [ 535.292308][T12162] ? nf_hook_entries_grow+0x27c/0x710 [ 535.292327][T12162] should_failslab+0xa8/0x100 [ 535.292350][T12162] __kvmalloc_node_noprof+0x161/0x5f0 [ 535.292373][T12162] ? nf_hook_entries_grow+0x27c/0x710 [ 535.292397][T12162] nf_hook_entries_grow+0x27c/0x710 [ 535.292435][T12162] __nf_register_net_hook+0x2c9/0x930 [ 535.292469][T12162] nf_register_net_hook+0xb2/0x190 [ 535.292492][T12162] nf_register_net_hooks+0x44/0x1b0 [ 535.292517][T12162] nf_ct_netns_do_get+0x3bf/0x5a0 [ 535.292542][T12162] ? __pfx_nf_ct_netns_do_get+0x10/0x10 [ 535.292568][T12162] ? nft_validate_register_store+0x188/0x1d0 [ 535.292595][T12162] ? nft_parse_register_store+0x239/0x2c0 [ 535.292622][T12162] nft_ct_get_init+0x5a4/0x8c0 [ 535.292650][T12162] nf_tables_newrule+0x178c/0x2890 [ 535.292692][T12162] ? __pfx_nf_tables_newrule+0x10/0x10 [ 535.292719][T12162] ? nfnl_pernet+0x23/0x240 [ 535.292768][T12162] ? __nla_parse+0x40/0x60 [ 535.292799][T12162] nfnetlink_rcv+0x112f/0x2520 [ 535.292861][T12162] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 535.292908][T12162] ? ref_tracker_free+0x63a/0x7d0 [ 535.292965][T12162] ? __netlink_deliver_tap+0x807/0x850 [ 535.293000][T12162] ? netlink_deliver_tap+0x2e/0x1b0 [ 535.293021][T12162] ? netlink_deliver_tap+0x2e/0x1b0 [ 535.293050][T12162] netlink_unicast+0x75b/0x8d0 [ 535.293084][T12162] netlink_sendmsg+0x805/0xb30 [ 535.293116][T12162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 535.293141][T12162] ? aa_sock_msg_perm+0x94/0x160 [ 535.293162][T12162] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 535.293189][T12162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 535.293212][T12162] __sock_sendmsg+0x21c/0x270 [ 535.293235][T12162] ____sys_sendmsg+0x505/0x830 [ 535.293266][T12162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 535.293300][T12162] ? import_iovec+0x74/0xa0 [ 535.293324][T12162] ___sys_sendmsg+0x21f/0x2a0 [ 535.293350][T12162] ? __pfx____sys_sendmsg+0x10/0x10 [ 535.293418][T12162] ? __fget_files+0x2a/0x420 [ 535.293443][T12162] ? __fget_files+0x3a0/0x420 [ 535.293480][T12162] __x64_sys_sendmsg+0x19b/0x260 [ 535.293507][T12162] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 535.293541][T12162] ? __pfx_ksys_write+0x10/0x10 [ 535.293561][T12162] ? rcu_is_watching+0x15/0xb0 [ 535.293588][T12162] ? do_syscall_64+0xbe/0x3b0 [ 535.293612][T12162] do_syscall_64+0xfa/0x3b0 [ 535.293629][T12162] ? lockdep_hardirqs_on+0x9c/0x150 [ 535.293657][T12162] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.293675][T12162] ? clear_bhb_loop+0x60/0xb0 [ 535.293699][T12162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.293717][T12162] RIP: 0033:0x7f47c538e929 [ 535.293746][T12162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.293763][T12162] RSP: 002b:00007f47c61fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 535.293786][T12162] RAX: ffffffffffffffda RBX: 00007f47c55b5fa0 RCX: 00007f47c538e929 [ 535.293800][T12162] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 535.293813][T12162] RBP: 00007f47c61fa090 R08: 0000000000000000 R09: 0000000000000000 [ 535.293825][T12162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 535.293837][T12162] R13: 0000000000000000 R14: 00007f47c55b5fa0 R15: 00007ffcf1f42248 [ 535.293871][T12162] [ 535.296927][ T5944] usb 6-1: config 0 descriptor?? [ 535.919576][ T5202] Dev loop4: unable to read RDB block 7 [ 535.934362][ T5202] loop4: unable to read partition table [ 535.958439][ T5202] loop4: partition table beyond EOD, truncated [ 535.966893][T12170] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 536.067410][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 536.134703][T12174] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 536.271875][ T5202] Dev loop4: unable to read RDB block 7 [ 536.277754][ T5202] loop4: unable to read partition table [ 536.296584][ T5202] loop4: partition table beyond EOD, truncated [ 536.419372][T12150] vivid-000: disconnect [ 536.454474][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 536.496837][T12177] gfs2: not a GFS2 filesystem [ 536.578368][T12180] gfs2: not a GFS2 filesystem [ 536.641205][ T5944] keytouch 0003:0926:3333.004A: fixing up Keytouch IEC report descriptor [ 536.710446][ T5944] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.004A/input/input95 [ 536.878344][ T5202] Dev loop4: unable to read RDB block 7 [ 536.886501][ T5944] keytouch 0003:0926:3333.004A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 536.995776][ T5202] loop4: unable to read partition table [ 537.012426][ T5202] loop4: partition table beyond EOD, truncated [ 537.270194][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 537.295527][T12149] vivid-000: reconnect [ 537.296879][ T5944] usb 6-1: USB disconnect, device number 18 [ 537.645198][T12187] fido_id[12187]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 537.678773][ C1] net_ratelimit: 7234 callbacks suppressed [ 537.678797][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 537.697740][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 537.710244][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 537.723339][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 537.736332][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 537.748825][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 537.761384][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 537.774622][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 537.787694][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 537.800187][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 537.848007][T12192] /dev/nullb0: Can't open blockdev [ 538.103197][ T5202] Dev loop4: unable to read RDB block 7 [ 538.131174][ T5202] loop4: unable to read partition table [ 538.165606][ T5202] loop4: partition table beyond EOD, truncated [ 538.366903][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 538.558924][ T5202] Dev loop4: unable to read RDB block 7 [ 538.616346][ T5202] loop4: unable to read partition table [ 538.635639][ T5202] loop4: partition table beyond EOD, truncated [ 538.850145][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 539.304505][T12212] FAULT_INJECTION: forcing a failure. [ 539.304505][T12212] name failslab, interval 1, probability 0, space 0, times 0 [ 539.366994][T12212] CPU: 0 UID: 0 PID: 12212 Comm: syz.1.2086 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 539.367027][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 539.367039][T12212] Call Trace: [ 539.367048][T12212] [ 539.367058][T12212] dump_stack_lvl+0x189/0x250 [ 539.367088][T12212] ? __pfx____ratelimit+0x10/0x10 [ 539.367118][T12212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 539.367140][T12212] ? __pfx__printk+0x10/0x10 [ 539.367168][T12212] ? __pfx___might_resched+0x10/0x10 [ 539.367190][T12212] ? fs_reclaim_acquire+0x7d/0x100 [ 539.367221][T12212] should_fail_ex+0x414/0x560 [ 539.367251][T12212] should_failslab+0xa8/0x100 [ 539.367277][T12212] kmem_cache_alloc_noprof+0x73/0x3c0 [ 539.367299][T12212] ? getname_flags+0xb8/0x540 [ 539.367323][T12212] getname_flags+0xb8/0x540 [ 539.367345][T12212] do_sys_openat2+0xbc/0x1c0 [ 539.367376][T12212] ? __pfx_do_sys_openat2+0x10/0x10 [ 539.367396][T12212] ? ksys_write+0x22a/0x250 [ 539.367419][T12212] ? __pfx_ksys_write+0x10/0x10 [ 539.367440][T12212] ? rcu_is_watching+0x15/0xb0 [ 539.367466][T12212] __x64_sys_openat+0x138/0x170 [ 539.367493][T12212] do_syscall_64+0xfa/0x3b0 [ 539.367510][T12212] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.367548][T12212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.367566][T12212] ? clear_bhb_loop+0x60/0xb0 [ 539.367591][T12212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.367609][T12212] RIP: 0033:0x7f76ab58e929 [ 539.367627][T12212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.367643][T12212] RSP: 002b:00007f76ac409038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 539.367665][T12212] RAX: ffffffffffffffda RBX: 00007f76ab7b5fa0 RCX: 00007f76ab58e929 [ 539.367679][T12212] RDX: 0000000000000000 RSI: 00002000000098c0 RDI: ffffffffffffff9c [ 539.367692][T12212] RBP: 00007f76ac409090 R08: 0000000000000000 R09: 0000000000000000 [ 539.367703][T12212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.367715][T12212] R13: 0000000000000001 R14: 00007f76ab7b5fa0 R15: 00007ffe4d683c48 [ 539.367746][T12212] [ 539.941995][T12207] syzkaller0: entered promiscuous mode [ 539.967679][T12207] syzkaller0: entered allmulticast mode [ 540.286251][ T5202] Dev loop4: unable to read RDB block 7 [ 540.307157][ T5202] loop4: unable to read partition table [ 540.330128][T12219] syzkaller1: left promiscuous mode [ 540.342834][ T5202] loop4: partition table beyond EOD, truncated [ 540.369919][T12219] syzkaller1: left allmulticast mode [ 540.413824][T12218] input: syz1 as /devices/virtual/input/input96 [ 540.470057][T12224] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2089'. [ 540.484044][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 540.596916][ T10] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 540.761450][ T10] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 540.780188][ T10] usb 1-1: config index 0 descriptor too short (expected 8192, got 27) [ 540.791388][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.802456][ T10] usb 1-1: config 0 has no interfaces? [ 540.813888][ T10] usb 1-1: config index 1 descriptor too short (expected 8192, got 27) [ 540.823732][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.836561][ T10] usb 1-1: config 0 has no interfaces? [ 540.855011][ T10] usb 1-1: config index 2 descriptor too short (expected 8192, got 27) [ 540.865964][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.892725][ T10] usb 1-1: config 0 has no interfaces? [ 540.902509][ T10] usb 1-1: config index 3 descriptor too short (expected 8192, got 27) [ 540.924487][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 540.937453][ T10] usb 1-1: config 0 has no interfaces? [ 540.965090][ T10] usb 1-1: config index 4 descriptor too short (expected 8192, got 27) [ 540.992101][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.004462][ T10] usb 1-1: config 0 has no interfaces? [ 541.014516][ T10] usb 1-1: config index 5 descriptor too short (expected 8192, got 27) [ 541.035893][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.061087][ T10] usb 1-1: config 0 has no interfaces? [ 541.072827][ T10] usb 1-1: config index 6 descriptor too short (expected 8192, got 27) [ 541.084279][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.100395][ T10] usb 1-1: config 0 has no interfaces? [ 541.108442][ T10] usb 1-1: config index 7 descriptor too short (expected 8192, got 27) [ 541.120771][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 541.133292][ T10] usb 1-1: config 0 has no interfaces? [ 541.145336][ T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 541.156147][ T10] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 541.167316][ T10] usb 1-1: Product: syz [ 541.171635][ T10] usb 1-1: Manufacturer: syz [ 541.217392][ T10] usb 1-1: SerialNumber: syz [ 541.234703][ T10] usb 1-1: config 0 descriptor?? [ 542.686571][ C1] net_ratelimit: 7181 callbacks suppressed [ 542.686594][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 542.705913][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 542.718529][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 542.731097][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 542.744438][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 542.757470][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 542.769891][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 542.782495][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 542.795440][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 542.808473][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 547.237587][ T983] usb 1-1: USB disconnect, device number 113 [ 547.340071][ T5202] Dev loop4: unable to read RDB block 7 [ 547.360444][ T5202] loop4: unable to read partition table [ 547.395388][ T5202] loop4: partition table beyond EOD, truncated [ 547.514595][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 547.595459][T12230] FAULT_INJECTION: forcing a failure. [ 547.595459][T12230] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 547.676618][T12230] CPU: 0 UID: 0 PID: 12230 Comm: syz.5.2092 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 547.676647][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 547.676658][T12230] Call Trace: [ 547.676666][T12230] [ 547.676676][T12230] dump_stack_lvl+0x189/0x250 [ 547.676704][T12230] ? __pfx____ratelimit+0x10/0x10 [ 547.676733][T12230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 547.676755][T12230] ? __pfx__printk+0x10/0x10 [ 547.676776][T12230] ? __might_fault+0xb0/0x130 [ 547.676811][T12230] should_fail_ex+0x414/0x560 [ 547.676840][T12230] _copy_to_iter+0x3f5/0x16f0 [ 547.676876][T12230] ? __pfx__copy_to_iter+0x10/0x10 [ 547.676896][T12230] ? __skb_try_recv_from_queue+0x58f/0x730 [ 547.676927][T12230] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 547.676958][T12230] __skb_datagram_iter+0xf8/0x990 [ 547.676987][T12230] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 547.677024][T12230] skb_copy_datagram_iter+0xc5/0x230 [ 547.677055][T12230] netlink_recvmsg+0x2ab/0xa30 [ 547.677090][T12230] ? __pfx_netlink_recvmsg+0x10/0x10 [ 547.677118][T12230] ? __lock_acquire+0xab9/0xd20 [ 547.677135][T12230] ? aa_sock_msg_perm+0x94/0x160 [ 547.677157][T12230] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 547.677186][T12230] ? __pfx_netlink_recvmsg+0x10/0x10 [ 547.677210][T12230] sock_recvmsg_nosec+0x183/0x1c0 [ 547.677233][T12230] ____sys_recvmsg+0x3aa/0x460 [ 547.677269][T12230] ? __pfx_____sys_recvmsg+0x10/0x10 [ 547.677309][T12230] ? import_iovec+0x74/0xa0 [ 547.677331][T12230] ___sys_recvmsg+0x1b5/0x510 [ 547.677362][T12230] ? __pfx____sys_recvmsg+0x10/0x10 [ 547.677435][T12230] ? __might_fault+0xb0/0x130 [ 547.677463][T12230] do_recvmmsg+0x307/0x770 [ 547.677497][T12230] ? __pfx_do_recvmmsg+0x10/0x10 [ 547.677537][T12230] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 547.677577][T12230] __x64_sys_recvmmsg+0x190/0x240 [ 547.677611][T12230] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 547.677634][T12230] ? rcu_is_watching+0x15/0xb0 [ 547.677661][T12230] ? do_syscall_64+0xbe/0x3b0 [ 547.677683][T12230] do_syscall_64+0xfa/0x3b0 [ 547.677700][T12230] ? lockdep_hardirqs_on+0x9c/0x150 [ 547.677727][T12230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.677746][T12230] ? clear_bhb_loop+0x60/0xb0 [ 547.677769][T12230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.677787][T12230] RIP: 0033:0x7f0ad778e929 [ 547.677805][T12230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.677822][T12230] RSP: 002b:00007f0ad852f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 547.677843][T12230] RAX: ffffffffffffffda RBX: 00007f0ad79b5fa0 RCX: 00007f0ad778e929 [ 547.677857][T12230] RDX: 0000000000000005 RSI: 00002000000086c0 RDI: 0000000000000003 [ 547.677870][T12230] RBP: 00007f0ad852f090 R08: 0000000000000000 R09: 0000000000000000 [ 547.677882][T12230] R10: 0000000000010102 R11: 0000000000000246 R12: 0000000000000002 [ 547.677893][T12230] R13: 0000000000000000 R14: 00007f0ad79b5fa0 R15: 00007ffecb42af08 [ 547.677925][T12230] [ 547.693798][ C1] net_ratelimit: 8482 callbacks suppressed [ 547.693820][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 547.813344][ T983] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 547.816000][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 547.832099][ T5202] Dev loop4: unable to read RDB block 7 [ 547.835166][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 547.873229][ T5202] loop4: unable to read partition table [ 547.877028][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 547.904984][ T5202] loop4: partition table beyond EOD, [ 547.908825][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 547.932031][T12241] netlink: 'syz.4.2096': attribute type 29 has an invalid length. [ 547.941279][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 547.961499][ T5202] truncated [ 547.965313][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 548.055384][T12242] netlink: 'syz.4.2096': attribute type 29 has an invalid length. [ 548.058094][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 548.086374][ T983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 548.095799][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:ba:cb:16:4f:32:2e, vlan:0) [ 548.114584][T12243] netlink: 'syz.4.2096': attribute type 29 has an invalid length. [ 548.118992][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 548.134464][ T983] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 548.255939][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 548.306238][T12241] netlink: 'syz.4.2096': attribute type 29 has an invalid length. [ 548.381975][T12247] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 548.455379][ T983] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.527562][ T983] usb 1-1: config 0 descriptor?? [ 548.535201][ T5202] Dev loop4: unable to read RDB block 7 [ 548.588855][ T5202] loop4: unable to read partition table [ 548.621262][ T5202] loop4: partition table beyond EOD, truncated [ 548.749085][T11207] udevd[11207]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 548.820393][T12233] vivid-000: disconnect [ 548.920578][ T5202] Dev loop4: unable to read RDB block 7 [ 548.944664][ T5202] loop4: unable to read partition table [ 548.958574][ T5202] loop4: partition table beyond EOD, truncated [ 549.063547][ T983] keytouch 0003:0926:3333.004B: fixing up Keytouch IEC report descriptor [ 549.112222][T11212] udevd[11212]: symlink '../../loop4' '/dev/disk/by-diskseq/82.tmp-b7:4' failed: Read-only file system [ 549.161983][ T983] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.004B/input/input97 [ 549.414996][ T983] keytouch 0003:0926:3333.004B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 549.447766][ T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 549.619660][T12232] vivid-000: reconnect [ 549.657196][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 549.662901][ T983] usb 1-1: USB disconnect, device number 114 [ 549.700790][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.742392][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 549.782110][T12260] fido_id[12260]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 549.805396][ T10] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 549.837684][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.868502][ T10] usb 5-1: config 0 descriptor?? [ 550.092550][ T31] INFO: task syz.3.1639:10881 blocked for more than 143 seconds. [ 550.105662][ T31] Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 [ 550.165215][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 550.196080][ T10] hid-multitouch 0003:1FD2:6007.004C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 550.227919][ T31] task:syz.3.1639 state:D stack:25960 pid:10881 tgid:10879 ppid:5834 task_flags:0x400140 flags:0x00004006 [ 550.251393][T12267] vcan0: tx drop: invalid da for name 0x00000000feffffff [ 550.278421][ T31] Call Trace: [ 550.287520][ T31] [ 550.294018][ T31] __schedule+0x16f5/0x4d00 [ 550.304506][ T31] ? do_raw_spin_lock+0x121/0x290 [ 550.316642][ T31] ? schedule+0x165/0x360 [ 550.327590][ T31] ? __lock_acquire+0xab9/0xd20 [ 550.345417][ T31] ? __pfx___schedule+0x10/0x10 [ 550.365071][ T31] ? schedule+0x91/0x360 [ 550.385169][ T31] schedule+0x165/0x360 [ 550.400069][ T31] netfs_wait_for_request+0x1f0/0x600 [ 550.419482][ T31] ? __pfx_netfs_write_collection+0x10/0x10 [ 550.437393][ T10] usb 5-1: USB disconnect, device number 28 [ 550.453118][ T31] ? __pfx_netfs_wait_for_request+0x10/0x10 [ 550.486642][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 550.517231][ T31] netfs_unbuffered_write_iter_locked+0x52a/0x910 [ 550.533303][ T31] netfs_unbuffered_write_iter+0x4c4/0x660 [ 550.547992][ T31] do_iter_readv_writev+0x56e/0x7f0 [ 550.559543][ T31] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 550.573497][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 550.589757][ T31] vfs_writev+0x31a/0x960 [ 550.600925][ T31] ? __lock_acquire+0xab9/0xd20 [ 550.609521][ T31] ? __pfx_vfs_writev+0x10/0x10 [ 550.615147][ T31] ? __fget_files+0x2a/0x420 [ 550.620869][ T31] ? __fget_files+0x3a0/0x420 [ 550.628932][ T31] ? __fget_files+0x2a/0x420 [ 550.635359][ T31] do_writev+0x14d/0x2d0 [ 550.640292][ T31] ? __pfx_do_writev+0x10/0x10 [ 550.645889][ T31] ? rcu_is_watching+0x15/0xb0 [ 550.652621][ T31] ? do_syscall_64+0xbe/0x3b0 [ 550.657910][ T31] do_syscall_64+0xfa/0x3b0 [ 550.663299][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.669619][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 550.677924][ T31] ? clear_bhb_loop+0x60/0xb0 [ 550.683377][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.689674][ T31] RIP: 0033:0x7f660558e929 [ 550.696916][ T31] RSP: 002b:00007f6606455038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 550.706449][ T31] RAX: ffffffffffffffda RBX: 00007f66057b5fa0 RCX: 00007f660558e929 [ 550.718463][ T31] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000007 [ 550.728588][ T31] RBP: 00007f6605610b39 R08: 0000000000000000 R09: 0000000000000000 [ 550.740305][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.749057][ T31] R13: 0000000000000000 R14: 00007f66057b5fa0 R15: 00007fff53b1f948 [ 550.757578][ T31] [ 550.767751][ T31] [ 550.767751][ T31] Showing all locks held in the system: [ 550.781075][ T31] 1 lock held by khungtaskd/31: [ 550.786700][ T31] #0: ffffffff8e33ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 550.797747][ T31] 5 locks held by kworker/1:1/43: [ 550.805847][ T31] 2 locks held by getty/5598: [ 550.810968][ T31] #0: ffff88803135b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 550.854286][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 550.865085][ T31] 2 locks held by kworker/1:7/5937: [ 550.870471][ T31] 2 locks held by kworker/u8:9/9337: [ 550.876485][ T31] 3 locks held by syz.3.1639/10881: [ 550.883110][ T31] #0: ffff888033aea638 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 550.893004][ T31] #1: ffff888028afc428 (sb_writers#21){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 550.902543][ T31] #2: ffff888076ff0e28 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: netfs_start_io_direct+0x1ef/0x230 [ 550.917093][ T31] 1 lock held by syz.0.2093/12232: [ 550.922646][ T31] #0: ffffffff8e344840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 550.933311][ T31] 1 lock held by syz.1.2102/12261: [ 550.939772][ T31] #0: ffffffff8e344840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 550.964287][ T31] 2 locks held by syz.5.2103/12266: [ 550.976196][ T31] #0: ffff888058446e08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 551.000200][ T31] #1: ffff888027fd8258 (sk_lock-AF_CAN){+.+.}-{0:0}, at: j1939_sk_release+0xb3/0x790 [ 551.010501][ T5202] Dev loop4: unable to read RDB block 7 [ 551.016730][ T5202] loop4: unable to read partition table [ 551.025309][ T31] [ 551.027800][ T31] ============================================= [ 551.027800][ T31] [ 551.038121][ T5202] loop4: partition table beyond EOD, truncated [ 551.051070][ T31] NMI backtrace for cpu 0 [ 551.051092][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 551.051115][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 551.051126][ T31] Call Trace: [ 551.051135][ T31] [ 551.051144][ T31] dump_stack_lvl+0x189/0x250 [ 551.051170][ T31] ? __wake_up_klogd+0xd9/0x110 [ 551.051199][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.051221][ T31] ? __pfx__printk+0x10/0x10 [ 551.051255][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 551.051283][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 551.051305][ T31] ? _printk+0xcf/0x120 [ 551.051330][ T31] ? __pfx__printk+0x10/0x10 [ 551.051353][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 551.051384][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 551.051412][ T31] watchdog+0xfee/0x1030 [ 551.051433][ T31] ? watchdog+0x1de/0x1030 [ 551.051459][ T31] kthread+0x70e/0x8a0 [ 551.051487][ T31] ? __pfx_watchdog+0x10/0x10 [ 551.051505][ T31] ? __pfx_kthread+0x10/0x10 [ 551.051536][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 551.051559][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 551.051584][ T31] ? __pfx_kthread+0x10/0x10 [ 551.051610][ T31] ret_from_fork+0x3fc/0x770 [ 551.051634][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 551.051660][ T31] ? __switch_to_asm+0x39/0x70 [ 551.051683][ T31] ? __switch_to_asm+0x33/0x70 [ 551.051703][ T31] ? __pfx_kthread+0x10/0x10 [ 551.051811][ T31] ret_from_fork_asm+0x1a/0x30 [ 551.051850][ T31] [ 551.206238][ T31] Sending NMI from CPU 0 to CPUs 1: [ 551.211869][ C1] NMI backtrace for cpu 1 [ 551.211887][ C1] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 551.211906][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 551.211916][ C1] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker [ 551.211944][ C1] RIP: 0010:kasan_check_range+0x9b/0x2c0 [ 551.211966][ C1] Code: 01 00 00 00 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb <41> 80 3b 00 0f 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 [ 551.211980][ C1] RSP: 0018:ffffc90000a07ea8 EFLAGS: 00000286 [ 551.211993][ C1] RAX: ffff88807be44001 RBX: ffffffffffffffff RCX: ffffffff8a1efa1a [ 551.212014][ C1] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc90000a07f70 [ 551.212025][ C1] RBP: 0000000000000000 R08: ffffc90000a07f7f R09: 1ffff92000140fef [ 551.212035][ C1] R10: dffffc0000000000 R11: fffff52000140fef R12: 0000000000000002 [ 551.212046][ C1] R13: ffffc90000a07f60 R14: fffff52000140ff0 R15: 1ffff92000140fee [ 551.212057][ C1] FS: 0000000000000000(0000) GS:ffff888125b1c000(0000) knlGS:0000000000000000 [ 551.212070][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 551.212082][ C1] CR2: 0000555560e2b808 CR3: 000000000e138000 CR4: 00000000003526f0 [ 551.212098][ C1] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008 [ 551.212107][ C1] DR3: 1000000100000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 551.212118][ C1] Call Trace: [ 551.212124][ C1] [ 551.212134][ C1] __asan_memset+0x22/0x50 [ 551.212150][ C1] NF_HOOK+0x1da/0x3a0 [ 551.212169][ C1] ? skb_orphan+0xaf/0xd0 [ 551.212191][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 551.212210][ C1] ? NF_HOOK+0x9a/0x3a0 [ 551.212228][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 551.212254][ C1] __netif_receive_skb+0xd3/0x380 [ 551.212271][ C1] ? netif_receive_skb+0x115/0x790 [ 551.212292][ C1] netif_receive_skb+0x1cb/0x790 [ 551.212314][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 551.212336][ C1] ? br_netif_receive_skb+0x126/0x190 [ 551.212355][ C1] NF_HOOK+0x9d/0x390 [ 551.212371][ C1] ? __pfx_br_netif_receive_skb+0x10/0x10 [ 551.212387][ C1] ? NF_HOOK+0x102/0x390 [ 551.212402][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 551.212420][ C1] ? __pfx_br_netif_receive_skb+0x10/0x10 [ 551.212440][ C1] ? br_pass_frame_up+0x275/0x420 [ 551.212458][ C1] br_handle_frame_finish+0x14d1/0x19b0 [ 551.212481][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 551.212502][ C1] ? ip6t_do_table+0x1db/0x1560 [ 551.212522][ C1] ? nf_hook_slow+0x176/0x220 [ 551.212540][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 551.212556][ C1] br_nf_hook_thresh+0x3c3/0x4a0 [ 551.212577][ C1] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 551.212594][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 551.212610][ C1] ? nf_nat_ipv6_in+0x1fc/0x2b0 [ 551.212630][ C1] br_nf_pre_routing_finish_ipv6+0x948/0xd00 [ 551.212648][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 551.212668][ C1] ? br_nf_pre_routing_ipv6+0x42f/0x6b0 [ 551.212695][ C1] br_nf_pre_routing_ipv6+0x37e/0x6b0 [ 551.212714][ C1] ? __pfx_br_nf_pre_routing_ipv6+0x10/0x10 [ 551.212733][ C1] ? __pfx_br_nf_pre_routing_finish_ipv6+0x10/0x10 [ 551.212750][ C1] ? br_nf_pre_routing+0x720/0x1470 [ 551.212770][ C1] ? __pfx_br_nf_pre_routing+0x10/0x10 [ 551.212786][ C1] br_handle_frame+0x97f/0x14c0 [ 551.212806][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 551.212822][ C1] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 551.212843][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 551.212858][ C1] ? __pfx_rcu_read_lock_bh_held+0x10/0x10 [ 551.212878][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 551.212896][ C1] __netif_receive_skb_core+0x10e1/0x4180 [ 551.212915][ C1] ? ip6_mc_input+0x9c3/0xbe0 [ 551.212940][ C1] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 551.212954][ C1] ? ip6_rcv_finish+0x29a/0x2d0 [ 551.212975][ C1] ? NF_HOOK+0x30c/0x3a0 [ 551.212992][ C1] ? skb_orphan+0xaf/0xd0 [ 551.213018][ C1] ? process_backlog+0x2d5/0x14f0 [ 551.213034][ C1] ? process_backlog+0x2d5/0x14f0 [ 551.213052][ C1] __netif_receive_skb+0x72/0x380 [ 551.213068][ C1] ? process_backlog+0x2d5/0x14f0 [ 551.213085][ C1] process_backlog+0x60e/0x14f0 [ 551.213100][ C1] ? __lock_acquire+0xab9/0xd20 [ 551.213126][ C1] ? __pfx_process_backlog+0x10/0x10 [ 551.213147][ C1] __napi_poll+0xc4/0x480 [ 551.213161][ C1] ? net_rx_action+0x46d/0xe30 [ 551.213178][ C1] net_rx_action+0x707/0xe30 [ 551.213193][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 551.213220][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 551.213250][ C1] handle_softirqs+0x286/0x870 [ 551.213269][ C1] ? do_softirq+0xec/0x180 [ 551.213286][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 551.213305][ C1] ? kernel_fpu_end+0xc8/0x120 [ 551.213324][ C1] do_softirq+0xec/0x180 [ 551.213339][ C1] [ 551.213345][ C1] [ 551.213352][ C1] ? __pfx_do_softirq+0x10/0x10 [ 551.213369][ C1] ? __local_bh_disable_ip+0xf1/0x190 [ 551.213384][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 551.213402][ C1] ? lockdep_softirqs_on+0x13b/0x1c0 [ 551.213417][ C1] __local_bh_enable_ip+0x17d/0x1c0 [ 551.213433][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 551.213450][ C1] ? kernel_fpu_begin_mask+0x2c8/0x3a0 [ 551.213472][ C1] kernel_fpu_end+0xd2/0x120 [ 551.213490][ C1] ? __pfx_kernel_fpu_end+0x10/0x10 [ 551.213507][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 551.213528][ C1] ? arch_stack_walk+0x11c/0x150 [ 551.213548][ C1] blake2s_compress+0x5f/0xd0 [ 551.213564][ C1] blake2s_final+0x116/0x260 [ 551.213587][ C1] hmac+0x1c6/0x330 [ 551.213603][ C1] ? stack_depot_save_flags+0x40/0x900 [ 551.213622][ C1] ? __pfx_hmac+0x10/0x10 [ 551.213642][ C1] ? worker_thread+0x8a0/0xda0 [ 551.213659][ C1] ? kthread+0x70e/0x8a0 [ 551.213684][ C1] ? ret_from_fork+0x3fc/0x770 [ 551.213708][ C1] kdf+0xde/0x270 [ 551.213726][ C1] ? __pfx_kdf+0x10/0x10 [ 551.213744][ C1] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 551.213767][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 551.213787][ C1] wg_noise_handshake_begin_session+0x2c2/0xbd0 [ 551.213812][ C1] wg_packet_send_handshake_response+0x11d/0x2d0 [ 551.213835][ C1] ? __pfx_wg_packet_send_handshake_response+0x10/0x10 [ 551.213856][ C1] ? wg_socket_set_peer_endpoint_from_skb+0xc8/0x120 [ 551.213879][ C1] wg_packet_handshake_receive_worker+0x627/0xfb0 [ 551.213908][ C1] ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10 [ 551.213930][ C1] ? register_lock_class+0x51/0x320 [ 551.213947][ C1] ? __lock_acquire+0xab9/0xd20 [ 551.213966][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 551.213986][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 551.214005][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 551.214020][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 551.214037][ C1] process_scheduled_works+0xae1/0x17b0 [ 551.214064][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 551.214087][ C1] worker_thread+0x8a0/0xda0 [ 551.214114][ C1] kthread+0x70e/0x8a0 [ 551.214134][ C1] ? __pfx_worker_thread+0x10/0x10 [ 551.214150][ C1] ? __pfx_kthread+0x10/0x10 [ 551.214169][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 551.214188][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 551.214208][ C1] ? __pfx_kthread+0x10/0x10 [ 551.214227][ C1] ret_from_fork+0x3fc/0x770 [ 551.214243][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 551.214260][ C1] ? __switch_to_asm+0x39/0x70 [ 551.214278][ C1] ? __switch_to_asm+0x33/0x70 [ 551.214294][ C1] ? __pfx_kthread+0x10/0x10 [ 551.214313][ C1] ret_from_fork_asm+0x1a/0x30 [ 551.214337][ C1] [ 551.969764][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028874800: rx timeout, send abort [ 552.031704][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 552.038621][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 552.050565][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 552.060678][ T31] Call Trace: [ 552.064009][ T31] [ 552.066984][ T31] dump_stack_lvl+0x99/0x250 [ 552.071616][ T31] ? __asan_memcpy+0x40/0x70 [ 552.076511][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 552.081940][ T31] ? __pfx__printk+0x10/0x10 [ 552.086623][ T31] panic+0x2db/0x790 [ 552.090653][ T31] ? __pfx_panic+0x10/0x10 [ 552.095106][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 552.100963][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 552.106412][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 552.112807][ T31] watchdog+0x102d/0x1030 [ 552.117199][ T31] ? watchdog+0x1de/0x1030 [ 552.121818][ T31] kthread+0x70e/0x8a0 [ 552.125934][ T31] ? __pfx_watchdog+0x10/0x10 [ 552.130654][ T31] ? __pfx_kthread+0x10/0x10 [ 552.135302][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 552.140595][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 552.146201][ T31] ? __pfx_kthread+0x10/0x10 [ 552.150853][ T31] ret_from_fork+0x3fc/0x770 [ 552.155665][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 552.160979][ T31] ? __switch_to_asm+0x39/0x70 [ 552.165810][ T31] ? __switch_to_asm+0x33/0x70 [ 552.170721][ T31] ? __pfx_kthread+0x10/0x10 [ 552.175390][ T31] ret_from_fork_asm+0x1a/0x30 [ 552.180408][ T31] [ 552.183778][ T31] Kernel Offset: disabled [ 552.188116][ T31] Rebooting in 86400 seconds..