last executing test programs: 4.987581626s ago: executing program 1 (id=575): mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x98}}) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000840)={"2451f4c0f06c314a027bfc92b8ec7b3c43a2039f02db9c7dcce77a78ab06eb7cdd7201fb30d15e4097131f5ed206a2ab82cd48b57a6ee45fd65e2619a53860bcac137b115362302f7911039cab30c6f18448a627392df40c176fe1e41bea254188a3aa291814d4416c551cf5caf37e2b5ce67dd22b1cbdbd320bf61945a4d4765e03252e5967767fd37c8cf65d3a69d46871a972f71600a0d30221799b5274a7a8b0973554e26a754de7e1210bf4f5e8b7e8d41c4beb51b494f634a9fbe32b9c83358fac4aa74fb9b81c36f9e2c35b7e2a9df7356dea9c572753cb0689eea2909c87562de6bd3c9176a76d11b63429a9b67440678717f5b3ff167ca2a7674d7f3109570c27dc70deb209bf83957560ef5e5a4b821b5bee30fc7570495ef2da460d0173efa6bc0fc0c8dd2f80b159a0c57a11ec23919a806c620b4393bd1f5dbaa50904428016379aa456dc55faecb04c122eec711af2a722948a5c9b1e0a3f68836e07e850ec8a78284d0eefc821571d1c3924d1beb4ee9fa3803f05a970ca896fa7866379425ce4c71a4933a17db33040dd33aa9a42179001fc2f26cde603ff2129978cf134959040ef74db9b466ae963bb46c4f2b8c5e58334b7a0ca93d77c6bf2d213032420f9ca8abca21bb46951a87796e12ac9aee928da16a3210c1ee68144767e9e7c7b457f977a09e473bfc66fff4c9a98bc5f03e1fbd4220516944c50c45e337b067fc823ea59d013ff72a98ed1ac8b4f1e8694b0b622e0ea7d999f6586eafaa476b4e231747a37dce9acb286a76f808dcabc3ec5c3438212a91a692358d99119433e845142c7f39cffef59769e93cd07dae702b7b1ff70c8e840d49e07efdddd4b3da99e901d14889946820b860e09c4ed69575fa3c5b9f5b49e35901e3554a31df486b2c3de110b4c1b4c56b85c00d15da23343ee33ee6c02396043bcee870dcb7291a10598da5793d88747c851d1bae640acff21d48fc5c188f38c0de55fd8c6f9313b9f2a829348bf3363e9c4fe2fc1e25305c0a30247ef2ac855cea6ef48a1498266b4d074de8ae087572bb76e949f1c4e47a110155c591a68770734a17c0332adeac21ddf16faff4b3525e1a91fccba13bf589454b33f9bf6df1e7df7329ed83eb0e6af04a346fbc33c5dbc58e441cedc35fc7a04267e794939ddd4563dca5c32e532d4fab63c53d1de64bf61a90ef73d9bcee46f5aea7e2062ceaabaaa78b99a0b773594e528d89f2fe9890a38cc7c3a1f0fd97b0763df54837f76b4c5d3ae32358f237713957a18477c41c6ef238a5791f6569b316906c0555afbdd1609f7478a1f442edb1c4e4c8e302e0979b4ee061bfda1b6e596fc5bf64fb1a1bd455e68f90e109db11ddfa52db0dfa413c7669db17ba5d3f25dd12fdae94c3d418ca6aa6d4ef4457ffa1f6aa58879413260314a7e95db9d5be18a02"}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x5000, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c643c, &(0x7f0000000300)) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000052c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000053c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r6, 0x402c5342, &(0x7f0000005480)={0x0, 0x8, 0x3cdb, {0x0, 0x10000}}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'dummy0\x00'}) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f0000000600)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @bcast, @bpq0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$sock_rose_SIOCDELRT(r4, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) 4.457244779s ago: executing program 3 (id=579): r0 = socket(0x2a, 0x2, 0xfffffffc) r1 = socket(0x28, 0x5, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f00000002c0)) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x9, 0x0, 0x48, @ipv4={'\x00', '\xff\xff', @empty}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x700, 0x0, 0xffffffff}}) 4.375085843s ago: executing program 3 (id=580): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000240)={'security\x00', 0x0, [0x4, 0xfffdf001, 0x4, 0x7, 0x6c]}, 0x0) 4.113431483s ago: executing program 3 (id=581): r0 = socket$netlink(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f0000000240)={@none, 0x4}) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=[{0x18, 0x110, 0x1, '\b'}], 0x18}, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=[{0x18, 0x110, 0x1, '\b'}], 0x18}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="18a600007200911fdabcf8b30771a54a07"], 0xfe33) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @multicast2}, 0x2, 0x2, 0x4, 0x3}}, 0x2e) 4.031344909s ago: executing program 3 (id=582): openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYBLOB="4c893b9fc1c86c5a5b855738f0b3a398383d50dbbad308aafcca7df804302e0ca0298d6e2bc6c0c74bf263384b62cd162ac88e9fb75e5d7a2682a2d12a2d18a173db784af9d4581bc38f8ba6686ec3c0dc5b4db1f451072f33019970929360e737c7f76f163ef3e94d48a47f0da9739b25fab0cbe864a6b9955ef7237fc4f82fb67549a45df8a79e26fac4f5b416302d651bdd27e4b4724758e6601b222010cdecca1ef1a2527901ee6ca5da8cb7539e6a3484fb19dae3df999a6f57675d87404e6ce4393d1c4e517c90a0b52c49cd357020d30470f2634378179e5405718767c3c46f8b4b6b7033309e837495f1cc71f7b5dbc711d01ef671dba678b10c6c9c09"], 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0) lseek(r1, 0x2004, 0x0) sendfile(r1, r1, 0x0, 0x80c000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0) r3 = syz_open_dev$video(&(0x7f00000001c0), 0x5, 0x10400) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000005c0)={0x168, 0x0, &(0x7f0000000700)=[@acquire_done={0x40106309, 0x2}, @increfs={0x40046304, 0x1}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000100)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/24, 0x18, 0x2, 0x34}, @flat=@handle={0x73682a85, 0xb}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/176, 0xb0, 0x0, 0x2a}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x440}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r1}, @flat=@handle={0x73682a85, 0xa, 0x1}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000680)={@fda={0x66646185, 0x9, 0x0, 0x10}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/31, 0x1f, 0x0, 0x21}, @fda={0x66646185, 0x3, 0x1, 0x18}}, &(0x7f00000003c0)={0x0, 0x20, 0x48}}, 0x400}, @increfs_done={0x40106308, 0x3}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000600)={@ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/169, 0xa9, 0x0, 0x3f}, @fda={0x66646185, 0x9, 0x0, 0x13}, @fda={0x66646185, 0x6, 0x1, 0xb}}, &(0x7f0000000400)={0x0, 0x28, 0x48}}, 0x40}, @increfs], 0xf, 0x0, &(0x7f0000000580)="e25fe318eea2eff07b9c3c21f711fd"}) 4.011423391s ago: executing program 1 (id=583): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'md4-generic\x00'}, 0xfffffffffffffd66) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000240)="2c6a008432fe43c062570b5d4425f6aae7e09f14a4", 0x15) 3.906987662s ago: executing program 1 (id=584): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="001004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000540)={0x40, 0x15, 0x5, "2ea049791a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000040)={0x1e, 0x6, 0xf1}) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000140)={0x3, 0x1, 0x46}) recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}, 0xfa}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x3ffe}, {{0x0, 0x0, 0x0}, 0x5}], 0x4, 0x10100, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x80800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000080)={0x9, 0xe, 0x7, 0x6, 0x40}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x4, 0x1, 0x301, 0x0, 0x0, {0xea4c9c7501878d91, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000000200000000000000000000000a000006"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x2000c000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 2.342469393s ago: executing program 3 (id=595): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, 0x0, 0x0) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) mknod(&(0x7f0000001b40)='./file0\x00', 0x1100, 0xffffffff) 2.178438735s ago: executing program 3 (id=597): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0xa0, 0x1e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0xffffffff}}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket(0x200000100000011, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) bind$packet(r1, &(0x7f0000000080)={0x11, 0x0, r3, 0x1, 0x7, 0x6, @local}, 0x14) sendmsg$netlink(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=ANY=[@ANYRESOCT=0x0], 0x34}], 0x1}, 0x4004) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d"], 0x4a) r5 = socket$nl_rdma(0x10, 0x3, 0x14) getsockopt$sock_linger(r5, 0x1, 0xd, 0x0, &(0x7f0000000040)) r6 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000280)=ANY=[@ANYBLOB="3317b394ae20d11973d077d086cfb6c0549a03cc829ddd10320f70d276ca791e2c061e0c28c76d75856a1cf66e9bff50817bdfd234f78ff759bad53b34ee6e8fd9c3d314e1df880f2cf21be97381e5943da2233e92fa38528c2f02aec49cbe", @ANYRESDEC=r0, @ANYRESHEX=r5, @ANYRES16=r5, @ANYRESHEX, @ANYRESHEX=r5, @ANYRESDEC], 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x80002) ioctl$EVIOCGMTSLOTS(r7, 0x8040450a, &(0x7f00000010c0)=""/4096) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$uac1(r6, 0x0, 0x0) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r8, 0x5b02, 0x0) 2.148343501s ago: executing program 1 (id=598): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000002dc0)=""/231, 0xe7}, {&(0x7f0000002ec0)=""/185, 0xb9}, {&(0x7f0000002fc0)=""/24, 0x18}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000004000)=""/10, 0xa}, {&(0x7f0000004040)=""/136, 0x88}, {&(0x7f0000004100)=""/246, 0xf6}, {&(0x7f0000004200)=""/217, 0xd9}], 0x8}, 0x2}], 0x3, 0x0, 0x0) recvmmsg$unix(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x22, 0x0) 2.100808508s ago: executing program 2 (id=599): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x58, 0x2, 0x6, 0x3, 0x2000, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 2.063295s ago: executing program 1 (id=600): r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x8, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00009ba000/0x1000)=nil) madvise(&(0x7f0000e7a000/0x2000)=nil, 0x2000, 0x1) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000e24000/0x4000)=nil, 0x4000, &(0x7f0000000100)='@}!*\x00') mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000080)=0x7, 0x44, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, &(0x7f0000000000)) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000001440)='./file0\x00', &(0x7f0000000080)='exofs\x00', 0x400, 0x0) 1.986831209s ago: executing program 2 (id=601): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r4, 0x7a6, 0x0) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xe29ef05f6ff7fbe1}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x10e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x120}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7ff}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008080) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x18, 0x140e, 0x100, 0x70bd27, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4011}, 0x20008000) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x40, &(0x7f0000000000)=0x10, 0x4) getsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, 0x0, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000a40)={'wlan0\x00', 0x0}) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1532, 0x10e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0xc0, 0x42, [{{0x9, 0x4, 0x0, 0x59, 0x2, 0x3, 0x1, 0x1, 0x71, {0x9, 0x21, 0x7, 0x8, 0x1, {0x22, 0xc2a}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x7f, 0x6, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x5, 0x9d, 0x3}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x50, 0x9, 0x7, 0xff, 0x4}, 0x40, &(0x7f00000000c0)={0x5, 0xf, 0x40, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x1, 0x0, 0x79}, @generic={0x3, 0x10, 0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x18, 0x1}, @ssp_cap={0x24, 0x10, 0xa, 0xfe, 0x6, 0x2, 0x0, 0x8, [0x30, 0xff, 0xf, 0xc0, 0xa0f0, 0x0]}]}, 0x4, [{0x0, 0x0}, {0x2, &(0x7f0000000240)=@string={0x2}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x43f}}, {0x0, 0x0}]}) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f00000010c0)={0xc, {"a2e3ad214fc752f91b25470987f70e06d038e7ff7fc6e5539b3245078b089b3f083868060890e0878f0e1ac6e70a9b3368959b6c9a241b5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31350d095d0936cd3b78130daa61f8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d16993428807789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ff00a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff13fc488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e17f907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c01b8c70cdb1c330600d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a0200afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8abb1015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f29f768ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19cacdb3ed70eeebb4c83f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd4e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0d1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0510b05000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a9740600000000f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c628945ee8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079de662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b303db4d7bec6b6a97dbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffffffffffd8f}}, 0x1006) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="380047d9", @ANYRES16=r0, @ANYBLOB="010000000000030000000200000008000300", @ANYRES32=r6, @ANYBLOB="0c0099000000000007000000080026006c09000008009f0004000000"], 0x38}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) 1.947561947s ago: executing program 1 (id=602): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, 0x0) 651.379074ms ago: executing program 0 (id=614): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), r0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80001001}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x4) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf25410000000e0001006e657464657673696d0000000f0002006e657464657673696d300000120087006c325f64726f707300000000"], 0x44}, 0x1, 0x0, 0x0, 0xc800}, 0x40) 643.473758ms ago: executing program 2 (id=615): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, 0x0, 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) mknod(&(0x7f0000001b40)='./file0\x00', 0x1100, 0xffffffff) 530.84662ms ago: executing program 0 (id=616): mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x98}}) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000840)={"2451f4c0f06c314a027bfc92b8ec7b3c43a2039f02db9c7dcce77a78ab06eb7cdd7201fb30d15e4097131f5ed206a2ab82cd48b57a6ee45fd65e2619a53860bcac137b115362302f7911039cab30c6f18448a627392df40c176fe1e41bea254188a3aa291814d4416c551cf5caf37e2b5ce67dd22b1cbdbd320bf61945a4d4765e03252e5967767fd37c8cf65d3a69d46871a972f71600a0d30221799b5274a7a8b0973554e26a754de7e1210bf4f5e8b7e8d41c4beb51b494f634a9fbe32b9c83358fac4aa74fb9b81c36f9e2c35b7e2a9df7356dea9c572753cb0689eea2909c87562de6bd3c9176a76d11b63429a9b67440678717f5b3ff167ca2a7674d7f3109570c27dc70deb209bf83957560ef5e5a4b821b5bee30fc7570495ef2da460d0173efa6bc0fc0c8dd2f80b159a0c57a11ec23919a806c620b4393bd1f5dbaa50904428016379aa456dc55faecb04c122eec711af2a722948a5c9b1e0a3f68836e07e850ec8a78284d0eefc821571d1c3924d1beb4ee9fa3803f05a970ca896fa7866379425ce4c71a4933a17db33040dd33aa9a42179001fc2f26cde603ff2129978cf134959040ef74db9b466ae963bb46c4f2b8c5e58334b7a0ca93d77c6bf2d213032420f9ca8abca21bb46951a87796e12ac9aee928da16a3210c1ee68144767e9e7c7b457f977a09e473bfc66fff4c9a98bc5f03e1fbd4220516944c50c45e337b067fc823ea59d013ff72a98ed1ac8b4f1e8694b0b622e0ea7d999f6586eafaa476b4e231747a37dce9acb286a76f808dcabc3ec5c3438212a91a692358d99119433e845142c7f39cffef59769e93cd07dae702b7b1ff70c8e840d49e07efdddd4b3da99e901d14889946820b860e09c4ed69575fa3c5b9f5b49e35901e3554a31df486b2c3de110b4c1b4c56b85c00d15da23343ee33ee6c02396043bcee870dcb7291a10598da5793d88747c851d1bae640acff21d48fc5c188f38c0de55fd8c6f9313b9f2a829348bf3363e9c4fe2fc1e25305c0a30247ef2ac855cea6ef48a1498266b4d074de8ae087572bb76e949f1c4e47a110155c591a68770734a17c0332adeac21ddf16faff4b3525e1a91fccba13bf589454b33f9bf6df1e7df7329ed83eb0e6af04a346fbc33c5dbc58e441cedc35fc7a04267e794939ddd4563dca5c32e532d4fab63c53d1de64bf61a90ef73d9bcee46f5aea7e2062ceaabaaa78b99a0b773594e528d89f2fe9890a38cc7c3a1f0fd97b0763df54837f76b4c5d3ae32358f237713957a18477c41c6ef238a5791f6569b316906c0555afbdd1609f7478a1f442edb1c4e4c8e302e0979b4ee061bfda1b6e596fc5bf64fb1a1bd455e68f90e109db11ddfa52db0dfa413c7669db17ba5d3f25dd12fdae94c3d418ca6aa6d4ef4457ffa1f6aa58879413260314a7e95db9d5be18a02"}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x5000, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000)) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c643c, &(0x7f0000000300)) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000052c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000053c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000005480)={0x0, 0x8, 0x3cdb, {0x0, 0x10000}}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'dummy0\x00'}) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000600)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @bcast, @bpq0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$sock_rose_SIOCDELRT(r3, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) 530.487788ms ago: executing program 0 (id=617): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000002dc0)=""/231, 0xe7}, {&(0x7f0000002ec0)=""/185, 0xb9}, {&(0x7f0000002fc0)=""/24, 0x18}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000004000)=""/10, 0xa}, {&(0x7f0000004040)=""/136, 0x88}, {&(0x7f0000004100)=""/246, 0xf6}, {&(0x7f0000004200)=""/217, 0xd9}, {0x0}], 0x9}, 0x2}], 0x3, 0x0, 0x0) recvmmsg$unix(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x22, 0x0) 499.487921ms ago: executing program 0 (id=618): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet_icmp(0x2, 0x2, 0x1) close(r2) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x2c}}, 0x20000000) 444.099385ms ago: executing program 0 (id=619): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0) write(r0, &(0x7f0000000000)="fb196dec69a10b2284f761", 0xb) getuid() 419.427313ms ago: executing program 2 (id=620): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x2000, &(0x7f0000001a80)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x2c}}, 0x20000000) 331.02743ms ago: executing program 0 (id=621): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) unshare(0x2c020400) msgget$private(0x0, 0x240) msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0) msgrcv(0x0, 0x0, 0x0, 0x3, 0x3000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r2) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fedbdf0d3e0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400050083000000000081c420206a5105c4dc1b112851d9"], 0x58}, 0x1, 0x0, 0x0, 0x48001}, 0x8054) fsopen(0x0, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000200)) r4 = creat(&(0x7f0000000540)='./file0\x00', 0x4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r6, 0xeb, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@private0, @in6=@initdev}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000240)=0xe8) dup(r4) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="5b00e400", @ANYRES16=r5, @ANYBLOB="00012cbd7000ffdbdf251600000008000300", @ANYRES32=r7, @ANYBLOB="0a00060008021100000000000a001a00ffffffffffff00000a001a0008021100000100000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 325.190692ms ago: executing program 2 (id=622): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002a40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000000a0601010000000000000000030000070900020073797a32000000000400078005000100070000000400088083d66e9b08bef662040c8c04e2df34695c228d108fc71cbd060a3545082a4f102f43fb61e0fd253018738a9ae034141497108e65136ad0f72d41f75da9631ae3063bb13e9921a9cbe932b9e035b2bf"], 0x30}, 0x1, 0x0, 0x0, 0x4004000}, 0x880) write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4) write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54) write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x68, &(0x7f0000000440)="e4120793b96d0e7c6f51cff21fcd1b63b0abb1326e6ba4cf4141abcb31b6b9fae64b146ed0aee7381d93025bba2de448179a3503338734c433396dc8bd58117947558742b082806c9bd3118eef2c44101c18a5c8addeafe953b5ae4c885ef4b2f33220e63770b3f9"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0xd, 0xfc}, 0x5, &(0x7f0000000580)={0xda, 0xa, 0xd, 0x55, @time={0x1ff, 0x9}, {0x3, 0xa}, {0x6, 0x5d}, @ext={0x6, &(0x7f0000000540)="04ca1c75a036"}}}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54) write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000740)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = syz_open_procfs(0x0, &(0x7f0000002440)='setgroups\x00') write$USERIO_CMD_SEND_INTERRUPT(r5, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f00000000c0)={0x0, 0xfffffffffffffffc, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x8, 0x20, 0x6, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f00000001c0)=0x8a2) sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x20000051}, 0x40) ioctl$KVM_RUN(r6, 0xae80, 0x0) creat(&(0x7f0000001380)='./file0\x00', 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0) 0s ago: executing program 2 (id=623): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c) dup2(r0, r0) ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4) kernel console output (not intermixed with test programs): sys_sendmsg+0x19b/0x260 [ 105.258653][ T6419] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 105.258678][ T6419] ? __pfx_ksys_write+0x10/0x10 [ 105.258687][ T6419] ? rcu_is_watching+0x15/0xb0 [ 105.258699][ T6419] ? do_syscall_64+0xbe/0x3b0 [ 105.258713][ T6419] do_syscall_64+0xfa/0x3b0 [ 105.258724][ T6419] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.258734][ T6419] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 105.258744][ T6419] ? clear_bhb_loop+0x60/0xb0 [ 105.258756][ T6419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.258766][ T6419] RIP: 0033:0x7f27f8f8e929 [ 105.258776][ T6419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.258784][ T6419] RSP: 002b:00007f27f9e1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.258795][ T6419] RAX: ffffffffffffffda RBX: 00007f27f91b5fa0 RCX: 00007f27f8f8e929 [ 105.258802][ T6419] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 105.258809][ T6419] RBP: 00007f27f9e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 105.258815][ T6419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.258820][ T6419] R13: 0000000000000000 R14: 00007f27f91b5fa0 R15: 00007ffd105257d8 [ 105.258838][ T6419] [ 105.993009][ T5925] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 106.102417][ T6434] FAULT_INJECTION: forcing a failure. [ 106.102417][ T6434] name failslab, interval 1, probability 0, space 0, times 0 [ 106.119993][ T6434] CPU: 1 UID: 0 PID: 6434 Comm: syz.3.149 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 106.120020][ T6434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.120031][ T6434] Call Trace: [ 106.120039][ T6434] [ 106.120047][ T6434] dump_stack_lvl+0x189/0x250 [ 106.120071][ T6434] ? __pfx____ratelimit+0x10/0x10 [ 106.120090][ T6434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.120108][ T6434] ? __pfx__printk+0x10/0x10 [ 106.120130][ T6434] ? __pfx___might_resched+0x10/0x10 [ 106.120150][ T6434] should_fail_ex+0x414/0x560 [ 106.120179][ T6434] should_failslab+0xa8/0x100 [ 106.120197][ T6434] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 106.120213][ T6434] ? __alloc_skb+0x112/0x2d0 [ 106.120236][ T6434] __alloc_skb+0x112/0x2d0 [ 106.120259][ T6434] netlink_dump+0x22b/0xe20 [ 106.120288][ T6434] ? __pfx_netlink_dump+0x10/0x10 [ 106.120319][ T6434] ? kmem_cache_free+0x18f/0x400 [ 106.120339][ T6434] netlink_recvmsg+0x676/0xa30 [ 106.120366][ T6434] ? __pfx_netlink_recvmsg+0x10/0x10 [ 106.120390][ T6434] ? aa_sock_msg_perm+0xf1/0x1d0 [ 106.120411][ T6434] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 106.120432][ T6434] ? security_socket_recvmsg+0x7e/0x2e0 [ 106.120454][ T6434] ? __pfx_netlink_recvmsg+0x10/0x10 [ 106.120473][ T6434] sock_recvmsg+0x229/0x270 [ 106.120494][ T6434] sock_read_iter+0x231/0x2f0 [ 106.120521][ T6434] ? __pfx_sock_read_iter+0x10/0x10 [ 106.120555][ T6434] ? bpf_lsm_file_permission+0x9/0x20 [ 106.120590][ T6434] ? security_file_permission+0x75/0x290 [ 106.120623][ T6434] vfs_read+0x4cd/0x980 [ 106.120648][ T6434] ? __pfx_vfs_read+0x10/0x10 [ 106.120675][ T6434] ? __fget_files+0x2a/0x420 [ 106.120704][ T6434] ksys_read+0x145/0x250 [ 106.120723][ T6434] ? __pfx_ksys_read+0x10/0x10 [ 106.120737][ T6434] ? rcu_is_watching+0x15/0xb0 [ 106.120759][ T6434] ? do_syscall_64+0xbe/0x3b0 [ 106.120781][ T6434] do_syscall_64+0xfa/0x3b0 [ 106.120798][ T6434] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.120815][ T6434] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.120831][ T6434] ? clear_bhb_loop+0x60/0xb0 [ 106.120851][ T6434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.120867][ T6434] RIP: 0033:0x7fb4d8b8e929 [ 106.120882][ T6434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.120895][ T6434] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 106.120913][ T6434] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 106.120925][ T6434] RDX: 0000000000000053 RSI: 00002000000000c0 RDI: 0000000000000003 [ 106.120935][ T6434] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 106.120945][ T6434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.120954][ T6434] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 106.120981][ T6434] [ 106.402573][ C1] vkms_vblank_simulate: vblank timer overrun [ 106.427307][ T5925] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 106.437358][ T5925] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 106.440325][ T6437] FAULT_INJECTION: forcing a failure. [ 106.440325][ T6437] name failslab, interval 1, probability 0, space 0, times 0 [ 106.450529][ T5925] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 106.463119][ T6437] CPU: 1 UID: 0 PID: 6437 Comm: syz.0.150 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 106.463142][ T6437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.463153][ T6437] Call Trace: [ 106.463160][ T6437] [ 106.463168][ T6437] dump_stack_lvl+0x189/0x250 [ 106.463192][ T6437] ? __pfx____ratelimit+0x10/0x10 [ 106.463212][ T6437] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.463232][ T6437] ? __pfx__printk+0x10/0x10 [ 106.463258][ T6437] ? __pfx___might_resched+0x10/0x10 [ 106.463280][ T6437] should_fail_ex+0x414/0x560 [ 106.463314][ T6437] should_failslab+0xa8/0x100 [ 106.463336][ T6437] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 106.463352][ T6437] ? __alloc_skb+0x112/0x2d0 [ 106.463378][ T6437] __alloc_skb+0x112/0x2d0 [ 106.463404][ T6437] netlink_sendmsg+0x5c6/0xb30 [ 106.463437][ T6437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.463462][ T6437] ? aa_sock_msg_perm+0xf1/0x1d0 [ 106.463486][ T6437] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.463510][ T6437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.463533][ T6437] __sock_sendmsg+0x219/0x270 [ 106.463555][ T6437] ____sys_sendmsg+0x505/0x830 [ 106.463585][ T6437] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.463619][ T6437] ? import_iovec+0x74/0xa0 [ 106.463639][ T6437] ___sys_sendmsg+0x21f/0x2a0 [ 106.463664][ T6437] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.463723][ T6437] ? __fget_files+0x2a/0x420 [ 106.463744][ T6437] ? __fget_files+0x3a0/0x420 [ 106.463776][ T6437] __x64_sys_sendmsg+0x19b/0x260 [ 106.463803][ T6437] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.463849][ T6437] ? __pfx_ksys_write+0x10/0x10 [ 106.463866][ T6437] ? rcu_is_watching+0x15/0xb0 [ 106.463890][ T6437] ? do_syscall_64+0xbe/0x3b0 [ 106.463914][ T6437] do_syscall_64+0xfa/0x3b0 [ 106.463933][ T6437] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.463952][ T6437] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.463970][ T6437] ? clear_bhb_loop+0x60/0xb0 [ 106.463993][ T6437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.464010][ T6437] RIP: 0033:0x7f27f8f8e929 [ 106.464027][ T6437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.464042][ T6437] RSP: 002b:00007f27f9e1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.464061][ T6437] RAX: ffffffffffffffda RBX: 00007f27f91b5fa0 RCX: 00007f27f8f8e929 [ 106.464075][ T6437] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 106.464087][ T6437] RBP: 00007f27f9e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 106.464098][ T6437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.464109][ T6437] R13: 0000000000000000 R14: 00007f27f91b5fa0 R15: 00007ffd105257d8 [ 106.464136][ T6437] [ 106.507221][ T5895] usb 3-1: reset high-speed USB device number 7 using dummy_hcd [ 106.638295][ T6440] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 106.763780][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.769940][ T6440] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 106.978391][ T5925] usb 2-1: usb_control_msg returned -32 [ 106.988189][ T5925] usbtmc 2-1:16.0: can't read capabilities [ 107.436520][ T5272] usb 3-1: USB disconnect, device number 7 [ 107.538151][ T6462] sctp: [Deprecated]: syz.2.158 (pid 6462) Use of struct sctp_assoc_value in delayed_ack socket option. [ 107.538151][ T6462] Use struct sctp_sack_info instead [ 107.983445][ T6477] FAULT_INJECTION: forcing a failure. [ 107.983445][ T6477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.012984][ T6477] CPU: 0 UID: 0 PID: 6477 Comm: syz.2.163 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 108.013013][ T6477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.013024][ T6477] Call Trace: [ 108.013032][ T6477] [ 108.013040][ T6477] dump_stack_lvl+0x189/0x250 [ 108.013067][ T6477] ? __pfx____ratelimit+0x10/0x10 [ 108.013088][ T6477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.013109][ T6477] ? __pfx__printk+0x10/0x10 [ 108.013129][ T6477] ? __might_fault+0xb0/0x130 [ 108.013159][ T6477] should_fail_ex+0x414/0x560 [ 108.013194][ T6477] _copy_from_user+0x2d/0xb0 [ 108.013213][ T6477] sctp_getsockopt_ecn_supported+0xb5/0x510 [ 108.013242][ T6477] ? __pfx_sctp_getsockopt_ecn_supported+0x10/0x10 [ 108.013278][ T6477] sctp_getsockopt+0x9a7/0xb60 [ 108.013306][ T6477] do_sock_getsockopt+0x35d/0x650 [ 108.013334][ T6477] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 108.013357][ T6477] ? do_syscall_64+0xa0/0x3b0 [ 108.013377][ T6477] ? __fget_files+0x3a0/0x420 [ 108.013399][ T6477] ? __fget_files+0x2a/0x420 [ 108.013428][ T6477] __x64_sys_getsockopt+0x1a5/0x250 [ 108.013452][ T6477] ? do_syscall_64+0xa0/0x3b0 [ 108.013475][ T6477] ? do_syscall_64+0xa0/0x3b0 [ 108.013506][ T6477] do_syscall_64+0xfa/0x3b0 [ 108.013525][ T6477] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.013545][ T6477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.013564][ T6477] ? clear_bhb_loop+0x60/0xb0 [ 108.013587][ T6477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.013605][ T6477] RIP: 0033:0x7fc66df8e929 [ 108.013621][ T6477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.013637][ T6477] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 108.013657][ T6477] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 108.013671][ T6477] RDX: 0000000000000082 RSI: 0000000000000084 RDI: 0000000000000004 [ 108.013682][ T6477] RBP: 00007fc66edf5090 R08: 0000200000000280 R09: 0000000000000000 [ 108.013694][ T6477] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001 [ 108.013706][ T6477] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 108.013735][ T6477] [ 108.254074][ T6479] FAULT_INJECTION: forcing a failure. [ 108.254074][ T6479] name failslab, interval 1, probability 0, space 0, times 0 [ 108.267402][ T6479] CPU: 1 UID: 0 PID: 6479 Comm: syz.0.164 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 108.267427][ T6479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.267439][ T6479] Call Trace: [ 108.267446][ T6479] [ 108.267454][ T6479] dump_stack_lvl+0x189/0x250 [ 108.267480][ T6479] ? __pfx____ratelimit+0x10/0x10 [ 108.267502][ T6479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.267523][ T6479] ? __pfx__printk+0x10/0x10 [ 108.267550][ T6479] ? __pfx___might_resched+0x10/0x10 [ 108.267573][ T6479] should_fail_ex+0x414/0x560 [ 108.267607][ T6479] should_failslab+0xa8/0x100 [ 108.267630][ T6479] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 108.267649][ T6479] ? __alloc_skb+0x112/0x2d0 [ 108.267677][ T6479] __alloc_skb+0x112/0x2d0 [ 108.267704][ T6479] netlink_dump+0x22b/0xe20 [ 108.267738][ T6479] ? __pfx_netlink_dump+0x10/0x10 [ 108.267775][ T6479] ? kmem_cache_free+0x18f/0x400 [ 108.267799][ T6479] netlink_recvmsg+0x676/0xa30 [ 108.267831][ T6479] ? __pfx_netlink_recvmsg+0x10/0x10 [ 108.267859][ T6479] ? aa_sock_msg_perm+0xf1/0x1d0 [ 108.267883][ T6479] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 108.267907][ T6479] ? security_socket_recvmsg+0x7e/0x2e0 [ 108.267932][ T6479] ? __pfx_netlink_recvmsg+0x10/0x10 [ 108.267955][ T6479] sock_recvmsg+0x229/0x270 [ 108.267979][ T6479] sock_read_iter+0x231/0x2f0 [ 108.268011][ T6479] ? __pfx_sock_read_iter+0x10/0x10 [ 108.268050][ T6479] ? bpf_lsm_file_permission+0x9/0x20 [ 108.268076][ T6479] ? security_file_permission+0x75/0x290 [ 108.268114][ T6479] vfs_read+0x4cd/0x980 [ 108.268142][ T6479] ? __pfx_vfs_read+0x10/0x10 [ 108.268172][ T6479] ? __fget_files+0x2a/0x420 [ 108.268205][ T6479] ksys_read+0x145/0x250 [ 108.268228][ T6479] ? __pfx_ksys_read+0x10/0x10 [ 108.268245][ T6479] ? rcu_is_watching+0x15/0xb0 [ 108.268269][ T6479] ? do_syscall_64+0xbe/0x3b0 [ 108.268298][ T6479] do_syscall_64+0xfa/0x3b0 [ 108.268317][ T6479] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.268337][ T6479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.268360][ T6479] ? clear_bhb_loop+0x60/0xb0 [ 108.268383][ T6479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.268401][ T6479] RIP: 0033:0x7f27f8f8e929 [ 108.268417][ T6479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.268433][ T6479] RSP: 002b:00007f27f9e1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 108.268452][ T6479] RAX: ffffffffffffffda RBX: 00007f27f91b5fa0 RCX: 00007f27f8f8e929 [ 108.268467][ T6479] RDX: 0000000000000051 RSI: 00002000000000c0 RDI: 0000000000000003 [ 108.268479][ T6479] RBP: 00007f27f9e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 108.268490][ T6479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.268501][ T6479] R13: 0000000000000000 R14: 00007f27f91b5fa0 R15: 00007ffd105257d8 [ 108.268532][ T6479] [ 108.552279][ C1] vkms_vblank_simulate: vblank timer overrun [ 108.782804][ T5925] usb 2-1: USB disconnect, device number 10 [ 109.045856][ T6493] Zero length message leads to an empty skb [ 109.068946][ T6494] syz.2.170: attempt to access beyond end of device [ 109.068946][ T6494] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 109.084483][ T6494] hfs: can't find a HFS filesystem on dev nbd2 [ 109.211010][ T6501] FAULT_INJECTION: forcing a failure. [ 109.211010][ T6501] name failslab, interval 1, probability 0, space 0, times 0 [ 109.235652][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz.1.173 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 109.235679][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.235690][ T6501] Call Trace: [ 109.235697][ T6501] [ 109.235705][ T6501] dump_stack_lvl+0x189/0x250 [ 109.235731][ T6501] ? __pfx____ratelimit+0x10/0x10 [ 109.235752][ T6501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.235773][ T6501] ? __pfx__printk+0x10/0x10 [ 109.235799][ T6501] ? __pfx___might_resched+0x10/0x10 [ 109.235827][ T6501] should_fail_ex+0x414/0x560 [ 109.235861][ T6501] should_failslab+0xa8/0x100 [ 109.235883][ T6501] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 109.235902][ T6501] ? __alloc_skb+0x112/0x2d0 [ 109.235930][ T6501] __alloc_skb+0x112/0x2d0 [ 109.235957][ T6501] netlink_sendmsg+0x5c6/0xb30 [ 109.235989][ T6501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.236015][ T6501] ? aa_sock_msg_perm+0xf1/0x1d0 [ 109.236039][ T6501] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 109.236063][ T6501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.236087][ T6501] __sock_sendmsg+0x219/0x270 [ 109.236109][ T6501] ____sys_sendmsg+0x505/0x830 [ 109.236141][ T6501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.236175][ T6501] ? import_iovec+0x74/0xa0 [ 109.236197][ T6501] ___sys_sendmsg+0x21f/0x2a0 [ 109.236225][ T6501] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.236285][ T6501] ? __fget_files+0x2a/0x420 [ 109.236308][ T6501] ? __fget_files+0x3a0/0x420 [ 109.236341][ T6501] __x64_sys_sendmsg+0x19b/0x260 [ 109.236370][ T6501] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.236406][ T6501] ? __pfx_ksys_write+0x10/0x10 [ 109.236423][ T6501] ? rcu_is_watching+0x15/0xb0 [ 109.236447][ T6501] ? do_syscall_64+0xbe/0x3b0 [ 109.236473][ T6501] do_syscall_64+0xfa/0x3b0 [ 109.236492][ T6501] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.236511][ T6501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.236537][ T6501] ? clear_bhb_loop+0x60/0xb0 [ 109.236560][ T6501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.236578][ T6501] RIP: 0033:0x7fd290b8e929 [ 109.236594][ T6501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.236609][ T6501] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.236629][ T6501] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 109.236643][ T6501] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 109.236655][ T6501] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 109.236667][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.236678][ T6501] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 109.236707][ T6501] [ 109.610280][ T6506] warning: `syz.1.174' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 109.926470][ T6518] FAULT_INJECTION: forcing a failure. [ 109.926470][ T6518] name failslab, interval 1, probability 0, space 0, times 0 [ 109.940425][ T5923] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 109.949038][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz.3.179 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 109.949053][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.949059][ T6518] Call Trace: [ 109.949063][ T6518] [ 109.949068][ T6518] dump_stack_lvl+0x189/0x250 [ 109.949084][ T6518] ? __pfx____ratelimit+0x10/0x10 [ 109.949096][ T6518] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.949107][ T6518] ? __pfx__printk+0x10/0x10 [ 109.949120][ T6518] ? __pfx___might_resched+0x10/0x10 [ 109.949130][ T6518] ? fs_reclaim_acquire+0x7d/0x100 [ 109.949144][ T6518] should_fail_ex+0x414/0x560 [ 109.949163][ T6518] should_failslab+0xa8/0x100 [ 109.949175][ T6518] __kmalloc_noprof+0xcb/0x4f0 [ 109.949184][ T6518] ? tomoyo_encode+0x28b/0x550 [ 109.949201][ T6518] tomoyo_encode+0x28b/0x550 [ 109.949216][ T6518] tomoyo_realpath_from_path+0x58d/0x5d0 [ 109.949229][ T6518] ? tomoyo_domain+0xd9/0x130 [ 109.949245][ T6518] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 109.949254][ T6518] tomoyo_path_number_perm+0x1e8/0x5a0 [ 109.949266][ T6518] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.949285][ T6518] ? __lock_acquire+0xab9/0xd20 [ 109.949310][ T6518] ? __fget_files+0x2a/0x420 [ 109.949324][ T6518] ? __fget_files+0x2a/0x420 [ 109.949335][ T6518] ? __fget_files+0x3a0/0x420 [ 109.949347][ T6518] ? __fget_files+0x2a/0x420 [ 109.949361][ T6518] security_file_ioctl+0xcb/0x2d0 [ 109.949378][ T6518] __se_sys_ioctl+0x47/0x170 [ 109.949389][ T6518] do_syscall_64+0xfa/0x3b0 [ 109.949401][ T6518] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.949411][ T6518] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.949421][ T6518] ? clear_bhb_loop+0x60/0xb0 [ 109.949439][ T6518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.949449][ T6518] RIP: 0033:0x7fb4d8b8e929 [ 109.949458][ T6518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.949467][ T6518] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.949478][ T6518] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 109.949485][ T6518] RDX: 0000200000000040 RSI: 0000000000008b19 RDI: 0000000000000004 [ 109.949491][ T6518] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 109.949497][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.949503][ T6518] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 109.949519][ T6518] [ 109.949531][ T6518] ERROR: Out of memory at tomoyo_realpath_from_path. [ 110.354545][ T5923] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.372961][ T5923] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.400134][ T5923] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 110.423065][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.657940][ T5923] usb 2-1: usb_control_msg returned -32 [ 110.674300][ T5923] usbtmc 2-1:16.0: can't read capabilities [ 110.705400][ T5923] usb 2-1: USB disconnect, device number 11 [ 110.814771][ T6543] tls_set_device_offload_rx: netdev not found [ 111.179002][ T6558] FAULT_INJECTION: forcing a failure. [ 111.179002][ T6558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.196892][ T6558] CPU: 1 UID: 0 PID: 6558 Comm: syz.2.190 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 111.196918][ T6558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.196930][ T6558] Call Trace: [ 111.196938][ T6558] [ 111.196945][ T6558] dump_stack_lvl+0x189/0x250 [ 111.196971][ T6558] ? __pfx____ratelimit+0x10/0x10 [ 111.196992][ T6558] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.197012][ T6558] ? __pfx__printk+0x10/0x10 [ 111.197047][ T6558] should_fail_ex+0x414/0x560 [ 111.197080][ T6558] _copy_from_user+0x2d/0xb0 [ 111.197098][ T6558] copy_from_sockptr_offset+0x66/0xa0 [ 111.197128][ T6558] tls_setsockopt+0xb5d/0x1340 [ 111.197163][ T6558] ? __pfx_tls_setsockopt+0x10/0x10 [ 111.197189][ T6558] ? __pfx_aa_sk_perm+0x10/0x10 [ 111.197213][ T6558] ? aa_sock_opt_perm+0xff/0x1b0 [ 111.197236][ T6558] ? sock_common_setsockopt+0x36/0xc0 [ 111.197257][ T6558] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 111.197278][ T6558] do_sock_setsockopt+0x25a/0x3e0 [ 111.197315][ T6558] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 111.197345][ T6558] ? __fget_files+0x2a/0x420 [ 111.197377][ T6558] __x64_sys_setsockopt+0x18b/0x220 [ 111.197408][ T6558] do_syscall_64+0xfa/0x3b0 [ 111.197427][ T6558] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.197445][ T6558] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.197462][ T6558] ? clear_bhb_loop+0x60/0xb0 [ 111.197485][ T6558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.197501][ T6558] RIP: 0033:0x7fc66df8e929 [ 111.197518][ T6558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.197533][ T6558] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 111.197551][ T6558] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 111.197563][ T6558] RDX: 0000000000000002 RSI: 000000000000011a RDI: 0000000000000003 [ 111.197573][ T6558] RBP: 00007fc66edf5090 R08: 0000000000000028 R09: 0000000000000000 [ 111.197585][ T6558] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001 [ 111.197596][ T6558] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 111.197626][ T6558] [ 111.416427][ C1] vkms_vblank_simulate: vblank timer overrun [ 111.500579][ T6564] netlink: 72 bytes leftover after parsing attributes in process `syz.1.192'. [ 111.713831][ T925] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 111.752420][ T6573] tipc: Started in network mode [ 111.757609][ T6573] tipc: Node identity 7f000001, cluster identity 4711 [ 111.765484][ T6573] tipc: Enabled bearer , priority 10 [ 111.818189][ T6575] FAULT_INJECTION: forcing a failure. [ 111.818189][ T6575] name failslab, interval 1, probability 0, space 0, times 0 [ 111.831572][ T6575] CPU: 1 UID: 0 PID: 6575 Comm: syz.0.195 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 111.831596][ T6575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.831606][ T6575] Call Trace: [ 111.831614][ T6575] [ 111.831621][ T6575] dump_stack_lvl+0x189/0x250 [ 111.831646][ T6575] ? __pfx____ratelimit+0x10/0x10 [ 111.831667][ T6575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.831685][ T6575] ? __pfx__printk+0x10/0x10 [ 111.831698][ T6575] ? __pfx___might_resched+0x10/0x10 [ 111.831708][ T6575] ? fs_reclaim_acquire+0x7d/0x100 [ 111.831723][ T6575] should_fail_ex+0x414/0x560 [ 111.831741][ T6575] should_failslab+0xa8/0x100 [ 111.831753][ T6575] __kmalloc_noprof+0xcb/0x4f0 [ 111.831763][ T6575] ? tomoyo_encode+0x28b/0x550 [ 111.831777][ T6575] tomoyo_encode+0x28b/0x550 [ 111.831792][ T6575] tomoyo_realpath_from_path+0x58d/0x5d0 [ 111.831806][ T6575] ? tomoyo_domain+0xd9/0x130 [ 111.831821][ T6575] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 111.831831][ T6575] tomoyo_path_number_perm+0x1e8/0x5a0 [ 111.831842][ T6575] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 111.831861][ T6575] ? __lock_acquire+0xab9/0xd20 [ 111.831889][ T6575] ? __fget_files+0x2a/0x420 [ 111.831914][ T6575] ? __fget_files+0x2a/0x420 [ 111.831935][ T6575] ? __fget_files+0x3a0/0x420 [ 111.831955][ T6575] ? __fget_files+0x2a/0x420 [ 111.831975][ T6575] security_file_ioctl+0xcb/0x2d0 [ 111.831992][ T6575] __se_sys_ioctl+0x47/0x170 [ 111.832003][ T6575] do_syscall_64+0xfa/0x3b0 [ 111.832014][ T6575] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.832024][ T6575] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.832035][ T6575] ? clear_bhb_loop+0x60/0xb0 [ 111.832047][ T6575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.832057][ T6575] RIP: 0033:0x7f27f8f8e929 [ 111.832072][ T6575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.832081][ T6575] RSP: 002b:00007f27f9e1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.832092][ T6575] RAX: ffffffffffffffda RBX: 00007f27f91b5fa0 RCX: 00007f27f8f8e929 [ 111.832099][ T6575] RDX: 0000200000000100 RSI: 0000000000008907 RDI: 0000000000000003 [ 111.832106][ T6575] RBP: 00007f27f9e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 111.832112][ T6575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.832118][ T6575] R13: 0000000000000000 R14: 00007f27f91b5fa0 R15: 00007ffd105257d8 [ 111.832133][ T6575] [ 111.832145][ T6575] ERROR: Out of memory at tomoyo_realpath_from_path. [ 111.862802][ T925] usb 3-1: Using ep0 maxpacket: 32 [ 112.093116][ T925] usb 3-1: unable to get BOS descriptor or descriptor too short [ 112.102293][ T925] usb 3-1: config 7 has an invalid interface number: 187 but max is 0 [ 112.110542][ T925] usb 3-1: config 7 has no interface number 0 [ 112.118431][ T925] usb 3-1: config 7 interface 187 has no altsetting 0 [ 112.129047][ T925] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 112.138472][ T925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.146603][ T925] usb 3-1: Product: syz [ 112.162598][ T925] usb 3-1: Manufacturer: syz [ 112.167207][ T925] usb 3-1: SerialNumber: syz [ 112.392937][ T6563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.428695][ T6563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.458292][ T6563] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 112.485956][ T6563] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 112.518018][ T925] usb 3-1: Cannot retrieve CPort count: -71 [ 112.530448][ T925] usb 3-1: Cannot retrieve CPort count: -71 [ 112.541395][ T925] es2_ap_driver 3-1:7.187: probe with driver es2_ap_driver failed with error -71 [ 112.562197][ T925] usb 3-1: USB disconnect, device number 8 [ 112.657202][ T5923] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 112.814995][ T5923] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 112.833018][ T5923] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.852716][ T5923] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 112.861786][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.904527][ T3609] tipc: Node number set to 2130706433 [ 113.055595][ T6598] FAULT_INJECTION: forcing a failure. [ 113.055595][ T6598] name failslab, interval 1, probability 0, space 0, times 0 [ 113.070009][ T6598] CPU: 1 UID: 0 PID: 6598 Comm: syz.1.204 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 113.070034][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.070046][ T6598] Call Trace: [ 113.070053][ T6598] [ 113.070061][ T6598] dump_stack_lvl+0x189/0x250 [ 113.070087][ T6598] ? __pfx____ratelimit+0x10/0x10 [ 113.070107][ T6598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.070128][ T6598] ? __pfx__printk+0x10/0x10 [ 113.070154][ T6598] ? __pfx___might_resched+0x10/0x10 [ 113.070178][ T6598] should_fail_ex+0x414/0x560 [ 113.070212][ T6598] should_failslab+0xa8/0x100 [ 113.070235][ T6598] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 113.070254][ T6598] ? __alloc_skb+0x112/0x2d0 [ 113.070282][ T6598] __alloc_skb+0x112/0x2d0 [ 113.070308][ T6598] netlink_sendmsg+0x5c6/0xb30 [ 113.070341][ T6598] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.070366][ T6598] ? aa_sock_msg_perm+0xf1/0x1d0 [ 113.070391][ T6598] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 113.070415][ T6598] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.070438][ T6598] __sock_sendmsg+0x219/0x270 [ 113.070461][ T6598] ____sys_sendmsg+0x505/0x830 [ 113.070493][ T6598] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.070527][ T6598] ? import_iovec+0x74/0xa0 [ 113.070549][ T6598] ___sys_sendmsg+0x21f/0x2a0 [ 113.070577][ T6598] ? __pfx____sys_sendmsg+0x10/0x10 [ 113.070636][ T6598] ? __fget_files+0x2a/0x420 [ 113.070659][ T6598] ? __fget_files+0x3a0/0x420 [ 113.070692][ T6598] __x64_sys_sendmsg+0x19b/0x260 [ 113.070721][ T6598] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 113.070756][ T6598] ? __pfx_ksys_write+0x10/0x10 [ 113.070774][ T6598] ? rcu_is_watching+0x15/0xb0 [ 113.070798][ T6598] ? do_syscall_64+0xbe/0x3b0 [ 113.070823][ T6598] do_syscall_64+0xfa/0x3b0 [ 113.070842][ T6598] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.070869][ T6598] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.070887][ T6598] ? clear_bhb_loop+0x60/0xb0 [ 113.070910][ T6598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.070928][ T6598] RIP: 0033:0x7fd290b8e929 [ 113.070944][ T6598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.070963][ T6598] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.070982][ T6598] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 113.070997][ T6598] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000003 [ 113.071008][ T6598] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 113.071020][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.071031][ T6598] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 113.071060][ T6598] [ 113.079989][ T5923] usb 1-1: usb_control_msg returned -32 [ 113.189829][ T6601] capability: warning: `syz.2.205' uses deprecated v2 capabilities in a way that may be insecure [ 113.259459][ T6602] ======================================================= [ 113.259459][ T6602] WARNING: The mand mount option has been deprecated and [ 113.259459][ T6602] and is ignored by this kernel. Remove the mand [ 113.259459][ T6602] option from the mount to silence this warning. [ 113.259459][ T6602] ======================================================= [ 113.408634][ T5923] usbtmc 1-1:16.0: can't read capabilities [ 113.455519][ T5923] usb 1-1: USB disconnect, device number 6 [ 113.636377][ T6613] FAULT_INJECTION: forcing a failure. [ 113.636377][ T6613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.666024][ T6613] CPU: 0 UID: 0 PID: 6613 Comm: syz.1.209 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 113.666050][ T6613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.666060][ T6613] Call Trace: [ 113.666068][ T6613] [ 113.666076][ T6613] dump_stack_lvl+0x189/0x250 [ 113.666102][ T6613] ? __pfx____ratelimit+0x10/0x10 [ 113.666123][ T6613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.666142][ T6613] ? __pfx__printk+0x10/0x10 [ 113.666176][ T6613] should_fail_ex+0x414/0x560 [ 113.666211][ T6613] _copy_from_user+0x2d/0xb0 [ 113.666230][ T6613] sctp_setsockopt+0x19f/0x1200 [ 113.666254][ T6613] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 113.666277][ T6613] do_sock_setsockopt+0x25a/0x3e0 [ 113.666305][ T6613] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 113.666333][ T6613] ? __fget_files+0x2a/0x420 [ 113.666364][ T6613] __x64_sys_setsockopt+0x18b/0x220 [ 113.666396][ T6613] do_syscall_64+0xfa/0x3b0 [ 113.666415][ T6613] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.666434][ T6613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.666451][ T6613] ? clear_bhb_loop+0x60/0xb0 [ 113.666474][ T6613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.666492][ T6613] RIP: 0033:0x7fd290b8e929 [ 113.666508][ T6613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.666523][ T6613] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 113.666542][ T6613] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 113.666556][ T6613] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003 [ 113.666568][ T6613] RBP: 00007fd2919f8090 R08: 0000000000000008 R09: 0000000000000000 [ 113.666579][ T6613] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 113.666590][ T6613] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 113.666619][ T6613] [ 114.219029][ T6632] FAULT_INJECTION: forcing a failure. [ 114.219029][ T6632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.245833][ T6632] CPU: 1 UID: 0 PID: 6632 Comm: syz.3.214 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 114.245859][ T6632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.245870][ T6632] Call Trace: [ 114.245877][ T6632] [ 114.245884][ T6632] dump_stack_lvl+0x189/0x250 [ 114.245911][ T6632] ? __pfx____ratelimit+0x10/0x10 [ 114.245930][ T6632] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.245951][ T6632] ? __pfx__printk+0x10/0x10 [ 114.245994][ T6632] should_fail_ex+0x414/0x560 [ 114.246027][ T6632] strncpy_from_user+0x36/0x290 [ 114.246059][ T6632] getname_flags+0xf3/0x540 [ 114.246088][ T6632] user_path_at+0x24/0x60 [ 114.246117][ T6632] __se_sys_chdir+0x91/0x280 [ 114.246139][ T6632] ? __pfx___se_sys_chdir+0x10/0x10 [ 114.246167][ T6632] ? do_syscall_64+0xbe/0x3b0 [ 114.246191][ T6632] do_syscall_64+0xfa/0x3b0 [ 114.246211][ T6632] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.246230][ T6632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.246247][ T6632] ? clear_bhb_loop+0x60/0xb0 [ 114.246270][ T6632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.246288][ T6632] RIP: 0033:0x7fb4d8b8e929 [ 114.246305][ T6632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.246321][ T6632] RSP: 002b:00007fb4d69f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 114.246339][ T6632] RAX: ffffffffffffffda RBX: 00007fb4d8db6080 RCX: 00007fb4d8b8e929 [ 114.246353][ T6632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140 [ 114.246364][ T6632] RBP: 00007fb4d69f6090 R08: 0000000000000000 R09: 0000000000000000 [ 114.246376][ T6632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.246386][ T6632] R13: 0000000000000001 R14: 00007fb4d8db6080 R15: 00007ffed8f19dc8 [ 114.246415][ T6632] [ 114.433640][ C1] vkms_vblank_simulate: vblank timer overrun [ 115.128296][ T6659] FAULT_INJECTION: forcing a failure. [ 115.128296][ T6659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.141466][ T6659] CPU: 1 UID: 0 PID: 6659 Comm: syz.3.222 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 115.141481][ T6659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.141487][ T6659] Call Trace: [ 115.141492][ T6659] [ 115.141497][ T6659] dump_stack_lvl+0x189/0x250 [ 115.141513][ T6659] ? __pfx____ratelimit+0x10/0x10 [ 115.141525][ T6659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.141535][ T6659] ? __pfx__printk+0x10/0x10 [ 115.141553][ T6659] should_fail_ex+0x414/0x560 [ 115.141572][ T6659] _copy_to_user+0x31/0xb0 [ 115.141584][ T6659] simple_read_from_buffer+0xe1/0x170 [ 115.141599][ T6659] proc_fail_nth_read+0x1df/0x250 [ 115.141614][ T6659] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 115.141629][ T6659] ? rw_verify_area+0x258/0x650 [ 115.141639][ T6659] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 115.141653][ T6659] vfs_read+0x1fd/0x980 [ 115.141666][ T6659] ? __pfx___mutex_lock+0x10/0x10 [ 115.141679][ T6659] ? __pfx_vfs_read+0x10/0x10 [ 115.141689][ T6659] ? __fget_files+0x2a/0x420 [ 115.141704][ T6659] ? __fget_files+0x3a0/0x420 [ 115.141716][ T6659] ? __fget_files+0x2a/0x420 [ 115.141740][ T6659] ksys_read+0x145/0x250 [ 115.141752][ T6659] ? __pfx_ksys_read+0x10/0x10 [ 115.141761][ T6659] ? rcu_is_watching+0x15/0xb0 [ 115.141774][ T6659] ? do_syscall_64+0xbe/0x3b0 [ 115.141787][ T6659] do_syscall_64+0xfa/0x3b0 [ 115.141797][ T6659] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.141808][ T6659] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.141817][ T6659] ? clear_bhb_loop+0x60/0xb0 [ 115.141830][ T6659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.141839][ T6659] RIP: 0033:0x7fb4d8b8d33c [ 115.141849][ T6659] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 115.141857][ T6659] RSP: 002b:00007fb4d9923030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 115.141868][ T6659] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8d33c [ 115.141876][ T6659] RDX: 000000000000000f RSI: 00007fb4d99230a0 RDI: 0000000000000005 [ 115.141882][ T6659] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 115.141888][ T6659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.141893][ T6659] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 115.141913][ T6659] [ 115.371758][ C1] vkms_vblank_simulate: vblank timer overrun [ 115.378066][ T5923] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 115.555062][ T5923] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.566880][ T5923] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.610236][ T5923] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 115.646661][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.888491][ T5923] usb 3-1: usb_control_msg returned -32 [ 115.904275][ T5923] usbtmc 3-1:16.0: can't read capabilities [ 115.973158][ T5923] usb 3-1: USB disconnect, device number 9 [ 116.152447][ T6679] FAULT_INJECTION: forcing a failure. [ 116.152447][ T6679] name failslab, interval 1, probability 0, space 0, times 0 [ 116.185263][ T6679] CPU: 1 UID: 0 PID: 6679 Comm: syz.0.228 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 116.185290][ T6679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.185301][ T6679] Call Trace: [ 116.185309][ T6679] [ 116.185318][ T6679] dump_stack_lvl+0x189/0x250 [ 116.185343][ T6679] ? __pfx____ratelimit+0x10/0x10 [ 116.185365][ T6679] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.185387][ T6679] ? __pfx__printk+0x10/0x10 [ 116.185414][ T6679] ? __pfx___might_resched+0x10/0x10 [ 116.185438][ T6679] should_fail_ex+0x414/0x560 [ 116.185474][ T6679] should_failslab+0xa8/0x100 [ 116.185497][ T6679] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 116.185534][ T6679] ? __alloc_skb+0x112/0x2d0 [ 116.185561][ T6679] __alloc_skb+0x112/0x2d0 [ 116.185588][ T6679] netlink_sendmsg+0x5c6/0xb30 [ 116.185619][ T6679] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.185645][ T6679] ? aa_sock_msg_perm+0xf1/0x1d0 [ 116.185670][ T6679] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 116.185694][ T6679] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.185718][ T6679] __sock_sendmsg+0x219/0x270 [ 116.185740][ T6679] ____sys_sendmsg+0x505/0x830 [ 116.185771][ T6679] ? __pfx_____sys_sendmsg+0x10/0x10 [ 116.185814][ T6679] ? import_iovec+0x74/0xa0 [ 116.185836][ T6679] ___sys_sendmsg+0x21f/0x2a0 [ 116.185865][ T6679] ? __pfx____sys_sendmsg+0x10/0x10 [ 116.185925][ T6679] ? __fget_files+0x2a/0x420 [ 116.185948][ T6679] ? __fget_files+0x3a0/0x420 [ 116.185981][ T6679] __x64_sys_sendmsg+0x19b/0x260 [ 116.186010][ T6679] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 116.186046][ T6679] ? __pfx_ksys_write+0x10/0x10 [ 116.186063][ T6679] ? rcu_is_watching+0x15/0xb0 [ 116.186087][ T6679] ? do_syscall_64+0xbe/0x3b0 [ 116.186112][ T6679] do_syscall_64+0xfa/0x3b0 [ 116.186132][ T6679] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.186151][ T6679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.186170][ T6679] ? clear_bhb_loop+0x60/0xb0 [ 116.186193][ T6679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.186211][ T6679] RIP: 0033:0x7f27f8f8e929 [ 116.186228][ T6679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.186243][ T6679] RSP: 002b:00007f27f9e1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.186263][ T6679] RAX: ffffffffffffffda RBX: 00007f27f91b5fa0 RCX: 00007f27f8f8e929 [ 116.186277][ T6679] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 116.186289][ T6679] RBP: 00007f27f9e1e090 R08: 0000000000000000 R09: 0000000000000000 [ 116.186300][ T6679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.186311][ T6679] R13: 0000000000000000 R14: 00007f27f91b5fa0 R15: 00007ffd105257d8 [ 116.186340][ T6679] [ 116.458136][ C1] vkms_vblank_simulate: vblank timer overrun [ 116.880859][ T6696] FAULT_INJECTION: forcing a failure. [ 116.880859][ T6696] name failslab, interval 1, probability 0, space 0, times 0 [ 116.899346][ T6696] CPU: 1 UID: 0 PID: 6696 Comm: syz.3.235 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 116.899373][ T6696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.899384][ T6696] Call Trace: [ 116.899392][ T6696] [ 116.899400][ T6696] dump_stack_lvl+0x189/0x250 [ 116.899426][ T6696] ? __pfx____ratelimit+0x10/0x10 [ 116.899448][ T6696] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.899468][ T6696] ? __pfx__printk+0x10/0x10 [ 116.899492][ T6696] ? __pfx___might_resched+0x10/0x10 [ 116.899509][ T6696] ? fs_reclaim_acquire+0x7d/0x100 [ 116.899536][ T6696] should_fail_ex+0x414/0x560 [ 116.899571][ T6696] should_failslab+0xa8/0x100 [ 116.899593][ T6696] __kmalloc_noprof+0xcb/0x4f0 [ 116.899611][ T6696] ? tomoyo_encode+0x28b/0x550 [ 116.899638][ T6696] tomoyo_encode+0x28b/0x550 [ 116.899665][ T6696] tomoyo_realpath_from_path+0x58d/0x5d0 [ 116.899688][ T6696] ? tomoyo_domain+0xd9/0x130 [ 116.899714][ T6696] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 116.899730][ T6696] tomoyo_path_number_perm+0x1e8/0x5a0 [ 116.899758][ T6696] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 116.899790][ T6696] ? __lock_acquire+0xab9/0xd20 [ 116.899838][ T6696] ? __fget_files+0x2a/0x420 [ 116.899864][ T6696] ? __fget_files+0x2a/0x420 [ 116.899886][ T6696] ? __fget_files+0x3a0/0x420 [ 116.899907][ T6696] ? __fget_files+0x2a/0x420 [ 116.899933][ T6696] security_file_ioctl+0xcb/0x2d0 [ 116.899964][ T6696] __se_sys_ioctl+0x47/0x170 [ 116.899986][ T6696] do_syscall_64+0xfa/0x3b0 [ 116.900006][ T6696] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.900026][ T6696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.900044][ T6696] ? clear_bhb_loop+0x60/0xb0 [ 116.900068][ T6696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.900086][ T6696] RIP: 0033:0x7fb4d8b8e929 [ 116.900102][ T6696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.900116][ T6696] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.900134][ T6696] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 116.900148][ T6696] RDX: 0000200000000040 RSI: 0000000000008b19 RDI: 0000000000000004 [ 116.900159][ T6696] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 116.900167][ T6696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.900176][ T6696] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 116.900204][ T6696] [ 116.900224][ T6696] ERROR: Out of memory at tomoyo_realpath_from_path. [ 117.290008][ T6703] /dev/rnullb0: Can't open blockdev [ 117.652652][ T925] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 117.768440][ T6714] program syz.3.242 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 117.780141][ T6714] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 117.815113][ T925] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.833549][ T925] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.854845][ T925] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 117.864579][ T925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.917066][ T6718] tc_dump_action: action bad kind [ 118.027060][ T6724] FAULT_INJECTION: forcing a failure. [ 118.027060][ T6724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.042630][ T6724] CPU: 0 UID: 0 PID: 6724 Comm: syz.1.246 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 118.042655][ T6724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.042666][ T6724] Call Trace: [ 118.042673][ T6724] [ 118.042680][ T6724] dump_stack_lvl+0x189/0x250 [ 118.042710][ T6724] ? __pfx____ratelimit+0x10/0x10 [ 118.042730][ T6724] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.042749][ T6724] ? __pfx__printk+0x10/0x10 [ 118.042782][ T6724] should_fail_ex+0x414/0x560 [ 118.042816][ T6724] _copy_to_user+0x31/0xb0 [ 118.042837][ T6724] simple_read_from_buffer+0xe1/0x170 [ 118.042864][ T6724] proc_fail_nth_read+0x1df/0x250 [ 118.042893][ T6724] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 118.042921][ T6724] ? rw_verify_area+0x258/0x650 [ 118.042939][ T6724] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 118.042966][ T6724] vfs_read+0x1fd/0x980 [ 118.042991][ T6724] ? __pfx___mutex_lock+0x10/0x10 [ 118.043012][ T6724] ? __pfx_vfs_read+0x10/0x10 [ 118.043034][ T6724] ? __fget_files+0x2a/0x420 [ 118.043061][ T6724] ? __fget_files+0x3a0/0x420 [ 118.043083][ T6724] ? __fget_files+0x2a/0x420 [ 118.043115][ T6724] ksys_read+0x145/0x250 [ 118.043137][ T6724] ? __pfx_ksys_read+0x10/0x10 [ 118.043154][ T6724] ? rcu_is_watching+0x15/0xb0 [ 118.043178][ T6724] ? do_syscall_64+0xbe/0x3b0 [ 118.043203][ T6724] do_syscall_64+0xfa/0x3b0 [ 118.043222][ T6724] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.043241][ T6724] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.043260][ T6724] ? clear_bhb_loop+0x60/0xb0 [ 118.043283][ T6724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.043301][ T6724] RIP: 0033:0x7fd290b8d33c [ 118.043317][ T6724] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 118.043338][ T6724] RSP: 002b:00007fd2919f8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 118.043356][ T6724] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8d33c [ 118.043371][ T6724] RDX: 000000000000000f RSI: 00007fd2919f80a0 RDI: 0000000000000005 [ 118.043382][ T6724] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 118.043394][ T6724] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000001 [ 118.043406][ T6724] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 118.043436][ T6724] [ 118.290192][ T925] usb 3-1: usb_control_msg returned -32 [ 118.295865][ T925] usbtmc 3-1:16.0: can't read capabilities [ 118.311823][ T925] usb 3-1: USB disconnect, device number 10 [ 119.344111][ T6749] tap0: tun_chr_ioctl cmd 1074025677 [ 119.353079][ T6749] tap0: linktype set to 776 [ 119.402688][ T6753] /dev/nullb0: Can't open blockdev [ 119.410895][ T6752] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 119.649069][ T6763] FAULT_INJECTION: forcing a failure. [ 119.649069][ T6763] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.688455][ T6763] CPU: 0 UID: 0 PID: 6763 Comm: syz.1.258 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 119.688482][ T6763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.688494][ T6763] Call Trace: [ 119.688501][ T6763] [ 119.688509][ T6763] dump_stack_lvl+0x189/0x250 [ 119.688535][ T6763] ? __pfx____ratelimit+0x10/0x10 [ 119.688556][ T6763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.688577][ T6763] ? __pfx__printk+0x10/0x10 [ 119.688599][ T6763] ? __might_fault+0xb0/0x130 [ 119.688628][ T6763] should_fail_ex+0x414/0x560 [ 119.688663][ T6763] _copy_to_iter+0x3f5/0x16f0 [ 119.688701][ T6763] ? __pfx__copy_to_iter+0x10/0x10 [ 119.688726][ T6763] ? __skb_try_recv_from_queue+0x58f/0x730 [ 119.688760][ T6763] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 119.688794][ T6763] __skb_datagram_iter+0xf8/0x990 [ 119.688824][ T6763] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 119.688861][ T6763] skb_copy_datagram_iter+0xc5/0x230 [ 119.688894][ T6763] netlink_recvmsg+0x2ab/0xa30 [ 119.688926][ T6763] ? __pfx_netlink_recvmsg+0x10/0x10 [ 119.688953][ T6763] ? __lock_acquire+0xab9/0xd20 [ 119.688978][ T6763] ? aa_sock_msg_perm+0xf1/0x1d0 [ 119.689002][ T6763] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 119.689025][ T6763] ? security_socket_recvmsg+0x7e/0x2e0 [ 119.689049][ T6763] ? __pfx_netlink_recvmsg+0x10/0x10 [ 119.689072][ T6763] sock_recvmsg+0x229/0x270 [ 119.689096][ T6763] ____sys_recvmsg+0x1c9/0x460 [ 119.689132][ T6763] ? __pfx_____sys_recvmsg+0x10/0x10 [ 119.689180][ T6763] ? import_iovec+0x74/0xa0 [ 119.689202][ T6763] ___sys_recvmsg+0x1b5/0x510 [ 119.689233][ T6763] ? __pfx____sys_recvmsg+0x10/0x10 [ 119.689285][ T6763] ? __fget_files+0x3a0/0x420 [ 119.689320][ T6763] do_recvmmsg+0x307/0x770 [ 119.689355][ T6763] ? __pfx_do_recvmmsg+0x10/0x10 [ 119.689394][ T6763] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 119.689433][ T6763] __x64_sys_recvmmsg+0x190/0x240 [ 119.689463][ T6763] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 119.689488][ T6763] ? rcu_is_watching+0x15/0xb0 [ 119.689512][ T6763] ? do_syscall_64+0xbe/0x3b0 [ 119.689537][ T6763] do_syscall_64+0xfa/0x3b0 [ 119.689557][ T6763] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.689576][ T6763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.689595][ T6763] ? clear_bhb_loop+0x60/0xb0 [ 119.689618][ T6763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.689636][ T6763] RIP: 0033:0x7fd290b8e929 [ 119.689652][ T6763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.689667][ T6763] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 119.689687][ T6763] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 119.689701][ T6763] RDX: 0000000000000005 RSI: 0000200000000640 RDI: 0000000000000003 [ 119.689713][ T6763] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 119.689725][ T6763] R10: 0000000040018042 R11: 0000000000000246 R12: 0000000000000001 [ 119.689736][ T6763] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 119.689765][ T6763] [ 120.386367][ T6777] 9pnet_fd: Insufficient options for proto=fd [ 120.492575][ T5272] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 120.658084][ T5272] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 120.683538][ T5272] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 120.721793][ T5272] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 120.740937][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.756107][ T6786] FAULT_INJECTION: forcing a failure. [ 120.756107][ T6786] name failslab, interval 1, probability 0, space 0, times 0 [ 120.769915][ T6786] CPU: 0 UID: 0 PID: 6786 Comm: syz.3.266 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 120.769938][ T6786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.769952][ T6786] Call Trace: [ 120.769959][ T6786] [ 120.769966][ T6786] dump_stack_lvl+0x189/0x250 [ 120.769999][ T6786] ? __pfx____ratelimit+0x10/0x10 [ 120.770019][ T6786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.770038][ T6786] ? __pfx__printk+0x10/0x10 [ 120.770061][ T6786] ? __pfx___might_resched+0x10/0x10 [ 120.770083][ T6786] should_fail_ex+0x414/0x560 [ 120.770117][ T6786] should_failslab+0xa8/0x100 [ 120.770137][ T6786] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 120.770156][ T6786] ? __alloc_skb+0x112/0x2d0 [ 120.770182][ T6786] __alloc_skb+0x112/0x2d0 [ 120.770208][ T6786] netlink_sendmsg+0x5c6/0xb30 [ 120.770240][ T6786] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.770266][ T6786] ? aa_sock_msg_perm+0xf1/0x1d0 [ 120.770289][ T6786] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 120.770312][ T6786] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.770334][ T6786] __sock_sendmsg+0x219/0x270 [ 120.770359][ T6786] ____sys_sendmsg+0x505/0x830 [ 120.770395][ T6786] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.770428][ T6786] ? import_iovec+0x74/0xa0 [ 120.770451][ T6786] ___sys_sendmsg+0x21f/0x2a0 [ 120.770479][ T6786] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.770541][ T6786] ? __fget_files+0x2a/0x420 [ 120.770564][ T6786] ? __fget_files+0x3a0/0x420 [ 120.770597][ T6786] __x64_sys_sendmsg+0x19b/0x260 [ 120.770626][ T6786] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 120.770662][ T6786] ? __pfx_ksys_write+0x10/0x10 [ 120.770680][ T6786] ? rcu_is_watching+0x15/0xb0 [ 120.770703][ T6786] ? do_syscall_64+0xbe/0x3b0 [ 120.770727][ T6786] do_syscall_64+0xfa/0x3b0 [ 120.770745][ T6786] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.770763][ T6786] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.770778][ T6786] ? clear_bhb_loop+0x60/0xb0 [ 120.770800][ T6786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.770815][ T6786] RIP: 0033:0x7fb4d8b8e929 [ 120.770840][ T6786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.770854][ T6786] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.770879][ T6786] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 120.770894][ T6786] RDX: 0000000020008000 RSI: 0000200000000380 RDI: 0000000000000004 [ 120.770905][ T6786] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 120.770917][ T6786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.770927][ T6786] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 120.770956][ T6786] [ 120.985391][ T5272] usb 3-1: usb_control_msg returned -32 [ 121.056137][ T5272] usbtmc 3-1:16.0: can't read capabilities [ 121.171907][ T5272] usb 3-1: USB disconnect, device number 11 [ 121.220106][ T30] audit: type=1800 audit(1750938583.429:2): pid=6793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.269" name="dmabuf" dev="dmabuf" ino=20 res=0 errno=0 [ 121.239610][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.338344][ T6795] binder: BINDER_SET_CONTEXT_MGR already set [ 121.344671][ T6795] binder: 6794:6795 ioctl 4018620d 200000000040 returned -16 [ 121.428164][ T6803] FAULT_INJECTION: forcing a failure. [ 121.428164][ T6803] name failslab, interval 1, probability 0, space 0, times 0 [ 121.451520][ T6803] CPU: 1 UID: 0 PID: 6803 Comm: syz.1.272 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 121.451547][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.451559][ T6803] Call Trace: [ 121.451567][ T6803] [ 121.451574][ T6803] dump_stack_lvl+0x189/0x250 [ 121.451600][ T6803] ? __pfx____ratelimit+0x10/0x10 [ 121.451621][ T6803] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.451641][ T6803] ? __pfx__printk+0x10/0x10 [ 121.451668][ T6803] ? __pfx___might_resched+0x10/0x10 [ 121.451692][ T6803] should_fail_ex+0x414/0x560 [ 121.451726][ T6803] should_failslab+0xa8/0x100 [ 121.451748][ T6803] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 121.451766][ T6803] ? __alloc_skb+0x112/0x2d0 [ 121.451793][ T6803] __alloc_skb+0x112/0x2d0 [ 121.451818][ T6803] netlink_sendmsg+0x5c6/0xb30 [ 121.451849][ T6803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.451871][ T6803] ? aa_sock_msg_perm+0xf1/0x1d0 [ 121.451894][ T6803] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 121.451918][ T6803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.451940][ T6803] __sock_sendmsg+0x219/0x270 [ 121.451962][ T6803] ____sys_sendmsg+0x505/0x830 [ 121.451993][ T6803] ? __pfx_____sys_sendmsg+0x10/0x10 [ 121.452028][ T6803] ? import_iovec+0x74/0xa0 [ 121.452049][ T6803] ___sys_sendmsg+0x21f/0x2a0 [ 121.452077][ T6803] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.452136][ T6803] ? __fget_files+0x2a/0x420 [ 121.452159][ T6803] ? __fget_files+0x3a0/0x420 [ 121.452190][ T6803] __x64_sys_sendmsg+0x19b/0x260 [ 121.452217][ T6803] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 121.452250][ T6803] ? __pfx_ksys_write+0x10/0x10 [ 121.452265][ T6803] ? rcu_is_watching+0x15/0xb0 [ 121.452286][ T6803] ? do_syscall_64+0xbe/0x3b0 [ 121.452318][ T6803] do_syscall_64+0xfa/0x3b0 [ 121.452339][ T6803] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.452356][ T6803] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.452374][ T6803] ? clear_bhb_loop+0x60/0xb0 [ 121.452396][ T6803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.452414][ T6803] RIP: 0033:0x7fd290b8e929 [ 121.452431][ T6803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.452447][ T6803] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.452471][ T6803] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 121.452484][ T6803] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000003 [ 121.452495][ T6803] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 121.452506][ T6803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.452516][ T6803] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 121.452544][ T6803] [ 121.718297][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.900066][ T6812] 9pnet_fd: Insufficient options for proto=fd [ 121.980417][ T6816] FAULT_INJECTION: forcing a failure. [ 121.980417][ T6816] name failslab, interval 1, probability 0, space 0, times 0 [ 121.993517][ T6816] CPU: 1 UID: 0 PID: 6816 Comm: syz.2.278 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 121.993544][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.993555][ T6816] Call Trace: [ 121.993562][ T6816] [ 121.993570][ T6816] dump_stack_lvl+0x189/0x250 [ 121.993593][ T6816] ? __pfx____ratelimit+0x10/0x10 [ 121.993612][ T6816] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.993632][ T6816] ? __pfx__printk+0x10/0x10 [ 121.993656][ T6816] ? __pfx___might_resched+0x10/0x10 [ 121.993674][ T6816] ? fs_reclaim_acquire+0x7d/0x100 [ 121.993701][ T6816] should_fail_ex+0x414/0x560 [ 121.993734][ T6816] should_failslab+0xa8/0x100 [ 121.993756][ T6816] __kmalloc_noprof+0xcb/0x4f0 [ 121.993773][ T6816] ? tomoyo_encode+0x28b/0x550 [ 121.993800][ T6816] tomoyo_encode+0x28b/0x550 [ 121.993829][ T6816] tomoyo_realpath_from_path+0x58d/0x5d0 [ 121.993854][ T6816] ? tomoyo_domain+0xd9/0x130 [ 121.993883][ T6816] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 121.993903][ T6816] tomoyo_path_number_perm+0x1e8/0x5a0 [ 121.993924][ T6816] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 121.993960][ T6816] ? __lock_acquire+0xab9/0xd20 [ 121.994007][ T6816] ? __fget_files+0x2a/0x420 [ 121.994034][ T6816] ? __fget_files+0x2a/0x420 [ 121.994055][ T6816] ? __fget_files+0x3a0/0x420 [ 121.994076][ T6816] ? __fget_files+0x2a/0x420 [ 121.994103][ T6816] security_file_ioctl+0xcb/0x2d0 [ 121.994133][ T6816] __se_sys_ioctl+0x47/0x170 [ 121.994155][ T6816] do_syscall_64+0xfa/0x3b0 [ 121.994180][ T6816] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.994200][ T6816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.994219][ T6816] ? clear_bhb_loop+0x60/0xb0 [ 121.994242][ T6816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.994260][ T6816] RIP: 0033:0x7fc66df8e929 [ 121.994276][ T6816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.994292][ T6816] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.994312][ T6816] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 121.994326][ T6816] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005 [ 121.994339][ T6816] RBP: 00007fc66edf5090 R08: 0000000000000000 R09: 0000000000000000 [ 121.994351][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.994361][ T6816] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 121.994391][ T6816] [ 121.994412][ T6816] ERROR: Out of memory at tomoyo_realpath_from_path. [ 122.185816][ T6819] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 122.190770][ C1] vkms_vblank_simulate: vblank timer overrun [ 122.644943][ T6834] netlink: 16 bytes leftover after parsing attributes in process `syz.2.279'. [ 122.724408][ T6834] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 122.872321][ T6839] process 'syz.0.283' launched './file2' with NULL argv: empty string added [ 122.910589][ T43] IPVS: starting estimator thread 0... [ 122.918470][ T6839] overlay: Unknown parameter 'subj_type' [ 123.015686][ T6840] IPVS: using max 27 ests per chain, 64800 per kthread [ 123.052706][ T5923] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 123.156687][ T6842] can0: slcan on ttyS3. [ 123.207790][ T5923] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 123.229299][ T5923] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.261473][ T5923] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 123.301276][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.423391][ T5272] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 123.532682][ T5923] usb 2-1: usb_control_msg returned -32 [ 123.549149][ T5923] usbtmc 2-1:16.0: can't read capabilities [ 123.595099][ T5272] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 123.616902][ T5923] usb 2-1: USB disconnect, device number 12 [ 123.629322][ T5272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 123.683441][ T5272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 123.699431][ T5272] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 123.716527][ T5272] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.728822][ T5272] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.766504][ T5272] usb 1-1: config 0 descriptor?? [ 123.849304][ T6859] 9pnet_fd: Insufficient options for proto=fd [ 124.008354][ T6866] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 124.148395][ T6870] FAULT_INJECTION: forcing a failure. [ 124.148395][ T6870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.182445][ T5272] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max [ 124.197215][ T6870] CPU: 0 UID: 0 PID: 6870 Comm: syz.1.290 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 124.197241][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.197252][ T6870] Call Trace: [ 124.197260][ T6870] [ 124.197267][ T6870] dump_stack_lvl+0x189/0x250 [ 124.197291][ T6870] ? __pfx____ratelimit+0x10/0x10 [ 124.197312][ T6870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.197333][ T6870] ? __pfx__printk+0x10/0x10 [ 124.197368][ T6870] should_fail_ex+0x414/0x560 [ 124.197403][ T6870] _copy_from_user+0x2d/0xb0 [ 124.197423][ T6870] sctp_setsockopt+0x19f/0x1200 [ 124.197448][ T6870] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 124.197471][ T6870] do_sock_setsockopt+0x25a/0x3e0 [ 124.197500][ T6870] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 124.197530][ T6870] ? __fget_files+0x2a/0x420 [ 124.197563][ T6870] __x64_sys_setsockopt+0x18b/0x220 [ 124.197595][ T6870] do_syscall_64+0xfa/0x3b0 [ 124.197616][ T6870] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.197636][ T6870] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.197655][ T6870] ? clear_bhb_loop+0x60/0xb0 [ 124.197679][ T6870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.197693][ T6870] RIP: 0033:0x7fd290b8e929 [ 124.197720][ T6870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.197738][ T6870] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 124.197763][ T6870] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 124.197778][ T6870] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003 [ 124.197790][ T6870] RBP: 00007fd2919f8090 R08: 0000000000000008 R09: 0000000000000000 [ 124.197802][ T6870] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 124.197815][ T6870] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 124.197846][ T6870] [ 124.276108][ T5272] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 124.341633][ C1] vkms_vblank_simulate: vblank timer overrun [ 124.628841][ T5835] Bluetooth: hci1: unexpected cc 0x202d length: 9 > 1 [ 125.374366][ T6905] exFAT-fs (rnullb0): invalid boot record signature [ 125.381302][ T6905] exFAT-fs (rnullb0): failed to read boot sector [ 125.394973][ T6905] exFAT-fs (rnullb0): failed to recognize exfat type [ 125.605023][ T6841] can0 (unregistered): slcan off ttyS3. [ 126.327106][ T5923] usb 1-1: USB disconnect, device number 7 [ 126.592616][ T5925] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 126.755448][ T5925] usb 3-1: Using ep0 maxpacket: 8 [ 126.778527][ T5925] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 126.792239][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.810491][ T5925] usb 3-1: Product: syz [ 126.817425][ T5925] usb 3-1: Manufacturer: syz [ 126.822239][ T5925] usb 3-1: SerialNumber: syz [ 126.844243][ T5925] usb 3-1: config 0 descriptor?? [ 127.057765][ T5925] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 127.202934][ T5923] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 127.372695][ T5923] usb 2-1: Using ep0 maxpacket: 8 [ 127.380415][ T5923] usb 2-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00 [ 127.391904][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.413198][ T5923] usb 2-1: config 0 descriptor?? [ 127.434215][ T5923] usbhid 2-1:0.0: can't add hid device: -22 [ 127.440229][ T5923] usbhid 2-1:0.0: probe with driver usbhid failed with error -22 [ 127.874624][ T5925] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 127.904099][ T5925] usb 3-1: USB disconnect, device number 12 [ 127.930637][ T30] audit: type=1326 audit(1750938590.139:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 127.981410][ T30] audit: type=1326 audit(1750938590.189:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.032374][ T30] audit: type=1326 audit(1750938590.239:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.090119][ T30] audit: type=1326 audit(1750938590.299:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.143481][ T30] audit: type=1326 audit(1750938590.359:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.200259][ T30] audit: type=1326 audit(1750938590.409:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.257794][ T30] audit: type=1326 audit(1750938590.469:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.321893][ T30] audit: type=1326 audit(1750938590.529:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4d8b8e929 code=0x0 [ 128.475554][ T7006] FAULT_INJECTION: forcing a failure. [ 128.475554][ T7006] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.544428][ T7006] CPU: 1 UID: 0 PID: 7006 Comm: syz.3.316 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 128.544455][ T7006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.544467][ T7006] Call Trace: [ 128.544475][ T7006] [ 128.544483][ T7006] dump_stack_lvl+0x189/0x250 [ 128.544518][ T7006] ? __pfx____ratelimit+0x10/0x10 [ 128.544540][ T7006] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.544561][ T7006] ? __pfx__printk+0x10/0x10 [ 128.544596][ T7006] should_fail_ex+0x414/0x560 [ 128.544632][ T7006] _copy_to_user+0x31/0xb0 [ 128.544653][ T7006] simple_read_from_buffer+0xe1/0x170 [ 128.544680][ T7006] proc_fail_nth_read+0x1df/0x250 [ 128.544713][ T7006] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 128.544743][ T7006] ? rw_verify_area+0x258/0x650 [ 128.544762][ T7006] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 128.544790][ T7006] vfs_read+0x1fd/0x980 [ 128.544815][ T7006] ? __pfx___mutex_lock+0x10/0x10 [ 128.544837][ T7006] ? __pfx_vfs_read+0x10/0x10 [ 128.544858][ T7006] ? __fget_files+0x2a/0x420 [ 128.544886][ T7006] ? __fget_files+0x3a0/0x420 [ 128.544909][ T7006] ? __fget_files+0x2a/0x420 [ 128.544942][ T7006] ksys_read+0x145/0x250 [ 128.544964][ T7006] ? __pfx_ksys_read+0x10/0x10 [ 128.544982][ T7006] ? rcu_is_watching+0x15/0xb0 [ 128.545007][ T7006] ? do_syscall_64+0xbe/0x3b0 [ 128.545032][ T7006] do_syscall_64+0xfa/0x3b0 [ 128.545052][ T7006] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.545072][ T7006] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.545091][ T7006] ? clear_bhb_loop+0x60/0xb0 [ 128.545114][ T7006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.545133][ T7006] RIP: 0033:0x7fb4d8b8d33c [ 128.545150][ T7006] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 128.545167][ T7006] RSP: 002b:00007fb4d9923030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 128.545187][ T7006] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8d33c [ 128.545202][ T7006] RDX: 000000000000000f RSI: 00007fb4d99230a0 RDI: 0000000000000004 [ 128.545214][ T7006] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 128.545226][ T7006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.545238][ T7006] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 128.545267][ T7006] [ 128.782088][ C1] vkms_vblank_simulate: vblank timer overrun [ 129.633705][ T925] usb 2-1: USB disconnect, device number 13 [ 129.734242][ T7031] FAULT_INJECTION: forcing a failure. [ 129.734242][ T7031] name failslab, interval 1, probability 0, space 0, times 0 [ 129.747141][ T7031] CPU: 0 UID: 0 PID: 7031 Comm: syz.2.325 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 129.747167][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.747180][ T7031] Call Trace: [ 129.747188][ T7031] [ 129.747196][ T7031] dump_stack_lvl+0x189/0x250 [ 129.747223][ T7031] ? __pfx____ratelimit+0x10/0x10 [ 129.747244][ T7031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.747266][ T7031] ? __pfx__printk+0x10/0x10 [ 129.747291][ T7031] ? __pfx___might_resched+0x10/0x10 [ 129.747309][ T7031] ? fs_reclaim_acquire+0x7d/0x100 [ 129.747336][ T7031] should_fail_ex+0x414/0x560 [ 129.747371][ T7031] should_failslab+0xa8/0x100 [ 129.747393][ T7031] __kmalloc_noprof+0xcb/0x4f0 [ 129.747410][ T7031] ? kfree+0x4d/0x440 [ 129.747433][ T7031] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 129.747463][ T7031] tomoyo_realpath_from_path+0xe3/0x5d0 [ 129.747488][ T7031] ? tomoyo_domain+0xd9/0x130 [ 129.747515][ T7031] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 129.747534][ T7031] tomoyo_path_number_perm+0x1e8/0x5a0 [ 129.747555][ T7031] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 129.747591][ T7031] ? __lock_acquire+0xab9/0xd20 [ 129.747639][ T7031] ? __fget_files+0x2a/0x420 [ 129.747666][ T7031] ? __fget_files+0x2a/0x420 [ 129.747688][ T7031] ? __fget_files+0x3a0/0x420 [ 129.747710][ T7031] ? __fget_files+0x2a/0x420 [ 129.747737][ T7031] security_file_ioctl+0xcb/0x2d0 [ 129.747768][ T7031] __se_sys_ioctl+0x47/0x170 [ 129.747790][ T7031] do_syscall_64+0xfa/0x3b0 [ 129.747809][ T7031] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.747829][ T7031] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.747848][ T7031] ? clear_bhb_loop+0x60/0xb0 [ 129.747871][ T7031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.747890][ T7031] RIP: 0033:0x7fc66df8e929 [ 129.747907][ T7031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.747924][ T7031] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.747944][ T7031] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 129.747958][ T7031] RDX: 0000200000000280 RSI: 00000000c058565d RDI: 0000000000000003 [ 129.747971][ T7031] RBP: 00007fc66edf5090 R08: 0000000000000000 R09: 0000000000000000 [ 129.747984][ T7031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.747994][ T7031] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 129.748025][ T7031] [ 129.748032][ T7031] ERROR: Out of memory at tomoyo_realpath_from_path. [ 130.251590][ T7042] loop8: detected capacity change from 0 to 7 [ 130.275274][ T7042] Dev loop8: unable to read RDB block 7 [ 130.296081][ T7042] loop8: unable to read partition table [ 130.313189][ T7042] loop8: partition table beyond EOD, truncated [ 130.342918][ T7042] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 130.941084][ T7067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.336'. [ 130.960701][ T7067] fuse: Bad value for 'group_id' [ 130.967263][ T7067] fuse: Bad value for 'group_id' [ 131.279187][ T7077] ptrace attach of "./syz-executor exec"[7078] was attempted by "./syz-executor exec"[7077] [ 131.395776][ T7082] FAULT_INJECTION: forcing a failure. [ 131.395776][ T7082] name failslab, interval 1, probability 0, space 0, times 0 [ 131.423617][ T7082] CPU: 0 UID: 0 PID: 7082 Comm: syz.3.341 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 131.423645][ T7082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.423657][ T7082] Call Trace: [ 131.423666][ T7082] [ 131.423674][ T7082] dump_stack_lvl+0x189/0x250 [ 131.423702][ T7082] ? __pfx____ratelimit+0x10/0x10 [ 131.423724][ T7082] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.423746][ T7082] ? __pfx__printk+0x10/0x10 [ 131.423783][ T7082] should_fail_ex+0x414/0x560 [ 131.423820][ T7082] should_failslab+0xa8/0x100 [ 131.423841][ T7082] kmem_cache_alloc_noprof+0x73/0x3c0 [ 131.423871][ T7082] ? skb_clone+0x212/0x3a0 [ 131.423904][ T7082] skb_clone+0x212/0x3a0 [ 131.423956][ T7082] __netlink_deliver_tap+0x404/0x850 [ 131.423993][ T7082] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.424017][ T7082] netlink_deliver_tap+0x19c/0x1b0 [ 131.424041][ T7082] netlink_sendskb+0x68/0x140 [ 131.424063][ T7082] netlink_rcv_skb+0x28c/0x470 [ 131.424087][ T7082] ? __pfx_genl_rcv_msg+0x10/0x10 [ 131.424116][ T7082] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.424158][ T7082] ? down_read+0x1ad/0x2e0 [ 131.424184][ T7082] genl_rcv+0x28/0x40 [ 131.424209][ T7082] netlink_unicast+0x758/0x8d0 [ 131.424241][ T7082] netlink_sendmsg+0x805/0xb30 [ 131.424280][ T7082] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.424307][ T7082] ? aa_sock_msg_perm+0xf1/0x1d0 [ 131.424332][ T7082] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.424358][ T7082] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.424382][ T7082] __sock_sendmsg+0x219/0x270 [ 131.424406][ T7082] ____sys_sendmsg+0x505/0x830 [ 131.424439][ T7082] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.424476][ T7082] ? import_iovec+0x74/0xa0 [ 131.424499][ T7082] ___sys_sendmsg+0x21f/0x2a0 [ 131.424528][ T7082] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.424595][ T7082] ? __fget_files+0x2a/0x420 [ 131.424618][ T7082] ? __fget_files+0x3a0/0x420 [ 131.424654][ T7082] __x64_sys_sendmsg+0x19b/0x260 [ 131.424683][ T7082] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.424721][ T7082] ? __pfx_ksys_write+0x10/0x10 [ 131.424739][ T7082] ? rcu_is_watching+0x15/0xb0 [ 131.424764][ T7082] ? do_syscall_64+0xbe/0x3b0 [ 131.424791][ T7082] do_syscall_64+0xfa/0x3b0 [ 131.424811][ T7082] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.424831][ T7082] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.424851][ T7082] ? clear_bhb_loop+0x60/0xb0 [ 131.424875][ T7082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.424894][ T7082] RIP: 0033:0x7fb4d8b8e929 [ 131.424911][ T7082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.424928][ T7082] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.424949][ T7082] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 131.424963][ T7082] RDX: 0000000000000000 RSI: 000020000000d040 RDI: 0000000000000003 [ 131.424976][ T7082] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 131.424989][ T7082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.425001][ T7082] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 131.425032][ T7082] [ 132.748539][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.762576][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.969835][ T7117] FAULT_INJECTION: forcing a failure. [ 132.969835][ T7117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.986081][ T7117] CPU: 0 UID: 0 PID: 7117 Comm: syz.1.353 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 132.986107][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.986119][ T7117] Call Trace: [ 132.986125][ T7117] [ 132.986133][ T7117] dump_stack_lvl+0x189/0x250 [ 132.986157][ T7117] ? __pfx____ratelimit+0x10/0x10 [ 132.986177][ T7117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.986196][ T7117] ? __pfx__printk+0x10/0x10 [ 132.986216][ T7117] ? __might_fault+0xb0/0x130 [ 132.986244][ T7117] should_fail_ex+0x414/0x560 [ 132.986277][ T7117] _copy_from_user+0x2d/0xb0 [ 132.986296][ T7117] ___sys_sendmsg+0x158/0x2a0 [ 132.986324][ T7117] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.986381][ T7117] ? __fget_files+0x2a/0x420 [ 132.986403][ T7117] ? __fget_files+0x3a0/0x420 [ 132.986435][ T7117] __x64_sys_sendmsg+0x19b/0x260 [ 132.986462][ T7117] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 132.986496][ T7117] ? __pfx_ksys_write+0x10/0x10 [ 132.986513][ T7117] ? rcu_is_watching+0x15/0xb0 [ 132.986536][ T7117] ? do_syscall_64+0xbe/0x3b0 [ 132.986559][ T7117] do_syscall_64+0xfa/0x3b0 [ 132.986578][ T7117] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.986597][ T7117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.986616][ T7117] ? clear_bhb_loop+0x60/0xb0 [ 132.986638][ T7117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.986654][ T7117] RIP: 0033:0x7fd290b8e929 [ 132.986670][ T7117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.986686][ T7117] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.986706][ T7117] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 132.986721][ T7117] RDX: 0000000000000810 RSI: 0000200000000180 RDI: 0000000000000003 [ 132.986734][ T7117] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 132.986746][ T7117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.986757][ T7117] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 132.986785][ T7117] [ 133.482442][ T7137] 9pnet_fd: Insufficient options for proto=fd [ 134.259215][ T7162] 9pnet_fd: Insufficient options for proto=fd [ 134.292837][ T7158] binder_alloc: 7157: binder_alloc_buf, no vma [ 134.376524][ T7169] FAULT_INJECTION: forcing a failure. [ 134.376524][ T7169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 134.389739][ T7169] CPU: 0 UID: 0 PID: 7169 Comm: syz.2.368 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 134.389758][ T7169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.389765][ T7169] Call Trace: [ 134.389770][ T7169] [ 134.389775][ T7169] dump_stack_lvl+0x189/0x250 [ 134.389791][ T7169] ? __pfx____ratelimit+0x10/0x10 [ 134.389803][ T7169] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.389814][ T7169] ? __pfx__printk+0x10/0x10 [ 134.389831][ T7169] should_fail_ex+0x414/0x560 [ 134.389851][ T7169] _copy_to_user+0x31/0xb0 [ 134.389863][ T7169] simple_read_from_buffer+0xe1/0x170 [ 134.389878][ T7169] proc_fail_nth_read+0x1df/0x250 [ 134.389899][ T7169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.389915][ T7169] ? rw_verify_area+0x258/0x650 [ 134.389925][ T7169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.389939][ T7169] vfs_read+0x1fd/0x980 [ 134.389952][ T7169] ? __pfx___mutex_lock+0x10/0x10 [ 134.389964][ T7169] ? __pfx_vfs_read+0x10/0x10 [ 134.389975][ T7169] ? __fget_files+0x2a/0x420 [ 134.389991][ T7169] ? __fget_files+0x3a0/0x420 [ 134.390002][ T7169] ? __fget_files+0x2a/0x420 [ 134.390019][ T7169] ksys_read+0x145/0x250 [ 134.390031][ T7169] ? __pfx_ksys_read+0x10/0x10 [ 134.390040][ T7169] ? rcu_is_watching+0x15/0xb0 [ 134.390053][ T7169] ? do_syscall_64+0xbe/0x3b0 [ 134.390067][ T7169] do_syscall_64+0xfa/0x3b0 [ 134.390077][ T7169] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.390088][ T7169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.390097][ T7169] ? clear_bhb_loop+0x60/0xb0 [ 134.390110][ T7169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.390119][ T7169] RIP: 0033:0x7fc66df8d33c [ 134.390129][ T7169] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 134.390138][ T7169] RSP: 002b:00007fc66edf5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 134.390149][ T7169] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8d33c [ 134.390157][ T7169] RDX: 000000000000000f RSI: 00007fc66edf50a0 RDI: 0000000000000003 [ 134.390163][ T7169] RBP: 00007fc66edf5090 R08: 0000000000000000 R09: 0000000000000000 [ 134.390169][ T7169] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 134.390175][ T7169] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 134.390191][ T7169] [ 135.275464][ T7188] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 135.345213][ T7193] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 135.362632][ T5272] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 135.408615][ T7196] 9pnet_fd: Insufficient options for proto=fd [ 135.502766][ T5272] usb 2-1: device descriptor read/64, error -71 [ 135.752642][ T5272] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 135.882546][ T5272] usb 2-1: device descriptor read/64, error -71 [ 135.992906][ T5272] usb usb2-port1: attempt power cycle [ 136.346601][ T5925] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 136.352102][ T5272] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 136.373165][ T5272] usb 2-1: device descriptor read/8, error -71 [ 136.445544][ T7204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.378'. [ 136.455136][ T7204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.378'. [ 136.465884][ T7204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.378'. [ 136.504372][ T5925] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 136.513746][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.526472][ T5925] usb 4-1: config 0 descriptor?? [ 136.534361][ T5925] cp210x 4-1:0.0: cp210x converter detected [ 136.626631][ T5272] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 136.663744][ T5272] usb 2-1: device descriptor read/8, error -71 [ 136.773025][ T5272] usb usb2-port1: unable to enumerate USB device [ 136.946476][ T5925] usb 4-1: cp210x converter now attached to ttyUSB0 [ 137.333279][ T5272] usb 4-1: USB disconnect, device number 11 [ 137.344315][ T5272] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 137.357829][ T5272] cp210x 4-1:0.0: device disconnected [ 138.922636][ T5925] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 138.985665][ T7265] overlayfs: failed to resolve './file0': -2 [ 139.074481][ T5925] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 139.092576][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.113065][ T5925] usb 4-1: config 0 descriptor?? [ 139.125155][ T5925] gspca_main: spca508-2.14.0 probing 8086:0110 [ 139.152606][ T5272] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 139.282556][ T5272] usb 3-1: device descriptor read/64, error -71 [ 139.325090][ T5925] gspca_spca508: reg_read err -32 [ 139.330732][ T5925] gspca_spca508: reg_read err -32 [ 139.336872][ T5925] gspca_spca508: reg_read err -32 [ 139.342411][ T5925] gspca_spca508: reg_read err -32 [ 139.348016][ T5925] gspca_spca508: reg_read err -32 [ 139.374286][ T5923] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 139.522630][ T5272] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 139.534578][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.546281][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 139.557573][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 139.563866][ T7259] netlink: 24 bytes leftover after parsing attributes in process `syz.3.395'. [ 139.576334][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 139.589586][ T5923] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 139.598903][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.609774][ T5925] gspca_spca508: reg write: error -71 [ 139.617539][ T5925] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 139.628487][ T5923] usb 2-1: config 0 descriptor?? [ 139.645141][ T5925] usb 4-1: USB disconnect, device number 12 [ 139.663545][ T5272] usb 3-1: device descriptor read/64, error -71 [ 139.784536][ T5272] usb usb3-port1: attempt power cycle [ 140.064106][ T5923] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 140.126238][ T5272] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 140.128872][ T5923] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 140.187594][ T5272] usb 3-1: device descriptor read/8, error -71 [ 140.462630][ T5272] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 140.508673][ T5272] usb 3-1: device descriptor read/8, error -71 [ 140.642781][ T5272] usb usb3-port1: unable to enumerate USB device [ 141.561943][ T7296] netlink: 16 bytes leftover after parsing attributes in process `syz.0.410'. [ 141.686232][ T7284] kexec: Could not allocate control_code_buffer [ 141.796349][ T7302] syzkaller1: entered promiscuous mode [ 141.801851][ T7302] syzkaller1: entered allmulticast mode [ 142.168554][ T5925] usb 2-1: USB disconnect, device number 18 [ 142.372746][ T925] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 142.542670][ T925] usb 4-1: Using ep0 maxpacket: 8 [ 142.558547][ T925] usb 4-1: unable to get BOS descriptor or descriptor too short [ 142.568944][ T925] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 142.577011][ T925] usb 4-1: can't read configurations, error -71 [ 143.537138][ T7353] trusted_key: syz.0.430 sent an empty control message without MSG_MORE. [ 144.142890][ T925] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 144.272881][ T925] usb 4-1: device descriptor read/64, error -71 [ 144.289527][ T7365] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 144.299148][ T7365] VFS: Can't find a romfs filesystem on dev rnullb0. [ 144.299148][ T7365] [ 144.475162][ T7375] FAULT_INJECTION: forcing a failure. [ 144.475162][ T7375] name failslab, interval 1, probability 0, space 0, times 0 [ 144.488071][ T7375] CPU: 1 UID: 0 PID: 7375 Comm: syz.2.438 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 144.488094][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.488105][ T7375] Call Trace: [ 144.488112][ T7375] [ 144.488119][ T7375] dump_stack_lvl+0x189/0x250 [ 144.488146][ T7375] ? __pfx____ratelimit+0x10/0x10 [ 144.488168][ T7375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.488189][ T7375] ? __pfx__printk+0x10/0x10 [ 144.488221][ T7375] should_fail_ex+0x414/0x560 [ 144.488256][ T7375] should_failslab+0xa8/0x100 [ 144.488278][ T7375] __kmalloc_cache_noprof+0x70/0x3d0 [ 144.488296][ T7375] ? rose_add_node+0x9a7/0xde0 [ 144.488327][ T7375] rose_add_node+0x9a7/0xde0 [ 144.488357][ T7375] ? rose_rt_ioctl+0x61f/0xfb0 [ 144.488387][ T7375] rose_rt_ioctl+0xa48/0xfb0 [ 144.488417][ T7375] ? __pfx_rose_rt_ioctl+0x10/0x10 [ 144.488455][ T7375] ? bpf_lsm_capable+0x9/0x20 [ 144.488472][ T7375] ? security_capable+0x7e/0x2e0 [ 144.488498][ T7375] rose_ioctl+0x3ce/0x8b0 [ 144.488521][ T7375] ? __pfx_rose_ioctl+0x10/0x10 [ 144.488555][ T7375] sock_do_ioctl+0xd9/0x300 [ 144.488577][ T7375] ? __pfx_sock_do_ioctl+0x10/0x10 [ 144.488593][ T7375] ? __lock_acquire+0xab9/0xd20 [ 144.488637][ T7375] sock_ioctl+0x576/0x790 [ 144.488657][ T7375] ? __pfx_sock_ioctl+0x10/0x10 [ 144.488674][ T7375] ? __fget_files+0x2a/0x420 [ 144.488697][ T7375] ? __fget_files+0x3a0/0x420 [ 144.488718][ T7375] ? __fget_files+0x2a/0x420 [ 144.488744][ T7375] ? bpf_lsm_file_ioctl+0x9/0x20 [ 144.488771][ T7375] ? __pfx_sock_ioctl+0x10/0x10 [ 144.488788][ T7375] __se_sys_ioctl+0xfc/0x170 [ 144.488809][ T7375] do_syscall_64+0xfa/0x3b0 [ 144.488830][ T7375] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.488849][ T7375] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.488866][ T7375] ? clear_bhb_loop+0x60/0xb0 [ 144.488888][ T7375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.488904][ T7375] RIP: 0033:0x7fc66df8e929 [ 144.488926][ T7375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.488942][ T7375] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.488961][ T7375] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 144.488975][ T7375] RDX: 0000200000000380 RSI: 000000000000890b RDI: 0000000000000004 [ 144.488987][ T7375] RBP: 00007fc66edf5090 R08: 0000000000000000 R09: 0000000000000000 [ 144.488998][ T7375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.489010][ T7375] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 144.489037][ T7375] [ 144.748957][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.762598][ T925] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 144.903359][ T925] usb 4-1: device descriptor read/64, error -71 [ 145.019823][ T925] usb usb4-port1: attempt power cycle [ 145.334189][ T7387] overlayfs: failed to clone upperpath [ 145.376213][ T925] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 145.399818][ T7388] overlayfs: failed to clone upperpath [ 145.433170][ T925] usb 4-1: device descriptor read/8, error -71 [ 145.662699][ T5895] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 145.672569][ T925] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 145.703668][ T925] usb 4-1: device descriptor read/8, error -71 [ 145.812843][ T925] usb usb4-port1: unable to enumerate USB device [ 145.834305][ T5895] usb 3-1: config 10 has an invalid interface number: 98 but max is 3 [ 145.845817][ T5895] usb 3-1: config 10 has an invalid interface number: 146 but max is 3 [ 145.854589][ T5895] usb 3-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config [ 145.872556][ T5895] usb 3-1: config 10 has 2 interfaces, different from the descriptor's value: 4 [ 145.884299][ T5895] usb 3-1: config 10 has no interface number 0 [ 145.890487][ T5895] usb 3-1: config 10 has no interface number 1 [ 145.897952][ T5895] usb 3-1: config 10 interface 98 altsetting 250 endpoint 0x5 has invalid maxpacket 38611, setting to 64 [ 145.913496][ T5895] usb 3-1: config 10 interface 98 altsetting 250 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 145.925553][ T5895] usb 3-1: config 10 interface 98 altsetting 250 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 145.937468][ T5895] usb 3-1: config 10 interface 98 altsetting 250 has a duplicate endpoint with address 0xE, skipping [ 145.949086][ T5895] usb 3-1: config 10 interface 98 altsetting 250 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 145.962799][ T5895] usb 3-1: config 10 interface 98 has no altsetting 0 [ 145.969576][ T5895] usb 3-1: config 10 interface 146 has no altsetting 0 [ 145.979244][ T5895] usb 3-1: New USB device found, idVendor=0af0, idProduct=c031, bcdDevice=e8.f9 [ 145.988829][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.997085][ T5895] usb 3-1: Product: syz [ 146.001394][ T5895] usb 3-1: Manufacturer: syz [ 146.006678][ T5895] usb 3-1: SerialNumber: syz [ 146.018547][ T7390] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 146.026469][ T7390] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 146.336222][ T5895] hso 3-1:10.98: Not our interface [ 146.349768][ T5895] usb 3-1: USB disconnect, device number 17 [ 147.057295][ T7415] vxfs: WRONG superblock magic 00000000 at 1 [ 147.065881][ T7417] autofs: Bad value for 'fd' [ 147.086414][ T7415] vxfs: WRONG superblock magic 00000000 at 8 [ 147.092423][ T7415] vxfs: can't find superblock. [ 147.296835][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033517c00: rx timeout, send abort [ 147.306261][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033516000: rx timeout, send abort [ 147.322729][ T5895] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 147.442549][ T43] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 147.473034][ T5272] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 147.483264][ T5895] usb 2-1: unable to get BOS descriptor or descriptor too short [ 147.491844][ T5895] usb 2-1: config 7 has an invalid interface number: 141 but max is 0 [ 147.500112][ T5895] usb 2-1: config 7 has no interface number 0 [ 147.506233][ T5895] usb 2-1: config 7 interface 141 has no altsetting 0 [ 147.515341][ T5895] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=43.85 [ 147.524448][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.532426][ T5895] usb 2-1: Product: syz [ 147.536605][ T5895] usb 2-1: Manufacturer: syz [ 147.541208][ T5895] usb 2-1: SerialNumber: syz [ 147.606127][ T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 147.615896][ T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 147.626092][ T5272] usb 4-1: Using ep0 maxpacket: 32 [ 147.631283][ T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 147.644521][ T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 147.654745][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.663914][ T5272] usb 4-1: config 0 interface 0 has no altsetting 0 [ 147.674567][ T5272] usb 4-1: New USB device found, idVendor=0e41, idProduct=414d, bcdDevice= a.06 [ 147.684733][ T5272] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.692963][ T5272] usb 4-1: Product: syz [ 147.698462][ T43] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22 [ 147.706535][ T5272] usb 4-1: Manufacturer: syz [ 147.711145][ T5272] usb 4-1: SerialNumber: syz [ 147.727602][ T5272] usb 4-1: config 0 descriptor?? [ 147.751291][ T7417] netlink: 188 bytes leftover after parsing attributes in process `syz.1.454'. [ 147.773025][ T5895] usb_ehset_test 2-1:7.141: probe with driver usb_ehset_test failed with error -32 [ 147.790343][ T5895] usb 2-1: USB disconnect, device number 19 [ 147.805752][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033517c00: abort rx timeout. Force session deactivation [ 147.816099][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033516000: abort rx timeout. Force session deactivation [ 147.945727][ T5272] snd_usb_podhd 4-1:0.0: Line 6 POD HD500 found [ 147.956241][ T5272] usb 4-1: selecting invalid altsetting 1 [ 147.961993][ T5272] snd_usb_podhd 4-1:0.0: set_interface failed [ 147.969141][ T5272] snd_usb_podhd 4-1:0.0: Line 6 POD HD500 now disconnected [ 147.976701][ T5272] snd_usb_podhd 4-1:0.0: probe with driver snd_usb_podhd failed with error -22 [ 147.988542][ T5272] usb 4-1: USB disconnect, device number 19 [ 148.742697][ T5272] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 148.944080][ T5272] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.954086][ T5272] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 148.964404][ T5272] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.978217][ T5272] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 148.990426][ T5272] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.003153][ T5272] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 149.162598][ T5895] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 149.314214][ T5895] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 149.324118][ T5895] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 149.337470][ T5895] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 149.346794][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.566976][ T5895] usb 2-1: usb_control_msg returned -32 [ 149.574174][ T5895] usbtmc 2-1:16.0: can't read capabilities [ 149.909972][ T7470] usbtmc 2-1:16.0: usbtmc488_ioctl_trigger returned -90 [ 149.929165][ T7471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.938925][ T7471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.214340][ T925] usb 3-1: USB disconnect, device number 18 [ 150.608844][ T7481] overlayfs: failed to clone lowerpath [ 150.623183][ T7481] overlayfs: failed to clone upperpath [ 150.758490][ T7485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.478'. [ 150.855106][ T5835] block nbd0: Receive control failed (result -32) [ 151.162998][ T925] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 151.314890][ T925] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 151.325327][ T925] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 151.334743][ T925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.529470][ T925] usb 4-1: USB disconnect, device number 20 [ 151.670172][ T7516] FAULT_INJECTION: forcing a failure. [ 151.670172][ T7516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.683442][ T7516] CPU: 1 UID: 0 PID: 7516 Comm: syz.3.491 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 151.683467][ T7516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.683477][ T7516] Call Trace: [ 151.683485][ T7516] [ 151.683492][ T7516] dump_stack_lvl+0x189/0x250 [ 151.683518][ T7516] ? __pfx____ratelimit+0x10/0x10 [ 151.683540][ T7516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.683561][ T7516] ? __pfx__printk+0x10/0x10 [ 151.683597][ T7516] should_fail_ex+0x414/0x560 [ 151.683633][ T7516] _copy_from_user+0x2d/0xb0 [ 151.683652][ T7516] __copy_msghdr+0x3c5/0x5b0 [ 151.683683][ T7516] ___sys_sendmsg+0x1a5/0x2a0 [ 151.683712][ T7516] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.683774][ T7516] ? __fget_files+0x2a/0x420 [ 151.683797][ T7516] ? __fget_files+0x3a0/0x420 [ 151.683829][ T7516] __x64_sys_sendmsg+0x19b/0x260 [ 151.683856][ T7516] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.683890][ T7516] ? __pfx_ksys_write+0x10/0x10 [ 151.683908][ T7516] ? rcu_is_watching+0x15/0xb0 [ 151.683932][ T7516] ? do_syscall_64+0xbe/0x3b0 [ 151.683956][ T7516] do_syscall_64+0xfa/0x3b0 [ 151.683976][ T7516] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.683996][ T7516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.684015][ T7516] ? clear_bhb_loop+0x60/0xb0 [ 151.684038][ T7516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.684056][ T7516] RIP: 0033:0x7fb4d8b8e929 [ 151.684072][ T7516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.684089][ T7516] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.684116][ T7516] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 151.684130][ T7516] RDX: 00000000000000ee RSI: 00002000000001c0 RDI: 0000000000000006 [ 151.684143][ T7516] RBP: 00007fb4d9923090 R08: 0000000000000000 R09: 0000000000000000 [ 151.684155][ T7516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.684166][ T7516] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 151.684196][ T7516] [ 151.897897][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.952114][ T5924] usb 2-1: USB disconnect, device number 20 [ 152.004447][ T7523] MTD: Couldn't look up '/dev/rnullb0': -15 [ 152.037615][ T7523] MTD: Couldn't look up '/dev/rnullb0': -15 [ 152.405878][ T7532] FAULT_INJECTION: forcing a failure. [ 152.405878][ T7532] name failslab, interval 1, probability 0, space 0, times 0 [ 152.419190][ T7532] CPU: 0 UID: 0 PID: 7532 Comm: syz.1.497 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 152.419206][ T7532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.419212][ T7532] Call Trace: [ 152.419217][ T7532] [ 152.419221][ T7532] dump_stack_lvl+0x189/0x250 [ 152.419237][ T7532] ? __pfx____ratelimit+0x10/0x10 [ 152.419248][ T7532] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.419259][ T7532] ? __pfx__printk+0x10/0x10 [ 152.419274][ T7532] ? __pfx___might_resched+0x10/0x10 [ 152.419284][ T7532] ? fs_reclaim_acquire+0x7d/0x100 [ 152.419299][ T7532] should_fail_ex+0x414/0x560 [ 152.419318][ T7532] should_failslab+0xa8/0x100 [ 152.419330][ T7532] kmem_cache_alloc_noprof+0x73/0x3c0 [ 152.419346][ T7532] ? p9_client_prepare_req+0x171/0xeb0 [ 152.419362][ T7532] p9_client_prepare_req+0x171/0xeb0 [ 152.419392][ T7532] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 152.419431][ T7532] p9_client_rpc+0x188/0xa70 [ 152.419456][ T7532] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.419474][ T7532] ? __pfx_p9_client_rpc+0x10/0x10 [ 152.419498][ T7532] ? p9_client_walk+0x3a3/0x5b0 [ 152.419514][ T7532] p9_client_clunk+0x6a/0x250 [ 152.419528][ T7532] ? p9_client_walk+0x402/0x5b0 [ 152.419543][ T7532] p9_client_walk+0x40a/0x5b0 [ 152.419560][ T7532] ? __pfx_p9_client_walk+0x10/0x10 [ 152.419586][ T7532] ? v9fs_fid_lookup+0x1d1/0xb70 [ 152.419625][ T7532] v9fs_vfs_lookup+0x18a/0x520 [ 152.419650][ T7532] ? __pfx_v9fs_vfs_lookup+0x10/0x10 [ 152.419667][ T7532] ? _raw_spin_unlock+0x28/0x50 [ 152.419676][ T7532] ? d_alloc+0x144/0x190 [ 152.419692][ T7532] lookup_one_qstr_excl+0x12e/0x360 [ 152.419710][ T7532] filename_create+0x224/0x3c0 [ 152.419722][ T7532] ? __pfx_filename_create+0x10/0x10 [ 152.419738][ T7532] do_mkdirat+0xa0/0x590 [ 152.419749][ T7532] ? __pfx_do_mkdirat+0x10/0x10 [ 152.419757][ T7532] ? strncpy_from_user+0x150/0x290 [ 152.419778][ T7532] ? getname_flags+0x1e5/0x540 [ 152.419793][ T7532] __x64_sys_mkdir+0x6c/0x80 [ 152.419803][ T7532] do_syscall_64+0xfa/0x3b0 [ 152.419814][ T7532] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.419824][ T7532] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.419834][ T7532] ? clear_bhb_loop+0x60/0xb0 [ 152.419847][ T7532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.419856][ T7532] RIP: 0033:0x7fd290b8e929 [ 152.419866][ T7532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.419875][ T7532] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 152.419887][ T7532] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 152.419895][ T7532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 152.419901][ T7532] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 152.419908][ T7532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 152.419913][ T7532] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 152.419929][ T7532] [ 152.918767][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c03c000: rx timeout, send abort [ 153.426999][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c03c000: abort rx timeout. Force session deactivation [ 153.776571][ T7572] /dev/rnullb0: Can't lookup blockdev [ 153.812787][ T5924] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 153.958208][ T5272] usb 3-1: USB disconnect, device number 19 [ 153.962542][ T5924] usb 4-1: Using ep0 maxpacket: 32 [ 153.975671][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.987788][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.998261][ T5924] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 154.007537][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.025884][ T5924] usb 4-1: config 0 descriptor?? [ 154.080872][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805b29c000: rx timeout, send abort [ 154.089487][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801cb74800: rx timeout, send abort [ 154.295262][ T7580] overlayfs: failed to clone lowerpath [ 154.412756][ T5272] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 154.438885][ T7560] syz.3.508 (7560): /proc/7559/oom_adj is deprecated, please use /proc/7559/oom_score_adj instead. [ 154.462325][ T5924] usbhid 4-1:0.0: can't add hid device: -71 [ 154.474252][ T5924] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 154.486121][ T5924] usb 4-1: USB disconnect, device number 21 [ 154.584701][ T5272] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 154.594503][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805b29c000: abort rx timeout. Force session deactivation [ 154.604765][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801cb74800: abort rx timeout. Force session deactivation [ 154.618911][ T5272] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.632034][ T5272] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 154.641105][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.860194][ T5272] usb 3-1: usb_control_msg returned -32 [ 154.865902][ T5272] usbtmc 3-1:16.0: can't read capabilities [ 155.042682][ T3609] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 155.204463][ T3609] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 155.232543][ T3609] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 155.249741][ T3609] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.068852][ T5924] usb 3-1: USB disconnect, device number 20 [ 157.512540][ T5924] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 157.692847][ T5924] usb 3-1: Using ep0 maxpacket: 16 [ 157.715371][ T5924] usb 3-1: unable to get BOS descriptor or descriptor too short [ 157.723842][ T7636] /dev/rnullb0: Can't lookup blockdev [ 157.733771][ T5924] usb 3-1: config 1 has an invalid interface number: 39 but max is 0 [ 157.741860][ T5924] usb 3-1: config 1 has no interface number 0 [ 157.751148][ T5924] usb 3-1: config 1 interface 39 has no altsetting 0 [ 157.788447][ T5924] usb 3-1: New USB device found, idVendor=0572, idProduct=1340, bcdDevice=c8.04 [ 157.812915][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.832514][ T5924] usb 3-1: Product: syz [ 157.836705][ T5924] usb 3-1: Manufacturer: syz [ 157.841297][ T5924] usb 3-1: SerialNumber: syz [ 157.860648][ T7641] FAULT_INJECTION: forcing a failure. [ 157.860648][ T7641] name failslab, interval 1, probability 0, space 0, times 0 [ 157.865799][ T5925] usb 2-1: USB disconnect, device number 21 [ 157.873527][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.3.539 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 157.873552][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.873563][ T7641] Call Trace: [ 157.873572][ T7641] [ 157.873579][ T7641] dump_stack_lvl+0x189/0x250 [ 157.873605][ T7641] ? __pfx____ratelimit+0x10/0x10 [ 157.873626][ T7641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.873647][ T7641] ? __pfx__printk+0x10/0x10 [ 157.873670][ T7641] ? __lock_acquire+0xab9/0xd20 [ 157.873706][ T7641] should_fail_ex+0x414/0x560 [ 157.873740][ T7641] should_failslab+0xa8/0x100 [ 157.873761][ T7641] kmem_cache_alloc_noprof+0x73/0x3c0 [ 157.873790][ T7641] ? sctp_get_port_local+0x6d3/0x1680 [ 157.873819][ T7641] sctp_get_port_local+0x6d3/0x1680 [ 157.873856][ T7641] ? __pfx_sctp_get_port_local+0x10/0x10 [ 157.873884][ T7641] ? sctp_bind_addr_match+0x28b/0x2b0 [ 157.873909][ T7641] sctp_do_bind+0x4ea/0x940 [ 157.873945][ T7641] sctp_connect_new_asoc+0x25c/0x690 [ 157.873972][ T7641] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 157.873995][ T7641] ? __local_bh_enable_ip+0x12d/0x1c0 [ 157.874019][ T7641] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 157.874045][ T7641] ? security_sctp_bind_connect+0x7e/0x2e0 [ 157.874076][ T7641] sctp_sendmsg+0x155c/0x2810 [ 157.874112][ T7641] ? __pfx_sctp_sendmsg+0x10/0x10 [ 157.874139][ T7641] ? aa_sk_perm+0x81e/0x950 [ 157.874162][ T7641] ? __pfx_aa_sk_perm+0x10/0x10 [ 157.874186][ T7641] ? sock_rps_record_flow+0x19/0x410 [ 157.874207][ T7641] ? inet_sendmsg+0x2f4/0x370 [ 157.874229][ T7641] __sock_sendmsg+0x19c/0x270 [ 157.874251][ T7641] __sys_sendto+0x3bd/0x520 [ 157.874276][ T7641] ? __pfx___sys_sendto+0x10/0x10 [ 157.874302][ T7641] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 157.874336][ T7641] ? __fget_files+0x3a0/0x420 [ 157.874370][ T7641] ? ksys_write+0x22a/0x250 [ 157.874392][ T7641] ? __pfx_ksys_write+0x10/0x10 [ 157.874409][ T7641] ? rcu_is_watching+0x15/0xb0 [ 157.874432][ T7641] __x64_sys_sendto+0xde/0x100 [ 157.874458][ T7641] do_syscall_64+0xfa/0x3b0 [ 157.874478][ T7641] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.874497][ T7641] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.874515][ T7641] ? clear_bhb_loop+0x60/0xb0 [ 157.874538][ T7641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.874555][ T7641] RIP: 0033:0x7fb4d8b8e929 [ 157.874572][ T7641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.874588][ T7641] RSP: 002b:00007fb4d9923038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 157.874608][ T7641] RAX: ffffffffffffffda RBX: 00007fb4d8db5fa0 RCX: 00007fb4d8b8e929 [ 157.874622][ T7641] RDX: 0000000000034000 RSI: 0000200000000080 RDI: 0000000000000003 [ 157.874634][ T7641] RBP: 00007fb4d9923090 R08: 0000200000000140 R09: 000000000000001c [ 157.874647][ T7641] R10: 000000000400c0d4 R11: 0000000000000246 R12: 0000000000000001 [ 157.874659][ T7641] R13: 0000000000000000 R14: 00007fb4d8db5fa0 R15: 00007ffed8f19dc8 [ 157.874689][ T7641] [ 158.126657][ C0] vkms_vblank_simulate: vblank timer overrun [ 158.400207][ T7626] netlink: 50 bytes leftover after parsing attributes in process `syz.2.533'. [ 158.437496][ T5924] usb 3-1: USB disconnect, device number 21 [ 158.963417][ T7668] /dev/rnullb0: Can't lookup blockdev [ 159.132268][ T7679] /dev/rnullb0: Can't lookup blockdev [ 159.175916][ T7684] netlink: 140 bytes leftover after parsing attributes in process `syz.0.554'. [ 159.186187][ T7684] tipc: Started in network mode [ 159.191057][ T7684] tipc: Node identity , cluster identity 4711 [ 159.197352][ T7684] tipc: Failed to obtain node identity [ 159.203158][ T7684] tipc: Enabling of bearer rejected, failed to enable media [ 159.262701][ T3609] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 159.425202][ T3609] usb 3-1: no configurations [ 159.428811][ T7690] FAULT_INJECTION: forcing a failure. [ 159.428811][ T7690] name failslab, interval 1, probability 0, space 0, times 0 [ 159.429843][ T3609] usb 3-1: can't read configurations, error -22 [ 159.452314][ T7690] CPU: 0 UID: 0 PID: 7690 Comm: syz.1.556 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 159.452340][ T7690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.452352][ T7690] Call Trace: [ 159.452359][ T7690] [ 159.452374][ T7690] dump_stack_lvl+0x189/0x250 [ 159.452399][ T7690] ? __pfx____ratelimit+0x10/0x10 [ 159.452421][ T7690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.452442][ T7690] ? __pfx__printk+0x10/0x10 [ 159.452471][ T7690] ? __pfx___might_resched+0x10/0x10 [ 159.452492][ T7690] should_fail_ex+0x414/0x560 [ 159.452525][ T7690] should_failslab+0xa8/0x100 [ 159.452546][ T7690] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 159.452564][ T7690] ? __alloc_skb+0x112/0x2d0 [ 159.452592][ T7690] __alloc_skb+0x112/0x2d0 [ 159.452620][ T7690] netlink_sendmsg+0x5c6/0xb30 [ 159.452652][ T7690] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.452678][ T7690] ? aa_sock_msg_perm+0xf1/0x1d0 [ 159.452703][ T7690] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 159.452729][ T7690] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.452753][ T7690] __sock_sendmsg+0x219/0x270 [ 159.452775][ T7690] ____sys_sendmsg+0x505/0x830 [ 159.452807][ T7690] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.452843][ T7690] ? import_iovec+0x74/0xa0 [ 159.452865][ T7690] ___sys_sendmsg+0x21f/0x2a0 [ 159.452895][ T7690] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.452957][ T7690] ? __fget_files+0x2a/0x420 [ 159.452981][ T7690] ? __fget_files+0x3a0/0x420 [ 159.453014][ T7690] __x64_sys_sendmsg+0x19b/0x260 [ 159.453049][ T7690] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 159.453085][ T7690] ? __pfx_ksys_write+0x10/0x10 [ 159.453103][ T7690] ? rcu_is_watching+0x15/0xb0 [ 159.453127][ T7690] ? do_syscall_64+0xbe/0x3b0 [ 159.453152][ T7690] do_syscall_64+0xfa/0x3b0 [ 159.453172][ T7690] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.453192][ T7690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.453211][ T7690] ? clear_bhb_loop+0x60/0xb0 [ 159.453235][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.453253][ T7690] RIP: 0033:0x7fd290b8e929 [ 159.453270][ T7690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.453285][ T7690] RSP: 002b:00007fd2919f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.453303][ T7690] RAX: ffffffffffffffda RBX: 00007fd290db5fa0 RCX: 00007fd290b8e929 [ 159.453317][ T7690] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 159.453329][ T7690] RBP: 00007fd2919f8090 R08: 0000000000000000 R09: 0000000000000000 [ 159.453340][ T7690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.453351][ T7690] R13: 0000000000000000 R14: 00007fd290db5fa0 R15: 00007ffe476b85d8 [ 159.453375][ T7690] [ 159.718920][ C0] vkms_vblank_simulate: vblank timer overrun [ 159.792663][ T3609] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 159.950330][ T3609] usb 3-1: no configurations [ 159.956704][ T3609] usb 3-1: can't read configurations, error -22 [ 159.973463][ T3609] usb usb3-port1: attempt power cycle [ 160.121018][ T7707] netlink: 16 bytes leftover after parsing attributes in process `syz.1.563'. [ 160.174185][ T7710] gfs2: gfs2 mount does not exist [ 160.174245][ T7708] /dev/rnullb0: Can't lookup blockdev [ 160.332584][ T3609] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 160.355571][ T3609] usb 3-1: no configurations [ 160.360211][ T3609] usb 3-1: can't read configurations, error -22 [ 160.505437][ T3609] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 160.528837][ T7724] netlink: 140 bytes leftover after parsing attributes in process `syz.1.570'. [ 160.540376][ T3609] usb 3-1: no configurations [ 160.542654][ T7724] tipc: Enabled bearer , priority 10 [ 160.545167][ T3609] usb 3-1: can't read configurations, error -22 [ 160.561618][ T3609] usb usb3-port1: unable to enumerate USB device [ 160.642029][ T7726] netlink: 24 bytes leftover after parsing attributes in process `syz.1.571'. [ 160.760136][ T7728] /dev/rnullb0: Can't lookup blockdev [ 160.771256][ T7728] TCP: TCP_TX_DELAY enabled [ 161.183674][ T7742] 9pnet_fd: Insufficient options for proto=fd [ 161.304176][ T7743] FAT-fs (rnullb0): bogus number of reserved sectors [ 161.311475][ T7743] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 161.861522][ T7760] netlink: 42496 bytes leftover after parsing attributes in process `syz.3.581'. [ 162.172674][ T5925] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 162.232580][ T5924] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 162.326860][ T5925] usb 4-1: config 1 has an invalid descriptor of length 219, skipping remainder of the config [ 162.337359][ T5925] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 162.347990][ T5925] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 162.357762][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 162.365990][ T5925] usb 4-1: SerialNumber: syz [ 162.388881][ T5924] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 162.399801][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.415542][ T5924] usb 2-1: config 0 descriptor?? [ 162.424339][ T5835] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 162.439362][ T5835] Bluetooth: hci0: Injecting HCI hardware error event [ 162.446028][ T5924] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 162.447663][ T5835] Bluetooth: hci0: hardware error 0x00 [ 162.653565][ T5924] gp8psk: usb in 128 operation failed. [ 162.864123][ T5924] gp8psk: usb in 146 operation failed. [ 162.869649][ T5924] gp8psk: failed to get FW version [ 162.889222][ T5924] gp8psk: usb in 149 operation failed. [ 162.905329][ T5924] gp8psk: failed to get FPGA version [ 163.048756][ T5925] usb 4-1: 0:2 : does not exist [ 163.069356][ T5925] usb 4-1: USB disconnect, device number 22 [ 163.102028][ T6021] udevd[6021]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.168994][ T5924] gp8psk: usb out operation failed. [ 163.177354][ T5924] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 163.198064][ T5924] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 163.214294][ T5924] usb 2-1: USB disconnect, device number 22 [ 164.032567][ T5925] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 164.162603][ T5925] usb 4-1: device descriptor read/64, error -71 [ 164.182906][ T3609] usb 3-1: new low-speed USB device number 26 using dummy_hcd [ 164.222869][ T5924] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 164.345478][ T3609] usb 3-1: config 1 interface 0 altsetting 89 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 164.356373][ T3609] usb 3-1: config 1 interface 0 altsetting 89 endpoint 0x2 has invalid maxpacket 512, setting to 8 [ 164.367630][ T3609] usb 3-1: config 1 interface 0 has no altsetting 0 [ 164.377705][ T3609] usb 3-1: string descriptor 0 read error: -22 [ 164.385631][ T3609] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.40 [ 164.385970][ T5924] usb 2-1: no configurations [ 164.395000][ T3609] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.404725][ T5925] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 164.419430][ T7814] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 164.424855][ T5924] usb 2-1: can't read configurations, error -22 [ 164.434383][ T7814] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 164.515883][ T5835] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 164.562588][ T5925] usb 4-1: device descriptor read/64, error -71 [ 164.568946][ T5924] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 164.682973][ T5925] usb usb4-port1: attempt power cycle [ 164.717782][ T3609] usbhid 3-1:1.0: can't add hid device: -71 [ 164.725639][ T5924] usb 2-1: no configurations [ 164.726065][ T3609] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 164.730270][ T5924] usb 2-1: can't read configurations, error -22 [ 164.733352][ T5924] usb usb2-port1: attempt power cycle [ 164.748746][ T3609] usb 3-1: USB disconnect, device number 26 [ 165.022568][ T5925] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 165.043290][ T5925] usb 4-1: device descriptor read/8, error -71 [ 165.092654][ T5924] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 165.113394][ T5924] usb 2-1: no configurations [ 165.117994][ T5924] usb 2-1: can't read configurations, error -22 [ 165.253637][ T5924] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 165.285428][ T5925] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 165.294422][ T5924] usb 2-1: no configurations [ 165.299040][ T5924] usb 2-1: can't read configurations, error -22 [ 165.323472][ T5924] usb usb2-port1: unable to enumerate USB device [ 165.338960][ T5925] usb 4-1: device descriptor read/8, error -71 [ 165.459367][ T5925] usb usb4-port1: unable to enumerate USB device [ 165.715414][ T7866] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 165.722821][ T7866] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 165.949460][ T7868] ================================================================== [ 165.957539][ T7868] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 165.965163][ T7868] Read of size 1 at addr ffff88805943c030 by task syz.2.623/7868 [ 165.972874][ T7868] [ 165.975187][ T7868] CPU: 1 UID: 0 PID: 7868 Comm: syz.2.623 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 165.975210][ T7868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.975223][ T7868] Call Trace: [ 165.975231][ T7868] [ 165.975239][ T7868] dump_stack_lvl+0x189/0x250 [ 165.975264][ T7868] ? __virt_addr_valid+0x1c8/0x5c0 [ 165.975287][ T7868] ? rcu_is_watching+0x15/0xb0 [ 165.975305][ T7868] ? __kasan_check_byte+0x12/0x40 [ 165.975326][ T7868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.975347][ T7868] ? rcu_is_watching+0x15/0xb0 [ 165.975365][ T7868] ? lock_release+0x4b/0x3e0 [ 165.975395][ T7868] ? __virt_addr_valid+0x1c8/0x5c0 [ 165.975416][ T7868] ? __virt_addr_valid+0x4a5/0x5c0 [ 165.975439][ T7868] print_report+0xd2/0x2b0 [ 165.975464][ T7868] ? rose_get_neigh+0x391/0x990 [ 165.975491][ T7868] kasan_report+0x118/0x150 [ 165.975502][ T7868] ? rose_get_neigh+0x391/0x990 [ 165.975518][ T7868] rose_get_neigh+0x391/0x990 [ 165.975535][ T7868] rose_connect+0x416/0x10a0 [ 165.975547][ T7868] ? __pfx_current_check_access_socket+0x10/0x10 [ 165.975561][ T7868] ? aa_sk_perm+0x81e/0x950 [ 165.975572][ T7868] ? __might_fault+0xb0/0x130 [ 165.975581][ T7868] ? __pfx_rose_connect+0x10/0x10 [ 165.975593][ T7868] ? aa_af_perm+0x270/0x2d0 [ 165.975603][ T7868] ? tomoyo_socket_connect_permission+0x164/0x290 [ 165.975618][ T7868] ? bpf_lsm_socket_connect+0x9/0x20 [ 165.975632][ T7868] __sys_connect+0x313/0x440 [ 165.975644][ T7868] ? __pfx___sys_connect+0x10/0x10 [ 165.975658][ T7868] ? rcu_is_watching+0x15/0xb0 [ 165.975669][ T7868] __x64_sys_connect+0x7a/0x90 [ 165.975680][ T7868] do_syscall_64+0xfa/0x3b0 [ 165.975693][ T7868] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.975807][ T7868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.975827][ T7868] ? clear_bhb_loop+0x60/0xb0 [ 165.975840][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.975852][ T7868] RIP: 0033:0x7fc66df8e929 [ 165.975863][ T7868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.975873][ T7868] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 165.975885][ T7868] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 165.975893][ T7868] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 165.975900][ T7868] RBP: 00007fc66e010b39 R08: 0000000000000000 R09: 0000000000000000 [ 165.975907][ T7868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.975914][ T7868] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 165.975924][ T7868] [ 165.975928][ T7868] [ 166.234546][ T7868] Allocated by task 7799: [ 166.238848][ T7868] kasan_save_track+0x3e/0x80 [ 166.243508][ T7868] __kasan_kmalloc+0x93/0xb0 [ 166.248077][ T7868] __kmalloc_cache_noprof+0x230/0x3d0 [ 166.253422][ T7868] __genradix_ptr_alloc+0x199/0x4a0 [ 166.258595][ T7868] __genradix_prealloc+0x44/0x90 [ 166.263505][ T7868] sctp_stream_init+0x329/0x440 [ 166.268333][ T7868] sctp_process_init+0x2492/0x2b60 [ 166.273423][ T7868] sctp_sf_do_unexpected_init+0xae2/0x1110 [ 166.279203][ T7868] sctp_do_sm+0x1e4/0x5a20 [ 166.283591][ T7868] sctp_assoc_bh_rcv+0x3f2/0x630 [ 166.288507][ T7868] sctp_backlog_rcv+0x167/0x3f0 [ 166.293420][ T7868] __release_sock+0x249/0x350 [ 166.298076][ T7868] release_sock+0x5f/0x1f0 [ 166.302469][ T7868] sctp_sendmsg+0x1b72/0x2810 [ 166.307146][ T7868] __sock_sendmsg+0x19c/0x270 [ 166.311809][ T7868] __sys_sendto+0x3bd/0x520 [ 166.316297][ T7868] __x64_sys_sendto+0xde/0x100 [ 166.321045][ T7868] do_syscall_64+0xfa/0x3b0 [ 166.325525][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.331393][ T7868] [ 166.333693][ T7868] Freed by task 7799: [ 166.337646][ T7868] kasan_save_track+0x3e/0x80 [ 166.342301][ T7868] kasan_save_free_info+0x46/0x50 [ 166.347430][ T7868] __kasan_slab_free+0x62/0x70 [ 166.352179][ T7868] kfree+0x18e/0x440 [ 166.356061][ T7868] sctp_association_free+0x26d/0x7f0 [ 166.361334][ T7868] sctp_do_sm+0x3eba/0x5a20 [ 166.365817][ T7868] sctp_assoc_bh_rcv+0x3f2/0x630 [ 166.370736][ T7868] sctp_backlog_rcv+0x167/0x3f0 [ 166.375564][ T7868] __release_sock+0x249/0x350 [ 166.380220][ T7868] release_sock+0x5f/0x1f0 [ 166.384612][ T7868] sctp_sendmsg+0x1b72/0x2810 [ 166.389265][ T7868] __sock_sendmsg+0x19c/0x270 [ 166.393916][ T7868] __sys_sendto+0x3bd/0x520 [ 166.398397][ T7868] __x64_sys_sendto+0xde/0x100 [ 166.403136][ T7868] do_syscall_64+0xfa/0x3b0 [ 166.407623][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.413490][ T7868] [ 166.415791][ T7868] The buggy address belongs to the object at ffff88805943c000 [ 166.415791][ T7868] which belongs to the cache kmalloc-512 of size 512 [ 166.429813][ T7868] The buggy address is located 48 bytes inside of [ 166.429813][ T7868] freed 512-byte region [ffff88805943c000, ffff88805943c200) [ 166.443494][ T7868] [ 166.445793][ T7868] The buggy address belongs to the physical page: [ 166.452182][ T7868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5943c [ 166.460915][ T7868] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 166.469386][ T7868] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 166.476904][ T7868] page_type: f5(slab) [ 166.480858][ T7868] raw: 00fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122 [ 166.489413][ T7868] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 166.497980][ T7868] head: 00fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122 [ 166.506621][ T7868] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 166.515264][ T7868] head: 00fff00000000002 ffffea0001650f01 00000000ffffffff 00000000ffffffff [ 166.523914][ T7868] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 166.532555][ T7868] page dumped because: kasan: bad access detected [ 166.538957][ T7868] page_owner tracks the page as allocated [ 166.544641][ T7868] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5203, tgid 5203 (udevd), ts 82618426139, free_ts 22138291379 [ 166.565367][ T7868] post_alloc_hook+0x240/0x2a0 [ 166.570110][ T7868] get_page_from_freelist+0x21e4/0x22c0 [ 166.575631][ T7868] __alloc_frozen_pages_noprof+0x181/0x370 [ 166.581411][ T7868] alloc_pages_mpol+0x232/0x4a0 [ 166.586235][ T7868] allocate_slab+0x8a/0x370 [ 166.590714][ T7868] ___slab_alloc+0xbeb/0x1410 [ 166.595378][ T7868] __kmalloc_cache_noprof+0x296/0x3d0 [ 166.600720][ T7868] kernfs_fop_open+0x397/0xca0 [ 166.605455][ T7868] do_dentry_open+0xdf3/0x1970 [ 166.610194][ T7868] vfs_open+0x3b/0x340 [ 166.614240][ T7868] path_openat+0x2ee5/0x3830 [ 166.618800][ T7868] do_filp_open+0x1fa/0x410 [ 166.623277][ T7868] do_sys_openat2+0x121/0x1c0 [ 166.627933][ T7868] __x64_sys_openat+0x138/0x170 [ 166.632763][ T7868] do_syscall_64+0xfa/0x3b0 [ 166.637248][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.643116][ T7868] page last free pid 1 tgid 1 stack trace: [ 166.648896][ T7868] __free_frozen_pages+0xb80/0xd80 [ 166.653980][ T7868] free_contig_range+0x1bd/0x4a0 [ 166.658899][ T7868] destroy_args+0x7e/0x5d0 [ 166.663291][ T7868] debug_vm_pgtable+0x3fa/0x430 [ 166.668117][ T7868] do_one_initcall+0x233/0x820 [ 166.672862][ T7868] do_initcall_level+0x137/0x1f0 [ 166.677784][ T7868] do_initcalls+0x69/0xd0 [ 166.682092][ T7868] kernel_init_freeable+0x3d9/0x570 [ 166.687302][ T7868] kernel_init+0x1d/0x1d0 [ 166.691612][ T7868] ret_from_fork+0x3fc/0x770 [ 166.696183][ T7868] ret_from_fork_asm+0x1a/0x30 [ 166.700924][ T7868] [ 166.703233][ T7868] Memory state around the buggy address: [ 166.708845][ T7868] ffff88805943bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 166.716877][ T7868] ffff88805943bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 166.724909][ T7868] >ffff88805943c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.732943][ T7868] ^ [ 166.738549][ T7868] ffff88805943c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.746581][ T7868] ffff88805943c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.754612][ T7868] ================================================================== [ 166.762765][ T7868] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 166.769939][ T7868] CPU: 1 UID: 0 PID: 7868 Comm: syz.2.623 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 166.781277][ T7868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.791309][ T7868] Call Trace: [ 166.794565][ T7868] [ 166.797475][ T7868] dump_stack_lvl+0x99/0x250 [ 166.802056][ T7868] ? __asan_memcpy+0x40/0x70 [ 166.806640][ T7868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.811821][ T7868] ? __pfx__printk+0x10/0x10 [ 166.816393][ T7868] panic+0x2db/0x790 [ 166.820273][ T7868] ? __pfx_panic+0x10/0x10 [ 166.824668][ T7868] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 166.830539][ T7868] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 166.836411][ T7868] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 166.842713][ T7868] ? print_memory_metadata+0x314/0x400 [ 166.848160][ T7868] ? rose_get_neigh+0x391/0x990 [ 166.852992][ T7868] check_panic_on_warn+0x89/0xb0 [ 166.857918][ T7868] ? rose_get_neigh+0x391/0x990 [ 166.862748][ T7868] end_report+0x78/0x160 [ 166.866973][ T7868] kasan_report+0x129/0x150 [ 166.871451][ T7868] ? rose_get_neigh+0x391/0x990 [ 166.876290][ T7868] rose_get_neigh+0x391/0x990 [ 166.880956][ T7868] rose_connect+0x416/0x10a0 [ 166.885527][ T7868] ? __pfx_current_check_access_socket+0x10/0x10 [ 166.891832][ T7868] ? aa_sk_perm+0x81e/0x950 [ 166.896310][ T7868] ? __might_fault+0xb0/0x130 [ 166.900961][ T7868] ? __pfx_rose_connect+0x10/0x10 [ 166.905963][ T7868] ? aa_af_perm+0x270/0x2d0 [ 166.910481][ T7868] ? tomoyo_socket_connect_permission+0x164/0x290 [ 166.916877][ T7868] ? bpf_lsm_socket_connect+0x9/0x20 [ 166.922141][ T7868] __sys_connect+0x313/0x440 [ 166.926713][ T7868] ? __pfx___sys_connect+0x10/0x10 [ 166.931809][ T7868] ? rcu_is_watching+0x15/0xb0 [ 166.936549][ T7868] __x64_sys_connect+0x7a/0x90 [ 166.941295][ T7868] do_syscall_64+0xfa/0x3b0 [ 166.945774][ T7868] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.950946][ T7868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.956987][ T7868] ? clear_bhb_loop+0x60/0xb0 [ 166.961640][ T7868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.967506][ T7868] RIP: 0033:0x7fc66df8e929 [ 166.971898][ T7868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.991479][ T7868] RSP: 002b:00007fc66edf5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 166.999876][ T7868] RAX: ffffffffffffffda RBX: 00007fc66e1b5fa0 RCX: 00007fc66df8e929 [ 167.007823][ T7868] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 167.015770][ T7868] RBP: 00007fc66e010b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.023716][ T7868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.031666][ T7868] R13: 0000000000000000 R14: 00007fc66e1b5fa0 R15: 00007ffde003f388 [ 167.039616][ T7868] [ 167.042861][ T7868] Kernel Offset: disabled [ 167.047166][ T7868] Rebooting in 86400 seconds..