last executing test programs: 31.914503766s ago: executing program 2 (id=579): r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x0, 0x1000000}}}, 0x90) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d4100005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 31.302388185s ago: executing program 2 (id=582): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r3, 0x407, 0x6) write$P9_RVERSION(r3, &(0x7f0000000340)=ANY=[], 0x15) r4 = dup(r3) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000280)=0x20000401) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './cgroup\x00'}) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000003c0)={0x2c, r1, 0x483, 0x70bd2c, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x0) mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000009) 31.240129746s ago: executing program 2 (id=583): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe8000000000fc00a8aaaafffeaaaa3d01ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0) 31.117792681s ago: executing program 2 (id=585): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='ta'], 0x13) r1 = syz_usb_connect(0x2, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r3, 0x2285, 0x0) writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000440)="aa1d484e243103000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xf) ioctl$FS_IOC_GETVERSION(r2, 0x40025b0c, &(0x7f0000000040)) sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x81}, 0x4c800) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0) writev(r4, &(0x7f0000000300)=[{&(0x7f0000000680)="580000004b80", 0x6}], 0x1) 30.350064471s ago: executing program 3 (id=596): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xfc, 0x0, 0x0}) 30.234062463s ago: executing program 3 (id=599): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, 0x1c) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e21, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000280)=[{&(0x7f0000000080)="580000001400add405000000000000000a117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ffff0100f5c71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(0xffffffffffffffff, 0x7a9, &(0x7f0000000280)={{@any, 0x9}, 0x80000001, 0x8, 0xfff, 0xfffffffffffffffb, 0x400, 0x2, 0x2, 0x10000}) recvmsg(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000040004000d0001007564703a73"], 0x54}}, 0x0) 30.005954552s ago: executing program 3 (id=601): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000700)={{0x2}, 0x0, [0x2000000, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xba, 0xfffffffffffffdfc, 0x4, 0x40000000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x8001, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5]}) 29.999954552s ago: executing program 0 (id=602): syz_usb_connect(0x2, 0x36, &(0x7f0000000980)=ANY=[@ANYBLOB="120110014a83a0087af03ee0f4080102030109022400010907d0000904000a021fc03a0409050756ff0304040909050e002000050804"], 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x17}}, @in={0x2, 0x4e21, @remote}], 0x20) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), 0x4) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), 0x4) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf25051600800c0001"], 0x1618}], 0x1}, 0x0) recvmsg(r2, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000) fadvise64(r1, 0x92, 0x5, 0x2) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000006600)={0x0, 0x1c, "8c8f746ea05cf8eac4cb191048479a3609f2c4856aa37ea040dec7f0"}, &(0x7f0000006680)=0x24) r4 = socket$kcm(0x29, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x119, 0x487, &(0x7f0000000500), &(0x7f0000000480)=0xfffffffffffffd69) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x40010, r1, 0x7fe9d000) 29.947370527s ago: executing program 3 (id=603): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d", 0xd1}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e64", 0xde}], 0x3}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000a40)="955cab0967ca49ab4f52029719b0654e8c0c1eceec3f87681677d6d1ed048a6e97da92fd38054882b0b69b5b9b5bb69a20fd6ea8392a060c144d59d7a89d13e639110455975e4a5be711f8275e04e4f3a8201bef3794ba8a2f5b09ddc47b9519887264c256ea788e2a474ffd8cfb652d138568292b91207313fb8993a6e7edc638890576a483c62d8a55614ba28b5dda39ac8cb559f60332caf15361bf5c3c1aa82430a693f449d54cd2b62d2d57f30e0b05857b29e455a11e90883cc6eb846f440c6698a8bad3125e5509cc6fb4a4691ca007caf5d570ebad8e4ab282c58cd22c8a0d21be7e65728a617cbda1ace686ba0261c3ef4d569039", 0xf9}, {&(0x7f0000000b40)="24f4e13af8a123460176c8453d827e079a65e18b7651e98dd3b096f8a2aa808d4ea94ca0253b0b2c72c88a8beb02cda49108378f73ccf95cecb0393aeb094a9af88be6480f5e20772be3d0119098e24d68314fac0c6cbbf33e8aa53560876112720f3b0b6579bd6f6f46c065d5a0d10214b7130193489a7f2de14b8de5fe7b1c9683cdcd607141f6f841719673b75bf9a614befda3fcb236610bdde966f1a86368a11d853f1c084c0f19d1ba0304392ae0d1c072fb9d43a6d9185def201ac344fd12f0c084c6cd8e7b1de927d041fa3b64ff7d4fd8b3602fdca9", 0xda}, {&(0x7f0000000ec0)="c0a95aaa0db5a7b153daf2ee433b7af67defb4b59040a22de4f52db16b3c5e0d6f1818d5057aa588792948e7c0b058df3ec455d747176e62c81f5a22701e0a1fca7a5595067cb8c9c2fe1e533eb4a9dc6bf7817a3f8740cb7d5df786a8ee551be1d430cb866f484d76a2f8b424152eb4cef3fef2b7a9d65730b9bd48367e00cd1974a1f8b22ae409b77622be8736f588621e7ac2d75dc8178347aaaef6afd7ddac71bf069f26aadb2645d3847563fc44805a16784c1eeecace197b20ff4e85e3cd8f0396bafaf70ea7514a95ab66c4fa5e1806674c95c5a55b0b40e1caa401160de1", 0xe2}, {&(0x7f0000000fc0)="49e56060999052a6873670184f40633f0446edeff9209c90fd235ad4a02251c5b6d8dd2a05b2a3d7d595440b4ce607e8ee543d0934e9f275056b", 0x3a}, {&(0x7f00000011c0)="631df88d0e094a35ed5e06a88e7bddf1def7926713aa5fca70bed9ec58170b30692a6ad63362736b6f7d870d787036790d2512a71595dc6352a4d7536403ded8240de0c705fbf1fcfb6e8e0304e7881716d04481e934aed8", 0x58}], 0x5}}], 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000180)="17", 0x59a, 0xfffffff0, 0x0, 0xffffffffffffffa1) 29.877740711s ago: executing program 3 (id=604): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2000000, 0xe2001) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41e43, 0x8) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0xffef, 0x1, 0x0, 0x0, 0x0, 0x11, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb00002b700000785d9600", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be5ee68c480000000000000000000000000000101300001f92a73800", [0x0, 0xfffffffffffffff8]}}) 29.554108071s ago: executing program 3 (id=605): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xc3a51000) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000040)=0x1, 0x4) (async, rerun: 32) syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000087f2bb4024042c017e22010203010902240001020000000904"], 0x0) (rerun: 32) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000080)=0x80, 0x4) 29.553777286s ago: executing program 2 (id=606): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0x0, 0x35314258, 0x0, 0x0, 0x1000000}}) 29.411950145s ago: executing program 2 (id=608): r0 = syz_usb_connect(0x5, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x92, 0xec, 0xc6, 0x20, 0x5ac, 0x77c2, 0xeb3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xc4, 0x1, 0x1, 0xff, 0xfd, 0x1, 0x80, [], [{{0x9, 0x5, 0x2, 0x2, 0x210, 0x2}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000006c0)={0x2c, &(0x7f0000000480)=ANY=[@ANYBLOB="20232c0000002c2a25ad10f1c8823f2d769d01000000000000006193aea7797c9c435221947e96a0048b3b7b6e5ac53d8c88"], &(0x7f0000000500)={0x0, 0x3, 0xa0, @string={0xa0, 0x3, "2e3252aa38143b9429c69cff7633292098f145bb8e74422057305d56f8bd02503b8e2ac8ea8859a58730ad68a371ea24096726ae385366eba5249fcddad67caafdbde4ecb6b2b49b7b7d3f2f0cc450a2dc6e0aaad73cf655ee32e2063bc79bd013b0552d1d2de3c1f6d41309b96be550a99e1738e1d79a51599a5fb14028011c7b153fee8972a732211ea7703c4c0d2b4f99f96cc7e550dc9cbce13acd39"}}, &(0x7f00000005c0)=ANY=[@ANYBLOB="000f46000000050f46000603100b071002023701000c100a03600000000ff0c00010100a40a1000000000f07000fc000000b1001044000020705000410100a09e100000007f00329303ffe01"], &(0x7f0000000640)={0x20, 0x29, 0xf, {0xf, 0x29, 0x10, 0x0, 0xce, 0x1, "d84bfb3c", "4c235fed"}}, &(0x7f0000000680)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x18, 0xc, 0x10, 0x61, 0x0, 0x3}}}, &(0x7f0000000c80)={0x84, &(0x7f0000000700)={0x0, 0x17, 0xe8, "9ed0c4e7d0fe0dcd1983a076ff5d5a6f90ec5d0e068b8370195a58d4c2de59173d5607571e9a14333e5a7d99570487b479d62bf61af458e931cd8240073a1347ec040419dce80a26076ae1e8f680d4ccba9a89e9533b4093c0735957fe330e0276d3dc1d189c173bf4afa071cf21576aa798079fd24b0cf04ccf4ab106632e12d9866c3b4cdf2a32772a1f5e7fa66ae6732beadee6a84c7cdfc2e82b13b9d7a72e6d358136a3af54e64c8b0d3e95e9268a2dd4529700683eb420a2bac7860723c45992d28932d6e15a00833e86841a6b526d33b4460926af28f07e0dbfb7dd46421e067fbbee3161"}, &(0x7f0000000800)={0x0, 0xa, 0x1}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000880)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f00000008c0)={0x20, 0x0, 0x8, {0x0, 0x0, [0xff00]}}, &(0x7f0000000900)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000940)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000980)={0x40, 0xb, 0x2, "1ab7"}, &(0x7f00000009c0)={0x40, 0xf, 0x2, 0xb}, &(0x7f0000000a00)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000a40)={0x40, 0x17, 0x6, @random="549a6b22caab"}, &(0x7f0000000a80)={0x40, 0x19, 0x2, "9c32"}, &(0x7f0000000ac0)={0x40, 0x1a, 0x2, 0xec}, &(0x7f0000000b00)={0x40, 0x1c, 0x1, 0xfb}, &(0x7f0000000b40)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000c40)={0x40, 0x21, 0x1, 0xa}}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000140)={0x0, 0xc, 0x6, "1693c6a87ad2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 28.710155943s ago: executing program 1 (id=615): r0 = socket$kcm(0x2, 0xa, 0x2) r1 = dup(r0) syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r1) creat(&(0x7f0000001380)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@sg0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hpfs\x00', 0x8000, 0x0) 28.670419878s ago: executing program 1 (id=616): r0 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000500)={"a0453822", 0x0, 0x6, 0x2, 0x0, 0x1000000, "3377f877c734c40400", "000100", "0200", "be4d22a4", ["c38600", "51f3541a910080ffffcb3a10", "e100", "000000000000c7deffffff00"]}) 28.59770553s ago: executing program 1 (id=617): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wlan1\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x24, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x24}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="5400000009060108000000deff000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 28.506016534s ago: executing program 0 (id=618): socket$caif_seqpacket(0x25, 0x5, 0x3) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r1, 0x29, 0xa, &(0x7f0000000140), &(0x7f0000000180)=0x4) r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r3 = fcntl$dupfd(r0, 0x406, r0) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) readv(r2, &(0x7f0000000880)=[{&(0x7f0000003000)=""/4106, 0x100a}], 0x1) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000580)={0x10, 0x16, 0x1, 0xfffffffd, 0x25dfdc01}, 0x10}], 0x1, 0x0, 0x0, 0x4080}, 0x10) mount(&(0x7f00000001c0)=@rnullb, &(0x7f0000000200)='./cgroup\x00', &(0x7f0000000040)='efivarfs\x00', 0x208002, 0x0) 28.459996755s ago: executing program 1 (id=619): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$netlink(0x10, 0x3, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) socket$nl_netfilter(0x10, 0x3, 0xc) timerfd_create(0x1, 0x0) socket$igmp6(0xa, 0x3, 0x2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000012000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0) 28.383309455s ago: executing program 0 (id=620): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {r1, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0xfff7, 0x5, {'\x00\x00\x00\x00@\x00'}, 0xf, 0x2, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000070001"}, 0x80000001}}}, 0x118) 28.330068335s ago: executing program 1 (id=621): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) r0 = epoll_create(0x7) r1 = epoll_create1(0x0) r2 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f00000000c0)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x7, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000003c0), 0x3) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) getsockopt$bt_hci(r5, 0x11a, 0x3, 0x0, &(0x7f00000004c0)=0x4) read$msr(0xffffffffffffffff, &(0x7f0000000140)=""/22, 0x16) 28.312995431s ago: executing program 0 (id=622): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="58000000020601080000000000000000000300400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080006400000000011000300686173683a69702c6d61726b"], 0x58}}, 0x0) 28.198852396s ago: executing program 0 (id=623): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3a}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0) 28.082053451s ago: executing program 0 (id=624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0xa5, {{0xa, 0x4e22, 0x5, @loopback, 0x90000}}, {{0xa, 0x4e20, 0x0, @remote}}}, 0x108) ioprio_set$pid(0x1, 0x0, 0x0) setrlimit(0x6, &(0x7f0000000000)={0x5, 0x89}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) sendfile(r1, r1, 0x0, 0x7ffff000) 16.048982223s ago: executing program 1 (id=625): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x80, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x6f6}, {0x8, 0x8}, {0x1, 0xfffffffc}, {}, 0x3e00, 0x10, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x32, 0x0, 0x3, 0x6}) 0s ago: executing program 32 (id=624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0xa5, {{0xa, 0x4e22, 0x5, @loopback, 0x90000}}, {{0xa, 0x4e20, 0x0, @remote}}}, 0x108) ioprio_set$pid(0x1, 0x0, 0x0) setrlimit(0x6, &(0x7f0000000000)={0x5, 0x89}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) sendfile(r1, r1, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): rblock. [ 138.367536][ T6130] binder_alloc: 6129: binder_alloc_buf, no vma [ 138.425949][ T5913] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 138.452818][ T5900] usb 2-1: USB disconnect, device number 2 [ 138.636711][ T5913] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 138.670601][ T6135] capability: warning: `syz.0.69' uses deprecated v2 capabilities in a way that may be insecure [ 138.670757][ T5913] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.752690][ T5913] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 138.775173][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.058145][ T5913] usb 4-1: usb_control_msg returned -32 [ 139.093148][ T5913] usbtmc 4-1:16.0: can't read capabilities [ 139.126571][ T6143] fuse: Unknown parameter 'use00000000000000000000' [ 139.477965][ T6146] netlink: 48 bytes leftover after parsing attributes in process `syz.3.65'. [ 139.786868][ T5900] IPVS: starting estimator thread 0... [ 139.796802][ T6151] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 139.826857][ T6151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.850628][ T6151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.889895][ T6159] IPVS: using max 21 ests per chain, 50400 per kthread [ 140.060007][ T5900] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 140.232088][ T5900] usb 1-1: config 11 has an invalid interface number: 62 but max is 0 [ 140.262285][ T5900] usb 1-1: config 11 has no interface number 0 [ 140.274977][ T5900] usb 1-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=bf.dc [ 140.286974][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.308640][ T6163] binder: 6162:6163 ioctl c0306201 0 returned -14 [ 140.310065][ T5900] usb 1-1: Product: syz [ 140.319449][ T5900] usb 1-1: Manufacturer: syz [ 140.339834][ T5900] usb 1-1: SerialNumber: syz [ 140.549637][ T6151] netlink: 124 bytes leftover after parsing attributes in process `syz.0.76'. [ 140.559121][ T6152] netlink: 124 bytes leftover after parsing attributes in process `syz.0.76'. [ 140.629868][ T5913] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 140.698950][ T6151] Mount JFS Failure: -22 [ 140.710597][ T5900] hub 1-1:11.62: bad descriptor, ignoring hub [ 140.733786][ T5900] hub 1-1:11.62: probe with driver hub failed with error -5 [ 140.799782][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 140.820461][ T5913] usb 2-1: config 0 has no interfaces? [ 140.831985][ T5900] usb 1-1: USB disconnect, device number 3 [ 140.838986][ T5913] usb 2-1: New USB device found, idVendor=0cf3, idProduct=817a, bcdDevice=eb.19 [ 140.856639][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.872371][ T5913] usb 2-1: Product: syz [ 140.876634][ T5913] usb 2-1: Manufacturer: syz [ 140.887802][ T5913] usb 2-1: SerialNumber: syz [ 140.901921][ T5913] usb 2-1: config 0 descriptor?? [ 141.150471][ T6169] binder: 6168:6169 ioctl c0306201 0 returned -14 [ 141.170770][ T929] usb 2-1: USB disconnect, device number 3 [ 141.247821][ T5931] usb 4-1: USB disconnect, device number 3 [ 141.278756][ T6171] FAULT_INJECTION: forcing a failure. [ 141.278756][ T6171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 141.348384][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.2.80 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 141.348420][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 141.348434][ T6171] Call Trace: [ 141.348444][ T6171] [ 141.348454][ T6171] dump_stack_lvl+0x189/0x250 [ 141.348494][ T6171] ? __pfx____ratelimit+0x10/0x10 [ 141.348530][ T6171] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.348563][ T6171] ? __pfx__printk+0x10/0x10 [ 141.348593][ T6171] ? __might_fault+0xb0/0x130 [ 141.348636][ T6171] should_fail_ex+0x414/0x560 [ 141.348667][ T6171] _copy_to_iter+0x3f5/0x16f0 [ 141.348713][ T6171] ? __pfx__copy_to_iter+0x10/0x10 [ 141.348755][ T6171] ? stats_show+0x62c/0x650 [ 141.348795][ T6171] seq_read_iter+0xbeb/0xe10 [ 141.348843][ T6171] seq_read+0x2e2/0x3d0 [ 141.348876][ T6171] ? __pfx_seq_read+0x10/0x10 [ 141.348899][ T6171] ? __debugfs_file_get+0x5dd/0x710 [ 141.348934][ T6171] ? __pfx___debugfs_file_get+0x10/0x10 [ 141.348978][ T6171] full_proxy_read+0x127/0x1f0 [ 141.349011][ T6171] ? __pfx_full_proxy_read+0x10/0x10 [ 141.349044][ T6171] vfs_read+0x200/0x980 [ 141.349068][ T6171] ? fdget_pos+0x247/0x320 [ 141.349102][ T6171] ? __pfx___mutex_lock+0x10/0x10 [ 141.349138][ T6171] ? __pfx_vfs_read+0x10/0x10 [ 141.349164][ T6171] ? __fget_files+0x2a/0x420 [ 141.349198][ T6171] ? __fget_files+0x3a0/0x420 [ 141.349225][ T6171] ? __fget_files+0x2a/0x420 [ 141.349263][ T6171] ksys_read+0x145/0x250 [ 141.349291][ T6171] ? __pfx_ksys_read+0x10/0x10 [ 141.349312][ T6171] ? rcu_is_watching+0x15/0xb0 [ 141.349346][ T6171] ? do_syscall_64+0xbe/0x3b0 [ 141.349383][ T6171] do_syscall_64+0xfa/0x3b0 [ 141.349403][ T6171] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.349437][ T6171] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.349461][ T6171] ? clear_bhb_loop+0x60/0xb0 [ 141.349490][ T6171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.349513][ T6171] RIP: 0033:0x7f420338eb69 [ 141.349534][ T6171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.349553][ T6171] RSP: 002b:00007f42011f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 141.349577][ T6171] RAX: ffffffffffffffda RBX: 00007f42035b6160 RCX: 00007f420338eb69 [ 141.349594][ T6171] RDX: 0000000000000cac RSI: 00002000000034c0 RDI: 000000000000000a [ 141.349608][ T6171] RBP: 00007f42011f6090 R08: 0000000000000000 R09: 0000000000000000 [ 141.349623][ T6171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.349635][ T6171] R13: 0000000000000000 R14: 00007f42035b6160 R15: 00007fffa00288d8 [ 141.349671][ T6171] [ 141.856418][ T6175] fuse: Unknown parameter 'use00000000000000000000' [ 141.948785][ T6179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.84'. [ 142.203191][ T6187] FAT-fs (nullb0): bogus number of reserved sectors [ 142.242792][ T6187] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 142.277766][ T6189] netlink: 'syz.0.89': attribute type 3 has an invalid length. [ 142.302553][ T6189] netlink: 132 bytes leftover after parsing attributes in process `syz.0.89'. [ 142.474056][ T6197] fuse: Unknown parameter 'use00000000000000000000' [ 142.544997][ T929] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 142.711870][ T929] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.722856][ T929] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.736226][ T929] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 142.747527][ T929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 142.776538][ T929] usb 3-1: SerialNumber: syz [ 142.881751][ T6212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.97'. [ 143.388175][ T6222] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.101'. [ 143.589605][ T6224] fuse: Unknown parameter 'user_i00000000000000000000' [ 143.909173][ T6232] sd 0:0:1:0: PR command failed: 1026 [ 143.941064][ T6232] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 143.959877][ T5913] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 143.972195][ T6232] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 144.110673][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 144.117275][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.129773][ T5913] usb 4-1: Using ep0 maxpacket: 32 [ 144.141671][ T5913] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 144.163853][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.189326][ T5913] usb 4-1: Product: syz [ 144.199463][ T5913] usb 4-1: Manufacturer: syz [ 144.220698][ T5913] usb 4-1: SerialNumber: syz [ 144.245594][ T5913] usb 4-1: config 0 descriptor?? [ 144.266523][ T5913] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 144.456666][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 144.481100][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 144.511766][ T5913] gspca_stk1135: reg_w 0x2 err -71 [ 144.523825][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 144.539088][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.548282][ T5913] gspca_stk1135: Sensor write failed [ 144.556783][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 144.556817][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.576292][ T5913] gspca_stk1135: Sensor write failed [ 144.581772][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.588303][ T5913] gspca_stk1135: Sensor read failed [ 144.590278][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 144.597476][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.653148][ T5913] gspca_stk1135: Sensor read failed [ 144.658450][ T5913] gspca_stk1135: Detected sensor type unknown (0x0) [ 144.686550][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.719605][ T5913] gspca_stk1135: Sensor read failed [ 144.738054][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 144.758333][ T5913] gspca_stk1135: Sensor read failed [ 145.180033][ T5931] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 145.386336][ T5931] usb 1-1: config 0 has an invalid interface number: 225 but max is 0 [ 145.429747][ T5931] usb 1-1: config 0 has an invalid descriptor of length 164, skipping remainder of the config [ 145.510555][ T929] usb 3-1: 0:2 : does not exist [ 145.517099][ T5931] usb 1-1: config 0 has no interface number 0 [ 145.531962][ T6255] fuse: Unknown parameter 'user_i00000000000000000000' [ 145.556561][ T5931] usb 1-1: too many endpoints for config 0 interface 225 altsetting 29: 172, using maximum allowed: 30 [ 145.615545][ T5931] usb 1-1: config 0 interface 225 altsetting 29 has 0 endpoint descriptors, different from the interface descriptor's value: 172 [ 145.678858][ T5931] usb 1-1: config 0 interface 225 has no altsetting 0 [ 145.716924][ T5931] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a [ 145.719945][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 145.738935][ T5913] gspca_stk1135: Sensor write failed [ 145.745023][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 145.754527][ T5913] gspca_stk1135: Sensor write failed [ 145.760242][ T5913] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 145.773180][ T929] usb 3-1: USB disconnect, device number 4 [ 145.795897][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.883071][ T5931] usb 1-1: config 0 descriptor?? [ 146.060216][ T5913] usb 4-1: USB disconnect, device number 4 [ 146.064268][ T6250] udevd[6250]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.291163][ T5931] usb 1-1: string descriptor 0 read error: -71 [ 146.368628][ T5931] usb 1-1: USB disconnect, device number 4 [ 146.506853][ T6261] support for the xor transformation has been removed. [ 146.572332][ T6265] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 146.630984][ T6270] FAULT_INJECTION: forcing a failure. [ 146.630984][ T6270] name failslab, interval 1, probability 0, space 0, times 0 [ 146.654382][ T6270] CPU: 0 UID: 0 PID: 6270 Comm: syz.1.120 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 146.654415][ T6270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 146.654430][ T6270] Call Trace: [ 146.654439][ T6270] [ 146.654449][ T6270] dump_stack_lvl+0x189/0x250 [ 146.654488][ T6270] ? __pfx____ratelimit+0x10/0x10 [ 146.654523][ T6270] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.654554][ T6270] ? __pfx__printk+0x10/0x10 [ 146.654593][ T6270] ? __pfx___might_resched+0x10/0x10 [ 146.654619][ T6270] ? fs_reclaim_acquire+0x7d/0x100 [ 146.654649][ T6270] should_fail_ex+0x414/0x560 [ 146.654682][ T6270] should_failslab+0xa8/0x100 [ 146.654707][ T6270] __kmalloc_cache_noprof+0x70/0x3d0 [ 146.654742][ T6270] ? vhost_task_create+0xf6/0x290 [ 146.654777][ T6270] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 146.654815][ T6270] vhost_task_create+0xf6/0x290 [ 146.654847][ T6270] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 146.654900][ T6270] ? __pfx_vhost_task_create+0x10/0x10 [ 146.654942][ T6270] ? __pfx_vhost_task_fn+0x10/0x10 [ 146.654997][ T6270] kvm_mmu_post_init_vm+0x14c/0x300 [ 146.655026][ T6270] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 146.655069][ T6270] ? __mutex_trylock_common+0x153/0x260 [ 146.655103][ T6270] ? __pfx___mutex_trylock_common+0x10/0x10 [ 146.655133][ T6270] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 146.655171][ T6270] ? rcu_is_watching+0x15/0xb0 [ 146.655199][ T6270] ? trace_contention_end+0x39/0x120 [ 146.655226][ T6270] ? look_up_lock_class+0x74/0x170 [ 146.655264][ T6270] ? register_lock_class+0x51/0x320 [ 146.655293][ T6270] ? __lock_acquire+0xab9/0xd20 [ 146.655350][ T6270] kvm_vcpu_ioctl+0x95c/0xe90 [ 146.655386][ T6270] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 146.655413][ T6270] ? hook_file_ioctl+0xe0/0x530 [ 146.655456][ T6270] ? __fget_files+0x2a/0x420 [ 146.655485][ T6270] ? __fget_files+0x2a/0x420 [ 146.655509][ T6270] ? __fget_files+0x3a0/0x420 [ 146.655532][ T6270] ? __fget_files+0x2a/0x420 [ 146.655559][ T6270] ? bpf_lsm_file_ioctl+0x9/0x20 [ 146.655590][ T6270] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 146.655623][ T6270] __se_sys_ioctl+0xfc/0x170 [ 146.655663][ T6270] do_syscall_64+0xfa/0x3b0 [ 146.655683][ T6270] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.655715][ T6270] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.655737][ T6270] ? clear_bhb_loop+0x60/0xb0 [ 146.655766][ T6270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.655788][ T6270] RIP: 0033:0x7f829c98eb69 [ 146.655809][ T6270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.655829][ T6270] RSP: 002b:00007f829d791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.655853][ T6270] RAX: ffffffffffffffda RBX: 00007f829cbb5fa0 RCX: 00007f829c98eb69 [ 146.655870][ T6270] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 146.655894][ T6270] RBP: 00007f829d791090 R08: 0000000000000000 R09: 0000000000000000 [ 146.655909][ T6270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.655922][ T6270] R13: 0000000000000000 R14: 00007f829cbb5fa0 R15: 00007ffc687ffe18 [ 146.655957][ T6270] [ 147.539168][ T6276] fuse: Unknown parameter 'user_i00000000000000000000' [ 148.533516][ T6286] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 148.547710][ T6288] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 148.580263][ T6286] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 148.600560][ T6288] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 148.752176][ T6292] FAULT_INJECTION: forcing a failure. [ 148.752176][ T6292] name failslab, interval 1, probability 0, space 0, times 0 [ 148.785790][ T6292] CPU: 0 UID: 0 PID: 6292 Comm: syz.0.129 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 148.785824][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 148.785839][ T6292] Call Trace: [ 148.785848][ T6292] [ 148.785858][ T6292] dump_stack_lvl+0x189/0x250 [ 148.785897][ T6292] ? __pfx____ratelimit+0x10/0x10 [ 148.785933][ T6292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.785965][ T6292] ? __pfx__printk+0x10/0x10 [ 148.786010][ T6292] ? __pfx___might_resched+0x10/0x10 [ 148.786043][ T6292] should_fail_ex+0x414/0x560 [ 148.786077][ T6292] should_failslab+0xa8/0x100 [ 148.786103][ T6292] kmem_cache_alloc_noprof+0x73/0x3c0 [ 148.786138][ T6292] ? mas_alloc_nodes+0x2e9/0x8e0 [ 148.786177][ T6292] mas_alloc_nodes+0x2e9/0x8e0 [ 148.786221][ T6292] mas_preallocate+0x3ad/0x6f0 [ 148.786260][ T6292] ? __pfx_mas_preallocate+0x10/0x10 [ 148.786307][ T6292] ? __mas_set_range+0x12f/0x3c0 [ 148.786346][ T6292] __split_vma+0x2fa/0xa00 [ 148.786390][ T6292] ? __pfx___split_vma+0x10/0x10 [ 148.786430][ T6292] ? up_write+0x1c4/0x420 [ 148.786466][ T6292] ? process_measurement+0x1640/0x1a40 [ 148.786506][ T6292] vms_gather_munmap_vmas+0x2ea/0x12f0 [ 148.786548][ T6292] ? __pfx_process_measurement+0x10/0x10 [ 148.786580][ T6292] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 148.786605][ T6292] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 148.786634][ T6292] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 148.786672][ T6292] ? __lock_acquire+0xab9/0xd20 [ 148.786716][ T6292] do_vmi_align_munmap+0x25d/0x420 [ 148.786768][ T6292] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 148.786834][ T6292] do_vmi_munmap+0x253/0x2e0 [ 148.786872][ T6292] do_munmap+0xe1/0x140 [ 148.786907][ T6292] ? _parse_integer_limit+0x1ae/0x1f0 [ 148.786939][ T6292] ? __pfx_do_munmap+0x10/0x10 [ 148.786982][ T6292] ? __lock_acquire+0xab9/0xd20 [ 148.787019][ T6292] mremap_to+0x2df/0x7a0 [ 148.787060][ T6292] ? __pfx_mremap_to+0x10/0x10 [ 148.787095][ T6292] ? check_prep_vma+0x724/0xb00 [ 148.787138][ T6292] __se_sys_mremap+0xa1b/0xf10 [ 148.787195][ T6292] ? __pfx___se_sys_mremap+0x10/0x10 [ 148.787232][ T6292] ? fput+0xa0/0xd0 [ 148.787265][ T6292] ? ksys_write+0x22a/0x250 [ 148.787303][ T6292] ? do_syscall_64+0xbe/0x3b0 [ 148.787323][ T6292] ? __x64_sys_mremap+0x20/0xc0 [ 148.787355][ T6292] do_syscall_64+0xfa/0x3b0 [ 148.787375][ T6292] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.787408][ T6292] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.787432][ T6292] ? clear_bhb_loop+0x60/0xb0 [ 148.787460][ T6292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.787483][ T6292] RIP: 0033:0x7fdd0198eb69 [ 148.787504][ T6292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.787523][ T6292] RSP: 002b:00007fdd027df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 148.787546][ T6292] RAX: ffffffffffffffda RBX: 00007fdd01bb5fa0 RCX: 00007fdd0198eb69 [ 148.787563][ T6292] RDX: 0000000000600002 RSI: 0000000000600002 RDI: 0000200000000000 [ 148.787578][ T6292] RBP: 00007fdd027df090 R08: 0000200000a00000 R09: 0000000000000000 [ 148.787593][ T6292] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 148.787607][ T6292] R13: 0000000000000000 R14: 00007fdd01bb5fa0 R15: 00007ffd398e88e8 [ 148.787643][ T6292] [ 149.283970][ T6300] fuse: Unknown parameter 'user_id00000000000000000000' [ 149.506655][ T6310] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 149.555797][ T6310] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 149.625398][ T6313] FAULT_INJECTION: forcing a failure. [ 149.625398][ T6313] name failslab, interval 1, probability 0, space 0, times 0 [ 149.641935][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.2.137 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 149.641971][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 149.641985][ T6313] Call Trace: [ 149.641995][ T6313] [ 149.642005][ T6313] dump_stack_lvl+0x189/0x250 [ 149.642044][ T6313] ? __pfx____ratelimit+0x10/0x10 [ 149.642082][ T6313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.642114][ T6313] ? __pfx__printk+0x10/0x10 [ 149.642154][ T6313] ? __pfx___might_resched+0x10/0x10 [ 149.642179][ T6313] ? fs_reclaim_acquire+0x7d/0x100 [ 149.642209][ T6313] should_fail_ex+0x414/0x560 [ 149.642245][ T6313] should_failslab+0xa8/0x100 [ 149.642271][ T6313] __kmalloc_noprof+0xcb/0x4f0 [ 149.642303][ T6313] ? kfree+0x4d/0x440 [ 149.642332][ T6313] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 149.642370][ T6313] tomoyo_realpath_from_path+0xe3/0x5d0 [ 149.642404][ T6313] ? tomoyo_domain+0xd9/0x130 [ 149.642447][ T6313] tomoyo_path2_perm+0x265/0x680 [ 149.642473][ T6313] ? tomoyo_path2_perm+0x235/0x680 [ 149.642500][ T6313] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 149.642602][ T6313] tomoyo_path_rename+0x141/0x190 [ 149.642635][ T6313] ? __d_lookup+0x6df/0x780 [ 149.642675][ T6313] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 149.642728][ T6313] security_path_rename+0x250/0x490 [ 149.642768][ T6313] do_renameat2+0x52b/0xa80 [ 149.642818][ T6313] ? __pfx_do_renameat2+0x10/0x10 [ 149.642866][ T6313] ? getname_flags+0x1e5/0x540 [ 149.642903][ T6313] __x64_sys_renameat+0xb8/0xd0 [ 149.642936][ T6313] do_syscall_64+0xfa/0x3b0 [ 149.642957][ T6313] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.642992][ T6313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.643017][ T6313] ? clear_bhb_loop+0x60/0xb0 [ 149.643060][ T6313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.643082][ T6313] RIP: 0033:0x7f420338eb69 [ 149.643103][ T6313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.643123][ T6313] RSP: 002b:00007f4204130038 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 149.643147][ T6313] RAX: ffffffffffffffda RBX: 00007f42035b5fa0 RCX: 00007f420338eb69 [ 149.643164][ T6313] RDX: ffffffffffffff9c RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 149.643181][ T6313] RBP: 00007f4204130090 R08: 0000000000000000 R09: 0000000000000000 [ 149.643195][ T6313] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 149.643209][ T6313] R13: 0000000000000000 R14: 00007f42035b5fa0 R15: 00007fffa00288d8 [ 149.643246][ T6313] [ 149.643256][ T6313] ERROR: Out of memory at tomoyo_realpath_from_path. [ 149.950074][ T6318] netlink: ct family unspecified [ 149.967394][ T6318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.225392][ T6328] fuse: Unknown parameter 'user_id00000000000000000000' [ 150.430464][ T6330] tipc: Started in network mode [ 150.445720][ T6330] tipc: Node identity ac1414aa, cluster identity 4711 [ 150.463194][ T6330] tipc: Enabled bearer , priority 10 [ 150.998957][ T6352] fuse: Unknown parameter 'user_id00000000000000000000' [ 151.173464][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.154'. [ 151.222999][ T6364] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 151.230387][ T6364] IPv6: NLM_F_CREATE should be set when creating new route [ 151.440301][ T6371] bridge0: port 3(syz_tun) entered blocking state [ 151.448008][ T6371] bridge0: port 3(syz_tun) entered disabled state [ 151.455314][ T6371] syz_tun: entered allmulticast mode [ 151.467768][ T6370] /dev/sg0: Can't lookup blockdev [ 151.476217][ T6371] syz_tun: entered promiscuous mode [ 151.484114][ T6371] bridge0: port 3(syz_tun) entered blocking state [ 151.490772][ T6371] bridge0: port 3(syz_tun) entered forwarding state [ 151.507991][ T6372] netlink: 'syz.3.158': attribute type 10 has an invalid length. [ 151.582428][ T24] tipc: Node number set to 2886997162 [ 151.736004][ T6379] netlink: 184 bytes leftover after parsing attributes in process `syz.2.161'. [ 151.845190][ T6381] /dev/sg0: Can't lookup blockdev [ 151.986317][ T6387] fuse: Bad value for 'fd' [ 152.666799][ T6417] fuse: Bad value for 'fd' [ 152.896611][ T6422] openvswitch: netlink: IPv4 frag type 105 is out of range max 2 [ 153.066890][ T6425] binder_alloc: 6424: binder_alloc_buf, no vma [ 153.335640][ T6436] loop2: detected capacity change from 0 to 7 [ 153.430572][ T6436] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 153.436452][ T6436] loop2: partition table partially beyond EOD, truncated [ 153.473402][ T6436] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 153.765720][ T6430] udevd[6430]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 153.853320][ T5931] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 153.861293][ T6444] fuse: Bad value for 'fd' [ 154.025008][ T5931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.049215][ T5931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.062131][ T6448] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 154.069944][ T5931] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 154.079341][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.109480][ T5931] usb 1-1: config 0 descriptor?? [ 154.367582][ T6453] netlink: 184 bytes leftover after parsing attributes in process `syz.3.189'. [ 154.449037][ T6455] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 154.456385][ T6455] IPv6: NLM_F_CREATE should be set when creating new route [ 154.463752][ T6455] IPv6: NLM_F_CREATE should be set when creating new route [ 154.471072][ T6455] IPv6: NLM_F_CREATE should be set when creating new route [ 154.509056][ T6457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.566965][ T6457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.575544][ T6459] netlink: 48 bytes leftover after parsing attributes in process `syz.2.192'. [ 154.801635][ T6465] fuse: Unknown parameter '0x0000000000000004' [ 155.124033][ T6471] binder: 6470:6471 ioctl c0306201 0 returned -14 [ 155.156759][ T5931] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71 [ 155.228736][ T5931] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 155.237006][ T5931] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71 [ 155.247701][ T5931] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 155.256431][ T5931] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71 [ 155.307874][ T5931] usb 1-1: USB disconnect, device number 5 [ 155.319052][ T6475] FAULT_INJECTION: forcing a failure. [ 155.319052][ T6475] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 155.356207][ T6475] CPU: 1 UID: 0 PID: 6475 Comm: syz.2.198 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 155.356240][ T6475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 155.356252][ T6475] Call Trace: [ 155.356260][ T6475] [ 155.356270][ T6475] dump_stack_lvl+0x189/0x250 [ 155.356302][ T6475] ? __pfx____ratelimit+0x10/0x10 [ 155.356336][ T6475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.356359][ T6475] ? __pfx__printk+0x10/0x10 [ 155.356385][ T6475] ? fs_reclaim_acquire+0x7d/0x100 [ 155.356413][ T6475] should_fail_ex+0x414/0x560 [ 155.356443][ T6475] prepare_alloc_pages+0x213/0x610 [ 155.356481][ T6475] __alloc_frozen_pages_noprof+0x123/0x370 [ 155.356512][ T6475] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 155.356546][ T6475] ? policy_nodemask+0x27c/0x720 [ 155.356587][ T6475] alloc_pages_mpol+0x232/0x4a0 [ 155.356627][ T6475] vma_alloc_folio_noprof+0xe4/0x200 [ 155.356651][ T6475] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 155.356687][ T6475] folio_prealloc+0x30/0x180 [ 155.356710][ T6475] do_wp_page+0x1231/0x5800 [ 155.356768][ T6475] ? __pfx_do_wp_page+0x10/0x10 [ 155.356796][ T6475] ? do_raw_spin_lock+0x121/0x290 [ 155.356827][ T6475] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 155.356867][ T6475] __handle_mm_fault+0x1033/0x5440 [ 155.356915][ T6475] ? __pfx___handle_mm_fault+0x10/0x10 [ 155.356969][ T6475] ? find_vma+0xe7/0x160 [ 155.356996][ T6475] ? __pfx_find_vma+0x10/0x10 [ 155.357026][ T6475] handle_mm_fault+0x40a/0x8e0 [ 155.357070][ T6475] do_user_addr_fault+0x764/0x1390 [ 155.357115][ T6475] exc_page_fault+0x76/0xf0 [ 155.357150][ T6475] asm_exc_page_fault+0x26/0x30 [ 155.357170][ T6475] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 155.357196][ T6475] Code: 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 155.357214][ T6475] RSP: 0018:ffffc90003957898 EFLAGS: 00050206 [ 155.357234][ T6475] RAX: ffffffff84cd2701 RBX: ffff8880323ce000 RCX: 00000000000002b2 [ 155.357249][ T6475] RDX: 0000000000000000 RSI: ffff8880323ce000 RDI: 00002000000034c0 [ 155.357263][ T6475] RBP: ffffc900039579f0 R08: ffff8880323ce2b1 R09: 1ffff11006479c56 [ 155.357278][ T6475] R10: dffffc0000000000 R11: ffffed1006479c57 R12: dffffc0000000000 [ 155.357294][ T6475] R13: 0000000000000000 R14: 00007ffffffff000 R15: 00000000000002b2 [ 155.357319][ T6475] ? _copy_to_iter+0x421/0x16f0 [ 155.357359][ T6475] _copy_to_iter+0x484/0x16f0 [ 155.357406][ T6475] ? __pfx__copy_to_iter+0x10/0x10 [ 155.357446][ T6475] ? stats_show+0x62c/0x650 [ 155.357493][ T6475] seq_read_iter+0xbeb/0xe10 [ 155.357537][ T6475] seq_read+0x2e2/0x3d0 [ 155.357569][ T6475] ? __pfx_seq_read+0x10/0x10 [ 155.357590][ T6475] ? __debugfs_file_get+0x5dd/0x710 [ 155.357623][ T6475] ? __pfx___debugfs_file_get+0x10/0x10 [ 155.357665][ T6475] full_proxy_read+0x127/0x1f0 [ 155.357696][ T6475] ? __pfx_full_proxy_read+0x10/0x10 [ 155.357727][ T6475] vfs_read+0x200/0x980 [ 155.357749][ T6475] ? fdget_pos+0x247/0x320 [ 155.357782][ T6475] ? __pfx___mutex_lock+0x10/0x10 [ 155.357816][ T6475] ? __pfx_vfs_read+0x10/0x10 [ 155.357839][ T6475] ? __fget_files+0x2a/0x420 [ 155.357869][ T6475] ? __fget_files+0x3a0/0x420 [ 155.357891][ T6475] ? __fget_files+0x2a/0x420 [ 155.357926][ T6475] ksys_read+0x145/0x250 [ 155.357950][ T6475] ? __pfx_ksys_read+0x10/0x10 [ 155.357967][ T6475] ? rcu_is_watching+0x15/0xb0 [ 155.357998][ T6475] ? do_syscall_64+0xbe/0x3b0 [ 155.358021][ T6475] do_syscall_64+0xfa/0x3b0 [ 155.358037][ T6475] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.358068][ T6475] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.358089][ T6475] ? clear_bhb_loop+0x60/0xb0 [ 155.358115][ T6475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.358135][ T6475] RIP: 0033:0x7f420338eb69 [ 155.358154][ T6475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.358171][ T6475] RSP: 002b:00007f42011f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 155.358192][ T6475] RAX: ffffffffffffffda RBX: 00007f42035b6160 RCX: 00007f420338eb69 [ 155.358207][ T6475] RDX: 0000000000000cac RSI: 00002000000034c0 RDI: 000000000000000a [ 155.358220][ T6475] RBP: 00007f42011f6090 R08: 0000000000000000 R09: 0000000000000000 [ 155.358232][ T6475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.358245][ T6475] R13: 0000000000000000 R14: 00007f42035b6160 R15: 00007fffa00288d8 [ 155.358278][ T6475] [ 155.895420][ T6483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.200'. [ 156.093793][ T6492] fuse: Unknown parameter 'grou00000000000000000000' [ 156.102357][ T6490] fuse: Unknown parameter '0x0000000000000004' [ 156.259098][ T6498] netlink: 'syz.0.205': attribute type 3 has an invalid length. [ 156.267985][ T6498] netlink: 132 bytes leftover after parsing attributes in process `syz.0.205'. [ 156.389294][ T6501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.208'. [ 156.739972][ T5931] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 156.814424][ T6515] fuse: Unknown parameter 'grou00000000000000000000' [ 156.935156][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.961110][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.980410][ T5931] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 157.024002][ T5931] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 157.034716][ T6519] fuse: Unknown parameter '0x0000000000000004' [ 157.052002][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.072272][ T5931] usb 4-1: config 0 descriptor?? [ 157.385002][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 157.409771][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 157.425556][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 157.439814][ T6529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 157.449153][ T6529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 157.490041][ T5836] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 157.508529][ T6506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.544068][ T6506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.651747][ T6506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.671729][ T5836] usb 3-1: Using ep0 maxpacket: 32 [ 157.678423][ T6506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.693535][ T6506] Zero length message leads to an empty skb [ 157.725142][ T6531] fuse: Unknown parameter 'use00000000000000000000' [ 158.099926][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 158.264420][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 158.278512][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 158.296250][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 158.315539][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 158.328695][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 158.346138][ T5931] usbhid 4-1:0.0: can't add hid device: -71 [ 158.361413][ T5931] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 158.379266][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.394510][ T5931] usb 4-1: USB disconnect, device number 5 [ 158.413511][ T10] usb 2-1: config 0 descriptor?? [ 158.455153][ T10] hub 2-1:0.0: USB hub found [ 158.624818][ T10] hub 2-1:0.0: 5 ports detected [ 158.636392][ T10] hub 2-1:0.0: insufficient power available to use all downstream ports [ 158.658535][ T10] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 158.694067][ T10] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 158.704389][ T6547] fuse: Unknown parameter 'grou00000000000000000000' [ 158.755068][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 158.763953][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 158.822056][ T10] usb 2-1: USB disconnect, device number 4 [ 159.058799][ T6552] fuse: Unknown parameter '0x0000000000000004' [ 159.227097][ T6559] fuse: Unknown parameter 'use00000000000000000000' [ 159.236647][ T6555] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 159.343271][ T6558] support for the xor transformation has been removed. [ 159.428499][ T6563] FAULT_INJECTION: forcing a failure. [ 159.428499][ T6563] name failslab, interval 1, probability 0, space 0, times 0 [ 159.443422][ T6560] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 159.463050][ T6563] CPU: 1 UID: 0 PID: 6563 Comm: syz.3.232 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 159.463083][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 159.463097][ T6563] Call Trace: [ 159.463106][ T6563] [ 159.463116][ T6563] dump_stack_lvl+0x189/0x250 [ 159.463156][ T6563] ? __pfx____ratelimit+0x10/0x10 [ 159.463192][ T6563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.463225][ T6563] ? __pfx__printk+0x10/0x10 [ 159.463260][ T6563] ? __pfx___might_resched+0x10/0x10 [ 159.463287][ T6563] ? fs_reclaim_acquire+0x7d/0x100 [ 159.463315][ T6563] should_fail_ex+0x414/0x560 [ 159.463343][ T6563] should_failslab+0xa8/0x100 [ 159.463367][ T6563] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 159.463399][ T6563] ? dup_task_struct+0x52/0x860 [ 159.463426][ T6563] dup_task_struct+0x52/0x860 [ 159.463449][ T6563] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.463480][ T6563] copy_process+0x54b/0x3c00 [ 159.463536][ T6563] ? __pfx_copy_process+0x10/0x10 [ 159.463570][ T6563] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 159.463601][ T6563] vhost_task_create+0x1c4/0x290 [ 159.463627][ T6563] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 159.463664][ T6563] ? __pfx_vhost_task_create+0x10/0x10 [ 159.463696][ T6563] ? __pfx_vhost_task_fn+0x10/0x10 [ 159.463739][ T6563] kvm_mmu_post_init_vm+0x14c/0x300 [ 159.463771][ T6563] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 159.463813][ T6563] ? __mutex_trylock_common+0x153/0x260 [ 159.463843][ T6563] ? __pfx___mutex_trylock_common+0x10/0x10 [ 159.463869][ T6563] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 159.463899][ T6563] ? rcu_is_watching+0x15/0xb0 [ 159.463922][ T6563] ? trace_contention_end+0x39/0x120 [ 159.463949][ T6563] ? look_up_lock_class+0x74/0x170 [ 159.463980][ T6563] ? register_lock_class+0x51/0x320 [ 159.464004][ T6563] ? __lock_acquire+0xab9/0xd20 [ 159.464052][ T6563] kvm_vcpu_ioctl+0x95c/0xe90 [ 159.464089][ T6563] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 159.464115][ T6563] ? __lock_acquire+0xab9/0xd20 [ 159.464152][ T6563] ? __fget_files+0x2a/0x420 [ 159.464179][ T6563] ? __fget_files+0x2a/0x420 [ 159.464200][ T6563] ? __fget_files+0x3a0/0x420 [ 159.464224][ T6563] ? __fget_files+0x2a/0x420 [ 159.464252][ T6563] ? bpf_lsm_file_ioctl+0x9/0x20 [ 159.464279][ T6563] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 159.464305][ T6563] __se_sys_ioctl+0xfc/0x170 [ 159.464337][ T6563] do_syscall_64+0xfa/0x3b0 [ 159.464352][ T6563] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.464384][ T6563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.464403][ T6563] ? clear_bhb_loop+0x60/0xb0 [ 159.464426][ T6563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.464457][ T6563] RIP: 0033:0x7f51b158eb69 [ 159.464473][ T6563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.464487][ T6563] RSP: 002b:00007f51b2331038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.464507][ T6563] RAX: ffffffffffffffda RBX: 00007f51b17b5fa0 RCX: 00007f51b158eb69 [ 159.464524][ T6563] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 159.464535][ T6563] RBP: 00007f51b2331090 R08: 0000000000000000 R09: 0000000000000000 [ 159.464546][ T6563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.464556][ T6563] R13: 0000000000000000 R14: 00007f51b17b5fa0 R15: 00007ffe58d081f8 [ 159.464583][ T6563] [ 159.480158][ T6560] netlink: 'syz.1.230': attribute type 27 has an invalid length. [ 159.829471][ T6560] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 159.916227][ T6567] fuse: Unknown parameter 'group_i00000000000000000000' [ 159.965389][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 160.120682][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 160.142499][ T10] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 160.162032][ T10] usb 1-1: config 0 has no interface number 0 [ 160.222804][ T5836] usb 3-1: unable to get BOS descriptor or descriptor too short [ 160.241709][ T10] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 160.253387][ T5836] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 160.273490][ T5836] usb 3-1: can't read configurations, error -71 [ 160.289774][ T10] usb 1-1: config 0 interface 196 has no altsetting 0 [ 160.305638][ T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 160.329875][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.355757][ T10] usb 1-1: Product: syz [ 160.362482][ T10] usb 1-1: Manufacturer: syz [ 160.375709][ T10] usb 1-1: SerialNumber: syz [ 160.405518][ T10] usb 1-1: config 0 descriptor?? [ 160.438241][ T6564] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 160.580845][ T6575] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 160.730179][ T6579] fuse: Unknown parameter '0x0000000000000004' [ 160.859842][ T6583] fuse: Unknown parameter 'use00000000000000000000' [ 160.901370][ T6586] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.242'. [ 161.082254][ T10] ipheth 1-1:0.196: ipheth_enable_ncm: usb_control_msg: -71 [ 161.140905][ T10] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached [ 161.172258][ T10] usb 1-1: USB disconnect, device number 6 [ 161.339871][ T10] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected [ 161.947421][ T6608] fuse: Unknown parameter '0x0000000000000004' [ 161.949427][ T6609] fuse: Unknown parameter 'user_i00000000000000000000' [ 162.052535][ T6613] tipc: Started in network mode [ 162.063667][ T6613] tipc: Node identity ac1414aa, cluster identity 4711 [ 162.083384][ T6615] Mount JFS Failure: -22 [ 162.123638][ T6613] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.160616][ T6613] tipc: Enabled bearer , priority 10 [ 162.243710][ T6619] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached [ 162.259902][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.396672][ T6619] comedi comedi3: Buffer allocation failed [ 162.402908][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.419877][ T6628] netlink: 28 bytes leftover after parsing attributes in process `syz.1.260'. [ 162.539924][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.604486][ T6634] fuse: Unknown parameter 'user_i00000000000000000000' [ 162.650420][ T5836] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 162.679773][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.725467][ T6636] fuse: Unknown parameter 'fd0x0000000000000004' [ 162.778954][ T6638] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 162.786353][ T6638] IPv6: NLM_F_CREATE should be set when creating new route [ 162.819783][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.843274][ T5836] usb 3-1: Using ep0 maxpacket: 8 [ 162.873214][ T5836] usb 3-1: config 0 has an invalid interface number: 130 but max is 0 [ 162.915274][ T5836] usb 3-1: config 0 has no interface number 0 [ 162.950194][ T5836] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=71.1b [ 162.959824][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 162.978624][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.018967][ T6646] hfs: can't find a HFS filesystem on dev rnullb0 [ 163.030312][ T5836] usb 3-1: config 0 descriptor?? [ 163.051810][ T5836] ftdi_sio 3-1:0.130: FTDI USB Serial Device converter detected [ 163.086170][ T5836] ftdi_sio ttyUSB0: unknown device type: 0x711b [ 163.099782][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 163.239913][ T5913] tipc: Node number set to 2886997162 [ 163.278877][ T5913] usb 3-1: USB disconnect, device number 7 [ 163.291502][ T5913] ftdi_sio 3-1:0.130: device disconnected [ 163.379830][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 163.749878][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 163.899879][ T24] usb 2-1: device descriptor read/64, error -71 [ 163.999357][ T6666] fuse: Unknown parameter 'fd0x0000000000000004' [ 164.139789][ T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 164.279882][ T24] usb 2-1: device descriptor read/64, error -71 [ 164.400577][ T24] usb usb2-port1: attempt power cycle [ 164.763297][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 164.823724][ T24] usb 2-1: device descriptor read/8, error -71 [ 164.919287][ T6693] binder_alloc: 6691: binder_alloc_buf, no vma [ 165.057040][ T6695] autofs4:pid:6695:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(256.1), cmd(0xc0189377) [ 165.077301][ T6695] autofs4:pid:6695:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377) [ 165.089856][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 165.134917][ T24] usb 2-1: device descriptor read/8, error -71 [ 165.199869][ C1] net_ratelimit: 2 callbacks suppressed [ 165.199894][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 165.236369][ T6697] Invalid ELF header magic: != ELF [ 165.262506][ T24] usb usb2-port1: unable to enumerate USB device [ 165.538798][ T6704] /dev/rnullb0: Can't open blockdev [ 165.592349][ T6706] fuse: Unknown parameter 'fd0x0000000000000004' [ 165.668157][ T6708] loop2: detected capacity change from 0 to 7 [ 165.687159][ T6708] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 165.692904][ T6708] loop2: partition table partially beyond EOD, truncated [ 165.703403][ T6708] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 165.787568][ T6430] udevd[6430]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 166.031059][ T6714] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 166.241346][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 166.507227][ T6728] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 166.514684][ T6728] IPv6: NLM_F_CREATE should be set when creating new route [ 166.522141][ T6728] IPv6: NLM_F_CREATE should be set when creating new route [ 166.529528][ T6728] IPv6: NLM_F_CREATE should be set when creating new route [ 166.897689][ T6742] Mount JFS Failure: -22 [ 167.163474][ T6755] binder: 6754:6755 ioctl c0306201 0 returned -14 [ 167.280031][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 167.431036][ T6764] FAULT_INJECTION: forcing a failure. [ 167.431036][ T6764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.451706][ T6764] CPU: 0 UID: 0 PID: 6764 Comm: syz.3.310 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 167.451739][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.451754][ T6764] Call Trace: [ 167.451763][ T6764] [ 167.451773][ T6764] dump_stack_lvl+0x189/0x250 [ 167.451811][ T6764] ? __pfx____ratelimit+0x10/0x10 [ 167.451849][ T6764] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.451882][ T6764] ? __pfx__printk+0x10/0x10 [ 167.451929][ T6764] should_fail_ex+0x414/0x560 [ 167.451963][ T6764] _copy_to_user+0x31/0xb0 [ 167.451998][ T6764] simple_read_from_buffer+0xe1/0x170 [ 167.452032][ T6764] proc_fail_nth_read+0x1b3/0x220 [ 167.452071][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.452109][ T6764] ? rw_verify_area+0x2a6/0x4d0 [ 167.452131][ T6764] ? __lock_acquire+0xab9/0xd20 [ 167.452151][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.452184][ T6764] vfs_read+0x200/0x980 [ 167.452204][ T6764] ? fdget_pos+0x247/0x320 [ 167.452235][ T6764] ? __pfx___mutex_lock+0x10/0x10 [ 167.452271][ T6764] ? __pfx_vfs_read+0x10/0x10 [ 167.452295][ T6764] ? __fget_files+0x2a/0x420 [ 167.452327][ T6764] ? __fget_files+0x3a0/0x420 [ 167.452353][ T6764] ? __fget_files+0x2a/0x420 [ 167.452392][ T6764] ksys_read+0x145/0x250 [ 167.452418][ T6764] ? __pfx_ksys_read+0x10/0x10 [ 167.452437][ T6764] ? rcu_is_watching+0x15/0xb0 [ 167.452467][ T6764] ? do_syscall_64+0xbe/0x3b0 [ 167.452491][ T6764] do_syscall_64+0xfa/0x3b0 [ 167.452511][ T6764] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.452543][ T6764] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.452565][ T6764] ? clear_bhb_loop+0x60/0xb0 [ 167.452592][ T6764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.452613][ T6764] RIP: 0033:0x7f51b158d57c [ 167.452633][ T6764] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.452651][ T6764] RSP: 002b:00007f51af3f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.452675][ T6764] RAX: ffffffffffffffda RBX: 00007f51b17b6160 RCX: 00007f51b158d57c [ 167.452692][ T6764] RDX: 000000000000000f RSI: 00007f51af3f60a0 RDI: 000000000000000b [ 167.452705][ T6764] RBP: 00007f51af3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 167.452719][ T6764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.452732][ T6764] R13: 0000000000000000 R14: 00007f51b17b6160 R15: 00007ffe58d081f8 [ 167.452768][ T6764] [ 167.699485][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.718597][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.1.314'. [ 168.165364][ T6792] netlink: 'syz.0.317': attribute type 3 has an invalid length. [ 168.191619][ T6792] netlink: 132 bytes leftover after parsing attributes in process `syz.0.317'. [ 168.320000][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 168.353141][ T6799] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.319'. [ 168.497381][ T6805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.321'. [ 168.646314][ T6777] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.656320][ T6777] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.703126][ T6777] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.739332][ T6777] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 168.746665][ T6777] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.769761][ T6777] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.782648][ T6813] fuse: Bad value for 'fd' [ 168.802849][ T6777] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.816639][ T6777] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.825715][ T6777] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.844238][ T6777] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.851369][ T6777] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 168.860152][ T6777] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.074798][ T6822] netlink: 20 bytes leftover after parsing attributes in process `syz.1.328'. [ 169.200615][ T6828] overlayfs: failed to resolve './file0': -2 [ 169.355018][ T5858] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 169.359975][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 169.373964][ T30] audit: type=1326 audit(1754004921.633:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.397359][ T5836] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 169.405246][ T30] audit: type=1326 audit(1754004921.633:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.435491][ T30] audit: type=1326 audit(1754004921.633:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.470649][ T30] audit: type=1326 audit(1754004921.633:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.507942][ T30] audit: type=1326 audit(1754004921.633:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.570042][ T30] audit: type=1326 audit(1754004921.633:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.609800][ T5836] usb 1-1: config 8 has an invalid interface number: 177 but max is 0 [ 169.633218][ T5836] usb 1-1: config 8 has no interface number 0 [ 169.647677][ T6838] binder: 6837:6838 ioctl c0306201 0 returned -14 [ 169.655621][ T5836] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 169.701514][ T30] audit: type=1326 audit(1754004921.633:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.739734][ T5836] usb 1-1: config 8 interface 177 has no altsetting 0 [ 169.759855][ T5836] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 169.775232][ T30] audit: type=1326 audit(1754004921.633:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.809858][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.849028][ T30] audit: type=1326 audit(1754004921.633:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.877834][ T6824] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 169.888480][ T30] audit: type=1326 audit(1754004921.633:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f829c98eb69 code=0x7ffc0000 [ 169.951075][ T6844] binder: BINDER_SET_CONTEXT_MGR already set [ 169.978936][ T6844] binder: 6843:6844 ioctl 4018620d 2000000002c0 returned -16 [ 170.003070][ T6844] binder: 6843:6844 ioctl c0306201 200000000240 returned -11 [ 170.101304][ T6824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.122149][ T6824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.145660][ T6853] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.341'. [ 170.146925][ T5836] usb 1-1: string descriptor 0 read error: -71 [ 170.171208][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.191010][ C0] ir_toy 1-1:8.177: out urb status: -71 [ 170.399979][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 170.609653][ T6859] FAULT_INJECTION: forcing a failure. [ 170.609653][ T6859] name failslab, interval 1, probability 0, space 0, times 0 [ 170.628597][ T6859] CPU: 0 UID: 0 PID: 6859 Comm: syz.3.344 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 170.628629][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 170.628642][ T6859] Call Trace: [ 170.628651][ T6859] [ 170.628661][ T6859] dump_stack_lvl+0x189/0x250 [ 170.628697][ T6859] ? __pfx____ratelimit+0x10/0x10 [ 170.628730][ T6859] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.628767][ T6859] ? __pfx__printk+0x10/0x10 [ 170.628805][ T6859] ? __pfx___might_resched+0x10/0x10 [ 170.628840][ T6859] should_fail_ex+0x414/0x560 [ 170.628872][ T6859] should_failslab+0xa8/0x100 [ 170.628896][ T6859] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 170.628932][ T6859] ? __get_vm_area_node+0x13f/0x300 [ 170.628972][ T6859] __get_vm_area_node+0x13f/0x300 [ 170.629012][ T6859] __vmalloc_node_range_noprof+0x301/0x12f0 [ 170.629035][ T6859] ? copy_process+0x54b/0x3c00 [ 170.629076][ T6859] ? percpu_ref_get_many+0x19/0x140 [ 170.629098][ T6859] ? percpu_ref_get_many+0x19/0x140 [ 170.629136][ T6859] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 170.629162][ T6859] ? memcpy_and_pad+0x48/0x80 [ 170.629193][ T6859] __vmalloc_node_noprof+0xc2/0x110 [ 170.629215][ T6859] ? copy_process+0x54b/0x3c00 [ 170.629240][ T6859] ? copy_process+0x54b/0x3c00 [ 170.629270][ T6859] dup_task_struct+0x3e7/0x860 [ 170.629304][ T6859] copy_process+0x54b/0x3c00 [ 170.629365][ T6859] ? __pfx_copy_process+0x10/0x10 [ 170.629407][ T6859] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 170.629443][ T6859] vhost_task_create+0x1c4/0x290 [ 170.629474][ T6859] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 170.629511][ T6859] ? __pfx_vhost_task_create+0x10/0x10 [ 170.629552][ T6859] ? __pfx_vhost_task_fn+0x10/0x10 [ 170.629605][ T6859] kvm_mmu_post_init_vm+0x14c/0x300 [ 170.629633][ T6859] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 170.629672][ T6859] ? __mutex_trylock_common+0x153/0x260 [ 170.629702][ T6859] ? __pfx___mutex_trylock_common+0x10/0x10 [ 170.629730][ T6859] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 170.629773][ T6859] ? rcu_is_watching+0x15/0xb0 [ 170.629799][ T6859] ? trace_contention_end+0x39/0x120 [ 170.629826][ T6859] ? look_up_lock_class+0x74/0x170 [ 170.629860][ T6859] ? register_lock_class+0x51/0x320 [ 170.629890][ T6859] ? __lock_acquire+0xab9/0xd20 [ 170.629946][ T6859] kvm_vcpu_ioctl+0x95c/0xe90 [ 170.629987][ T6859] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 170.630016][ T6859] ? __lock_acquire+0xab9/0xd20 [ 170.630063][ T6859] ? __fget_files+0x2a/0x420 [ 170.630094][ T6859] ? __fget_files+0x2a/0x420 [ 170.630120][ T6859] ? __fget_files+0x3a0/0x420 [ 170.630146][ T6859] ? __fget_files+0x2a/0x420 [ 170.630177][ T6859] ? bpf_lsm_file_ioctl+0x9/0x20 [ 170.630209][ T6859] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 170.630241][ T6859] __se_sys_ioctl+0xfc/0x170 [ 170.630280][ T6859] do_syscall_64+0xfa/0x3b0 [ 170.630299][ T6859] ? lockdep_hardirqs_on+0x9c/0x150 [ 170.630331][ T6859] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.630353][ T6859] ? clear_bhb_loop+0x60/0xb0 [ 170.630381][ T6859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.630403][ T6859] RIP: 0033:0x7f51b158eb69 [ 170.630423][ T6859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.630441][ T6859] RSP: 002b:00007f51b2331038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.630464][ T6859] RAX: ffffffffffffffda RBX: 00007f51b17b5fa0 RCX: 00007f51b158eb69 [ 170.630480][ T6859] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 170.630493][ T6859] RBP: 00007f51b2331090 R08: 0000000000000000 R09: 0000000000000000 [ 170.630506][ T6859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.630519][ T6859] R13: 0000000000000000 R14: 00007f51b17b5fa0 R15: 00007ffe58d081f8 [ 170.630553][ T6859] [ 171.069353][ T5836] ir_toy 1-1:8.177: could not write reset command: -110 [ 171.076918][ T5836] ir_toy 1-1:8.177: probe with driver ir_toy failed with error -110 [ 171.090756][ T5836] usb 1-1: USB disconnect, device number 7 [ 171.090963][ T6864] support for the xor transformation has been removed. [ 171.102333][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.109889][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.116579][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.124455][ T6859] syz.3.344: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 171.160650][ T6862] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 171.193674][ T6859] CPU: 0 UID: 0 PID: 6859 Comm: syz.3.344 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 171.193719][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 171.193731][ T6859] Call Trace: [ 171.193740][ T6859] [ 171.193748][ T6859] dump_stack_lvl+0x189/0x250 [ 171.193785][ T6859] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.193813][ T6859] ? __pfx__printk+0x10/0x10 [ 171.193844][ T6859] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 171.193874][ T6859] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 171.193909][ T6859] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 171.193943][ T6859] warn_alloc+0x214/0x310 [ 171.193975][ T6859] ? __pfx_warn_alloc+0x10/0x10 [ 171.194001][ T6859] ? __get_vm_area_node+0x13f/0x300 [ 171.194043][ T6859] ? __get_vm_area_node+0x2b5/0x300 [ 171.194086][ T6859] __vmalloc_node_range_noprof+0x326/0x12f0 [ 171.194121][ T6859] ? percpu_ref_get_many+0x19/0x140 [ 171.194145][ T6859] ? percpu_ref_get_many+0x19/0x140 [ 171.194182][ T6859] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 171.194207][ T6859] ? memcpy_and_pad+0x48/0x80 [ 171.194241][ T6859] __vmalloc_node_noprof+0xc2/0x110 [ 171.194264][ T6859] ? copy_process+0x54b/0x3c00 [ 171.194290][ T6859] ? copy_process+0x54b/0x3c00 [ 171.194321][ T6859] dup_task_struct+0x3e7/0x860 [ 171.194355][ T6859] copy_process+0x54b/0x3c00 [ 171.194417][ T6859] ? __pfx_copy_process+0x10/0x10 [ 171.194459][ T6859] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 171.194496][ T6859] vhost_task_create+0x1c4/0x290 [ 171.194529][ T6859] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 171.194568][ T6859] ? __pfx_vhost_task_create+0x10/0x10 [ 171.194608][ T6859] ? __pfx_vhost_task_fn+0x10/0x10 [ 171.194661][ T6859] kvm_mmu_post_init_vm+0x14c/0x300 [ 171.194690][ T6859] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 171.194741][ T6859] ? __mutex_trylock_common+0x153/0x260 [ 171.194773][ T6859] ? __pfx___mutex_trylock_common+0x10/0x10 [ 171.194803][ T6859] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 171.194840][ T6859] ? rcu_is_watching+0x15/0xb0 [ 171.194867][ T6859] ? trace_contention_end+0x39/0x120 [ 171.194895][ T6859] ? look_up_lock_class+0x74/0x170 [ 171.194932][ T6859] ? register_lock_class+0x51/0x320 [ 171.194962][ T6859] ? __lock_acquire+0xab9/0xd20 [ 171.195019][ T6859] kvm_vcpu_ioctl+0x95c/0xe90 [ 171.195062][ T6859] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 171.195092][ T6859] ? __lock_acquire+0xab9/0xd20 [ 171.195140][ T6859] ? __fget_files+0x2a/0x420 [ 171.195173][ T6859] ? __fget_files+0x2a/0x420 [ 171.195200][ T6859] ? __fget_files+0x3a0/0x420 [ 171.195227][ T6859] ? __fget_files+0x2a/0x420 [ 171.195272][ T6859] ? bpf_lsm_file_ioctl+0x9/0x20 [ 171.195305][ T6859] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 171.195337][ T6859] __se_sys_ioctl+0xfc/0x170 [ 171.195376][ T6859] do_syscall_64+0xfa/0x3b0 [ 171.195395][ T6859] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.195427][ T6859] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.195450][ T6859] ? clear_bhb_loop+0x60/0xb0 [ 171.195477][ T6859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.195499][ T6859] RIP: 0033:0x7f51b158eb69 [ 171.195520][ T6859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.195538][ T6859] RSP: 002b:00007f51b2331038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 171.195562][ T6859] RAX: ffffffffffffffda RBX: 00007f51b17b5fa0 RCX: 00007f51b158eb69 [ 171.195595][ T6859] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 171.195609][ T6859] RBP: 00007f51b2331090 R08: 0000000000000000 R09: 0000000000000000 [ 171.195622][ T6859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.195635][ T6859] R13: 0000000000000000 R14: 00007f51b17b5fa0 R15: 00007ffe58d081f8 [ 171.195670][ T6859] [ 171.195752][ T6859] Mem-Info: [ 171.439974][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 171.442661][ T6859] active_anon:6264 inactive_anon:0 isolated_anon:0 [ 171.442661][ T6859] active_file:14155 inactive_file:39853 isolated_file:0 [ 171.442661][ T6859] unevictable:768 dirty:52 writeback:0 [ 171.442661][ T6859] slab_reclaimable:10428 slab_unreclaimable:93399 [ 171.442661][ T6859] mapped:24950 shmem:1358 pagetables:1138 [ 171.442661][ T6859] sec_pagetables:0 bounce:0 [ 171.442661][ T6859] kernel_misc_reclaimable:0 [ 171.442661][ T6859] free:1333851 free_pcp:12702 free_cma:0 [ 171.647401][ T6859] Node 0 active_anon:25056kB inactive_anon:0kB active_file:56620kB inactive_file:159212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99800kB dirty:208kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11532kB pagetables:4452kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 171.684757][ T6859] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:80kB pagetables:100kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 171.799820][ T6859] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 171.850409][ T6859] lowmem_reserve[]: 0 2496 2497 2497 2497 [ 171.856376][ T6859] Node 0 DMA32 free:1428904kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25080kB inactive_anon:0kB active_file:56620kB inactive_file:158128kB unevictable:1536kB writepending:208kB present:3129332kB managed:2556208kB mlocked:0kB bounce:0kB free_pcp:38420kB local_pcp:16748kB free_cma:0kB [ 171.892945][ T6859] lowmem_reserve[]: 0 0 1 1 1 [ 171.898000][ T6859] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1084kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 171.969746][ T6859] lowmem_reserve[]: 0 0 0 0 0 [ 171.979331][ T6859] Node 1 Normal free:3890908kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19680kB local_pcp:10816kB free_cma:0kB [ 172.097372][ T6859] lowmem_reserve[]: 0 0 0 0 0 [ 172.104377][ T6859] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 172.119184][ T5836] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 172.143631][ T6859] Node 0 DMA32: 307*4kB (ME) 529*8kB (UME) 641*16kB (UME) 366*32kB (UME) 185*64kB (UME) 206*128kB (UME) 107*256kB (UME) 35*512kB (UM) 17*1024kB (UME) 5*2048kB (UM) 315*4096kB (UM) = 1428836kB [ 172.168141][ T6872] /dev/rnullb0: Can't open blockdev [ 172.173960][ T6859] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 172.190001][ T6859] Node 1 Normal: 215*4kB (UME) 42*8kB (UME) 39*16kB (UME) 70*32kB (UME) 26*64kB (UME) 7*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3890908kB [ 172.210767][ T6874] /dev/rnullb0: Can't open blockdev [ 172.232462][ T6859] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 172.253183][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 172.273304][ T6859] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 172.286256][ T6859] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 172.297497][ T6859] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 172.309904][ T5836] usb 3-1: Using ep0 maxpacket: 32 [ 172.311557][ T6859] 55360 total pagecache pages [ 172.318440][ T5836] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 172.320723][ T6859] 0 pages in swap cache [ 172.328580][ T5836] usb 3-1: config 0 has no interface number 0 [ 172.340510][ T5836] usb 3-1: config 0 interface 184 has no altsetting 0 [ 172.352416][ T5836] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 172.369763][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.377954][ T5836] usb 3-1: Product: syz [ 172.389766][ T5836] usb 3-1: Manufacturer: syz [ 172.393630][ T6859] Free swap = 124996kB [ 172.394507][ T5836] usb 3-1: SerialNumber: syz [ 172.430642][ T6859] Total swap = 124996kB [ 172.434898][ T6859] 2097051 pages RAM [ 172.438759][ T6859] 0 pages HighMem/MovableOnly [ 172.451088][ T5836] usb 3-1: config 0 descriptor?? [ 172.464186][ T6859] 426101 pages reserved [ 172.468423][ T6859] 0 pages cma reserved [ 172.472001][ T5836] smsc75xx v1.0.0 [ 172.480053][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 172.496344][ T6876] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.350'. [ 172.539340][ T6876] debugfs: '`] Iq!>s*!)\' already exists in 'ieee80211' [ 172.871185][ T5836] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 172.893532][ T5836] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 172.938820][ T5836] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 172.976600][ T5836] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61 [ 173.200708][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.207503][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.207526][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.519897][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 173.979776][ T5913] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 174.279759][ T5913] usb 4-1: Using ep0 maxpacket: 32 [ 174.288079][ T5913] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.299136][ T5913] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 174.311376][ T5913] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xCC, changing to 0x8C [ 174.323011][ T5913] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 174.334024][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.352347][ T5913] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 174.361928][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.370036][ T5913] usb 4-1: Product: syz [ 174.374236][ T5913] usb 4-1: Manufacturer: syz [ 174.378859][ T5913] usb 4-1: SerialNumber: syz [ 174.560014][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 174.591207][ T6900] FAULT_INJECTION: forcing a failure. [ 174.591207][ T6900] name failslab, interval 1, probability 0, space 0, times 0 [ 174.609309][ T6900] CPU: 0 UID: 0 PID: 6900 Comm: syz.1.356 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 174.609342][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.609357][ T6900] Call Trace: [ 174.609366][ T6900] [ 174.609377][ T6900] dump_stack_lvl+0x189/0x250 [ 174.609426][ T6900] ? __pfx____ratelimit+0x10/0x10 [ 174.609461][ T6900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.609494][ T6900] ? __pfx__printk+0x10/0x10 [ 174.609534][ T6900] ? __pfx___might_resched+0x10/0x10 [ 174.609559][ T6900] ? fs_reclaim_acquire+0x7d/0x100 [ 174.609591][ T6900] should_fail_ex+0x414/0x560 [ 174.609624][ T6900] should_failslab+0xa8/0x100 [ 174.609650][ T6900] __kmalloc_noprof+0xcb/0x4f0 [ 174.609687][ T6900] ? kfree+0x4d/0x440 [ 174.609714][ T6900] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.609752][ T6900] tomoyo_realpath_from_path+0xe3/0x5d0 [ 174.609801][ T6900] tomoyo_path2_perm+0x288/0x680 [ 174.609827][ T6900] ? tomoyo_path2_perm+0x235/0x680 [ 174.609854][ T6900] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 174.609942][ T6900] tomoyo_path_rename+0x141/0x190 [ 174.609973][ T6900] ? __d_lookup+0x6df/0x780 [ 174.610011][ T6900] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 174.610061][ T6900] security_path_rename+0x250/0x490 [ 174.610100][ T6900] do_renameat2+0x52b/0xa80 [ 174.610149][ T6900] ? __pfx_do_renameat2+0x10/0x10 [ 174.610197][ T6900] ? getname_flags+0x1e5/0x540 [ 174.610234][ T6900] __x64_sys_renameat+0xb8/0xd0 [ 174.610265][ T6900] do_syscall_64+0xfa/0x3b0 [ 174.610288][ T6900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.610310][ T6900] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 174.610334][ T6900] ? clear_bhb_loop+0x60/0xb0 [ 174.610363][ T6900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.610386][ T6900] RIP: 0033:0x7f829c98eb69 [ 174.610414][ T6900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.610433][ T6900] RSP: 002b:00007f829d791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 174.610458][ T6900] RAX: ffffffffffffffda RBX: 00007f829cbb5fa0 RCX: 00007f829c98eb69 [ 174.610473][ T6900] RDX: ffffffffffffff9c RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 174.610490][ T6900] RBP: 00007f829d791090 R08: 0000000000000000 R09: 0000000000000000 [ 174.610504][ T6900] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 174.610518][ T6900] R13: 0000000000000000 R14: 00007f829cbb5fa0 R15: 00007ffc687ffe18 [ 174.610554][ T6900] [ 174.857914][ T6890] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 174.866996][ T6900] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.187729][ T6913] FAULT_INJECTION: forcing a failure. [ 175.187729][ T6913] name failslab, interval 1, probability 0, space 0, times 0 [ 175.217877][ T6913] CPU: 1 UID: 0 PID: 6913 Comm: syz.1.360 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 175.217912][ T6913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 175.217926][ T6913] Call Trace: [ 175.217939][ T6913] [ 175.217948][ T6913] dump_stack_lvl+0x189/0x250 [ 175.217984][ T6913] ? __pfx____ratelimit+0x10/0x10 [ 175.218015][ T6913] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.218044][ T6913] ? __pfx__printk+0x10/0x10 [ 175.218081][ T6913] ? __pfx___might_resched+0x10/0x10 [ 175.218104][ T6913] ? fs_reclaim_acquire+0x7d/0x100 [ 175.218130][ T6913] should_fail_ex+0x414/0x560 [ 175.218160][ T6913] should_failslab+0xa8/0x100 [ 175.218182][ T6913] kmem_cache_alloc_noprof+0x73/0x3c0 [ 175.218212][ T6913] ? vm_area_dup+0x2b/0x680 [ 175.218239][ T6913] vm_area_dup+0x2b/0x680 [ 175.218265][ T6913] __split_vma+0x1a9/0xa00 [ 175.218294][ T6913] ? mas_next_slot+0xc20/0xcf0 [ 175.218329][ T6913] ? __pfx___split_vma+0x10/0x10 [ 175.218370][ T6913] ? mas_find+0xb0e/0xd30 [ 175.218406][ T6913] vms_gather_munmap_vmas+0x4ce/0x12f0 [ 175.218452][ T6913] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 175.218485][ T6913] ? __lock_acquire+0xab9/0xd20 [ 175.218518][ T6913] do_vmi_align_munmap+0x25d/0x420 [ 175.218564][ T6913] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 175.218634][ T6913] do_vmi_munmap+0x253/0x2e0 [ 175.218668][ T6913] do_munmap+0xe1/0x140 [ 175.218701][ T6913] ? _parse_integer_limit+0x1ae/0x1f0 [ 175.218729][ T6913] ? __pfx_do_munmap+0x10/0x10 [ 175.218768][ T6913] ? __lock_acquire+0xab9/0xd20 [ 175.218803][ T6913] mremap_to+0x2df/0x7a0 [ 175.218841][ T6913] ? __pfx_mremap_to+0x10/0x10 [ 175.218875][ T6913] ? check_prep_vma+0x724/0xb00 [ 175.218915][ T6913] __se_sys_mremap+0xa1b/0xf10 [ 175.218964][ T6913] ? __pfx___se_sys_mremap+0x10/0x10 [ 175.219001][ T6913] ? fput+0xa0/0xd0 [ 175.219030][ T6913] ? ksys_write+0x22a/0x250 [ 175.219063][ T6913] ? do_syscall_64+0xbe/0x3b0 [ 175.219081][ T6913] ? __x64_sys_mremap+0x20/0xc0 [ 175.219111][ T6913] do_syscall_64+0xfa/0x3b0 [ 175.219129][ T6913] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.219160][ T6913] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.219182][ T6913] ? clear_bhb_loop+0x60/0xb0 [ 175.219209][ T6913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.219230][ T6913] RIP: 0033:0x7f829c98eb69 [ 175.219249][ T6913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.219268][ T6913] RSP: 002b:00007f829d791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 175.219291][ T6913] RAX: ffffffffffffffda RBX: 00007f829cbb5fa0 RCX: 00007f829c98eb69 [ 175.219308][ T6913] RDX: 0000000000600002 RSI: 0000000000600002 RDI: 0000200000000000 [ 175.219323][ T6913] RBP: 00007f829d791090 R08: 0000200000a00000 R09: 0000000000000000 [ 175.219337][ T6913] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 175.219350][ T6913] R13: 0000000000000000 R14: 00007f829cbb5fa0 R15: 00007ffc687ffe18 [ 175.219383][ T6913] [ 175.518880][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.525126][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.532584][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 175.575339][ T5836] usb 3-1: USB disconnect, device number 8 [ 175.582710][ T6890] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 175.599921][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 175.805632][ T6922] netlink: 28 bytes leftover after parsing attributes in process `syz.1.365'. [ 175.982058][ T6927] /dev/rnullb0: Can't open blockdev [ 176.185481][ T6934] usb usb8: usbfs: process 6934 (syz.2.369) did not claim interface 0 before use [ 176.640033][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 176.942767][ T5913] cdc_ncm 4-1:1.0: bind() failure [ 176.977630][ T5913] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 176.997616][ T5913] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 177.019216][ T6945] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 177.026577][ T6945] IPv6: NLM_F_CREATE should be set when creating new route [ 177.048518][ T5913] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 177.081618][ T5913] usb 4-1: USB disconnect, device number 6 [ 177.294920][ T6950] comedi: valid board names for 8255 driver are: [ 177.304761][ T6950] 8255 [ 177.307590][ T6950] comedi: valid board names for vmk80xx driver are: [ 177.324434][ T6950] vmk80xx [ 177.327552][ T6950] comedi: valid board names for usbduxsigma driver are: [ 177.351971][ T6950] usbduxsigma [ 177.371927][ T6950] comedi: valid board names for usbduxfast driver are: [ 177.402039][ T6950] usbduxfast [ 177.411953][ T6950] comedi: valid board names for usbdux driver are: [ 177.431503][ T6950] usbdux [ 177.434618][ T6950] comedi: valid board names for ni6501 driver are: [ 177.448341][ T6953] netlink: ct family unspecified [ 177.468295][ T6950] ni6501 [ 177.473284][ T6950] comedi: valid board names for dt9812 driver are: [ 177.491703][ T6953] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 177.506719][ T6950] dt9812 [ 177.516840][ T6950] comedi: valid board names for ni_labpc_cs driver are: [ 177.536391][ T6950] ni_labpc_cs [ 177.546561][ T6950] comedi: valid board names for ni_daq_700 driver are: [ 177.562964][ T6950] ni_daq_700 [ 177.573171][ T6950] comedi: valid board names for labpc_pci driver are: [ 177.603631][ T6950] labpc_pci [ 177.606919][ T6950] comedi: valid board names for adl_pci9118 driver are: [ 177.642502][ T6950] pci9118dg [ 177.663999][ T6950] pci9118hg [ 177.667486][ T6950] pci9118hr [ 177.671729][ T6950] comedi: valid board names for 8255_pci driver are: [ 177.678658][ T6950] 8255_pci [ 177.680384][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 177.684058][ T6950] comedi: valid board names for s526 driver are: [ 177.701713][ T6950] s526 [ 177.704651][ T6950] comedi: valid board names for multiq3 driver are: [ 177.714143][ T6950] multiq3 [ 177.717368][ T6950] comedi: valid board names for pcmuio driver are: [ 177.724646][ T6950] pcmuio48 [ 177.727095][ T6960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.380'. [ 177.727948][ T6950] pcmuio96 [ 177.742316][ T6950] comedi: valid board names for pcmmio driver are: [ 177.749359][ T6950] pcmmio [ 177.753192][ T6950] comedi: valid board names for pcmda12 driver are: [ 177.760484][ T6950] pcmda12 [ 177.763922][ T6950] comedi: valid board names for pcmad driver are: [ 177.770879][ T6950] pcmad12 [ 177.774288][ T6950] pcmad16 [ 177.777492][ T6950] comedi: valid board names for ni_labpc driver are: [ 177.785799][ T6950] lab-pc-1200 [ 177.789428][ T6950] lab-pc-1200ai [ 177.793598][ T6950] lab-pc+ [ 177.805200][ T6950] comedi: valid board names for atmio16 driver are: [ 177.817507][ T6950] atmio16 [ 177.821903][ T6950] atmio16d [ 177.830236][ T6950] comedi: valid board names for ni_at_ao driver are: [ 177.845075][ T6950] at-ao-6 [ 177.853927][ T6950] at-ao-10 [ 177.865097][ T6950] comedi: valid board names for ni_at_a2150 driver are: [ 177.887081][ T6950] ni_at_a2150 [ 177.897204][ T6950] comedi: valid board names for adq12b driver are: [ 177.913047][ T6950] adq12b [ 177.917742][ T6950] comedi: valid board names for mpc624 driver are: [ 177.928336][ T6950] mpc624 [ 177.931887][ T6950] comedi: valid board names for c6xdigio driver are: [ 177.938915][ T6950] c6xdigio [ 178.003959][ T6950] comedi: valid board names for aio_iiro_16 driver are: [ 178.042892][ T6950] aio_iiro_16 [ 178.057416][ T6950] comedi: valid board names for aio_aio12_8 driver are: [ 178.076304][ T6950] aio_aio12_8 [ 178.086351][ T6950] aio_ai12_8 [ 178.090956][ T6950] aio_ao12_4 [ 178.094531][ T6950] comedi: valid board names for fl512 driver are: [ 178.131788][ T6950] fl512 [ 178.137274][ T6950] comedi: valid board names for dmm32at driver are: [ 178.147163][ T6950] dmm32at [ 178.152672][ T6950] comedi: valid board names for dt282x driver are: [ 178.159391][ T6950] dt2821 [ 178.165824][ T6950] dt2821-f [ 178.168991][ T6950] dt2821-g [ 178.174389][ T6950] dt2823 [ 178.177437][ T6950] dt2824-pgh [ 178.182548][ T6950] dt2824-pgl [ 178.186035][ T6950] dt2825 [ 178.189009][ T6950] dt2827 [ 178.195750][ T6950] dt2828 [ 178.198891][ T6950] dt2829 [ 178.203592][ T6950] dt21-ez [ 178.206662][ T6950] dt23-ez [ 178.211641][ T6950] dt24-ez [ 178.214715][ T6950] dt24-ez-pgl [ 178.218120][ T6950] comedi: valid board names for dt2817 driver are: [ 178.227621][ T6950] dt2817 [ 178.232334][ T6950] comedi: valid board names for dt2815 driver are: [ 178.239039][ T6950] dt2815 [ 178.244864][ T6950] comedi: valid board names for dt2814 driver are: [ 178.253379][ T6950] dt2814 [ 178.256374][ T6950] comedi: valid board names for dt2811 driver are: [ 178.265792][ T6950] dt2811-pgh [ 178.269141][ T6950] dt2811-pgl [ 178.274592][ T6950] comedi: valid board names for dt2801 driver are: [ 178.281374][ T6950] dt2801 [ 178.284356][ T6950] comedi: valid board names for das6402 driver are: [ 178.291214][ T6950] das6402-12 [ 178.296043][ T6950] das6402-16 [ 178.299386][ T6950] comedi: valid board names for das1800 driver are: [ 178.306232][ T6950] das-1701st [ 178.309563][ T6950] das-1701st-da [ 178.313227][ T6950] das-1702st [ 178.316672][ T6950] das-1702st-da [ 178.325772][ T6950] das-1702hr [ 178.329338][ T6950] das-1702hr-da [ 178.334078][ T6950] das-1701ao [ 178.337405][ T6950] das-1702ao [ 178.341274][ T6950] das-1801st [ 178.344600][ T6950] das-1801st-da [ 178.348184][ T6950] das-1802st [ 178.352075][ T6950] das-1802st-da [ 178.355685][ T6950] das-1802hr [ 178.359049][ T6950] das-1802hr-da [ 178.364313][ T6950] das-1801hc [ 178.367742][ T6950] das-1802hc [ 178.373268][ T6950] das-1801ao [ 178.376694][ T6950] das-1802ao [ 178.380372][ T6950] comedi: valid board names for das800 driver are: [ 178.387151][ T6950] das-800 [ 178.390623][ T6950] cio-das800 [ 178.393950][ T6950] das-801 [ 178.402968][ T6950] cio-das801 [ 178.406402][ T6950] das-802 [ 178.409510][ T6950] cio-das802 [ 178.415064][ T6950] cio-das802/16 [ 178.418710][ T6950] comedi: valid board names for isa-das08 driver are: [ 178.433037][ T6950] isa-das08 [ 178.437130][ T6950] das08-pgm [ 178.440796][ T6950] das08-pgh [ 178.444103][ T6950] das08-pgl [ 178.447367][ T6950] das08-aoh [ 178.451073][ T6950] das08-aol [ 178.454364][ T6950] das08-aom [ 178.457678][ T6950] das08/jr-ao [ 178.461658][ T6950] das08jr-16-ao [ 178.465307][ T6950] pc104-das08 [ 178.469060][ T6950] das08jr/16 [ 178.473865][ T6950] comedi: valid board names for das16m1 driver are: [ 178.483498][ T6950] das16m1 [ 178.486680][ T6950] comedi: valid board names for dac02 driver are: [ 178.500008][ T6950] dac02 [ 178.504501][ T6950] comedi: valid board names for rti802 driver are: [ 178.512266][ T6950] rti802 [ 178.515394][ T6950] comedi: valid board names for rti800 driver are: [ 178.524337][ T6950] rti800 [ 178.527474][ T6950] rti815 [ 178.565089][ T6950] comedi: valid board names for pcm3724 driver are: [ 178.600026][ T6950] pcm3724 [ 178.605152][ T6950] comedi: valid board names for pcl818 driver are: [ 178.619760][ T6950] pcl818l [ 178.622856][ T6950] pcl818h [ 178.643026][ T6950] pcl818hd [ 178.651709][ T6950] pcl818hg [ 178.654896][ T6950] pcl818 [ 178.668132][ T6950] pcl718 [ 178.678270][ T6950] pcm3718 [ 178.690148][ T6950] comedi: valid board names for pcl816 driver are: [ 178.696735][ T6950] pcl816 [ 178.719995][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 178.727465][ T6950] pcl814b [ 178.731054][ T6950] comedi: valid board names for pcl812 driver are: [ 178.748307][ T6980] netlink: 224 bytes leftover after parsing attributes in process `syz.0.388'. [ 178.754288][ T6950] pcl812 [ 178.763742][ T6950] pcl812pg [ 178.769533][ T6950] acl8112pg [ 178.772926][ T6950] acl8112dg [ 178.776369][ T6950] acl8112hg [ 178.779773][ T6950] a821pgl [ 178.783097][ T6950] a821pglnda [ 178.786467][ T6950] a821pgh [ 178.789578][ T6950] a822pgl [ 178.802880][ T6950] a822pgh [ 178.824521][ T6950] a823pgl [ 178.827686][ T6950] a823pgh [ 178.830400][ T6984] netlink: 184 bytes leftover after parsing attributes in process `syz.2.390'. [ 178.844518][ T6950] pcl813 [ 178.847574][ T6950] pcl813b [ 178.859731][ T6950] acl8113 [ 178.862910][ T6950] iso813 [ 178.866022][ T6950] acl8216 [ 178.869303][ T6950] a826pg [ 178.879758][ T6950] comedi: valid board names for pcl730 driver are: [ 178.886737][ T6950] pcl730 [ 178.900809][ T6950] iso730 [ 178.903930][ T6950] acl7130 [ 178.919319][ T6950] pcm3730 [ 178.923718][ T6950] pcl725 [ 178.926758][ T6950] p8r8dio [ 178.940613][ T6950] acl7225b [ 178.943870][ T6950] p16r16dio [ 178.960991][ T6950] pcl733 [ 178.964114][ T6950] pcl734 [ 178.967153][ T6950] opmm-1616-xt [ 178.994212][ T6950] pearl-mm-p [ 178.997628][ T6950] ir104-pbf [ 179.005114][ T6950] comedi: valid board names for pcl726 driver are: [ 179.017456][ T6950] pcl726 [ 179.025804][ T6950] pcl727 [ 179.028916][ T6950] pcl728 [ 179.033236][ T6950] acl6126 [ 179.036431][ T6950] acl6128 [ 179.039545][ T6950] comedi: valid board names for pcl724 driver are: [ 179.050839][ T6950] pcl724 [ 179.053915][ T6950] pcl722 [ 179.057105][ T6950] pcl731 [ 179.078475][ T6950] acl7122 [ 179.092269][ T6950] acl7124 [ 179.095421][ T6950] pet48dio [ 179.098610][ T6950] pcmio48 [ 179.111802][ T6950] onyx-mm-dio [ 179.116540][ T6950] comedi: valid board names for pcl711 driver are: [ 179.125029][ T6950] pcl711 [ 179.128071][ T6950] pcl711b [ 179.133926][ T6950] acl8112hg [ 179.137287][ T6950] acl8112dg [ 179.147879][ T6950] comedi: valid board names for amplc_pc263 driver are: [ 179.162449][ T6950] pc263 [ 179.165442][ T6950] comedi: valid board names for amplc_pc236 driver are: [ 179.182072][ T6991] binder_alloc: 6990: binder_alloc_buf, no vma [ 179.224700][ T6950] pc36at [ 179.229034][ T6950] comedi: valid board names for amplc_dio200 driver are: [ 179.251790][ T6950] pc212e [ 179.256489][ T6950] pc214e [ 179.259533][ T6950] pc215e [ 179.266967][ T6950] pc218e [ 179.274582][ T6950] pc272e [ 179.277751][ T6950] comedi: valid board names for comedi_parport driver are: [ 179.291035][ T6950] comedi_parport [ 179.294890][ T6950] comedi: valid board names for comedi_test driver are: [ 179.307591][ T6950] comedi_test [ 179.311850][ T6950] comedi: valid board names for comedi_bond driver are: [ 179.323938][ T6950] comedi_bond [ 179.759935][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 179.781618][ T5836] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 179.799804][ T7006] binder: 7004:7006 ioctl c018620c 200000000580 returned -22 [ 179.801523][ T7005] binder: 7004:7005 ioctl c018620c 200000000580 returned -22 [ 179.924632][ T7008] loop2: detected capacity change from 0 to 7 [ 179.946267][ T7008] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 179.953209][ T7008] loop2: partition table partially beyond EOD, truncated [ 179.962358][ T7008] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 179.973152][ T5836] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 179.989060][ T5836] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 180.021593][ T5836] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 180.062470][ T5836] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 180.102498][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.121233][ T5836] usb 3-1: Product: syz [ 180.128731][ T6430] udevd[6430]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 180.138589][ T5836] usb 3-1: Manufacturer: syz [ 180.138616][ T5836] usb 3-1: SerialNumber: syz [ 180.171557][ T7012] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 180.368149][ T7003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 180.380912][ T7003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 180.750147][ T5931] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 180.799500][ T7032] netlink: 12 bytes leftover after parsing attributes in process `syz.3.412'. [ 180.800286][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 180.942407][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 180.949237][ T5931] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 180.958357][ T5931] usb 2-1: config 0 has no interface number 0 [ 180.964797][ T5931] usb 2-1: config 0 interface 1 has no altsetting 0 [ 180.975528][ T5931] usb 2-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 180.985159][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.993383][ T5931] usb 2-1: Product: syz [ 180.997748][ T5931] usb 2-1: Manufacturer: syz [ 181.002599][ T5931] usb 2-1: SerialNumber: syz [ 181.010502][ T5931] usb 2-1: config 0 descriptor?? [ 181.017622][ T7003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 181.028275][ T7003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 181.189858][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 181.218847][ T5931] i2c-cp2615 2-1:0.1: probe with driver i2c-cp2615 failed with error -22 [ 181.236674][ T7003] warning: `syz.2.398' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 181.257470][ T5836] cdc_ncm 3-1:1.0: bind() failure [ 181.275007][ T5836] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 181.284625][ T5836] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 181.295335][ T5836] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 181.309058][ T5836] usb 3-1: USB disconnect, device number 9 [ 181.339848][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 181.346976][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 181.358942][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 181.369241][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 181.379580][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.392889][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 181.402165][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.483727][ T7020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.498712][ T7020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.564385][ T5913] usb 2-1: USB disconnect, device number 9 [ 181.630022][ T10] usb 4-1: GET_CAPABILITIES returned 0 [ 181.635773][ T10] usbtmc 4-1:16.0: can't read capabilities [ 181.834107][ T7036] usb 4-1: usbtmc_ioctl_clear_in_halt returned -32 [ 181.850468][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 181.911393][ T10] usb 4-1: USB disconnect, device number 7 [ 181.954356][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.418'. [ 182.016859][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.419'. [ 182.882136][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 183.920222][ C0] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 184.960127][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 185.999918][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 187.039981][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 187.040098][ T5836] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 187.211575][ T5836] usb 3-1: Using ep0 maxpacket: 8 [ 187.235538][ T5836] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 187.236969][ T7077] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 187.252021][ T7077] IPv6: NLM_F_CREATE should be set when creating new route [ 187.256764][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 187.287771][ T5836] usb 3-1: Product: syz [ 187.292616][ T5836] usb 3-1: Manufacturer: syz [ 187.297582][ T5836] usb 3-1: SerialNumber: syz [ 187.311998][ T5836] usb 3-1: config 0 descriptor?? [ 187.527121][ T7061] 9pnet_fd: Insufficient options for proto=fd [ 187.606208][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.673559][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.697517][ T7082] /dev/rnullb0: Can't open blockdev [ 187.965535][ T5836] usb 3-1: USB disconnect, device number 10 [ 188.026042][ T7067] udevd[7067]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 188.090172][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 188.340652][ T7095] netlink: ct family unspecified [ 188.345830][ T7095] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 189.010836][ T5913] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 189.120164][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 189.150157][ T5913] usb 3-1: device descriptor read/64, error -71 [ 189.158712][ T7124] binder_alloc: 7123: binder_alloc_buf, no vma [ 189.270537][ T43] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 189.389895][ T5913] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 189.430288][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 189.443256][ T43] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 189.455395][ T43] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 189.473488][ T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 189.484083][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 189.497317][ T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 189.508316][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 189.528720][ T43] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 189.538139][ T5913] usb 3-1: device descriptor read/64, error -71 [ 189.548168][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.571566][ T43] usb 2-1: config 0 descriptor?? [ 189.651005][ T5913] usb usb3-port1: attempt power cycle [ 189.657367][ T7130] tipc: Enabling of bearer rejected, already enabled [ 189.794739][ T43] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 189.839027][ T43] usb 2-1: USB disconnect, device number 10 [ 189.858467][ T7134] loop2: detected capacity change from 0 to 7 [ 189.882160][ T43] usblp0: removed [ 189.884320][ T7067] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 189.895000][ T7067] loop2: partition table partially beyond EOD, truncated [ 189.905339][ T7067] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 189.958306][ T7134] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 189.964531][ T7134] loop2: partition table partially beyond EOD, truncated [ 189.972667][ T7134] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 189.991023][ T5913] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 190.020601][ T5913] usb 3-1: device descriptor read/8, error -71 [ 190.073367][ T7067] udevd[7067]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 190.106454][ T7067] udevd[7067]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 190.161644][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 190.246243][ T7138] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 190.272554][ T5913] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 190.321549][ T5913] usb 3-1: device descriptor read/8, error -71 [ 190.333379][ T43] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 190.385716][ T7145] netlink: 12 bytes leftover after parsing attributes in process `syz.3.454'. [ 190.451968][ T5913] usb usb3-port1: unable to enumerate USB device [ 190.510976][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 190.524163][ T43] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 190.542310][ T43] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 190.562476][ T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 190.573984][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 190.587247][ T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 190.597525][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 190.613564][ T43] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 190.640211][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.669448][ T43] usb 2-1: config 0 descriptor?? [ 191.111660][ T43] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 191.160878][ T43] usb 2-1: USB disconnect, device number 11 [ 191.181766][ T43] usblp0: removed [ 191.200071][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 192.249844][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 192.339040][ T7176] /dev/sg0: Can't lookup blockdev [ 192.659837][ T5913] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 192.831666][ T5913] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 192.850518][ T5913] usb 1-1: config 1 has an invalid descriptor of length 112, skipping remainder of the config [ 192.869770][ T5913] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 192.899744][ T5913] usb 1-1: config 1 has no interface number 1 [ 192.905955][ T5913] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 192.942855][ T5913] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 192.975660][ T5913] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 192.987608][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.004947][ T5913] usb 1-1: Product: syz [ 193.014045][ T5913] usb 1-1: Manufacturer: syz [ 193.018742][ T5913] usb 1-1: SerialNumber: syz [ 193.117774][ T7198] afs: Unknown parameter 'flock]"Pc6\>FCr' [ 193.274169][ T5913] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 193.282012][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 193.313495][ T5913] usb 1-1: MIDIStreaming interface descriptor not found [ 193.474349][ T5913] usb 1-1: USB disconnect, device number 8 [ 193.639105][ T7205] udevd[7205]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 194.006756][ T7217] hfs: can't find a HFS filesystem on dev rnullb0 [ 194.092793][ T5939] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 194.116428][ T7221] QAT: failed to copy from user cfg_data. [ 194.262493][ T5939] usb 2-1: Using ep0 maxpacket: 8 [ 194.278036][ T7230] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.487'. [ 194.290146][ T5939] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 194.299010][ T5939] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.314336][ T7229] binder: BINDER_SET_CONTEXT_MGR already set [ 194.322445][ T5939] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 194.329935][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 194.332994][ T7229] binder: 7226:7229 ioctl 4018620d 2000000002c0 returned -16 [ 194.347601][ T5939] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 194.359588][ T5939] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.379246][ T5939] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 194.381174][ T7229] binder: 7226:7229 ioctl c0306201 200000000240 returned -11 [ 194.396051][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.555344][ T7237] binder: 7236:7237 ioctl c0306201 0 returned -14 [ 194.644983][ T5939] usb 2-1: usb_control_msg returned -71 [ 194.669783][ T5939] usbtmc 2-1:16.0: can't read capabilities [ 194.708155][ T5939] usb 2-1: USB disconnect, device number 12 [ 195.209832][ T5913] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 195.360283][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 195.440066][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 195.544636][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64 [ 195.555639][ T5913] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 195.564832][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.595703][ T5913] usb 1-1: config 0 descriptor?? [ 195.632538][ T7238] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 195.891328][ T7253] support for the xor transformation has been removed. [ 196.109017][ T7258] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 196.409839][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 196.539777][ T24] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 196.700042][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 196.768758][ T24] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 196.919894][ T5913] ath6kl: Failed to submit usb control message: -110 [ 196.953196][ T24] usb 3-1: config 0 has no interface number 0 [ 196.959404][ T24] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 196.969591][ T5913] ath6kl: unable to send the bmi data to the device: -110 [ 196.977650][ T5913] ath6kl: Unable to send get target info: -110 [ 196.984910][ T24] usb 3-1: config 0 interface 196 has no altsetting 0 [ 196.993447][ T5913] ath6kl: Failed to init ath6kl core: -110 [ 197.010379][ T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 197.021625][ T5913] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 197.030484][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.039623][ T24] usb 3-1: Product: syz [ 197.167577][ T24] usb 3-1: Manufacturer: syz [ 197.193580][ T24] usb 3-1: SerialNumber: syz [ 197.232175][ T24] usb 3-1: config 0 descriptor?? [ 197.248072][ T7263] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 197.439931][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 197.626672][ T5939] usb 1-1: USB disconnect, device number 9 [ 197.691906][ T7275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'. [ 197.773533][ T7279] netlink: 16 bytes leftover after parsing attributes in process `syz.3.503'. [ 197.931729][ T24] ipheth 3-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 198.002265][ T24] ipheth 3-1:0.196: Apple iPhone USB Ethernet device attached [ 198.153498][ T24] usb 3-1: USB disconnect, device number 15 [ 198.231816][ T24] ipheth 3-1:0.196: Apple iPhone USB Ethernet now disconnected [ 198.479881][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 198.915466][ T7304] /dev/rnullb0: Can't open blockdev [ 199.202048][ T7309] binder: BINDER_SET_CONTEXT_MGR already set [ 199.208221][ T7309] binder: 7306:7309 ioctl 4018620d 200000000040 returned -16 [ 199.315906][ T7312] netlink: 324 bytes leftover after parsing attributes in process `syz.2.517'. [ 199.420327][ T7316] binder_alloc: 7314: binder_alloc_buf, no vma [ 199.520025][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 199.620137][ T7321] netlink: 28 bytes leftover after parsing attributes in process `syz.2.520'. [ 199.758298][ T7325] tipc: Enabling of bearer rejected, already enabled [ 200.021871][ T5913] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 200.162465][ T5913] usb 3-1: device descriptor read/64, error -71 [ 200.285840][ T7335] loop2: detected capacity change from 0 to 7 [ 200.348129][ T7335] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 200.354875][ T7335] loop2: partition table partially beyond EOD, truncated [ 200.371532][ T7335] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 200.410983][ T5913] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 200.496274][ T7339] netlink: 184 bytes leftover after parsing attributes in process `syz.0.528'. [ 200.559933][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 200.569793][ T5913] usb 3-1: device descriptor read/64, error -71 [ 200.572940][ T7067] udevd[7067]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 200.665813][ T7341] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 200.704539][ T5913] usb usb3-port1: attempt power cycle [ 200.886512][ T7349] qnx4: no qnx4 filesystem (no root dir). [ 201.066252][ T5913] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 201.112471][ T5913] usb 3-1: device descriptor read/8, error -71 [ 201.361841][ T5913] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 201.401548][ T5913] usb 3-1: device descriptor read/8, error -71 [ 201.512754][ T5913] usb usb3-port1: unable to enumerate USB device [ 201.600114][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 201.741985][ T7381] ceph: No mds server is up or the cluster is laggy [ 201.998816][ T7393] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.552'. [ 202.030440][ T7395] Can't find a SQUASHFS superblock on rnullb0 [ 202.627720][ T7417] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.562'. [ 202.640125][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 203.132417][ T7436] netlink: 'syz.1.568': attribute type 3 has an invalid length. [ 203.145064][ T7436] netlink: 132 bytes leftover after parsing attributes in process `syz.1.568'. [ 203.433621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 203.444618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 203.590272][ T5913] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 203.679938][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 203.820468][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 203.873462][ T5913] usb 2-1: config 0 has an invalid interface number: 196 but max is 0 [ 203.930396][ T7450] netlink: 12 bytes leftover after parsing attributes in process `syz.2.572'. [ 203.939794][ T5913] usb 2-1: config 0 has no interface number 0 [ 203.946100][ T5913] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 203.965536][ T5913] usb 2-1: config 0 interface 196 has no altsetting 0 [ 203.983324][ T5913] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 203.994862][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.019595][ T5913] usb 2-1: Product: syz [ 204.024141][ T5913] usb 2-1: Manufacturer: syz [ 204.037842][ T5913] usb 2-1: SerialNumber: syz [ 204.046853][ T5913] usb 2-1: config 0 descriptor?? [ 204.053428][ T7447] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 204.161490][ T7457] FAULT_INJECTION: forcing a failure. [ 204.161490][ T7457] name failslab, interval 1, probability 0, space 0, times 0 [ 204.176452][ T7457] CPU: 0 UID: 0 PID: 7457 Comm: syz.2.575 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 204.176483][ T7457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 204.176497][ T7457] Call Trace: [ 204.176506][ T7457] [ 204.176515][ T7457] dump_stack_lvl+0x189/0x250 [ 204.176564][ T7457] ? __pfx____ratelimit+0x10/0x10 [ 204.176597][ T7457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.176628][ T7457] ? __pfx__printk+0x10/0x10 [ 204.176670][ T7457] ? __pfx___might_resched+0x10/0x10 [ 204.176696][ T7457] ? fs_reclaim_acquire+0x7d/0x100 [ 204.176726][ T7457] should_fail_ex+0x414/0x560 [ 204.176757][ T7457] should_failslab+0xa8/0x100 [ 204.176781][ T7457] __kmalloc_noprof+0xcb/0x4f0 [ 204.176817][ T7457] ? tomoyo_encode+0x28b/0x550 [ 204.176851][ T7457] tomoyo_encode+0x28b/0x550 [ 204.176885][ T7457] tomoyo_realpath_from_path+0x58d/0x5d0 [ 204.176931][ T7457] tomoyo_path2_perm+0x288/0x680 [ 204.176954][ T7457] ? tomoyo_path2_perm+0x235/0x680 [ 204.176980][ T7457] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 204.177058][ T7457] tomoyo_path_rename+0x141/0x190 [ 204.177087][ T7457] ? __d_lookup+0x6df/0x780 [ 204.177122][ T7457] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 204.177168][ T7457] security_path_rename+0x250/0x490 [ 204.177202][ T7457] do_renameat2+0x52b/0xa80 [ 204.177246][ T7457] ? __pfx_do_renameat2+0x10/0x10 [ 204.177292][ T7457] ? getname_flags+0x1e5/0x540 [ 204.177325][ T7457] __x64_sys_renameat+0xb8/0xd0 [ 204.177354][ T7457] do_syscall_64+0xfa/0x3b0 [ 204.177372][ T7457] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.177404][ T7457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.177426][ T7457] ? clear_bhb_loop+0x60/0xb0 [ 204.177453][ T7457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.177475][ T7457] RIP: 0033:0x7f420338eb69 [ 204.177506][ T7457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.177525][ T7457] RSP: 002b:00007f4204130038 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 204.177549][ T7457] RAX: ffffffffffffffda RBX: 00007f42035b5fa0 RCX: 00007f420338eb69 [ 204.177565][ T7457] RDX: ffffffffffffff9c RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 204.177581][ T7457] RBP: 00007f4204130090 R08: 0000000000000000 R09: 0000000000000000 [ 204.177595][ T7457] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000002 [ 204.177609][ T7457] R13: 0000000000000000 R14: 00007f42035b5fa0 R15: 00007fffa00288d8 [ 204.177654][ T7457] [ 204.177703][ T7457] ERROR: Out of memory at tomoyo_realpath_from_path. [ 204.340935][ T5913] ipheth 2-1:0.196: Unable to find endpoints [ 204.580059][ T7466] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.577' resets device [ 204.703699][ T7473] netlink: 'syz.2.579': attribute type 10 has an invalid length. [ 204.720080][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 204.774871][ T7475] /dev/rnullb0: Can't open blockdev [ 204.870674][ T7477] support for the xor transformation has been removed. [ 204.933275][ T7478] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 204.959845][ T7478] netlink: 'syz.0.581': attribute type 27 has an invalid length. [ 204.978431][ T7478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 204.997532][ T7478] /dev/rnullb0: Can't open blockdev [ 205.266589][ T7481] /dev/rnullb0: Can't open blockdev [ 205.349435][ T7483] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 205.356859][ T7483] IPv6: NLM_F_CREATE should be set when creating new route [ 205.364237][ T7483] IPv6: NLM_F_CREATE should be set when creating new route [ 205.371520][ T7483] IPv6: NLM_F_CREATE should be set when creating new route [ 205.379149][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 205.439497][ T7485] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 205.525606][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.536318][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.729868][ T5913] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 205.760045][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 205.783634][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.590'. [ 205.892448][ T5913] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 64 [ 205.918874][ T5913] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.933651][ T5913] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.943873][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.957859][ T7499] binder: BINDER_SET_CONTEXT_MGR already set [ 205.964437][ T7499] binder: 7498:7499 ioctl 4018620d 200000004a80 returned -16 [ 205.976734][ T7501] netlink: ct family unspecified [ 205.994063][ T7501] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 206.183797][ T5913] usb 3-1: GET_CAPABILITIES returned 0 [ 206.189567][ T5913] usbtmc 3-1:16.0: can't read capabilities [ 206.232123][ T7510] binder_alloc: 7509: binder_alloc_buf, no vma [ 206.238711][ T7510] binder: 7509:7510 ioctl c0306201 200000000300 returned -14 [ 206.334822][ T5913] usb 2-1: USB disconnect, device number 13 [ 206.395666][ T43] usb 3-1: USB disconnect, device number 20 [ 206.405289][ T7514] netlink: 28 bytes leftover after parsing attributes in process `syz.0.598'. [ 206.447114][ T7516] tipc: Enabling of bearer rejected, already enabled [ 206.710990][ T7527] loop2: detected capacity change from 0 to 7 [ 206.739552][ T7067] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 206.755049][ T7067] loop2: partition table partially beyond EOD, truncated [ 206.766325][ T7067] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 206.797989][ T7527] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 206.803726][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 206.810069][ T10] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 206.815083][ T7527] loop2: partition table partially beyond EOD, truncated [ 206.827791][ T7527] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 206.886143][ T7067] udevd[7067]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 206.937481][ T7067] udevd[7067]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 207.005171][ T10] usb 1-1: config 9 interface 0 altsetting 10 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 207.035177][ T10] usb 1-1: config 9 interface 0 has no altsetting 0 [ 207.049791][ T10] usb 1-1: New USB device found, idVendor=f07a, idProduct=e03e, bcdDevice= 8.f4 [ 207.062972][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.078411][ T10] usb 1-1: Product: syz [ 207.086243][ T10] usb 1-1: Manufacturer: syz [ 207.093075][ T10] usb 1-1: SerialNumber: syz [ 207.117481][ T7523] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 207.148366][ T7537] netlink: 184 bytes leftover after parsing attributes in process `syz.1.607'. [ 207.270028][ T5836] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 207.334548][ T7546] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 207.346412][ T7523] netlink: 'syz.0.602': attribute type 1 has an invalid length. [ 207.362963][ T7523] netlink: 5624 bytes leftover after parsing attributes in process `syz.0.602'. [ 207.401690][ T5836] usb 4-1: device descriptor read/64, error -71 [ 207.430414][ T5939] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 207.442998][ T10] usb 1-1: USB disconnect, device number 10 [ 207.518323][ T7550] /dev/rnullb0: Can't open blockdev [ 207.605684][ T5939] usb 3-1: Using ep0 maxpacket: 32 [ 207.615766][ T5939] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 207.624761][ T5939] usb 3-1: config 0 has no interface number 0 [ 207.632122][ T5939] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 207.642550][ T5939] usb 3-1: config 0 interface 196 has no altsetting 0 [ 207.651934][ T5939] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 207.661274][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.669394][ T5939] usb 3-1: Product: syz [ 207.673800][ T5836] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 207.682417][ T5939] usb 3-1: Manufacturer: syz [ 207.687473][ T5939] usb 3-1: SerialNumber: syz [ 207.697360][ T5939] usb 3-1: config 0 descriptor?? [ 207.703577][ T7539] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 207.819792][ T5836] usb 4-1: device descriptor read/64, error -71 [ 207.840005][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 207.848774][ T7556] /dev/sg0: Can't lookup blockdev [ 207.949941][ T5836] usb usb4-port1: attempt power cycle [ 207.959118][ T5939] ipheth 3-1:0.196: Unable to find endpoints [ 208.252327][ T7569] /dev/rnullb0: Can't open blockdev [ 208.299800][ T5836] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 208.320990][ T5836] usb 4-1: device descriptor read/8, error -71 [ 208.885924][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 209.920952][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 210.966633][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 212.010391][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 212.879667][ C1] sched: DL replenish lagged too much [ 213.045737][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 214.084986][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 215.124384][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 216.163015][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 217.199821][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 217.477343][ T5836] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 218.247291][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 219.282763][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 220.319863][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 221.365591][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 222.402644][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 223.445957][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 224.482492][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 225.527946][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 226.569940][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 227.602117][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 228.644093][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 229.683087][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 230.720351][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 231.764028][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 232.804477][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 233.844507][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 234.887573][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 235.924786][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 236.966357][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 238.003947][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 238.389859][ T5836] usb 4-1: device not accepting address 11, error -71 [ 239.043836][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 240.087380][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 240.631473][ T5939] usb 3-1: USB disconnect, device number 21 [ 241.121069][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 242.164768][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 243.205601][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 244.241537][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 245.284692][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 246.323899][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 247.361021][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 248.410918][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 249.440916][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 250.484228][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 251.523130][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 252.560586][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 253.600646][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 254.651876][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 255.687199][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 256.725539][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 257.767288][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 258.801116][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 259.853332][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 260.889802][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 261.925503][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 262.960969][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 264.000271][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 265.046416][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 266.083431][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 267.122546][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 268.061452][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 268.164763][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 268.381389][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 269.215214][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 270.251861][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 271.293645][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 272.320329][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 273.365270][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 274.402115][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 274.546155][ T5836] usb usb4-port1: unable to enumerate USB device [ 275.451164][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 276.482975][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 277.524022][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 278.560637][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 279.603743][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 280.639829][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 281.685430][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 282.722339][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 283.771869][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 284.806965][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 285.844901][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 286.885115][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 287.924402][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 288.964086][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 290.001398][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 291.043167][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 292.084059][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 293.137696][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 294.163657][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 295.204157][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 296.246345][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 297.293249][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 298.326199][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 299.361741][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 300.403793][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 301.452768][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 302.490529][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 303.520070][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 304.561337][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 305.604473][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 306.645456][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 307.686528][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 308.727215][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 309.763152][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 310.802221][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 311.855004][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 312.881513][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 313.934548][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 314.369622][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 314.376650][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7577/1:b..l [ 314.384944][ C1] rcu: (detected by 1, t=10503 jiffies, g=27861, q=7527 ncpus=2) [ 314.392780][ C1] task:syz.0.624 state:R running task stack:23640 pid:7577 tgid:7576 ppid:5851 task_flags:0x20400140 flags:0x00004006 [ 314.407172][ C1] Call Trace: [ 314.410471][ C1] [ 314.413415][ C1] __schedule+0x1798/0x4cc0 [ 314.417950][ C1] ? kasan_record_aux_stack+0xbd/0xd0 [ 314.423342][ C1] ? blk_update_request+0x57e/0xe60 [ 314.428565][ C1] ? blk_mq_dispatch_rq_list+0x4bd/0x1900 [ 314.434299][ C1] ? __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 314.440813][ C1] ? blk_mq_run_hw_queue+0x404/0x4f0 [ 314.446191][ C1] ? blk_mq_dispatch_list+0xd0c/0xe00 [ 314.451583][ C1] ? blk_mq_flush_plug_list+0x469/0x550 [ 314.457149][ C1] ? __blk_flush_plug+0x3d3/0x4b0 [ 314.462232][ C1] ? blkdev_writepages+0x10e/0x170 [ 314.467375][ C1] ? do_writepages+0x32b/0x550 [ 314.472170][ C1] ? blkdev_write_iter+0x5fa/0x710 [ 314.477306][ C1] ? splice_direct_to_actor+0x5a5/0xcc0 [ 314.482879][ C1] ? do_splice_direct+0x181/0x270 [ 314.487940][ C1] ? __pfx___schedule+0x10/0x10 [ 314.492852][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 314.498164][ C1] preempt_schedule_irq+0xb5/0x150 [ 314.503296][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 314.509042][ C1] ? do_raw_spin_lock+0x121/0x290 [ 314.514128][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 314.519955][ C1] irqentry_exit+0x6f/0x90 [ 314.524396][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 314.530403][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70 [ 314.536589][ C1] Code: ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 <48> 8d 7e 01 8b 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 [ 314.556218][ C1] RSP: 0018:ffffc90003226a10 EFLAGS: 00000246 [ 314.562312][ C1] RAX: ffffffff8174c632 RBX: 0000000027a6c780 RCX: ffff888026ac1e00 [ 314.570302][ C1] RDX: ffffc9000b742000 RSI: 000000000007ffff RDI: 0000000000000040 [ 314.578289][ C1] RBP: 0000000000000000 R08: ffffffff8fe34337 R09: 1ffffffff1fc6866 [ 314.586269][ C1] R10: dffffc0000000000 R11: ffffffff81f82820 R12: 0000000000008000 [ 314.594263][ C1] R13: ffffea0000000000 R14: 000000000000002e R15: dffffc0000000000 [ 314.602433][ C1] ? __pfx_mempool_free_slab+0x10/0x10 [ 314.607926][ C1] ? __phys_addr+0xb2/0x180 [ 314.612461][ C1] __phys_addr+0xb2/0x180 [ 314.616826][ C1] ? blk_update_request+0x57e/0xe60 [ 314.622054][ C1] kmem_cache_free+0x7e/0x400 [ 314.626769][ C1] blk_update_request+0x57e/0xe60 [ 314.631836][ C1] blk_mq_end_request+0x3e/0x70 [ 314.636721][ C1] _RNvMNtNtNtCs43vyB533jt3_6kernel5block2mq10operationsINtB2_16OperationsVTableNtCsktjF9JQNZ8U_5rnull13NullBlkDeviceE17queue_rq_callbackB1e_+0x1b6/0x2a0 [ 314.652213][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 314.657434][ C1] ? __pfx__RNvMNtNtNtCs43vyB533jt3_6kernel5block2mq10operationsINtB2_16OperationsVTableNtCsktjF9JQNZ8U_5rnull13NullBlkDeviceE17queue_rq_callbackB1e_+0x10/0x10 [ 314.673450][ C1] blk_mq_dispatch_rq_list+0x4bd/0x1900 [ 314.679025][ C1] ? sbitmap_find_bit+0x3ff/0x490 [ 314.684101][ C1] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 314.690105][ C1] ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0 [ 314.695947][ C1] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 314.702409][ C1] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 314.709205][ C1] ? blk_mq_run_hw_queue+0x239/0x4f0 [ 314.714529][ C1] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 314.720530][ C1] ? blk_mq_run_hw_queue+0x239/0x4f0 [ 314.725886][ C1] blk_mq_run_hw_queue+0x404/0x4f0 [ 314.731071][ C1] blk_mq_dispatch_list+0xd0c/0xe00 [ 314.736294][ C1] ? blk_mq_dispatch_list+0x260/0xe00 [ 314.741695][ C1] ? __pfx_blk_mq_dispatch_list+0x10/0x10 [ 314.747449][ C1] blk_mq_flush_plug_list+0x469/0x550 [ 314.752843][ C1] ? filemap_get_folios_tag+0x53b/0x630 [ 314.758408][ C1] ? filemap_get_folios_tag+0xed/0x630 [ 314.763884][ C1] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 314.769798][ C1] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 314.775725][ C1] __blk_flush_plug+0x3d3/0x4b0 [ 314.780601][ C1] ? __pfx___blk_flush_plug+0x10/0x10 [ 314.786014][ C1] blk_finish_plug+0x5e/0x90 [ 314.790626][ C1] blkdev_writepages+0x10e/0x170 [ 314.795597][ C1] ? __pfx_blkdev_writepages+0x10/0x10 [ 314.801081][ C1] ? __lock_acquire+0xab9/0xd20 [ 314.805957][ C1] ? __pfx_blkdev_writepages+0x10/0x10 [ 314.811434][ C1] do_writepages+0x32b/0x550 [ 314.816059][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 314.821307][ C1] file_write_and_wait_range+0x23e/0x340 [ 314.826963][ C1] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 314.833186][ C1] ? __up_read+0x280/0x680 [ 314.837657][ C1] blkdev_fsync+0x74/0xd0 [ 314.842028][ C1] generic_write_sync+0x1b3/0x290 [ 314.847068][ C1] ? blkdev_write_iter+0x5ef/0x710 [ 314.852218][ C1] blkdev_write_iter+0x5fa/0x710 [ 314.857223][ C1] iter_file_splice_write+0x937/0x1000 [ 314.862750][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 314.868708][ C1] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 314.874144][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 314.880081][ C1] direct_splice_actor+0x101/0x160 [ 314.885222][ C1] splice_direct_to_actor+0x5a5/0xcc0 [ 314.890638][ C1] ? __pfx_direct_splice_actor+0x10/0x10 [ 314.896296][ C1] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 314.902228][ C1] do_splice_direct+0x181/0x270 [ 314.907113][ C1] ? __pfx_do_splice_direct+0x10/0x10 [ 314.912509][ C1] ? common_file_perm+0x1b5/0x230 [ 314.917553][ C1] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 314.923473][ C1] ? bpf_lsm_file_permission+0x9/0x20 [ 314.928873][ C1] ? security_file_permission+0x75/0x290 [ 314.934540][ C1] ? rw_verify_area+0x255/0x4d0 [ 314.939417][ C1] do_sendfile+0x4da/0x7e0 [ 314.943887][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.949125][ C1] ? __pfx_do_sendfile+0x10/0x10 [ 314.954098][ C1] ? __se_sys_futex+0x36f/0x400 [ 314.958980][ C1] __se_sys_sendfile64+0x13e/0x190 [ 314.964119][ C1] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 314.969780][ C1] ? rcu_is_watching+0x15/0xb0 [ 314.974580][ C1] ? do_syscall_64+0xbe/0x3b0 [ 314.979289][ C1] do_syscall_64+0xfa/0x3b0 [ 314.983815][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.989900][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 314.996077][ C1] ? clear_bhb_loop+0x60/0xb0 [ 315.000804][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.006717][ C1] RIP: 0033:0x7fdd0198eb69 [ 315.011156][ C1] RSP: 002b:00007fdd027df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 315.019588][ C1] RAX: ffffffffffffffda RBX: 00007fdd01bb5fa0 RCX: 00007fdd0198eb69 [ 315.027575][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 315.035560][ C1] RBP: 00007fdd01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 315.043566][ C1] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 [ 315.051564][ C1] R13: 0000000000000000 R14: 00007fdd01bb5fa0 R15: 00007ffd398e88e8 [ 315.059581][ C1] [ 315.067867][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 316.085655][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 317.120570][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 318.160974][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 319.205113][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 320.239918][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 321.283536][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 322.320833][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 323.362876][ C1] IPVS: lc: UDP 224.0.0.2:0 - no destination available