last executing test programs: 1m55.097261108s ago: executing program 3 (id=965): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000dc0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, 0x0) mount$bind(0x0, 0x0, 0x0, 0x2a04860, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',g']) read$FUSE(r2, &(0x7f00000021c0)={0x2020}, 0x2020) 1m55.020755379s ago: executing program 3 (id=967): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, 0x0, 0x0) 1m53.708949068s ago: executing program 3 (id=972): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000780)) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x103183, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x5}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}}, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30000091) ioctl$SNAPSHOT_S2RAM(r0, 0x330b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{0x80000}, {0xfbfffffa, 0xa23e}]}}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000940), 0x22600) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r5, 0xc058534b, &(0x7f0000000980)={0x81a, 0x3, 0x1, 0x6, 0x3, 0x7ff}) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000007c0)={0xe0, 0x13, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_OBJ_USERDATA={0xaa, 0x8, "43771fb51d37b242b42ec1fcf8dcbbd030c89dde1f0c9af4ede2c2480d30ff5f1b0dc43f781d442604a0401cf51c1b43fcfec02b4422033db1cec867de65d241976747691a8b22fcc00284aa475e6864b1800a08ff7a9f67904737538ba9e0a0693871481395e91d8901eb43fb3e71a0a56d7cc089c53479f3b336bd16ca5de4b43b4dd3e99e1dfca9d2cf2e6ea872c30507bf5a22cb0ffe5552db40662814eb71da8d15d8dd"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0xe0}, 0x1, 0x0, 0x0, 0x20040805}, 0x40) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) sendmsg(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7, @private2, 0x93a}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)="893c5c4dcd1bce35bab2ff000063fc4c20a460c20af135c0bac7df88bd6f39e142a76b9dac5c28dcba66f811402e177bf14dae0e38ead9f8d1f7aea4e796d759bc857ac304289269bd10f17d5d7143c4", 0x50}, {&(0x7f0000000240)="f95b44c13785eff8643157ca3b5b3dc2f175262ef07b51c0d99cf005b800fbd3b65e07b3c1a9f790118950a21f8702cf67e217bda1e7fb0968ae5a2295a496c9e4c391b386330c09eb7421b98b8e07af360cf217b9f0311a8930a4af4830e0dfd7a80cda7ac72aa2751f6a8bb5f7e3bce40303ee6f00902e30496c1b0d744ceb8a1449c5a2d3b97ee50d266a8ed9b1bc902827241303f908aed330b450b7e5ff5abd9f31733392d1121cd9f66cc6b0f7d7054cbd36a5242540e4093d893246ed30ae3c5d3c288e9a2a13c939cf8cc729edd60e1d2f826bbea13deb77533fec0e3ce022ad485050a1fbc382cd962a65aa", 0xf0}, {&(0x7f0000000340)="5450ab484feaaa8eb0e511e9488f4320a019a962468008a86ba15e6ab44176516cb7e3ca82ee014c56e2568710266798763e8b5c71bf5ec86a49e680e74fdf77cffebcf3c43217d012bbb0efd5ea4ee578cf9fec7a020f64f2c89c9e00b71a2c83678d67e85e1d434e2ebede44c43a4c849414ed76820eb52c54dc791ada9da231fbb412703305c9380434e86f1c4a6bf202ffa1a12bd3286396ce1c0decbae9935726af50e5eeab", 0xa8}, {&(0x7f0000000400)="5d1bca228a1d41e83068d1ddf3c16a8445eadb246dc5b3b30c2cfd851e959b6ae7c9561527959b1522eb6b1d892f01ef70969730d5a99973e9e2c4c6ac7d72d59d2ca9e70296aff74664804748f0a53dfb8b74cdcb74485402d1a3583af8026ba326a50472d0fd93a66bc3181ade39226e3716aa12555bcba96246e305f58b46be2dbf33ab11267fc253405d3b2d988ac224bd838f7430a4836eb2ee75435c97948e1f3ab870a1f56b98abc8ee29ce402ab2d913e14e36e0906ad7745229", 0xbe}], 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="400000000000000087010000532b000078e15164dbf34523f984a8e9bf06044f5134070cd9fe09094f86f5be082d9800d07d6d6fc7642f9bc407a83772b76e93880000000000000016010000030000008c3cf24b631c93e7ffe82cc752e9d86c8dde55824b6810d48d7e27cbcc5a0496fa02435335d73897a34ddafbabe1f6787d52f2cff0eb00005624912d54d00b1599a9fff438b0fc99a78a3c564914ff3fa8db2514ee7d4fa7beb3627b2cf1c1a97522b8e750cd56a3117f109ee652074e7ee966d376101dd482526f000000e800000000000000080100000b0000008e6d8599fe05e031d7e580467f3134bc0c6dc2421864c78e091be94555423a79d43bb889b9f5fab4faf79826107280dff488f45acd0dac689347d3d975cd670ccad5317ca8365261a6c85c579424dadd5d53ad370010efb15020cfb7773ac9966499aedbee9e37add7abc6780c18b378be5aa62d501bfc00d4fd2f4c8eb80755d7f550fb32ce7542ce58fbe985c84da2e0186c653dba3619fa9d9f4e898715a0140875ed4415374c069637cd6e275d3bcf65c05ac6b594754d9e2ca2d7bd9bcfe0f9b3405c50deee4dfeca11d1d12c72661ded75170000002000000000000000020100090000000013ea11a57cb99153875d"], 0x1d0}, 0x946) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETOFFLOAD(r6, 0x400454c9, 0x13) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0xfffffffe}, 0x8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a32000000001400078008001340000000000800064000000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) 1m53.395746932s ago: executing program 3 (id=974): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x400, 0x0, 0xfffffffffffffef8, 0x0, 0x0, 0x0) setpgid(r0, 0x0) r1 = getpgid(r0) setpgid(0x0, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0x9361, 0x0) 1m53.22675746s ago: executing program 3 (id=975): mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x4, &(0x7f0000ffb000/0x3000)=nil) 1m52.353352382s ago: executing program 3 (id=979): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1m51.835891895s ago: executing program 32 (id=979): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1m36.997352324s ago: executing program 0 (id=1066): creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0) 1m36.894747108s ago: executing program 0 (id=1068): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSSOFTCAR(r0, 0x5404, &(0x7f00000001c0)) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, 0x0, 0x0) listen(r1, 0x10001) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, 0x0, 0x4000045) connect$tipc(r2, 0x0, 0x0) setuid(0xee00) shmctl$SHM_LOCK(0x0, 0xb) 1m36.74339311s ago: executing program 0 (id=1069): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4a00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648e000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x802000) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x1d, &(0x7f00000008c0), 0x4) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000309000/0x2000)=nil, 0x2000, 0x1) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1m36.605264065s ago: executing program 0 (id=1070): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') syz_clone(0x400, 0x0, 0xfffffffffffffef8, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0x9361, 0x0) 1m36.511515574s ago: executing program 0 (id=1072): pipe(0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0xf4ff) socket(0x2a, 0x2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 1m36.13314946s ago: executing program 0 (id=1073): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0xe11, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000003c0)="25d7196c03045396b9eff7846a812bfe75fa3496bb8e75411f", 0x19, 0x8014, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x2c00) 1m35.510110589s ago: executing program 33 (id=1073): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0xe11, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000003c0)="25d7196c03045396b9eff7846a812bfe75fa3496bb8e75411f", 0x19, 0x8014, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x2c00) 3.930201597s ago: executing program 4 (id=1538): r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002) writev(r0, &(0x7f0000000c40)=[{&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0)}, {&(0x7f0000000900)}], 0x3) 3.867461048s ago: executing program 4 (id=1539): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x2b, 0x4aff5aa6, 0xffffffff80000002, 0xe6f6, 0x9, 0x8, 0x2, 0x0, 0x0, 0x4, 0x3}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000732d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0xfffffffffffffffe, 0x7fff, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x26e1, 0x0) close(r2) socket$kcm(0x10, 0x400000002, 0x0) syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x63, 0xe1, 0xd8, 0x8, 0x10b8, 0x1bb2, 0xc7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x6, 0xe0, 0x7, [{{0x9, 0x4, 0xf5, 0x0, 0x0, 0x92, 0xd0, 0x15, 0x7}}]}}]}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) 3.233261766s ago: executing program 5 (id=1544): r0 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_int(r0, 0x29, 0x4e, 0x0, &(0x7f00000001c0)) syz_open_dev$sndctrl(&(0x7f0000000000), 0x7, 0x26cc02) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe207c05e8fe55a10a0015000a00142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000300)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r3, 0x7aa, &(0x7f0000000000)={{@my=0x1}, 0x6000, 0x7}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00') pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x4041e) write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x32165b32, {}, 0x3, 0x107fffffff, 0x8}}}, 0xfffffd53) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r6, &(0x7f0000000240)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000440)="5532caf800c592ea519966aada85687523502438ba58062a5b20b5662b6d75acf05f18f5", 0x24}], 0x2) timerfd_settime(r4, 0x2, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume', 0x0, 0x0) bind$netrom(r2, &(0x7f00000000c0)={{0x3, @bcast, 0x2}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @bcast, @null, @bcast, @bcast]}, 0x48) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') 3.169808906s ago: executing program 1 (id=1545): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000002c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}) 3.004917771s ago: executing program 5 (id=1546): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d616376346170000000080001400000000514"], 0xe8}}, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) wait4(r3, 0x0, 0x4, 0x0) wait4(r3, 0x0, 0x8, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000240)={0x2, 0x2, 0x5}) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) bind(r1, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x3}, 0x80) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x6, 0x2200) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800}) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="2e00000029008188e6b62aa73772cc8600a1f848430000005e1406", 0x1b}], 0x1}, 0x4c084) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d008103e00f80ecdb4cb9f207", 0x11}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000280)=@req3={0x7816, 0x2, 0x0, 0x4, 0xa055, 0xdc5, 0x1}, 0x1c) recvmmsg$unix(r5, &(0x7f0000004100)=[{{&(0x7f00000002c0), 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000380)=""/115, 0x73}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000c00)=""/43, 0x2b}], 0x1}}], 0x2, 0x0, 0x0) sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r6 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r6, &(0x7f0000000200)=ANY=[], 0xfe33) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) setns(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) dup(r2) 3.004797501s ago: executing program 1 (id=1547): r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002) writev(r0, &(0x7f0000000c40)=[{&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0)}, {&(0x7f0000000900)}], 0x3) 2.952960025s ago: executing program 1 (id=1548): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000180)=0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x40}}) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) mount(&(0x7f00000001c0)=@filename='./cgroup\x00', &(0x7f0000000200)='./cgroup\x00', &(0x7f0000000380)='pipefs\x00', 0x110020, &(0x7f00000003c0)='++]\x00') ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x6, 0x0, 0x3, 0x4}}, 0x0, 0x0}}) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='rootfs\x00', 0x808000, 0x0) 2.75937975s ago: executing program 4 (id=1550): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648e000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = getpid() fcntl$setstatus(r0, 0x4, 0x400) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r5, 0x404c4701, &(0x7f0000000040)={0x2, 0x10000b, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r4, @ANYRES32=r2, @ANYRESHEX=r1], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e991fc0a4d198df48abeaf41f563752069ad8a09f477ff5af7ba32eda6c868e683de60736de0126ee7792def870f39f58ef0e79c3d97fc6f4e5f90", @ANYRES16=r2, @ANYBLOB="03030000000000000000130000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}}, 0x0) mlock(&(0x7f00007c0000/0x1000)=nil, 0x1000) 2.451367197s ago: executing program 4 (id=1553): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105704da0700000000000109022400010000ba0009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x22, {[@main=@item_4={0x3, 0x0, 0x9, '(3qg'}, @main=@item_4={0x3, 0x0, 0xb, "1ce93ee9"}, @global=@item_4={0x3, 0x1, 0x1, '\f\x00'}, @local=@item_012={0x1, 0x2, 0x2, "90"}, @main=@item_4={0x3, 0x0, 0xb, "b9585dde"}, @global=@item_012={0x1, 0x1, 0x0, '\r'}, @local=@item_4={0x3, 0x2, 0x0, "01070100"}, @main=@item_4={0x3, 0x0, 0xa, "31654111"}]}}, 0x0}, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x20080c4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105704da0700000000000109022400010000ba0009040000090300000009210000000122220009058103"], 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x22, {[@main=@item_4={0x3, 0x0, 0x9, '(3qg'}, @main=@item_4={0x3, 0x0, 0xb, "1ce93ee9"}, @global=@item_4={0x3, 0x1, 0x1, '\f\x00'}, @local=@item_012={0x1, 0x2, 0x2, "90"}, @main=@item_4={0x3, 0x0, 0xb, "b9585dde"}, @global=@item_012={0x1, 0x1, 0x0, '\r'}, @local=@item_4={0x3, 0x2, 0x0, "01070100"}, @main=@item_4={0x3, 0x0, 0xa, "31654111"}]}}, 0x0}, 0x0) (async) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x20080c4, 0x0) (async) 2.035362835s ago: executing program 5 (id=1555): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000500)={r2, 0x0, 0x0, 0x5, 0x2, 0xffdd, 0x401, 0xfffffff8, 0x0, 0x1, 0x401, 0xecbc}) 1.91222181s ago: executing program 1 (id=1556): r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002) writev(r0, &(0x7f0000000c40)=[{&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0)}, {&(0x7f0000000900)}], 0x3) 1.797312466s ago: executing program 5 (id=1557): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) syz_usb_disconnect(r0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) 1.761757268s ago: executing program 1 (id=1558): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x2000000000000000, 0x0) 1.605357472s ago: executing program 1 (id=1560): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="20000104000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000140)={0x14, &(0x7f00000000c0)={0x40, 0xf, 0x69, {0x69, 0x23, "4c048bd0052ac65981b864a0301fdf331ef1df3e06d1b74336dd18ba976ac7041f80a1e920288f7398489d3d48f684ebc539a2a88c71be6ae32f86b0433405b03d6d77b3a8f937195b3ef4922f863fe1c5fb40e1772ae3ec251ffe42391415a0234d8e4bcb4502"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x7, 0x8f, "39a4a70f3d626ce37e3066f9afdc780b366ca19a1484859682eab65f248875ec0a51c8148cc87ff33a9ca23fba0b8430860de158c30918632203f04e4393a3b676f4d8638e90b1b1412aa14a229867fd468b9964a1346cfc038c4f93a79f4b69bc17fc3c61a3390f71f62b865c447a9d07f3f8e93e7f2ad50bc790321f35613b31171d3d13d54e096b9b324d44f0ef"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0xf8}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0x3, 0x2, 0xe, 0x6, 0x3ff, 0x2, 0x2, 0x0, 0x0, 0x380, 0x7, 0x1}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x99}, &(0x7f0000000340)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000380)={0x20, 0x87, 0x2, 0x7}, &(0x7f00000003c0)={0x20, 0x89, 0x2, 0x1}}) 997.131533ms ago: executing program 4 (id=1565): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x4000}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x7}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0x60}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r0, 0x0) mount$bind(0x0, 0x0, 0x0, 0x12f451, 0x0) syz_io_uring_setup(0x7f14, &(0x7f0000000200)={0x0, 0x2d08, 0x20000, 0x1, 0x82}, &(0x7f0000002000), 0x0) 893.16741ms ago: executing program 2 (id=1566): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x5, 0x0, 0x3, 0x10001, 0x64, 0x5, 0x10007ffffe]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="470f21f46541fc48b8e7320000000000000f23d80f21f80f23e1fef30f1edd0f2221c744240200800000ff2c24f30f516797c483fd005b02ea6426470f01cf65666466430f3833af00580000", 0x4c}], 0xd995c8e51458cd5, 0x24, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 814.835787ms ago: executing program 4 (id=1567): syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)="061d151f658f300e97e58f5ef2a7173033e0bc1a7beb9497c3bb101828687d5ca6fec332ee289798fd2a8619e0c463f68626e65c53f4aadea14de85f366f8e845a73a309316b96", 0x47}], 0x1) 806.645348ms ago: executing program 2 (id=1568): openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0) 673.283263ms ago: executing program 2 (id=1569): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x7000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 640.847346ms ago: executing program 2 (id=1570): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0080, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="84010000100013070000040000000000ac1e010000fe8000000000000000000000000000bb0000000000000000000000003c00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d3320000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c001400636d616328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0"], 0x184}}, 0x0) keyctl$join(0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r5, 0x1, 0x1a, 0x0, &(0x7f0000000100)) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003000010029b57000fddbdcce1f5e84d37ce906"], 0x14}, 0x1, 0x0, 0x0, 0x8051}, 0x200040c0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r6, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r6, 0x84, 0x5, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004) recvmmsg(r8, &(0x7f0000001a80)=[{{0x0, 0x0, 0x0}, 0xff}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000600)=""/179, 0xb3}, {&(0x7f00000004c0)=""/262, 0x106}, {&(0x7f0000003bc0)=""/4109, 0x100d}, {&(0x7f0000000340)=""/219, 0xdb}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x4a}, {{0x0, 0x0, 0x0}, 0x48}, {{0x0, 0x0, 0x0}}], 0x9, 0x0, 0x0) sendto$inet6(r7, &(0x7f0000000140)="96", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r7, 0x84, 0x1e, &(0x7f0000000180)=0x2, 0x4) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r7, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008c02"]) 426.859597ms ago: executing program 2 (id=1571): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000440)="5532caf800c592ea519966aada85", 0xe}], 0x1) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, '\x00', 0x34}, 0xfff}}, 0x6, 0x2}, 0x90) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x1, 0x8, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x2000800}, 0x80) 293.134941ms ago: executing program 2 (id=1572): write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000008c0)={0x24, 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="00090000000094"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 84.854648ms ago: executing program 5 (id=1573): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x1000}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000080)={r5, 0x8278, 0x8, 0x8, 0x0, 0x8}, &(0x7f00000000c0)=0x14) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000) ioctl$COMEDI_CMDTEST(r0, 0x8050640a, &(0x7f00000001c0)={0x8, 0x30000, 0x4, 0x1, 0x20, 0x5, 0x1, 0x7f, 0xffffffff, 0x5, 0x80, 0x1c, 0x0, 0x0, 0x0}) 0s ago: executing program 5 (id=1574): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'das16m1\x00', [0x4f27, 0x20, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x4088, 0x0, 0xfffffff8]}) kernel console output (not intermixed with test programs): 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.646989][ T9344] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 365.647011][ T9344] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 365.647027][ T9344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 365.647041][ T9344] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 365.647054][ T9344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.647067][ T9344] R13: 0000000000000001 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 365.647101][ T9344] [ 365.647111][ T9344] ERROR: Out of memory at tomoyo_realpath_from_path. [ 365.790930][ T5946] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 366.092038][ T9350] /dev/rnullb0: Can't open blockdev [ 366.144288][ T5946] usb 2-1: device descriptor read/8, error -71 [ 366.271510][ T9357] FAULT_INJECTION: forcing a failure. [ 366.271510][ T9357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 366.287451][ T9357] CPU: 0 UID: 0 PID: 9357 Comm: syz.5.1240 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 366.287497][ T9357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.287513][ T9357] Call Trace: [ 366.287523][ T9357] [ 366.287533][ T9357] dump_stack_lvl+0x189/0x250 [ 366.287573][ T9357] ? __pfx____ratelimit+0x10/0x10 [ 366.287600][ T9357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.287634][ T9357] ? __pfx__printk+0x10/0x10 [ 366.287667][ T9357] ? __might_fault+0xb0/0x130 [ 366.287716][ T9357] should_fail_ex+0x414/0x560 [ 366.287747][ T9357] _copy_from_user+0x2d/0xb0 [ 366.287772][ T9357] video_usercopy+0x354/0x14f0 [ 366.287815][ T9357] ? __pfx___video_do_ioctl+0x10/0x10 [ 366.287843][ T9357] ? __pfx_video_usercopy+0x10/0x10 [ 366.287885][ T9357] ? __fget_files+0x2a/0x420 [ 366.287920][ T9357] ? __fget_files+0x2a/0x420 [ 366.287948][ T9357] ? __fget_files+0x3a0/0x420 [ 366.287981][ T9357] v4l2_ioctl+0x18a/0x1e0 [ 366.288010][ T9357] ? __pfx_v4l2_ioctl+0x10/0x10 [ 366.288036][ T9357] __se_sys_ioctl+0xfc/0x170 [ 366.288063][ T9357] do_syscall_64+0xfa/0x3b0 [ 366.288088][ T9357] ? lockdep_hardirqs_on+0x9c/0x150 [ 366.288113][ T9357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.288137][ T9357] ? clear_bhb_loop+0x60/0xb0 [ 366.288166][ T9357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.288189][ T9357] RIP: 0033:0x7f222538e929 [ 366.288210][ T9357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.288231][ T9357] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 366.288256][ T9357] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 366.288273][ T9357] RDX: 0000200000000180 RSI: 00000000c058565d RDI: 0000000000000003 [ 366.288289][ T9357] RBP: 00007f22261f7090 R08: 0000000000000000 R09: 0000000000000000 [ 366.288304][ T9357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.288318][ T9357] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 366.288355][ T9357] [ 366.390729][ T5946] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 366.395370][ C0] vkms_vblank_simulate: vblank timer overrun [ 366.441644][ T5946] usb 2-1: device descriptor read/8, error -71 [ 366.445989][ C0] vkms_vblank_simulate: vblank timer overrun [ 366.510582][ T1228] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 366.512101][ C0] hrtimer: interrupt took 221806384 ns [ 366.580821][ T5946] usb usb2-port1: unable to enumerate USB device [ 366.612115][ C0] vkms_vblank_simulate: vblank timer overrun [ 366.672200][ T9361] /dev/rnullb0: Can't open blockdev [ 366.680319][ T5912] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 366.683725][ T1228] usb 5-1: Using ep0 maxpacket: 32 [ 366.698648][ T1228] usb 5-1: config 0 has an invalid interface number: 86 but max is 0 [ 366.710564][ T1228] usb 5-1: config 0 has no interface number 0 [ 366.718006][ T1228] usb 5-1: config 0 interface 86 has no altsetting 0 [ 366.746970][ T1228] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=33.7a [ 366.759430][ T1228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.768815][ T1228] usb 5-1: Product: syz [ 366.782498][ T1228] usb 5-1: Manufacturer: syz [ 366.793788][ T1228] usb 5-1: SerialNumber: syz [ 366.812967][ T1228] usb 5-1: config 0 descriptor?? [ 366.830220][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 366.854995][ T5912] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 366.865481][ T5912] usb 3-1: config 0 has no interfaces? [ 366.882701][ T5912] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 366.900222][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.908366][ T5912] usb 3-1: Product: syz [ 366.908385][ T9363] FAULT_INJECTION: forcing a failure. [ 366.908385][ T9363] name failslab, interval 1, probability 0, space 0, times 0 [ 366.913640][ T5912] usb 3-1: Manufacturer: syz [ 366.933172][ T5912] usb 3-1: SerialNumber: syz [ 366.940526][ T9363] CPU: 0 UID: 0 PID: 9363 Comm: syz.5.1242 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 366.940560][ T9363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.940574][ T9363] Call Trace: [ 366.940583][ T9363] [ 366.940592][ T9363] dump_stack_lvl+0x189/0x250 [ 366.940626][ T9363] ? __pfx____ratelimit+0x10/0x10 [ 366.940650][ T9363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.940688][ T9363] ? __pfx__printk+0x10/0x10 [ 366.940718][ T9363] ? __pfx___might_resched+0x10/0x10 [ 366.940746][ T9363] ? fs_reclaim_acquire+0x7d/0x100 [ 366.940773][ T9363] should_fail_ex+0x414/0x560 [ 366.940800][ T9363] should_failslab+0xa8/0x100 [ 366.940823][ T9363] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 366.940867][ T9363] ? __request_module+0x2d1/0x5e0 [ 366.940899][ T9363] kstrdup+0x42/0x100 [ 366.940927][ T9363] __request_module+0x2d1/0x5e0 [ 366.940954][ T9363] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 366.940979][ T9363] ? __pfx___request_module+0x10/0x10 [ 366.941008][ T9363] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 366.941041][ T9363] ? nft_pernet+0x23/0x240 [ 366.941075][ T9363] nf_tables_abort+0x86a9/0x88a0 [ 366.941125][ T9363] ? __pfx_nf_tables_abort+0x10/0x10 [ 366.941164][ T9363] ? __pfx_nf_tables_newobj+0x10/0x10 [ 366.941200][ T9363] ? __nla_parse+0x40/0x60 [ 366.941237][ T9363] nfnetlink_rcv+0x1aae/0x2520 [ 366.941302][ T9363] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 366.941349][ T9363] ? ref_tracker_free+0x63a/0x7d0 [ 366.941405][ T9363] ? __netlink_deliver_tap+0x807/0x850 [ 366.941440][ T9363] ? netlink_deliver_tap+0x2e/0x1b0 [ 366.941463][ T9363] ? netlink_deliver_tap+0x2e/0x1b0 [ 366.941493][ T9363] netlink_unicast+0x759/0x8e0 [ 366.941530][ T9363] netlink_sendmsg+0x805/0xb30 [ 366.941565][ T9363] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.941593][ T9363] ? aa_sock_msg_perm+0xf1/0x1d0 [ 366.941616][ T9363] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 366.941642][ T9363] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.941674][ T9363] __sock_sendmsg+0x219/0x270 [ 366.941710][ T9363] ____sys_sendmsg+0x505/0x830 [ 366.941744][ T9363] ? __pfx_____sys_sendmsg+0x10/0x10 [ 366.941781][ T9363] ? import_iovec+0x74/0xa0 [ 366.941805][ T9363] ___sys_sendmsg+0x21f/0x2a0 [ 366.941836][ T9363] ? __pfx____sys_sendmsg+0x10/0x10 [ 366.941902][ T9363] ? __fget_files+0x2a/0x420 [ 366.941927][ T9363] ? __fget_files+0x3a0/0x420 [ 366.941964][ T9363] __x64_sys_sendmsg+0x19b/0x260 [ 366.941994][ T9363] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 366.942032][ T9363] ? __pfx_ksys_write+0x10/0x10 [ 366.942052][ T9363] ? rcu_is_watching+0x15/0xb0 [ 366.942085][ T9363] ? do_syscall_64+0xbe/0x3b0 [ 366.942113][ T9363] do_syscall_64+0xfa/0x3b0 [ 366.942135][ T9363] ? lockdep_hardirqs_on+0x9c/0x150 [ 366.942157][ T9363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.942177][ T9363] ? clear_bhb_loop+0x60/0xb0 [ 366.942203][ T9363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.942223][ T9363] RIP: 0033:0x7f222538e929 [ 366.942241][ T9363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.942259][ T9363] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 366.942281][ T9363] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 366.942297][ T9363] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 366.942310][ T9363] RBP: 00007f22261f7090 R08: 0000000000000000 R09: 0000000000000000 [ 366.942323][ T9363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.942336][ T9363] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 366.942368][ T9363] [ 367.305167][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.312927][ T5912] usb 3-1: config 0 descriptor?? [ 367.402583][ T9365] /dev/rnullb0: Can't open blockdev [ 367.708467][ T3402] usb 5-1: USB disconnect, device number 16 [ 367.953596][ T9378] mmap: syz.1.1249 (9378): VmData 37466112 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 368.006847][ T9378] FAT-fs (rnullb0): bogus number of reserved sectors [ 368.036549][ T9378] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 368.429477][ T24] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 368.581382][ T24] usb 5-1: config index 0 descriptor too short (expected 69, got 36) [ 368.602342][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 368.632012][ T24] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 368.659361][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.677674][ T24] usb 5-1: Product: syz [ 368.686039][ T24] usb 5-1: Manufacturer: syz [ 368.699301][ T24] usb 5-1: SerialNumber: syz [ 368.699606][ T3402] usb 2-1: new full-speed USB device number 99 using dummy_hcd [ 368.712915][ T24] usb 5-1: config 0 descriptor?? [ 368.734457][ T24] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 368.851682][ T3402] usb 2-1: device descriptor read/64, error -71 [ 369.038184][ T24] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 369.046683][ T24] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 369.058707][ T24] usb 5-1: USB disconnect, device number 17 [ 369.089194][ T5946] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 369.119373][ T3402] usb 2-1: new full-speed USB device number 100 using dummy_hcd [ 369.238525][ T5912] usb 3-1: USB disconnect, device number 80 [ 369.256146][ T5946] usb 6-1: unable to get BOS descriptor or descriptor too short [ 369.271272][ T3402] usb 2-1: device descriptor read/64, error -71 [ 369.279823][ T5946] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 369.299050][ T5946] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 369.328950][ T5946] usb 6-1: config 1 interface 0 has no altsetting 1 [ 369.338749][ T5946] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 369.350663][ T5946] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.358811][ T5946] usb 6-1: Product: 뛯穂꽗틘퟇챚ï±é«¼îŽ§ë¦™á°¯é²©ì¡ß®æ§€ãº¤ç¥ŠÐ³æ´šå€æº©ì”±ì§¶å‰­é¹•é…¾í‰âˆ‘â“쟻뾜گ㲽æ‹î«ˆç­è—•á¶Œè¢á–‰ì»“㰌뛫깆椺ã‘窄룸@ë†é–§ã©¼ê³ˆå‡ªá®â¢„䶈哻ìŒá¦á²í”™å‘Œä´‘棡ëƒå‚ºê¨ï‡šäº•ä†¢èª®ç‚¶íœœë”瓘⨢㰸ꪶï½çŒ€å‘›ã¹î€¾á™ªç¶ç´©é¼µá£¡è¾ƒãºŒà£‡á»‹ëµœé¹’ë髱耣㯞 [ 369.390086][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.398562][ T5946] usb 6-1: Manufacturer: ⺕ã†ì¡Žì€™æ¡—路鳊î½å†“얽ꪚ⢕ㄇ놶Ꮁ퉗䅆붬₵꓿ౌﶟ镥⸋鵗꒜䴩讀ì’振盪落찣 [ 369.406259][ T3402] usb usb2-port1: attempt power cycle [ 369.414161][ T5946] usb 6-1: SerialNumber: 䎰ຶ售ê¨ëª…ꕴꬒ튃ç¾ê±¤å€¢è¹ì´…鯳솫噤無셴肞ê·ì²»íŽŒè©…ޓ槜떂윎è‘î•æ‹™Û½ìª»çª±ìœ ä¯Žë¯ªê·ë»™ë…¾ï‚’긖ⴴâ‚ã€ï–물嬎홲嶦Ꮋ赨塭蘀﮲쇿ë´è¬æ¬á¹Šå¥•äž”縫掟ꙡ彉怗ᦶë¾à¢Šçœ°æ‰£è§•à²Œåƒ‹é¦¶á£´è¢µî¾°â€¥êª¨ë©«æšæ‹¤ï–Šæ¬žä¾¤ê‘§æœ‹ [ 369.460991][ T5946] smsusb:smsusb_probe: board id=8, interface number 0 [ 369.665545][ T5946] smsusb:smsusb_probe: usb_set_interface failed, rc -71 [ 369.681474][ T5946] smsusb 6-1:1.0: probe with driver smsusb failed with error -71 [ 369.701602][ T5946] usb 6-1: USB disconnect, device number 13 [ 369.768987][ T3402] usb 2-1: new full-speed USB device number 101 using dummy_hcd [ 369.801078][ T3402] usb 2-1: device descriptor read/8, error -71 [ 369.958713][ T1228] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 370.048666][ T3402] usb 2-1: new full-speed USB device number 102 using dummy_hcd [ 370.072705][ T3402] usb 2-1: device descriptor read/8, error -71 [ 370.088644][ T1228] usb 5-1: device descriptor read/64, error -71 [ 370.189482][ T3402] usb usb2-port1: unable to enumerate USB device [ 370.297066][ T9406] qnx4: no qnx4 filesystem (no root dir). [ 370.328592][ T1228] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 370.345370][ T9403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1258'. [ 370.464592][ T1228] usb 5-1: device descriptor read/64, error -71 [ 370.588737][ T1228] usb usb5-port1: attempt power cycle [ 370.940433][ T1228] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 370.972267][ T1228] usb 5-1: device descriptor read/8, error -71 [ 371.218230][ T1228] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 371.260349][ T1228] usb 5-1: device descriptor read/8, error -71 [ 371.389145][ T1228] usb usb5-port1: unable to enumerate USB device [ 371.748052][ T5905] usb 3-1: new low-speed USB device number 81 using dummy_hcd [ 371.925548][ T5905] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 371.935650][ T5905] usb 3-1: config 0 has no interface number 0 [ 371.942394][ T5905] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 371.955017][ T5905] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 371.966733][ T5905] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 371.980437][ T5905] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 371.995210][ T5905] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 372.011935][ T5905] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 372.026758][ T5905] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 372.039244][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.051066][ T5905] usb 3-1: config 0 descriptor?? [ 372.058946][ T9425] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 372.073857][ T5905] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 372.281075][ T5905] usb 3-1: USB disconnect, device number 81 [ 372.303620][ T5905] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 372.317232][ T9429] omfs: Invalid superblock (0) [ 372.467681][ T5912] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 372.617583][ T5912] usb 6-1: Using ep0 maxpacket: 32 [ 372.637776][ T5912] usb 6-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 372.660740][ T5912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.689266][ T5912] usb 6-1: Product: syz [ 372.704161][ T5912] usb 6-1: Manufacturer: syz [ 372.711439][ T5912] usb 6-1: SerialNumber: syz [ 372.737910][ T5912] usb 6-1: config 0 descriptor?? [ 372.837246][ T5905] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 372.987468][ T5905] usb 2-1: Using ep0 maxpacket: 16 [ 372.999654][ T9440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1269'. [ 373.005649][ T5905] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 373.034414][ T5905] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 373.073743][ T5905] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 373.098269][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.120200][ T5905] usb 2-1: Product: syz [ 373.124442][ T5905] usb 2-1: Manufacturer: syz [ 373.146165][ T5905] usb 2-1: SerialNumber: syz [ 373.381182][ T5905] usb 2-1: 0:2 : does not exist [ 373.409436][ T5905] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 373.477616][ T5905] usb 2-1: USB disconnect, device number 103 [ 373.652577][ T9449] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 373.851691][ T5912] peak_usb 6-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 373.902324][ T9457] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 373.926508][ T9457] FAULT_INJECTION: forcing a failure. [ 373.926508][ T9457] name failslab, interval 1, probability 0, space 0, times 0 [ 373.959794][ T5912] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -71 [ 373.986051][ T9457] CPU: 1 UID: 0 PID: 9457 Comm: syz.4.1274 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 373.986083][ T9457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 373.986098][ T9457] Call Trace: [ 373.986106][ T9457] [ 373.986116][ T9457] dump_stack_lvl+0x189/0x250 [ 373.986150][ T9457] ? __pfx____ratelimit+0x10/0x10 [ 373.986175][ T9457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.986205][ T9457] ? __pfx__printk+0x10/0x10 [ 373.986241][ T9457] ? __pfx___might_resched+0x10/0x10 [ 373.986269][ T9457] ? fs_reclaim_acquire+0x7d/0x100 [ 373.986297][ T9457] should_fail_ex+0x414/0x560 [ 373.986324][ T9457] should_failslab+0xa8/0x100 [ 373.986347][ T9457] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 373.986381][ T9457] ? __alloc_skb+0x112/0x2d0 [ 373.986410][ T9457] __alloc_skb+0x112/0x2d0 [ 373.986440][ T9457] alloc_uevent_skb+0x7d/0x230 [ 373.986475][ T9457] kobject_uevent_net_broadcast+0x2fa/0x560 [ 373.986511][ T9457] kobject_uevent_env+0x55b/0x8c0 [ 373.986554][ T9457] __kobject_del+0xd2/0x300 [ 373.986576][ T9457] ? kobject_put+0x237/0x480 [ 373.986603][ T9457] kobject_put+0x243/0x480 [ 373.986635][ T9457] device_del+0x529/0x8e0 [ 373.986675][ T9457] ? __pfx_device_del+0x10/0x10 [ 373.986715][ T9457] device_unregister+0x20/0xc0 [ 373.986744][ T9457] iommufd_object_remove+0x32c/0x480 [ 373.986773][ T9457] ? __pfx_iommufd_object_remove+0x10/0x10 [ 373.986817][ T9457] iommufd_fops_ioctl+0x45e/0x580 [ 373.986858][ T9457] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 373.986889][ T9457] ? __fget_files+0x2a/0x420 [ 373.986922][ T9457] ? __fget_files+0x2a/0x420 [ 373.986953][ T9457] ? bpf_lsm_file_ioctl+0x9/0x20 [ 373.986982][ T9457] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 373.987006][ T9457] __se_sys_ioctl+0xfc/0x170 [ 373.987031][ T9457] do_syscall_64+0xfa/0x3b0 [ 373.987053][ T9457] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.987075][ T9457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.987096][ T9457] ? clear_bhb_loop+0x60/0xb0 [ 373.987122][ T9457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.987142][ T9457] RIP: 0033:0x7fb8c818e929 [ 373.987162][ T9457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.987179][ T9457] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 373.987202][ T9457] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 373.987217][ T9457] RDX: 0000200000000040 RSI: 0000000000003b80 RDI: 0000000000000003 [ 373.987231][ T9457] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 373.987244][ T9457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.987257][ T9457] R13: 0000000000000000 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 373.987291][ T9457] [ 374.260059][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.332976][ T5912] usb 6-1: USB disconnect, device number 14 [ 374.606470][ T3402] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 374.646461][ T7114] usb 2-1: new low-speed USB device number 104 using dummy_hcd [ 374.746329][ T3402] usb 3-1: device descriptor read/64, error -71 [ 374.778377][ T9466] FAULT_INJECTION: forcing a failure. [ 374.778377][ T9466] name failslab, interval 1, probability 0, space 0, times 0 [ 374.817412][ T9466] CPU: 1 UID: 0 PID: 9466 Comm: syz.5.1279 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 374.817444][ T9466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 374.817458][ T9466] Call Trace: [ 374.817467][ T9466] [ 374.817477][ T9466] dump_stack_lvl+0x189/0x250 [ 374.817511][ T9466] ? __pfx____ratelimit+0x10/0x10 [ 374.817535][ T9466] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.817565][ T9466] ? __pfx__printk+0x10/0x10 [ 374.817597][ T9466] ? __pfx___might_resched+0x10/0x10 [ 374.817625][ T9466] ? fs_reclaim_acquire+0x7d/0x100 [ 374.817653][ T9466] should_fail_ex+0x414/0x560 [ 374.817681][ T9466] should_failslab+0xa8/0x100 [ 374.817703][ T9466] __kmalloc_noprof+0xcb/0x4f0 [ 374.817740][ T9466] ? tomoyo_encode+0x28b/0x550 [ 374.817767][ T9466] tomoyo_encode+0x28b/0x550 [ 374.817795][ T9466] tomoyo_realpath_from_path+0x58d/0x5d0 [ 374.817830][ T9466] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 374.817861][ T9466] tomoyo_path_number_perm+0x1e8/0x5a0 [ 374.817894][ T9466] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 374.817943][ T9466] ? __lock_acquire+0xab9/0xd20 [ 374.817990][ T9466] ? __fget_files+0x2a/0x420 [ 374.818020][ T9466] ? __fget_files+0x2a/0x420 [ 374.818044][ T9466] ? __fget_files+0x3a0/0x420 [ 374.818069][ T9466] ? __fget_files+0x2a/0x420 [ 374.818099][ T9466] security_file_ioctl+0xcb/0x2d0 [ 374.818130][ T9466] __se_sys_ioctl+0x47/0x170 [ 374.818153][ T9466] do_syscall_64+0xfa/0x3b0 [ 374.818176][ T9466] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.818198][ T9466] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.818218][ T9466] ? clear_bhb_loop+0x60/0xb0 [ 374.818245][ T9466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.818265][ T9466] RIP: 0033:0x7f222538e929 [ 374.818283][ T9466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.818302][ T9466] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 374.818324][ T9466] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 374.818339][ T9466] RDX: 0000200000000040 RSI: 0000000000004601 RDI: 0000000000000003 [ 374.818353][ T9466] RBP: 00007f22261f7090 R08: 0000000000000000 R09: 0000000000000000 [ 374.818367][ T9466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 374.818379][ T9466] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 374.818418][ T9466] [ 374.820608][ T9466] ERROR: Out of memory at tomoyo_realpath_from_path. [ 374.831338][ T7114] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 375.085889][ T7114] usb 2-1: config 0 has no interface number 0 [ 375.085943][ T7114] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 375.085970][ T7114] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 375.086065][ T7114] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 375.086094][ T7114] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 375.086122][ T7114] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 375.086149][ T7114] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 375.086195][ T7114] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 375.086218][ T7114] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.089423][ T7114] usb 2-1: config 0 descriptor?? [ 375.090307][ T9461] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 375.103782][ T7114] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 375.206119][ T3402] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 375.300611][ T7114] usb 2-1: USB disconnect, device number 104 [ 375.305377][ T7114] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 375.346174][ T3402] usb 3-1: device descriptor read/64, error -71 [ 375.472401][ T3402] usb usb3-port1: attempt power cycle [ 375.486426][ T9469] qnx4: no qnx4 filesystem (no root dir). [ 375.805874][ T5946] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 375.805916][ T3402] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 375.845956][ T7114] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 375.863822][ T3402] usb 3-1: device descriptor read/8, error -71 [ 375.906885][ T9475] program syz.1.1283 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 375.985655][ T5946] usb 5-1: Using ep0 maxpacket: 32 [ 375.997822][ T5946] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 376.016300][ T7114] usb 6-1: Using ep0 maxpacket: 32 [ 376.025596][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.031140][ T7114] usb 6-1: config index 0 descriptor too short (expected 16420, got 36) [ 376.047433][ T5946] usb 5-1: config 0 descriptor?? [ 376.056895][ T7114] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 376.073680][ T5946] gspca_main: sunplus-2.14.0 probing 041e:400b [ 376.074453][ T7114] usb 6-1: config 0 has no interface number 0 [ 376.089230][ T9477] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 376.100170][ T9477] FAULT_INJECTION: forcing a failure. [ 376.100170][ T9477] name failslab, interval 1, probability 0, space 0, times 0 [ 376.113260][ T7114] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.124457][ T3402] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 376.132184][ T7114] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.142662][ T9477] CPU: 0 UID: 0 PID: 9477 Comm: syz.1.1284 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 376.142692][ T9477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 376.142706][ T9477] Call Trace: [ 376.142715][ T9477] [ 376.142725][ T9477] dump_stack_lvl+0x189/0x250 [ 376.142765][ T9477] ? __pfx____ratelimit+0x10/0x10 [ 376.142789][ T9477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.142819][ T9477] ? __pfx__printk+0x10/0x10 [ 376.142855][ T9477] ? __pfx___might_resched+0x10/0x10 [ 376.142882][ T9477] ? fs_reclaim_acquire+0x7d/0x100 [ 376.142910][ T9477] should_fail_ex+0x414/0x560 [ 376.142939][ T9477] should_failslab+0xa8/0x100 [ 376.142963][ T9477] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 376.142996][ T9477] ? __alloc_skb+0x112/0x2d0 [ 376.143026][ T9477] __alloc_skb+0x112/0x2d0 [ 376.143056][ T9477] alloc_uevent_skb+0x7d/0x230 [ 376.143091][ T9477] kobject_uevent_net_broadcast+0x2fa/0x560 [ 376.143127][ T9477] kobject_uevent_env+0x55b/0x8c0 [ 376.143167][ T9477] __kobject_del+0xd2/0x300 [ 376.143190][ T9477] ? kobject_put+0x237/0x480 [ 376.143218][ T9477] kobject_put+0x243/0x480 [ 376.143250][ T9477] device_del+0x529/0x8e0 [ 376.143289][ T9477] ? __pfx_device_del+0x10/0x10 [ 376.143329][ T9477] device_unregister+0x20/0xc0 [ 376.143358][ T9477] iommufd_object_remove+0x32c/0x480 [ 376.143387][ T9477] ? __pfx_iommufd_object_remove+0x10/0x10 [ 376.143431][ T9477] iommufd_fops_ioctl+0x45e/0x580 [ 376.143464][ T9477] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 376.143494][ T9477] ? __fget_files+0x2a/0x420 [ 376.143528][ T9477] ? __fget_files+0x2a/0x420 [ 376.143558][ T9477] ? bpf_lsm_file_ioctl+0x9/0x20 [ 376.143587][ T9477] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 376.143612][ T9477] __se_sys_ioctl+0xfc/0x170 [ 376.143637][ T9477] do_syscall_64+0xfa/0x3b0 [ 376.143666][ T9477] ? lockdep_hardirqs_on+0x9c/0x150 [ 376.143688][ T9477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.143709][ T9477] ? clear_bhb_loop+0x60/0xb0 [ 376.143735][ T9477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.143756][ T9477] RIP: 0033:0x7fddad78e929 [ 376.143775][ T9477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.143794][ T9477] RSP: 002b:00007fddae571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 376.143817][ T9477] RAX: ffffffffffffffda RBX: 00007fddad9b5fa0 RCX: 00007fddad78e929 [ 376.143832][ T9477] RDX: 0000200000000040 RSI: 0000000000003b80 RDI: 0000000000000003 [ 376.143847][ T9477] RBP: 00007fddae571090 R08: 0000000000000000 R09: 0000000000000000 [ 376.143860][ T9477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 376.143872][ T9477] R13: 0000000000000000 R14: 00007fddad9b5fa0 R15: 00007fff7eca6e48 [ 376.143905][ T9477] [ 376.427983][ T7114] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 376.437147][ T7114] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.451715][ T7114] usb 6-1: config 0 descriptor?? [ 376.493246][ T3402] usb 3-1: device descriptor read/8, error -71 [ 376.607155][ T3402] usb usb3-port1: unable to enumerate USB device [ 376.834724][ T9485] cgroup: subsys name conflicts with all [ 376.871175][ T9473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 376.884272][ T9473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.994635][ T9491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.035746][ T9491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.091794][ T7114] usbhid 6-1:0.1: can't add hid device: -71 [ 377.101307][ T7114] usbhid 6-1:0.1: probe with driver usbhid failed with error -71 [ 377.129285][ T7114] usb 6-1: USB disconnect, device number 15 [ 377.764973][ T5905] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 377.850230][ T5946] gspca_sunplus: reg_w_riv err -71 [ 377.865494][ T5946] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 377.899963][ T5946] usb 5-1: USB disconnect, device number 22 [ 377.928363][ T7114] usb 6-1: new low-speed USB device number 16 using dummy_hcd [ 377.965178][ T5905] usb 3-1: Using ep0 maxpacket: 16 [ 377.972840][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.994837][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.015149][ T5905] usb 3-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.00 [ 378.024280][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.062763][ T5905] usb 3-1: config 0 descriptor?? [ 378.119439][ T7114] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 378.129707][ T7114] usb 6-1: config 0 has no interface number 0 [ 378.139086][ T7114] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 378.168567][ T7114] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 378.188719][ T7114] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 378.207908][ T7114] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 378.222663][ T7114] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 378.238568][ T7114] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 378.264991][ T7114] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 378.274363][ T7114] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.296425][ T7114] usb 6-1: config 0 descriptor?? [ 378.304353][ T9507] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 378.318436][ T9507] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 378.333955][ T7114] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 378.362775][ T9520] binder: 9519:9520 ioctl c018620c 200000000580 returned -22 [ 378.498521][ T5905] usbhid 3-1:0.0: can't add hid device: -71 [ 378.506696][ T5905] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 378.534763][ T5905] usb 3-1: USB disconnect, device number 86 [ 378.544730][ T7114] usb 6-1: USB disconnect, device number 16 [ 378.563284][ T7114] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 378.660925][ T9526] NILFS (rnullb0): couldn't find nilfs on the device [ 379.378075][ T9540] tipc: Enabling not permitted [ 379.394058][ T9540] tipc: Enabling of bearer rejected, failed to enable media [ 379.494125][ T5946] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 379.611953][ T3011] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.664043][ T5946] usb 5-1: Using ep0 maxpacket: 16 [ 379.675566][ T5946] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 379.697013][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.713953][ T5946] usb 5-1: Product: syz [ 379.724130][ T5946] usb 5-1: Manufacturer: syz [ 379.739678][ T5946] usb 5-1: SerialNumber: syz [ 379.766254][ T5946] usb 5-1: config 0 descriptor?? [ 379.787411][ T5946] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 379.823167][ T3011] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.999649][ T3011] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.029188][ T9544] FAULT_INJECTION: forcing a failure. [ 380.029188][ T9544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 380.085749][ T9544] CPU: 1 UID: 0 PID: 9544 Comm: syz.5.1305 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 380.085784][ T9544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 380.085798][ T9544] Call Trace: [ 380.085807][ T9544] [ 380.085817][ T9544] dump_stack_lvl+0x189/0x250 [ 380.085864][ T9544] ? __pfx____ratelimit+0x10/0x10 [ 380.085887][ T9544] ? __pfx_dump_stack_lvl+0x10/0x10 [ 380.085916][ T9544] ? __pfx__printk+0x10/0x10 [ 380.085945][ T9544] ? __might_fault+0xb0/0x130 [ 380.085987][ T9544] should_fail_ex+0x414/0x560 [ 380.086015][ T9544] _copy_from_iter+0x1db/0x16f0 [ 380.086057][ T9544] ? __pfx__copy_from_iter+0x10/0x10 [ 380.086087][ T9544] ? file_tty_write+0x2a8/0x990 [ 380.086111][ T9544] ? file_tty_write+0x2e8/0x990 [ 380.086151][ T9544] ? rcu_is_watching+0x15/0xb0 [ 380.086180][ T9544] ? kfree+0x4d/0x440 [ 380.086214][ T9544] file_tty_write+0x486/0x990 [ 380.086248][ T9544] vfs_write+0x54b/0xa90 [ 380.086276][ T9544] ? __pfx_tty_write+0x10/0x10 [ 380.086300][ T9544] ? __pfx_vfs_write+0x10/0x10 [ 380.086333][ T9544] ? __fget_files+0x2a/0x420 [ 380.086370][ T9544] ksys_write+0x145/0x250 [ 380.086402][ T9544] ? __pfx_ksys_write+0x10/0x10 [ 380.086421][ T9544] ? rcu_is_watching+0x15/0xb0 [ 380.086454][ T9544] ? do_syscall_64+0xbe/0x3b0 [ 380.086482][ T9544] do_syscall_64+0xfa/0x3b0 [ 380.086504][ T9544] ? lockdep_hardirqs_on+0x9c/0x150 [ 380.086526][ T9544] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.086547][ T9544] ? clear_bhb_loop+0x60/0xb0 [ 380.086573][ T9544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.086594][ T9544] RIP: 0033:0x7f222538e929 [ 380.086613][ T9544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.086632][ T9544] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 380.086653][ T9544] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 380.086669][ T9544] RDX: 00000000000000fa RSI: 0000200000004000 RDI: 0000000000000004 [ 380.086683][ T9544] RBP: 00007f22261f7090 R08: 0000000000000000 R09: 0000000000000000 [ 380.086696][ T9544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.086708][ T9544] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 380.086742][ T9544] [ 380.172131][ T3011] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.196693][ T5946] usb 5-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 380.399605][ T9535] loop6: detected capacity change from 0 to 7 [ 380.401594][ T9535] Dev loop6: unable to read RDB block 7 [ 380.401654][ T9535] loop6: unable to read partition table [ 380.401872][ T9535] loop6: partition table beyond EOD, truncated [ 380.401894][ T9535] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 380.408131][ T5946] usb 5-1: USB disconnect, device number 23 [ 380.412136][ T5946] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 380.412782][ T5946] visor 5-1:0.0: device disconnected [ 380.476829][ T3011] bridge_slave_0: left allmulticast mode [ 380.476886][ T3011] bridge_slave_0: left promiscuous mode [ 380.477110][ T3011] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.598017][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.723547][ T5866] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 380.736267][ T5866] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 380.745945][ T5866] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 380.753725][ T5866] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 380.754420][ T5866] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 381.393107][ T5946] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 381.409123][ T3011] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 381.424304][ T3011] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 381.436580][ T3011] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 381.449511][ T3011] bond0 (unregistering): Released all slaves [ 381.573349][ T5946] usb 2-1: Using ep0 maxpacket: 16 [ 381.600536][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.618036][ T5946] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 381.630288][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.638704][ T24] usb 6-1: new low-speed USB device number 17 using dummy_hcd [ 381.672277][ T5946] usb 2-1: config 0 descriptor?? [ 381.718585][ T9565] gfs2: not a GFS2 filesystem [ 381.767225][ T9565] tmpfs: Bad value for 'size' [ 381.817634][ T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 381.852681][ T24] usb 6-1: config 0 has no interface number 0 [ 381.864027][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 381.902052][ T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 381.922329][ T9568] binder: BINDER_SET_CONTEXT_MGR already set [ 381.931804][ T3011] hsr_slave_0: left promiscuous mode [ 381.931969][ T9568] binder: 9566:9568 ioctl 4018620d 200000000040 returned -16 [ 381.947238][ T3011] hsr_slave_1: left promiscuous mode [ 381.957163][ T3011] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.959023][ T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 381.965596][ T3011] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.985752][ T9568] binder: 9566:9568 ioctl c0306201 200000000300 returned -11 [ 381.994409][ T3011] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.001830][ T3011] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.027132][ T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 382.039261][ T3011] veth1_macvtap: left promiscuous mode [ 382.068037][ T3011] veth0_macvtap: left promiscuous mode [ 382.075789][ T3011] veth1_vlan: left promiscuous mode [ 382.081155][ T3011] veth0_vlan: left promiscuous mode [ 382.089157][ T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 382.121348][ T5946] hid_parser_main: 45 callbacks suppressed [ 382.121373][ T5946] hid-led 0003:1294:1320.0020: unknown main item tag 0x0 [ 382.142896][ T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 382.166487][ T5946] hid-led 0003:1294:1320.0020: unknown main item tag 0x0 [ 382.182359][ T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 382.192961][ T5946] hid-led 0003:1294:1320.0020: unknown main item tag 0x0 [ 382.200097][ T5946] hid-led 0003:1294:1320.0020: unknown main item tag 0x0 [ 382.207923][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.226891][ T5946] hid-led 0003:1294:1320.0020: unknown main item tag 0x0 [ 382.235599][ T24] usb 6-1: config 0 descriptor?? [ 382.241595][ T9563] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 382.249882][ T9563] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 382.263284][ T5946] hid-led 0003:1294:1320.0020: hidraw0: USB HID v0.05 Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0 [ 382.293657][ T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 382.310876][ T5946] hid-led 0003:1294:1320.0020: Riso Kagaku Webmail Notifier initialized [ 382.364915][ T9573] vxfs: WRONG superblock magic 00000000 at 1 [ 382.373888][ T9573] vxfs: WRONG superblock magic 00000000 at 8 [ 382.379922][ T9573] vxfs: can't find superblock. [ 382.489545][ T5946] usb 6-1: USB disconnect, device number 17 [ 382.510999][ T5946] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 382.562804][ T9580] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1315'. [ 382.802703][ T5857] Bluetooth: hci2: command tx timeout [ 383.104277][ T9584] FAULT_INJECTION: forcing a failure. [ 383.104277][ T9584] name failslab, interval 1, probability 0, space 0, times 0 [ 383.121471][ T9584] CPU: 0 UID: 0 PID: 9584 Comm: syz.5.1316 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 383.121503][ T9584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.121516][ T9584] Call Trace: [ 383.121526][ T9584] [ 383.121535][ T9584] dump_stack_lvl+0x189/0x250 [ 383.121571][ T9584] ? __pfx____ratelimit+0x10/0x10 [ 383.121595][ T9584] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.121625][ T9584] ? __pfx__printk+0x10/0x10 [ 383.121651][ T9584] ? __lock_acquire+0xab9/0xd20 [ 383.121692][ T9584] should_fail_ex+0x414/0x560 [ 383.121719][ T9584] should_failslab+0xa8/0x100 [ 383.121743][ T9584] kmem_cache_alloc_noprof+0x73/0x3c0 [ 383.121774][ T9584] ? xfrm_state_alloc+0x24/0x2f0 [ 383.121809][ T9584] xfrm_state_alloc+0x24/0x2f0 [ 383.121842][ T9584] xfrm_state_find+0x37d4/0x5400 [ 383.121885][ T9584] ? __pfx___find_rr_leaf+0x10/0x10 [ 383.121916][ T9584] ? __pfx_fib6_node_lookup+0x10/0x10 [ 383.121948][ T9584] ? xfrm_state_find+0x1da/0x5400 [ 383.121990][ T9584] ? __pfx_xfrm_state_find+0x10/0x10 [ 383.122030][ T9584] ? __rt6_find_exception_rcu+0x127/0x4c0 [ 383.122057][ T9584] ? process_measurement+0x72d/0x1a40 [ 383.122089][ T9584] ? __pfx___rt6_find_exception_rcu+0x10/0x10 [ 383.122130][ T9584] xfrm_resolve_and_create_bundle+0x768/0x2f90 [ 383.122189][ T9584] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 383.122213][ T9584] ? __lock_acquire+0xab9/0xd20 [ 383.122259][ T9584] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 383.122297][ T9584] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 383.122326][ T9584] ? xfrm_expand_policies+0x41f/0x6a0 [ 383.122357][ T9584] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 383.122385][ T9584] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 383.122416][ T9584] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 383.122456][ T9584] xfrm_lookup_route+0x3c/0x1c0 [ 383.122480][ T9584] ? ip6_datagram_dst_update+0x511/0xcb0 [ 383.122509][ T9584] ip6_datagram_dst_update+0x75c/0xcb0 [ 383.122544][ T9584] ? __pfx_ip6_datagram_dst_update+0x10/0x10 [ 383.122587][ T9584] ? __lock_acquire+0xab9/0xd20 [ 383.122611][ T9584] ? __ip6_datagram_connect+0xb92/0x1150 [ 383.122645][ T9584] __ip6_datagram_connect+0xbd1/0x1150 [ 383.122683][ T9584] ? __pfx___ip6_datagram_connect+0x10/0x10 [ 383.122708][ T9584] ? __local_bh_enable_ip+0x12d/0x1c0 [ 383.122736][ T9584] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 383.122774][ T9584] ip6_datagram_connect_v6_only+0x63/0xa0 [ 383.122805][ T9584] __sys_connect+0x313/0x440 [ 383.122830][ T9584] ? __fget_files+0x3a0/0x420 [ 383.122857][ T9584] ? __pfx___sys_connect+0x10/0x10 [ 383.122895][ T9584] ? __pfx_ksys_write+0x10/0x10 [ 383.122915][ T9584] ? rcu_is_watching+0x15/0xb0 [ 383.122952][ T9584] __x64_sys_connect+0x7a/0x90 [ 383.122977][ T9584] do_syscall_64+0xfa/0x3b0 [ 383.123000][ T9584] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.123029][ T9584] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.123050][ T9584] ? clear_bhb_loop+0x60/0xb0 [ 383.123076][ T9584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.123097][ T9584] RIP: 0033:0x7f222538e929 [ 383.123116][ T9584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.123135][ T9584] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 383.123157][ T9584] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 383.123173][ T9584] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004 [ 383.123186][ T9584] RBP: 00007f22261f7090 R08: 0000000000000000 R09: 0000000000000000 [ 383.123200][ T9584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 383.123212][ T9584] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 383.123245][ T9584] [ 383.717613][ T3011] team0 (unregistering): Port device team_slave_1 removed [ 383.829055][ T3011] team0 (unregistering): Port device team_slave_0 removed [ 384.327838][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.335907][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.528367][ T9579] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1315'. [ 384.644735][ T5946] usb 2-1: USB disconnect, device number 105 [ 384.705309][ T3557] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 384.771384][ T12] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 384.783858][ T12] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 384.881231][ T5857] Bluetooth: hci2: command tx timeout [ 384.936556][ T9548] chnl_net:caif_netlink_parms(): no params data found [ 385.001123][ T5905] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 385.173215][ T5905] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 385.182190][ T5905] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 385.197984][ T9548] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.204189][ T5905] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 385.216059][ T9548] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.227639][ T5905] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 385.235235][ T9548] bridge_slave_0: entered allmulticast mode [ 385.252384][ T5905] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 385.276604][ T9548] bridge_slave_0: entered promiscuous mode [ 385.277375][ T5905] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 385.301034][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 385.307543][ T9548] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.318700][ T9548] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.322172][ T5905] usb 6-1: Product: syz [ 385.329739][ T9548] bridge_slave_1: entered allmulticast mode [ 385.336642][ T5905] usb 6-1: Manufacturer: syz [ 385.346054][ T9548] bridge_slave_1: entered promiscuous mode [ 385.359393][ T5905] cdc_wdm 6-1:1.0: skipping garbage [ 385.367415][ T5905] cdc_wdm 6-1:1.0: skipping garbage [ 385.380337][ T5905] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 385.395841][ T5905] cdc_wdm 6-1:1.0: Unknown control protocol [ 385.444092][ T9548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.486379][ T9548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.553247][ T9548] team0: Port device team_slave_0 added [ 385.562643][ T9548] team0: Port device team_slave_1 added [ 385.591007][ T7114] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 385.652466][ T9548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.659627][ T9548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.686238][ T5905] usb 6-1: USB disconnect, device number 18 [ 385.693403][ T9548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.712329][ T9548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.719730][ T9548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.750265][ T9548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.761596][ T5937] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 385.796852][ T7114] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 385.809997][ T7114] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 385.832972][ T7114] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 385.855446][ T7114] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 385.876378][ T9607] NILFS (rnullb0): couldn't find nilfs on the device [ 385.883483][ T7114] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 385.908897][ T9548] hsr_slave_0: entered promiscuous mode [ 385.918720][ T5937] usb 5-1: device descriptor read/64, error -71 [ 385.927076][ T7114] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 385.940491][ T7114] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 385.949171][ T9548] hsr_slave_1: entered promiscuous mode [ 385.959712][ T9548] debugfs: 'hsr0' already exists in 'hsr' [ 385.965781][ T7114] usb 2-1: Product: syz [ 385.971469][ T7114] usb 2-1: Manufacturer: syz [ 385.978339][ T9548] Cannot create hsr debugfs directory [ 385.992213][ T7114] cdc_wdm 2-1:1.0: skipping garbage [ 386.000739][ T7114] cdc_wdm 2-1:1.0: skipping garbage [ 386.017685][ T7114] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 386.031560][ T7114] cdc_wdm 2-1:1.0: Unknown control protocol [ 386.161073][ T5937] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 386.266728][ T7114] usb 2-1: USB disconnect, device number 106 [ 386.311372][ T5937] usb 5-1: device descriptor read/64, error -71 [ 386.430840][ T5937] usb usb5-port1: attempt power cycle [ 386.509021][ T9604] NILFS (rnullb0): couldn't find nilfs on the device [ 386.604840][ T9548] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 386.616735][ T9548] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 386.631766][ T9548] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 386.653819][ T9548] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 386.779330][ T9548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 386.791137][ T5937] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 386.821033][ T5937] usb 5-1: device descriptor read/8, error -71 [ 386.828642][ T9548] 8021q: adding VLAN 0 to HW filter on device team0 [ 386.840799][ T7114] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 386.859724][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.866964][ T3557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 386.880018][ T3557] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.887247][ T3557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 386.960443][ T5857] Bluetooth: hci2: command tx timeout [ 387.001754][ T7114] usb 6-1: Using ep0 maxpacket: 8 [ 387.019669][ T7114] usb 6-1: unable to get BOS descriptor or descriptor too short [ 387.051550][ T7114] usb 6-1: config 0 has an invalid interface number: 65 but max is 0 [ 387.073039][ T5937] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 387.083735][ T7114] usb 6-1: config 0 has no interface number 0 [ 387.105381][ T7114] usb 6-1: config 0 interface 65 has no altsetting 0 [ 387.119319][ T7114] usb 6-1: New USB device found, idVendor=052b, idProduct=1911, bcdDevice= 1.00 [ 387.133034][ T5937] usb 5-1: device descriptor read/8, error -71 [ 387.148947][ T7114] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.170414][ T7114] usb 6-1: Product: ᔄ蹓갆é¤ìŽ¯ì”Žåª¾î‘€ê†‡å‚…组᥯蚣ï®å¶»áª©î£´âœ‚᪦橵︆穬쿞é¤ì±î«²åšžà®¡é¸„⽠頶蕤䭻シí˜ë»«â¸ŽÂ’áŠã–¬ã¦Ÿâ¤˜ï»¡è„£é·¼î«é—〨å”枅낊ᒓ䑎郴é•à¶ªæ­¤á±˜à®¬â¨‘碥氓í²âœ§í…¹ê¶’䃠é±å¤ê°¦ï“³à­¦ìš§âˆ°ã¬žèœ¤ê‹® [ 387.222916][ T7114] usb 6-1: SerialNumber: syz [ 387.246484][ T5937] usb usb5-port1: unable to enumerate USB device [ 387.254093][ T7114] usb 6-1: config 0 descriptor?? [ 387.400700][ T5946] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 387.414152][ T9548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 387.496058][ T9611] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1324'. [ 387.498311][ T9548] veth0_vlan: entered promiscuous mode [ 387.518587][ T7114] usb-storage 6-1:0.65: USB Mass Storage device detected [ 387.527601][ T9548] veth1_vlan: entered promiscuous mode [ 387.562464][ T7114] usb-storage 6-1:0.65: Quirks match for vid 052b pid 1911: 20 [ 387.570169][ T5946] usb 2-1: Using ep0 maxpacket: 32 [ 387.582834][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 387.607595][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.622158][ T9548] veth0_macvtap: entered promiscuous mode [ 387.633421][ T5946] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 387.640186][ T7114] usb 6-1: USB disconnect, device number 19 [ 387.660771][ T5946] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 387.671829][ T9548] veth1_macvtap: entered promiscuous mode [ 387.679298][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.713572][ T5946] usb 2-1: config 0 descriptor?? [ 387.729531][ T9548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 387.754100][ T9548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 387.786213][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.796897][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.813414][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.845665][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.934024][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.960195][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.006390][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.019042][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.189888][ T9628] 9pnet_fd: Insufficient options for proto=fd [ 388.233147][ T5946] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0021/input/input49 [ 388.284433][ T5946] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0021/input/input50 [ 388.345150][ T5946] kye 0003:0458:5011.0021: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 388.375692][ T9632] netlink: 'syz.5.1327': attribute type 10 has an invalid length. [ 388.384184][ T9632] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 388.407559][ T9632] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 388.439498][ T9] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 388.506204][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1328'. [ 388.553223][ T9634] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 388.560535][ T9634] VFS: Can't find a romfs filesystem on dev rnullb0. [ 388.560535][ T9634] [ 388.589848][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 388.602754][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.620195][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 388.631363][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.646181][ T9] usb 3-1: config 0 descriptor?? [ 388.822946][ T9638] fuseblk: Bad value for 'fd' [ 388.828659][ T9638] netlink: 6 bytes leftover after parsing attributes in process `syz.5.1330'. [ 388.868676][ T9630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.888254][ T9630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.039972][ T5857] Bluetooth: hci2: command tx timeout [ 389.274518][ T9] mcp2221 0003:04D8:00DD.0022: unknown main item tag 0x0 [ 389.311763][ T9] mcp2221 0003:04D8:00DD.0022: unknown main item tag 0x0 [ 389.325693][ T9] mcp2221 0003:04D8:00DD.0022: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 389.336967][ C0] kye 0003:0458:5011.0021: usb_submit_urb(ctrl) failed: -1 [ 389.473914][ T9630] i2c i2c-1: unsupported multi-msg i2c transaction [ 389.488951][ T5905] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 389.607530][ T9657] tipc: Started in network mode [ 389.613879][ T9657] tipc: Node identity 7365725f69643d3, cluster identity 4711 [ 389.625106][ T9657] tipc: Enabling of bearer rejected, failed to enable media [ 389.636123][ T9657] FAULT_INJECTION: forcing a failure. [ 389.636123][ T9657] name failslab, interval 1, probability 0, space 0, times 0 [ 389.650179][ T5905] usb 6-1: Using ep0 maxpacket: 32 [ 389.664111][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.692154][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.705780][ T9657] CPU: 1 UID: 0 PID: 9657 Comm: syz.4.1337 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 389.705811][ T9657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 389.705826][ T9657] Call Trace: [ 389.705835][ T9657] [ 389.705845][ T9657] dump_stack_lvl+0x189/0x250 [ 389.705882][ T9657] ? __pfx____ratelimit+0x10/0x10 [ 389.705906][ T9657] ? __pfx_dump_stack_lvl+0x10/0x10 [ 389.705936][ T9657] ? __pfx__printk+0x10/0x10 [ 389.705983][ T9657] should_fail_ex+0x414/0x560 [ 389.706011][ T9657] should_failslab+0xa8/0x100 [ 389.706035][ T9657] kmem_cache_alloc_noprof+0x73/0x3c0 [ 389.706065][ T9657] ? skb_clone+0x212/0x3a0 [ 389.706100][ T9657] skb_clone+0x212/0x3a0 [ 389.706133][ T9657] __netlink_deliver_tap+0x404/0x850 [ 389.706172][ T9657] ? netlink_deliver_tap+0x2e/0x1b0 [ 389.706199][ T9657] netlink_deliver_tap+0x19c/0x1b0 [ 389.706225][ T9657] netlink_sendskb+0x68/0x140 [ 389.706249][ T9657] netlink_rcv_skb+0x28c/0x470 [ 389.706274][ T9657] ? __pfx_genl_rcv_msg+0x10/0x10 [ 389.706305][ T9657] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 389.706346][ T9657] ? down_read+0x1ad/0x2e0 [ 389.706375][ T9657] genl_rcv+0x28/0x40 [ 389.706403][ T9657] netlink_unicast+0x759/0x8e0 [ 389.706437][ T9657] netlink_sendmsg+0x805/0xb30 [ 389.706482][ T9657] ? __pfx_netlink_sendmsg+0x10/0x10 [ 389.706511][ T9657] ? aa_sock_msg_perm+0xf1/0x1d0 [ 389.706536][ T9657] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 389.706562][ T9657] ? __pfx_netlink_sendmsg+0x10/0x10 [ 389.706588][ T9657] __sock_sendmsg+0x219/0x270 [ 389.706625][ T9657] ____sys_sendmsg+0x505/0x830 [ 389.706660][ T9657] ? __pfx_____sys_sendmsg+0x10/0x10 [ 389.706699][ T9657] ? import_iovec+0x74/0xa0 [ 389.706725][ T9657] ___sys_sendmsg+0x21f/0x2a0 [ 389.706756][ T9657] ? __pfx____sys_sendmsg+0x10/0x10 [ 389.706825][ T9657] ? __fget_files+0x2a/0x420 [ 389.706852][ T9657] ? __fget_files+0x3a0/0x420 [ 389.706889][ T9657] __x64_sys_sendmsg+0x19b/0x260 [ 389.706921][ T9657] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 389.706961][ T9657] ? __pfx_ksys_write+0x10/0x10 [ 389.706982][ T9657] ? rcu_is_watching+0x15/0xb0 [ 389.707016][ T9657] ? do_syscall_64+0xbe/0x3b0 [ 389.707045][ T9657] do_syscall_64+0xfa/0x3b0 [ 389.707066][ T9657] ? lockdep_hardirqs_on+0x9c/0x150 [ 389.707088][ T9657] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.707110][ T9657] ? clear_bhb_loop+0x60/0xb0 [ 389.707136][ T9657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.707157][ T9657] RIP: 0033:0x7fb8c818e929 [ 389.707176][ T9657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.707194][ T9657] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 389.707217][ T9657] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 389.707233][ T9657] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 389.707246][ T9657] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 389.707259][ T9657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 389.707271][ T9657] R13: 0000000000000000 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 389.707305][ T9657] [ 390.418382][ T5905] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 390.431478][ T5905] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 390.440666][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.451679][ T5905] usb 6-1: config 0 descriptor?? [ 390.622921][ T5946] usb 2-1: USB disconnect, device number 107 [ 390.754005][ T9668] Mount JFS Failure: -22 [ 390.899247][ T9670] hfs: can't find a HFS filesystem on dev rnullb0 [ 390.924229][ T5905] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0023/input/input51 [ 391.012584][ T5905] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0023/input/input52 [ 391.072585][ T5905] kye 0003:0458:5011.0023: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 391.108150][ T1228] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 391.211290][ T31] audit: type=1800 audit(1752515743.124:56): pid=9647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1304" name="/" dev="fuse" ino=0 res=0 errno=0 [ 391.273149][ T9] usb 3-1: USB disconnect, device number 87 [ 391.284461][ T1228] usb 5-1: config 8 has an invalid interface number: 223 but max is 0 [ 391.314672][ T1228] usb 5-1: config 8 contains an unexpected descriptor of type 0x1, skipping [ 391.340958][ T5905] usb 2-1: new full-speed USB device number 108 using dummy_hcd [ 391.358836][ T1228] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 391.376010][ T1228] usb 5-1: config 8 has no interface number 0 [ 391.397948][ T1228] usb 5-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64 [ 391.431535][ T1228] usb 5-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 391.480778][ T1228] usb 5-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 391.497902][ T1228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.507346][ T1228] usb 5-1: Product: syz [ 391.527930][ T1228] usb 5-1: Manufacturer: syz [ 391.532629][ T1228] usb 5-1: SerialNumber: syz [ 391.619156][ T9685] binder: 9684:9685 ioctl c0306201 200000000080 returned -22 [ 391.943786][ T9691] FAULT_INJECTION: forcing a failure. [ 391.943786][ T9691] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.985587][ T9691] CPU: 1 UID: 0 PID: 9691 Comm: syz.1.1348 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 391.985620][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 391.985633][ T9691] Call Trace: [ 391.985643][ T9691] [ 391.985656][ T9691] dump_stack_lvl+0x189/0x250 [ 391.985693][ T9691] ? __pfx____ratelimit+0x10/0x10 [ 391.985717][ T9691] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.985747][ T9691] ? __pfx__printk+0x10/0x10 [ 391.985777][ T9691] ? __might_fault+0xb0/0x130 [ 391.985822][ T9691] should_fail_ex+0x414/0x560 [ 391.985851][ T9691] _copy_from_user+0x2d/0xb0 [ 391.985874][ T9691] lowpan_control_write+0xf1/0x6c0 [ 391.985904][ T9691] ? __pfx_lowpan_control_write+0x10/0x10 [ 391.985937][ T9691] ? __pfx___debugfs_file_get+0x10/0x10 [ 391.985963][ T9691] ? rcu_read_lock_any_held+0xb3/0x120 [ 391.985994][ T9691] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 391.986031][ T9691] full_proxy_write+0x124/0x1f0 [ 391.986057][ T9691] ? __pfx_full_proxy_write+0x10/0x10 [ 391.986082][ T9691] vfs_write+0x27e/0xa90 [ 391.986116][ T9691] ? __pfx_vfs_write+0x10/0x10 [ 391.986141][ T9691] ? __fget_files+0x2a/0x420 [ 391.986173][ T9691] ? __fget_files+0x3a0/0x420 [ 391.986198][ T9691] ? __fget_files+0x2a/0x420 [ 391.986233][ T9691] ksys_write+0x145/0x250 [ 391.986259][ T9691] ? __pfx_ksys_write+0x10/0x10 [ 391.986279][ T9691] ? rcu_is_watching+0x15/0xb0 [ 391.986311][ T9691] ? do_syscall_64+0xbe/0x3b0 [ 391.986338][ T9691] do_syscall_64+0xfa/0x3b0 [ 391.986360][ T9691] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.986381][ T9691] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.986402][ T9691] ? clear_bhb_loop+0x60/0xb0 [ 391.986428][ T9691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.986448][ T9691] RIP: 0033:0x7fddad78e929 [ 391.986467][ T9691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.986485][ T9691] RSP: 002b:00007fddae571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 391.986518][ T9691] RAX: ffffffffffffffda RBX: 00007fddad9b5fa0 RCX: 00007fddad78e929 [ 391.986534][ T9691] RDX: 000000000000001b RSI: 0000200000000180 RDI: 0000000000000003 [ 391.986547][ T9691] RBP: 00007fddae571090 R08: 0000000000000000 R09: 0000000000000000 [ 391.986561][ T9691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.986574][ T9691] R13: 0000000000000000 R14: 00007fddad9b5fa0 R15: 00007fff7eca6e48 [ 391.986607][ T9691] [ 392.303633][ T9] usb 6-1: reset high-speed USB device number 20 using dummy_hcd [ 392.435334][ T9693] Mount JFS Failure: -22 [ 392.552028][ T1228] usb 5-1: USB disconnect, device number 28 [ 392.817940][ T9698] No control pipe specified [ 393.003290][ T9702] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1353'. [ 393.012466][ T9702] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1353'. [ 393.247971][ T7114] usb 6-1: USB disconnect, device number 20 [ 393.267048][ T5937] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 393.446931][ T5937] usb 5-1: Using ep0 maxpacket: 16 [ 393.457153][ T7114] usb 6-1: new full-speed USB device number 21 using dummy_hcd [ 393.472428][ T5937] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 393.497084][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.519012][ T5937] usb 5-1: config 0 descriptor?? [ 393.650456][ T7114] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 393.676883][ T7114] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 393.709599][ T7114] usb 6-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00 [ 393.729119][ T7114] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.751175][ T7114] usb 6-1: config 0 descriptor?? [ 393.857459][ T3402] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 393.941461][ T5937] hid-multitouch 0003:1FD2:6007.0024: unknown main item tag 0x0 [ 393.967516][ T5937] hid-multitouch 0003:1FD2:6007.0024: unknown main item tag 0x0 [ 393.988637][ T5937] hid-multitouch 0003:1FD2:6007.0024: unknown main item tag 0x0 [ 393.996401][ T5937] hid-multitouch 0003:1FD2:6007.0024: unknown main item tag 0x0 [ 394.016617][ T5937] hid-multitouch 0003:1FD2:6007.0024: unknown main item tag 0x0 [ 394.038700][ T3402] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.062949][ T5937] hid-multitouch 0003:1FD2:6007.0024: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 394.075383][ T3402] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.106646][ T3402] usb 2-1: config 0 interface 0 has no altsetting 0 [ 394.113368][ T3402] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 394.138739][ T3402] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.169662][ T3402] usb 2-1: config 0 descriptor?? [ 394.182921][ T7114] apple 0003:05AC:029F.0025: unknown main item tag 0x0 [ 394.200501][ T5905] usb 5-1: USB disconnect, device number 29 [ 394.210323][ T7114] apple 0003:05AC:029F.0025: hidraw1: USB HID v0.00 Device [HID 05ac:029f] on usb-dummy_hcd.5-1/input0 [ 394.461495][ T7114] usb 6-1: USB disconnect, device number 21 [ 394.590747][ T3402] acrux 0003:1A34:F705.0026: item fetching failed at offset 5/7 [ 394.606141][ T3402] acrux 0003:1A34:F705.0026: parse failed [ 394.622671][ T3402] acrux 0003:1A34:F705.0026: probe with driver acrux failed with error -22 [ 394.794297][ T3402] usb 2-1: USB disconnect, device number 109 [ 394.939084][ T7114] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 395.096386][ T5905] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 395.116219][ T7114] usb 6-1: Using ep0 maxpacket: 32 [ 395.123548][ T7114] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 395.136014][ T7114] usb 6-1: config 0 has no interface number 0 [ 395.142228][ T7114] usb 6-1: config 0 interface 184 has no altsetting 0 [ 395.163847][ T7114] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 395.185994][ T7114] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.204897][ T7114] usb 6-1: Product: syz [ 395.210147][ T7114] usb 6-1: Manufacturer: syz [ 395.214784][ T7114] usb 6-1: SerialNumber: syz [ 395.240503][ T7114] usb 6-1: config 0 descriptor?? [ 395.250527][ T7114] smsc75xx v1.0.0 [ 395.270359][ T5905] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 395.280646][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.334159][ T5905] usb 5-1: config 0 descriptor?? [ 395.573762][ T5905] usb 5-1: USB disconnect, device number 30 [ 395.636774][ T3402] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 395.695928][ T9] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 395.800051][ T3402] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 395.814526][ T3402] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 395.827097][ T3402] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 395.840185][ T3402] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 395.849275][ T9] usb 3-1: device descriptor read/64, error -71 [ 395.860577][ T3402] usb 2-1: SerialNumber: syz [ 396.096275][ T3402] usb 2-1: 0:2 : does not exist [ 396.105578][ T9] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 396.167543][ T3402] usb 2-1: USB disconnect, device number 110 [ 396.265893][ T9] usb 3-1: device descriptor read/64, error -71 [ 396.379895][ T9] usb usb3-port1: attempt power cycle [ 396.398792][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 396.410802][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 396.422851][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 396.434587][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 396.445026][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 396.455863][ T7114] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 396.466154][ T5937] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 396.484623][ T7114] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 396.500645][ T7114] usb 6-1: USB disconnect, device number 22 [ 396.617993][ T5937] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 396.631459][ T5937] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 396.649819][ T5937] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 396.678490][ T5937] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 396.697528][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 396.716579][ T5937] usb 5-1: Product: syz [ 396.720987][ T5937] usb 5-1: Manufacturer: syz [ 396.729645][ T5937] usb 5-1: SerialNumber: syz [ 396.757760][ T9] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 396.789591][ T9] usb 3-1: device descriptor read/8, error -71 [ 396.791057][ T9724] No control pipe specified [ 396.960059][ T5937] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 397.065254][ T9] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 397.095916][ T9] usb 3-1: device descriptor read/8, error -71 [ 397.115560][ T5912] usb 2-1: new full-speed USB device number 111 using dummy_hcd [ 397.217442][ T9] usb usb3-port1: unable to enumerate USB device [ 397.230330][ T9] usb 5-1: USB disconnect, device number 31 [ 397.242469][ T9] usblp0: removed [ 397.245103][ T24] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 397.286061][ T5912] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 397.298829][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.307135][ T5912] usb 2-1: Product: syz [ 397.311342][ T5912] usb 2-1: Manufacturer: syz [ 397.316337][ T5912] usb 2-1: SerialNumber: syz [ 397.327013][ T5912] usb 2-1: config 0 descriptor?? [ 397.384972][ T24] usb 6-1: device descriptor read/64, error -71 [ 397.546603][ T5912] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 397.635082][ T24] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 397.777944][ T24] usb 6-1: device descriptor read/64, error -71 [ 397.885512][ T24] usb usb6-port1: attempt power cycle [ 398.239762][ T24] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 398.269754][ T24] usb 6-1: device descriptor read/8, error -71 [ 398.444554][ T9] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 398.524442][ T24] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 398.563126][ T24] usb 6-1: device descriptor read/8, error -71 [ 398.571157][ T5912] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 398.653651][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 398.664412][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.685222][ T9] usb 5-1: Product: syz [ 398.688755][ T24] usb usb6-port1: unable to enumerate USB device [ 398.705371][ T9] usb 5-1: Manufacturer: syz [ 398.712471][ T9] usb 5-1: SerialNumber: syz [ 398.721881][ T9] usb 5-1: config 0 descriptor?? [ 398.949771][ T9] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 399.124119][ T5905] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 399.265674][ T5905] usb 6-1: device descriptor read/64, error -71 [ 399.514202][ T5905] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 399.664031][ T5905] usb 6-1: device descriptor read/64, error -71 [ 399.783825][ T5905] usb usb6-port1: attempt power cycle [ 399.922681][ T1228] usb 2-1: USB disconnect, device number 111 [ 400.161825][ T9753] No control pipe specified [ 400.379966][ T9] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 400.393329][ T9] usb 5-1: USB disconnect, device number 32 [ 400.393476][ T1228] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 400.497643][ T5905] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 400.557893][ T1228] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.570145][ T1228] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 400.582647][ T1228] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 400.595959][ T1228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 400.605445][ T1228] usb 2-1: SerialNumber: syz [ 400.653567][ T5905] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 400.688615][ T5905] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 400.701041][ T5905] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 400.719082][ T5905] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 400.731658][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 400.745755][ T5905] usb 6-1: Product: syz [ 400.757421][ T9755] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 400.774885][ T5905] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 400.830923][ T1228] usb 2-1: 0:2 : does not exist [ 400.872404][ T1228] usb 2-1: USB disconnect, device number 112 [ 401.112393][ T1228] usb 6-1: USB disconnect, device number 30 [ 401.582211][ T9778] FAULT_INJECTION: forcing a failure. [ 401.582211][ T9778] name failslab, interval 1, probability 0, space 0, times 0 [ 401.642888][ T9778] CPU: 1 UID: 0 PID: 9778 Comm: syz.4.1382 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 401.642922][ T9778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 401.642936][ T9778] Call Trace: [ 401.642945][ T9778] [ 401.642954][ T9778] dump_stack_lvl+0x189/0x250 [ 401.642993][ T9778] ? __pfx____ratelimit+0x10/0x10 [ 401.643017][ T9778] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.643046][ T9778] ? __pfx__printk+0x10/0x10 [ 401.643081][ T9778] ? __pfx___might_resched+0x10/0x10 [ 401.643107][ T9778] ? fs_reclaim_acquire+0x7d/0x100 [ 401.643134][ T9778] should_fail_ex+0x414/0x560 [ 401.643162][ T9778] should_failslab+0xa8/0x100 [ 401.643185][ T9778] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 401.643217][ T9778] ? ima_collect_measurement+0x4c4/0x8d0 [ 401.643248][ T9778] ? ima_collect_measurement+0x4c4/0x8d0 [ 401.643274][ T9778] krealloc_noprof+0x124/0x340 [ 401.643309][ T9778] ima_collect_measurement+0x4c4/0x8d0 [ 401.643354][ T9778] ? __pfx_ima_collect_measurement+0x10/0x10 [ 401.643389][ T9778] ? rcu_is_watching+0x15/0xb0 [ 401.643418][ T9778] ? ovl_i_path_real+0x1ff/0x270 [ 401.643447][ T9778] ? ovl_other_xattr_get+0x10e/0x150 [ 401.643493][ T9778] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 401.643526][ T9778] process_measurement+0x1121/0x1a40 [ 401.643570][ T9778] ? __pfx_process_measurement+0x10/0x10 [ 401.643640][ T9778] ? ovl_open+0x23f/0x2f0 [ 401.643660][ T9778] ? __pfx_apparmor_file_open+0x10/0x10 [ 401.643694][ T9778] ? tomoyo_file_open+0x165/0x220 [ 401.643725][ T9778] ima_file_check+0xd7/0x120 [ 401.643752][ T9778] ? __pfx_ima_file_check+0x10/0x10 [ 401.643787][ T9778] security_file_post_open+0xbb/0x290 [ 401.643818][ T9778] path_openat+0x2f26/0x3830 [ 401.643838][ T9778] ? arch_stack_walk+0xfc/0x150 [ 401.643905][ T9778] ? __pfx_path_openat+0x10/0x10 [ 401.643923][ T9778] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.643967][ T9778] do_filp_open+0x1fa/0x410 [ 401.643986][ T9778] ? __lock_acquire+0xab9/0xd20 [ 401.644013][ T9778] ? __pfx_do_filp_open+0x10/0x10 [ 401.644059][ T9778] ? _raw_spin_unlock+0x28/0x50 [ 401.644077][ T9778] ? alloc_fd+0x64c/0x6c0 [ 401.644116][ T9778] do_sys_openat2+0x121/0x1c0 [ 401.644150][ T9778] ? __pfx_do_sys_openat2+0x10/0x10 [ 401.644181][ T9778] ? ksys_write+0x22a/0x250 [ 401.644206][ T9778] ? __pfx_ksys_write+0x10/0x10 [ 401.644226][ T9778] ? rcu_is_watching+0x15/0xb0 [ 401.644257][ T9778] __x64_sys_openat+0x138/0x170 [ 401.644293][ T9778] do_syscall_64+0xfa/0x3b0 [ 401.644316][ T9778] ? lockdep_hardirqs_on+0x9c/0x150 [ 401.644338][ T9778] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.644359][ T9778] ? clear_bhb_loop+0x60/0xb0 [ 401.644384][ T9778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.644409][ T9778] RIP: 0033:0x7fb8c818e929 [ 401.644429][ T9778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.644447][ T9778] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 401.644469][ T9778] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 401.644484][ T9778] RDX: 0000000000000000 RSI: 0000200000000840 RDI: ffffffffffffff9c [ 401.644499][ T9778] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 401.644512][ T9778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 401.644525][ T9778] R13: 0000000000000000 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 401.644558][ T9778] [ 401.646127][ T31] audit: type=1800 audit(1752515753.579:57): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1382" name="file0" dev="overlay" ino=460 res=0 errno=0 [ 401.939066][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.045921][ T9782] fuse: Bad value for 'user_id' [ 402.050842][ T9782] fuse: Bad value for 'user_id' [ 402.146026][ T9785] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 402.332594][ T5905] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 402.352462][ T7114] usb 3-1: new full-speed USB device number 92 using dummy_hcd [ 402.493741][ T7114] usb 3-1: device descriptor read/64, error -71 [ 402.506892][ T5905] usb 6-1: unable to get BOS descriptor or descriptor too short [ 402.517838][ T5905] usb 6-1: not running at top speed; connect to a high speed hub [ 402.528168][ T5905] usb 6-1: config 4 has an invalid interface number: 147 but max is 0 [ 402.539273][ T5905] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 402.551859][ T5905] usb 6-1: config 4 has no interface number 0 [ 402.569499][ T5905] usb 6-1: string descriptor 0 read error: -22 [ 402.577461][ T5905] usb 6-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 402.591383][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.608511][ T5905] usb 6-1: Found UVC 0.00 device (04f2:b746) [ 402.619932][ T5905] usb 6-1: No valid video chain found. [ 402.632688][ T5937] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 402.684104][ T5946] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 402.732526][ T7114] usb 3-1: new full-speed USB device number 93 using dummy_hcd [ 402.792247][ T5937] usb 5-1: Using ep0 maxpacket: 32 [ 402.812487][ T5937] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 402.827531][ T5905] usb 6-1: USB disconnect, device number 31 [ 402.832595][ T5937] usb 5-1: config 0 has no interface number 0 [ 402.855376][ T5946] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 402.864439][ T5937] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 402.873557][ T5946] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 402.892335][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.900821][ T7114] usb 3-1: device descriptor read/64, error -71 [ 402.907701][ T5937] usb 5-1: Product: syz [ 402.912062][ T5937] usb 5-1: Manufacturer: syz [ 402.912847][ T5946] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 402.927054][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 402.928211][ T5937] usb 5-1: SerialNumber: syz [ 402.944935][ T5937] usb 5-1: config 0 descriptor?? [ 402.950096][ T5946] usb 2-1: SerialNumber: syz [ 402.953814][ T5937] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 403.032529][ T7114] usb usb3-port1: attempt power cycle [ 403.164621][ T5937] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 403.179517][ T5937] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 403.194944][ T5946] usb 2-1: 0:2 : does not exist [ 403.224580][ T5946] usb 2-1: USB disconnect, device number 113 [ 403.372154][ T7114] usb 3-1: new full-speed USB device number 94 using dummy_hcd [ 403.414454][ T7114] usb 3-1: device descriptor read/8, error -71 [ 403.458763][ T31] audit: type=1800 audit(1752515755.390:58): pid=9797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1390" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 403.583041][ T9793] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1388'. [ 403.593903][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 403.595724][ T5946] usb 5-1: USB disconnect, device number 33 [ 403.623482][ T5946] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 403.647487][ T5946] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 403.661981][ T7114] usb 3-1: new full-speed USB device number 95 using dummy_hcd [ 403.684366][ T5946] quatech2 5-1:0.51: device disconnected [ 403.692624][ T7114] usb 3-1: device descriptor read/8, error -71 [ 403.813073][ T7114] usb usb3-port1: unable to enumerate USB device [ 403.895153][ T9804] hpfs: Bad magic ... probably not HPFS [ 404.071796][ T7114] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 404.233356][ T7114] usb 2-1: Using ep0 maxpacket: 16 [ 404.240561][ T7114] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.260272][ T7114] usb 2-1: New USB device found, idVendor=2040, idProduct=d864, bcdDevice=7f.c5 [ 404.279594][ T7114] usb 2-1: New USB device strings: Mfr=242, Product=2, SerialNumber=3 [ 404.292032][ T7114] usb 2-1: Product: syz [ 404.296922][ T7114] usb 2-1: Manufacturer: syz [ 404.312080][ T7114] usb 2-1: SerialNumber: syz [ 404.326097][ T7114] usb 2-1: config 0 descriptor?? [ 404.346317][ T7114] usb 2-1: dvb_usb_v2: found a 'Hauppauge 138xxx DVBT' in warm state [ 404.374210][ T7114] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 404.389154][ T7114] dvbdev: DVB: registering new adapter (Hauppauge 138xxx DVBT) [ 404.407238][ T7114] usb 2-1: media controller created [ 404.438675][ T7114] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 404.508789][ T7114] usb 2-1: selecting invalid altsetting 2 [ 404.515983][ T7114] set interface failed [ 404.516417][ T7114] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 404.529100][ T7114] error writing reg: 0xff, val: 0x00 [ 404.647031][ T7114] dvb_usb_mxl111sf 2-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 404.748897][ T9823] FAULT_INJECTION: forcing a failure. [ 404.748897][ T9823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.792977][ T9823] CPU: 1 UID: 0 PID: 9823 Comm: syz.4.1400 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 404.793009][ T9823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.793023][ T9823] Call Trace: [ 404.793032][ T9823] [ 404.793041][ T9823] dump_stack_lvl+0x189/0x250 [ 404.793076][ T9823] ? __pfx____ratelimit+0x10/0x10 [ 404.793099][ T9823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 404.793137][ T9823] ? __pfx__printk+0x10/0x10 [ 404.793166][ T9823] ? __might_fault+0xb0/0x130 [ 404.793209][ T9823] should_fail_ex+0x414/0x560 [ 404.793237][ T9823] _copy_from_user+0x2d/0xb0 [ 404.793259][ T9823] userio_char_write+0xc0/0x430 [ 404.793292][ T9823] ? __pfx_userio_char_write+0x10/0x10 [ 404.793320][ T9823] ? bpf_cpumask_equal+0x10/0x70 [ 404.793349][ T9823] ? security_file_permission+0x75/0x290 [ 404.793378][ T9823] ? rw_verify_area+0x255/0x4d0 [ 404.793399][ T9823] ? __lock_acquire+0xab9/0xd20 [ 404.793421][ T9823] ? __pfx_userio_char_write+0x10/0x10 [ 404.793452][ T9823] vfs_write+0x27e/0xa90 [ 404.793483][ T9823] ? __pfx_vfs_write+0x10/0x10 [ 404.793507][ T9823] ? __fget_files+0x2a/0x420 [ 404.793536][ T9823] ? __fget_files+0x2a/0x420 [ 404.793560][ T9823] ? __fget_files+0x3a0/0x420 [ 404.793583][ T9823] ? __fget_files+0x2a/0x420 [ 404.793619][ T9823] ksys_write+0x145/0x250 [ 404.793644][ T9823] ? __pfx_ksys_write+0x10/0x10 [ 404.793663][ T9823] ? rcu_is_watching+0x15/0xb0 [ 404.793696][ T9823] ? do_syscall_64+0xbe/0x3b0 [ 404.793725][ T9823] do_syscall_64+0xfa/0x3b0 [ 404.793746][ T9823] ? lockdep_hardirqs_on+0x9c/0x150 [ 404.793767][ T9823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.793787][ T9823] ? clear_bhb_loop+0x60/0xb0 [ 404.793813][ T9823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.793833][ T9823] RIP: 0033:0x7fb8c818e929 [ 404.793852][ T9823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.793869][ T9823] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 404.793891][ T9823] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 404.793907][ T9823] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003 [ 404.793920][ T9823] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 404.793934][ T9823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.793947][ T9823] R13: 0000000000000000 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 404.793979][ T9823] [ 405.541229][ T5905] IPVS: starting estimator thread 0... [ 405.642113][ T9830] IPVS: using max 25 ests per chain, 60000 per kthread [ 405.847677][ T9837] ./file0: Can't lookup blockdev [ 406.125160][ T9848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.175342][ T9848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.300900][ T5905] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 406.414759][ T5946] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 406.484363][ T5905] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 406.501174][ T5905] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 406.540370][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 406.562409][ T5905] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 406.573803][ T5946] usb 6-1: Using ep0 maxpacket: 32 [ 406.590626][ T5905] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 406.611041][ T5946] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 406.620136][ T5946] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.639908][ T5905] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 406.657929][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 406.667358][ T1228] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 406.676140][ T5946] usb 6-1: config 0 descriptor?? [ 406.696092][ T5905] usb 3-1: Product: syz [ 406.700964][ T5946] as10x_usb: device has been detected [ 406.707268][ T5946] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 406.720272][ T5905] usb 3-1: Manufacturer: syz [ 406.735158][ T5905] cdc_wdm 3-1:1.0: skipping garbage [ 406.743778][ T5905] cdc_wdm 3-1:1.0: skipping garbage [ 406.766712][ T5905] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 406.777420][ T5905] cdc_wdm 3-1:1.0: Unknown control protocol [ 406.787965][ T5946] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 406.833996][ T5946] as10x_usb: error during firmware upload part1 [ 406.853642][ T1228] usb 5-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 406.870606][ T5946] Registered device nBox DVB-T Dongle [ 406.875036][ T1228] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 406.905767][ T1228] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 406.917848][ T5946] usb 6-1: USB disconnect, device number 32 [ 406.934061][ T1228] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29 [ 406.950595][ T1228] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 406.965210][ T5946] Unregistered device nBox DVB-T Dongle [ 406.971805][ T5946] as10x_usb: device has been disconnected [ 406.983608][ T1228] usb 5-1: Manufacturer: syz [ 406.986750][ T5937] usb 3-1: USB disconnect, device number 96 [ 406.988230][ T1228] usb 5-1: SerialNumber: syz [ 407.208216][ T9844] /dev/rnullb0: Can't open blockdev [ 407.842793][ T5937] usb 2-1: USB disconnect, device number 114 [ 407.906930][ T1228] yealink 5-1:36.0: invalid payload size 0, expected 16 [ 407.963316][ T1228] input: Yealink usb-p1k as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:36.0/input/input55 [ 408.010945][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.018078][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.025113][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.032244][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.039264][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.046254][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.053279][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.060286][ C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 408.067092][ C1] yealink 5-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 408.092691][ T1228] usb 5-1: USB disconnect, device number 34 [ 408.117812][ T9] libceph: connect (1)[c::]:6789 error -101 [ 408.118602][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 408.123558][ T9871] ceph: No mds server is up or the cluster is laggy [ 408.326936][ T31] audit: type=1326 audit(1752515760.252:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9878 comm="syz.1.1417" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fddad78e929 code=0x0 [ 408.589725][ T9] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 408.614496][ T5937] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 408.770476][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 408.778455][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.796363][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.815921][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.826788][ T5937] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 408.844285][ T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 408.855200][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.865911][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.878423][ T5937] usb 2-1: config 0 descriptor?? [ 408.890629][ T9] usb 3-1: config 0 descriptor?? [ 409.149452][ T5912] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 409.303279][ T5937] keytouch 0003:0926:3333.0027: fixing up Keytouch IEC report descriptor [ 409.341683][ T5912] usb 5-1: Using ep0 maxpacket: 16 [ 409.350884][ T5937] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0027/input/input56 [ 409.387443][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short [ 409.406468][ T5912] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 409.438654][ T9] savu 0003:1E7D:2D5A.0028: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 409.450685][ T5912] usb 5-1: config 1 interface 0 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 409.466398][ T5912] usb 5-1: config 1 interface 0 has no altsetting 0 [ 409.478525][ T5912] usb 5-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice= 0.40 [ 409.496432][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.533632][ T5912] usb 5-1: Product: syz [ 409.551554][ T5937] keytouch 0003:0926:3333.0027: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 409.563939][ T5912] usb 5-1: Manufacturer: syz [ 409.568688][ T5912] usb 5-1: SerialNumber: syz [ 409.707061][ T1228] usb 3-1: USB disconnect, device number 97 [ 409.874435][ T9899] NILFS (rnullb0): couldn't find nilfs on the device [ 409.930802][ T1228] usb 2-1: USB disconnect, device number 115 [ 409.937760][ T5912] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input57 [ 409.996610][ T5204] bcm5974 5-1:1.0: could not read from device [ 410.022277][ T5204] bcm5974 5-1:1.0: could not read from device [ 410.033229][ T5912] usb 5-1: USB disconnect, device number 35 [ 410.619857][ T9922] FAULT_INJECTION: forcing a failure. [ 410.619857][ T9922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.644779][ T9923] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.1433'. [ 410.662089][ T9922] CPU: 1 UID: 0 PID: 9922 Comm: syz.4.1434 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 410.662119][ T9922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 410.662132][ T9922] Call Trace: [ 410.662141][ T9922] [ 410.662150][ T9922] dump_stack_lvl+0x189/0x250 [ 410.662183][ T9922] ? __pfx____ratelimit+0x10/0x10 [ 410.662205][ T9922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.662233][ T9922] ? __pfx__printk+0x10/0x10 [ 410.662275][ T9922] should_fail_ex+0x414/0x560 [ 410.662301][ T9922] strncpy_from_user+0x36/0x290 [ 410.662338][ T9922] getname_flags+0xf3/0x540 [ 410.662369][ T9922] do_sys_openat2+0xbc/0x1c0 [ 410.662400][ T9922] ? __pfx_do_sys_openat2+0x10/0x10 [ 410.662430][ T9922] ? ksys_write+0x22a/0x250 [ 410.662453][ T9922] ? __pfx_ksys_write+0x10/0x10 [ 410.662472][ T9922] ? rcu_is_watching+0x15/0xb0 [ 410.662501][ T9922] __x64_sys_openat+0x138/0x170 [ 410.662536][ T9922] do_syscall_64+0xfa/0x3b0 [ 410.662557][ T9922] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.662578][ T9922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.662598][ T9922] ? clear_bhb_loop+0x60/0xb0 [ 410.662622][ T9922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.662660][ T9922] RIP: 0033:0x7fb8c818e929 [ 410.662678][ T9922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.662696][ T9922] RSP: 002b:00007fb8c8fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 410.662719][ T9922] RAX: ffffffffffffffda RBX: 00007fb8c83b5fa0 RCX: 00007fb8c818e929 [ 410.662734][ T9922] RDX: 0000000000000400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 410.662750][ T9922] RBP: 00007fb8c8fb7090 R08: 0000000000000000 R09: 0000000000000000 [ 410.662764][ T9922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.662777][ T9922] R13: 0000000000000000 R14: 00007fb8c83b5fa0 R15: 00007ffd5f42b3a8 [ 410.662808][ T9922] [ 411.376683][ T9939] Bluetooth: MGMT ver 1.23 [ 411.405063][ T9939] Mount JFS Failure: -22 [ 411.476154][ T9941] fuse: Bad value for 'user_id' [ 411.492776][ T9941] fuse: Bad value for 'user_id' [ 411.961595][ T9961] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 411.987864][ T9961] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 412.010900][ T9954] FAULT_INJECTION: forcing a failure. [ 412.010900][ T9954] name failslab, interval 1, probability 0, space 0, times 0 [ 412.023676][ T9954] CPU: 1 UID: 0 PID: 9954 Comm: syz.1.1447 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 412.023705][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.023719][ T9954] Call Trace: [ 412.023728][ T9954] [ 412.023737][ T9954] dump_stack_lvl+0x189/0x250 [ 412.023771][ T9954] ? __pfx____ratelimit+0x10/0x10 [ 412.023803][ T9954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.023830][ T9954] ? __pfx__printk+0x10/0x10 [ 412.023861][ T9954] ? __pfx___might_resched+0x10/0x10 [ 412.023889][ T9954] ? fs_reclaim_acquire+0x7d/0x100 [ 412.023915][ T9954] should_fail_ex+0x414/0x560 [ 412.023941][ T9954] should_failslab+0xa8/0x100 [ 412.023962][ T9954] __kmalloc_noprof+0xcb/0x4f0 [ 412.023991][ T9954] ? tomoyo_encode+0x28b/0x550 [ 412.024017][ T9954] tomoyo_encode+0x28b/0x550 [ 412.024044][ T9954] tomoyo_realpath_from_path+0x58d/0x5d0 [ 412.024069][ T9954] ? tomoyo_domain+0xd9/0x130 [ 412.024096][ T9954] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 412.024126][ T9954] tomoyo_path_number_perm+0x1e8/0x5a0 [ 412.024159][ T9954] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 412.024206][ T9954] ? __lock_acquire+0xab9/0xd20 [ 412.024251][ T9954] ? __fget_files+0x2a/0x420 [ 412.024281][ T9954] ? __fget_files+0x2a/0x420 [ 412.024305][ T9954] ? __fget_files+0x3a0/0x420 [ 412.024330][ T9954] ? __fget_files+0x2a/0x420 [ 412.024358][ T9954] security_file_ioctl+0xcb/0x2d0 [ 412.024389][ T9954] __se_sys_ioctl+0x47/0x170 [ 412.024413][ T9954] do_syscall_64+0xfa/0x3b0 [ 412.024436][ T9954] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.024457][ T9954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.024477][ T9954] ? clear_bhb_loop+0x60/0xb0 [ 412.024502][ T9954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.024522][ T9954] RIP: 0033:0x7fddad78e929 [ 412.024540][ T9954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.024558][ T9954] RSP: 002b:00007fddae571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.024580][ T9954] RAX: ffffffffffffffda RBX: 00007fddad9b5fa0 RCX: 00007fddad78e929 [ 412.024595][ T9954] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 412.024607][ T9954] RBP: 00007fddae571090 R08: 0000000000000000 R09: 0000000000000000 [ 412.024621][ T9954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.024633][ T9954] R13: 0000000000000000 R14: 00007fddad9b5fa0 R15: 00007fff7eca6e48 [ 412.024665][ T9954] [ 412.024688][ T9954] ERROR: Out of memory at tomoyo_realpath_from_path. [ 412.471980][ T9971] omfs: Invalid superblock (0) [ 412.937832][ T9986] FAULT_INJECTION: forcing a failure. [ 412.937832][ T9986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.976392][ T9986] CPU: 1 UID: 0 PID: 9986 Comm: syz.2.1457 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 412.976424][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.976438][ T9986] Call Trace: [ 412.976447][ T9986] [ 412.976457][ T9986] dump_stack_lvl+0x189/0x250 [ 412.976493][ T9986] ? __pfx____ratelimit+0x10/0x10 [ 412.976517][ T9986] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.976547][ T9986] ? __pfx__printk+0x10/0x10 [ 412.976577][ T9986] ? __might_fault+0xb0/0x130 [ 412.976622][ T9986] should_fail_ex+0x414/0x560 [ 412.976650][ T9986] _copy_from_user+0x2d/0xb0 [ 412.976680][ T9986] snd_seq_ioctl+0x1d8/0x420 [ 412.976717][ T9986] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 412.976767][ T9986] ? __fget_files+0x3a0/0x420 [ 412.976793][ T9986] ? __fget_files+0x2a/0x420 [ 412.976822][ T9986] ? bpf_lsm_file_ioctl+0x9/0x20 [ 412.976852][ T9986] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 412.976881][ T9986] __se_sys_ioctl+0xfc/0x170 [ 412.976905][ T9986] do_syscall_64+0xfa/0x3b0 [ 412.976928][ T9986] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.976950][ T9986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.976971][ T9986] ? clear_bhb_loop+0x60/0xb0 [ 412.976997][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.977018][ T9986] RIP: 0033:0x7f85e998e929 [ 412.977040][ T9986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.977057][ T9986] RSP: 002b:00007f85e77f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.977079][ T9986] RAX: ffffffffffffffda RBX: 00007f85e9bb6080 RCX: 00007f85e998e929 [ 412.977094][ T9986] RDX: 00002000000000c0 RSI: 000000004040534e RDI: 0000000000000004 [ 412.977108][ T9986] RBP: 00007f85e77f6090 R08: 0000000000000000 R09: 0000000000000000 [ 412.977120][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.977132][ T9986] R13: 0000000000000001 R14: 00007f85e9bb6080 R15: 00007fffd5526788 [ 412.977162][ T9986] [ 413.666369][T10001] FAULT_INJECTION: forcing a failure. [ 413.666369][T10001] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 413.687043][ T9] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 413.708242][T10001] CPU: 0 UID: 0 PID: 10001 Comm: syz.1.1465 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 413.708275][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.708289][T10001] Call Trace: [ 413.708298][T10001] [ 413.708308][T10001] dump_stack_lvl+0x189/0x250 [ 413.708343][T10001] ? __pfx____ratelimit+0x10/0x10 [ 413.708367][T10001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 413.708398][T10001] ? __pfx__printk+0x10/0x10 [ 413.708461][T10001] ? fs_reclaim_acquire+0x7d/0x100 [ 413.708495][T10001] should_fail_ex+0x414/0x560 [ 413.708523][T10001] prepare_alloc_pages+0x213/0x610 [ 413.708556][T10001] __alloc_frozen_pages_noprof+0x123/0x370 [ 413.708586][T10001] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 413.708616][T10001] ? __lock_acquire+0xab9/0xd20 [ 413.708644][T10001] ? policy_nodemask+0x27c/0x720 [ 413.708682][T10001] alloc_pages_mpol+0x232/0x4a0 [ 413.708721][T10001] alloc_pages_noprof+0xa9/0x190 [ 413.708744][T10001] pte_alloc_one+0x21/0x170 [ 413.708775][T10001] __handle_mm_fault+0x2795/0x5440 [ 413.708824][T10001] ? __pfx___handle_mm_fault+0x10/0x10 [ 413.708876][T10001] ? find_vma+0xe7/0x160 [ 413.708906][T10001] ? __pfx_find_vma+0x10/0x10 [ 413.708938][T10001] handle_mm_fault+0x40a/0x8e0 [ 413.708980][T10001] do_user_addr_fault+0x764/0x1390 [ 413.709022][T10001] exc_page_fault+0x76/0xf0 [ 413.709048][T10001] asm_exc_page_fault+0x26/0x30 [ 413.709067][T10001] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 413.709097][T10001] Code: c4 10 e9 44 01 04 00 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 01 04 00 66 2e [ 413.709115][T10001] RSP: 0018:ffffc900043f7b98 EFLAGS: 00050206 [ 413.709135][T10001] RAX: 00007ffffffff001 RBX: 0000000000000006 RCX: 0000000000000006 [ 413.709150][T10001] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffc900043f7be0 [ 413.709165][T10001] RBP: ffffc900043f7c60 R08: 0000000000000005 R09: 0000000000000006 [ 413.709178][T10001] R10: dffffc0000000000 R11: fffff5200087ef7c R12: 1ffff9200087ef78 [ 413.709194][T10001] R13: dffffc0000000000 R14: ffffc900043f7be0 R15: 0000200000000080 [ 413.709230][T10001] _copy_from_user+0x7a/0xb0 [ 413.709253][T10001] hci_sock_reject_list_del+0x8e/0x120 [ 413.709283][T10001] ? __pfx_hci_sock_reject_list_del+0x10/0x10 [ 413.709315][T10001] ? security_capable+0x7e/0x2e0 [ 413.709354][T10001] hci_sock_ioctl+0x7f7/0x910 [ 413.709387][T10001] sock_do_ioctl+0xd9/0x300 [ 413.709430][T10001] ? __pfx_sock_do_ioctl+0x10/0x10 [ 413.709459][T10001] ? __lock_acquire+0xab9/0xd20 [ 413.709503][T10001] sock_ioctl+0x576/0x790 [ 413.709538][T10001] ? __pfx_sock_ioctl+0x10/0x10 [ 413.709569][T10001] ? __fget_files+0x2a/0x420 [ 413.709594][T10001] ? __fget_files+0x3a0/0x420 [ 413.709619][T10001] ? __fget_files+0x2a/0x420 [ 413.709649][T10001] ? bpf_lsm_file_ioctl+0x9/0x20 [ 413.709679][T10001] ? __pfx_sock_ioctl+0x10/0x10 [ 413.709709][T10001] __se_sys_ioctl+0xfc/0x170 [ 413.709734][T10001] do_syscall_64+0xfa/0x3b0 [ 413.709756][T10001] ? lockdep_hardirqs_on+0x9c/0x150 [ 413.709778][T10001] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.709798][T10001] ? clear_bhb_loop+0x60/0xb0 [ 413.709824][T10001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.709845][T10001] RIP: 0033:0x7fddad78e929 [ 413.709864][T10001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.709881][T10001] RSP: 002b:00007fddae571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 413.709902][T10001] RAX: ffffffffffffffda RBX: 00007fddad9b5fa0 RCX: 00007fddad78e929 [ 413.709918][T10001] RDX: 0000200000000080 RSI: 00000000400448e7 RDI: 0000000000000004 [ 413.709932][T10001] RBP: 00007fddae571090 R08: 0000000000000000 R09: 0000000000000000 [ 413.709945][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 413.709958][T10001] R13: 0000000000000000 R14: 00007fddad9b5fa0 R15: 00007fff7eca6e48 [ 413.709991][T10001] [ 414.104060][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.196689][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 414.203721][ T9] usb 3-1: config 5 has an invalid interface number: 151 but max is 0 [ 414.212425][ T9] usb 3-1: config 5 has no interface number 0 [ 414.237150][ T9] usb 3-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=1e.b5 [ 414.246252][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.254391][ T9] usb 3-1: Product: syz [ 414.258694][ T9] usb 3-1: Manufacturer: syz [ 414.263322][ T9] usb 3-1: SerialNumber: syz [ 414.491495][ T1228] usb 3-1: USB disconnect, device number 98 [ 415.216031][ T9] usb 2-1: new full-speed USB device number 116 using dummy_hcd [ 415.389466][ T9] usb 2-1: config 0 has an invalid interface number: 30 but max is 0 [ 415.405881][ T9] usb 2-1: config 0 has no interface number 0 [ 415.436326][ T9] usb 2-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=94.e2 [ 415.445509][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.496329][ T9] usb 2-1: config 0 descriptor?? [ 415.510213][ T9] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state. [ 415.539286][ T9] usb 2-1: setting power ON [ 415.544439][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 415.714422][T10023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 415.723121][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 415.730730][T10023] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 415.844898][ T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 415.875144][ T9] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19) [ 415.888029][ T9] dvb_usb_cxusb 2-1:0.30: probe with driver dvb_usb_cxusb failed with error -22 [ 416.375446][ T5905] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 416.494320][T10062] net veth1_virt_wifi : renamed from virt_wifi0 [ 416.535408][ T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 416.559665][ T5905] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 416.579873][ T5905] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 416.606497][ T5905] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 416.621127][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 416.635595][T10064] netlink: 'syz.2.1489': attribute type 2 has an invalid length. [ 416.645272][ T5905] usb 6-1: SerialNumber: syz [ 416.695412][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 416.710126][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 416.731877][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 416.754247][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 416.764170][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.780193][ T9] usb 5-1: Product: syz [ 416.789380][ T9] usb 5-1: Manufacturer: syz [ 416.799710][ T9] usb 5-1: SerialNumber: syz [ 416.871123][ T5905] usb 6-1: 0:2 : does not exist [ 416.895533][ T5905] usb 6-1: unit 5 not found! [ 416.927933][ T5905] usb 6-1: USB disconnect, device number 33 [ 417.418563][ T9] usb 5-1: 0:2 : does not exist [ 417.453019][ T9] usb 5-1: USB disconnect, device number 36 [ 418.086928][ T5905] usb 2-1: USB disconnect, device number 116 [ 418.172263][T10086] syz.1.1498: attempt to access beyond end of device [ 418.172263][T10086] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 418.207553][T10086] FAT-fs (loop1): unable to read boot sector [ 418.218706][T10090] syz.1.1498: attempt to access beyond end of device [ 418.218706][T10090] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 418.235756][T10090] FAT-fs (loop1): unable to read boot sector [ 418.329090][ T1228] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 418.445023][ T24] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 418.504389][ T1228] usb 6-1: Using ep0 maxpacket: 8 [ 418.531975][ T1228] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 418.556662][ T1228] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.577622][ T1228] usb 6-1: Product: syz [ 418.586356][ T1228] usb 6-1: Manufacturer: syz [ 418.597089][ T1228] usb 6-1: SerialNumber: syz [ 418.616178][ T1228] usb 6-1: config 0 descriptor?? [ 418.631232][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 418.646248][ T1228] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 418.669766][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 418.681324][ T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 418.694252][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 418.712600][ T24] usb 3-1: SerialNumber: syz [ 418.943395][ T24] usb 3-1: 0:2 : does not exist [ 418.974170][ T24] usb 3-1: unit 5 not found! [ 419.036075][ T24] usb 3-1: USB disconnect, device number 99 [ 420.193135][T10121] syz.4.1511: attempt to access beyond end of device [ 420.193135][T10121] loop4: rw=0, sector=2, nr_sectors = 2 limit=0 [ 420.224464][T10121] syz.4.1511: attempt to access beyond end of device [ 420.224464][T10121] loop4: rw=0, sector=16, nr_sectors = 2 limit=0 [ 420.351135][T10128] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1513'. [ 420.441110][ T31] audit: type=1326 audit(1752515772.378:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.2.1515" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f85e998e929 code=0x0 [ 420.636212][ T24] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 420.763346][ T43] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 420.799579][ T24] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 420.814985][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.824304][ T24] usb 5-1: Product: syz [ 420.828704][ T24] usb 5-1: Manufacturer: syz [ 420.833876][ T24] usb 5-1: SerialNumber: syz [ 420.858343][ T24] usb 5-1: config 0 descriptor?? [ 420.950986][ T43] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 420.971250][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.993095][ T43] usb 2-1: Product: syz [ 420.997405][ T43] usb 2-1: Manufacturer: syz [ 421.002076][ T43] usb 2-1: SerialNumber: syz [ 421.045833][ T43] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 421.068128][T10143] vcan0: tx drop: invalid da for name 0x00eb000000000000 [ 421.073512][ T1228] gspca_sonixj: reg_w1 err -71 [ 421.122065][ T5946] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 421.131558][ T1228] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 421.153751][ T1228] usb 6-1: USB disconnect, device number 34 [ 421.289573][ T24] usb 5-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (2) [ 421.297981][ T24] usb 5-1: Firmware version (0.0) predates our first public release. [ 421.308807][ T24] usb 5-1: Please update to version 0.2 or newer [ 421.316492][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880326a6c00: rx timeout, send abort [ 421.347174][ C1] usb 2-1: ath: unknown panic pattern! [ 421.561819][ T24] usb 5-1: USB disconnect, device number 37 [ 421.816782][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880326a7000: rx timeout, send abort [ 421.825389][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880326a6c00: abort rx timeout. Force session deactivation [ 422.195829][T10155] overlayfs: failed to clone upperpath [ 422.222948][ T5946] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 422.230478][ T5946] ath9k_htc: Failed to initialize the device [ 422.293102][ T5937] usb 2-1: USB disconnect, device number 117 [ 422.324855][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880326a7000: abort rx timeout. Force session deactivation [ 422.344728][ T5937] usb 2-1: ath9k_htc: USB layer deinitialized [ 422.360411][ T24] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 422.408575][ T24] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 422.482426][ T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 422.649366][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 422.672453][ T9] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 422.702466][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 422.728088][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 422.737768][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 422.772264][ T9] usb 5-1: Product: syz [ 422.776581][ T9] usb 5-1: Manufacturer: syz [ 422.791406][ T9] usb 5-1: SerialNumber: syz [ 423.027967][ T9] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 38 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 423.224475][T10173] vxcan1: tx address claim with dest, not broadcast [ 423.340057][ T9] usb 5-1: USB disconnect, device number 38 [ 423.360037][ T9] usblp0: removed [ 423.681846][ T24] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 423.867129][ T24] usb 6-1: unable to get BOS descriptor or descriptor too short [ 423.894619][ T24] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 423.915565][ T24] usb 6-1: can't read configurations, error -71 [ 424.501432][ T1228] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 424.662108][ T1228] usb 5-1: Using ep0 maxpacket: 8 [ 424.695473][ T1228] usb 5-1: unable to get BOS descriptor or descriptor too short [ 424.721207][ T1228] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 424.728843][ T1228] usb 5-1: can't read configurations, error -71 [ 424.837860][T10203] netlink: 'syz.5.1544': attribute type 21 has an invalid length. [ 425.960911][ T1228] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 426.120598][ T1228] usb 5-1: Using ep0 maxpacket: 16 [ 426.134947][ T1228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.156939][ T1228] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.179212][ T1228] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 426.193357][ T1228] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 426.204121][ T1228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.217585][ T1228] usb 5-1: config 0 descriptor?? [ 426.532453][ T24] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 426.633517][ T1228] hid-multitouch 0003:0457:07DA.002A: item 0 4 0 11 parsing failed [ 426.643937][ T1228] hid-multitouch 0003:0457:07DA.002A: probe with driver hid-multitouch failed with error -22 [ 426.656013][ T5946] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 426.705254][ T24] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 426.721908][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.737810][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 426.760485][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.781896][ T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.812135][ T24] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 426.823376][ T5946] usb 2-1: Using ep0 maxpacket: 8 [ 426.837728][ T5946] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 426.847193][ T24] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 426.851905][T10230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.855767][ T5946] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.890695][ T24] usb 6-1: Product: syz [ 426.898107][ T24] usb 6-1: Manufacturer: syz [ 426.901705][T10230] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.910164][ T5946] usb 2-1: Product: syz [ 426.927584][ T5946] usb 2-1: Manufacturer: syz [ 426.937726][ T5946] usb 2-1: SerialNumber: syz [ 426.953043][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 426.964686][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 426.973620][ T5946] usb 2-1: config 0 descriptor?? [ 426.989192][ T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 426.993696][ T5912] usb 5-1: USB disconnect, device number 41 [ 426.998878][ T5946] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 427.007433][ T24] cdc_wdm 6-1:1.0: Unknown control protocol [ 427.183530][ T24] usb 6-1: USB disconnect, device number 37 [ 427.384062][T10238] NILFS (rnullb0): couldn't find nilfs on the device [ 427.519921][ T1228] usb 5-1: new low-speed USB device number 42 using dummy_hcd [ 427.626580][T10276] tipc: Enabling of bearer rejected, failed to enable media [ 427.638481][T10276] sctp: [Deprecated]: syz.2.1571 (pid 10276) Use of int in max_burst socket option. [ 427.638481][T10276] Use struct sctp_assoc_value instead [ 427.703984][ T1228] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 427.720780][ T1228] usb 5-1: config 0 has no interface number 0 [ 427.727139][ T1228] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 427.750170][ T1228] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 427.764179][ T1228] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 427.776459][ T1228] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 427.788087][ T1228] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 427.800323][ T1228] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 427.814141][ T1228] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 427.823859][ T1228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.836008][ T1228] usb 5-1: config 0 descriptor?? [ 427.845169][T10263] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 427.855258][T10263] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 427.871856][ T1228] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 428.079158][T10282] ------------[ cut here ]------------ [ 428.088403][ T9] usb 5-1: USB disconnect, device number 42 [ 428.095579][T10282] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9 [ 428.108180][ T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 428.117195][T10282] shift exponent 32 is too large for 32-bit type 'int' [ 428.134019][T10282] CPU: 0 UID: 0 PID: 10282 Comm: syz.5.1574 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 428.134050][T10282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 428.134065][T10282] Call Trace: [ 428.134074][T10282] [ 428.134097][T10282] dump_stack_lvl+0x189/0x250 [ 428.134138][T10282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 428.134170][T10282] ? __pfx__printk+0x10/0x10 [ 428.134217][T10282] ubsan_epilogue+0xa/0x40 [ 428.134240][T10282] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 428.134286][T10282] ? __comedi_request_region+0x74/0x140 [ 428.134324][T10282] das16m1_attach+0x8ee/0xb20 [ 428.134359][T10282] comedi_device_attach+0x51d/0x670 [ 428.134401][T10282] comedi_unlocked_ioctl+0x686/0xf40 [ 428.134440][T10282] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 428.134502][T10282] ? __lock_acquire+0xab9/0xd20 [ 428.134552][T10282] ? __fget_files+0x2a/0x420 [ 428.134584][T10282] ? __fget_files+0x2a/0x420 [ 428.134609][T10282] ? __fget_files+0x3a0/0x420 [ 428.134635][T10282] ? __fget_files+0x2a/0x420 [ 428.134671][T10282] ? bpf_lsm_file_ioctl+0x9/0x20 [ 428.134702][T10282] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 428.134735][T10282] __se_sys_ioctl+0xfc/0x170 [ 428.134760][T10282] do_syscall_64+0xfa/0x3b0 [ 428.134784][T10282] ? lockdep_hardirqs_on+0x9c/0x150 [ 428.134807][T10282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.134829][T10282] ? clear_bhb_loop+0x60/0xb0 [ 428.134857][T10282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.134877][T10282] RIP: 0033:0x7f222538e929 [ 428.134896][T10282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.134914][T10282] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.134936][T10282] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 428.134952][T10282] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 428.134965][T10282] RBP: 00007f2225410b39 R08: 0000000000000000 R09: 0000000000000000 [ 428.134979][T10282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.134992][T10282] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 428.135027][T10282] [ 428.135115][T10282] ---[ end trace ]--- [ 428.364599][T10282] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 428.371834][T10282] CPU: 0 UID: 0 PID: 10282 Comm: syz.5.1574 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 428.383420][T10282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 428.393512][T10282] Call Trace: [ 428.396825][T10282] [ 428.399795][T10282] dump_stack_lvl+0x99/0x250 [ 428.404494][T10282] ? __asan_memcpy+0x40/0x70 [ 428.409130][T10282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 428.414373][T10282] ? __pfx__printk+0x10/0x10 [ 428.419038][T10282] vpanic+0x281/0x750 [ 428.423054][T10282] ? lockdep_hardirqs_on+0x9c/0x150 [ 428.428275][T10282] ? __pfx_vpanic+0x10/0x10 [ 428.432895][T10282] panic+0xb9/0xc0 [ 428.436627][T10282] ? __pfx_panic+0x10/0x10 [ 428.441057][T10282] ? __pfx__printk+0x10/0x10 [ 428.445770][T10282] check_panic_on_warn+0x89/0xb0 [ 428.450721][T10282] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 428.457178][T10282] ? __comedi_request_region+0x74/0x140 [ 428.462743][T10282] das16m1_attach+0x8ee/0xb20 [ 428.467442][T10282] comedi_device_attach+0x51d/0x670 [ 428.472676][T10282] comedi_unlocked_ioctl+0x686/0xf40 [ 428.478014][T10282] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 428.483858][T10282] ? __lock_acquire+0xab9/0xd20 [ 428.488738][T10282] ? __fget_files+0x2a/0x420 [ 428.493343][T10282] ? __fget_files+0x2a/0x420 [ 428.497944][T10282] ? __fget_files+0x3a0/0x420 [ 428.502631][T10282] ? __fget_files+0x2a/0x420 [ 428.507239][T10282] ? bpf_lsm_file_ioctl+0x9/0x20 [ 428.512189][T10282] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 428.518005][T10282] __se_sys_ioctl+0xfc/0x170 [ 428.522607][T10282] do_syscall_64+0xfa/0x3b0 [ 428.527136][T10282] ? lockdep_hardirqs_on+0x9c/0x150 [ 428.532348][T10282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.538429][T10282] ? clear_bhb_loop+0x60/0xb0 [ 428.543115][T10282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.549016][T10282] RIP: 0033:0x7f222538e929 [ 428.553442][T10282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.573244][T10282] RSP: 002b:00007f22261f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.581677][T10282] RAX: ffffffffffffffda RBX: 00007f22255b5fa0 RCX: 00007f222538e929 [ 428.589657][T10282] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 428.597639][T10282] RBP: 00007f2225410b39 R08: 0000000000000000 R09: 0000000000000000 [ 428.605616][T10282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.613592][T10282] R13: 0000000000000000 R14: 00007f22255b5fa0 R15: 00007ffdd0deb058 [ 428.621586][T10282] [ 428.624892][T10282] Kernel Offset: disabled [ 428.629272][T10282] Rebooting in 86400 seconds..