last executing test programs: 1m59.317682657s ago: executing program 0 (id=8): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)={0x18, 0x56, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1, 0x0, 0x0, 0xea}, 0x0) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x1e, 0x3, @thr={&(0x7f0000000040)="f935219b7ac96773f3f49a65cdd50a13ee", &(0x7f0000000080)="f77c7f3321eac56326506c32cceae5b5605bb3c52525061e1284ddd6553822dc20fe26e7e8e9dfe27e86fe860010e5fa41fbae7836f3e237990ed50d"}}, &(0x7f0000000140)) 1m59.193624507s ago: executing program 0 (id=9): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)={0x18, 0x56, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1, 0x0, 0x0, 0xea}, 0x0) 1m59.085335164s ago: executing program 0 (id=10): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x3d, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0) chroot(&(0x7f0000000100)='./cgroup\x00') 1m58.838560499s ago: executing program 0 (id=11): mkdir(&(0x7f00000000c0)='./file1\x00', 0x16) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000180)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0x9362, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$unix(r1, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x803e, 0x0, 0x0, 0x80}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0) 1m58.8061504s ago: executing program 0 (id=12): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}]}], {0x14}}, 0x5c}}, 0x0) (fail_nth: 9) 1m58.494645289s ago: executing program 0 (id=14): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001340)={0x84, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 1m58.244051748s ago: executing program 32 (id=14): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001340)={0x84, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 7.710572435s ago: executing program 4 (id=648): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000007540), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000007640)={0x0, 0xffffffffffffff93, &(0x7f0000007600)={&(0x7f0000000040)={0x34, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x34}, 0x1, 0x40000000}, 0x4) 6.384159541s ago: executing program 4 (id=649): ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000240)={0x0}) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0022d90400006d83fac605579f586607647444332bead8660c5357b6508258242d79000a7c0197d87f3c7e7c70648ac0cfe85929336193ad858df75e504333a0c84ece70556442740a746a29ac15fe134b8d1395fe33ab47d1"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 4.685640437s ago: executing program 1 (id=654): mkdir(&(0x7f0000000400)='./file0\x00', 0x99) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x8001) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) (fail_nth: 16) 4.462967729s ago: executing program 1 (id=656): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f00000006c0)=0x1ff, 0x4) (async, rerun: 32) r2 = socket$alg(0x26, 0x5, 0x0) (async, rerun: 32) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f0000000180)=@e={0xff, 0xc, 0x0, 0x0, @SEQ_NOTEON=@special}) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(michael_mic-generic,pcbc(fcrypt-generic))\x00'}, 0x58) chdir(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) r4 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x83, &(0x7f0000000080)={'filter\x00', 0x0, 0x0, 0x90, [], 0x0, 0x0, 0x20001100}, &(0x7f0000000100)=0x108) (async) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc004ae0a, &(0x7f0000000000)) (async) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, &(0x7f0000000140)=0x7, 0x4) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) (rerun: 64) 4.138561903s ago: executing program 2 (id=658): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000280)=""/100, &(0x7f0000000300)=0x64) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20004800) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001d"], 0xb8}}, 0x0) r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000080)=[@code={0x1, 0x85, {"2667640f01df48b8279c0000000000000f23c80f21f8350000e0000f23f8c481d971d50bc744240038000000c7442402f57f0000ff1c2466baf80cb875faec8bef66bafc0cb06bee0f01c8c402f924ea47e9d0650000440f20c03506000000440f22c0b98e040000b8cca40000ba000000000f30"}}, @cpuid={0x2, 0x18, {0x8, 0x2}}, @uexit={0x0, 0x18, 0x6}, @cpuid={0x2, 0x18, {0xffff, 0x5e8}}, @code={0x1, 0x58, {"66bad10466ed266664660f38829e2414000066bad104b080ee2e65f242a6c4c17c53df6566400f3829254c85b7a0260febaeb20000002e470f0058ad66bad104ec66430f38300e"}}], 0x125}) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000200)={0x10005, 0x0, [0xc, 0x2, 0x1, 0x4, 0xffffffffffffffa2, 0x0, 0x6, 0xfff]}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000180)='>n', 0x1f) r7 = memfd_secret(0x80000) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000480)={0x9c6, 0x9, 0x0, 'queue1\x00', 0x4}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r9, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400}, 0x2}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r8, 0x40505412, &(0x7f00000000c0)={0x3, 0x1, 0x44, 0x0, 0xd}) ftruncate(r7, 0x3) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r7, 0x4, 0x0, r7}) 4.132137743s ago: executing program 1 (id=659): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$KVM_CAP_HYPERV_SYNIC2(r1, 0x4068aea3, &(0x7f0000000040)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x900) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 4.041912684s ago: executing program 3 (id=660): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0xfffffffc) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r2, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) (fail_nth: 17) 3.362603342s ago: executing program 2 (id=661): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x101000) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x24, 0x1, 0x4, 0x3, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040045}, 0x10) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_driver={0x0, 0xfffffffe}) 3.165723773s ago: executing program 2 (id=662): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) 2.989793857s ago: executing program 1 (id=663): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae085811f1010301090212000d000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000540)=ANY=[], 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="01"]) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000200)={0x14, &(0x7f0000000140)={0x0, 0x34, 0x81, {0x81, 0x11, "cc2c5b41eaaf2e99fbba73eb5751347b8283b7fec9909dbbba9d92cd3b5b014cb7e1f9e3cb7944d999973a5ddbb682d99aae4660fa9a9f405e438b212be38ae8d9c0a5a059821f5ae4ff61d34876918c44f46536fd6d0f9150fff748d4f36c67b43440c08f9e7c9672c92312f9be10e4ae30cd224dd9f3618dee042106c081"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000240)={0x0, 0x6, 0xa6, "fb5e6b9e715e23d940482e86e4e30555ef87ae5d789521a9abdf294be6422eebc00d3e139e6eab75df654e76efda5e42079ff473c73a1e179aea11b78310165099ef49ff5afbf43807a60b997a3f352bcc71dad6b699b5bfcb1a832aad5f1843a7011478b3b3951bfea2c9cfa71e15fea5510190152ef9cdc2fb58231862e7dba8e4887cb5156c5e0540fe085fb5dce543c428d6c1a4c7d776de9b38f36fa6265cff6fea82a1"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x47}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x8, 0x7, 0x5, 0x63c, 0x8, 0x9, 0x1, 0x0, 0x6, 0x0, 0x8, 0x3}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0xb}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000440)={0x20, 0x87, 0x2}, &(0x7f0000000480)={0x20, 0x89, 0x2}}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_disconnect(r0) mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='aufs\x00', 0x0, 0x0) 2.944984076s ago: executing program 4 (id=664): pipe(&(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0xfffffffd}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)="4448fc748b2c81958feb5caa3cfac85342ab98e194000000", 0x18, 0xc005, 0x0, 0x0) r2 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000180)={0x60, 0x3, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x4, &(0x7f0000000100)=[{0x0, 0x3, 0x8}, {0x4, 0x8, 0x4}, {0x0, 0x3}, {0x0, 0x2, 0xfffffffffffffff7}, {0x3, 0x80, 0x9}], 0x5, 0xfffffffffffffffc, 0x0, 0x48, 0x21, 0x44}) shutdown(r1, 0x0) splice(r1, 0x0, r0, 0x0, 0x400000107ffff000, 0x0) 2.787096765s ago: executing program 4 (id=665): r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x20, 0xc, 0x5f, {0x5f, 0x9, "facdb5529957f130362370c52b98dc1c09284f434501d34098ab2262f72a2acb931a7dacee2d8ddfca632469c2f088bc8764c36107e01a6f36d57ab0fbb29edc64f1c776b295093e153bb01e07d1c8903f6b385690aadac7cf21a58fb3"}}, &(0x7f00000005c0)={0x0, 0x3, 0xa8, @string={0xa8, 0x3, "3a6aaa0e86e8554a382742dd1643abbf38d166ceb15ee30810d97520faebf3c837604d9e4a8480072e3a7b783f94542abd118109412db8d0ff9b20026dc449e0c36deb3d8ed8144876f833e56c2286e213451a72290bc7486231c11a734cbdf080817315d403a8b28431928f93645a3243e3525b14c5a1cf194a66f82493817a296a18ea61ef68e2368b35af063695cdebf04d33dec49adce62b99cd764c0b09009594ef72a6"}}}, &(0x7f0000000440)={0x44, &(0x7f0000000140)={0x40, 0x17, 0x5c, "bf477476b3bced989517040d8648cdcdf2759c8c6edf58aa8e913cb5015b6ff8425ca11cfc8070ccc4da204a7726d4f49454480c24006f0fb89f0c980d4c4a97f38695cb3366002a15f77e058c002113cf5fa14bea3ea449cc0014e1"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x18}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xc7}, &(0x7f0000000240)={0x20, 0x81, 0x3, "1567cc"}, &(0x7f0000000300)={0x20, 0x82, 0x1, 'u'}, &(0x7f0000000380)={0x20, 0x83, 0x2, "24f2"}, &(0x7f00000004c0)={0x20, 0x84, 0x4, "00804200"}, &(0x7f0000000400)={0x20, 0x85, 0x3, '\n\x00z'}}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f00000003c0)=ANY=[], 0x0, 0x0}) 2.742904489s ago: executing program 2 (id=666): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000006c0)={0x0, 0x0}) timer_create(0x0, &(0x7f0000000740)={0x0, 0x7, 0x2, @tid=r0}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) splice(r1, &(0x7f0000000600)=0x4, r1, &(0x7f0000000640)=0x401, 0x3, 0x0) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) rename(&(0x7f0000000340)='./file0\x00', &(0x7f00000005c0)='./file0\x00') recvmsg(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)=@x25={0x9, @remote}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000140)=""/137, 0x89}, {&(0x7f0000000400)=""/221, 0xdd}, {&(0x7f0000000380)=""/80, 0x50}, {&(0x7f0000000800)=""/211, 0xd3}, {&(0x7f0000000500)=""/131, 0x83}, {&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000280)=""/191, 0xbf}, {&(0x7f0000000080)=""/1, 0x1}, {&(0x7f0000000900)=""/130, 0x82}], 0xa, &(0x7f0000000780)=""/100, 0x64}, 0x40000002) 2.444292529s ago: executing program 3 (id=667): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48) (async) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r2, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x4e23, 0x2, @empty, 0x3}, @ib={0x1b, 0xfffe, 0x8000000, {"7d900600080000000900"}, 0x0, 0x0, 0x6}}}, 0x118) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) (async) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000) 2.298110309s ago: executing program 3 (id=668): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x800c42, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x100) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x67) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x97, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) 2.198281697s ago: executing program 4 (id=669): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001ec0), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000001f80)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}}, 0x90) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x1418, 0x1}, 0x10}}, 0x20004004) 2.093315695s ago: executing program 4 (id=670): socket$packet(0x11, 0x3, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x14, r2, 0x211, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x100000000000000, 0x0, 0x4044059}, 0x40090) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180)="89e7ee2c7cdad9b4b47380c988ca", 0xe}], 0x1) 1.956560498s ago: executing program 3 (id=671): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20) syz_clone(0x1c140411, 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='bfs\x00', 0x10008, 0x0) io_submit(0x0, 0x1, &(0x7f0000001900)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x1ff, 0xffffffffffffffff, &(0x7f00000004c0)="ff8257e2dd4e6e695b3bc01628d94dfea10aef76518b28fb28672947bc3f708da3e25f2f028f80f2d63a4b116db6fb23199a3bda6b0eefed4a9853dcde6d5166bc729cd30a3b3eb75a9954242c0d946a3616f6b8966dcd349444b70a588ab1b253e0e43a45955c9893dad02432c7108f6acb3a07a85e55546391d66f5c0c009cc8cabe988f516f13ded34d771dd7c3981c2e5e5682f3b881d8c499a25210796063aa1b9d8f8da8433f27341e45aae54029693d4856cd97532d0338544a00fbb477b2f580c99c65e8cd500aaaaf450930625ad1996d79721f8e639bf6204a621253071d6ceb5b26f62375e827d23ce9dc8e3725f3ce7d2fec9dbdde5efa947568ad3a9f949f75a93c28cc073229e2fa27c21d5c71fa5c2b2d0972d2b526d791215f211ca2b420e291505f65f19b571fcae1843b3eba21d8b73452f6cb34c32670c0399df37d94c2cadb73bb5c11042f4260db6c693a666baa987d275f162029c845a688ed72c90415f3c1ce244fa63ea7037380acd302508cb0c8b6590759f2a75425b2d483b8f07598ca9973305006e21aa4a57293f2d943b7b543d401a736f4216f0476f74edb8a44417321ee471eca9d5089ceda7add1e365fcb69df27861ef589345234bd19be2e8ceb04fb6ab7b231f376ad344029c8b806f5e3da26b6abcc1c9257d8caea40aa63f44a8eab3a1b29180adf4155da05794ebdfa473bb5701821b42da5d11b8bc83c98c73450e45e051301338e56e431ccc4e324eeffb3359c631a8fcfa802cab18ed1dff097fc3d99538176018802da9a4eb144adc1a2135d03de1a9a83eb3ce09636f1c30382fc9005a25de37c6e093e18394441d9f32fc5b8bd49b7a9cfc7e558944f38631fcbd3341dda789ac52c7c1d088b63c034e18a62a3833b54f427c7fbd9230f027d0b4290ff1ee372a63a0eeca778e182b6c254b777afaed2a933dc0bda70e196116c0b18279ae4c58370cefb4bcbaba0f971ab818acf63361271f80783fd31efb7f1e92f91dcb089127d4f04fc4810fb077f7df08b05ffa453089c057d12ba9dbfd2d92a72154b904bc2044406475a080b9dc545b69a6de999192cad6c03a42c7bded956690afa3c24498e0090e2c82f045b11fb93cacff43fb181d76f9269f82f158f6dfc870941c7902d4d84f22952a94f44b7c06cd1287e265083768480979d314a82f6ad97c97088f9bff43185396c2f37309941d28cb996d5454b62273b00b54d212ab8a6e2d6d83ab80ebb26ca857eecefd6d1fa5b2c158ce10fa3e2838b1566c5a05ea5140c287abdc70ee736733d44df847cb3a53d81aec948b87c10c5179dc021b216197d42b1046bf1910a5f561394059a64e8da76319d209b72ea48fde52c2e5ed1b4c3c339af608b5723970c169c041495a0ffab47e9772d9816dd212323621ff7d9e70bbedfd97fb9f192e141dea06a64271b8f037765f48e78d3a9ee4f1390144a08cf79f7174b2b2a4a71680da99dc814fb53d67a048b4d7fe2364e87a9c80bf8bdf8b776ba49b91fa3fb3222c5d452f38172f32197139d636dd3684e9701c1ac2df8740d7dbdbf3507b652feb09c7eb35538c5928628816a98724339632898b6bd865bb86a3a61da709d1967b1f960a8ac88670b97fe5223081fd16d65d85afd35c7643e25bc648596e81845e03be19051ecbfb1ae8b1169330443e63d67f922ae7c9ae70e8a916f408bcf5b0ad85be5e1639b4653a455b0d5328a306e7d35291556943928835ba6cbd26088b06ab3c5dc8abf13d2708ed42fda9d16bbe7873bdb0d97ee6158b04ed932d99bd310f1a10cc417984fbb16ca5d9ef96979852fe797ea8b4f43119588ea7f2b791e77c727bb01d6fcf5493be31c34a0f9ea5927da914b57d2c2158754ff6026da8ca96c5e0059fd358975e778f17d26a43711659db685b6fa68f21ba90133181ee904ea5bc659a6e11121e93b14e00cbb09abd9a3fce43855754e5886c6a96dd703321dd8683e5dcb4ad33291f0000b15efbb3a2838dad5ebfdc051fc724cd792da3700d923854adac2a55302b6e06b0ff2770552194aacb4e234c57e996a34dd2810f3b3b984c1e54a35c592258dacf913b0bb32be1b1ba9017a6edb2ec122610168d8613fa237a3dd0b06e6bc329801e6557ebfee56488621b9a6011273ba21936e8cc4bd8ad7e0a7de69756676f3fa4ee92a6fe3bec8828ae0c575217132ff03dd6e0a5ec887abeab6fbdd85cfab59d7f02c8beaf5b036884c6dd3ef33d0a50d7ffa2786d934cfff5a2c6576238389f98382546abe39d7b542667a59335bc60f9c38802db9fd1beff66bef52ef822caffd4ff22a3f50be2c3c4c34ac7ceeb559d1bfd4f6d25f3de1c3ce3abd1530169f0e2bdbd01fb5171403f3d68d2223d0ea41afbc9a2cfb6dfe9b24becfdb9b6e939ce42dd19893c79881db5ab809df1bac712b5a8adedd32dc649e5df0dca39806c0c6b039153c2c1fac10362f3ff55ef2745968ba2627b2a8549d76fa002f88395c660e28a3e05c6042909dcfd577783cc8e5cfacad07f7123322da055559f7888c913b405872e56a394eaa0035d2fdd3aacf0cd27e051c26df919ba8aca1a07c39078360f202b02f465dc7afe5585cc48ab50815a90882a717219cad8d4a8b8c94bbd6341dc89527afa9059850bf569aeb248f1981578892cb0dc418529dd44c3f83d06ab908412d847f556e7e68a1a476240bf3013c4507681f69684d75d90f81ac511f4ea422536918cd9be4efbcc00b6d2c35ce543e8dfc7ce554b3c75be24fdf6542502764601a4425f1e8f984727df7aa877879a4e982bdef3bc4c5e8c68515273fc334528135ea65065db3a7cb23982fef96e08700523e01373a54e4192d9c924290112573f95010c3d29209bf3a358a93737ea302b444477d3ae569f0411aff1a5861e92bd7b1bb443a3281077c404bbf023dbc1b30cb", 0x82d, 0x8, 0x0, 0x1}]) setsockopt$sock_int(r1, 0x1, 0x1d, &(0x7f0000000000)=0x7, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$xdp(0x2c, 0x3, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='sessionid\x00') read$FUSE(r3, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086203, &(0x7f0000000480)=0x7) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000080)=0x5448, 0x4e) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="fc01000013000100000000000000000000000000000000000000000000000001fc0200000000000000000000000000014e24000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02f3ff000000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d6320000000a000000ac1414aa000000000000000000000000053500000303030009000000b4000000070000007f000001000000000000000000000000000004d36c0000000000"], 0x1fc}, 0x1, 0x0, 0x0, 0x6095}, 0x0) sendfile(r0, r0, 0x0, 0x7ffff000) 930.307024ms ago: executing program 3 (id=672): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000400)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000100)="3b00fff4010001", 0x7) 912.623169ms ago: executing program 3 (id=673): ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000240)={0x0}) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0022d90400006d83fac605579f586607647444332bead8660c5357b6508258242d79000a7c0197d87f3c7e7c70648ac0cfe85929336193ad858df75e504333a0c84ece70556442740a746a29ac15fe134b8d1395fe33ab47d1"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 703.413471ms ago: executing program 2 (id=674): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) 518.654539ms ago: executing program 1 (id=675): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x409c884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @local}, 0x1c) sendto$inet6(r0, 0x0, 0x60, 0x2000000, 0x0, 0x0) 413.322805ms ago: executing program 1 (id=676): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x27c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x4, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x2, 0x4) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='qnx4\x00', 0x208000, 0x0) (async) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='qnx4\x00', 0x208000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x4000010, r1, 0x45809000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) clock_settime(0xcd1f6467c1540c16, &(0x7f00000000c0)) r3 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setsig(r3, 0xa, 0x21) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) fcntl$setlease(r3, 0x400, 0x1) (async) fcntl$setlease(r3, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) recvfrom$inet(r4, 0x0, 0x0, 0x2000, 0x0, 0x0) (async) recvfrom$inet(r4, 0x0, 0x0, 0x2000, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) (async) close_range(r3, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000140)=@gcm_128={{0x304}, "bd651af340bc453a", "582fc55db80278f337123dd9d1fbdce8", "f76efc5c", "12197d7a2e79dd9b"}, 0x28) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB="b01100001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200002000000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000f50300000000000000020000000000000000000000000000000104000000000000000000000000000002000000000000000300000000200000000000000000000000000000000000000100000000000000440005007f000001000000000000000000000000000000042b0000000a000000fe8000000000000000000000000000aa0000000004000b000000000000000000000000000c100800081008"], 0x11b0}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) dup(0xffffffffffffffff) (async) r7 = dup(0xffffffffffffffff) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0x1) 0s ago: executing program 2 (id=677): r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x20, 0xc, 0x5f, {0x5f, 0x9, "facdb5529957f130362370c52b98dc1c09284f434501d34098ab2262f72a2acb931a7dacee2d8ddfca632469c2f088bc8764c36107e01a6f36d57ab0fbb29edc64f1c776b295093e153bb01e07d1c8903f6b385690aadac7cf21a58fb3"}}, &(0x7f00000005c0)={0x0, 0x3, 0xa8, @string={0xa8, 0x3, "3a6aaa0e86e8554a382742dd1643abbf38d166ceb15ee30810d97520faebf3c837604d9e4a8480072e3a7b783f94542abd118109412db8d0ff9b20026dc449e0c36deb3d8ed8144876f833e56c2286e213451a72290bc7486231c11a734cbdf080817315d403a8b28431928f93645a3243e3525b14c5a1cf194a66f82493817a296a18ea61ef68e2368b35af063695cdebf04d33dec49adce62b99cd764c0b09009594ef72a6"}}}, &(0x7f0000000440)={0x44, &(0x7f0000000140)={0x40, 0x17, 0x5c, "bf477476b3bced989517040d8648cdcdf2759c8c6edf58aa8e913cb5015b6ff8425ca11cfc8070ccc4da204a7726d4f49454480c24006f0fb89f0c980d4c4a97f38695cb3366002a15f77e058c002113cf5fa14bea3ea449cc0014e1"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x18}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xc7}, &(0x7f0000000240)={0x20, 0x81, 0x3, "1567cc"}, &(0x7f0000000300)={0x20, 0x82, 0x1, 'u'}, &(0x7f0000000380)={0x20, 0x83, 0x2, "24f2"}, &(0x7f00000004c0)={0x20, 0x84, 0x4, "00804200"}, &(0x7f0000000400)={0x20, 0x85, 0x3, '\n\x00z'}}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f00000003c0)=ANY=[], 0x0, 0x0}) kernel console output (not intermixed with test programs): 00246 ORIG_RAX: 0000000000000000 [ 143.164780][ T7254] RAX: ffffffffffffffda RBX: 00007f71dbbb5fa0 RCX: 00007f71db98e929 [ 143.164793][ T7254] RDX: 000000000000001d RSI: 0000200000000500 RDI: 0000000000000003 [ 143.164804][ T7254] RBP: 00007f71dc86c090 R08: 0000000000000000 R09: 0000000000000000 [ 143.164814][ T7254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.164824][ T7254] R13: 0000000000000000 R14: 00007f71dbbb5fa0 R15: 00007fff53b4efa8 [ 143.164853][ T7254] [ 143.590974][ T24] usb 2-1: USB disconnect, device number 21 [ 143.615967][ T5834] gspca_vc032x: reg_w err -71 [ 143.620766][ T5834] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 143.671300][ T5834] usb 4-1: USB disconnect, device number 24 [ 143.701890][ T5889] usbhid 3-1:0.0: can't add hid device: -71 [ 143.708053][ T5889] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 143.731591][ T5889] usb 3-1: USB disconnect, device number 23 [ 144.304684][ T7282] FAULT_INJECTION: forcing a failure. [ 144.304684][ T7282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.318537][ T7282] CPU: 0 UID: 0 PID: 7282 Comm: syz.1.358 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 144.318561][ T7282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.318572][ T7282] Call Trace: [ 144.318579][ T7282] [ 144.318586][ T7282] dump_stack_lvl+0x189/0x250 [ 144.318610][ T7282] ? __pfx____ratelimit+0x10/0x10 [ 144.318631][ T7282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.318647][ T7282] ? __pfx__printk+0x10/0x10 [ 144.318666][ T7282] ? __might_fault+0xb0/0x130 [ 144.318693][ T7282] should_fail_ex+0x414/0x560 [ 144.318716][ T7282] _copy_from_iter+0x1db/0x16f0 [ 144.318737][ T7282] ? __pfx__copy_from_iter+0x10/0x10 [ 144.318749][ T7282] ? sock_alloc_send_pskb+0x875/0x990 [ 144.318763][ T7282] ? __pfx__copy_from_iter+0x10/0x10 [ 144.318778][ T7282] ? page_copy_sane+0x16a/0x280 [ 144.318792][ T7282] copy_page_from_iter+0xdd/0x170 [ 144.318808][ T7282] skb_copy_datagram_from_iter+0x306/0x720 [ 144.318827][ T7282] packet_sendmsg+0x3ad8/0x5410 [ 144.318843][ T7282] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 144.318862][ T7282] ? __pfx___might_resched+0x10/0x10 [ 144.318871][ T7282] ? __lock_acquire+0xab9/0xd20 [ 144.318893][ T7282] ? __pfx_packet_sendmsg+0x10/0x10 [ 144.318901][ T7282] ? aa_sk_perm+0x81e/0x950 [ 144.318913][ T7282] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 144.318928][ T7282] ? aa_sock_msg_perm+0xf1/0x1d0 [ 144.318939][ T7282] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.318952][ T7282] ? __pfx_packet_sendmsg+0x10/0x10 [ 144.318961][ T7282] __sock_sendmsg+0x219/0x270 [ 144.318975][ T7282] __sys_sendto+0x3bd/0x520 [ 144.318990][ T7282] ? __pfx___sys_sendto+0x10/0x10 [ 144.319002][ T7282] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 144.319021][ T7282] ? __fget_files+0x3a0/0x420 [ 144.319040][ T7282] ? ksys_write+0x22a/0x250 [ 144.319053][ T7282] ? __pfx_ksys_write+0x10/0x10 [ 144.319069][ T7282] ? rcu_is_watching+0x15/0xb0 [ 144.319081][ T7282] __x64_sys_sendto+0xde/0x100 [ 144.319097][ T7282] do_syscall_64+0xfa/0x3b0 [ 144.319109][ T7282] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.319121][ T7282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.319130][ T7282] ? clear_bhb_loop+0x60/0xb0 [ 144.319141][ T7282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.319149][ T7282] RIP: 0033:0x7f843118e929 [ 144.319159][ T7282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.319167][ T7282] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 144.319178][ T7282] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 144.319185][ T7282] RDX: 00000000000100a6 RSI: 0000200000000180 RDI: 0000000000000003 [ 144.319191][ T7282] RBP: 00007f8431fd6090 R08: 0000200000000140 R09: 0000000000000014 [ 144.319197][ T7282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 144.319203][ T7282] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 144.319217][ T7282] [ 144.659154][ T7284] warning: `syz.4.359' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 144.685685][ T5889] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 144.825683][ T5889] usb 4-1: device descriptor read/64, error -71 [ 144.955919][ T5834] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 145.070259][ T5889] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 145.115865][ T5834] usb 2-1: device descriptor read/64, error -71 [ 145.225709][ T5889] usb 4-1: device descriptor read/64, error -71 [ 145.255715][ T24] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 145.335969][ T5889] usb usb4-port1: attempt power cycle [ 145.355807][ T5834] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 145.419102][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.430196][ T24] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 145.439281][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.449120][ T24] usb 3-1: config 0 descriptor?? [ 145.495922][ T5834] usb 2-1: device descriptor read/64, error -71 [ 145.606195][ T5834] usb usb2-port1: attempt power cycle [ 145.685929][ T5889] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 145.716420][ T5889] usb 4-1: device descriptor read/8, error -71 [ 145.743759][ T7294] netlink: 16 bytes leftover after parsing attributes in process `syz.4.363'. [ 145.753510][ T7294] openvswitch: netlink: Flow key attr not present in new flow. [ 145.945757][ T5834] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 145.965816][ T5889] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 145.967282][ T5834] usb 2-1: device descriptor read/8, error -71 [ 145.986530][ T5889] usb 4-1: device descriptor read/8, error -71 [ 146.065789][ T5913] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 146.106207][ T5889] usb usb4-port1: unable to enumerate USB device [ 146.215781][ T5834] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 146.236192][ T5913] usb 5-1: Using ep0 maxpacket: 32 [ 146.236387][ T5834] usb 2-1: device descriptor read/8, error -71 [ 146.243212][ T5913] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 146.257971][ T5913] usb 5-1: config 0 has no interface number 0 [ 146.266253][ T5913] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 146.275352][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.283800][ T5913] usb 5-1: Product: syz [ 146.289214][ T5913] usb 5-1: Manufacturer: syz [ 146.293869][ T5913] usb 5-1: SerialNumber: syz [ 146.301234][ T5913] usb 5-1: config 0 descriptor?? [ 146.312753][ T5913] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 146.323340][ T5913] usb 5-1: selecting invalid altsetting 1 [ 146.329238][ T5913] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 146.341916][ T5913] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 146.353310][ T5913] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 146.358189][ T5834] usb usb2-port1: unable to enumerate USB device [ 146.361673][ T5913] usb 5-1: media controller created [ 146.388212][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 146.513985][ T7296] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 146.521898][ T7296] UDF-fs: Scanning with blocksize 4096 failed [ 146.531829][ T5913] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 146.544614][ T5913] zl10353_read_register: readreg error (reg=127, ret==-71) [ 146.552825][ T5913] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 146.592101][ T5913] usb 5-1: USB disconnect, device number 24 [ 147.346116][ T5913] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 147.525757][ T5913] usb 5-1: Using ep0 maxpacket: 8 [ 147.534355][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.544708][ T5913] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 147.553833][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.565796][ T5834] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 147.566929][ T5913] usb 5-1: config 0 descriptor?? [ 147.583567][ T5913] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 147.729259][ T5834] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.741747][ T5834] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 147.752395][ T5834] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 147.771785][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 147.790506][ T5834] usb 4-1: SerialNumber: syz [ 148.055978][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 148.062034][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 148.074497][ T24] usb 3-1: USB disconnect, device number 24 [ 148.393805][ T5834] usb 4-1: 0:2 : does not exist [ 148.432010][ T5834] usb 4-1: USB disconnect, device number 29 [ 148.476588][ T6143] udevd[6143]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 148.535843][ T24] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 148.708612][ T24] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 148.720276][ T24] usb 2-1: config 0 has no interface number 0 [ 148.726726][ T24] usb 2-1: too many endpoints for config 0 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 148.738308][ T24] usb 2-1: config 0 interface 1 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 148.752116][ T24] usb 2-1: config 0 interface 1 has no altsetting 0 [ 148.759165][ T24] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 148.768789][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.779914][ T24] usb 2-1: config 0 descriptor?? [ 148.790681][ T24] usb 2-1: selecting invalid altsetting 1 [ 148.798875][ T24] dvb_ttusb_budget: ttusb_init_controller: error [ 148.805223][ T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 148.815530][ T7334] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 148.841915][ T7334] CIFS mount error: No usable UNC path provided in device string! [ 148.841915][ T7334] [ 148.856455][ T7334] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 148.918998][ T24] DVB: Unable to find symbol cx22700_attach() [ 148.969455][ T24] DVB: Unable to find symbol tda10046_attach() [ 148.978374][ T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 149.009823][ T24] usb 2-1: USB disconnect, device number 26 [ 149.097981][ T5913] gspca_vc032x: reg_w err -71 [ 149.104218][ T5913] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 149.128686][ T5913] usb 5-1: USB disconnect, device number 25 [ 149.395904][ T5928] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 149.587660][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.609460][ T5928] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 149.633514][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.655697][ T5928] usb 4-1: config 0 descriptor?? [ 149.739740][ T7347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.382'. [ 149.749118][ T7333] orangefs_mount: mount request failed with -4 [ 149.896489][ T7349] CUSE: info not properly terminated [ 149.916917][ T7349] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 150.018733][ T5834] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 150.168123][ T7357] FAULT_INJECTION: forcing a failure. [ 150.168123][ T7357] name failslab, interval 1, probability 0, space 0, times 0 [ 150.181438][ T7357] CPU: 1 UID: 0 PID: 7357 Comm: syz.1.386 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 150.181466][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.181476][ T7357] Call Trace: [ 150.181484][ T7357] [ 150.181491][ T7357] dump_stack_lvl+0x189/0x250 [ 150.181515][ T7357] ? __pfx____ratelimit+0x10/0x10 [ 150.181536][ T7357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.181554][ T7357] ? __pfx__printk+0x10/0x10 [ 150.181575][ T7357] ? __pfx___might_resched+0x10/0x10 [ 150.181592][ T7357] ? fs_reclaim_acquire+0x7d/0x100 [ 150.181619][ T7357] should_fail_ex+0x414/0x560 [ 150.181648][ T7357] should_failslab+0xa8/0x100 [ 150.181669][ T7357] __kmalloc_cache_noprof+0x70/0x3d0 [ 150.181687][ T7357] ? fuse_file_alloc+0xb7/0x230 [ 150.181709][ T7357] fuse_file_alloc+0xb7/0x230 [ 150.181729][ T7357] fuse_file_open+0x157/0x910 [ 150.181763][ T7357] ? __pfx_fuse_file_open+0x10/0x10 [ 150.181781][ T7357] ? do_raw_spin_unlock+0x122/0x240 [ 150.181806][ T7357] ? fuse_set_nowrite+0x16c/0x2f0 [ 150.181831][ T7357] ? __pfx_fuse_set_nowrite+0x10/0x10 [ 150.181855][ T7357] ? down_write+0x162/0x1f0 [ 150.181877][ T7357] ? __pfx_down_write+0x10/0x10 [ 150.181903][ T7357] ? __pfx_apparmor_file_open+0x10/0x10 [ 150.181925][ T7357] ? mnt_get_write_access+0x68/0x2a0 [ 150.181946][ T7357] fuse_open+0x370/0x750 [ 150.181969][ T7357] ? __pfx_fuse_open+0x10/0x10 [ 150.181987][ T7357] do_dentry_open+0xdf0/0x1970 [ 150.182029][ T7357] vfs_open+0x3b/0x340 [ 150.182050][ T7357] ? path_openat+0x2ecd/0x3830 [ 150.182071][ T7357] path_openat+0x2ee5/0x3830 [ 150.182087][ T7357] ? arch_stack_walk+0xfc/0x150 [ 150.182142][ T7357] ? __pfx_path_openat+0x10/0x10 [ 150.182158][ T7357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.182196][ T7357] do_filp_open+0x1fa/0x410 [ 150.182212][ T7357] ? __lock_acquire+0xab9/0xd20 [ 150.182237][ T7357] ? __pfx_do_filp_open+0x10/0x10 [ 150.182279][ T7357] ? _raw_spin_unlock+0x28/0x50 [ 150.182297][ T7357] ? alloc_fd+0x64c/0x6c0 [ 150.182330][ T7357] do_sys_openat2+0x121/0x1c0 [ 150.182349][ T7357] ? __pfx_do_sys_openat2+0x10/0x10 [ 150.182363][ T7357] ? irqentry_exit+0x74/0x90 [ 150.182398][ T7357] __x64_sys_creat+0x8f/0xc0 [ 150.182424][ T7357] do_syscall_64+0xfa/0x3b0 [ 150.182444][ T7357] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.182464][ T7357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.182480][ T7357] ? clear_bhb_loop+0x60/0xb0 [ 150.182501][ T7357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.182517][ T7357] RIP: 0033:0x7f843118e929 [ 150.182531][ T7357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.182543][ T7357] RSP: 002b:00007f8431fb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 150.182560][ T7357] RAX: ffffffffffffffda RBX: 00007f84313b6080 RCX: 00007f843118e929 [ 150.182572][ T7357] RDX: 0000000000000000 RSI: 000000000000012c RDI: 0000200000001380 [ 150.182582][ T7357] RBP: 00007f8431fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 150.182591][ T7357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.182601][ T7357] R13: 0000000000000000 R14: 00007f84313b6080 R15: 00007ffdf45157a8 [ 150.182627][ T7357] [ 150.525720][ T5834] usb 5-1: Using ep0 maxpacket: 8 [ 150.538382][ T5834] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 150.554336][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.567779][ T5834] usb 5-1: Product: syz [ 150.573387][ T7360] qnx6: unable to set blocksize [ 150.578855][ T5834] usb 5-1: Manufacturer: syz [ 150.583484][ T5834] usb 5-1: SerialNumber: syz [ 150.599071][ T5834] usb 5-1: config 0 descriptor?? [ 150.773766][ T7365] syz.2.389 (7365) used greatest stack depth: 15960 bytes left [ 150.833154][ T5834] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 150.841722][ T5834] gspca_sonixj: reg_w1 err -71 [ 150.847966][ T5834] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 150.861682][ T5834] usb 5-1: USB disconnect, device number 26 [ 151.036815][ T5882] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 151.206033][ T5882] usb 3-1: Using ep0 maxpacket: 32 [ 151.213237][ T5882] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 151.226336][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 151.233991][ T5882] usb 3-1: config 0 interface 0 has no altsetting 0 [ 151.240784][ T5882] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 151.250787][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.268221][ T5882] usb 3-1: config 0 descriptor?? [ 151.278720][ T5882] usbhid 3-1:0.0: can't add hid device: -22 [ 151.284727][ T5882] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 151.398460][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 151.405809][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 151.419316][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 151.428839][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.450918][ T9] usb 2-1: config 0 descriptor?? [ 151.473733][ T9] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 151.492193][ T7367] FAT-fs (rnullb0): bogus number of reserved sectors [ 151.499063][ T7367] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 151.512575][ T5882] usb 3-1: USB disconnect, device number 25 [ 152.168924][ T5928] usbhid 4-1:0.0: can't add hid device: -71 [ 152.189055][ T5928] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 152.226702][ T5928] usb 4-1: USB disconnect, device number 30 [ 152.383953][ T7405] netlink: 16 bytes leftover after parsing attributes in process `syz.3.397'. [ 152.397888][ T7405] openvswitch: netlink: Flow key attr not present in new flow. [ 152.698707][ T7416] IPVS: length: 68 != 24 [ 152.885257][ T9] gspca_vc032x: reg_w err -71 [ 152.894295][ T9] vc032x 2-1:0.0: probe with driver vc032x failed with error -71 [ 152.905784][ T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 152.930934][ T9] usb 2-1: USB disconnect, device number 27 [ 152.955647][ C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20050 ms [ 152.964088][ C0] sl0: transmit timed out, driver error? [ 153.056397][ T7430] NILFS (rnullb0): couldn't find nilfs on the device [ 153.098037][ T24] usb 3-1: config 0 has an invalid interface number: 219 but max is 0 [ 153.108567][ T24] usb 3-1: config 0 has no interface number 0 [ 153.114683][ T24] usb 3-1: config 0 interface 219 altsetting 0 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 153.129316][ T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice=44.42 [ 153.139195][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.150858][ T24] usb 3-1: Product: syz [ 153.155042][ T24] usb 3-1: Manufacturer: syz [ 153.159712][ T24] usb 3-1: SerialNumber: syz [ 153.181086][ T24] usb 3-1: config 0 descriptor?? [ 153.208555][ T5928] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 153.220729][ T24] appletouch 3-1:0.219: Could not find int-in endpoint [ 153.233742][ T24] appletouch 3-1:0.219: probe with driver appletouch failed with error -5 [ 153.244550][ T24] usbhid 3-1:0.219: couldn't find an input interrupt endpoint [ 153.387363][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.411138][ T5928] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 153.428389][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.589625][ T5928] usb 4-1: config 0 descriptor?? [ 153.634689][ T5898] usb 3-1: USB disconnect, device number 26 [ 153.996648][ T24] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 154.166054][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 154.173210][ T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 154.186602][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.205898][ T24] usb 2-1: config 0 descriptor?? [ 154.418503][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 154.432461][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 154.443272][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 154.450812][ T24] usb 2-1: media controller created [ 154.470010][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 154.632390][ T7456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.656141][ T7456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.702378][ T24] az6027: usb out operation failed. (-71) [ 154.708717][ T24] stb0899_attach: Driver disabled by Kconfig [ 154.714919][ T24] az6027: no front-end attached [ 154.714919][ T24] [ 154.739896][ T24] az6027: usb out operation failed. (-71) [ 154.755853][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 154.787065][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input21 [ 154.831169][ T24] dvb-usb: schedule remote query interval to 400 msecs. [ 154.858983][ T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 154.891370][ T24] usb 2-1: USB disconnect, device number 28 [ 155.012796][ T7466] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.043105][ T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 155.081176][ T7466] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 155.085888][ T5898] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 155.258950][ T5898] usb 5-1: Using ep0 maxpacket: 8 [ 155.274427][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.289704][ T5898] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 155.299099][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.319419][ T5898] usb 5-1: config 0 descriptor?? [ 155.336683][ T5898] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 155.992879][ T5928] usbhid 4-1:0.0: can't add hid device: -71 [ 156.020999][ T5928] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 156.071715][ T5928] usb 4-1: USB disconnect, device number 31 [ 156.115697][ T24] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 156.280488][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 156.292455][ T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 156.305824][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 156.325054][ T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 156.340857][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 156.352338][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 156.405889][ T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 156.414756][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 156.435643][ T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 156.456079][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 156.495658][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 156.516863][ T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 156.525118][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 156.536972][ T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 156.553949][ T7510] FAULT_INJECTION: forcing a failure. [ 156.553949][ T7510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.565151][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 156.581931][ T7510] CPU: 0 UID: 0 PID: 7510 Comm: syz.1.436 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 156.581955][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.581965][ T7510] Call Trace: [ 156.581972][ T7510] [ 156.581983][ T7510] dump_stack_lvl+0x189/0x250 [ 156.582006][ T7510] ? __pfx____ratelimit+0x10/0x10 [ 156.582027][ T7510] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.582044][ T7510] ? __pfx__printk+0x10/0x10 [ 156.582060][ T7510] ? __might_fault+0xb0/0x130 [ 156.582087][ T7510] should_fail_ex+0x414/0x560 [ 156.582123][ T7510] _copy_from_iter+0x1db/0x16f0 [ 156.582124][ T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 156.582150][ T7510] ? rcu_is_watching+0x15/0xb0 [ 156.582167][ T7510] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 156.582182][ T7510] ? __pfx__copy_from_iter+0x10/0x10 [ 156.582202][ T7510] ? __build_skb_around+0x257/0x3e0 [ 156.582228][ T7510] ? netlink_sendmsg+0x642/0xb30 [ 156.582248][ T7510] ? skb_put+0x11b/0x210 [ 156.582272][ T7510] netlink_sendmsg+0x6b2/0xb30 [ 156.582301][ T7510] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.582324][ T7510] ? aa_sock_msg_perm+0xf1/0x1d0 [ 156.582343][ T7510] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 156.582364][ T7510] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.582385][ T7510] __sock_sendmsg+0x219/0x270 [ 156.582407][ T7510] ____sys_sendmsg+0x505/0x830 [ 156.582429][ T7510] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.582454][ T7510] ? import_iovec+0x74/0xa0 [ 156.582471][ T7510] ___sys_sendmsg+0x21f/0x2a0 [ 156.582490][ T7510] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.582540][ T7510] ? __fget_files+0x2a/0x420 [ 156.582559][ T7510] ? __fget_files+0x3a0/0x420 [ 156.582589][ T7510] __x64_sys_sendmsg+0x19b/0x260 [ 156.582607][ T7510] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 156.582632][ T7510] ? __pfx_ksys_write+0x10/0x10 [ 156.582647][ T7510] ? rcu_is_watching+0x15/0xb0 [ 156.582667][ T7510] ? do_syscall_64+0xbe/0x3b0 [ 156.582690][ T7510] do_syscall_64+0xfa/0x3b0 [ 156.582709][ T7510] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.582728][ T7510] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.582743][ T7510] ? clear_bhb_loop+0x60/0xb0 [ 156.582762][ T7510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.582777][ T7510] RIP: 0033:0x7f843118e929 [ 156.582793][ T7510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.582806][ T7510] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 156.582824][ T7510] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 156.582836][ T7510] RDX: 000000000000c800 RSI: 00002000000002c0 RDI: 0000000000000003 [ 156.582847][ T7510] RBP: 00007f8431fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 156.582857][ T7510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.582865][ T7510] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 156.582891][ T7510] [ 156.853730][ T5898] gspca_vc032x: reg_w err -71 [ 156.877929][ T24] usb 3-1: string descriptor 0 read error: -22 [ 156.895573][ T24] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 156.909914][ T5898] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 156.947868][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.981102][ T5898] usb 5-1: USB disconnect, device number 27 [ 156.987463][ T24] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 157.067129][ T7522] random: crng reseeded on system resumption [ 157.104762][ T7523] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 157.113383][ T7522] FAULT_INJECTION: forcing a failure. [ 157.113383][ T7522] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 157.131885][ T7523] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 157.139408][ T7522] CPU: 0 UID: 0 PID: 7522 Comm: syz.3.439 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 157.139431][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.139441][ T7522] Call Trace: [ 157.139448][ T7522] [ 157.139456][ T7522] dump_stack_lvl+0x189/0x250 [ 157.139479][ T7522] ? __pfx____ratelimit+0x10/0x10 [ 157.139501][ T7522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.139518][ T7522] ? __pfx__printk+0x10/0x10 [ 157.139539][ T7522] ? fs_reclaim_acquire+0x7d/0x100 [ 157.139568][ T7522] should_fail_ex+0x414/0x560 [ 157.139598][ T7522] prepare_alloc_pages+0x213/0x610 [ 157.139626][ T7522] __alloc_frozen_pages_noprof+0x123/0x370 [ 157.139651][ T7522] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 157.139693][ T7522] alloc_pages_mpol+0x232/0x4a0 [ 157.139720][ T7522] alloc_pages_noprof+0xa9/0x190 [ 157.139741][ T7522] get_zeroed_page_noprof+0x1a/0x90 [ 157.139764][ T7522] get_image_page+0x36/0x330 [ 157.139783][ T7522] ? memory_bm_create+0x134/0xdc0 [ 157.139807][ T7522] memory_bm_create+0x736/0xdc0 [ 157.139836][ T7522] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 157.139869][ T7522] create_basic_memory_bitmaps+0x98/0x3d0 [ 157.139896][ T7522] snapshot_open+0x1aa/0x280 [ 157.139920][ T7522] ? __pfx_snapshot_open+0x10/0x10 [ 157.139941][ T7522] misc_open+0x2b9/0x330 [ 157.139967][ T7522] chrdev_open+0x4c9/0x5e0 [ 157.139992][ T7522] ? __pfx_chrdev_open+0x10/0x10 [ 157.140021][ T7522] ? __pfx_chrdev_open+0x10/0x10 [ 157.140041][ T7522] do_dentry_open+0xdf0/0x1970 [ 157.140081][ T7522] vfs_open+0x3b/0x340 [ 157.140101][ T7522] ? path_openat+0x2ecd/0x3830 [ 157.140121][ T7522] path_openat+0x2ee5/0x3830 [ 157.140136][ T7522] ? arch_stack_walk+0xfc/0x150 [ 157.140188][ T7522] ? __pfx_path_openat+0x10/0x10 [ 157.140204][ T7522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.140241][ T7522] do_filp_open+0x1fa/0x410 [ 157.140257][ T7522] ? __lock_acquire+0xab9/0xd20 [ 157.140282][ T7522] ? __pfx_do_filp_open+0x10/0x10 [ 157.140322][ T7522] ? _raw_spin_unlock+0x28/0x50 [ 157.140339][ T7522] ? alloc_fd+0x64c/0x6c0 [ 157.140372][ T7522] do_sys_openat2+0x121/0x1c0 [ 157.140391][ T7522] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.140412][ T7522] ? ksys_write+0x22a/0x250 [ 157.140433][ T7522] ? __pfx_ksys_write+0x10/0x10 [ 157.140455][ T7522] __x64_sys_openat+0x138/0x170 [ 157.140477][ T7522] do_syscall_64+0xfa/0x3b0 [ 157.140496][ T7522] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.140515][ T7522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.140531][ T7522] ? clear_bhb_loop+0x60/0xb0 [ 157.140550][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.140567][ T7522] RIP: 0033:0x7f6eb1d8e929 [ 157.140581][ T7522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.140595][ T7522] RSP: 002b:00007f6eafbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.140612][ T7522] RAX: ffffffffffffffda RBX: 00007f6eb1fb5fa0 RCX: 00007f6eb1d8e929 [ 157.140624][ T7522] RDX: 0000000000000041 RSI: 0000200000003a40 RDI: ffffffffffffff9c [ 157.140635][ T7522] RBP: 00007f6eafbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 157.140645][ T7522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.140655][ T7522] R13: 0000000000000001 R14: 00007f6eb1fb5fa0 R15: 00007ffc1fe51988 [ 157.140683][ T7522] [ 157.470748][ C0] vkms_vblank_simulate: vblank timer overrun [ 157.503472][ T9] usb 3-1: USB disconnect, device number 27 [ 157.885853][ T5928] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 158.067578][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.105808][ T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 158.115671][ T5928] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 158.135168][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.156966][ T5928] usb 2-1: config 0 descriptor?? [ 158.168880][ T7540] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 158.199495][ T7540] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 158.285920][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 158.321709][ T24] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 158.337628][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.359290][ T24] usb 4-1: Product: syz [ 158.365940][ T24] usb 4-1: Manufacturer: syz [ 158.374807][ T24] usb 4-1: SerialNumber: syz [ 158.388844][ T24] usb 4-1: config 0 descriptor?? [ 158.413266][ T24] gspca_main: se401-2.14.0 probing 047d:5003 [ 158.625894][ T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 158.777376][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.788336][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 158.800111][ T9] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 158.809823][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.813066][ T24] gspca_se401: Frame size: 2304x0 bayer [ 158.818515][ T9] usb 5-1: Product: syz [ 158.828969][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.828985][ T9] usb 5-1: Manufacturer: syz [ 158.834994][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.840124][ T9] usb 5-1: SerialNumber: syz [ 158.849251][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.854000][ T9] usb 5-1: config 0 descriptor?? [ 158.863409][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.866880][ T9] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 158.872881][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.882223][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 158.894058][ T9] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 158.902791][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.902811][ T24] gspca_se401: Frame size: 0x0 1/16th janggu [ 158.915180][ T9] usb 5-1: media controller created [ 158.935689][ T5834] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 158.947724][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 158.999770][ T9] DVB: Unable to find symbol tda10046_attach() [ 159.006462][ T9] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 159.015060][ T9] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 159.029863][ T7532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.040794][ T7532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.054950][ T24] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input22 [ 159.082001][ T24] usb 4-1: USB disconnect, device number 32 [ 159.085738][ T5834] usb 3-1: Using ep0 maxpacket: 16 [ 159.104806][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.141026][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.166054][ T5834] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 159.175219][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.191356][ T5834] usb 3-1: config 0 descriptor?? [ 159.268552][ T9] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 159.285013][ T9] usb 5-1: USB disconnect, device number 28 [ 159.639803][ T5834] corsair 0003:1B1C:1B02.0006: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.2-1/input0 [ 159.826475][ T7555] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.842486][ T5834] corsair 0003:1B1C:1B02.0006: Failed to get K90 initial state (error -71). [ 159.884235][ T5834] usb 3-1: USB disconnect, device number 28 [ 159.896295][ T43] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 160.057003][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 160.075349][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 160.095041][ T43] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 160.105823][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.111274][ T7566] FAULT_INJECTION: forcing a failure. [ 160.111274][ T7566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.117626][ T43] usb 4-1: config 0 descriptor?? [ 160.133677][ T7566] CPU: 0 UID: 0 PID: 7566 Comm: syz.4.455 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 160.133700][ T7566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.133710][ T7566] Call Trace: [ 160.133718][ T7566] [ 160.133725][ T7566] dump_stack_lvl+0x189/0x250 [ 160.133747][ T7566] ? __pfx____ratelimit+0x10/0x10 [ 160.133769][ T7566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.133786][ T7566] ? __pfx__printk+0x10/0x10 [ 160.133805][ T7566] ? __might_fault+0xb0/0x130 [ 160.133926][ T7566] should_fail_ex+0x414/0x560 [ 160.133966][ T7566] _copy_from_user+0x2d/0xb0 [ 160.133985][ T7566] kstrtouint_from_user+0xc4/0x170 [ 160.134007][ T7566] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 160.134042][ T7566] proc_fail_nth_write+0x88/0x240 [ 160.134057][ T7566] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 160.134079][ T7566] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 160.134097][ T7566] vfs_write+0x27e/0xa90 [ 160.134125][ T7566] ? __pfx_vfs_write+0x10/0x10 [ 160.134146][ T7566] ? __fget_files+0x2a/0x420 [ 160.134172][ T7566] ? __fget_files+0x3a0/0x420 [ 160.134191][ T7566] ? __fget_files+0x2a/0x420 [ 160.134220][ T7566] ksys_write+0x145/0x250 [ 160.134238][ T7566] ? __fget_files+0x3a0/0x420 [ 160.134260][ T7566] ? __pfx_ksys_write+0x10/0x10 [ 160.134284][ T7566] ? do_syscall_64+0xbe/0x3b0 [ 160.134311][ T7566] do_syscall_64+0xfa/0x3b0 [ 160.134331][ T7566] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.134346][ T7566] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 160.134362][ T7566] ? clear_bhb_loop+0x60/0xb0 [ 160.134381][ T7566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.134397][ T7566] RIP: 0033:0x7f71db98d3df [ 160.134413][ T7566] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 160.134427][ T7566] RSP: 002b:00007f71dc86c030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 160.134444][ T7566] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71db98d3df [ 160.134456][ T7566] RDX: 0000000000000001 RSI: 00007f71dc86c0a0 RDI: 0000000000000003 [ 160.134467][ T7566] RBP: 00007f71dc86c090 R08: 0000000000000000 R09: 0000000000000000 [ 160.134477][ T7566] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 160.134486][ T7566] R13: 0000000000000000 R14: 00007f71dbbb5fa0 R15: 00007fff53b4efa8 [ 160.134514][ T7566] [ 160.148183][ T43] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 160.335567][ T7568] fuse: Bad value for 'rootmode' [ 160.654291][ T5928] usbhid 2-1:0.0: can't add hid device: -71 [ 160.671471][ T5928] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 160.716708][ T5928] usb 2-1: USB disconnect, device number 29 [ 160.748714][ T43] gspca_vc032x: reg_r err -32 [ 160.753545][ T43] vc032x 4-1:0.0: probe with driver vc032x failed with error -32 [ 161.053041][ T7589] /dev/rnullb0: Can't open blockdev [ 161.131263][ T5928] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 161.145514][ T7594] FAULT_INJECTION: forcing a failure. [ 161.145514][ T7594] name failslab, interval 1, probability 0, space 0, times 0 [ 161.162965][ T7594] CPU: 0 UID: 0 PID: 7594 Comm: syz.1.467 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 161.162990][ T7594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.163001][ T7594] Call Trace: [ 161.163008][ T7594] [ 161.163016][ T7594] dump_stack_lvl+0x189/0x250 [ 161.163040][ T7594] ? __pfx____ratelimit+0x10/0x10 [ 161.163063][ T7594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.163081][ T7594] ? __pfx__printk+0x10/0x10 [ 161.163114][ T7594] should_fail_ex+0x414/0x560 [ 161.163145][ T7594] should_failslab+0xa8/0x100 [ 161.163168][ T7594] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 161.163188][ T7594] ? __alloc_skb+0x112/0x2d0 [ 161.163216][ T7594] __alloc_skb+0x112/0x2d0 [ 161.163243][ T7594] ieee802154_nl_new_reply+0x2e/0x100 [ 161.163271][ T7594] ieee802154_del_iface+0x280/0x5e0 [ 161.163296][ T7594] genl_family_rcv_msg_doit+0x215/0x300 [ 161.163324][ T7594] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 161.163356][ T7594] ? bpf_lsm_capable+0x9/0x20 [ 161.163373][ T7594] ? security_capable+0x7e/0x2e0 [ 161.163397][ T7594] genl_rcv_msg+0x60e/0x790 [ 161.163421][ T7594] ? __pfx_genl_rcv_msg+0x10/0x10 [ 161.163438][ T7594] ? __pfx_ieee802154_del_iface+0x10/0x10 [ 161.163472][ T7594] netlink_rcv_skb+0x208/0x470 [ 161.163495][ T7594] ? __pfx_genl_rcv_msg+0x10/0x10 [ 161.163514][ T7594] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 161.163553][ T7594] ? down_read+0x1ad/0x2e0 [ 161.163585][ T7594] genl_rcv+0x28/0x40 [ 161.163600][ T7594] netlink_unicast+0x75b/0x8d0 [ 161.163633][ T7594] netlink_sendmsg+0x805/0xb30 [ 161.163665][ T7594] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.163691][ T7594] ? aa_sock_msg_perm+0xf1/0x1d0 [ 161.163711][ T7594] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 161.163733][ T7594] ? __pfx_netlink_sendmsg+0x10/0x10 [ 161.163756][ T7594] __sock_sendmsg+0x219/0x270 [ 161.163781][ T7594] ____sys_sendmsg+0x505/0x830 [ 161.163804][ T7594] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.163830][ T7594] ? import_iovec+0x74/0xa0 [ 161.163851][ T7594] ___sys_sendmsg+0x21f/0x2a0 [ 161.163871][ T7594] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.163923][ T7594] ? __fget_files+0x2a/0x420 [ 161.163944][ T7594] ? __fget_files+0x3a0/0x420 [ 161.163976][ T7594] __x64_sys_sendmsg+0x19b/0x260 [ 161.163996][ T7594] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 161.164023][ T7594] ? __pfx_ksys_write+0x10/0x10 [ 161.164040][ T7594] ? rcu_is_watching+0x15/0xb0 [ 161.164062][ T7594] ? do_syscall_64+0xbe/0x3b0 [ 161.164087][ T7594] do_syscall_64+0xfa/0x3b0 [ 161.164106][ T7594] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.164127][ T7594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.164142][ T7594] ? clear_bhb_loop+0x60/0xb0 [ 161.164163][ T7594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.164179][ T7594] RIP: 0033:0x7f843118e929 [ 161.164194][ T7594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.164208][ T7594] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.164227][ T7594] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 161.164239][ T7594] RDX: 0000000004000000 RSI: 0000200000000b00 RDI: 0000000000000004 [ 161.164250][ T7594] RBP: 00007f8431fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 161.164261][ T7594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.164271][ T7594] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 161.164300][ T7594] [ 161.555679][ T5928] usb 3-1: device descriptor read/64, error -71 [ 161.637671][ T7601] FAULT_INJECTION: forcing a failure. [ 161.637671][ T7601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.650849][ T7601] CPU: 0 UID: 0 PID: 7601 Comm: syz.1.471 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 161.650871][ T7601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.650881][ T7601] Call Trace: [ 161.650889][ T7601] [ 161.650896][ T7601] dump_stack_lvl+0x189/0x250 [ 161.650920][ T7601] ? __pfx____ratelimit+0x10/0x10 [ 161.650941][ T7601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.650959][ T7601] ? __pfx__printk+0x10/0x10 [ 161.650975][ T7601] ? __might_fault+0xb0/0x130 [ 161.651004][ T7601] should_fail_ex+0x414/0x560 [ 161.651034][ T7601] _copy_from_user+0x2d/0xb0 [ 161.651049][ T7601] video_usercopy+0xafc/0x14f0 [ 161.651075][ T7601] ? __pfx___video_do_ioctl+0x10/0x10 [ 161.651092][ T7601] ? __pfx_video_usercopy+0x10/0x10 [ 161.651119][ T7601] ? __fget_files+0x2a/0x420 [ 161.651140][ T7601] ? __fget_files+0x2a/0x420 [ 161.651160][ T7601] ? __fget_files+0x3a0/0x420 [ 161.651183][ T7601] v4l2_ioctl+0x18d/0x1e0 [ 161.651203][ T7601] ? __pfx_v4l2_ioctl+0x10/0x10 [ 161.651222][ T7601] __se_sys_ioctl+0xf9/0x170 [ 161.651241][ T7601] do_syscall_64+0xfa/0x3b0 [ 161.651261][ T7601] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.651279][ T7601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.651295][ T7601] ? clear_bhb_loop+0x60/0xb0 [ 161.651316][ T7601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.651331][ T7601] RIP: 0033:0x7f843118e929 [ 161.651347][ T7601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.651359][ T7601] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.651376][ T7601] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 161.651388][ T7601] RDX: 0000200000000080 RSI: 00000000c0285629 RDI: 0000000000000004 [ 161.651398][ T7601] RBP: 00007f8431fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 161.651407][ T7601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.651415][ T7601] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 161.651441][ T7601] [ 161.871059][ T43] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 161.938226][ T5928] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 161.985076][ T7605] IPVS: ip_vs_add_dest(): server weight less than zero [ 161.995502][ T9] IPVS: starting estimator thread 0... [ 162.030090][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.042014][ T43] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 162.053646][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.061866][ T7608] /dev/rnullb0: Can't open blockdev [ 162.066572][ T7609] /dev/rnullb0: Can't open blockdev [ 162.072236][ T43] usb 5-1: config 0 descriptor?? [ 162.077636][ T5928] usb 3-1: device descriptor read/64, error -71 [ 162.096284][ T7606] IPVS: using max 27 ests per chain, 64800 per kthread [ 162.190549][ T5928] usb usb3-port1: attempt power cycle [ 162.340886][ T7615] netlink: 6 bytes leftover after parsing attributes in process `syz.1.477'. [ 162.345875][ T7616] netlink: 6 bytes leftover after parsing attributes in process `syz.1.477'. [ 162.452856][ T7621] trusted_key: encrypted_key: key user:syz not found [ 162.535914][ T5928] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 162.576353][ T5928] usb 3-1: device descriptor read/8, error -71 [ 162.715341][ T24] usb 4-1: USB disconnect, device number 33 [ 162.826357][ T5928] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 162.846521][ T5928] usb 3-1: device descriptor read/8, error -71 [ 162.973100][ T5928] usb usb3-port1: unable to enumerate USB device [ 163.000665][ T5928] IPVS: starting estimator thread 0... [ 163.006569][ T7632] IPVS: ip_vs_add_dest(): server weight less than zero [ 163.011689][ T7635] FAULT_INJECTION: forcing a failure. [ 163.011689][ T7635] name failslab, interval 1, probability 0, space 0, times 0 [ 163.030696][ T7635] CPU: 0 UID: 0 PID: 7635 Comm: syz.1.483 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 163.030722][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.030733][ T7635] Call Trace: [ 163.030740][ T7635] [ 163.030748][ T7635] dump_stack_lvl+0x189/0x250 [ 163.030771][ T7635] ? __pfx____ratelimit+0x10/0x10 [ 163.030792][ T7635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.030810][ T7635] ? __pfx__printk+0x10/0x10 [ 163.030835][ T7635] ? __pfx___might_resched+0x10/0x10 [ 163.030851][ T7635] ? fs_reclaim_acquire+0x7d/0x100 [ 163.030877][ T7635] should_fail_ex+0x414/0x560 [ 163.030906][ T7635] should_failslab+0xa8/0x100 [ 163.030929][ T7635] __kmalloc_cache_noprof+0x70/0x3d0 [ 163.030947][ T7635] ? snd_pcm_oss_change_params_locked+0x172/0x3e40 [ 163.030972][ T7635] snd_pcm_oss_change_params_locked+0x172/0x3e40 [ 163.030999][ T7635] ? __pfx___mutex_trylock_common+0x10/0x10 [ 163.031023][ T7635] ? rcu_is_watching+0x15/0xb0 [ 163.031040][ T7635] ? trace_contention_end+0x39/0x120 [ 163.031058][ T7635] ? __mutex_lock+0x330/0xe80 [ 163.031077][ T7635] ? look_up_lock_class+0x74/0x170 [ 163.031106][ T7635] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 163.031123][ T7635] ? snd_pcm_oss_make_ready+0xc0/0x340 [ 163.031141][ T7635] ? __lock_acquire+0xab9/0xd20 [ 163.031165][ T7635] ? __pfx___mutex_lock+0x10/0x10 [ 163.031202][ T7635] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 163.031229][ T7635] snd_pcm_oss_make_ready+0x11b/0x340 [ 163.031254][ T7635] snd_pcm_oss_set_trigger+0x95/0x740 [ 163.031282][ T7635] snd_pcm_oss_poll+0x659/0x8a0 [ 163.031307][ T7635] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 163.031331][ T7635] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 163.031349][ T7635] p9_conn_create+0x418/0x5b0 [ 163.031375][ T7635] p9_fd_create+0x312/0x3f0 [ 163.031404][ T7635] p9_client_create+0x7fa/0xfe0 [ 163.031430][ T7635] ? __pfx_p9_client_create+0x10/0x10 [ 163.031471][ T7635] ? __raw_spin_lock_init+0x45/0x100 [ 163.031497][ T7635] v9fs_session_init+0x1d7/0x19a0 [ 163.031547][ T7635] ? __pfx_v9fs_session_init+0x10/0x10 [ 163.031581][ T7635] ? __kasan_kmalloc+0x93/0xb0 [ 163.031602][ T7635] ? v9fs_mount+0xb2/0xa50 [ 163.031635][ T7635] v9fs_mount+0xc8/0xa50 [ 163.031655][ T7635] ? __pfx_aa_get_newest_label+0x10/0x10 [ 163.031674][ T7635] ? __pfx_v9fs_mount+0x10/0x10 [ 163.031692][ T7635] ? rcu_is_watching+0x15/0xb0 [ 163.031714][ T7635] legacy_get_tree+0xfd/0x1a0 [ 163.031735][ T7635] ? __pfx_v9fs_mount+0x10/0x10 [ 163.031753][ T7635] vfs_get_tree+0x92/0x2b0 [ 163.031776][ T7635] do_new_mount+0x24a/0xa40 [ 163.031805][ T7635] __se_sys_mount+0x317/0x410 [ 163.031833][ T7635] ? __pfx___se_sys_mount+0x10/0x10 [ 163.031852][ T7635] ? rcu_is_watching+0x15/0xb0 [ 163.031873][ T7635] ? do_syscall_64+0xbe/0x3b0 [ 163.031892][ T7635] ? __x64_sys_mount+0x20/0xc0 [ 163.031915][ T7635] do_syscall_64+0xfa/0x3b0 [ 163.031935][ T7635] ? lockdep_hardirqs_on+0x9c/0x150 [ 163.031954][ T7635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.031970][ T7635] ? clear_bhb_loop+0x60/0xb0 [ 163.031991][ T7635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.032006][ T7635] RIP: 0033:0x7f843118e929 [ 163.032022][ T7635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.032037][ T7635] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 163.032055][ T7635] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 163.032067][ T7635] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 163.032078][ T7635] RBP: 00007f8431fd6090 R08: 0000200000000400 R09: 0000000000000000 [ 163.032090][ T7635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.032098][ T7635] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 163.032127][ T7635] [ 163.115705][ T7634] IPVS: using max 28 ests per chain, 67200 per kthread [ 163.184802][ T9] kernel write not supported for file /dsp1 (pid: 9 comm: kworker/0:0) [ 163.731648][ T7640] /dev/rnullb0: Can't open blockdev [ 163.922984][ T7646] ip6tnl0: entered promiscuous mode [ 163.928493][ T7646] ip6tnl0: entered allmulticast mode [ 163.940597][ T7646] overlay: filesystem on ./bus not supported [ 164.256347][ T5928] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 164.265329][ T1129] Bluetooth: hci4: Frame reassembly failed (-84) [ 164.272443][ T7652] netlink: 'syz.3.491': attribute type 5 has an invalid length. [ 164.425812][ T5928] usb 3-1: Using ep0 maxpacket: 8 [ 164.439520][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 164.450344][ T5928] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 164.461336][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.472257][ T5928] usb 3-1: config 0 descriptor?? [ 164.486316][ T5928] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 164.552119][ T43] usbhid 5-1:0.0: can't add hid device: -71 [ 164.558431][ T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 164.575537][ T43] usb 5-1: USB disconnect, device number 29 [ 164.637822][ T7661] IPVS: ip_vs_add_dest(): server weight less than zero [ 164.645803][ T5913] IPVS: starting estimator thread 0... [ 164.731074][ T7664] can0: slcan on ttyS3. [ 164.736877][ T7662] IPVS: using max 33 ests per chain, 79200 per kthread [ 164.826903][ T7663] can0 (unregistered): slcan off ttyS3. [ 165.049821][ T7679] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.499'. [ 165.076187][ T5913] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 165.100974][ T5928] gspca_vc032x: reg_r err -32 [ 165.109247][ T5928] vc032x 3-1:0.0: probe with driver vc032x failed with error -32 [ 165.246823][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 165.261359][ T5913] usb 2-1: unable to get BOS descriptor or descriptor too short [ 165.270580][ T5913] usb 2-1: config 8 has an invalid interface number: 155 but max is 0 [ 165.286655][ T5913] usb 2-1: config 8 has no interface number 0 [ 165.292910][ T5913] usb 2-1: config 8 interface 155 has no altsetting 0 [ 165.315203][ T5913] usb 2-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=33.57 [ 165.336816][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.344842][ T5913] usb 2-1: Product: syz [ 165.359158][ T5913] usb 2-1: Manufacturer: syz [ 165.370138][ T5913] usb 2-1: SerialNumber: syz [ 165.466379][ T7688] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.500926][ T7688] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.534693][ T7688] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.547102][ T7688] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.553231][ T7688] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 165.562872][ T7688] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 165.573798][ T7688] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.581731][ T7688] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.593206][ T7688] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.604841][ T7688] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.612983][ T7668] netlink: 'syz.1.497': attribute type 27 has an invalid length. [ 165.625271][ T7688] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.659321][ T7688] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.758414][ T7668] ip6tnl0: left promiscuous mode [ 165.783169][ T7668] ip6tnl0: left allmulticast mode [ 165.865293][ T7668] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.874022][ T7668] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.076224][ T925] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 166.183926][ T7668] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.224247][ T7668] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.239558][ T925] usb 5-1: Using ep0 maxpacket: 32 [ 166.240155][ T7668] batadv_slave_1: left promiscuous mode [ 166.251447][ T925] usb 5-1: unable to get BOS descriptor or descriptor too short [ 166.265376][ T925] usb 5-1: config 5 has an invalid interface number: 89 but max is 0 [ 166.274375][ T925] usb 5-1: config 5 has no interface number 0 [ 166.281696][ T925] usb 5-1: config 5 interface 89 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16 [ 166.292998][ T925] usb 5-1: config 5 interface 89 has no altsetting 0 [ 166.307158][ T925] usb 5-1: New USB device found, idVendor=07fa, idProduct=0847, bcdDevice=b9.2f [ 166.317014][ T5841] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 166.360472][ T925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.376320][ T925] usb 5-1: Product: syz [ 166.393686][ T925] usb 5-1: Manufacturer: syz [ 166.406038][ T925] usb 5-1: SerialNumber: syz [ 166.428087][ T7694] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 166.704655][ T925] HFC-S_USB 5-1:5.89: probe with driver HFC-S_USB failed with error -5 [ 166.758258][ T925] usb 5-1: USB disconnect, device number 30 [ 166.823508][ T64] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.847706][ T64] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.860896][ T5913] hub 2-1:8.155: bad descriptor, ignoring hub [ 166.870978][ T64] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.880741][ T5913] hub 2-1:8.155: probe with driver hub failed with error -5 [ 166.899526][ T5913] ftdi_sio 2-1:8.155: FTDI USB Serial Device converter detected [ 166.906075][ T64] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.915516][ T5913] ftdi_sio ttyUSB0: unknown device type: 0x3357 [ 166.944989][ T5882] usb 3-1: USB disconnect, device number 33 [ 166.948823][ T5913] usb 2-1: USB disconnect, device number 30 [ 166.966032][ T43] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 166.979673][ T5913] ftdi_sio 2-1:8.155: device disconnected [ 167.131560][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.148253][ T43] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 167.153565][ T7740] /dev/rnullb0: Can't open blockdev [ 167.161053][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.179653][ T43] usb 4-1: config 0 descriptor?? [ 167.355967][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.597581][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.608270][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.675697][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.686909][ T7758] netlink: 156 bytes leftover after parsing attributes in process `syz.4.509'. [ 167.851281][ T7765] FAULT_INJECTION: forcing a failure. [ 167.851281][ T7765] name failslab, interval 1, probability 0, space 0, times 0 [ 167.864853][ T7765] CPU: 1 UID: 0 PID: 7765 Comm: syz.1.513 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 167.864895][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.864906][ T7765] Call Trace: [ 167.864913][ T7765] [ 167.864920][ T7765] dump_stack_lvl+0x189/0x250 [ 167.864948][ T7765] ? __pfx____ratelimit+0x10/0x10 [ 167.864971][ T7765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.864989][ T7765] ? __pfx__printk+0x10/0x10 [ 167.865005][ T7765] ? __mutex_trylock_common+0x153/0x260 [ 167.865033][ T7765] ? __pfx___mutex_trylock_common+0x10/0x10 [ 167.865061][ T7765] should_fail_ex+0x414/0x560 [ 167.865092][ T7765] should_failslab+0xa8/0x100 [ 167.865114][ T7765] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 167.865134][ T7765] ? __alloc_skb+0x112/0x2d0 [ 167.865154][ T7765] ? hci_sock_sendmsg+0x549/0xef0 [ 167.865183][ T7765] __alloc_skb+0x112/0x2d0 [ 167.865210][ T7765] hci_mgmt_cmd+0x1ca/0xef0 [ 167.865225][ T7765] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 167.865260][ T7765] hci_sock_sendmsg+0x6ca/0xef0 [ 167.865291][ T7765] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 167.865315][ T7765] ? aa_sock_msg_perm+0xf1/0x1d0 [ 167.865336][ T7765] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 167.865358][ T7765] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 167.865383][ T7765] __sock_sendmsg+0x219/0x270 [ 167.865407][ T7765] sock_write_iter+0x258/0x330 [ 167.865429][ T7765] ? __pfx_sock_write_iter+0x10/0x10 [ 167.865460][ T7765] ? bpf_lsm_file_permission+0x9/0x20 [ 167.865475][ T7765] ? security_file_permission+0x75/0x290 [ 167.865508][ T7765] vfs_write+0x54b/0xa90 [ 167.865533][ T7765] ? __pfx_sock_write_iter+0x10/0x10 [ 167.865553][ T7765] ? __pfx_vfs_write+0x10/0x10 [ 167.865588][ T7765] ? __fget_files+0x2a/0x420 [ 167.865616][ T7765] ksys_write+0x145/0x250 [ 167.865637][ T7765] ? __pfx_ksys_write+0x10/0x10 [ 167.865653][ T7765] ? rcu_is_watching+0x15/0xb0 [ 167.865676][ T7765] ? do_syscall_64+0xbe/0x3b0 [ 167.865701][ T7765] do_syscall_64+0xfa/0x3b0 [ 167.865719][ T7765] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.865751][ T7765] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.865771][ T7765] ? clear_bhb_loop+0x60/0xb0 [ 167.865796][ T7765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.865812][ T7765] RIP: 0033:0x7f843118e929 [ 167.865828][ T7765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.865843][ T7765] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.865861][ T7765] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 167.865871][ T7765] RDX: 0000000000000007 RSI: 0000200000000080 RDI: 0000000000000004 [ 167.865886][ T7765] RBP: 00007f8431fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 167.865896][ T7765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.865906][ T7765] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 167.865936][ T7765] [ 168.156730][ T5834] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 168.215745][ T7722] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 168.306347][ T5834] usb 5-1: device descriptor read/64, error -71 [ 168.377230][ T7722] usb 3-1: Using ep0 maxpacket: 8 [ 168.385231][ T7722] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 168.399787][ T7722] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 168.409485][ T7722] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.420931][ T7722] usb 3-1: config 0 descriptor?? [ 168.429866][ T7722] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 168.556271][ T5834] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 168.685947][ T5834] usb 5-1: device descriptor read/64, error -71 [ 168.796771][ T5834] usb usb5-port1: attempt power cycle [ 169.033543][ T7722] gspca_vc032x: reg_r err -32 [ 169.044651][ T7722] vc032x 3-1:0.0: probe with driver vc032x failed with error -32 [ 169.146016][ T5834] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 169.173931][ T5834] usb 5-1: device descriptor read/8, error -71 [ 169.425803][ T5834] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 169.435903][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 169.450181][ T5834] usb 5-1: device descriptor read/8, error -71 [ 169.566111][ T5834] usb usb5-port1: unable to enumerate USB device [ 169.677326][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 169.678975][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 169.697414][ T7722] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 169.729533][ T43] usbhid 4-1:0.0: can't add hid device: -71 [ 169.735568][ T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 169.749060][ T43] usb 4-1: USB disconnect, device number 34 [ 169.765766][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 169.858322][ T7722] usb 2-1: not running at top speed; connect to a high speed hub [ 169.867566][ T7722] usb 2-1: config 8 has an invalid interface number: 170 but max is 0 [ 169.876377][ T7722] usb 2-1: config 8 has no interface number 0 [ 169.882633][ T7722] usb 2-1: config 8 interface 170 has no altsetting 0 [ 169.894156][ T7722] usb 2-1: New USB device found, idVendor=2345, idProduct=a8d9, bcdDevice=33.5c [ 169.904022][ T7722] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.912436][ T7722] usb 2-1: Product: syz [ 169.917096][ T7722] usb 2-1: Manufacturer: syz [ 169.921790][ T7722] usb 2-1: SerialNumber: syz [ 170.154199][ T7722] usb 2-1: USB disconnect, device number 31 [ 170.196147][ T5913] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 170.355708][ T5913] usb 4-1: Using ep0 maxpacket: 32 [ 170.362397][ T5913] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 170.371057][ T5913] usb 4-1: config 0 has no interface number 0 [ 170.377865][ T5913] usb 4-1: config 0 interface 12 altsetting 2 endpoint 0x2 has invalid maxpacket 63744, setting to 1024 [ 170.389315][ T5913] usb 4-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 1024 [ 170.400580][ T5913] usb 4-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 170.410692][ T5913] usb 4-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 170.420646][ T5913] usb 4-1: config 0 interface 12 has no altsetting 0 [ 170.430462][ T5913] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 170.439548][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.447799][ T5913] usb 4-1: Product: syz [ 170.451971][ T5913] usb 4-1: Manufacturer: syz [ 170.456595][ T5913] usb 4-1: SerialNumber: syz [ 170.463098][ T5913] usb 4-1: config 0 descriptor?? [ 170.469616][ T7795] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 170.478493][ T5913] f81534 4-1:0.12: unsupported endpoint max packet size [ 170.623461][ T7797] IPVS: ip_vs_add_dest(): server weight less than zero [ 170.739229][ T5913] usb 3-1: USB disconnect, device number 34 [ 170.924090][ T5882] usb 4-1: USB disconnect, device number 35 [ 171.056757][ T7811] FAULT_INJECTION: forcing a failure. [ 171.056757][ T7811] name failslab, interval 1, probability 0, space 0, times 0 [ 171.074738][ T7811] CPU: 0 UID: 0 PID: 7811 Comm: syz.1.526 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 171.074762][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.074771][ T7811] Call Trace: [ 171.074777][ T7811] [ 171.074785][ T7811] dump_stack_lvl+0x189/0x250 [ 171.074808][ T7811] ? __pfx____ratelimit+0x10/0x10 [ 171.074827][ T7811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.074853][ T7811] ? __pfx__printk+0x10/0x10 [ 171.074880][ T7811] should_fail_ex+0x414/0x560 [ 171.074910][ T7811] should_failslab+0xa8/0x100 [ 171.074931][ T7811] __kmalloc_cache_noprof+0x70/0x3d0 [ 171.074949][ T7811] ? sctp_add_bind_addr+0x8c/0x370 [ 171.074973][ T7811] sctp_add_bind_addr+0x8c/0x370 [ 171.074998][ T7811] sctp_copy_local_addr_list+0x30b/0x4e0 [ 171.075021][ T7811] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 171.075039][ T7811] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 171.075058][ T7811] ? sctp_v6_is_any+0x64/0x80 [ 171.075081][ T7811] ? sctp_copy_one_addr+0x93/0x360 [ 171.075102][ T7811] sctp_bind_addr_copy+0x189/0x3c0 [ 171.075129][ T7811] sctp_connect_new_asoc+0x2e0/0x690 [ 171.075156][ T7811] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 171.075177][ T7811] ? __local_bh_enable_ip+0x12d/0x1c0 [ 171.075201][ T7811] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 171.075216][ T7811] ? security_sctp_bind_connect+0x7e/0x2e0 [ 171.075241][ T7811] sctp_sendmsg+0x155c/0x2810 [ 171.075276][ T7811] ? __pfx_sctp_sendmsg+0x10/0x10 [ 171.075301][ T7811] ? aa_sk_perm+0x81e/0x950 [ 171.075324][ T7811] ? __pfx_aa_sk_perm+0x10/0x10 [ 171.075344][ T7811] ? sock_rps_record_flow+0x19/0x410 [ 171.075365][ T7811] ? inet_sendmsg+0x2f4/0x370 [ 171.075386][ T7811] __sock_sendmsg+0x19c/0x270 [ 171.075409][ T7811] __sys_sendto+0x3bd/0x520 [ 171.075432][ T7811] ? __pfx___sys_sendto+0x10/0x10 [ 171.075450][ T7811] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 171.075484][ T7811] ? __fget_files+0x3a0/0x420 [ 171.075516][ T7811] ? ksys_write+0x22a/0x250 [ 171.075538][ T7811] ? __pfx_ksys_write+0x10/0x10 [ 171.075553][ T7811] ? rcu_is_watching+0x15/0xb0 [ 171.075575][ T7811] __x64_sys_sendto+0xde/0x100 [ 171.075602][ T7811] do_syscall_64+0xfa/0x3b0 [ 171.075619][ T7811] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.075636][ T7811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.075652][ T7811] ? clear_bhb_loop+0x60/0xb0 [ 171.075672][ T7811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.075687][ T7811] RIP: 0033:0x7f843118e929 [ 171.075702][ T7811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.075717][ T7811] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 171.075735][ T7811] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 171.075747][ T7811] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003 [ 171.075758][ T7811] RBP: 00007f8431fd6090 R08: 0000200000000040 R09: 000000000000001c [ 171.075769][ T7811] R10: 00000000040008d0 R11: 0000000000000246 R12: 0000000000000002 [ 171.075779][ T7811] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 171.075809][ T7811] [ 171.405002][ T7813] FAULT_INJECTION: forcing a failure. [ 171.405002][ T7813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.418384][ T7813] CPU: 0 UID: 0 PID: 7813 Comm: syz.4.531 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 171.418409][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.418419][ T7813] Call Trace: [ 171.418426][ T7813] [ 171.418433][ T7813] dump_stack_lvl+0x189/0x250 [ 171.418456][ T7813] ? __pfx____ratelimit+0x10/0x10 [ 171.418478][ T7813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.418496][ T7813] ? __pfx__printk+0x10/0x10 [ 171.418515][ T7813] ? __might_fault+0xb0/0x130 [ 171.418546][ T7813] should_fail_ex+0x414/0x560 [ 171.418576][ T7813] _copy_from_user+0x2d/0xb0 [ 171.418594][ T7813] kstrtouint_from_user+0xc4/0x170 [ 171.418619][ T7813] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 171.418658][ T7813] proc_fail_nth_write+0x88/0x240 [ 171.418676][ T7813] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 171.418697][ T7813] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 171.418715][ T7813] vfs_write+0x27e/0xa90 [ 171.418744][ T7813] ? __pfx_vfs_write+0x10/0x10 [ 171.418765][ T7813] ? __fget_files+0x2a/0x420 [ 171.418798][ T7813] ? __fget_files+0x3a0/0x420 [ 171.418818][ T7813] ? __fget_files+0x2a/0x420 [ 171.418847][ T7813] ksys_write+0x145/0x250 [ 171.418864][ T7813] ? __fget_files+0x2a/0x420 [ 171.418887][ T7813] ? __pfx_ksys_write+0x10/0x10 [ 171.418911][ T7813] ? do_syscall_64+0xbe/0x3b0 [ 171.418936][ T7813] do_syscall_64+0xfa/0x3b0 [ 171.418955][ T7813] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.418974][ T7813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.418990][ T7813] ? clear_bhb_loop+0x60/0xb0 [ 171.419011][ T7813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.419027][ T7813] RIP: 0033:0x7f71db98d3df [ 171.419042][ T7813] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 171.419056][ T7813] RSP: 002b:00007f71dc86c030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 171.419075][ T7813] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71db98d3df [ 171.419086][ T7813] RDX: 0000000000000001 RSI: 00007f71dc86c0a0 RDI: 0000000000000004 [ 171.419096][ T7813] RBP: 00007f71dc86c090 R08: 0000000000000000 R09: 0000000000000000 [ 171.419106][ T7813] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000001 [ 171.419117][ T7813] R13: 0000000000000000 R14: 00007f71dbbb5fa0 R15: 00007fff53b4efa8 [ 171.419146][ T7813] [ 171.665864][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.727138][ T5924] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 171.742722][ T7820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.755964][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.757836][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.782123][ T7820] bond0: (slave rose0): Enslaving as an active interface with an up link [ 171.791409][ T7820] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 171.858229][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.965747][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.976801][ T5924] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 171.989315][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.050977][ T5924] usb 3-1: config 0 descriptor?? [ 172.315818][ T925] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 172.477774][ T925] usb 2-1: Using ep0 maxpacket: 8 [ 172.498010][ T925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.509022][ T925] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 172.546250][ T925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.582732][ T925] usb 2-1: config 0 descriptor?? [ 172.600645][ T925] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 172.801739][ T925] gspca_vc032x: reg_r err -32 [ 172.806632][ T925] vc032x 2-1:0.0: probe with driver vc032x failed with error -32 [ 172.975820][ T5882] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 173.067518][ T7864] IPVS: ip_vs_add_dest(): server weight less than zero [ 173.105695][ T5882] usb 4-1: device descriptor read/64, error -71 [ 173.250416][ T7872] /dev/rnullb0: Can't open blockdev [ 173.358883][ T5882] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 173.521821][ T5882] usb 4-1: device descriptor read/64, error -71 [ 173.641154][ T5882] usb usb4-port1: attempt power cycle [ 173.665832][ T5834] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 173.832227][ T5834] usb 5-1: Using ep0 maxpacket: 32 [ 173.844940][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.856245][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.867705][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 173.881577][ T5834] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 173.890771][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.901201][ T5834] usb 5-1: config 0 descriptor?? [ 173.995775][ T5882] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 174.016387][ T5882] usb 4-1: device descriptor read/8, error -71 [ 174.037421][ T5924] usbhid 3-1:0.0: can't add hid device: -71 [ 174.043478][ T5924] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 174.063732][ T5924] usb 3-1: USB disconnect, device number 35 [ 174.229319][ T7897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.242130][ T7897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.259575][ T5882] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 174.291338][ T5882] usb 4-1: device descriptor read/8, error -71 [ 174.353554][ T5834] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0007/input/input23 [ 174.406784][ T5882] usb usb4-port1: unable to enumerate USB device [ 174.470011][ T5834] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0007/input/input24 [ 174.529039][ T5834] kye 0003:0458:5011.0007: input,hiddev0,hidraw0: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 174.764787][ T5834] usb 5-1: USB disconnect, device number 35 [ 175.070108][ T7722] usb 2-1: USB disconnect, device number 32 [ 175.392427][ T7918] /dev/rnullb0: Can't open blockdev [ 175.495870][ T7722] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 175.608075][ T5913] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 175.668809][ T7722] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 175.678768][ T7722] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 175.689393][ T7722] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 175.705016][ T7722] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 175.714212][ T7722] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.722269][ T7722] usb 2-1: Product: syz [ 175.729314][ T7722] usb 2-1: Manufacturer: syz [ 175.733937][ T7722] usb 2-1: SerialNumber: syz [ 175.782950][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.796208][ T5913] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 175.805309][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.819368][ T5913] usb 5-1: config 0 descriptor?? [ 175.826126][ T7721] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 175.952486][ T7722] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 33 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 175.988103][ T7934] FAULT_INJECTION: forcing a failure. [ 175.988103][ T7934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.002918][ T7934] CPU: 0 UID: 0 PID: 7934 Comm: syz.3.563 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 176.002941][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.002950][ T7934] Call Trace: [ 176.002956][ T7934] [ 176.002963][ T7934] dump_stack_lvl+0x189/0x250 [ 176.002986][ T7934] ? __pfx____ratelimit+0x10/0x10 [ 176.003009][ T7934] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.003026][ T7934] ? __pfx__printk+0x10/0x10 [ 176.003043][ T7934] ? __might_fault+0xb0/0x130 [ 176.003074][ T7934] should_fail_ex+0x414/0x560 [ 176.003118][ T7934] _copy_from_iter+0x1db/0x16f0 [ 176.003152][ T7934] ? __pfx__copy_from_iter+0x10/0x10 [ 176.003171][ T7934] ? kernfs_fop_write_iter+0x158/0x4f0 [ 176.003194][ T7934] ? rcu_is_watching+0x15/0xb0 [ 176.003211][ T7934] ? trace_kmalloc+0x1f/0xd0 [ 176.003228][ T7934] ? kernfs_fop_write_iter+0x158/0x4f0 [ 176.003248][ T7934] kernfs_fop_write_iter+0x19f/0x4f0 [ 176.003285][ T7934] vfs_write+0x54b/0xa90 [ 176.003307][ T7934] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 176.003325][ T7934] ? __pfx_vfs_write+0x10/0x10 [ 176.003354][ T7934] ? __fget_files+0x2a/0x420 [ 176.003382][ T7934] ksys_write+0x145/0x250 [ 176.003403][ T7934] ? __pfx_ksys_write+0x10/0x10 [ 176.003417][ T7934] ? rcu_is_watching+0x15/0xb0 [ 176.003439][ T7934] ? do_syscall_64+0xbe/0x3b0 [ 176.003463][ T7934] do_syscall_64+0xfa/0x3b0 [ 176.003482][ T7934] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.003501][ T7934] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.003517][ T7934] ? clear_bhb_loop+0x60/0xb0 [ 176.003537][ T7934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.003552][ T7934] RIP: 0033:0x7f6eb1d8e929 [ 176.003567][ T7934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.003582][ T7934] RSP: 002b:00007f6eafbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.003599][ T7934] RAX: ffffffffffffffda RBX: 00007f6eb1fb5fa0 RCX: 00007f6eb1d8e929 [ 176.003612][ T7934] RDX: 0000000000000009 RSI: 0000200000000000 RDI: 0000000000000003 [ 176.003622][ T7934] RBP: 00007f6eafbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 176.003633][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.003641][ T7934] R13: 0000000000000000 R14: 00007f6eb1fb5fa0 R15: 00007ffc1fe51988 [ 176.003673][ T7934] [ 176.005899][ T7721] usb 3-1: Using ep0 maxpacket: 8 [ 176.253621][ T7721] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.264028][ T7721] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 176.281517][ T7721] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.292839][ T7721] usb 3-1: config 0 descriptor?? [ 176.302545][ T7721] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 176.511016][ T7721] gspca_vc032x: reg_r err -32 [ 176.519453][ T7721] vc032x 3-1:0.0: probe with driver vc032x failed with error -32 [ 176.808369][ T7721] usb 2-1: USB disconnect, device number 33 [ 176.829255][ T7721] usblp0: removed [ 177.512998][ T7964] deleting an unspecified loop device is not supported. [ 177.918695][ T7974] openvswitch: netlink: Message has 8 unknown bytes. [ 178.192934][ T7980] input: syz0 as /devices/virtual/input/input25 [ 178.376927][ T5913] usbhid 5-1:0.0: can't add hid device: -71 [ 178.384317][ T5913] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 178.419473][ T5913] usb 5-1: USB disconnect, device number 36 [ 178.552559][ T7986] FAULT_INJECTION: forcing a failure. [ 178.552559][ T7986] name failslab, interval 1, probability 0, space 0, times 0 [ 178.580427][ T7986] CPU: 1 UID: 0 PID: 7986 Comm: syz.3.583 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 178.580453][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.580463][ T7986] Call Trace: [ 178.580470][ T7986] [ 178.580478][ T7986] dump_stack_lvl+0x189/0x250 [ 178.580505][ T7986] ? __pfx____ratelimit+0x10/0x10 [ 178.580533][ T7986] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.580551][ T7986] ? __pfx__printk+0x10/0x10 [ 178.580576][ T7986] ? __pfx___might_resched+0x10/0x10 [ 178.580632][ T7986] should_fail_ex+0x414/0x560 [ 178.580732][ T7986] should_failslab+0xa8/0x100 [ 178.580794][ T7986] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 178.580854][ T7986] ? __alloc_skb+0x112/0x2d0 [ 178.580941][ T7986] __alloc_skb+0x112/0x2d0 [ 178.581021][ T7986] netlink_sendmsg+0x5c6/0xb30 [ 178.581120][ T7986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.581166][ T7986] ? aa_sock_msg_perm+0xf1/0x1d0 [ 178.581185][ T7986] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 178.581208][ T7986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.581230][ T7986] __sock_sendmsg+0x219/0x270 [ 178.581251][ T7986] ____sys_sendmsg+0x505/0x830 [ 178.581271][ T7986] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.581294][ T7986] ? import_iovec+0x74/0xa0 [ 178.581313][ T7986] ___sys_sendmsg+0x21f/0x2a0 [ 178.581330][ T7986] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.581378][ T7986] ? __fget_files+0x2a/0x420 [ 178.581399][ T7986] ? __fget_files+0x3a0/0x420 [ 178.581427][ T7986] __x64_sys_sendmsg+0x19b/0x260 [ 178.581445][ T7986] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 178.581469][ T7986] ? __pfx_ksys_write+0x10/0x10 [ 178.581486][ T7986] ? rcu_is_watching+0x15/0xb0 [ 178.581508][ T7986] ? do_syscall_64+0xbe/0x3b0 [ 178.581539][ T7986] do_syscall_64+0xfa/0x3b0 [ 178.581556][ T7986] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.581573][ T7986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.581588][ T7986] ? clear_bhb_loop+0x60/0xb0 [ 178.581606][ T7986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.581620][ T7986] RIP: 0033:0x7f6eb1d8e929 [ 178.581635][ T7986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.581648][ T7986] RSP: 002b:00007f6eafbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.581666][ T7986] RAX: ffffffffffffffda RBX: 00007f6eb1fb5fa0 RCX: 00007f6eb1d8e929 [ 178.581677][ T7986] RDX: 0000000000000044 RSI: 0000200000000080 RDI: 0000000000000004 [ 178.581687][ T7986] RBP: 00007f6eafbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 178.581696][ T7986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.581706][ T7986] R13: 0000000000000000 R14: 00007f6eb1fb5fa0 R15: 00007ffc1fe51988 [ 178.581732][ T7986] [ 178.941658][ T5882] usb 3-1: USB disconnect, device number 36 [ 179.464117][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.589'. [ 179.548416][ T8010] FAULT_INJECTION: forcing a failure. [ 179.548416][ T8010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.582022][ T8010] CPU: 1 UID: 0 PID: 8010 Comm: syz.2.591 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 179.582046][ T8010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.582056][ T8010] Call Trace: [ 179.582063][ T8010] [ 179.582070][ T8010] dump_stack_lvl+0x189/0x250 [ 179.582093][ T8010] ? __pfx____ratelimit+0x10/0x10 [ 179.582113][ T8010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.582131][ T8010] ? __pfx__printk+0x10/0x10 [ 179.582149][ T8010] ? __might_fault+0xb0/0x130 [ 179.582178][ T8010] should_fail_ex+0x414/0x560 [ 179.582206][ T8010] _copy_from_iter+0x1db/0x16f0 [ 179.582233][ T8010] ? rcu_is_watching+0x15/0xb0 [ 179.582251][ T8010] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 179.582271][ T8010] ? __pfx__copy_from_iter+0x10/0x10 [ 179.582295][ T8010] ? __build_skb_around+0x257/0x3e0 [ 179.582321][ T8010] ? netlink_sendmsg+0x642/0xb30 [ 179.582341][ T8010] ? skb_put+0x11b/0x210 [ 179.582367][ T8010] netlink_sendmsg+0x6b2/0xb30 [ 179.582398][ T8010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.582423][ T8010] ? aa_sock_msg_perm+0xf1/0x1d0 [ 179.582444][ T8010] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 179.582472][ T8010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.582494][ T8010] __sock_sendmsg+0x219/0x270 [ 179.582518][ T8010] ____sys_sendmsg+0x505/0x830 [ 179.582539][ T8010] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.582564][ T8010] ? import_iovec+0x74/0xa0 [ 179.582583][ T8010] ___sys_sendmsg+0x21f/0x2a0 [ 179.582602][ T8010] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.582653][ T8010] ? __fget_files+0x2a/0x420 [ 179.582674][ T8010] ? __fget_files+0x3a0/0x420 [ 179.582705][ T8010] __x64_sys_sendmsg+0x19b/0x260 [ 179.582725][ T8010] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 179.582751][ T8010] ? __pfx_ksys_write+0x10/0x10 [ 179.582768][ T8010] ? rcu_is_watching+0x15/0xb0 [ 179.582790][ T8010] ? do_syscall_64+0xbe/0x3b0 [ 179.582815][ T8010] do_syscall_64+0xfa/0x3b0 [ 179.582834][ T8010] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.582853][ T8010] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.582869][ T8010] ? clear_bhb_loop+0x60/0xb0 [ 179.582890][ T8010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.582906][ T8010] RIP: 0033:0x7f1c9e18e929 [ 179.582922][ T8010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.582936][ T8010] RSP: 002b:00007f1c9f085038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.582954][ T8010] RAX: ffffffffffffffda RBX: 00007f1c9e3b5fa0 RCX: 00007f1c9e18e929 [ 179.582965][ T8010] RDX: 0000000020004050 RSI: 0000200000000500 RDI: 0000000000000003 [ 179.582976][ T8010] RBP: 00007f1c9f085090 R08: 0000000000000000 R09: 0000000000000000 [ 179.582986][ T8010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.582996][ T8010] R13: 0000000000000000 R14: 00007f1c9e3b5fa0 R15: 00007ffce0275948 [ 179.583023][ T8010] [ 180.006007][ T5882] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 180.167559][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.178652][ T5882] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 180.187766][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.199134][ T5882] usb 5-1: config 0 descriptor?? [ 180.225810][ T7721] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 180.265696][ T5913] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 180.375764][ T7721] usb 4-1: Using ep0 maxpacket: 32 [ 180.383224][ T7721] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.394284][ T7721] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.404348][ T7721] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 180.419150][ T7721] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 180.428311][ T7721] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.437496][ T5913] usb 3-1: Using ep0 maxpacket: 32 [ 180.446408][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.457754][ T7721] usb 4-1: config 0 descriptor?? [ 180.462909][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.472870][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 180.490837][ T5913] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 180.500006][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.510832][ T5913] usb 3-1: config 0 descriptor?? [ 180.613137][ T5882] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 180.626958][ T5882] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0008/input/input26 [ 180.725690][ T5882] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 180.897775][ T7721] usbhid 4-1:0.0: can't add hid device: -71 [ 180.910298][ T7721] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 180.923192][ T7721] usb 4-1: USB disconnect, device number 40 [ 180.940909][ T5913] usbhid 3-1:0.0: can't add hid device: -71 [ 180.954179][ T5913] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 180.977342][ T5913] usb 3-1: USB disconnect, device number 37 [ 181.128953][ T7721] usb 5-1: USB disconnect, device number 37 [ 181.135884][ T43] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 181.308012][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 181.314579][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.324839][ T43] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 181.334003][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.344021][ T43] usb 2-1: config 0 descriptor?? [ 181.353528][ T43] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 181.562375][ T43] gspca_vc032x: reg_r err -32 [ 181.586071][ T43] vc032x 2-1:0.0: probe with driver vc032x failed with error -32 [ 181.805816][ T5834] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 181.946959][ T8041] /dev/rnullb0: Can't open blockdev [ 181.964458][ T8043] /dev/rnullb0: Can't open blockdev [ 181.974057][ T8041] futex_wake_op: syz.2.602 tries to shift op by -1; fix this program [ 182.024281][ T8047] /dev/sg0: Can't lookup blockdev [ 182.414204][ T8054] FAULT_INJECTION: forcing a failure. [ 182.414204][ T8054] name failslab, interval 1, probability 0, space 0, times 0 [ 182.428425][ T8054] CPU: 1 UID: 0 PID: 8054 Comm: syz.4.607 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 182.428451][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.428461][ T8054] Call Trace: [ 182.428468][ T8054] [ 182.428475][ T8054] dump_stack_lvl+0x189/0x250 [ 182.428499][ T8054] ? __pfx____ratelimit+0x10/0x10 [ 182.428522][ T8054] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.428540][ T8054] ? __pfx__printk+0x10/0x10 [ 182.428555][ T8054] ? __pfx_ipmr_hash_cmp+0x10/0x10 [ 182.428576][ T8054] ? rhltable_lookup+0x6aa/0x780 [ 182.428606][ T8054] should_fail_ex+0x414/0x560 [ 182.428637][ T8054] should_failslab+0xa8/0x100 [ 182.428659][ T8054] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 182.428678][ T8054] ? __alloc_skb+0x112/0x2d0 [ 182.428705][ T8054] __alloc_skb+0x112/0x2d0 [ 182.428732][ T8054] mroute_netlink_event+0xb6/0x190 [ 182.428753][ T8054] ipmr_mfc_add+0x6b6/0x2850 [ 182.428785][ T8054] ? ipmr_mfc_add+0x11b/0x2850 [ 182.428816][ T8054] ? __pfx_ipmr_mfc_add+0x10/0x10 [ 182.428840][ T8054] ? __might_fault+0xb0/0x130 [ 182.428887][ T8054] ip_mroute_setsockopt+0xcf1/0xf60 [ 182.428920][ T8054] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 182.428967][ T8054] do_ip_setsockopt+0xf11/0x2d00 [ 182.428995][ T8054] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 182.429019][ T8054] ? aa_sk_perm+0x81e/0x950 [ 182.429041][ T8054] ? __pfx_aa_sk_perm+0x10/0x10 [ 182.429053][ T8054] ? __lock_acquire+0xab9/0xd20 [ 182.429079][ T8054] ? aa_sock_opt_perm+0xff/0x1b0 [ 182.429101][ T8054] ip_setsockopt+0x66/0x110 [ 182.429119][ T8054] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 182.429142][ T8054] do_sock_setsockopt+0x25a/0x3e0 [ 182.429170][ T8054] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 182.429203][ T8054] ? __fget_files+0x2a/0x420 [ 182.429233][ T8054] __x64_sys_setsockopt+0x18b/0x220 [ 182.429263][ T8054] do_syscall_64+0xfa/0x3b0 [ 182.429283][ T8054] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.429302][ T8054] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.429319][ T8054] ? clear_bhb_loop+0x60/0xb0 [ 182.429339][ T8054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.429355][ T8054] RIP: 0033:0x7f71db98e929 [ 182.429371][ T8054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.429385][ T8054] RSP: 002b:00007f71dc86c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 182.429403][ T8054] RAX: ffffffffffffffda RBX: 00007f71dbbb5fa0 RCX: 00007f71db98e929 [ 182.429416][ T8054] RDX: 00000000000000cc RSI: 0000000000000000 RDI: 0000000000000005 [ 182.429427][ T8054] RBP: 00007f71dc86c090 R08: 000000000000003c R09: 0000000000000000 [ 182.429437][ T8054] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 182.429447][ T8054] R13: 0000000000000000 R14: 00007f71dbbb5fa0 R15: 00007fff53b4efa8 [ 182.429477][ T8054] [ 182.430303][ T8054] /dev/sg0: Can't lookup blockdev [ 182.807780][ T8058] RDS: rds_bind could not find a transport for fe80::3e, load rds_tcp or rds_rdma? [ 182.848056][ T8058] /dev/sg0: Can't lookup blockdev [ 182.940697][ T8062] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 183.039536][ T7721] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 183.185731][ T5882] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 183.229624][ T7721] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.257399][ T7721] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 183.276857][ T7721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.287663][ T7721] usb 5-1: config 0 descriptor?? [ 183.335683][ T5882] usb 3-1: Using ep0 maxpacket: 32 [ 183.348811][ T5882] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 183.365765][ T5882] usb 3-1: config 0 has no interface number 0 [ 183.377658][ T5882] usb 3-1: config 0 interface 12 has no altsetting 0 [ 183.399284][ T5882] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 183.409220][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.422530][ T5882] usb 3-1: Product: syz [ 183.427689][ T5882] usb 3-1: Manufacturer: syz [ 183.432340][ T5882] usb 3-1: SerialNumber: syz [ 183.445036][ T5882] usb 3-1: config 0 descriptor?? [ 183.715312][ T5882] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 183.748884][ T5882] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 183.756243][ T7721] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor [ 183.765185][ T7721] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0009/input/input27 [ 183.784497][ T5882] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 183.800864][ T5882] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 183.851688][ T5882] usb 3-1: USB disconnect, device number 38 [ 183.950162][ T7707] usb 2-1: USB disconnect, device number 34 [ 184.035404][ T7721] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 184.223892][ T7707] usb 5-1: USB disconnect, device number 38 [ 184.294969][ T8070] fido_id[8070]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 184.702393][ T5834] usb 4-1: unable to get BOS descriptor or descriptor too short [ 184.766631][ T5834] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 184.774496][ T5834] usb 4-1: can't read configurations, error -71 [ 184.892835][ T8091] /dev/rnullb0: Can't open blockdev [ 184.925713][ T8095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.616'. [ 184.970151][ T8100] tmpfs: Bad value for 'size' [ 184.980442][ T8101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'. [ 185.198381][ T8107] FAULT_INJECTION: forcing a failure. [ 185.198381][ T8107] name failslab, interval 1, probability 0, space 0, times 0 [ 185.238950][ T8107] CPU: 1 UID: 0 PID: 8107 Comm: syz.4.619 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 185.238976][ T8107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.238986][ T8107] Call Trace: [ 185.238993][ T8107] [ 185.239005][ T8107] dump_stack_lvl+0x189/0x250 [ 185.239034][ T8107] ? __pfx____ratelimit+0x10/0x10 [ 185.239054][ T8107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.239072][ T8107] ? __pfx__printk+0x10/0x10 [ 185.239091][ T8107] ? __pfx___might_resched+0x10/0x10 [ 185.239108][ T8107] ? fs_reclaim_acquire+0x7d/0x100 [ 185.239130][ T8107] should_fail_ex+0x414/0x560 [ 185.239159][ T8107] should_failslab+0xa8/0x100 [ 185.239181][ T8107] kmem_cache_alloc_noprof+0x73/0x3c0 [ 185.239197][ T8107] ? security_file_alloc+0x34/0x330 [ 185.239224][ T8107] security_file_alloc+0x34/0x330 [ 185.239248][ T8107] init_file+0x93/0x2f0 [ 185.239273][ T8107] alloc_empty_file+0x6e/0x1d0 [ 185.239296][ T8107] alloc_file_pseudo+0x13d/0x210 [ 185.239314][ T8107] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 185.239327][ T8107] ? evm_inode_alloc_security+0x40/0xb0 [ 185.239348][ T8107] ? security_inode_alloc+0xd5/0x330 [ 185.239375][ T8107] sock_alloc_file+0xb8/0x2e0 [ 185.239397][ T8107] do_accept+0x34b/0x680 [ 185.239425][ T8107] ? __pfx_do_accept+0x10/0x10 [ 185.239461][ T8107] __sys_accept4+0x11c/0x1c0 [ 185.239486][ T8107] ? __pfx___sys_accept4+0x10/0x10 [ 185.239507][ T8107] ? __pfx_ksys_write+0x10/0x10 [ 185.239523][ T8107] ? rcu_is_watching+0x15/0xb0 [ 185.239547][ T8107] __x64_sys_accept+0x7d/0x90 [ 185.239570][ T8107] do_syscall_64+0xfa/0x3b0 [ 185.239589][ T8107] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.239609][ T8107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.239625][ T8107] ? clear_bhb_loop+0x60/0xb0 [ 185.239645][ T8107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.239660][ T8107] RIP: 0033:0x7f71db98e929 [ 185.239675][ T8107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.239688][ T8107] RSP: 002b:00007f71dc86c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 185.239706][ T8107] RAX: ffffffffffffffda RBX: 00007f71dbbb5fa0 RCX: 00007f71db98e929 [ 185.239718][ T8107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 185.239727][ T8107] RBP: 00007f71dc86c090 R08: 0000000000000000 R09: 0000000000000000 [ 185.239737][ T8107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.239747][ T8107] R13: 0000000000000000 R14: 00007f71dbbb5fa0 R15: 00007fff53b4efa8 [ 185.239772][ T8107] [ 185.693415][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 185.693432][ T30] audit: type=1326 audit(1751609133.077:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8114 comm="syz.4.626" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f71db98e929 code=0x0 [ 185.968494][ T13] tipc: Subscription rejected, illegal request [ 186.015882][ T5834] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 186.191623][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.217972][ T5834] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 186.228008][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.240072][ T5834] usb 4-1: config 0 descriptor?? [ 186.253029][ T8139] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.631'. [ 186.431696][ T8146] input: syz0 as /devices/virtual/input/input28 [ 186.575389][ T8152] /dev/rnullb0: Can't open blockdev [ 186.654972][ T5834] keytouch 0003:0926:3333.000A: fixing up Keytouch IEC report descriptor [ 186.677914][ T43] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 186.690187][ T5834] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000A/input/input29 [ 186.715769][ T7707] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 186.807975][ T5834] keytouch 0003:0926:3333.000A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 186.857184][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 186.870655][ T43] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 186.883112][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.895988][ T7707] usb 3-1: Using ep0 maxpacket: 32 [ 186.898605][ T43] usb 2-1: Product: syz [ 186.898624][ T43] usb 2-1: Manufacturer: syz [ 186.898639][ T43] usb 2-1: SerialNumber: syz [ 186.904752][ T7707] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 186.904781][ T7707] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.904873][ T7707] usb 3-1: Product: syz [ 186.904887][ T7707] usb 3-1: Manufacturer: syz [ 186.904900][ T7707] usb 3-1: SerialNumber: syz [ 186.909744][ T43] r8152-cfgselector 2-1: Unknown version 0x0000 [ 186.909776][ T43] r8152-cfgselector 2-1: config 0 descriptor?? [ 186.910500][ T7707] usb 3-1: config 0 descriptor?? [ 186.940610][ T7707] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 187.258878][ T43] usb 4-1: USB disconnect, device number 42 [ 187.328904][ T5834] r8152-cfgselector 2-1: USB disconnect, device number 35 [ 187.918759][ T12] wlan1: Trigger new scan to find an IBSS to join [ 188.055861][ T43] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 188.208729][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 188.218058][ T43] usb 4-1: config 0 has an invalid interface number: 37 but max is 0 [ 188.224421][ T8168] tipc: Started in network mode [ 188.229008][ T43] usb 4-1: config 0 has no interface number 0 [ 188.231455][ T8168] tipc: Node identity 1627a238d443, cluster identity 4711 [ 188.237753][ T43] usb 4-1: config 0 interface 37 has no altsetting 0 [ 188.240043][ T43] usb 4-1: New USB device found, idVendor=07b8, idProduct=401a, bcdDevice=10.8f [ 188.247197][ T8168] tipc: Enabled bearer , priority 10 [ 188.264696][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.279318][ T43] usb 4-1: Product: syz [ 188.283503][ T43] usb 4-1: Manufacturer: syz [ 188.288928][ T43] usb 4-1: SerialNumber: syz [ 188.299578][ T43] usb 4-1: config 0 descriptor?? [ 188.309595][ T43] rtl8150 4-1:0.37: couldn't find required endpoints [ 188.323841][ T43] rtl8150 4-1:0.37: probe with driver rtl8150 failed with error -5 [ 188.324503][ T8170] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 188.360316][ T8168] tipc: Resetting bearer [ 188.372276][ T8167] tipc: Resetting bearer [ 189.196408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 189.357828][ T925] tipc: Node number set to 3261375032 [ 190.763055][ T8167] tipc: Disabling bearer [ 190.779689][ T7707] gspca_stk1135: reg_w 0x19 err -71 [ 190.786057][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 190.828109][ T7707] gspca_stk1135: Sensor write failed [ 190.833483][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 190.887948][ T2936] wlan1: Trigger new scan to find an IBSS to join [ 190.905170][ T7707] gspca_stk1135: Sensor write failed [ 190.915924][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 190.947680][ T7707] gspca_stk1135: Sensor read failed [ 190.970531][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 190.979861][ T7707] gspca_stk1135: Sensor read failed [ 190.991086][ T7707] gspca_stk1135: Detected sensor type unknown (0x0) [ 191.003737][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 191.030929][ T7707] gspca_stk1135: Sensor read failed [ 191.043272][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 191.185880][ T7721] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 191.348421][ T7721] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.026133][ T7707] gspca_stk1135: Sensor read failed [ 192.031394][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 192.037815][ T7707] gspca_stk1135: Sensor write failed [ 192.043190][ T7707] gspca_stk1135: serial bus timeout: status=0x00 [ 192.049941][ T7707] gspca_stk1135: Sensor write failed [ 192.061131][ T7707] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 192.061919][ T7721] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 192.109675][ T7721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.168210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 192.201875][ T7721] usb 5-1: config 0 descriptor?? [ 192.211486][ T43] usb 4-1: USB disconnect, device number 43 [ 192.211727][ T7707] usb 3-1: USB disconnect, device number 39 [ 192.563486][ T8195] FAULT_INJECTION: forcing a failure. [ 192.563486][ T8195] name failslab, interval 1, probability 0, space 0, times 0 [ 192.580179][ T8195] CPU: 0 UID: 0 PID: 8195 Comm: syz.1.654 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 192.580204][ T8195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.580215][ T8195] Call Trace: [ 192.580222][ T8195] [ 192.580229][ T8195] dump_stack_lvl+0x189/0x250 [ 192.580252][ T8195] ? __pfx____ratelimit+0x10/0x10 [ 192.580274][ T8195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.580292][ T8195] ? __pfx__printk+0x10/0x10 [ 192.580312][ T8195] ? __pfx___might_resched+0x10/0x10 [ 192.580330][ T8195] ? fs_reclaim_acquire+0x7d/0x100 [ 192.580356][ T8195] should_fail_ex+0x414/0x560 [ 192.580386][ T8195] should_failslab+0xa8/0x100 [ 192.580413][ T8195] kmem_cache_alloc_noprof+0x73/0x3c0 [ 192.580430][ T8195] ? __khugepaged_enter+0xae/0x2e0 [ 192.580455][ T8195] __khugepaged_enter+0xae/0x2e0 [ 192.580479][ T8195] mmap_region+0x1c89/0x20c0 [ 192.580514][ T8195] ? __pfx_mmap_region+0x10/0x10 [ 192.580597][ T8195] ? __pfx_aa_get_newest_label+0x10/0x10 [ 192.580633][ T8195] ? bpf_lsm_capable+0x9/0x20 [ 192.580649][ T8195] ? security_capable+0x7e/0x2e0 [ 192.580665][ T8195] ? shmem_mapping+0xd/0x50 [ 192.580685][ T8195] ? memfd_check_seals_mmap+0x165/0x200 [ 192.580705][ T8195] do_mmap+0xc45/0x10d0 [ 192.580735][ T8195] ? __pfx_do_mmap+0x10/0x10 [ 192.580749][ T8195] ? down_write_killable+0x178/0x230 [ 192.580772][ T8195] ? end_current_label_crit_section+0x152/0x180 [ 192.580790][ T8195] ? __pfx_down_write_killable+0x10/0x10 [ 192.580823][ T8195] vm_mmap_pgoff+0x31b/0x4c0 [ 192.580855][ T8195] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 192.580881][ T8195] ? __fget_files+0x2a/0x420 [ 192.580908][ T8195] ? __fget_files+0x3a0/0x420 [ 192.580928][ T8195] ? __fget_files+0x2a/0x420 [ 192.580953][ T8195] ksys_mmap_pgoff+0x51f/0x760 [ 192.580978][ T8195] do_syscall_64+0xfa/0x3b0 [ 192.580998][ T8195] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.581018][ T8195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.581034][ T8195] ? clear_bhb_loop+0x60/0xb0 [ 192.581058][ T8195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.581074][ T8195] RIP: 0033:0x7f843118e929 [ 192.581089][ T8195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.581104][ T8195] RSP: 002b:00007f8431fd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 192.581122][ T8195] RAX: ffffffffffffffda RBX: 00007f84313b5fa0 RCX: 00007f843118e929 [ 192.581134][ T8195] RDX: 00000000027fffff RSI: 0000000000600000 RDI: 0000200000000000 [ 192.581146][ T8195] RBP: 00007f8431fd6090 R08: 0000000000000003 R09: 0000000000000000 [ 192.581155][ T8195] R10: 0000000004002011 R11: 0000000000000246 R12: 0000000000000002 [ 192.581166][ T8195] R13: 0000000000000000 R14: 00007f84313b5fa0 R15: 00007ffdf45157a8 [ 192.581194][ T8195] [ 192.656848][ T7721] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor [ 192.935451][ T7721] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000B/input/input30 [ 193.110754][ T7721] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 193.263735][ T8212] netlink: 168 bytes leftover after parsing attributes in process `syz.2.658'. [ 193.270917][ T7721] usb 5-1: USB disconnect, device number 39 [ 193.339926][ T8213] fido_id[8213]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 193.340238][ T8218] FAULT_INJECTION: forcing a failure. [ 193.340238][ T8218] name failslab, interval 1, probability 0, space 0, times 0 [ 193.374284][ T8218] CPU: 0 UID: 0 PID: 8218 Comm: syz.3.660 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 193.374307][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.374317][ T8218] Call Trace: [ 193.374325][ T8218] [ 193.374341][ T8218] dump_stack_lvl+0x189/0x250 [ 193.374365][ T8218] ? __pfx____ratelimit+0x10/0x10 [ 193.374386][ T8218] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.374404][ T8218] ? __pfx__printk+0x10/0x10 [ 193.374429][ T8218] ? __pfx___might_resched+0x10/0x10 [ 193.374451][ T8218] should_fail_ex+0x414/0x560 [ 193.374481][ T8218] should_failslab+0xa8/0x100 [ 193.374504][ T8218] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 193.374524][ T8218] ? __get_vm_area_node+0x13f/0x300 [ 193.374547][ T8218] __get_vm_area_node+0x13f/0x300 [ 193.374571][ T8218] __vmalloc_node_range_noprof+0x301/0x12f0 [ 193.374591][ T8218] ? snd_dma_alloc_dir_pages+0x120/0x220 [ 193.374614][ T8218] ? __pfx___mutex_trylock_common+0x10/0x10 [ 193.374630][ T8218] ? vfs_write+0x27e/0xa90 [ 193.374674][ T8218] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 193.374694][ T8218] ? __pfx___mutex_lock+0x10/0x10 [ 193.374716][ T8218] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 193.374740][ T8218] ? snd_dma_alloc_dir_pages+0x120/0x220 [ 193.374762][ T8218] vmalloc_noprof+0xb2/0xf0 [ 193.374781][ T8218] ? snd_dma_alloc_dir_pages+0x120/0x220 [ 193.374805][ T8218] snd_dma_alloc_dir_pages+0x120/0x220 [ 193.374830][ T8218] do_alloc_pages+0x11a/0x260 [ 193.374858][ T8218] snd_pcm_lib_malloc_pages+0x303/0x690 [ 193.374890][ T8218] snd_pcm_hw_params+0x793/0x1c90 [ 193.374925][ T8218] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.374952][ T8218] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 193.374994][ T8218] snd_pcm_oss_change_params_locked+0x21cb/0x3e40 [ 193.375053][ T8218] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 193.375071][ T8218] ? snd_pcm_oss_write+0x28f/0x11a0 [ 193.375098][ T8218] ? __lock_acquire+0xab9/0xd20 [ 193.375122][ T8218] ? __pfx_aa_file_perm+0x10/0x10 [ 193.375146][ T8218] snd_pcm_oss_write+0x2fb/0x11a0 [ 193.375163][ T8218] ? get_pid_task+0x20/0x1f0 [ 193.375201][ T8218] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 193.375221][ T8218] ? bpf_lsm_file_permission+0x9/0x20 [ 193.375236][ T8218] ? security_file_permission+0x75/0x290 [ 193.375261][ T8218] ? rw_verify_area+0x258/0x650 [ 193.375279][ T8218] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 193.375298][ T8218] vfs_write+0x27e/0xa90 [ 193.375327][ T8218] ? __pfx_vfs_write+0x10/0x10 [ 193.375354][ T8218] ? __fget_files+0x2a/0x420 [ 193.375379][ T8218] ? __fget_files+0x2a/0x420 [ 193.375399][ T8218] ? __fget_files+0x3a0/0x420 [ 193.375419][ T8218] ? __fget_files+0x2a/0x420 [ 193.375448][ T8218] ksys_write+0x145/0x250 [ 193.375469][ T8218] ? __pfx_ksys_write+0x10/0x10 [ 193.375485][ T8218] ? rcu_is_watching+0x15/0xb0 [ 193.375506][ T8218] ? do_syscall_64+0xbe/0x3b0 [ 193.375531][ T8218] do_syscall_64+0xfa/0x3b0 [ 193.375550][ T8218] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.375569][ T8218] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.375584][ T8218] ? clear_bhb_loop+0x60/0xb0 [ 193.375602][ T8218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.375616][ T8218] RIP: 0033:0x7f6eb1d8e929 [ 193.375629][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.375643][ T8218] RSP: 002b:00007f6eafbd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.375661][ T8218] RAX: ffffffffffffffda RBX: 00007f6eb1fb6080 RCX: 00007f6eb1d8e929 [ 193.375673][ T8218] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000004 [ 193.375684][ T8218] RBP: 00007f6eafbd5090 R08: 0000000000000000 R09: 0000000000000000 [ 193.375693][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 193.375703][ T8218] R13: 0000000000000001 R14: 00007f6eb1fb6080 R15: 00007ffc1fe51988 [ 193.375733][ T8218] [ 193.761238][ T8218] syz.3.660: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 193.776394][ T8218] CPU: 1 UID: 0 PID: 8218 Comm: syz.3.660 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 193.776417][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.776427][ T8218] Call Trace: [ 193.776433][ T8218] [ 193.776440][ T8218] dump_stack_lvl+0x189/0x250 [ 193.776463][ T8218] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 193.776486][ T8218] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.776502][ T8218] ? __pfx__printk+0x10/0x10 [ 193.776520][ T8218] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 193.776536][ T8218] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 193.776562][ T8218] warn_alloc+0x214/0x310 [ 193.776587][ T8218] ? __pfx_warn_alloc+0x10/0x10 [ 193.776606][ T8218] ? __get_vm_area_node+0x13f/0x300 [ 193.776625][ T8218] ? __get_vm_area_node+0x2b5/0x300 [ 193.776646][ T8218] __vmalloc_node_range_noprof+0x326/0x12f0 [ 193.776665][ T8218] ? __pfx___mutex_trylock_common+0x10/0x10 [ 193.776682][ T8218] ? vfs_write+0x27e/0xa90 [ 193.776726][ T8218] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 193.776744][ T8218] ? __pfx___mutex_lock+0x10/0x10 [ 193.776764][ T8218] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 193.776787][ T8218] ? snd_dma_alloc_dir_pages+0x120/0x220 [ 193.776808][ T8218] vmalloc_noprof+0xb2/0xf0 [ 193.776822][ T8218] ? snd_dma_alloc_dir_pages+0x120/0x220 [ 193.776841][ T8218] snd_dma_alloc_dir_pages+0x120/0x220 [ 193.776860][ T8218] do_alloc_pages+0x11a/0x260 [ 193.776880][ T8218] snd_pcm_lib_malloc_pages+0x303/0x690 [ 193.776905][ T8218] snd_pcm_hw_params+0x793/0x1c90 [ 193.776931][ T8218] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.776952][ T8218] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 193.776984][ T8218] snd_pcm_oss_change_params_locked+0x21cb/0x3e40 [ 193.777026][ T8218] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 193.777039][ T8218] ? snd_pcm_oss_write+0x28f/0x11a0 [ 193.777064][ T8218] ? __lock_acquire+0xab9/0xd20 [ 193.777083][ T8218] ? __pfx_aa_file_perm+0x10/0x10 [ 193.777101][ T8218] snd_pcm_oss_write+0x2fb/0x11a0 [ 193.777121][ T8218] ? get_pid_task+0x20/0x1f0 [ 193.777150][ T8218] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 193.777164][ T8218] ? bpf_lsm_file_permission+0x9/0x20 [ 193.777176][ T8218] ? security_file_permission+0x75/0x290 [ 193.777195][ T8218] ? rw_verify_area+0x258/0x650 [ 193.777208][ T8218] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 193.777223][ T8218] vfs_write+0x27e/0xa90 [ 193.777245][ T8218] ? __pfx_vfs_write+0x10/0x10 [ 193.777261][ T8218] ? __fget_files+0x2a/0x420 [ 193.777280][ T8218] ? __fget_files+0x2a/0x420 [ 193.777295][ T8218] ? __fget_files+0x3a0/0x420 [ 193.777309][ T8218] ? __fget_files+0x2a/0x420 [ 193.777332][ T8218] ksys_write+0x145/0x250 [ 193.777353][ T8218] ? __pfx_ksys_write+0x10/0x10 [ 193.777366][ T8218] ? rcu_is_watching+0x15/0xb0 [ 193.777382][ T8218] ? do_syscall_64+0xbe/0x3b0 [ 193.777401][ T8218] do_syscall_64+0xfa/0x3b0 [ 193.777416][ T8218] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.777431][ T8218] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.777443][ T8218] ? clear_bhb_loop+0x60/0xb0 [ 193.777459][ T8218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.777471][ T8218] RIP: 0033:0x7f6eb1d8e929 [ 193.777483][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.777495][ T8218] RSP: 002b:00007f6eafbd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.777510][ T8218] RAX: ffffffffffffffda RBX: 00007f6eb1fb6080 RCX: 00007f6eb1d8e929 [ 193.777519][ T8218] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000004 [ 193.777528][ T8218] RBP: 00007f6eafbd5090 R08: 0000000000000000 R09: 0000000000000000 [ 193.777535][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 193.777543][ T8218] R13: 0000000000000001 R14: 00007f6eb1fb6080 R15: 00007ffc1fe51988 [ 193.777565][ T8218] [ 193.777685][ T8218] Mem-Info: [ 194.213025][ T8218] active_anon:6291 inactive_anon:0 isolated_anon:0 [ 194.213025][ T8218] active_file:12065 inactive_file:53000 isolated_file:0 [ 194.213025][ T8218] unevictable:787 dirty:157 writeback:0 [ 194.213025][ T8218] slab_reclaimable:11095 slab_unreclaimable:96790 [ 194.213025][ T8218] mapped:25168 shmem:1371 pagetables:1422 [ 194.213025][ T8218] sec_pagetables:0 bounce:0 [ 194.213025][ T8218] kernel_misc_reclaimable:0 [ 194.213025][ T8218] free:1313212 free_pcp:15894 free_cma:0 [ 194.308433][ T8218] Node 0 active_anon:25264kB inactive_anon:0kB active_file:48260kB inactive_file:211796kB unevictable:1612kB isolated(anon):0kB isolated(file):0kB mapped:100672kB dirty:624kB writeback:0kB shmem:3948kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12604kB pagetables:5568kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 194.353598][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.367400][ T49] sl0: compressed packet ignored [ 194.388630][ T8218] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:120kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 194.432976][ T8218] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 194.464964][ T8218] lowmem_reserve[]: 0 2496 2498 2498 2498 [ 194.472996][ T8218] Node 0 DMA32 free:1348092kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25220kB inactive_anon:0kB active_file:48260kB inactive_file:210468kB unevictable:1612kB writepending:624kB present:3129332kB managed:2556912kB mlocked:76kB bounce:0kB free_pcp:44656kB local_pcp:20552kB free_cma:0kB [ 194.506084][ T8218] lowmem_reserve[]: 0 0 1 1 1 [ 194.510825][ T8218] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 194.542253][ T8218] lowmem_reserve[]: 0 0 0 0 0 [ 194.550123][ T8218] Node 1 Normal free:3889388kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19968kB local_pcp:10720kB free_cma:0kB [ 194.585897][ T8218] lowmem_reserve[]: 0 0 0 0 0 [ 194.590644][ T8218] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 194.597240][ T5882] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 194.606512][ T8218] Node 0 DMA32: 126*4kB (UM) 506*8kB (UME) 438*16kB (UME) 309*32kB (UM) 269*64kB (UME) 31*128kB (UME) 16*256kB (UM) 10*512kB (UME) 4*1024kB (UM) 3*2048kB (UM) 313*4096kB (ME) = 1344136kB [ 194.632557][ T8218] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 194.644826][ T8218] Node 1 Normal: 201*4kB (UME) 51*8kB (UME) 49*16kB (UME) 77*32kB (UME) 36*64kB (UME) 5*128kB (UM) 2*256kB (M) 5*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3889388kB [ 194.666034][ T8218] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.676719][ T8218] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 194.687203][ T8218] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.696967][ T8218] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 194.706620][ T8218] 68382 total pagecache pages [ 194.711322][ T8218] 0 pages in swap cache [ 194.715478][ T8218] Free swap = 124996kB [ 194.720108][ T8218] Total swap = 124996kB [ 194.724274][ T8218] 2097051 pages RAM [ 194.728413][ T8218] 0 pages HighMem/MovableOnly [ 194.733291][ T8218] 425845 pages reserved [ 194.737693][ T8218] 0 pages cma reserved [ 194.772021][ T5882] usb 2-1: Using ep0 maxpacket: 8 [ 194.793948][ T5882] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 194.814271][ T5882] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 194.827434][ T5882] usb 2-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3 [ 194.836918][ T5882] usb 2-1: Product: syz [ 194.841101][ T5882] usb 2-1: Manufacturer: syz [ 194.848339][ T5882] usb 2-1: SerialNumber: syz [ 194.877156][ T49] wlan1: Trigger new scan to find an IBSS to join [ 194.885566][ T5882] usb 2-1: config 0 descriptor?? [ 194.900207][ T5882] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 195.215504][ T8244] tipc: Started in network mode [ 195.220532][ T8244] tipc: Node identity 8a6c364b8b93, cluster identity 4711 [ 195.228226][ T8244] tipc: Enabled bearer , priority 10 [ 195.300477][ T8226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.313737][ T8246] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 195.331580][ T8244] tipc: Resetting bearer [ 195.343823][ T8243] tipc: Resetting bearer [ 195.366240][ T8226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.795747][ T5882] gspca_zc3xx: reg_w_i err -71 [ 195.842703][ T1129] wlan1: Creating new IBSS network, BSSID 72:5f:25:55:9a:75 [ 196.326539][ T7707] tipc: Node number set to 33502795 [ 196.395721][ T5882] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 196.402146][ T5882] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 196.439023][ T5882] usb 2-1: USB disconnect, device number 36 [ 196.616241][ T7722] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 196.773768][ T7722] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.795186][ T7722] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 196.816259][ T7722] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.836555][ T7722] usb 4-1: config 0 descriptor?? [ 197.109220][ T43] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 197.264617][ T7722] keytouch 0003:0926:3333.000C: fixing up Keytouch IEC report descriptor [ 197.278893][ T7722] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000C/input/input31 [ 197.290844][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 197.304175][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.317563][ T43] usb 2-1: New USB device found, idVendor=05ac, idProduct=027c, bcdDevice= 0.00 [ 197.327359][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.342536][ T43] usb 2-1: config 0 descriptor?? [ 197.439739][ T7722] keytouch 0003:0926:3333.000C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 197.792742][ T43] apple 0003:05AC:027C.000D: hidraw1: USB HID v0.05 Device [HID 05ac:027c] on usb-dummy_hcd.1-1/input0 [ 197.803831][ C1] ================================================================== [ 197.803847][ C1] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 [ 197.803875][ C1] Write of size 8 at addr ffff8880789a2a40 by task kworker/1:1/43 [ 197.803890][ C1] [ 197.803900][ C1] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 197.803919][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.803931][ C1] Workqueue: usb_hub_wq hub_event [ 197.803952][ C1] Call Trace: [ 197.803959][ C1] [ 197.803966][ C1] dump_stack_lvl+0x189/0x250 [ 197.803986][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 197.804005][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.804023][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.804042][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.804055][ C1] ? lock_release+0x4b/0x3e0 [ 197.804089][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 197.804107][ C1] ? __virt_addr_valid+0x4a5/0x5c0 [ 197.804127][ C1] print_report+0xd2/0x2b0 [ 197.804148][ C1] ? flush_tlb_func+0x23d/0x6c0 [ 197.804164][ C1] kasan_report+0x118/0x150 [ 197.804184][ C1] ? flush_tlb_func+0x23d/0x6c0 [ 197.804206][ C1] kasan_check_range+0x2b0/0x2c0 [ 197.804224][ C1] flush_tlb_func+0x23d/0x6c0 [ 197.804246][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.804264][ C1] ? sched_clock_cpu+0x74/0x430 [ 197.804280][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.804295][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.804313][ C1] __flush_smp_call_function_queue+0x370/0xaa0 [ 197.804330][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.804351][ C1] __sysvec_call_function_single+0xa8/0x3d0 [ 197.804370][ C1] sysvec_call_function_single+0x9e/0xc0 [ 197.804388][ C1] [ 197.804393][ C1] [ 197.804399][ C1] asm_sysvec_call_function_single+0x1a/0x20 [ 197.804417][ C1] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 197.804438][ C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 197.804453][ C1] RSP: 0018:ffffc90000b360a0 EFLAGS: 00000283 [ 197.804468][ C1] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: 0000000000100000 [ 197.804479][ C1] RDX: ffffc90016bd0000 RSI: 000000000002b001 RDI: 000000000002b002 [ 197.804489][ C1] RBP: ffffc90000b361f0 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 197.804500][ C1] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000 [ 197.804512][ C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740 [ 197.804533][ C1] ? console_flush_all+0x13a/0xc40 [ 197.804555][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 197.804575][ C1] ? kasan_save_track+0x4f/0x80 [ 197.804593][ C1] ? is_printk_cpu_sync_owner+0x32/0x40 [ 197.804616][ C1] console_unlock+0xc4/0x270 [ 197.804634][ C1] ? __pfx_console_unlock+0x10/0x10 [ 197.804652][ C1] ? is_printk_cpu_sync_owner+0x32/0x40 [ 197.804675][ C1] vprintk_emit+0x5b7/0x7a0 [ 197.804693][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 197.804710][ C1] ? __pfx_snprintf+0x10/0x10 [ 197.804732][ C1] dev_vprintk_emit+0x337/0x3f0 [ 197.804753][ C1] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 197.804778][ C1] dev_printk_emit+0xe0/0x130 [ 197.804797][ C1] ? kernfs_add_one+0xf0/0x520 [ 197.804815][ C1] ? __pfx_dev_printk_emit+0x10/0x10 [ 197.804832][ C1] ? kernfs_add_one+0xf0/0x520 [ 197.804848][ C1] ? __dev_printk+0x131/0x190 [ 197.804865][ C1] _dev_info+0x10a/0x160 [ 197.804882][ C1] ? __pfx__dev_info+0x10/0x10 [ 197.804900][ C1] ? sysfs_create_file_ns+0x128/0x1a0 [ 197.804922][ C1] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 197.804942][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.804957][ C1] ? trace_kmalloc+0x1f/0xd0 [ 197.804977][ C1] hid_connect+0x173e/0x19a0 [ 197.805005][ C1] ? __pfx_hid_connect+0x10/0x10 [ 197.805028][ C1] hid_hw_start+0xa8/0x120 [ 197.805048][ C1] apple_probe+0xf4/0x1000 [ 197.805067][ C1] ? hid_lookup_quirk+0x350/0x5a0 [ 197.805098][ C1] hid_device_probe+0x3a0/0x710 [ 197.805120][ C1] ? driver_sysfs_add+0x1fe/0x210 [ 197.805139][ C1] ? __pfx_hid_device_probe+0x10/0x10 [ 197.805158][ C1] really_probe+0x26a/0x9a0 [ 197.805180][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.805200][ C1] driver_probe_device+0x4f/0x430 [ 197.805221][ C1] __device_attach_driver+0x2ce/0x530 [ 197.805242][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.805266][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.805286][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.805304][ C1] ? __lock_acquire+0xab9/0xd20 [ 197.805327][ C1] __device_attach+0x2b8/0x400 [ 197.805343][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.805359][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.805378][ C1] bus_probe_device+0x185/0x260 [ 197.805399][ C1] device_add+0x7b6/0xb50 [ 197.805417][ C1] hid_add_device+0x398/0x540 [ 197.805437][ C1] usbhid_probe+0xe13/0x12a0 [ 197.805465][ C1] usb_probe_interface+0x637/0xbf0 [ 197.805490][ C1] ? __pfx_usb_probe_interface+0x10/0x10 [ 197.805508][ C1] really_probe+0x26a/0x9a0 [ 197.805528][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.805548][ C1] driver_probe_device+0x4f/0x430 [ 197.805568][ C1] __device_attach_driver+0x2ce/0x530 [ 197.805588][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.805608][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.805627][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.805651][ C1] __device_attach+0x2b8/0x400 [ 197.805668][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.805685][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.805704][ C1] bus_probe_device+0x185/0x260 [ 197.805727][ C1] device_add+0x7b6/0xb50 [ 197.805744][ C1] usb_set_configuration+0x1a87/0x20e0 [ 197.805774][ C1] usb_generic_driver_probe+0x8d/0x150 [ 197.805794][ C1] usb_probe_device+0x1c1/0x390 [ 197.805816][ C1] ? __pfx_usb_probe_device+0x10/0x10 [ 197.805833][ C1] really_probe+0x26a/0x9a0 [ 197.805852][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.805871][ C1] driver_probe_device+0x4f/0x430 [ 197.805890][ C1] __device_attach_driver+0x2ce/0x530 [ 197.805911][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.805934][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.805954][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.805981][ C1] __device_attach+0x2b8/0x400 [ 197.806000][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.806020][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.806040][ C1] bus_probe_device+0x185/0x260 [ 197.806064][ C1] device_add+0x7b6/0xb50 [ 197.806088][ C1] usb_new_device+0xa39/0x16f0 [ 197.806110][ C1] ? __pfx_usb_new_device+0x10/0x10 [ 197.806127][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.806145][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.806167][ C1] hub_event+0x2941/0x4a00 [ 197.806206][ C1] ? __pfx_hub_event+0x10/0x10 [ 197.806224][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.806252][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.806270][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.806293][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.806318][ C1] process_scheduled_works+0xae1/0x17b0 [ 197.806355][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 197.806386][ C1] worker_thread+0x8a0/0xda0 [ 197.806412][ C1] kthread+0x70e/0x8a0 [ 197.806432][ C1] ? __pfx_worker_thread+0x10/0x10 [ 197.806447][ C1] ? __pfx_kthread+0x10/0x10 [ 197.806467][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.806485][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.806504][ C1] ? __pfx_kthread+0x10/0x10 [ 197.806522][ C1] ret_from_fork+0x3fc/0x770 [ 197.806539][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 197.806556][ C1] ? __switch_to_asm+0x39/0x70 [ 197.806575][ C1] ? __switch_to_asm+0x33/0x70 [ 197.806593][ C1] ? __pfx_kthread+0x10/0x10 [ 197.806613][ C1] ret_from_fork_asm+0x1a/0x30 [ 197.806639][ C1] [ 197.806645][ C1] [ 197.806663][ C1] Allocated by task 5830: [ 197.806673][ C1] kasan_save_track+0x3e/0x80 [ 197.806691][ C1] __kasan_slab_alloc+0x6c/0x80 [ 197.806707][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 197.806723][ C1] copy_mm+0xdb/0x4b0 [ 197.806739][ C1] copy_process+0x1706/0x3c00 [ 197.806753][ C1] kernel_clone+0x21e/0x870 [ 197.806769][ C1] __x64_sys_clone+0x18b/0x1e0 [ 197.806786][ C1] do_syscall_64+0xfa/0x3b0 [ 197.806806][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.806821][ C1] [ 197.806825][ C1] Freed by task 8260: [ 197.806834][ C1] kasan_save_track+0x3e/0x80 [ 197.806848][ C1] kasan_save_free_info+0x46/0x50 [ 197.806870][ C1] __kasan_slab_free+0x62/0x70 [ 197.806885][ C1] kmem_cache_free+0x18f/0x400 [ 197.806902][ C1] exit_mm+0x1da/0x2c0 [ 197.806920][ C1] do_exit+0x648/0x2300 [ 197.806937][ C1] do_group_exit+0x21c/0x2d0 [ 197.806954][ C1] get_signal+0x1286/0x1340 [ 197.806975][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 197.806995][ C1] exit_to_user_mode_loop+0x75/0x110 [ 197.807016][ C1] do_syscall_64+0x2bd/0x3b0 [ 197.807036][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.807050][ C1] [ 197.807055][ C1] The buggy address belongs to the object at ffff8880789a2040 [ 197.807055][ C1] which belongs to the cache mm_struct of size 2584 [ 197.807077][ C1] The buggy address is located 2560 bytes inside of [ 197.807077][ C1] freed 2584-byte region [ffff8880789a2040, ffff8880789a2a58) [ 197.807095][ C1] [ 197.807100][ C1] The buggy address belongs to the physical page: [ 197.807109][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x789a0 [ 197.807126][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 197.807139][ C1] memcg:ffff888020eac581 [ 197.807147][ C1] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 197.807163][ C1] page_type: f5(slab) [ 197.807178][ C1] raw: 00fff00000000040 ffff88801a84bb40 ffffea0001ef6e00 dead000000000005 [ 197.807193][ C1] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888020eac581 [ 197.807210][ C1] head: 00fff00000000040 ffff88801a84bb40 ffffea0001ef6e00 dead000000000005 [ 197.807224][ C1] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888020eac581 [ 197.807239][ C1] head: 00fff00000000003 ffffea0001e26801 00000000ffffffff 00000000ffffffff [ 197.807254][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 197.807263][ C1] page dumped because: kasan: bad access detected [ 197.807278][ C1] page_owner tracks the page as allocated [ 197.807285][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5300, tgid 5300 (udevd), ts 34331332527, free_ts 34284732958 [ 197.807314][ C1] post_alloc_hook+0x240/0x2a0 [ 197.807332][ C1] get_page_from_freelist+0x21e4/0x22c0 [ 197.807354][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 197.807374][ C1] alloc_pages_mpol+0x232/0x4a0 [ 197.807392][ C1] allocate_slab+0x8a/0x370 [ 197.807413][ C1] ___slab_alloc+0xbeb/0x1410 [ 197.807431][ C1] kmem_cache_alloc_noprof+0x283/0x3c0 [ 197.807447][ C1] mm_alloc+0x23/0xd0 [ 197.807459][ C1] alloc_bprm+0x378/0x5b0 [ 197.807476][ C1] do_execveat_common+0x1b3/0x6a0 [ 197.807493][ C1] __x64_sys_execve+0x94/0xb0 [ 197.807508][ C1] do_syscall_64+0xfa/0x3b0 [ 197.807526][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.807540][ C1] page last free pid 5202 tgid 5202 stack trace: [ 197.807550][ C1] __free_frozen_pages+0xb80/0xd80 [ 197.807566][ C1] __put_partials+0x156/0x1a0 [ 197.807583][ C1] put_cpu_partial+0x17c/0x250 [ 197.807603][ C1] __slab_free+0x2d5/0x3c0 [ 197.807622][ C1] qlist_free_all+0x97/0x140 [ 197.807637][ C1] kasan_quarantine_reduce+0x148/0x160 [ 197.807652][ C1] __kasan_slab_alloc+0x22/0x80 [ 197.807668][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 197.807684][ C1] getname_flags+0xb8/0x540 [ 197.807705][ C1] do_sys_openat2+0xbc/0x1c0 [ 197.807718][ C1] __x64_sys_openat+0x138/0x170 [ 197.807732][ C1] do_syscall_64+0xfa/0x3b0 [ 197.807750][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.807765][ C1] [ 197.807769][ C1] Memory state around the buggy address: [ 197.807778][ C1] ffff8880789a2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.807791][ C1] ffff8880789a2980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.807803][ C1] >ffff8880789a2a00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 197.807812][ C1] ^ [ 197.807821][ C1] ffff8880789a2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 197.807832][ C1] ffff8880789a2b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.807841][ C1] ================================================================== [ 197.807858][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 197.807871][ C1] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 197.807891][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.807903][ C1] Workqueue: usb_hub_wq hub_event [ 197.807924][ C1] Call Trace: [ 197.807931][ C1] [ 197.807938][ C1] dump_stack_lvl+0x99/0x250 [ 197.807957][ C1] ? __asan_memcpy+0x40/0x70 [ 197.807973][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.807991][ C1] ? __pfx__printk+0x10/0x10 [ 197.808014][ C1] panic+0x2db/0x790 [ 197.808032][ C1] ? __pfx_panic+0x10/0x10 [ 197.808049][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 197.808077][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 197.808096][ C1] ? print_memory_metadata+0x314/0x400 [ 197.808119][ C1] ? flush_tlb_func+0x23d/0x6c0 [ 197.808140][ C1] check_panic_on_warn+0x89/0xb0 [ 197.808162][ C1] ? flush_tlb_func+0x23d/0x6c0 [ 197.808181][ C1] end_report+0x78/0x160 [ 197.808199][ C1] kasan_report+0x129/0x150 [ 197.808219][ C1] ? flush_tlb_func+0x23d/0x6c0 [ 197.808242][ C1] kasan_check_range+0x2b0/0x2c0 [ 197.808262][ C1] flush_tlb_func+0x23d/0x6c0 [ 197.808286][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.808305][ C1] ? sched_clock_cpu+0x74/0x430 [ 197.808321][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.808337][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.808357][ C1] __flush_smp_call_function_queue+0x370/0xaa0 [ 197.808375][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 197.808397][ C1] __sysvec_call_function_single+0xa8/0x3d0 [ 197.808419][ C1] sysvec_call_function_single+0x9e/0xc0 [ 197.808439][ C1] [ 197.808445][ C1] [ 197.808452][ C1] asm_sysvec_call_function_single+0x1a/0x20 [ 197.808470][ C1] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 197.808492][ C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24 [ 197.808507][ C1] RSP: 0018:ffffc90000b360a0 EFLAGS: 00000283 [ 197.808522][ C1] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: 0000000000100000 [ 197.808536][ C1] RDX: ffffc90016bd0000 RSI: 000000000002b001 RDI: 000000000002b002 [ 197.808548][ C1] RBP: ffffc90000b361f0 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 197.808561][ C1] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000 [ 197.808574][ C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740 [ 197.808596][ C1] ? console_flush_all+0x13a/0xc40 [ 197.808617][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 197.808638][ C1] ? kasan_save_track+0x4f/0x80 [ 197.808656][ C1] ? is_printk_cpu_sync_owner+0x32/0x40 [ 197.808679][ C1] console_unlock+0xc4/0x270 [ 197.808697][ C1] ? __pfx_console_unlock+0x10/0x10 [ 197.808716][ C1] ? is_printk_cpu_sync_owner+0x32/0x40 [ 197.808739][ C1] vprintk_emit+0x5b7/0x7a0 [ 197.808758][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 197.808777][ C1] ? __pfx_snprintf+0x10/0x10 [ 197.808799][ C1] dev_vprintk_emit+0x337/0x3f0 [ 197.808820][ C1] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 197.808840][ C1] dev_printk_emit+0xe0/0x130 [ 197.808858][ C1] ? kernfs_add_one+0xf0/0x520 [ 197.808878][ C1] ? __pfx_dev_printk_emit+0x10/0x10 [ 197.808896][ C1] ? kernfs_add_one+0xf0/0x520 [ 197.808913][ C1] ? __dev_printk+0x131/0x190 [ 197.808934][ C1] _dev_info+0x10a/0x160 [ 197.808955][ C1] ? __pfx__dev_info+0x10/0x10 [ 197.808973][ C1] ? sysfs_create_file_ns+0x128/0x1a0 [ 197.808996][ C1] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 197.809018][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.809035][ C1] ? trace_kmalloc+0x1f/0xd0 [ 197.809054][ C1] hid_connect+0x173e/0x19a0 [ 197.809089][ C1] ? __pfx_hid_connect+0x10/0x10 [ 197.809116][ C1] hid_hw_start+0xa8/0x120 [ 197.809137][ C1] apple_probe+0xf4/0x1000 [ 197.809158][ C1] ? hid_lookup_quirk+0x350/0x5a0 [ 197.809184][ C1] hid_device_probe+0x3a0/0x710 [ 197.809207][ C1] ? driver_sysfs_add+0x1fe/0x210 [ 197.809227][ C1] ? __pfx_hid_device_probe+0x10/0x10 [ 197.809246][ C1] really_probe+0x26a/0x9a0 [ 197.809269][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.809290][ C1] driver_probe_device+0x4f/0x430 [ 197.809311][ C1] __device_attach_driver+0x2ce/0x530 [ 197.809334][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.809357][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.809378][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.809399][ C1] ? __lock_acquire+0xab9/0xd20 [ 197.809427][ C1] __device_attach+0x2b8/0x400 [ 197.809446][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.809466][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.809488][ C1] bus_probe_device+0x185/0x260 [ 197.809513][ C1] device_add+0x7b6/0xb50 [ 197.809532][ C1] hid_add_device+0x398/0x540 [ 197.809555][ C1] usbhid_probe+0xe13/0x12a0 [ 197.809584][ C1] usb_probe_interface+0x637/0xbf0 [ 197.809610][ C1] ? __pfx_usb_probe_interface+0x10/0x10 [ 197.809630][ C1] really_probe+0x26a/0x9a0 [ 197.809653][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.809674][ C1] driver_probe_device+0x4f/0x430 [ 197.809695][ C1] __device_attach_driver+0x2ce/0x530 [ 197.809717][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.809742][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.809760][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.809785][ C1] __device_attach+0x2b8/0x400 [ 197.809804][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.809823][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.809843][ C1] bus_probe_device+0x185/0x260 [ 197.809867][ C1] device_add+0x7b6/0xb50 [ 197.809885][ C1] usb_set_configuration+0x1a87/0x20e0 [ 197.809916][ C1] usb_generic_driver_probe+0x8d/0x150 [ 197.809937][ C1] usb_probe_device+0x1c1/0x390 [ 197.809958][ C1] ? __pfx_usb_probe_device+0x10/0x10 [ 197.809975][ C1] really_probe+0x26a/0x9a0 [ 197.809994][ C1] __driver_probe_device+0x18c/0x2f0 [ 197.810013][ C1] driver_probe_device+0x4f/0x430 [ 197.810033][ C1] __device_attach_driver+0x2ce/0x530 [ 197.810053][ C1] bus_for_each_drv+0x251/0x2e0 [ 197.810081][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 197.810100][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 197.810126][ C1] __device_attach+0x2b8/0x400 [ 197.810145][ C1] ? __pfx___device_attach+0x10/0x10 [ 197.810166][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 197.810187][ C1] bus_probe_device+0x185/0x260 [ 197.810210][ C1] device_add+0x7b6/0xb50 [ 197.810229][ C1] usb_new_device+0xa39/0x16f0 [ 197.810249][ C1] ? __pfx_usb_new_device+0x10/0x10 [ 197.810265][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.810283][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.810302][ C1] hub_event+0x2941/0x4a00 [ 197.810339][ C1] ? __pfx_hub_event+0x10/0x10 [ 197.810358][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.810384][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.810399][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.810424][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 197.810448][ C1] process_scheduled_works+0xae1/0x17b0 [ 197.810485][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 197.810516][ C1] worker_thread+0x8a0/0xda0 [ 197.810543][ C1] kthread+0x70e/0x8a0 [ 197.810563][ C1] ? __pfx_worker_thread+0x10/0x10 [ 197.810578][ C1] ? __pfx_kthread+0x10/0x10 [ 197.810598][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.810616][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.810636][ C1] ? __pfx_kthread+0x10/0x10 [ 197.810653][ C1] ret_from_fork+0x3fc/0x770 [ 197.810670][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 197.810688][ C1] ? __switch_to_asm+0x39/0x70 [ 197.810707][ C1] ? __switch_to_asm+0x33/0x70 [ 197.810726][ C1] ? __pfx_kthread+0x10/0x10 [ 197.810745][ C1] ret_from_fork_asm+0x1a/0x30 [ 197.810772][ C1] [ 197.811045][ C1] Kernel Offset: disabled