last executing test programs: 4.837794907s ago: executing program 2 (id=1132): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x48}}, 0x0) 4.665689453s ago: executing program 2 (id=1135): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f2f5f000b090000000000000092039ef12d19"], 0x0}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000002ec0)={0x980000000000000, 0x2000, 0x7, 0x8, 0x20}) r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000200)={0x1000, 0x1, 0x2}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r6 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r6, 0xc0285628, &(0x7f00000001c0)={0x3, 0x1, 0x0, '\x00', 0x0}) setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) r7 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/93, 0x5d}, {&(0x7f0000000ec0)=""/4060, 0xfdc}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000bc0)=""/262, 0x106}, {&(0x7f00000002c0)=""/208, 0xd0}, {&(0x7f0000000700)=""/153, 0x99}, {&(0x7f0000000000)=""/38, 0x26}], 0x7}, 0x2000) recvmsg$kcm(r7, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) shutdown(r5, 0x1) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r8, &(0x7f0000000000), 0xffffff6a) sendfile(r5, r8, 0x0, 0xffffffff004) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000002c0)={0x2, @win={{0x0, 0x8001}, 0x0, 0x0, 0x0, 0x0, 0x0}}) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) r9 = creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r9, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r9, {0x4}}, './file0\x00'}) 4.411342961s ago: executing program 3 (id=1138): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x7f, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r3 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_wakeup_irq', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r6) sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x58, r7, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0x5555555555550001}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x2}, 0x300048c0) close(r5) recvmmsg$unix(r4, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0xd2fc64283d314c74, 0x0) recvmmsg(r4, &(0x7f00000066c0)=[{{&(0x7f0000000100)=@caif, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/174, 0xae}, {&(0x7f0000000400)=""/237, 0xed}, {&(0x7f0000000240)=""/94, 0x5e}, {&(0x7f0000000c80)=""/4096, 0x1000}], 0x4, &(0x7f0000000380)=""/55, 0x37}}, {{&(0x7f0000000500)=@caif, 0x80, &(0x7f0000000680)=[{&(0x7f0000000580)=""/197, 0xc5}, {&(0x7f0000000740)=""/191, 0xbf}, {&(0x7f0000000800)=""/170, 0xaa}], 0x3, &(0x7f0000001c80)=""/4096, 0x1000}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000008c0)=""/121, 0x79}, {&(0x7f0000000940)=""/148, 0x94}, {&(0x7f00000006c0)=""/39, 0x27}, {&(0x7f0000000a00)=""/71, 0x47}, {&(0x7f0000000a80)=""/173, 0xad}], 0x5, &(0x7f0000002c80)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f00000052c0)=[{&(0x7f0000003c80)=""/163, 0xa3}, {&(0x7f0000003d40)=""/185, 0xb9}, {&(0x7f0000003e00)}, {&(0x7f0000003e40)=""/4096, 0x1000}, {&(0x7f00000069c0)=""/232, 0xe8}, {&(0x7f0000004f40)=""/13, 0xd}, {&(0x7f0000004f80)=""/226, 0xe2}, {&(0x7f0000005080)=""/226, 0xe2}, {&(0x7f0000005180)=""/193, 0xc1}, {&(0x7f0000005280)=""/22, 0x16}], 0xa, &(0x7f0000005380)=""/160, 0xa0}, 0x7ff}, {{&(0x7f0000005440), 0x80, &(0x7f0000005a80)=[{&(0x7f00000054c0)=""/167, 0xa7}, {&(0x7f0000005580)=""/68, 0x44}, {&(0x7f0000005600)=""/94, 0x5e}, {&(0x7f0000005680)=""/77, 0x4d}, {&(0x7f0000005700)=""/36, 0x24}, {&(0x7f0000005740)=""/208, 0xd0}, {&(0x7f0000005840)=""/136, 0x88}, {&(0x7f0000005900)=""/213, 0xfffffff5}, {&(0x7f0000005a00)=""/70, 0x46}], 0x9, &(0x7f0000005b40)}, 0xe}, {{&(0x7f0000005b80)=@rc, 0x80, &(0x7f00000061c0)=[{&(0x7f0000005c00)=""/30, 0x1e}, {&(0x7f0000004e40)=""/73, 0x40}, {&(0x7f0000005c80)=""/162, 0xa2}, {&(0x7f0000005d40)=""/116, 0x74}, {&(0x7f0000005dc0)=""/19, 0x13}, {&(0x7f0000005e00)=""/80, 0x50}, {&(0x7f0000005e80)=""/251, 0xfb}, {&(0x7f0000005f80)=""/215, 0xd7}, {&(0x7f0000006080)=""/209, 0xd1}, {&(0x7f0000006180)=""/54, 0x36}], 0xa, &(0x7f0000006280)=""/30, 0x20}, 0x1}, {{&(0x7f00000062c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0xb, &(0x7f0000006580)=[{&(0x7f0000006340)=""/188, 0xbc}, {&(0x7f0000006400)=""/185, 0xb9}, {&(0x7f00000068c0)=""/200, 0xc8}], 0x3, &(0x7f00000065c0)=""/195, 0xc3}, 0xc}], 0x7, 0x80000040, &(0x7f0000006880)={0x0, 0x989680}) close_range(r3, 0xffffffffffffffff, 0x2) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) connect$unix(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = socket(0x10, 0x803, 0x0) sendto(r8, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f0000000c40)=[{{0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=""/23, 0x17}, 0x80009}], 0x16c, 0x10002, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4207, r9) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5543, 0x42, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x20, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x7, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x6, 0x80}}}}}]}}]}}, 0x0) syz_usb_control_io(r10, 0x0, 0x0) syz_usb_control_io$hid(r10, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000003e00)=ANY=[@ANYBLOB="f2ef70f7fe2123c827bb46abddc1da4a73be307b0000000010a3eb33989e"], 0x0}, 0x0) 3.238120093s ago: executing program 1 (id=1140): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r3 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0) ioctl$EVIOCGLED(r3, 0x80284511, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r8}, 0x10) 3.036724797s ago: executing program 1 (id=1141): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x6c}}, 0x0) 2.838668219s ago: executing program 1 (id=1142): r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x2, @random="6ed1aa9df489", 'bond0\x00'}}, 0x1e) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000000bc0)=""/84, 0x54}], 0x1, 0x6, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r4) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x48, r5, 0x1, 0x2, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4085}, 0x4000) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) (async) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) (async) socket$pppoe(0x18, 0x1, 0x0) (async) connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x2, @random="6ed1aa9df489", 'bond0\x00'}}, 0x1e) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') (async) preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000000bc0)=""/84, 0x54}], 0x1, 0x6, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000) (async) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r4) (async) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x48, r5, 0x1, 0x2, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4085}, 0x4000) (async) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) 2.480609475s ago: executing program 1 (id=1145): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000280)={0x0, @pix_mp={0x6, 0x93cf, 0x32315559, 0x4, 0x8, [{0x6, 0x1}, {0x9, 0x5}, {0x8, 0x3}, {0x4, 0x9}, {0x2, 0xb68a}, {0x7fff, 0x7ff}, {0x3, 0x2}, {0x8}], 0x9, 0xff, 0x2, 0x2, 0x3}}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x44, 0x15, r2}) 2.121807321s ago: executing program 1 (id=1148): ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x700, 0x10, 0x3, 0x6, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x62, 0x0, 0x5, 0x29, 0x0, @broadcast, @multicast2}}}}) r0 = socket$packet(0x11, 0x0, 0x300) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x0, {0x7}, {0x2}, @rumble={0x4000}}, {0x0, 0x0, 0x0, {}, {}, @rumble}}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103381, 0x0) write(r3, &(0x7f0000001240)="d642bdbebb4c93d4d0b705f3a90317d359b369155ae11b8c62730d1e963a5237dfdf8789292914ffcd54a807d48391657725cc078e311c2087e0742d38834a572aab5355ac8359c34a172dfa922bd6ded329feaa95bdc2f55a3de03e1c5cc61114a634d03597febc31119639b16915b6bb2538fc05371e41c452418c280be474114d1cc453a28eef0f21223ed71a357cceb3c6a8c425850d2937d1734aa7554ff507bfa54af94a3bc1f1601ffc3ee36d012f087de33e17f56b20c22a321d245cdae53b1cba30f8fd4f4c405dc8c16471a032998fdb00eb21c82b080865d037eb33a3aed32bd13055a3dd40570ae268b7a2d8579e565f070463642fc5084e426f489721858d6d2caa59e48e5050be0fc9ad316d7f95172bd1f585e9c945f4c299f94e1be710c79fc1bda2a45755282fce835eced295dbc96fac49623125eb544078d468495f2a8a858539089f47a639c13c1706a90ce1c2b939a5f71d3fd4552392bf3f026e3b85e9969cc09877137cf9fbcb995334d63eb835adc299fa35a9b471b71c64fd1b128a", 0x188) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x2c0}]}) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x6000, 0x2000, 0x1}) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00'}) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmmsg(r9, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000100)}, 0x8}], 0x1, 0x2062, &(0x7f0000004e40)={0x77359400}) connect$packet(r9, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14) shutdown(r9, 0x1) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="b829f3010025250f000000083ca25555250039000300000008006c00504359267459fb2252c472ac204583645c1da60778cda672ddb5194f800a4b0925268bf10d986c004a8c77611111d8e55c1f8be7e47bfcbd5fa56ffe366057abb763a3017ee8fc410bb8", @ANYRES32=r11, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4048080}, 0x20080) 1.764066113s ago: executing program 1 (id=1150): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0x8}]}}, 0x0}, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x3, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) syz_usb_ep_write(r0, 0x81, 0xf6, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d") 1.650430742s ago: executing program 0 (id=1151): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x1f, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000340)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan4\x00', 0x0}) r6 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x44081) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, r2, 0x10, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}]}, 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x40) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000c80)={0x24, r8, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x0) 1.502160594s ago: executing program 0 (id=1152): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x48}}, 0x0) 1.480335569s ago: executing program 0 (id=1153): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) (fail_nth: 4) 1.002328426s ago: executing program 0 (id=1154): mkdir(&(0x7f0000000e40)='./file0\x00', 0x1) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f0000000640)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x410281, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) 822.254035ms ago: executing program 2 (id=1155): connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(0xffffffffffffffff, 0x8) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x7, 0x3ff, 0x2, 0x6, 0x591b, 0xbd14, 0x5, 0xbef}, &(0x7f0000000100)=0x20) 822.011718ms ago: executing program 0 (id=1156): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)=ANY=[@ANYBLOB="0100008dc3000000000004000280000000000000"], 0x14}], 0x1}, 0x0) 763.373774ms ago: executing program 3 (id=1157): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="e0000000120001"], 0x118}}, 0x4048850) 655.254697ms ago: executing program 0 (id=1158): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d"], 0x4a) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000200)={&(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0xe}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000adf000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000100)=0xd69, 0x7, 0x5) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) userfaultfd(0x80001) 586.15942ms ago: executing program 3 (id=1159): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) 540.127556ms ago: executing program 2 (id=1160): bind$vsock_stream(0xffffffffffffffff, &(0x7f00000001c0)={0x28, 0x0, 0x0, @host}, 0xff17) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x40}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950"], 0x14}}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000740)="6d0b1f4f38bdfad50659e830c28f177bb7f0eca4ece2d735069dc3d8310a66398073fdecd0c184c4fb25e7a64bdca2cc1e7b117a41fb1a7541723762a4d65d1e1f168504f697c631d2ed6fbfe5b0f068bfb66696e1e4d25c26ba42a8afd732c05e65c107070d5a8ecc3857194cf018c8a64e84f8a7cd5d4925ff388508daea30fb05c777f2e08231a3ab1b5264270e8e39599088112639d4ee77f95f0ca2d9666e0274d5d4e4b84ecedacae712f9aebd90cb8c80dca0efaec34260f1b09dde776009e4e4cace7fb4bad3992ad18471f3832240a9692e0093b77c3b9bd38b50cf2cf12f53db9ef1ee54d0e2b2d1d4457a960af88a3e763f07cd60e6f00add62a455566d57c3e25f370450b483a4781b618fac7799927feaa5caf1d0b03b93d48004bcfc40b34a536212edb2805986d06f766ddc", 0x133}], 0x1, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16], 0x4c}}, 0x4000804) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xf0, 0x6003, @fd_index=0x1, 0x6, 0x0, 0x0, 0x0, 0x1, {0x2}}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000206010200000000000000000100000005fa0300000000000900020073797a31"], 0x28}}, 0x0) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007003219002bfd000000000000000000af1e4ccfb7b3cad800000800", [0x0, 0x2000000000001]}}) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 361.602368ms ago: executing program 3 (id=1161): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000000eb03"], 0x14}, 0x1, 0x0, 0x0, 0x2000c015}, 0x40c0000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000034000107000000000000000003"], 0x14}, 0x1, 0x0, 0x0, 0x24044830}, 0xc000) 282.156758ms ago: executing program 2 (id=1162): syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="02c820"], 0x4a) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f00009cc000/0x3000)=nil, &(0x7f0000852000/0x1000)=nil, &(0x7f0000c29000/0x2000)=nil, &(0x7f0000c09000/0x3000)=nil, &(0x7f000080f000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00009a8000/0x2000)=nil, &(0x7f00009b5000/0x1000)=nil, &(0x7f0000d61000/0x3000)=nil, &(0x7f0000965000/0x3000)=nil, &(0x7f0000000080)="475a11e1d6753f758ac04b356b578045420bc66ef674324b5f42b57a", 0x1c}, 0x68) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2982e0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x9, 0xfd, 0xfffffff9}) dup2(r0, r1) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_buf(r2, 0x0, 0x1a, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000240), 0x5, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SIOCRSGCAUSE(r3, 0x89e0, &(0x7f00000001c0)) ioctl$SNDCTL_MIDI_INFO(r5, 0xc074510c, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r4, 0xc0305602, &(0x7f0000000180)={0x0, 0x10}) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x2000000, 0x6011, r3, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305829, &(0x7f0000000100)={0x1100, 0x0, 0x5, 0x10003}) ioctl$KVM_GET_XSAVE2(r3, 0x9000aecf, &(0x7f0000bc2000/0x4000)=nil) 138.605485ms ago: executing program 3 (id=1163): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1c}], 0x1}, 0x0) 133.127967ms ago: executing program 2 (id=1164): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r3 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r3, 0xc00864c0, &(0x7f0000000480)) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 3 (id=1165): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002e000100000000000000000004"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) kernel console output (not intermixed with test programs): get_pid_task+0x20/0x1f0 [ 233.339951][ T8160] ? __pfx_lookup_user_key+0x10/0x10 [ 233.339973][ T8160] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 233.340003][ T8160] ? vfs_write+0x8d8/0xa90 [ 233.340033][ T8160] keyctl_session_to_parent+0x28/0xab0 [ 233.340070][ T8160] __se_sys_keyctl+0x6b6/0x910 [ 233.340101][ T8160] ? __pfx___se_sys_keyctl+0x10/0x10 [ 233.340134][ T8160] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 233.340158][ T8160] ? __fget_files+0x3a0/0x420 [ 233.340193][ T8160] ? fput+0xa0/0xd0 [ 233.340213][ T8160] ? ksys_write+0x22a/0x250 [ 233.340240][ T8160] ? __pfx_ksys_write+0x10/0x10 [ 233.340269][ T8160] ? do_syscall_64+0xbe/0x3b0 [ 233.340292][ T8160] ? __x64_sys_keyctl+0x20/0xc0 [ 233.340323][ T8160] do_syscall_64+0xfa/0x3b0 [ 233.340340][ T8160] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.340369][ T8160] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.340398][ T8160] ? clear_bhb_loop+0x60/0xb0 [ 233.340420][ T8160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.340438][ T8160] RIP: 0033:0x7f914d18e929 [ 233.340454][ T8160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.340470][ T8160] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 233.340488][ T8160] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 233.340502][ T8160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000012 [ 233.340512][ T8160] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 233.340523][ T8160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.340534][ T8160] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 233.340563][ T8160] [ 233.661691][ T10] usb usb3-port1: attempt power cycle [ 233.702394][ T5835] usb 4-1: unable to get BOS descriptor or descriptor too short [ 233.711813][ T5835] usb 4-1: not running at top speed; connect to a high speed hub [ 233.721291][ T5835] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 233.731520][ T5835] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 233.743379][ T5835] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 233.752539][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.760663][ T5835] usb 4-1: Product: syz [ 233.764897][ T5835] usb 4-1: Manufacturer: syz [ 233.769783][ T5835] usb 4-1: SerialNumber: syz [ 233.935730][ T9] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 234.015473][ T10] usb 3-1: new low-speed USB device number 45 using dummy_hcd [ 234.048113][ T10] usb 3-1: device descriptor read/8, error -71 [ 234.089316][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.102021][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 234.121043][ T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 234.131215][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 234.143031][ T9] usb 1-1: SerialNumber: syz [ 234.285959][ T10] usb 3-1: new low-speed USB device number 46 using dummy_hcd [ 234.326726][ T10] usb 3-1: device descriptor read/8, error -71 [ 234.333431][ T5835] usb 4-1: unknown interface protocol 0xfc, assuming v1 [ 234.340774][ T5835] usb 4-1: 0:2 : does not exist [ 234.364238][ T5835] usb 4-1: USB disconnect, device number 48 [ 234.390317][ T8162] : entered promiscuous mode [ 234.408642][ T9] usb 1-1: 0:2 : does not exist [ 234.417452][ T5982] udevd[5982]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.448736][ T9] usb 1-1: USB disconnect, device number 54 [ 234.467342][ T10] usb usb3-port1: unable to enumerate USB device [ 234.502823][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.981132][ T8167] FAULT_INJECTION: forcing a failure. [ 234.981132][ T8167] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.013528][ T8167] CPU: 0 UID: 0 PID: 8167 Comm: syz.3.824 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 235.013557][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.013571][ T8167] Call Trace: [ 235.013580][ T8167] [ 235.013589][ T8167] dump_stack_lvl+0x189/0x250 [ 235.013619][ T8167] ? __pfx____ratelimit+0x10/0x10 [ 235.013654][ T8167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.013679][ T8167] ? __pfx__printk+0x10/0x10 [ 235.013703][ T8167] ? __might_fault+0xb0/0x130 [ 235.013741][ T8167] should_fail_ex+0x414/0x560 [ 235.013774][ T8167] _copy_from_iter+0x1db/0x16f0 [ 235.013812][ T8167] ? rcu_is_watching+0x15/0xb0 [ 235.013838][ T8167] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 235.013876][ T8167] ? __pfx__copy_from_iter+0x10/0x10 [ 235.013910][ T8167] ? __build_skb_around+0x257/0x3e0 [ 235.013940][ T8167] ? netlink_sendmsg+0x642/0xb30 [ 235.013966][ T8167] ? skb_put+0x11b/0x210 [ 235.013996][ T8167] netlink_sendmsg+0x6b2/0xb30 [ 235.014032][ T8167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.014061][ T8167] ? aa_sock_msg_perm+0x94/0x160 [ 235.014086][ T8167] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 235.014118][ T8167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.014146][ T8167] __sock_sendmsg+0x219/0x270 [ 235.014172][ T8167] ____sys_sendmsg+0x505/0x830 [ 235.014206][ T8167] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.014245][ T8167] ? import_iovec+0x74/0xa0 [ 235.014270][ T8167] ___sys_sendmsg+0x21f/0x2a0 [ 235.014302][ T8167] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.014369][ T8167] ? __fget_files+0x2a/0x420 [ 235.014400][ T8167] ? __fget_files+0x3a0/0x420 [ 235.014442][ T8167] __x64_sys_sendmsg+0x19b/0x260 [ 235.014474][ T8167] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 235.014513][ T8167] ? __pfx_ksys_write+0x10/0x10 [ 235.014538][ T8167] ? rcu_is_watching+0x15/0xb0 [ 235.014568][ T8167] ? do_syscall_64+0xbe/0x3b0 [ 235.014595][ T8167] do_syscall_64+0xfa/0x3b0 [ 235.014614][ T8167] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.014647][ T8167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.014668][ T8167] ? clear_bhb_loop+0x60/0xb0 [ 235.014694][ T8167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.014715][ T8167] RIP: 0033:0x7f643098e929 [ 235.014734][ T8167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.014752][ T8167] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.014775][ T8167] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 235.014790][ T8167] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 235.014803][ T8167] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 235.014816][ T8167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.014827][ T8167] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 235.014867][ T8167] [ 235.022039][ T8169] FAULT_INJECTION: forcing a failure. [ 235.022039][ T8169] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 235.323862][ T8169] CPU: 1 UID: 0 PID: 8169 Comm: syz.0.825 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 235.323892][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.323904][ T8169] Call Trace: [ 235.323912][ T8169] [ 235.323921][ T8169] dump_stack_lvl+0x189/0x250 [ 235.323951][ T8169] ? __pfx____ratelimit+0x10/0x10 [ 235.323985][ T8169] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.324009][ T8169] ? __pfx__printk+0x10/0x10 [ 235.324035][ T8169] ? fs_reclaim_acquire+0x7d/0x100 [ 235.324074][ T8169] should_fail_ex+0x414/0x560 [ 235.324106][ T8169] prepare_alloc_pages+0x213/0x610 [ 235.324144][ T8169] __alloc_frozen_pages_noprof+0x123/0x370 [ 235.324180][ T8169] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 235.324230][ T8169] alloc_pages_bulk_noprof+0x560/0x710 [ 235.324262][ T8169] ? rcu_is_watching+0x15/0xb0 [ 235.324287][ T8169] ? trace_kmalloc+0x1f/0xd0 [ 235.324309][ T8169] ? __kmalloc_noprof+0x29b/0x4f0 [ 235.324332][ T8169] ? copy_splice_read+0x143/0x9b0 [ 235.324366][ T8169] copy_splice_read+0x173/0x9b0 [ 235.324408][ T8169] ? __pfx_copy_splice_read+0x10/0x10 [ 235.324435][ T8169] ? look_up_lock_class+0x74/0x170 [ 235.324456][ T8169] ? register_lock_class+0x51/0x320 [ 235.324481][ T8169] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 235.324518][ T8169] ? alloc_pipe_info+0x374/0x4d0 [ 235.324548][ T8169] ? __pfx_filemap_splice_read+0x10/0x10 [ 235.324579][ T8169] splice_direct_to_actor+0x4d0/0xcc0 [ 235.324630][ T8169] ? __pfx_direct_splice_actor+0x10/0x10 [ 235.324660][ T8169] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 235.324690][ T8169] ? __pfx_aa_file_perm+0x10/0x10 [ 235.324722][ T8169] do_splice_direct+0x181/0x270 [ 235.324755][ T8169] ? __pfx_do_splice_direct+0x10/0x10 [ 235.324785][ T8169] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 235.324826][ T8169] ? bpf_lsm_file_permission+0x9/0x20 [ 235.324847][ T8169] ? security_file_permission+0x75/0x290 [ 235.324879][ T8169] ? rw_verify_area+0x258/0x650 [ 235.324909][ T8169] do_sendfile+0x4da/0x7e0 [ 235.324929][ T8169] ? __pfx_vfs_write+0x10/0x10 [ 235.324962][ T8169] ? __pfx_do_sendfile+0x10/0x10 [ 235.324983][ T8169] ? __fget_files+0x3a0/0x420 [ 235.325026][ T8169] __se_sys_sendfile64+0x13e/0x190 [ 235.325062][ T8169] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 235.325092][ T8169] ? rcu_is_watching+0x15/0xb0 [ 235.325121][ T8169] ? do_syscall_64+0xbe/0x3b0 [ 235.325146][ T8169] do_syscall_64+0xfa/0x3b0 [ 235.325164][ T8169] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.325195][ T8169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.325216][ T8169] ? clear_bhb_loop+0x60/0xb0 [ 235.325241][ T8169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.325260][ T8169] RIP: 0033:0x7f914d18e929 [ 235.325279][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.325296][ T8169] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 235.325317][ T8169] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 235.325333][ T8169] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 235.325345][ T8169] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 235.325359][ T8169] R10: 0000000000040008 R11: 0000000000000246 R12: 0000000000000001 [ 235.325372][ T8169] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 235.325404][ T8169] [ 236.284361][ T8196] FAULT_INJECTION: forcing a failure. [ 236.284361][ T8196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.316927][ T8196] CPU: 1 UID: 0 PID: 8196 Comm: syz.0.836 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 236.316957][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.316971][ T8196] Call Trace: [ 236.316980][ T8196] [ 236.316989][ T8196] dump_stack_lvl+0x189/0x250 [ 236.317018][ T8196] ? __pfx____ratelimit+0x10/0x10 [ 236.317050][ T8196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.317074][ T8196] ? __pfx__printk+0x10/0x10 [ 236.317097][ T8196] ? __might_fault+0xb0/0x130 [ 236.317133][ T8196] should_fail_ex+0x414/0x560 [ 236.317168][ T8196] _copy_from_user+0x2d/0xb0 [ 236.317190][ T8196] ___sys_sendmsg+0x158/0x2a0 [ 236.317220][ T8196] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.317294][ T8196] ? __fget_files+0x2a/0x420 [ 236.317322][ T8196] ? __fget_files+0x3a0/0x420 [ 236.317359][ T8196] __x64_sys_sendmsg+0x19b/0x260 [ 236.317388][ T8196] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 236.317423][ T8196] ? __pfx_ksys_write+0x10/0x10 [ 236.317446][ T8196] ? rcu_is_watching+0x15/0xb0 [ 236.317473][ T8196] ? do_syscall_64+0xbe/0x3b0 [ 236.317495][ T8196] do_syscall_64+0xfa/0x3b0 [ 236.317512][ T8196] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.317559][ T8196] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.317579][ T8196] ? clear_bhb_loop+0x60/0xb0 [ 236.317605][ T8196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.317624][ T8196] RIP: 0033:0x7f914d18e929 [ 236.317643][ T8196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.317662][ T8196] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.317684][ T8196] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 236.317700][ T8196] RDX: 00000000000040a0 RSI: 00002000000001c0 RDI: 0000000000000003 [ 236.317721][ T8196] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 236.317734][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.317747][ T8196] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 236.317779][ T8196] [ 236.533460][ C1] vkms_vblank_simulate: vblank timer overrun [ 236.565146][ T8201] FAULT_INJECTION: forcing a failure. [ 236.565146][ T8201] name failslab, interval 1, probability 0, space 0, times 0 [ 236.577919][ T8201] CPU: 1 UID: 0 PID: 8201 Comm: syz.1.837 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 236.577954][ T8201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.577968][ T8201] Call Trace: [ 236.577977][ T8201] [ 236.577986][ T8201] dump_stack_lvl+0x189/0x250 [ 236.578017][ T8201] ? __pfx____ratelimit+0x10/0x10 [ 236.578051][ T8201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.578076][ T8201] ? __pfx__printk+0x10/0x10 [ 236.578107][ T8201] ? __pfx___might_resched+0x10/0x10 [ 236.578136][ T8201] ? fs_reclaim_acquire+0x7d/0x100 [ 236.578172][ T8201] should_fail_ex+0x414/0x560 [ 236.578205][ T8201] should_failslab+0xa8/0x100 [ 236.578235][ T8201] __kmalloc_cache_noprof+0x70/0x3d0 [ 236.578260][ T8201] ? vhost_task_create+0xf6/0x290 [ 236.578292][ T8201] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 236.578314][ T8201] vhost_task_create+0xf6/0x290 [ 236.578342][ T8201] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 236.578365][ T8201] ? __pfx_vhost_task_create+0x10/0x10 [ 236.578403][ T8201] ? __pfx_vhost_task_fn+0x10/0x10 [ 236.578443][ T8201] ? kasan_save_track+0x4f/0x80 [ 236.578464][ T8201] ? kasan_save_track+0x3e/0x80 [ 236.578494][ T8201] kvm_mmu_post_init_vm+0x147/0x2b0 [ 236.578522][ T8201] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 236.578558][ T8201] ? __mutex_trylock_common+0x153/0x260 [ 236.578589][ T8201] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 236.578622][ T8201] ? rcu_is_watching+0x15/0xb0 [ 236.578647][ T8201] ? look_up_lock_class+0x74/0x170 [ 236.578669][ T8201] ? register_lock_class+0x51/0x320 [ 236.578696][ T8201] ? __lock_acquire+0xab9/0xd20 [ 236.578750][ T8201] kvm_vcpu_ioctl+0x95c/0xe90 [ 236.578785][ T8201] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 236.578809][ T8201] ? __lock_acquire+0xab9/0xd20 [ 236.578852][ T8201] ? __fget_files+0x2a/0x420 [ 236.578883][ T8201] ? __fget_files+0x2a/0x420 [ 236.578912][ T8201] ? __fget_files+0x3a0/0x420 [ 236.578950][ T8201] ? __fget_files+0x2a/0x420 [ 236.578985][ T8201] ? bpf_lsm_file_ioctl+0x9/0x20 [ 236.579008][ T8201] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 236.579035][ T8201] __se_sys_ioctl+0xfc/0x170 [ 236.579064][ T8201] do_syscall_64+0xfa/0x3b0 [ 236.579084][ T8201] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.579117][ T8201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.579138][ T8201] ? clear_bhb_loop+0x60/0xb0 [ 236.579164][ T8201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.579185][ T8201] RIP: 0033:0x7fe12af8e929 [ 236.579216][ T8201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.579234][ T8201] RSP: 002b:00007fe12bd1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.579256][ T8201] RAX: ffffffffffffffda RBX: 00007fe12b1b6080 RCX: 00007fe12af8e929 [ 236.579271][ T8201] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 236.579284][ T8201] RBP: 00007fe12bd1e090 R08: 0000000000000000 R09: 0000000000000000 [ 236.579298][ T8201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.579310][ T8201] R13: 0000000000000000 R14: 00007fe12b1b6080 R15: 00007ffd962628f8 [ 236.579343][ T8201] [ 236.894028][ C1] vkms_vblank_simulate: vblank timer overrun [ 237.477174][ T5840] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 237.636014][ T5840] usb 1-1: Using ep0 maxpacket: 32 [ 237.653813][ T5840] usb 1-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 237.663568][ T8227] loop6: detected capacity change from 0 to 524287487 [ 237.664280][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.676349][ T5982] Buffer I/O error on dev loop6, logical block 0, async page read [ 237.683282][ T5840] usb 1-1: Product: syz [ 237.691250][ T5982] Buffer I/O error on dev loop6, logical block 0, async page read [ 237.694372][ T5840] usb 1-1: Manufacturer: syz [ 237.707246][ T5840] usb 1-1: SerialNumber: syz [ 237.714462][ T5982] Buffer I/O error on dev loop6, logical block 0, async page read [ 237.792238][ T5982] Buffer I/O error on dev loop6, logical block 0, async page read [ 237.792241][ T8228] loop6: detected capacity change from 524287487 to 0 [ 237.800360][ T5982] ldm_validate_partition_table(): Disk read failed. [ 237.800394][ T5982] Dev loop6: unable to read RDB block 0 [ 237.800425][ T5982] loop6: unable to read partition table [ 237.800676][ T5982] loop6: partition table beyond EOD, [ 237.808102][ T5835] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 237.835261][ T5982] truncated [ 237.920476][ T5840] usb 1-1: palm_os_4_probe - error -71 getting connection info [ 237.920565][ T5840] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 237.931457][ T5840] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 237.935536][ T8227] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 237.936839][ T5840] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 237.940737][ T5840] usb 1-1: USB disconnect, device number 55 [ 237.944090][ T5840] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 237.950855][ T5840] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 237.952237][ T5840] visor 1-1:1.0: device disconnected [ 237.988870][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.054173][ T5835] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 238.054208][ T5835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.057499][ T5835] usb 2-1: config 0 descriptor?? [ 238.470023][ T5835] keytouch 0003:0926:3333.0015: fixing up Keytouch IEC report descriptor [ 238.501510][ T5835] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0015/input/input18 [ 238.616972][ T5835] keytouch 0003:0926:3333.0015: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 238.987194][ T5934] usb 2-1: USB disconnect, device number 43 [ 239.004108][ T8251] FAULT_INJECTION: forcing a failure. [ 239.004108][ T8251] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.017761][ T8251] CPU: 1 UID: 0 PID: 8251 Comm: syz.2.855 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 239.017788][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.017800][ T8251] Call Trace: [ 239.017808][ T8251] [ 239.017816][ T8251] dump_stack_lvl+0x189/0x250 [ 239.017840][ T8251] ? __pfx____ratelimit+0x10/0x10 [ 239.017868][ T8251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.017888][ T8251] ? __pfx__printk+0x10/0x10 [ 239.017910][ T8251] ? __might_fault+0xb0/0x130 [ 239.017939][ T8251] should_fail_ex+0x414/0x560 [ 239.017965][ T8251] _copy_from_user+0x2d/0xb0 [ 239.017983][ T8251] vcs_write+0x500/0x1260 [ 239.018009][ T8251] ? __pfx_aa_file_perm+0x10/0x10 [ 239.018028][ T8251] ? iovec_from_user+0x87/0x250 [ 239.018051][ T8251] ? __asan_memset+0x22/0x50 [ 239.018073][ T8251] ? __pfx_vcs_write+0x10/0x10 [ 239.018096][ T8251] ? bpf_lsm_file_permission+0x9/0x20 [ 239.018113][ T8251] ? iov_iter_iovec_advance+0x1e0/0x290 [ 239.018146][ T8251] vfs_writev+0x4b6/0x960 [ 239.018165][ T8251] ? __pfx_vcs_write+0x10/0x10 [ 239.018192][ T8251] ? __pfx_vfs_writev+0x10/0x10 [ 239.018221][ T8251] ? __fget_files+0x2a/0x420 [ 239.018250][ T8251] ? __fget_files+0x3a0/0x420 [ 239.018273][ T8251] ? __fget_files+0x2a/0x420 [ 239.018305][ T8251] do_writev+0x14d/0x2d0 [ 239.018324][ T8251] ? __pfx_do_writev+0x10/0x10 [ 239.018338][ T8251] ? rcu_is_watching+0x15/0xb0 [ 239.018361][ T8251] ? do_syscall_64+0xbe/0x3b0 [ 239.018381][ T8251] do_syscall_64+0xfa/0x3b0 [ 239.018397][ T8251] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.018423][ T8251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.018440][ T8251] ? clear_bhb_loop+0x60/0xb0 [ 239.018503][ T8251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.018520][ T8251] RIP: 0033:0x7fa4c158e929 [ 239.018536][ T8251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.018551][ T8251] RSP: 002b:00007fa4c2422038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 239.018570][ T8251] RAX: ffffffffffffffda RBX: 00007fa4c17b5fa0 RCX: 00007fa4c158e929 [ 239.018583][ T8251] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003 [ 239.018594][ T8251] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 239.018605][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.018615][ T8251] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 239.018639][ T8251] [ 239.396367][ T9] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 239.474744][ T8257] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 239.555378][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.595678][ T9] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 239.615564][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.616638][ T8261] FAULT_INJECTION: forcing a failure. [ 239.616638][ T8261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.646378][ T9] usb 4-1: config 0 descriptor?? [ 239.647131][ T8261] CPU: 1 UID: 0 PID: 8261 Comm: syz.2.859 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 239.647165][ T8261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.647180][ T8261] Call Trace: [ 239.647190][ T8261] [ 239.647201][ T8261] dump_stack_lvl+0x189/0x250 [ 239.647235][ T8261] ? __pfx____ratelimit+0x10/0x10 [ 239.647274][ T8261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.647301][ T8261] ? __pfx__printk+0x10/0x10 [ 239.647329][ T8261] ? __might_fault+0xb0/0x130 [ 239.647372][ T8261] should_fail_ex+0x414/0x560 [ 239.647419][ T8261] _copy_from_user+0x2d/0xb0 [ 239.647446][ T8261] kstrtouint_from_user+0xc4/0x170 [ 239.647484][ T8261] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 239.647547][ T8261] proc_fail_nth_write+0x88/0x240 [ 239.647571][ T8261] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 239.647601][ T8261] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 239.647626][ T8261] vfs_write+0x27b/0xa90 [ 239.647668][ T8261] ? __pfx_vfs_write+0x10/0x10 [ 239.647700][ T8261] ? __fget_files+0x2a/0x420 [ 239.647742][ T8261] ? __fget_files+0x3a0/0x420 [ 239.647776][ T8261] ? __fget_files+0x2a/0x420 [ 239.647821][ T8261] ksys_write+0x145/0x250 [ 239.647856][ T8261] ? __pfx_ksys_write+0x10/0x10 [ 239.647884][ T8261] ? rcu_is_watching+0x15/0xb0 [ 239.647918][ T8261] ? do_syscall_64+0xbe/0x3b0 [ 239.647949][ T8261] do_syscall_64+0xfa/0x3b0 [ 239.647971][ T8261] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.648007][ T8261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.648031][ T8261] ? clear_bhb_loop+0x60/0xb0 [ 239.648060][ T8261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.648084][ T8261] RIP: 0033:0x7fa4c158d3df [ 239.648105][ T8261] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 239.648127][ T8261] RSP: 002b:00007fa4c2422030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 239.648151][ T8261] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa4c158d3df [ 239.648168][ T8261] RDX: 0000000000000001 RSI: 00007fa4c24220a0 RDI: 0000000000000005 [ 239.648183][ T8261] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 239.648199][ T8261] R10: 0000000000000850 R11: 0000000000000293 R12: 0000000000000001 [ 239.648212][ T8261] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 239.648249][ T8261] [ 239.853896][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.862'. [ 239.913866][ T8267] FAULT_INJECTION: forcing a failure. [ 239.913866][ T8267] name failslab, interval 1, probability 0, space 0, times 0 [ 239.927398][ T8267] CPU: 1 UID: 0 PID: 8267 Comm: syz.1.861 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 239.927439][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.927453][ T8267] Call Trace: [ 239.927461][ T8267] [ 239.927470][ T8267] dump_stack_lvl+0x189/0x250 [ 239.927500][ T8267] ? __pfx____ratelimit+0x10/0x10 [ 239.927534][ T8267] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.927559][ T8267] ? __pfx__printk+0x10/0x10 [ 239.927590][ T8267] ? ref_tracker_alloc+0x318/0x460 [ 239.927622][ T8267] should_fail_ex+0x414/0x560 [ 239.927653][ T8267] should_failslab+0xa8/0x100 [ 239.927685][ T8267] kmem_cache_alloc_noprof+0x73/0x3c0 [ 239.927709][ T8267] ? skb_clone+0x212/0x3a0 [ 239.927744][ T8267] skb_clone+0x212/0x3a0 [ 239.927777][ T8267] __netlink_deliver_tap+0x404/0x850 [ 239.927818][ T8267] ? netlink_deliver_tap+0x2e/0x1b0 [ 239.927846][ T8267] netlink_deliver_tap+0x19c/0x1b0 [ 239.927874][ T8267] netlink_unicast+0x72f/0x8d0 [ 239.927910][ T8267] netlink_sendmsg+0x805/0xb30 [ 239.927947][ T8267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.927978][ T8267] ? aa_sock_msg_perm+0x94/0x160 [ 239.928003][ T8267] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 239.928035][ T8267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.928063][ T8267] __sock_sendmsg+0x219/0x270 [ 239.928087][ T8267] sock_write_iter+0x258/0x330 [ 239.928122][ T8267] ? __pfx_sock_write_iter+0x10/0x10 [ 239.928167][ T8267] ? __pfx_aa_file_perm+0x10/0x10 [ 239.928199][ T8267] do_iter_readv_writev+0x56e/0x7f0 [ 239.928233][ T8267] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 239.928270][ T8267] ? bpf_lsm_file_permission+0x9/0x20 [ 239.928291][ T8267] ? security_file_permission+0x75/0x290 [ 239.928323][ T8267] ? rw_verify_area+0x258/0x650 [ 239.928354][ T8267] vfs_writev+0x31a/0x960 [ 239.928379][ T8267] ? __lock_acquire+0xab9/0xd20 [ 239.928448][ T8267] ? __pfx_vfs_writev+0x10/0x10 [ 239.928485][ T8267] ? __fget_files+0x2a/0x420 [ 239.928521][ T8267] ? __fget_files+0x3a0/0x420 [ 239.928552][ T8267] ? __fget_files+0x2a/0x420 [ 239.928593][ T8267] do_writev+0x14d/0x2d0 [ 239.928615][ T8267] ? __pfx_do_writev+0x10/0x10 [ 239.928633][ T8267] ? rcu_is_watching+0x15/0xb0 [ 239.928664][ T8267] ? do_syscall_64+0xbe/0x3b0 [ 239.928689][ T8267] do_syscall_64+0xfa/0x3b0 [ 239.928710][ T8267] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.928742][ T8267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.928763][ T8267] ? clear_bhb_loop+0x60/0xb0 [ 239.928789][ T8267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.928809][ T8267] RIP: 0033:0x7fe12af8e929 [ 239.928828][ T8267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.928848][ T8267] RSP: 002b:00007fe12bd3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 239.928870][ T8267] RAX: ffffffffffffffda RBX: 00007fe12b1b5fa0 RCX: 00007fe12af8e929 [ 239.928886][ T8267] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004 [ 239.928900][ T8267] RBP: 00007fe12bd3f090 R08: 0000000000000000 R09: 0000000000000000 [ 239.928914][ T8267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.928927][ T8267] R13: 0000000000000000 R14: 00007fe12b1b5fa0 R15: 00007ffd962628f8 [ 239.928960][ T8267] [ 239.929003][ T8267] netlink: 'syz.1.861': attribute type 4 has an invalid length. [ 240.208298][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.282047][ T9] keytouch 0003:0926:3333.0016: fixing up Keytouch IEC report descriptor [ 240.324552][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0016/input/input19 [ 240.437286][ T8281] qnx4: no qnx4 filesystem (no root dir). [ 240.460686][ T9] keytouch 0003:0926:3333.0016: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 240.473461][ T5918] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 240.672589][ T5918] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 240.709905][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.736230][ T5918] usb 3-1: Product: syz [ 240.746615][ T5918] usb 3-1: Manufacturer: syz [ 240.753492][ T5918] usb 3-1: SerialNumber: syz [ 240.767011][ T5918] usb 3-1: config 0 descriptor?? [ 240.785425][ T5918] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 047 [ 240.801805][ T9] usb 4-1: USB disconnect, device number 49 [ 240.851430][ T8291] loop6: detected capacity change from 0 to 524287487 [ 240.873399][ T8291] Buffer I/O error on dev loop6, logical block 0, async page read [ 240.891413][ T8291] Buffer I/O error on dev loop6, logical block 0, async page read [ 240.929247][ T8293] loop6: detected capacity change from 524287487 to 0 [ 240.929299][ T8291] Buffer I/O error on dev loop6, logical block 0, async page read [ 240.957556][ T8291] ldm_validate_partition_table(): Disk read failed. [ 240.964229][ T8291] Dev loop6: unable to read RDB block 0 [ 240.975222][ T8291] loop6: unable to read partition table [ 240.981685][ T8291] loop6: partition table beyond EOD, truncated [ 240.998338][ T8291] loop_reread_partitions: partition scan of loop6 (™^L‹ ¦øíA;åó§Èb»ö@’†Ö”:B‚w¾<ØÈgønf. -Ó‘†³.ài ëí>^.¾dDd—Â) failed (rc=-5) [ 241.077971][ T8291] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 241.193860][ T5918] (null): failure reading functionality [ 241.224272][ T5918] i2c i2c-2: failure reading functionality [ 241.242208][ T5918] i2c i2c-2: connected i2c-tiny-usb device [ 241.269752][ T8298] netlink: 'syz.1.873': attribute type 4 has an invalid length. [ 241.282318][ T5918] usb 3-1: USB disconnect, device number 47 [ 241.444872][ T8305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.874'. [ 241.568926][ T8310] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.590132][ T8310] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 241.602330][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.609625][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.649494][ T8312] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 241.678427][ T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 241.687897][ T8314] fuse: Bad value for 'user_id' [ 241.693025][ T8314] fuse: Bad value for 'user_id' [ 241.840207][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 241.872806][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.890191][ T9] usb 1-1: Product: syz [ 241.894518][ T9] usb 1-1: Manufacturer: syz [ 241.899561][ T9] usb 1-1: SerialNumber: syz [ 241.923756][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 241.941846][ T5918] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 242.241010][ T5840] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 242.287911][ T9] usb 1-1: USB disconnect, device number 56 [ 242.409790][ T5840] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.438523][ T5840] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 242.465434][ T5840] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.482952][ T5840] usb 3-1: config 0 descriptor?? [ 242.609966][ T8339] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 242.911021][ T5840] keytouch 0003:0926:3333.0017: fixing up Keytouch IEC report descriptor [ 242.947735][ T5840] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0017/input/input20 [ 243.023688][ T8351] FAULT_INJECTION: forcing a failure. [ 243.023688][ T8351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.041759][ T8351] CPU: 1 UID: 0 PID: 8351 Comm: syz.3.896 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 243.041788][ T8351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.041801][ T8351] Call Trace: [ 243.041811][ T8351] [ 243.041819][ T8351] dump_stack_lvl+0x189/0x250 [ 243.041852][ T8351] ? __pfx____ratelimit+0x10/0x10 [ 243.041884][ T8351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.041909][ T8351] ? __pfx__printk+0x10/0x10 [ 243.041931][ T8351] ? __might_fault+0xb0/0x130 [ 243.041966][ T8351] should_fail_ex+0x414/0x560 [ 243.041998][ T8351] _copy_from_iter+0x1db/0x16f0 [ 243.042033][ T8351] ? rcu_is_watching+0x15/0xb0 [ 243.042057][ T8351] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 243.042084][ T8351] ? __pfx__copy_from_iter+0x10/0x10 [ 243.042116][ T8351] ? __build_skb_around+0x257/0x3e0 [ 243.042144][ T8351] ? netlink_sendmsg+0x642/0xb30 [ 243.042168][ T8351] ? skb_put+0x11b/0x210 [ 243.042197][ T8351] netlink_sendmsg+0x6b2/0xb30 [ 243.042233][ T8351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.042262][ T8351] ? aa_sock_msg_perm+0x94/0x160 [ 243.042286][ T8351] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 243.042315][ T8351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.042342][ T8351] __sock_sendmsg+0x219/0x270 [ 243.042365][ T8351] ____sys_sendmsg+0x505/0x830 [ 243.042423][ T8351] ? __pfx_____sys_sendmsg+0x10/0x10 [ 243.042460][ T8351] ? import_iovec+0x74/0xa0 [ 243.042482][ T8351] ___sys_sendmsg+0x21f/0x2a0 [ 243.042506][ T8351] ? __pfx____sys_sendmsg+0x10/0x10 [ 243.042557][ T8351] ? __fget_files+0x2a/0x420 [ 243.042582][ T8351] ? __fget_files+0x3a0/0x420 [ 243.042616][ T8351] __x64_sys_sendmsg+0x19b/0x260 [ 243.042641][ T8351] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 243.042671][ T8351] ? __pfx_ksys_write+0x10/0x10 [ 243.042692][ T8351] ? rcu_is_watching+0x15/0xb0 [ 243.042715][ T8351] ? do_syscall_64+0xbe/0x3b0 [ 243.042735][ T8351] do_syscall_64+0xfa/0x3b0 [ 243.042750][ T8351] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.042777][ T8351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.042793][ T8351] ? clear_bhb_loop+0x60/0xb0 [ 243.042814][ T8351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.042830][ T8351] RIP: 0033:0x7f643098e929 [ 243.042845][ T8351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.042860][ T8351] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 243.042879][ T8351] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 243.042891][ T8351] RDX: 0000000000000000 RSI: 0000200000000d80 RDI: 0000000000000004 [ 243.042902][ T8351] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 243.042913][ T8351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.042923][ T8351] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 243.042948][ T8351] [ 243.328579][ C1] vkms_vblank_simulate: vblank timer overrun [ 243.340367][ T5918] usb 1-1: Service connection timeout for: 256 [ 243.346743][ T5918] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 243.355220][ T5918] ath9k_htc: Failed to initialize the device [ 243.395685][ T9] usb 1-1: ath9k_htc: USB layer deinitialized [ 243.604183][ T5840] keytouch 0003:0926:3333.0017: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 243.645438][ T8358] netlink: 48 bytes leftover after parsing attributes in process `syz.1.898'. [ 243.688420][ T8360] FAULT_INJECTION: forcing a failure. [ 243.688420][ T8360] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.762976][ T8360] CPU: 1 UID: 0 PID: 8360 Comm: syz.3.899 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 243.763008][ T8360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.763048][ T8360] Call Trace: [ 243.763057][ T8360] [ 243.763067][ T8360] dump_stack_lvl+0x189/0x250 [ 243.763098][ T8360] ? __pfx____ratelimit+0x10/0x10 [ 243.763132][ T8360] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.763157][ T8360] ? __pfx__printk+0x10/0x10 [ 243.763194][ T8360] should_fail_ex+0x414/0x560 [ 243.763227][ T8360] _copy_to_user+0x31/0xb0 [ 243.763251][ T8360] simple_read_from_buffer+0xe1/0x170 [ 243.763286][ T8360] proc_fail_nth_read+0x1df/0x250 [ 243.763311][ T8360] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.763334][ T8360] ? rw_verify_area+0x258/0x650 [ 243.763360][ T8360] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.763382][ T8360] vfs_read+0x1fd/0x980 [ 243.763413][ T8360] ? __pfx___mutex_lock+0x10/0x10 [ 243.763435][ T8360] ? __pfx_vfs_read+0x10/0x10 [ 243.763462][ T8360] ? __fget_files+0x2a/0x420 [ 243.763499][ T8360] ? __fget_files+0x3a0/0x420 [ 243.763529][ T8360] ? __fget_files+0x2a/0x420 [ 243.763568][ T8360] ksys_read+0x145/0x250 [ 243.763598][ T8360] ? __pfx_ksys_read+0x10/0x10 [ 243.763623][ T8360] ? rcu_is_watching+0x15/0xb0 [ 243.763653][ T8360] ? do_syscall_64+0xbe/0x3b0 [ 243.763679][ T8360] do_syscall_64+0xfa/0x3b0 [ 243.763699][ T8360] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.763731][ T8360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.763751][ T8360] ? clear_bhb_loop+0x60/0xb0 [ 243.763778][ T8360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.763798][ T8360] RIP: 0033:0x7f643098d33c [ 243.763818][ T8360] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 243.763835][ T8360] RSP: 002b:00007f6431834030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 243.763858][ T8360] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098d33c [ 243.763873][ T8360] RDX: 000000000000000f RSI: 00007f64318340a0 RDI: 0000000000000005 [ 243.763886][ T8360] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 243.763900][ T8360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.763911][ T8360] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 243.763945][ T8360] [ 243.774560][ T9] usb 3-1: USB disconnect, device number 48 [ 244.055906][ T8362] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 244.575714][ T5840] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 244.653583][ T8378] FAULT_INJECTION: forcing a failure. [ 244.653583][ T8378] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.671411][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: syz.3.907 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 244.671441][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.671455][ T8378] Call Trace: [ 244.671464][ T8378] [ 244.671473][ T8378] dump_stack_lvl+0x189/0x250 [ 244.671504][ T8378] ? __pfx____ratelimit+0x10/0x10 [ 244.671538][ T8378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.671563][ T8378] ? __pfx__printk+0x10/0x10 [ 244.671587][ T8378] ? __might_fault+0xb0/0x130 [ 244.671625][ T8378] should_fail_ex+0x414/0x560 [ 244.671659][ T8378] _copy_from_iter+0x1db/0x16f0 [ 244.671695][ T8378] ? rcu_is_watching+0x15/0xb0 [ 244.671721][ T8378] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 244.671750][ T8378] ? __pfx__copy_from_iter+0x10/0x10 [ 244.671783][ T8378] ? __build_skb_around+0x257/0x3e0 [ 244.671813][ T8378] ? netlink_sendmsg+0x642/0xb30 [ 244.671839][ T8378] ? skb_put+0x11b/0x210 [ 244.671870][ T8378] netlink_sendmsg+0x6b2/0xb30 [ 244.671907][ T8378] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.671938][ T8378] ? aa_sock_msg_perm+0x94/0x160 [ 244.671980][ T8378] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 244.672012][ T8378] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.672040][ T8378] __sock_sendmsg+0x219/0x270 [ 244.672065][ T8378] ____sys_sendmsg+0x505/0x830 [ 244.672100][ T8378] ? __pfx_____sys_sendmsg+0x10/0x10 [ 244.672138][ T8378] ? import_iovec+0x74/0xa0 [ 244.672163][ T8378] ___sys_sendmsg+0x21f/0x2a0 [ 244.672194][ T8378] ? __pfx____sys_sendmsg+0x10/0x10 [ 244.672261][ T8378] ? __fget_files+0x2a/0x420 [ 244.672292][ T8378] ? __fget_files+0x3a0/0x420 [ 244.672335][ T8378] __x64_sys_sendmsg+0x19b/0x260 [ 244.672366][ T8378] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 244.672405][ T8378] ? __pfx_ksys_write+0x10/0x10 [ 244.672430][ T8378] ? rcu_is_watching+0x15/0xb0 [ 244.672460][ T8378] ? do_syscall_64+0xbe/0x3b0 [ 244.672485][ T8378] do_syscall_64+0xfa/0x3b0 [ 244.672504][ T8378] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.672536][ T8378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.672556][ T8378] ? clear_bhb_loop+0x60/0xb0 [ 244.672582][ T8378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.672602][ T8378] RIP: 0033:0x7f643098e929 [ 244.672621][ T8378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.672640][ T8378] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.672662][ T8378] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 244.672678][ T8378] RDX: 0000000004048850 RSI: 00002000000001c0 RDI: 0000000000000003 [ 244.672691][ T8378] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 244.672704][ T8378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.672715][ T8378] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 244.672746][ T8378] [ 244.967181][ T5840] usb 2-1: device descriptor read/64, error -71 [ 245.035759][ T43] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 245.201388][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.214371][ T43] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 245.223572][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.233550][ T5840] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 245.242620][ T43] usb 3-1: config 0 descriptor?? [ 245.375870][ T5840] usb 2-1: device descriptor read/64, error -71 [ 245.486212][ T5840] usb usb2-port1: attempt power cycle [ 245.660362][ T43] keytouch 0003:0926:3333.0018: fixing up Keytouch IEC report descriptor [ 245.702514][ T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0018/input/input21 [ 245.851576][ T5840] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 245.877057][ T43] keytouch 0003:0926:3333.0018: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 245.907273][ T5840] usb 2-1: device descriptor read/8, error -71 [ 245.976527][ T5835] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 246.134211][ T5934] usb 3-1: USB disconnect, device number 49 [ 246.147696][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.160241][ T5840] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 246.170127][ T5835] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 246.182119][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.191271][ T5840] usb 2-1: device descriptor read/8, error -71 [ 246.220307][ T5835] usb 1-1: config 0 descriptor?? [ 246.243040][ T8406] FAULT_INJECTION: forcing a failure. [ 246.243040][ T8406] name failslab, interval 1, probability 0, space 0, times 0 [ 246.257259][ T8406] CPU: 0 UID: 0 PID: 8406 Comm: syz.3.918 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 246.257289][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.257302][ T8406] Call Trace: [ 246.257311][ T8406] [ 246.257320][ T8406] dump_stack_lvl+0x189/0x250 [ 246.257350][ T8406] ? __pfx____ratelimit+0x10/0x10 [ 246.257384][ T8406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.257408][ T8406] ? __pfx__printk+0x10/0x10 [ 246.257435][ T8406] ? __pfx___might_resched+0x10/0x10 [ 246.257459][ T8406] ? fs_reclaim_acquire+0x7d/0x100 [ 246.257499][ T8406] should_fail_ex+0x414/0x560 [ 246.257530][ T8406] should_failslab+0xa8/0x100 [ 246.257560][ T8406] kmem_cache_alloc_noprof+0x73/0x3c0 [ 246.257585][ T8406] ? getname_flags+0xb8/0x540 [ 246.257609][ T8406] getname_flags+0xb8/0x540 [ 246.257633][ T8406] __x64_sys_rename+0x6a/0x90 [ 246.257664][ T8406] do_syscall_64+0xfa/0x3b0 [ 246.257684][ T8406] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.257718][ T8406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.257739][ T8406] ? clear_bhb_loop+0x60/0xb0 [ 246.257764][ T8406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.257784][ T8406] RIP: 0033:0x7f643098e929 [ 246.257803][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.257821][ T8406] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 246.257844][ T8406] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 246.257868][ T8406] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000200000000580 [ 246.257883][ T8406] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 246.257897][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.257909][ T8406] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 246.257941][ T8406] [ 246.328189][ T5840] usb usb2-port1: unable to enumerate USB device [ 246.328430][ C0] vkms_vblank_simulate: vblank timer overrun [ 246.466407][ C0] vkms_vblank_simulate: vblank timer overrun [ 246.651759][ T5835] keytouch 0003:0926:3333.0019: fixing up Keytouch IEC report descriptor [ 246.675677][ T5835] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0019/input/input22 [ 246.796416][ T5835] keytouch 0003:0926:3333.0019: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 247.186473][ T5934] usb 1-1: USB disconnect, device number 57 [ 247.476248][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.929'. [ 248.095741][ T5835] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 248.275805][ T5835] usb 1-1: Using ep0 maxpacket: 32 [ 248.286141][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.300478][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.320504][ T5835] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 248.341541][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.369293][ T5835] usb 1-1: config 0 descriptor?? [ 248.387878][ T5835] hub 1-1:0.0: USB hub found [ 248.485735][ T5934] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 248.590005][ T5835] hub 1-1:0.0: 1 port detected [ 248.601933][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 248.601951][ T30] audit: type=1326 audit(1750490632.589:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8470 comm="syz.3.947" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f643098e929 code=0x0 [ 248.659132][ T5934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.671769][ T5934] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 248.681965][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.700331][ T5934] usb 2-1: config 0 descriptor?? [ 249.042597][ T8480] netlink: 44 bytes leftover after parsing attributes in process `syz.2.950'. [ 249.051833][ T8480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.950'. [ 249.123437][ T5934] keytouch 0003:0926:3333.001A: fixing up Keytouch IEC report descriptor [ 249.146862][ T5934] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001A/input/input23 [ 249.218217][ T5835] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 249.229877][ T5901] usb 1-1: USB disconnect, device number 58 [ 249.236302][ T5840] usb 1-1: Failed to suspend device, error -19 [ 249.291327][ T5934] keytouch 0003:0926:3333.001A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 249.455216][ T8484] FAULT_INJECTION: forcing a failure. [ 249.455216][ T8484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.495249][ T8484] CPU: 1 UID: 0 PID: 8484 Comm: syz.2.951 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 249.495278][ T8484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.495291][ T8484] Call Trace: [ 249.495300][ T8484] [ 249.495309][ T8484] dump_stack_lvl+0x189/0x250 [ 249.495338][ T8484] ? __pfx____ratelimit+0x10/0x10 [ 249.495371][ T8484] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.495395][ T8484] ? __pfx__printk+0x10/0x10 [ 249.495430][ T8484] should_fail_ex+0x414/0x560 [ 249.495462][ T8484] _copy_to_user+0x31/0xb0 [ 249.495486][ T8484] simple_read_from_buffer+0xe1/0x170 [ 249.495530][ T8484] proc_fail_nth_read+0x1df/0x250 [ 249.495555][ T8484] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.495580][ T8484] ? rw_verify_area+0x258/0x650 [ 249.495604][ T8484] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.495624][ T8484] vfs_read+0x1fd/0x980 [ 249.495655][ T8484] ? __pfx___mutex_lock+0x10/0x10 [ 249.495676][ T8484] ? __pfx_vfs_read+0x10/0x10 [ 249.495704][ T8484] ? __fget_files+0x2a/0x420 [ 249.495738][ T8484] ? __fget_files+0x3a0/0x420 [ 249.495767][ T8484] ? __fget_files+0x2a/0x420 [ 249.495805][ T8484] ksys_read+0x145/0x250 [ 249.495829][ T8484] ? __fget_files+0x2a/0x420 [ 249.495861][ T8484] ? __pfx_ksys_read+0x10/0x10 [ 249.495893][ T8484] ? do_syscall_64+0xbe/0x3b0 [ 249.495917][ T8484] do_syscall_64+0xfa/0x3b0 [ 249.495937][ T8484] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.495967][ T8484] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.495987][ T8484] ? clear_bhb_loop+0x60/0xb0 [ 249.496012][ T8484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.496032][ T8484] RIP: 0033:0x7fa4c158d33c [ 249.496050][ T8484] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 249.496069][ T8484] RSP: 002b:00007fa4c2422030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 249.496090][ T8484] RAX: ffffffffffffffda RBX: 00007fa4c17b5fa0 RCX: 00007fa4c158d33c [ 249.496105][ T8484] RDX: 000000000000000f RSI: 00007fa4c24220a0 RDI: 0000000000000005 [ 249.496118][ T8484] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 249.496131][ T8484] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 249.496144][ T8484] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 249.496174][ T8484] [ 249.754072][ T5840] usb 2-1: USB disconnect, device number 48 [ 250.265796][ T5901] usb 3-1: new low-speed USB device number 50 using dummy_hcd [ 250.274454][ T8505] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 250.348397][ T8507] netlink: 20 bytes leftover after parsing attributes in process `syz.1.962'. [ 250.406596][ T8507] kvm: vcpu 0: requested 16 ns lapic timer period limited to 200000 ns [ 250.416161][ T8507] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=220138064 (3522209024 ns) > initial count (200000 ns). Using initial count to start timer. [ 250.428729][ T10] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 250.442023][ T5901] usb 3-1: device descriptor read/64, error -71 [ 250.451735][ T8507] netlink: 32 bytes leftover after parsing attributes in process `syz.1.962'. [ 250.495880][ T8512] raw_sendmsg: syz.0.964 forgot to set AF_INET. Fix it! [ 250.605693][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 250.612678][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.629330][ T10] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 250.638945][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.647057][ T10] usb 4-1: Product: syz [ 250.651269][ T10] usb 4-1: Manufacturer: syz [ 250.660500][ T10] usb 4-1: SerialNumber: syz [ 250.671467][ T10] usb 4-1: config 0 descriptor?? [ 250.685825][ T10] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 250.692644][ T10] usb 4-1: selecting invalid altsetting 2 [ 250.698510][ T10] snd_usb_toneport 4-1:0.0: set_interface failed [ 250.705137][ T10] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 250.708877][ T5901] usb 3-1: new low-speed USB device number 51 using dummy_hcd [ 250.713939][ T10] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 250.835931][ T5934] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 250.855930][ T5901] usb 3-1: device descriptor read/64, error -71 [ 250.898575][ T8503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.908026][ T8503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.979280][ T5901] usb usb3-port1: attempt power cycle [ 250.983500][ T10] usb 4-1: USB disconnect, device number 50 [ 250.995737][ T5934] usb 1-1: Using ep0 maxpacket: 32 [ 251.017326][ T5934] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 251.027724][ T5934] usb 1-1: config 0 has no interface number 0 [ 251.033881][ T5934] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.046022][ T5934] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.056316][ T5934] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 251.065681][ T5934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.077044][ T5934] usb 1-1: config 0 descriptor?? [ 251.318326][ T5901] usb 3-1: new low-speed USB device number 52 using dummy_hcd [ 251.348089][ T5901] usb 3-1: device descriptor read/8, error -71 [ 251.461181][ T8528] FAULT_INJECTION: forcing a failure. [ 251.461181][ T8528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.486324][ T8528] CPU: 0 UID: 0 PID: 8528 Comm: syz.1.969 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 251.486356][ T8528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.486369][ T8528] Call Trace: [ 251.486378][ T8528] [ 251.486386][ T8528] dump_stack_lvl+0x189/0x250 [ 251.486416][ T8528] ? __pfx____ratelimit+0x10/0x10 [ 251.486454][ T8528] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.486480][ T8528] ? __pfx__printk+0x10/0x10 [ 251.486504][ T8528] ? __might_fault+0xb0/0x130 [ 251.486539][ T8528] should_fail_ex+0x414/0x560 [ 251.486572][ T8528] _copy_from_user+0x2d/0xb0 [ 251.486595][ T8528] ____sys_sendmsg+0x2fe/0x830 [ 251.486637][ T8528] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.486669][ T8528] ? import_iovec+0x74/0xa0 [ 251.486687][ T8528] ___sys_sendmsg+0x21f/0x2a0 [ 251.486709][ T8528] ? __pfx____sys_sendmsg+0x10/0x10 [ 251.486755][ T8528] ? __fget_files+0x2a/0x420 [ 251.486776][ T8528] ? __fget_files+0x3a0/0x420 [ 251.486806][ T8528] __x64_sys_sendmsg+0x19b/0x260 [ 251.486828][ T8528] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 251.486856][ T8528] ? __pfx_ksys_write+0x10/0x10 [ 251.486875][ T8528] ? rcu_is_watching+0x15/0xb0 [ 251.486896][ T8528] ? do_syscall_64+0xbe/0x3b0 [ 251.486914][ T8528] do_syscall_64+0xfa/0x3b0 [ 251.486929][ T8528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.486943][ T8528] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 251.486959][ T8528] ? clear_bhb_loop+0x60/0xb0 [ 251.486976][ T8528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.486991][ T8528] RIP: 0033:0x7fe12af8e929 [ 251.487004][ T8528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.487018][ T8528] RSP: 002b:00007fe12bd3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.487034][ T8528] RAX: ffffffffffffffda RBX: 00007fe12b1b5fa0 RCX: 00007fe12af8e929 [ 251.487045][ T8528] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 0000000000000004 [ 251.487055][ T8528] RBP: 00007fe12bd3f090 R08: 0000000000000000 R09: 0000000000000000 [ 251.487064][ T8528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.487073][ T8528] R13: 0000000000000000 R14: 00007fe12b1b5fa0 R15: 00007ffd962628f8 [ 251.487094][ T8528] [ 251.718417][ C0] vkms_vblank_simulate: vblank timer overrun [ 251.736656][ T8517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.745523][ T8517] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.794144][ T5934] uclogic 0003:28BD:0094.001B: pen parameters not found [ 251.803096][ T5934] uclogic 0003:28BD:0094.001B: interface is invalid, ignoring [ 251.828097][ T5901] usb 3-1: new low-speed USB device number 53 using dummy_hcd [ 251.889762][ T5934] usb 1-1: USB disconnect, device number 59 [ 251.895739][ T5901] usb 3-1: device descriptor read/8, error -71 [ 252.006335][ T5901] usb usb3-port1: unable to enumerate USB device [ 252.035743][ T10] usb 2-1: new low-speed USB device number 49 using dummy_hcd [ 252.124344][ T8539] FAULT_INJECTION: forcing a failure. [ 252.124344][ T8539] name failslab, interval 1, probability 0, space 0, times 0 [ 252.139000][ T8539] CPU: 1 UID: 0 PID: 8539 Comm: syz.3.974 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 252.139029][ T8539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.139043][ T8539] Call Trace: [ 252.139052][ T8539] [ 252.139061][ T8539] dump_stack_lvl+0x189/0x250 [ 252.139091][ T8539] ? __pfx____ratelimit+0x10/0x10 [ 252.139125][ T8539] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.139150][ T8539] ? __pfx__printk+0x10/0x10 [ 252.139176][ T8539] ? __pfx___might_resched+0x10/0x10 [ 252.139201][ T8539] ? fs_reclaim_acquire+0x7d/0x100 [ 252.139244][ T8539] should_fail_ex+0x414/0x560 [ 252.139276][ T8539] should_failslab+0xa8/0x100 [ 252.139306][ T8539] __kmalloc_noprof+0xcb/0x4f0 [ 252.139330][ T8539] ? ovl_xattr_escape_name+0x6b/0x180 [ 252.139361][ T8539] ovl_xattr_escape_name+0x6b/0x180 [ 252.139390][ T8539] ovl_own_xattr_set+0x51/0xb0 [ 252.139412][ T8539] ? __pfx_ovl_own_xattr_set+0x10/0x10 [ 252.139439][ T8539] __vfs_removexattr+0x42e/0x470 [ 252.139485][ T8539] __vfs_removexattr_locked+0x1ed/0x230 [ 252.139521][ T8539] vfs_removexattr+0x80/0x1b0 [ 252.139558][ T8539] path_removexattrat+0x35d/0x690 [ 252.139595][ T8539] ? __pfx_path_removexattrat+0x10/0x10 [ 252.139618][ T8539] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 252.139640][ T8539] ? __pfx_vfs_write+0x10/0x10 [ 252.139699][ T8539] ? __pfx_ksys_write+0x10/0x10 [ 252.139736][ T8539] __x64_sys_removexattr+0x62/0x70 [ 252.139777][ T8539] do_syscall_64+0xfa/0x3b0 [ 252.139796][ T8539] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.139827][ T8539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.139847][ T8539] ? clear_bhb_loop+0x60/0xb0 [ 252.139872][ T8539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.139891][ T8539] RIP: 0033:0x7f643098e929 [ 252.139910][ T8539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.139933][ T8539] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 252.139955][ T8539] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 252.139970][ T8539] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000140 [ 252.139985][ T8539] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000000 [ 252.139998][ T8539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.140010][ T8539] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 252.140043][ T8539] [ 252.395183][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 252.404377][ T10] usb 2-1: config 1 has an invalid interface number: 145 but max is 0 [ 252.412709][ T10] usb 2-1: config 1 has no interface number 0 [ 252.418908][ T10] usb 2-1: config 1 interface 145 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 252.431619][ T10] usb 2-1: config 1 interface 145 has no altsetting 0 [ 252.450146][ T10] usb 2-1: string descriptor 0 read error: -22 [ 252.466350][ T10] usb 2-1: New USB device found, idVendor=0403, idProduct=fc71, bcdDevice=98.24 [ 252.481979][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.555304][ T8531] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 252.601598][ T10] ftdi_sio 2-1:1.145: FTDI USB Serial Device converter detected [ 252.608223][ T8546] FAULT_INJECTION: forcing a failure. [ 252.608223][ T8546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.622748][ T8546] CPU: 1 UID: 0 PID: 8546 Comm: syz.0.977 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 252.622776][ T8546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.622789][ T8546] Call Trace: [ 252.622798][ T8546] [ 252.622807][ T8546] dump_stack_lvl+0x189/0x250 [ 252.622836][ T8546] ? __pfx____ratelimit+0x10/0x10 [ 252.622871][ T8546] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.622895][ T8546] ? __pfx__printk+0x10/0x10 [ 252.622919][ T8546] ? __might_fault+0xb0/0x130 [ 252.622956][ T8546] should_fail_ex+0x414/0x560 [ 252.622989][ T8546] _copy_from_iter+0x1db/0x16f0 [ 252.623025][ T8546] ? rcu_is_watching+0x15/0xb0 [ 252.623050][ T8546] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 252.623078][ T8546] ? __pfx__copy_from_iter+0x10/0x10 [ 252.623112][ T8546] ? __build_skb_around+0x257/0x3e0 [ 252.623141][ T8546] ? netlink_sendmsg+0x642/0xb30 [ 252.623166][ T8546] ? skb_put+0x11b/0x210 [ 252.623196][ T8546] netlink_sendmsg+0x6b2/0xb30 [ 252.623232][ T8546] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.623263][ T8546] ? aa_sock_msg_perm+0x94/0x160 [ 252.623296][ T8546] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 252.623327][ T8546] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.623355][ T8546] __sock_sendmsg+0x219/0x270 [ 252.623380][ T8546] ____sys_sendmsg+0x505/0x830 [ 252.623425][ T8546] ? __pfx_____sys_sendmsg+0x10/0x10 [ 252.623462][ T8546] ? import_iovec+0x74/0xa0 [ 252.623486][ T8546] ___sys_sendmsg+0x21f/0x2a0 [ 252.623516][ T8546] ? __pfx____sys_sendmsg+0x10/0x10 [ 252.623580][ T8546] ? __fget_files+0x2a/0x420 [ 252.623610][ T8546] ? __fget_files+0x3a0/0x420 [ 252.623650][ T8546] __x64_sys_sendmsg+0x19b/0x260 [ 252.623681][ T8546] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 252.623719][ T8546] ? __pfx_ksys_write+0x10/0x10 [ 252.623743][ T8546] ? rcu_is_watching+0x15/0xb0 [ 252.623772][ T8546] ? do_syscall_64+0xbe/0x3b0 [ 252.623796][ T8546] do_syscall_64+0xfa/0x3b0 [ 252.623815][ T8546] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.623846][ T8546] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.623865][ T8546] ? clear_bhb_loop+0x60/0xb0 [ 252.623889][ T8546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.623909][ T8546] RIP: 0033:0x7f914d18e929 [ 252.623927][ T8546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.623945][ T8546] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 252.623967][ T8546] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 252.623983][ T8546] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 252.623996][ T8546] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 252.624010][ T8546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.624023][ T8546] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 252.624054][ T8546] [ 252.916984][ T10] ftdi_sio ttyUSB0: unknown device type: 0x9824 [ 252.975242][ T8531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.027707][ T8531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.081074][ T5835] usb 2-1: USB disconnect, device number 49 [ 253.088682][ T5835] ftdi_sio 2-1:1.145: device disconnected [ 253.786371][ T9] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 253.949166][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 253.960943][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 253.989762][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 253.999986][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 254.064415][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 254.074667][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 254.091390][ T9] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 254.115676][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.133911][ T9] usb 4-1: Product: syz [ 254.150126][ T9] usb 4-1: Manufacturer: syz [ 254.154778][ T9] usb 4-1: SerialNumber: syz [ 254.210938][ T9] usb 4-1: config 0 descriptor?? [ 254.226099][ T9] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info [ 254.245980][ T9] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90 [ 254.413216][ T8589] netlink: 56 bytes leftover after parsing attributes in process `syz.1.994'. [ 254.428510][ T9] usb 4-1: USB disconnect, device number 51 [ 254.468664][ T5835] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 254.521693][ T8591] FAULT_INJECTION: forcing a failure. [ 254.521693][ T8591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.536914][ T8591] CPU: 1 UID: 0 PID: 8591 Comm: syz.0.995 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 254.536943][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.536957][ T8591] Call Trace: [ 254.536966][ T8591] [ 254.536975][ T8591] dump_stack_lvl+0x189/0x250 [ 254.537005][ T8591] ? __pfx____ratelimit+0x10/0x10 [ 254.537039][ T8591] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.537064][ T8591] ? __pfx__printk+0x10/0x10 [ 254.537088][ T8591] ? __might_fault+0xb0/0x130 [ 254.537125][ T8591] should_fail_ex+0x414/0x560 [ 254.537157][ T8591] _copy_from_iter+0x1db/0x16f0 [ 254.537193][ T8591] ? rcu_is_watching+0x15/0xb0 [ 254.537219][ T8591] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 254.537248][ T8591] ? __pfx__copy_from_iter+0x10/0x10 [ 254.537281][ T8591] ? __build_skb_around+0x257/0x3e0 [ 254.537311][ T8591] ? netlink_sendmsg+0x642/0xb30 [ 254.537336][ T8591] ? skb_put+0x11b/0x210 [ 254.537387][ T8591] netlink_sendmsg+0x6b2/0xb30 [ 254.537425][ T8591] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.537455][ T8591] ? aa_sock_msg_perm+0x94/0x160 [ 254.537484][ T8591] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 254.537516][ T8591] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.537544][ T8591] __sock_sendmsg+0x219/0x270 [ 254.537568][ T8591] ____sys_sendmsg+0x505/0x830 [ 254.537603][ T8591] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.537641][ T8591] ? import_iovec+0x74/0xa0 [ 254.537666][ T8591] ___sys_sendmsg+0x21f/0x2a0 [ 254.537697][ T8591] ? __pfx____sys_sendmsg+0x10/0x10 [ 254.537764][ T8591] ? __fget_files+0x2a/0x420 [ 254.537795][ T8591] ? __fget_files+0x3a0/0x420 [ 254.537837][ T8591] __x64_sys_sendmsg+0x19b/0x260 [ 254.537868][ T8591] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 254.537905][ T8591] ? __pfx_ksys_write+0x10/0x10 [ 254.537930][ T8591] ? rcu_is_watching+0x15/0xb0 [ 254.537959][ T8591] ? do_syscall_64+0xbe/0x3b0 [ 254.537984][ T8591] do_syscall_64+0xfa/0x3b0 [ 254.538004][ T8591] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.538035][ T8591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.538055][ T8591] ? clear_bhb_loop+0x60/0xb0 [ 254.538080][ T8591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.538100][ T8591] RIP: 0033:0x7f914d18e929 [ 254.538118][ T8591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.538136][ T8591] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.538158][ T8591] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 254.538173][ T8591] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 254.538187][ T8591] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 254.538200][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.538213][ T8591] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 254.538245][ T8591] [ 254.883389][ T8595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.997'. [ 254.892856][ T8595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.997'. [ 254.895847][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 254.909671][ T5835] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 254.935671][ T5835] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 254.945782][ T5835] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 254.955858][ T5835] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 254.969188][ T5835] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 255.015324][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.202888][ T8602] FAULT_INJECTION: forcing a failure. [ 255.202888][ T8602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.227641][ T8602] CPU: 0 UID: 0 PID: 8602 Comm: syz.0.999 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 255.227672][ T8602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.227687][ T8602] Call Trace: [ 255.227696][ T8602] [ 255.227705][ T8602] dump_stack_lvl+0x189/0x250 [ 255.227735][ T8602] ? __pfx____ratelimit+0x10/0x10 [ 255.227769][ T8602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.227793][ T8602] ? __pfx__printk+0x10/0x10 [ 255.227817][ T8602] ? __might_fault+0xb0/0x130 [ 255.227855][ T8602] should_fail_ex+0x414/0x560 [ 255.227887][ T8602] _copy_from_iter+0x1db/0x16f0 [ 255.227922][ T8602] ? sock_alloc_send_pskb+0x875/0x990 [ 255.227961][ T8602] ? __pfx__copy_from_iter+0x10/0x10 [ 255.228001][ T8602] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 255.228043][ T8602] skb_copy_datagram_from_iter+0xf5/0x720 [ 255.228077][ T8602] ? packet_cached_dev_get+0x1c/0x2b0 [ 255.228098][ T8602] ? skb_put+0x11b/0x210 [ 255.228128][ T8602] packet_sendmsg+0x3abb/0x53f0 [ 255.228170][ T8602] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 255.228211][ T8602] ? __pfx___might_resched+0x10/0x10 [ 255.228235][ T8602] ? __lock_acquire+0xab9/0xd20 [ 255.228273][ T8602] ? __pfx_packet_sendmsg+0x10/0x10 [ 255.228301][ T8602] ? aa_sk_perm+0x81e/0x950 [ 255.228326][ T8602] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 255.228358][ T8602] ? aa_sock_msg_perm+0x94/0x160 [ 255.228383][ T8602] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 255.228414][ T8602] ? __pfx_packet_sendmsg+0x10/0x10 [ 255.228444][ T8602] __sock_sendmsg+0x219/0x270 [ 255.228469][ T8602] ____sys_sendmsg+0x505/0x830 [ 255.228501][ T8602] ? __pfx_____sys_sendmsg+0x10/0x10 [ 255.228539][ T8602] ? import_iovec+0x74/0xa0 [ 255.228563][ T8602] ___sys_sendmsg+0x21f/0x2a0 [ 255.228594][ T8602] ? __pfx____sys_sendmsg+0x10/0x10 [ 255.228660][ T8602] ? __fget_files+0x2a/0x420 [ 255.228692][ T8602] ? __fget_files+0x3a0/0x420 [ 255.228734][ T8602] __x64_sys_sendmsg+0x19b/0x260 [ 255.228766][ T8602] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 255.228805][ T8602] ? __pfx_ksys_write+0x10/0x10 [ 255.228830][ T8602] ? rcu_is_watching+0x15/0xb0 [ 255.228859][ T8602] ? do_syscall_64+0xbe/0x3b0 [ 255.228883][ T8602] do_syscall_64+0xfa/0x3b0 [ 255.228900][ T8602] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.228932][ T8602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.228957][ T8602] ? clear_bhb_loop+0x60/0xb0 [ 255.228981][ T8602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.229001][ T8602] RIP: 0033:0x7f914d18e929 [ 255.229020][ T8602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.229048][ T8602] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.229070][ T8602] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 255.229085][ T8602] RDX: 0000000000004004 RSI: 0000200000000200 RDI: 0000000000000003 [ 255.229099][ T8602] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 255.229113][ T8602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.229125][ T8602] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 255.229155][ T8602] [ 255.590517][ T5835] usb 3-1: GET_CAPABILITIES returned 0 [ 255.604088][ T5835] usbtmc 3-1:16.0: can't read capabilities [ 255.686220][ T5901] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 255.790906][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.797344][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.839991][ T5901] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 255.850228][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.873427][ T5901] usb 2-1: config 0 descriptor?? [ 255.903794][ T5901] cp210x 2-1:0.0: cp210x converter detected [ 256.516016][ T8600] qnx4: no qnx4 filesystem (no root dir). [ 256.525818][ T5901] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 256.538649][ T5901] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 256.566562][ T5901] usb 2-1: cp210x converter now attached to ttyUSB0 [ 256.587597][ T5901] usb 2-1: USB disconnect, device number 50 [ 256.607558][ T5901] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 256.619821][ T5835] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 256.636490][ T5901] cp210x 2-1:0.0: device disconnected [ 256.789549][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.801290][ T5835] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 256.813091][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.827295][ T5835] usb 4-1: config 0 descriptor?? [ 257.248810][ T5835] keytouch 0003:0926:3333.001C: fixing up Keytouch IEC report descriptor [ 257.253952][ T9] usb 3-1: USB disconnect, device number 54 [ 257.258974][ T8645] FAULT_INJECTION: forcing a failure. [ 257.258974][ T8645] name failslab, interval 1, probability 0, space 0, times 0 [ 257.286694][ T5835] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001C/input/input24 [ 257.298493][ T8645] CPU: 1 UID: 0 PID: 8645 Comm: syz.1.1018 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 257.298521][ T8645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.298535][ T8645] Call Trace: [ 257.298544][ T8645] [ 257.298553][ T8645] dump_stack_lvl+0x189/0x250 [ 257.298582][ T8645] ? __pfx____ratelimit+0x10/0x10 [ 257.298614][ T8645] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.298638][ T8645] ? __pfx__printk+0x10/0x10 [ 257.298663][ T8645] ? __pfx___might_resched+0x10/0x10 [ 257.298687][ T8645] ? fs_reclaim_acquire+0x7d/0x100 [ 257.298721][ T8645] should_fail_ex+0x414/0x560 [ 257.298753][ T8645] should_failslab+0xa8/0x100 [ 257.298782][ T8645] __kmalloc_noprof+0xcb/0x4f0 [ 257.298807][ T8645] ? anon_vma_name_alloc+0x40/0xf0 [ 257.298832][ T8645] anon_vma_name_alloc+0x40/0xf0 [ 257.298853][ T8645] prctl_set_vma+0x18b/0x400 [ 257.298873][ T8645] __se_sys_prctl+0x27e/0x1940 [ 257.298910][ T8645] ? __pfx___se_sys_prctl+0x10/0x10 [ 257.298933][ T8645] ? rcu_is_watching+0x15/0xb0 [ 257.298956][ T8645] ? do_syscall_64+0xbe/0x3b0 [ 257.298971][ T8645] ? __x64_sys_prctl+0x20/0xc0 [ 257.298998][ T8645] do_syscall_64+0xfa/0x3b0 [ 257.299013][ T8645] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.299038][ T8645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.299054][ T8645] ? clear_bhb_loop+0x60/0xb0 [ 257.299074][ T8645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.299089][ T8645] RIP: 0033:0x7fe12af8e929 [ 257.299105][ T8645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.299119][ T8645] RSP: 002b:00007fe12bd3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 257.299140][ T8645] RAX: ffffffffffffffda RBX: 00007fe12b1b5fa0 RCX: 00007fe12af8e929 [ 257.299153][ T8645] RDX: 0000200000789000 RSI: 0000000000000000 RDI: 0000000053564d41 [ 257.299164][ T8645] RBP: 00007fe12bd3f090 R08: 0000200000000000 R09: 0000000000000000 [ 257.299175][ T8645] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001 [ 257.299185][ T8645] R13: 0000000000000000 R14: 00007fe12b1b5fa0 R15: 00007ffd962628f8 [ 257.299209][ T8645] [ 257.640217][ T5835] keytouch 0003:0926:3333.001C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 257.730413][ T5840] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 257.890970][ T9] usb 4-1: USB disconnect, device number 52 [ 257.897907][ T8656] FAULT_INJECTION: forcing a failure. [ 257.897907][ T8656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.914242][ T5840] usb 1-1: Using ep0 maxpacket: 16 [ 257.919717][ T8656] CPU: 1 UID: 0 PID: 8656 Comm: syz.2.1023 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 257.919747][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.919765][ T8656] Call Trace: [ 257.919773][ T8656] [ 257.919782][ T8656] dump_stack_lvl+0x189/0x250 [ 257.919812][ T8656] ? __pfx____ratelimit+0x10/0x10 [ 257.919845][ T8656] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.919870][ T8656] ? __pfx__printk+0x10/0x10 [ 257.919894][ T8656] ? __might_fault+0xb0/0x130 [ 257.919932][ T8656] should_fail_ex+0x414/0x560 [ 257.919962][ T8656] _copy_from_user+0x2d/0xb0 [ 257.919985][ T8656] dev_ethtool+0xd0/0x1990 [ 257.920018][ T8656] ? __lock_acquire+0xab9/0xd20 [ 257.920046][ T8656] ? __pfx_dev_ethtool+0x10/0x10 [ 257.920094][ T8656] ? dev_load+0x21/0x1f0 [ 257.920118][ T8656] ? dev_load+0x21/0x1f0 [ 257.920140][ T8656] dev_ioctl+0x392/0x1150 [ 257.920166][ T8656] sock_do_ioctl+0x22c/0x300 [ 257.920188][ T8656] ? __pfx_sock_do_ioctl+0x10/0x10 [ 257.920205][ T8656] ? __lock_acquire+0xab9/0xd20 [ 257.920239][ T8656] sock_ioctl+0x576/0x790 [ 257.920274][ T8656] ? __pfx_sock_ioctl+0x10/0x10 [ 257.920306][ T8656] ? __fget_files+0x2a/0x420 [ 257.920336][ T8656] ? __fget_files+0x3a0/0x420 [ 257.920364][ T8656] ? __fget_files+0x2a/0x420 [ 257.920400][ T8656] ? bpf_lsm_file_ioctl+0x9/0x20 [ 257.920422][ T8656] ? __pfx_sock_ioctl+0x10/0x10 [ 257.920453][ T8656] __se_sys_ioctl+0xfc/0x170 [ 257.920480][ T8656] do_syscall_64+0xfa/0x3b0 [ 257.920500][ T8656] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.920532][ T8656] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.920552][ T8656] ? clear_bhb_loop+0x60/0xb0 [ 257.920578][ T8656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.920598][ T8656] RIP: 0033:0x7fa4c158e929 [ 257.920617][ T8656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.920636][ T8656] RSP: 002b:00007fa4c2422038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.920658][ T8656] RAX: ffffffffffffffda RBX: 00007fa4c17b5fa0 RCX: 00007fa4c158e929 [ 257.920674][ T8656] RDX: 0000200000005e40 RSI: 0000000000008946 RDI: 0000000000000003 [ 257.920689][ T8656] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 257.920702][ T8656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.920715][ T8656] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 257.920747][ T8656] [ 257.922536][ T5840] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.210340][ T5840] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.220451][ T5840] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 258.233701][ T5840] usb 1-1: config 0 interface 0 has no altsetting 0 [ 258.242804][ T5840] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 258.268861][ T8661] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 258.279874][ T5840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.291240][ T5840] usb 1-1: config 0 descriptor?? [ 258.721923][ T5840] hid (null): report_id 0 is invalid [ 258.895769][ T5835] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 258.920771][ T9] usb 1-1: USB disconnect, device number 60 [ 258.945795][ T5925] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 258.953505][ T5901] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 259.065773][ T5835] usb 3-1: Using ep0 maxpacket: 32 [ 259.073015][ T5835] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.084116][ T5835] usb 3-1: config 0 interface 0 has no altsetting 0 [ 259.092209][ T5835] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 259.101824][ T5925] usb 2-1: device descriptor read/64, error -71 [ 259.108201][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 259.116315][ T5901] usb 4-1: Using ep0 maxpacket: 8 [ 259.121518][ T5835] usb 3-1: Product: syz [ 259.127874][ T5901] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.140401][ T5835] usb 3-1: config 0 descriptor?? [ 259.151713][ T5901] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 259.160887][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.169010][ T5901] usb 4-1: Product: syz [ 259.173229][ T5901] usb 4-1: Manufacturer: syz [ 259.177908][ T5901] usb 4-1: SerialNumber: syz [ 259.185358][ T5901] usb 4-1: config 0 descriptor?? [ 259.196404][ T5901] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 259.203244][ T5901] usb 4-1: selecting invalid altsetting 2 [ 259.209218][ T5901] snd_usb_toneport 4-1:0.0: set_interface failed [ 259.215879][ T5901] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 259.223817][ T5901] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 259.385748][ T5925] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 259.400729][ T8675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.409695][ T8675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.429576][ T10] usb 4-1: USB disconnect, device number 53 [ 259.494368][ T8679] FAT-fs (rnullb0): bogus number of reserved sectors [ 259.501884][ T8679] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 259.525797][ T5925] usb 2-1: device descriptor read/64, error -71 [ 259.555041][ T8673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.564220][ T8673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.644674][ T8683] FAULT_INJECTION: forcing a failure. [ 259.644674][ T8683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.661979][ T5925] usb usb2-port1: attempt power cycle [ 259.662285][ T8683] CPU: 0 UID: 0 PID: 8683 Comm: syz.0.1035 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 259.662317][ T8683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.662333][ T8683] Call Trace: [ 259.662344][ T8683] [ 259.662354][ T8683] dump_stack_lvl+0x189/0x250 [ 259.662388][ T8683] ? __pfx____ratelimit+0x10/0x10 [ 259.662428][ T8683] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.662455][ T8683] ? __pfx__printk+0x10/0x10 [ 259.662498][ T8683] should_fail_ex+0x414/0x560 [ 259.662534][ T8683] _copy_to_user+0x31/0xb0 [ 259.662562][ T8683] simple_read_from_buffer+0xe1/0x170 [ 259.662602][ T8683] proc_fail_nth_read+0x1df/0x250 [ 259.662642][ T8683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 259.662669][ T8683] ? rw_verify_area+0x258/0x650 [ 259.662698][ T8683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 259.662721][ T8683] vfs_read+0x1fd/0x980 [ 259.662758][ T8683] ? __pfx___mutex_lock+0x10/0x10 [ 259.662784][ T8683] ? __pfx_vfs_read+0x10/0x10 [ 259.662817][ T8683] ? __fget_files+0x2a/0x420 [ 259.662857][ T8683] ? __fget_files+0x3a0/0x420 [ 259.662890][ T8683] ? __fget_files+0x2a/0x420 [ 259.662936][ T8683] ksys_read+0x145/0x250 [ 259.662970][ T8683] ? __pfx_ksys_read+0x10/0x10 [ 259.663007][ T8683] ? do_syscall_64+0xbe/0x3b0 [ 259.663035][ T8683] do_syscall_64+0xfa/0x3b0 [ 259.663057][ T8683] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.663093][ T8683] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.663118][ T8683] ? clear_bhb_loop+0x60/0xb0 [ 259.663147][ T8683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.663169][ T8683] RIP: 0033:0x7f914d18d33c [ 259.663191][ T8683] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 259.663214][ T8683] RSP: 002b:00007f914dfde030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 259.663238][ T8683] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18d33c [ 259.663256][ T8683] RDX: 000000000000000f RSI: 00007f914dfde0a0 RDI: 0000000000000004 [ 259.663272][ T8683] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 259.663285][ T8683] R10: 00000000000000a6 R11: 0000000000000246 R12: 0000000000000001 [ 259.663300][ T8683] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 259.663337][ T8683] [ 259.743187][ T8685] FAULT_INJECTION: forcing a failure. [ 259.743187][ T8685] name failslab, interval 1, probability 0, space 0, times 0 [ 259.788201][ T5835] usbhid 3-1:0.0: can't add hid device: -71 [ 259.790671][ T8685] CPU: 0 UID: 0 PID: 8685 Comm: syz.0.1036 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 259.790704][ T8685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.790721][ T8685] Call Trace: [ 259.790732][ T8685] [ 259.790743][ T8685] dump_stack_lvl+0x189/0x250 [ 259.790777][ T8685] ? __pfx____ratelimit+0x10/0x10 [ 259.790817][ T8685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.790845][ T8685] ? __pfx__printk+0x10/0x10 [ 259.790879][ T8685] ? ref_tracker_alloc+0x318/0x460 [ 259.790914][ T8685] should_fail_ex+0x414/0x560 [ 259.790950][ T8685] should_failslab+0xa8/0x100 [ 259.790985][ T8685] kmem_cache_alloc_noprof+0x73/0x3c0 [ 259.791013][ T8685] ? skb_clone+0x212/0x3a0 [ 259.791052][ T8685] skb_clone+0x212/0x3a0 [ 259.791090][ T8685] __netlink_deliver_tap+0x404/0x850 [ 259.791135][ T8685] ? netlink_deliver_tap+0x2e/0x1b0 [ 259.791168][ T8685] netlink_deliver_tap+0x19c/0x1b0 [ 259.791198][ T8685] netlink_unicast+0x72f/0x8d0 [ 259.791240][ T8685] netlink_sendmsg+0x805/0xb30 [ 259.791281][ T8685] ? __pfx_netlink_sendmsg+0x10/0x10 [ 259.791316][ T8685] ? aa_sock_msg_perm+0x94/0x160 [ 259.791344][ T8685] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 259.791379][ T8685] ? __pfx_netlink_sendmsg+0x10/0x10 [ 259.791412][ T8685] __sock_sendmsg+0x219/0x270 [ 259.791440][ T8685] sock_write_iter+0x258/0x330 [ 259.791478][ T8685] ? __pfx_sock_write_iter+0x10/0x10 [ 259.791530][ T8685] ? __pfx_aa_file_perm+0x10/0x10 [ 259.791566][ T8685] do_iter_readv_writev+0x56e/0x7f0 [ 259.791604][ T8685] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 259.791652][ T8685] ? bpf_lsm_file_permission+0x9/0x20 [ 259.791675][ T8685] ? security_file_permission+0x75/0x290 [ 259.791712][ T8685] ? rw_verify_area+0x258/0x650 [ 259.791747][ T8685] vfs_writev+0x31a/0x960 [ 259.791775][ T8685] ? __lock_acquire+0xab9/0xd20 [ 259.791802][ T8685] ? __pfx_vfs_writev+0x10/0x10 [ 259.791844][ T8685] ? __fget_files+0x2a/0x420 [ 259.791884][ T8685] ? __fget_files+0x3a0/0x420 [ 259.791917][ T8685] ? __fget_files+0x2a/0x420 [ 259.791963][ T8685] do_writev+0x14d/0x2d0 [ 259.791989][ T8685] ? __pfx_do_writev+0x10/0x10 [ 259.792008][ T8685] ? rcu_is_watching+0x15/0xb0 [ 259.792042][ T8685] ? do_syscall_64+0xbe/0x3b0 [ 259.792071][ T8685] do_syscall_64+0xfa/0x3b0 [ 259.792094][ T8685] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.792130][ T8685] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.792154][ T8685] ? clear_bhb_loop+0x60/0xb0 [ 259.792184][ T8685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.792209][ T8685] RIP: 0033:0x7f914d18e929 [ 259.792232][ T8685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.792252][ T8685] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 259.792279][ T8685] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 259.792297][ T8685] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 259.792311][ T8685] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 259.792327][ T8685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.792341][ T8685] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 259.792377][ T8685] [ 259.792460][ T8685] netlink: 'syz.0.1036': attribute type 9 has an invalid length. [ 259.795512][ T5835] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 260.189397][ C1] vkms_vblank_simulate: vblank timer overrun [ 260.277034][ T5835] usb 3-1: USB disconnect, device number 55 [ 260.346202][ T9] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 260.507618][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.521942][ T8715] qnx4: no qnx4 filesystem (no root dir). [ 260.527934][ T5925] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 260.528848][ T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 260.545433][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.560373][ T5925] usb 2-1: device descriptor read/8, error -71 [ 260.567948][ T9] usb 1-1: config 0 descriptor?? [ 260.805792][ T5925] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 260.827200][ T5925] usb 2-1: device descriptor read/8, error -71 [ 260.896576][ T5835] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 260.936251][ T5925] usb usb2-port1: unable to enumerate USB device [ 260.955792][ T5918] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 260.980309][ T9] keytouch 0003:0926:3333.001E: fixing up Keytouch IEC report descriptor [ 260.997937][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.001E/input/input25 [ 261.048245][ T5835] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 261.058906][ T5835] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 261.068070][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.093963][ T5835] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 261.105797][ T5918] usb 4-1: Using ep0 maxpacket: 8 [ 261.129993][ T5918] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.148241][ T9] keytouch 0003:0926:3333.001E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 261.172987][ T5918] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 261.203738][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.215185][ T5918] usb 4-1: Product: syz [ 261.223801][ T5918] usb 4-1: Manufacturer: syz [ 261.235058][ T5918] usb 4-1: SerialNumber: syz [ 261.307861][ T5918] usb 4-1: config 0 descriptor?? [ 261.333656][ T5918] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 261.343737][ T5918] usb 4-1: selecting invalid altsetting 2 [ 261.350064][ T5918] snd_usb_toneport 4-1:0.0: set_interface failed [ 261.357071][ T5918] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 261.365301][ T5918] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 261.534336][ T8727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.548072][ T8727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.564570][ T5918] usb 4-1: USB disconnect, device number 54 [ 261.597927][ T5934] usb 1-1: USB disconnect, device number 61 [ 262.110996][ T9] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 262.113885][ T5835] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 262.134767][ T5835] stv0680 3-1:4.0: STV(e): camera ping failed!! [ 262.142101][ T5835] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 262.157434][ T5835] stv0680 3-1:4.0: last error: 0, command = 0x0 [ 262.176863][ T5835] usb 3-1: USB disconnect, device number 56 [ 262.283483][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.305719][ T9] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 262.314873][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.333379][ T9] usb 2-1: config 0 descriptor?? [ 262.397322][ T8805] netdevsim netdevsim3: Direct firmware load for  failed with error -2 [ 262.406177][ T8805] netdevsim netdevsim3: Falling back to sysfs fallback for:  [ 262.773551][ T9] keytouch 0003:0926:3333.001F: fixing up Keytouch IEC report descriptor [ 262.811956][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001F/input/input26 [ 262.825132][ T8816] FAULT_INJECTION: forcing a failure. [ 262.825132][ T8816] name failslab, interval 1, probability 0, space 0, times 0 [ 262.838280][ T8816] CPU: 0 UID: 0 PID: 8816 Comm: syz.2.1056 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 262.838309][ T8816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.838323][ T8816] Call Trace: [ 262.838332][ T8816] [ 262.838342][ T8816] dump_stack_lvl+0x189/0x250 [ 262.838371][ T8816] ? __pfx____ratelimit+0x10/0x10 [ 262.838404][ T8816] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.838428][ T8816] ? __pfx__printk+0x10/0x10 [ 262.838449][ T8816] ? __lock_acquire+0xab9/0xd20 [ 262.838478][ T8816] ? sig_get_ucounts+0x26/0x450 [ 262.838502][ T8816] should_fail_ex+0x414/0x560 [ 262.838534][ T8816] should_failslab+0xa8/0x100 [ 262.838572][ T8816] kmem_cache_alloc_noprof+0x73/0x3c0 [ 262.838596][ T8816] ? __send_signal_locked+0x22a/0xeb0 [ 262.838622][ T8816] ? sig_get_ucounts+0x3e4/0x450 [ 262.838640][ T8816] __send_signal_locked+0x22a/0xeb0 [ 262.838662][ T8816] ? send_signal_locked+0x1b5/0x8e0 [ 262.838687][ T8816] force_sig_info_to_task+0x30c/0x590 [ 262.838717][ T8816] force_sig+0xc9/0x120 [ 262.838739][ T8816] ? __pfx_force_sig+0x10/0x10 [ 262.838759][ T8816] ? __se_sys_gettimeofday+0xe2/0x1f0 [ 262.838782][ T8816] ? __pfx___se_sys_gettimeofday+0x10/0x10 [ 262.838803][ T8816] ? warn_bad_vsyscall+0x7f/0x230 [ 262.838830][ T8816] emulate_vsyscall+0xaf3/0xff0 [ 262.838861][ T8816] ? 0xffffffffff600000 [ 262.838876][ T8816] ? 0xffffffffff600000 [ 262.838890][ T8816] do_user_addr_fault+0x284/0x1390 [ 262.838918][ T8816] ? 0xffffffffff600000 [ 262.838929][ T8816] ? rcu_is_watching+0x15/0xb0 [ 262.838946][ T8816] ? 0xffffffffff600000 [ 262.838956][ T8816] ? trace_page_fault_user+0x84/0x1e0 [ 262.838980][ T8816] ? 0xffffffffff600000 [ 262.838991][ T8816] exc_page_fault+0x76/0xf0 [ 262.839016][ T8816] asm_exc_page_fault+0x26/0x30 [ 262.839037][ T8816] RIP: 0033:_end+0x651d8000/0x0 [ 262.839056][ T8816] Code: Unable to access opcode bytes at 0xffffffffff5fffd6. [ 262.839064][ T8816] RSP: 002b:00007fa4c2421a78 EFLAGS: 00010246 [ 262.839078][ T8816] RAX: ffffffffffffffda RBX: 00007fa4c17b5fa0 RCX: 00007fa4c158e929 [ 262.839090][ T8816] RDX: 00007fa4c2421a80 RSI: 00007fa4c2421bb0 RDI: 0000000000000019 [ 262.839100][ T8816] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 262.839110][ T8816] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 262.839119][ T8816] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 262.839141][ T8816] [ 263.164465][ T9] keytouch 0003:0926:3333.001F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 263.297166][ T5901] usb 2-1: USB disconnect, device number 55 [ 263.655747][ T5835] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 263.816145][ T5835] usb 4-1: Using ep0 maxpacket: 8 [ 263.851276][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.874865][ T5835] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 263.884505][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.892722][ T5835] usb 4-1: Product: syz [ 263.905662][ T5835] usb 4-1: Manufacturer: syz [ 263.911071][ T5835] usb 4-1: SerialNumber: syz [ 263.931050][ T5835] usb 4-1: config 0 descriptor?? [ 263.960528][ T5835] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 263.973691][ T8874] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 263.983878][ T5835] usb 4-1: selecting invalid altsetting 2 [ 263.992108][ T5835] snd_usb_toneport 4-1:0.0: set_interface failed [ 264.018831][ T5835] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 264.050674][ T5835] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 264.163782][ T8887] FAULT_INJECTION: forcing a failure. [ 264.163782][ T8887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.174714][ T8845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.178956][ T8887] CPU: 0 UID: 0 PID: 8887 Comm: syz.2.1066 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 264.178988][ T8887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.179005][ T8887] Call Trace: [ 264.179015][ T8887] [ 264.179025][ T8887] dump_stack_lvl+0x189/0x250 [ 264.179059][ T8887] ? __pfx____ratelimit+0x10/0x10 [ 264.179098][ T8887] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.179125][ T8887] ? __pfx__printk+0x10/0x10 [ 264.179153][ T8887] ? __might_fault+0xb0/0x130 [ 264.179196][ T8887] should_fail_ex+0x414/0x560 [ 264.179231][ T8887] _copy_from_iter+0x1db/0x16f0 [ 264.179273][ T8887] ? rcu_is_watching+0x15/0xb0 [ 264.179303][ T8887] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 264.179336][ T8887] ? __pfx__copy_from_iter+0x10/0x10 [ 264.179373][ T8887] ? __build_skb_around+0x257/0x3e0 [ 264.179407][ T8887] ? netlink_sendmsg+0x642/0xb30 [ 264.179436][ T8887] ? skb_put+0x11b/0x210 [ 264.179485][ T8887] netlink_sendmsg+0x6b2/0xb30 [ 264.179525][ T8887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.179560][ T8887] ? aa_sock_msg_perm+0x94/0x160 [ 264.179588][ T8887] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 264.179624][ T8887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.179657][ T8887] __sock_sendmsg+0x219/0x270 [ 264.179684][ T8887] ____sys_sendmsg+0x505/0x830 [ 264.179721][ T8887] ? __pfx_____sys_sendmsg+0x10/0x10 [ 264.179763][ T8887] ? import_iovec+0x74/0xa0 [ 264.179790][ T8887] ___sys_sendmsg+0x21f/0x2a0 [ 264.179827][ T8887] ? __pfx____sys_sendmsg+0x10/0x10 [ 264.179904][ T8887] ? __fget_files+0x2a/0x420 [ 264.179939][ T8887] ? __fget_files+0x3a0/0x420 [ 264.179986][ T8887] __x64_sys_sendmsg+0x19b/0x260 [ 264.180021][ T8887] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 264.180065][ T8887] ? __pfx_ksys_write+0x10/0x10 [ 264.180094][ T8887] ? rcu_is_watching+0x15/0xb0 [ 264.180127][ T8887] ? do_syscall_64+0xbe/0x3b0 [ 264.180155][ T8887] do_syscall_64+0xfa/0x3b0 [ 264.180176][ T8887] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.180213][ T8887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.180235][ T8887] ? clear_bhb_loop+0x60/0xb0 [ 264.180265][ T8887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.180287][ T8887] RIP: 0033:0x7fa4c158e929 [ 264.180308][ T8887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.180329][ T8887] RSP: 002b:00007fa4c2422038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.180353][ T8887] RAX: ffffffffffffffda RBX: 00007fa4c17b5fa0 RCX: 00007fa4c158e929 [ 264.180371][ T8887] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 264.180387][ T8887] RBP: 00007fa4c2422090 R08: 0000000000000000 R09: 0000000000000000 [ 264.180403][ T8887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.180416][ T8887] R13: 0000000000000000 R14: 00007fa4c17b5fa0 R15: 00007fffa11624d8 [ 264.180452][ T8887] [ 264.519883][ T8845] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 264.582887][ T5901] usb 4-1: USB disconnect, device number 55 [ 265.275690][ T5901] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 265.305798][ T8955] FAULT_INJECTION: forcing a failure. [ 265.305798][ T8955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.322926][ T8955] CPU: 1 UID: 0 PID: 8955 Comm: syz.1.1084 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 265.322955][ T8955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.322968][ T8955] Call Trace: [ 265.322976][ T8955] [ 265.322985][ T8955] dump_stack_lvl+0x189/0x250 [ 265.323014][ T8955] ? __pfx____ratelimit+0x10/0x10 [ 265.323045][ T8955] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.323069][ T8955] ? __pfx__printk+0x10/0x10 [ 265.323092][ T8955] ? __might_fault+0xb0/0x130 [ 265.323127][ T8955] should_fail_ex+0x414/0x560 [ 265.323167][ T8955] _copy_from_user+0x2d/0xb0 [ 265.323189][ T8955] snd_pcm_oss_write+0x84f/0x11a0 [ 265.323230][ T8955] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 265.323264][ T8955] ? bpf_lsm_file_permission+0x9/0x20 [ 265.323283][ T8955] ? security_file_permission+0x75/0x290 [ 265.323315][ T8955] ? rw_verify_area+0x258/0x650 [ 265.323339][ T8955] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 265.323372][ T8955] vfs_write+0x27b/0xa90 [ 265.323408][ T8955] ? __pfx_vfs_write+0x10/0x10 [ 265.323437][ T8955] ? __fget_files+0x2a/0x420 [ 265.323470][ T8955] ? __fget_files+0x2a/0x420 [ 265.323498][ T8955] ? __fget_files+0x3a0/0x420 [ 265.323527][ T8955] ? __fget_files+0x2a/0x420 [ 265.323566][ T8955] ksys_write+0x145/0x250 [ 265.323594][ T8955] ? __pfx_ksys_write+0x10/0x10 [ 265.323617][ T8955] ? rcu_is_watching+0x15/0xb0 [ 265.323645][ T8955] ? do_syscall_64+0xbe/0x3b0 [ 265.323670][ T8955] do_syscall_64+0xfa/0x3b0 [ 265.323688][ T8955] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.323720][ T8955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.323739][ T8955] ? clear_bhb_loop+0x60/0xb0 [ 265.323764][ T8955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.323784][ T8955] RIP: 0033:0x7fe12af8e929 [ 265.323802][ T8955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.323820][ T8955] RSP: 002b:00007fe12bd3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.323840][ T8955] RAX: ffffffffffffffda RBX: 00007fe12b1b5fa0 RCX: 00007fe12af8e929 [ 265.323855][ T8955] RDX: 000000000000fc36 RSI: 0000200000000500 RDI: 0000000000000004 [ 265.323868][ T8955] RBP: 00007fe12bd3f090 R08: 0000000000000000 R09: 0000000000000000 [ 265.323880][ T8955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.323892][ T8955] R13: 0000000000000000 R14: 00007fe12b1b5fa0 R15: 00007ffd962628f8 [ 265.323923][ T8955] [ 265.566943][ C1] vkms_vblank_simulate: vblank timer overrun [ 265.681898][ T5901] usb 3-1: config 0 interface 0 has no altsetting 0 [ 265.689177][ T5901] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 265.710824][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.727589][ T5901] usb 3-1: config 0 descriptor?? [ 265.887503][ T8973] /dev/nullb0: Can't open blockdev [ 265.939763][ T5901] (null): keene_cmd_main failed (-71) [ 265.961507][ T5901] video4linux radio48: keene_cmd_main failed (-71) [ 265.984645][ T5901] radio-keene 3-1:0.0: V4L2 device registered as radio48 [ 266.016165][ T5901] usb 3-1: USB disconnect, device number 57 [ 266.224466][ T8997] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 266.275671][ T8997] UDF-fs: Scanning with blocksize 4096 failed [ 266.315382][ T9002] FAULT_INJECTION: forcing a failure. [ 266.315382][ T9002] name failslab, interval 1, probability 0, space 0, times 0 [ 266.362347][ T9002] CPU: 1 UID: 0 PID: 9002 Comm: syz.3.1097 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 266.362377][ T9002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.362390][ T9002] Call Trace: [ 266.362398][ T9002] [ 266.362407][ T9002] dump_stack_lvl+0x189/0x250 [ 266.362436][ T9002] ? __pfx____ratelimit+0x10/0x10 [ 266.362469][ T9002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.362492][ T9002] ? __pfx__printk+0x10/0x10 [ 266.362522][ T9002] ? __pfx___might_resched+0x10/0x10 [ 266.362543][ T9002] ? fs_reclaim_acquire+0x7d/0x100 [ 266.362576][ T9002] should_fail_ex+0x414/0x560 [ 266.362607][ T9002] should_failslab+0xa8/0x100 [ 266.362635][ T9002] kmem_cache_alloc_noprof+0x73/0x3c0 [ 266.362659][ T9002] ? vm_area_dup+0x2b/0x680 [ 266.362690][ T9002] vm_area_dup+0x2b/0x680 [ 266.362722][ T9002] __split_vma+0x1a9/0xa00 [ 266.362745][ T9002] ? mas_next_slot+0xc20/0xcf0 [ 266.362779][ T9002] ? __pfx___split_vma+0x10/0x10 [ 266.362823][ T9002] vms_gather_munmap_vmas+0x4ab/0x12b0 [ 266.362865][ T9002] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 266.362884][ T9002] ? __lock_acquire+0xab9/0xd20 [ 266.362925][ T9002] do_vmi_align_munmap+0x25d/0x420 [ 266.362965][ T9002] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 266.363020][ T9002] ? mas_find+0x962/0xc10 [ 266.363055][ T9002] do_vmi_munmap+0x253/0x2e0 [ 266.363081][ T9002] do_munmap+0xe1/0x140 [ 266.363106][ T9002] ? __lock_acquire+0xab9/0xd20 [ 266.363127][ T9002] ? __pfx_do_munmap+0x10/0x10 [ 266.363173][ T9002] mremap_to+0x56a/0x8b0 [ 266.363202][ T9002] ? __pfx_mremap_to+0x10/0x10 [ 266.363229][ T9002] ? __pfx_down_write_killable+0x10/0x10 [ 266.363264][ T9002] __se_sys_mremap+0x8ac/0xc00 [ 266.363304][ T9002] ? __pfx___se_sys_mremap+0x10/0x10 [ 266.363322][ T9002] ? ksys_write+0x22a/0x250 [ 266.363351][ T9002] ? __pfx_ksys_write+0x10/0x10 [ 266.363375][ T9002] ? rcu_is_watching+0x15/0xb0 [ 266.363405][ T9002] ? do_syscall_64+0xbe/0x3b0 [ 266.363424][ T9002] ? __x64_sys_mremap+0x20/0xc0 [ 266.363446][ T9002] do_syscall_64+0xfa/0x3b0 [ 266.363465][ T9002] ? lockdep_hardirqs_on+0x9c/0x150 [ 266.363495][ T9002] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.363516][ T9002] ? clear_bhb_loop+0x60/0xb0 [ 266.363540][ T9002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.363560][ T9002] RIP: 0033:0x7f643098e929 [ 266.363578][ T9002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.363596][ T9002] RSP: 002b:00007f6431834038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 266.363618][ T9002] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098e929 [ 266.363633][ T9002] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000200000ffe000 [ 266.363646][ T9002] RBP: 00007f6431834090 R08: 00002000007fe000 R09: 0000000000000000 [ 266.363660][ T9002] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 266.363673][ T9002] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 266.363703][ T9002] [ 266.661216][ C1] vkms_vblank_simulate: vblank timer overrun [ 266.733701][ T9009] qnx4: no qnx4 filesystem (no root dir). [ 267.281713][ T9048] FAULT_INJECTION: forcing a failure. [ 267.281713][ T9048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.307343][ T9048] CPU: 1 UID: 0 PID: 9048 Comm: syz.3.1110 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 267.307373][ T9048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.307387][ T9048] Call Trace: [ 267.307396][ T9048] [ 267.307405][ T9048] dump_stack_lvl+0x189/0x250 [ 267.307434][ T9048] ? __pfx____ratelimit+0x10/0x10 [ 267.307467][ T9048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.307492][ T9048] ? __pfx__printk+0x10/0x10 [ 267.307528][ T9048] should_fail_ex+0x414/0x560 [ 267.307560][ T9048] _copy_to_user+0x31/0xb0 [ 267.307584][ T9048] simple_read_from_buffer+0xe1/0x170 [ 267.307619][ T9048] proc_fail_nth_read+0x1df/0x250 [ 267.307642][ T9048] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.307665][ T9048] ? rw_verify_area+0x258/0x650 [ 267.307690][ T9048] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.307712][ T9048] vfs_read+0x1fd/0x980 [ 267.307744][ T9048] ? __pfx___mutex_lock+0x10/0x10 [ 267.307765][ T9048] ? __pfx_vfs_read+0x10/0x10 [ 267.307792][ T9048] ? __fget_files+0x2a/0x420 [ 267.307828][ T9048] ? __fget_files+0x3a0/0x420 [ 267.307856][ T9048] ? __fget_files+0x2a/0x420 [ 267.307902][ T9048] ksys_read+0x145/0x250 [ 267.307931][ T9048] ? __pfx_ksys_read+0x10/0x10 [ 267.307955][ T9048] ? rcu_is_watching+0x15/0xb0 [ 267.307984][ T9048] ? do_syscall_64+0xbe/0x3b0 [ 267.308009][ T9048] do_syscall_64+0xfa/0x3b0 [ 267.308027][ T9048] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.308058][ T9048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.308079][ T9048] ? clear_bhb_loop+0x60/0xb0 [ 267.308104][ T9048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.308123][ T9048] RIP: 0033:0x7f643098d33c [ 267.308142][ T9048] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 267.308159][ T9048] RSP: 002b:00007f6431834030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 267.308181][ T9048] RAX: ffffffffffffffda RBX: 00007f6430bb5fa0 RCX: 00007f643098d33c [ 267.308197][ T9048] RDX: 000000000000000f RSI: 00007f64318340a0 RDI: 0000000000000003 [ 267.308210][ T9048] RBP: 00007f6431834090 R08: 0000000000000000 R09: 0000000000000002 [ 267.308222][ T9048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.308235][ T9048] R13: 0000000000000000 R14: 00007f6430bb5fa0 R15: 00007ffd55b936b8 [ 267.308266][ T9048] [ 267.546539][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.625758][ T5840] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 267.744198][ T9063] FAULT_INJECTION: forcing a failure. [ 267.744198][ T9063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.776700][ T9063] CPU: 1 UID: 0 PID: 9063 Comm: syz.1.1116 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 267.776731][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.776745][ T9063] Call Trace: [ 267.776754][ T9063] [ 267.776763][ T9063] dump_stack_lvl+0x189/0x250 [ 267.776792][ T9063] ? __pfx____ratelimit+0x10/0x10 [ 267.776831][ T9063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.776864][ T9063] ? __pfx__printk+0x10/0x10 [ 267.776888][ T9063] ? __might_fault+0xb0/0x130 [ 267.776925][ T9063] should_fail_ex+0x414/0x560 [ 267.776958][ T9063] _copy_from_iter+0x1db/0x16f0 [ 267.776995][ T9063] ? rcu_is_watching+0x15/0xb0 [ 267.777020][ T9063] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 267.777047][ T9063] ? __pfx__copy_from_iter+0x10/0x10 [ 267.777080][ T9063] ? __build_skb_around+0x257/0x3e0 [ 267.777110][ T9063] ? netlink_sendmsg+0x642/0xb30 [ 267.777133][ T9063] ? skb_put+0x11b/0x210 [ 267.777162][ T9063] netlink_sendmsg+0x6b2/0xb30 [ 267.777199][ T9063] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.777228][ T9063] ? aa_sock_msg_perm+0x94/0x160 [ 267.777252][ T9063] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 267.777283][ T9063] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.777311][ T9063] __sock_sendmsg+0x219/0x270 [ 267.777336][ T9063] ____sys_sendmsg+0x505/0x830 [ 267.777370][ T9063] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.777408][ T9063] ? import_iovec+0x74/0xa0 [ 267.777433][ T9063] ___sys_sendmsg+0x21f/0x2a0 [ 267.777464][ T9063] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.777527][ T9063] ? __fget_files+0x2a/0x420 [ 267.777558][ T9063] ? __fget_files+0x3a0/0x420 [ 267.777598][ T9063] __x64_sys_sendmsg+0x19b/0x260 [ 267.777630][ T9063] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 267.777669][ T9063] ? __pfx_ksys_write+0x10/0x10 [ 267.777694][ T9063] ? rcu_is_watching+0x15/0xb0 [ 267.777724][ T9063] ? do_syscall_64+0xbe/0x3b0 [ 267.777749][ T9063] do_syscall_64+0xfa/0x3b0 [ 267.777768][ T9063] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.777800][ T9063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.777820][ T9063] ? clear_bhb_loop+0x60/0xb0 [ 267.777854][ T9063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.777874][ T9063] RIP: 0033:0x7fe12af8e929 [ 267.777893][ T9063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.777910][ T9063] RSP: 002b:00007fe12bd3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 267.777933][ T9063] RAX: ffffffffffffffda RBX: 00007fe12b1b5fa0 RCX: 00007fe12af8e929 [ 267.777948][ T9063] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 267.777962][ T9063] RBP: 00007fe12bd3f090 R08: 0000000000000000 R09: 0000000000000000 [ 267.777976][ T9063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.777989][ T9063] R13: 0000000000000000 R14: 00007fe12b1b5fa0 R15: 00007ffd962628f8 [ 267.778021][ T9063] [ 267.780707][ T5840] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 267.916514][ T9069] program syz.3.1117 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 267.950094][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.102234][ T5840] usb 3-1: Product: syz [ 268.106575][ T5840] usb 3-1: Manufacturer: syz [ 268.111202][ T5840] usb 3-1: SerialNumber: syz [ 268.140554][ T5840] usb 3-1: config 0 descriptor?? [ 268.155742][ T5901] usb 1-1: new full-speed USB device number 62 using dummy_hcd [ 268.287608][ T5901] usb 1-1: device descriptor read/64, error -71 [ 268.487169][ T5925] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 268.526769][ T5901] usb 1-1: new full-speed USB device number 63 using dummy_hcd [ 268.560961][ T5840] usb 3-1: Firmware: major: 79, minor: 32, hardware type: UNKNOWN (124) [ 268.652664][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.674074][ T5925] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 268.685830][ T5901] usb 1-1: device descriptor read/64, error -71 [ 268.697688][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.719053][ T5925] usb 2-1: config 0 descriptor?? [ 268.772332][ T5840] usb 3-1: failed to fetch extended address, random address set [ 268.780789][ T5840] usb 3-1: atusb_probe: initialization failed, error = -524 [ 268.796533][ T5901] usb usb1-port1: attempt power cycle [ 268.802815][ T5840] atusb 3-1:0.0: probe with driver atusb failed with error -524 [ 269.012198][ T5835] usb 3-1: USB disconnect, device number 58 [ 269.135461][ T5925] keytouch 0003:0926:3333.0020: fixing up Keytouch IEC report descriptor [ 269.146828][ T5901] usb 1-1: new full-speed USB device number 64 using dummy_hcd [ 269.185978][ T5925] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0020/input/input27 [ 269.206130][ T5901] usb 1-1: device descriptor read/8, error -71 [ 269.316990][ T5925] keytouch 0003:0926:3333.0020: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 269.475838][ T5901] usb 1-1: new full-speed USB device number 65 using dummy_hcd [ 269.506371][ T5901] usb 1-1: device descriptor read/8, error -71 [ 269.622486][ T9] usb 2-1: USB disconnect, device number 56 [ 269.627077][ T5901] usb usb1-port1: unable to enumerate USB device [ 270.520846][ T9186] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1130'. [ 271.135926][ T9] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 271.318133][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 271.333157][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 271.362496][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 271.389150][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 271.435139][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 271.455981][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.480535][ T9] usb 3-1: config 0 descriptor?? [ 272.178396][ T9233] libceph: resolve '4..' (ret=-3): failed [ 272.435898][ T5840] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 272.539090][ T9246] qnx4: no qnx4 filesystem (no root dir). [ 272.635933][ T5840] usb 4-1: Using ep0 maxpacket: 8 [ 272.664726][ T5840] usb 4-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 272.695729][ T5840] usb 4-1: config 0 interface 0 has no altsetting 0 [ 272.745562][ T5840] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 272.754859][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.804597][ T5840] usb 4-1: config 0 descriptor?? [ 273.196792][ T9265] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 273.468487][ T9277] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 273.495906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 273.576312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 273.585000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 274.086470][ T5901] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 274.120955][ T9296] FAULT_INJECTION: forcing a failure. [ 274.120955][ T9296] name failslab, interval 1, probability 0, space 0, times 0 [ 274.134232][ T9296] CPU: 0 UID: 0 PID: 9296 Comm: syz.0.1153 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 274.134259][ T9296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.134270][ T9296] Call Trace: [ 274.134277][ T9296] [ 274.134284][ T9296] dump_stack_lvl+0x189/0x250 [ 274.134311][ T9296] ? __pfx____ratelimit+0x10/0x10 [ 274.134350][ T9296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.134374][ T9296] ? __pfx__printk+0x10/0x10 [ 274.134402][ T9296] ? __pfx___might_resched+0x10/0x10 [ 274.134424][ T9296] ? fs_reclaim_acquire+0x7d/0x100 [ 274.134450][ T9296] should_fail_ex+0x414/0x560 [ 274.134477][ T9296] should_failslab+0xa8/0x100 [ 274.134508][ T9296] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 274.134531][ T9296] ? xas_split_alloc+0x143/0x450 [ 274.134556][ T9296] xas_split_alloc+0x143/0x450 [ 274.134585][ T9296] __folio_split+0x917/0x1300 [ 274.134616][ T9296] ? __pfx___folio_split+0x10/0x10 [ 274.134662][ T9296] ? non_uniform_split_supported+0x200/0x2c0 [ 274.134696][ T9296] truncate_inode_partial_folio+0x4a2/0xcb0 [ 274.134728][ T9296] shmem_undo_range+0x6e0/0x14b0 [ 274.134765][ T9296] ? __pfx_shmem_undo_range+0x10/0x10 [ 274.134816][ T9296] ? __pfx_unmap_mapping_range_tree+0x10/0x10 [ 274.134863][ T9296] ? unmap_mapping_range+0xde/0x170 [ 274.134888][ T9296] ? __pfx_unmap_mapping_range+0x10/0x10 [ 274.134913][ T9296] ? do_raw_spin_unlock+0x122/0x240 [ 274.134947][ T9296] shmem_fallocate+0x41f/0xde0 [ 274.134989][ T9296] ? __lock_acquire+0xab9/0xd20 [ 274.135013][ T9296] ? __pfx_shmem_fallocate+0x10/0x10 [ 274.135064][ T9296] vfs_fallocate+0x6a3/0x830 [ 274.135091][ T9296] ? __pfx_vfs_fallocate+0x10/0x10 [ 274.135134][ T9296] madvise_do_behavior+0x169d/0x2e70 [ 274.135176][ T9296] ? __pfx_madvise_do_behavior+0x10/0x10 [ 274.135204][ T9296] ? __might_fault+0xb0/0x130 [ 274.135222][ T9296] ? _parse_integer_limit+0x1ae/0x1f0 [ 274.135250][ T9296] ? __lock_acquire+0xab9/0xd20 [ 274.135284][ T9296] ? get_pid_task+0x20/0x1f0 [ 274.135332][ T9296] ? __lock_acquire+0xab9/0xd20 [ 274.135359][ T9296] ? madvise_lock+0xda/0x200 [ 274.135392][ T9296] do_madvise+0x174/0x220 [ 274.135424][ T9296] ? __pfx_do_madvise+0x10/0x10 [ 274.135462][ T9296] ? __pfx_ksys_write+0x10/0x10 [ 274.135486][ T9296] ? rcu_is_watching+0x15/0xb0 [ 274.135512][ T9296] __x64_sys_madvise+0xa7/0xc0 [ 274.135532][ T9296] do_syscall_64+0xfa/0x3b0 [ 274.135546][ T9296] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.135579][ T9296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.135600][ T9296] ? clear_bhb_loop+0x60/0xb0 [ 274.135625][ T9296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.135644][ T9296] RIP: 0033:0x7f914d18e929 [ 274.135663][ T9296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.135676][ T9296] RSP: 002b:00007f914dfde038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 274.135692][ T9296] RAX: ffffffffffffffda RBX: 00007f914d3b5fa0 RCX: 00007f914d18e929 [ 274.135703][ T9296] RDX: 0000000000000009 RSI: 000000000060000b RDI: 0000200000000000 [ 274.135713][ T9296] RBP: 00007f914dfde090 R08: 0000000000000000 R09: 0000000000000000 [ 274.135726][ T9296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.135739][ T9296] R13: 0000000000000000 R14: 00007f914d3b5fa0 R15: 00007fffb8e88698 [ 274.135770][ T9296] [ 274.356921][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.556231][ T5901] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 274.585828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 274.596087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 274.625984][ T5840] usbhid 4-1:0.0: can't add hid device: -71 [ 274.631396][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 274.632042][ T5840] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 274.639973][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 274.657773][ T9] usb 3-1: USB disconnect, device number 59 [ 274.696053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 274.704388][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 274.721544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 274.733474][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.743671][ T5840] usb 4-1: USB disconnect, device number 56 [ 274.786558][ T5901] usb 2-1: config 0 descriptor?? [ 275.083542][ T9333] loop2: detected capacity change from 0 to 7 [ 275.097973][ T9333] Dev loop2: unable to read RDB block 7 [ 275.103888][ T9333] loop2: unable to read partition table [ 275.113273][ T9333] loop2: partition table beyond EOD, truncated [ 275.122102][ T9333] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 275.200706][ T5901] keytouch 0003:0926:3333.0021: fixing up Keytouch IEC report descriptor [ 275.225057][ T5901] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0021/input/input28 [ 275.429936][ T5901] keytouch 0003:0926:3333.0021: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 275.544885][ T5840] [ 275.544899][ T5840] ====================================================== [ 275.544909][ T5840] WARNING: possible circular locking dependency detected [ 275.544924][ T5840] 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 Not tainted [ 275.544938][ T5840] ------------------------------------------------------ [ 275.544947][ T5840] kworker/1:4/5840 is trying to acquire lock: [ 275.544960][ T5840] ffff88801a8a10b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x74/0x2b0 [ 275.545016][ T5840] [ 275.545016][ T5840] but task is already holding lock: [ 275.545025][ T5840] ffffffff8e333020 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 [ 275.545079][ T5840] [ 275.545079][ T5840] which lock already depends on the new lock. [ 275.545079][ T5840] [ 275.545089][ T5840] [ 275.545089][ T5840] the existing dependency chain (in reverse order) is: [ 275.545098][ T5840] [ 275.545098][ T5840] -> #2 (console_lock){+.+.}-{0:0}: [ 275.545129][ T5840] lock_acquire+0x120/0x360 [ 275.545150][ T5840] console_lock+0x164/0x1b0 [ 275.545174][ T5840] con_flush_chars+0x70/0x280 [ 275.545194][ T5840] n_tty_receive_buf_common+0xc88/0x12f0 [ 275.545221][ T5840] tiocsti+0x23c/0x2c0 [ 275.545239][ T5840] tty_ioctl+0x626/0xde0 [ 275.545257][ T5840] __se_sys_ioctl+0xfc/0x170 [ 275.545279][ T5840] do_syscall_64+0xfa/0x3b0 [ 275.545299][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.545319][ T5840] [ 275.545319][ T5840] -> #1 (&tty->termios_rwsem){++++}-{4:4}: [ 275.545351][ T5840] lock_acquire+0x120/0x360 [ 275.545369][ T5840] down_write+0x96/0x1f0 [ 275.545402][ T5840] n_tty_flush_buffer+0x30/0x230 [ 275.545427][ T5840] tty_buffer_flush+0x1e9/0x2b0 [ 275.545447][ T5840] tty_ldisc_flush+0x6b/0xc0 [ 275.545464][ T5840] tty_port_close_start+0x2da/0x550 [ 275.545489][ T5840] tty_port_close+0x2a/0x150 [ 275.545513][ T5840] tty_release+0x386/0x1640 [ 275.545531][ T5840] __fput+0x44c/0xa70 [ 275.545549][ T5840] task_work_run+0x1d1/0x260 [ 275.545577][ T5840] exit_to_user_mode_loop+0xec/0x110 [ 275.545596][ T5840] do_syscall_64+0x2bd/0x3b0 [ 275.545614][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.545645][ T5840] [ 275.545645][ T5840] -> #0 (&buf->lock){+.+.}-{4:4}: [ 275.545676][ T5840] validate_chain+0xb9b/0x2140 [ 275.545696][ T5840] __lock_acquire+0xab9/0xd20 [ 275.545714][ T5840] lock_acquire+0x120/0x360 [ 275.545731][ T5840] __mutex_lock+0x182/0xe80 [ 275.545748][ T5840] tty_buffer_flush+0x74/0x2b0 [ 275.545767][ T5840] tty_ldisc_flush+0x6b/0xc0 [ 275.545784][ T5840] __do_SAK+0x138/0x6d0 [ 275.545803][ T5840] vc_SAK+0x78/0x220 [ 275.545828][ T5840] process_scheduled_works+0xae1/0x17b0 [ 275.545850][ T5840] worker_thread+0x8a0/0xda0 [ 275.545871][ T5840] kthread+0x70e/0x8a0 [ 275.545895][ T5840] ret_from_fork+0x3f9/0x770 [ 275.545913][ T5840] ret_from_fork_asm+0x1a/0x30 [ 275.545940][ T5840] [ 275.545940][ T5840] other info that might help us debug this: [ 275.545940][ T5840] [ 275.545949][ T5840] Chain exists of: [ 275.545949][ T5840] &buf->lock --> &tty->termios_rwsem --> console_lock [ 275.545949][ T5840] [ 275.545985][ T5840] Possible unsafe locking scenario: [ 275.545985][ T5840] [ 275.545993][ T5840] CPU0 CPU1 [ 275.546001][ T5840] ---- ---- [ 275.546009][ T5840] lock(console_lock); [ 275.546025][ T5840] lock(&tty->termios_rwsem); [ 275.546043][ T5840] lock(console_lock); [ 275.546059][ T5840] lock(&buf->lock); [ 275.546075][ T5840] [ 275.546075][ T5840] *** DEADLOCK *** [ 275.546075][ T5840] [ 275.546081][ T5840] 4 locks held by kworker/1:4/5840: [ 275.546094][ T5840] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 275.546148][ T5840] #1: ffffc900041e7bc0 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 275.546201][ T5840] #2: ffffffff8e333020 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 [ 275.546258][ T5840] #3: ffff88805d2de0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x20/0xc0 [ 275.546306][ T5840] [ 275.546306][ T5840] stack backtrace: [ 275.546317][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: kworker/1:4 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 275.546340][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 275.546353][ T5840] Workqueue: events vc_SAK [ 275.546388][ T5840] Call Trace: [ 275.546395][ T5840] [ 275.546404][ T5840] dump_stack_lvl+0x189/0x250 [ 275.546428][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.546451][ T5840] ? __pfx__printk+0x10/0x10 [ 275.546475][ T5840] ? print_lock_name+0xde/0x100 [ 275.546497][ T5840] print_circular_bug+0x2ee/0x310 [ 275.546522][ T5840] check_noncircular+0x134/0x160 [ 275.546551][ T5840] validate_chain+0xb9b/0x2140 [ 275.546585][ T5840] __lock_acquire+0xab9/0xd20 [ 275.546607][ T5840] ? tty_buffer_flush+0x74/0x2b0 [ 275.546626][ T5840] lock_acquire+0x120/0x360 [ 275.546645][ T5840] ? tty_buffer_flush+0x74/0x2b0 [ 275.546671][ T5840] __mutex_lock+0x182/0xe80 [ 275.546690][ T5840] ? tty_buffer_flush+0x74/0x2b0 [ 275.546709][ T5840] ? __lock_acquire+0xab9/0xd20 [ 275.546732][ T5840] ? tty_buffer_flush+0x74/0x2b0 [ 275.546754][ T5840] ? __pfx___mutex_lock+0x10/0x10 [ 275.546777][ T5840] ? ldsem_down_read_trylock+0x137/0x1a0 [ 275.546802][ T5840] ? tty_ldisc_flush+0x20/0xc0 [ 275.546820][ T5840] ? __pfx_ldsem_down_read_trylock+0x10/0x10 [ 275.546845][ T5840] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 275.546876][ T5840] tty_buffer_flush+0x74/0x2b0 [ 275.546899][ T5840] tty_ldisc_flush+0x6b/0xc0 [ 275.546918][ T5840] __do_SAK+0x138/0x6d0 [ 275.546943][ T5840] vc_SAK+0x78/0x220 [ 275.546969][ T5840] ? process_scheduled_works+0x9ef/0x17b0 [ 275.546991][ T5840] process_scheduled_works+0xae1/0x17b0 [ 275.547026][ T5840] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.547056][ T5840] worker_thread+0x8a0/0xda0 [ 275.547079][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 275.547112][ T5840] ? __kthread_parkme+0x7b/0x200 [ 275.547139][ T5840] kthread+0x70e/0x8a0 [ 275.547166][ T5840] ? __pfx_worker_thread+0x10/0x10 [ 275.547188][ T5840] ? __pfx_kthread+0x10/0x10 [ 275.547215][ T5840] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.547243][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.547272][ T5840] ? __pfx_kthread+0x10/0x10 [ 275.547299][ T5840] ret_from_fork+0x3f9/0x770 [ 275.547319][ T5840] ? __pfx_ret_from_fork+0x10/0x10 [ 275.547341][ T5840] ? __switch_to_asm+0x39/0x70 [ 275.547366][ T5840] ? __switch_to_asm+0x33/0x70 [ 275.547415][ T5840] ? __pfx_kthread+0x10/0x10 [ 275.547443][ T5840] ret_from_fork_asm+0x1a/0x30 [ 275.547477][ T5840] [ 275.552884][ T5840] tty tty1: SAK: killed process 9286 (syz.1.1150): by fd#4 [ 275.552928][ T5840] tty tty1: SAK: killed process 9287 (syz.1.1150): by fd#4 [ 275.552968][ T5840] tty tty1: SAK: killed process 9360 (syz.1.1150): by fd#4 [ 275.965802][ T9] usb 4-1: new full-speed USB device number 57 using dummy_hcd [ 276.324177][ T5901] usb 2-1: USB disconnect, device number 57 [ 276.467029][ T9] usb 4-1: config 0 has an invalid interface number: 29 but max is 0 [ 276.475363][ T9] usb 4-1: config 0 has no interface number 0 [ 276.481559][ T9] usb 4-1: config 0 interface 29 has no altsetting 0 [ 276.490059][ T9] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 276.499213][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.507348][ T9] usb 4-1: Product: syz [ 276.511552][ T9] usb 4-1: Manufacturer: syz [ 276.516231][ T9] usb 4-1: SerialNumber: syz [ 276.523035][ T9] usb 4-1: config 0 descriptor?? [ 276.732706][ T9] peak_usb 4-1:0.29 can0: unable to request usb[type=0 value=1] err=-71 [ 276.743757][ T9] peak_usb 4-1:0.29: unable to read PCAN-USB X6 firmware info (err -71) [ 276.816193][ T9] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -71 [ 276.831247][ T9] usb 4-1: USB disconnect, device number 57