last executing test programs: 2m9.686200731s ago: executing program 3 (id=1855): sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x78, 0x3, 0x7, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x7fffffff}, @NFACCT_BYTES={0xc}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x2695}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x941}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x41) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) sendto$packet(r1, &(0x7f00000002c0)="0203860020fc80d53d10", 0xfdf6, 0x40004, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x5, 0x6, @local}, 0x14) r3 = socket$netlink(0x10, 0x3, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4880) ioctl$SIOCPNDELRESOURCE(r4, 0x89ef, &(0x7f0000000040)=0x6) sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)={0x30, 0x11, 0x1, 0x0, 0x0, "", [@nested={0x20, 0x0, 0x0, 0x0, [@typed={0x19, 0x0, 0x0, 0x0, @str='/dev/bus/usb/00#/00#\x00'}]}]}, 0x30}], 0x1}, 0x0) getsockopt$sock_buf(r0, 0x1, 0x22, 0x0, &(0x7f0000000180)) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r6, 0x1}}, 0x18) epoll_create1(0x80000) 2m9.116537402s ago: executing program 3 (id=1858): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) close_range(r0, 0xffffffffffffffff, 0x0) 2m9.019690509s ago: executing program 3 (id=1860): r0 = memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2) fcntl$addseals(r0, 0x409, 0x12) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x4000) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000200)=0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) sendmsg$netlink(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005900)={0x1424, 0x4e, 0x101, 0x0, 0x0, "", [@nested={0xd9, 0xca, 0x0, 0x1, [@generic="c14d473ea95a6afd2dc7d31063881f8ddf06ba7d43e77a9ef330f33ee3a6f64ca29321f4d1819fbcdc3e0262fd0f608aed4820040c53a05c3b35995e8a52636a10ab4e19705359d927086630bc8b2a0757a978cd9d63c6c29ad61abfd2baca652c8e3ddb6e15895408447b744908e34af5f055eb75f3f984d3d094c2f57ab09968f1c8179beb44d4f90efdf0d001ab76922f2c8002530ca284fff1701dcdbb553a0f11ef2135ca9aecc5effaa44d3a5f0429802f2f6fc8d667ce0ebc0f1c1daf9ca8899e6ba7245f4e27fb794f8a0371fd960f5b3d"]}, @typed={0x8, 0x48, 0x0, 0x0, @ipv4=@multicast1}, @generic="7e72a78881a1ac241399cab334ff996bccb45120eb7afa64901be15f78edb66bb0cf76d0f90463b02e3e408dc9916d817ec992a57b426df8b6d7ba422353d23dfac27b447066f98079e2a9143bbcd71244cf4fb99d9218ee19911357536094342c6fca1c4f45d0e81fff8f8f9b50f966f355aaf09cf8b11dce55e188a203a1f758ca4ecc9af0339eba9bf6f18d86cbe90909", @generic="8e6455c0e342fe06fb47742d5150d2e73064137eb374a8e0696e78928e8e4276af3ee00dea27e93be2cad5c13e53554c83f5c13414b568d15ad923812c6da1fef796b397fbbc630bc0a260f2f880fd7105af7ce339092a1d7bf0be8d6e27aa799df4d8b575c8", @nested={0x1048, 0xbe, 0x0, 0x1, [@typed={0x8, 0x106, 0x0, 0x0, @u32=0x1}, @nested={0x8, 0x62, 0x0, 0x1, [@nested={0x4, 0xf2}]}, @nested={0x34, 0x38, 0x0, 0x1, [@typed={0x14, 0x38, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @typed={0x14, 0x125, 0x0, 0x0, @ipv6=@local}, @typed={0x8, 0xb5, 0x0, 0x0, @uid}]}, @generic="4eea4ab4d174d9aeabbf23dd22ad2525061e305ea9eaf9997ec13904b8320f29d7b7d84b98c90341f6d2eb96adf5c3e793c6bfae6d77914a630aeb6b06159bf07cac75c4f0959e62367d0d8bdba33552400f629823c702ba9176dfc24b1a6c7e06e858da888ab0fd7ca0f081100d20b2af83ff1082cbf225631e9ef575758449ed86098270af5d909473f4b5edfaae0b6da044fad5f46ef175febb7e3e2856f02f240436781b21aab58b344361e8577881e5307b5ed37baa2638f55adc7ab8f3d0111b9d07eb465c651a018554a17e83a207a7abe26262424630a4b823f4b74a189d0d54900dcd58257039f7e2ef19003c810b052be262274bb296e3b79039270bf1d8fc5abf14d10da7101a40b066520adf062c144a628f1a5c8e9aae1cb288d5355c71eb737b671bfd8acca933757c228d8f928dbb1dd67ef19466db1e5cbc670da869c3a833685da8d93a24a3a8b3de953d881c43f6339763ecd7a82be8063a600ff227bf18fb2085cb89b2e7121e9bd43d3a632b8d51f5d56b3f4dabfe53506a1ef5011052be0e6c27a430db04e89fad6a4c8176aba404c1c44587d42a121fec54b8a3b55edd6a078d4ac0b5d894d13d0e2c1fb3feec8076ca8799ae6b4c3ab6f9e6e42f2d55cda86463fbdb724fa7670dd70113ace9bd58128183c5a72eff8541b0d500dd5300d49fcb639d91ab22ce13d669983e5a9cf8b454930536ef1fc8bea8b63b1cd42daaeac3614b5d21c279c9547ae0bd60c4d6ec967b13b6c56f1656c16bf7426b385930f84d8737b986cf8975984e9824a584291fa8624259c7c1d5ad9ce07451fabb20a3fe56053afc99b4337ffb4b0fc526c89f277c49f79e294a0ffdf5f1a1f2bb410f84cd50ef246abeb9dc215997bd598984bcc211ead57320d504676c8423e06c19351193911a10188c6d935ab5c8f9d72ebacbcc819515725ae21fd9e221124da0e8bd266b2281847880a56ff05349cad8652d33df7c2a1897b6cfb17b8c70f8db95b9601bd039c67cb1d65491736c9ddad880255fd5b0ea7d875ea3405cb20dff7c31d015cf448016a544f15351bc52ddf4b98dc1d027048bf18b42f3e6d13b153ceb7db8d450431c7b31e6430d2205c73e1a3e2d32dd16d040c13d237bc65c4038fa9658cc16c13823ce39889bdc1154ed04d14f569323198366a7bd94de7c0b0fc1637edbd2c6008ffe07bf03909ed734377d102bd4950ff293cc59b7d54108508ece53d6a4565f5960850cfe8155ef2c3656262581dbaa2c58897494472633b8313f33776506ae91223eeb76b847473791cdfa9ec37adc35a0fbb75ea234fcd2627faa16d39e8e9dd85370450ee9f5cbd1c361cc3274ac3799a08f751fd37dbf774bcfb3ba647cc24421a650f7b04586930db185ef2fc88c049463fd9a11ceb6dd69c40d3ffc6bf43303a80121f794d4a743ef0123fd23cb04215c5ade071393cc4d5fffdf53243ff077c36ab058d4c4a738b86ece37274ca987b4eb728500a2b069e59540b518e3ecabfb7b8d48df06df2996dd0dc7973801213a5d3aa875f17fb0f31e6a698db2c2c043b54832101145b083469a7b7d3cacd3346aee54002291583f89f42910f0aff49130a46bbd1c06533d692c66c1569bcbbe662e7aa27663efddf5aef774f8c47c2ff8bd67ce96fb8b06f54c12a28e067338a6965b459d3ccbc99453f6f9d780b0c0de26425c781b591dd461e29b848f7a452b861e6ec31cc1e7cb8aeb50ce90305ee9ffa38f3fd1612143d49069e42fc94486bd10e557192428c19d7b9c5be6b95d5dd5c9cb99825efed9809adf8bcd1525ba4fc1e051fb126671859b7dc83af575a625b66c40c7abca8917760af3f06b0433628cee8e25c208f1344ae9fea03afa20894c5e80c8103f9680bd3d77872d08ad898dc411d7f4f8db5e246ddb2a5472f7b0189c2e7f40801b22f55b19f5b6a714f15e6efb8ffd85d48ab7f6af23efe0576fb5921b61bf8b1ca0c569d22ed36f578ce4a3b8b35f20542b658a8f9024679b788267a748b2467118c87adaa081110d75c9778ff97967d9bc4da2a195c577c9456d907c1a4cf79e2a62e98da3d96796202e92ea476f2fc22ac13bfc099c78c680754aa41a42e669a73417a85805c4a60f335cc17f05d9864982218b221b3ffccd0448762414c3eb3b79b03d579e180092d19b2d192d75d2780e38b7de3e5b34a3458cb2155cdf98e532d31669ca6a9479a276e48c965f85ee94394e1497bcfce4a813819cd647f820fdd6ed930337943157033cea8c1e7f93ebb2707a2f2f29a51e626b55c7f51cd881ef72fd87af51fec3ac697cde3f5f6e47354c91b820586dc6231634476b530bb203a036d7db52dd705843844655cbd2b8a8567d294efd9f6cea83e2493d2e1cc29e8bb0ca82a243ed73e6573cd0b0dba67a3d9ae337594085dbbc407dc00154398a4f74ca30651d469022d45ad6ecc73b52988135090b02de4b993e85d95b28eb18d7c8c802a64023ecad94f83794601b2ddb2587fd820dddc9574c85fa2699ec1027ff5bc2d65813a18442eea916e1355130ed177c3e42ee4ab7863601d7b41393c8322469e1521109a973fd27698336006346c7b36a3808e24746add9331557786918591e790dc9ff2da6c497e573bd58bda6f1610d5efdf1859ae8669e19727780869fea7eea866f5d7ebb387bb856492a67732dd5076a047314466757d6783a26b896ec83e45b5548d83d39a09ef4b0a3da30f8649f3bf12053c4ddd5880f2f308485d6d78b647ec277da249b53899ec8e023c132bbdf1bf326d857f3a636c070f342f829b8af816abac5514ab84ae9ae3f5521a01bb061f1e25f7776b1310d816cf18c96f0a596fef85fd904c1b37aa8fc2f637a29a8ca3460db69505ddbf5cd5d3695724c856dc3d1b35eb6743b8ea6ed76250743e98fbcd13a8cd478cac2f50a55ad9d6dd5d99126b6f92b98f0109d64aaeaea579db623eb5966cf9e9ade58680b6dc39d94ca614c1f3423b637e39b845756ec7e5540244169afd35f23faaf5bbff1f3def92a0ab210badeac512a56bee1d48dc3773885b95d531eae8b6cb3f4d207a6777d4e910a74cb55eb0fc74fbd7592d02cf7ddf11e2035599d74e144a712c52abca277dbad714370c13b80aa5fb3ae7cf5edd0d3896df7fd1d42fb9c509074c0f6674997d26638c53adc835128149a66f0dbc5b5b126195dfdbbea1f851aa7ff1073f3e638372b492f5a888aaabaee2c02db297847358ef5c65f3e2b737ed1a6679c8e2170318c44f6d71890b1958fd5f82741ad4091b5b3f0ff8a02711edc424ed40b6316a726540fcb63442a1361af7bb86e1816ff122217b0c8d86566512b0d444a4b1c23eec6ebcc7603e0668e7ba066ec16e74746ce10c75ee2f7462dafff1fda8312eb7f9108b054e7c7d8fd34e228b1b141b4e76ff240195c7a27c2279fcc20ab82e1c7d754aeefb37aa83c3faf59c5943fe4a8e1ad6479e0a9dbef9f9a2b2483b5b606a817f6318835081f2327ad2812c4130f5ce339bb064a49329802654b4e8ec2e9af53666d620f7d657c2bfbdb5dde39bd0e3e75023be715987ec145239ef2eac6b752ae5fc5507e7f473a029446aa150cb4595e8a0c1081927a91809da1536cd1e17f64281f4e35b08d868390b5fac824337bb7480cd3aabf48857991fb7292dc6dfdd9adc95893bef7f2afc5edc38d1ed7861c4ccf35b7aa515512b66677ef04d3d59259c407c8e17ad4d779ab2785734ba1e19ad43975d9da000d2abdca46fdbb099e6d4c581c4e71988edcabbd9fbff75ccaa65e3d75756a09bbb9d7673ae07f6002dd7d0765111ac456f00b04e8b06671330758bfe76bdad479bb12b474085e1890fffd3800c76df5da5066ec658965cc11a58d4726fcfd1d52b8da227ef2bcad0d8f79e81ed7f60f3aeb04ace2e0973bc01a62341724ddfa7a8ce5d2aa8fa91e06c5bfb07ae5c4769f3641bf2844642b33f207d716a93be9b2dd41b8ed86ceefd908eac0befd88686154260e4b6aee247a0078afc3f5a7f5cf1b621b328e5f0fff0871216d10af234b2f43228befda29e8f933e40092cf6be596fe25eed64d310ea7f68a24e4ac2d7f8bfe9c06e5ca3214becc42d96e491762f9e9dcb3ca6a23ba714b6ac94bd20241ba6a4f7ff9eebb94a1df6b355f9c46a4f2f253e3f4cfc3c00ed0729e25f12378d4d0d7795df73028da42e459911e5e0fa20c2ef2af9b32e836e7bf4e630c41c190a259fb4218267772f74466afc78dcf5e62516bf7911620f96d65455bde26ce03fa8f0aeee4fcc76a0aa1ab4577c330e56de573b934462a74940a7156d437bf0fccc97a8b3d0d97e66e9b9f1a80f09a22ecf7c5d15b5b5dbc2710f73ad0e911c5a155c7496907aae05234f357ffeeb3b0e2e8f7fabd5591dd10f6153f21a3d02df99cd941cdd5123af086b9ecd2f547e9222ee942418888ad4ab26347cdd1ff2c401332a22facbb1bb7781d9e752dca20de6b6ee7652f5b330c02f367f5cca817f3b201e746216bc645f52a12d04b933d2dfc2cedf7c7685efa722a2c524c0b92b67f72bb7beb0f8f44881cef7b03d9df4bc0dc4d328a89ede20ac6d365f6d7bac992a23e507dccbd705d9928631a6b7f5ae857b74bb794c3cb1393d84855697b1b021163535cbd7f36e2dbb0659ae0a66b346f8a4ee7d945716fb3c509ceb33bea5596da2b684e83337c764b2b4ef2d2c440d2d9a3cd0d951f6f630d0f5a40010e52812b9d6d01ea044e0cf55823a1ece8204784f7769624c8710be9673ad9b75cc5c98f367d6ff312271af2399b30b6ffa42c835fd39ad2eb6a6c7d62712c89a94a724d6e757a9085615b9e307faf41e42e99009209b4a6dc7575a506d781f12f2ad55c0be030d3e3d0f89b5cc4e80a33264060f7452adce8b205da361b7ad75fb8ec0616dfc19c42fa04f99838e20ab7a556bfec8992061a686cc91dfa8ed87b52a5a77f47485630bc7910ebc8efc1977d5d0d610bee18273aa86b2ba5d5d5cedae24572e059732e0073301eed485ccffff7e027136b8df1d407ccd3dd6eb07ee59267ba77c21c29cb01d2241970c06add04320c139e364281df838cecde952bbf82eaff1a4005da851e2a9adfb9a3537a491342be666e5049a9ea1b26269b7bf20e2b81bfe1a1c573b683ac9720469dd07efed561f103fe837eee29f8aafc807a2f6991f7ba096d8b84ec6efd9319816e1bcea9cb32a2a07c9b2c8842455096ac7802073de907dacfcd7594ba8764da262592b29dbd40c9f80f193e2df1e1a70d670d3609801a63a19fd8cf7d059c0548fb2e8f9f8d0b4ea641d1cb9864231de948866ba8a5497f3707e2f6e71a6d43ea390ad6da7a555823236edd93e0e3739865a32eccd2330d514c78b6bfe302d2fbc8d90ddb3e53e5592dc57c2a7ffedc42bb72cc36a3af160ec482cfacbcba705a32c5f14464a426f09f66c8fbd43a530d1b55afd9d00f93dbaa429df76b397d8377cea293de0b186d5d6780045bd4a664de9d6fff3e9c502bf90e84fccd91d0eb7c5d135b0452107939c05160d30a9c34aaaa6623e4258075cea93d1bca6e3d5254d3369e8dd978d1989447aefea26b029ab93caab636f0ac71f34f292e2d71dd316f799e61b279e6b934b06d72e329a3b65b102190cf68e4ea48b46ee3f185d390c7e1d0db6b85cf1f0149fc06aee7789669a30a2f136caa4471517bd94951b7eada90204e81bff5dd0eb978d94997194745ea07ae5e2551bf7f32c59e130ab4f85ce959a9bae6132b8294319642bbbf02de"]}, @typed={0x8, 0xb5, 0x0, 0x0, @ipv4=@local}, @nested={0x20, 0x118, 0x0, 0x1, [@generic="1601b20c399a9460a0008a2e", @typed={0x8, 0x20, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x10a, 0x0, 0x0, @pid=r3}]}, @nested={0x1a4, 0xb5, 0x0, 0x1, [@nested={0x108, 0x3b, 0x0, 0x1, [@typed={0x14, 0x7b, 0x0, 0x0, @ipv6=@private2}, @typed={0x8, 0x10c, 0x0, 0x0, @pid=r3}, @typed={0x14, 0xfc, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @generic="b40fb4a8a18bbc02258f53e6d213415f6b646bb53c22bf9cda49f70abb8dffdc15871d03473f35d6acd08f08d6ccb396cb6ff6c9baf217792828518c6a71c840ddb370bdabf9e2a8487757346afdac24a6452172c12e6569740c5b85ebfbff99ce9b8bb6ed917e47dac7278ebb1e5e62825121ecb96d50a1a8bcf51f65cec997cbc8224621d88d878ef3b8840fdd1e0e9c31031c54494932d2ff4a95b4fd95cb75a036dc39d5c5ed4fec6639521aa5d3c73d6d8f10113c548ba33e35dac679a8ad1ea6a927447b39799d1ebd791359ae", @nested={0x4, 0x87}]}, @generic='U.', @generic="dfe7cc82bcd6bcfe7c38d0d5f8b6fc5285dbb63e69317aa91c89e80796969ddd1c0d33ad51a05ef0bbc79edb51445e5207afa127a5042190102f0ccda8b6bf8873c04c75531a8f9f033cfe7f818ab7bc83eaeb0c9d7d01fc26f6e2c43d4c27383391792ca10f0ac11adf3a2406562618bc1b7378b05b417d1f6c90152c18b239a3ff41d5f9db7b8735f70648b614", @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@multicast2}]}, @generic="68b1d32d1e47a2e163e1698b0cdf3be5b345770341a2bd22a6e5fc793ea2f2edb91275"]}, 0x1424}], 0x1}, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa8301, 0x0) preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r5, &(0x7f0000000380)={0x2020}, 0x2020) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f00000023c0)={0x3, {{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x88) 2m8.825934814s ago: executing program 3 (id=1862): mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) read$FUSE(r0, &(0x7f0000000f00)={0x2020}, 0x2020) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000080)=0x5) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x10009, 0x9, 0xffffffffffffffff, 0x5, 0x0, 0xffffffffffffffff, 0x7a6e, 0x4, 0xfc, 0xf, 0x4000000000008, 0xc0, 0x9, 0x2, 0xfffffffffffffffc, 0x2], 0x8000000, 0x8340}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m8.517489746s ago: executing program 3 (id=1865): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000) r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000d00)={0x0, 0x9}, 0x8) r2 = socket$l2tp6(0xa, 0x2, 0x73) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x1e, 0x0, &(0x7f0000000140)) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast1, @dev={0xac, 0x14, 0x14, 0x30}, @multicast1}, 0xc) 2m8.103451362s ago: executing program 3 (id=1866): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x59032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000e3d000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000080)="c4a161fac7360fa53b0f09b9d30900000f32f3450fc7360f01c436400f6e730dc4e14d71d737b9800000c00f3235008000000f3067470f79c1", 0x39}], 0x1, 0x20, &(0x7f0000019200), 0x0) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) recvmsg$inet_nvme(0xffffffffffffffff, 0x0, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 2m7.710708118s ago: executing program 32 (id=1866): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x59032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000e3d000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000080)="c4a161fac7360fa53b0f09b9d30900000f32f3450fc7360f01c436400f6e730dc4e14d71d737b9800000c00f3235008000000f3067470f79c1", 0x39}], 0x1, 0x20, &(0x7f0000019200), 0x0) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) recvmsg$inet_nvme(0xffffffffffffffff, 0x0, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 3.752224865s ago: executing program 1 (id=2516): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x109800, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x48, 0x1, 0x1, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x2, 0x0, 0xfe, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x80000000}, [@acm={0x4, 0x24, 0x2, 0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x3, 0xfa}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x0, 0xf8}}}}}]}}]}}, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002040)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"}) preadv2(r0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x0, 0x0, 0x0) 1.96766944s ago: executing program 0 (id=2532): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000280)="09da04e73d4bd3d5a7cfe0dbf4c7b22fea", 0x11, 0x40000, 0x0, 0x0) 1.81433337s ago: executing program 0 (id=2533): pipe2(&(0x7f00000000c0)={0x0, 0x0}, 0x84800) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000040)=0x12) close_range(r0, 0xffffffffffffffff, 0x0) 1.732125061s ago: executing program 0 (id=2535): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000000c0)={0xa, @pix={0x0, 0x0, 0x34565348, 0x0, 0x10001, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1}}) 1.614355572s ago: executing program 4 (id=2536): syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="0422255e"], 0x12) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.559902194s ago: executing program 0 (id=2537): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x104, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x3}}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x10, 0x2, 0x2, 0xfffa}}, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_IE={0x9a, 0x2a, [@challenge={0x10, 0x1, 0x9}, @prep={0x83, 0x1f, {{}, 0x6, 0x9, @device_b, 0x1ff, @void, 0x6a58, 0x44ff, @device_b, 0x92be}}, @chsw_timing={0x68, 0x4, {0xe, 0x8}}, @fast_bss_trans={0x37, 0x6a, {0x1, 0x1, "ae5b2162cdc71ea105be59861a5693d4", "6e6657024442cc7a450966fa852a2ff4cdcb4560c712a48fb99822b4a732c3f5", "a3c55d6209af538085c63fbc2979a4ffb2399dc02fee8372114284a1d981b2a1", [{0x4, 0x16, "021c36850c9a176a171d872b0cdeaa8b106da69e410d"}]}}]}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x4}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x104}}, 0x0) 1.503547216s ago: executing program 4 (id=2538): r0 = socket(0x200000000000011, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000d00)={0x11, 0x1c, r2, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000005000)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x20000010}, 0x10004) 1.382092473s ago: executing program 0 (id=2539): setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48) listen(r0, 0x1ad72f7) accept4(r0, 0x0, 0x0, 0x80000) r2 = accept4$netrom(r0, 0x0, 0x0, 0x80000) syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000200)="b5d1b079219f395d29e58b8865f8001a9bf9947b421b4c547e827bb7df9594f78d491041842ccefec2327eca6ac5845d8dd89bdba7c2f67401dc1e2197a4289f155d8556a73d716b361cd2bdfa4d53a55f259ddeee193e756ba98d166e0bdd12ccebe733f631e8d38949a6e81d59e56ba0e35edefa9b2c4e800a2ae6023b3a4e90e07296d4e4ebfd9ded1a46041261e8bf6efb306ee493db050079d015d7eee2", 0xa0}, {&(0x7f0000000400)="ea085ca995c9a76f874df732dc98853dcb094793487af923d18b61bf79a291885c70d18c881dcef8922f96fe957919e0360e53ec77619f44ee306b29a308e521516ac7066a468727884dca0288", 0x4d}], 0x2) 1.368656898s ago: executing program 2 (id=2540): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x1}, 0x6) write$bt_hci(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0119fc"], 0xe) 1.345879063s ago: executing program 4 (id=2541): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$tun(r1, &(0x7f0000000400)=ANY=[], 0xa2) read(r1, 0x0, 0x57) 1.218252514s ago: executing program 2 (id=2542): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0xa, 0x4e25, 0x80000, @mcast1, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f0000004e00)=[@flowinfo={{0x14, 0x29, 0xb, 0x2}}], 0x18}, 0x4011) 1.218125837s ago: executing program 4 (id=2543): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8, 0x0, 0x8, r0, 0x4}) 1.179079336s ago: executing program 2 (id=2544): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10fe}], 0x0, 0x0, 0x0}) 1.094443242s ago: executing program 4 (id=2545): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) keyctl$describe(0x6, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x60, r3, 0xb7a006d1969b963b, 0x1, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x44, 0x33, @probe_request={{{}, {}, @device_a, @device_b}, @val, @val, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x1, 0x95ce, 0x9}}, @val={0x72, 0x6}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8011}, 0x10) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 654.812082ms ago: executing program 1 (id=2546): syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="0422255e"], 0x12) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 654.284038ms ago: executing program 2 (id=2547): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x0, {0x40, 0x3, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x120, 0x6000, 0x0, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x14c0348, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1) ioctl$TIOCGPTPEER(r2, 0x932, 0x8) 653.903557ms ago: executing program 4 (id=2548): timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 498.571144ms ago: executing program 0 (id=2549): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000009c0)=""/109) r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff990908", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000280)=""/239, 0xef) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) write$char_usb(r2, 0x0, 0x0) syz_usb_disconnect(r1) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r4 = syz_usb_connect$printer(0x2, 0x77, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xff, 0x20, 0x8, [{{0x9, 0x4, 0x0, 0xfd, 0x1, 0x7, 0x1, 0x1, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x4, 0x0, 0xb}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r4, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r4, &(0x7f0000000180)={0x2c, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="0003840000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_ep_read(r4, 0x1, 0x0, 0x0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$int_in(r5, 0x5421, &(0x7f00000004c0)=0x10000) openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendfile(r6, r6, 0x0, 0x3) write$char_usb(r5, &(0x7f0000001680)="f3", 0x1) close_range(r3, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 497.67507ms ago: executing program 1 (id=2550): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5) shutdown(r0, 0x1) 340.666437ms ago: executing program 1 (id=2551): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x1}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18) 246.227151ms ago: executing program 2 (id=2552): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, &(0x7f0000000040), 0x10) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="ae824dd3b79f2cd62a99a4acc48ad798646b17b013f6c2fdad7177cc18a231950d0e5d2b33914a8e5b673b91cbbd74e622ff587050016f5207e2dc1e7071", 0x3e}], 0x1) 187.740881ms ago: executing program 1 (id=2553): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r1 = openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000000)=0x0) bind$nfc_llcp(r0, &(0x7f0000001040)={0x27, r2, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60) close(r1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x3, 0x8, 0x1, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xff7fff01, 0x6, 0x3, 0x7, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x40, 0x7, 0x3, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8e, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0xa, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x41, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xffffffff, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x6, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0x1a, 0x7, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0xfffffff6, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c0b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 114.906µs ago: executing program 1 (id=2554): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10fe}], 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=2555): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x34, r1, 0x431, 0x70bd2b, 0xfffffffd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c4) kernel console output (not intermixed with test programs): [ T24] usb 2-1: config 1 interface 211 has no altsetting 0 [ 493.907381][ T24] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 493.918676][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.932747][ T24] usb 2-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 493.965150][ T24] usb 2-1: Manufacturer: Б [ 494.115378][T13110] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 494.125867][T13110] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 494.133645][T13111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2277'. [ 494.150645][T13110] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 494.161569][T13110] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 494.234281][ T24] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected [ 494.255417][ T24] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 494.277891][ T24] usb 2-1: USB disconnect, device number 17 [ 494.299723][ T24] ftdi_sio 2-1:1.211: device disconnected [ 494.487009][T13120] i2c i2c-0: Invalid block write size 34 [ 494.731854][ T5942] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 494.764613][T13127] FAULT_INJECTION: forcing a failure. [ 494.764613][T13127] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 494.800061][T13127] CPU: 1 UID: 0 PID: 13127 Comm: syz.2.2281 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 494.800092][T13127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.800106][T13127] Call Trace: [ 494.800115][T13127] [ 494.800125][T13127] dump_stack_lvl+0x189/0x250 [ 494.800155][T13127] ? __pfx____ratelimit+0x10/0x10 [ 494.800180][T13127] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.800204][T13127] ? __pfx__printk+0x10/0x10 [ 494.800229][T13127] ? __might_fault+0xb0/0x130 [ 494.800265][T13127] should_fail_ex+0x414/0x560 [ 494.800303][T13127] _copy_from_user+0x2d/0xb0 [ 494.800339][T13127] kstrtouint_from_user+0xc4/0x170 [ 494.800369][T13127] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 494.800414][T13127] proc_fail_nth_write+0x88/0x240 [ 494.800446][T13127] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 494.800484][T13127] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 494.800518][T13127] vfs_write+0x27b/0xa90 [ 494.800566][T13127] ? __pfx_vfs_write+0x10/0x10 [ 494.800593][T13127] ? __fget_files+0x2a/0x420 [ 494.800627][T13127] ? __fget_files+0x3a0/0x420 [ 494.800654][T13127] ? __fget_files+0x2a/0x420 [ 494.800692][T13127] ksys_write+0x145/0x250 [ 494.800721][T13127] ? __pfx_ksys_write+0x10/0x10 [ 494.800743][T13127] ? rcu_is_watching+0x15/0xb0 [ 494.800770][T13127] ? do_syscall_64+0xbe/0x3b0 [ 494.800802][T13127] do_syscall_64+0xfa/0x3b0 [ 494.800826][T13127] ? lockdep_hardirqs_on+0x9c/0x150 [ 494.800852][T13127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.800872][T13127] ? clear_bhb_loop+0x60/0xb0 [ 494.800898][T13127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.800918][T13127] RIP: 0033:0x7f167878d3df [ 494.800965][T13127] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 494.800983][T13127] RSP: 002b:00007f16795e3030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 494.801005][T13127] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f167878d3df [ 494.801021][T13127] RDX: 0000000000000001 RSI: 00007f16795e30a0 RDI: 0000000000000006 [ 494.801034][T13127] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 494.801048][T13127] R10: 0000000000040008 R11: 0000000000000293 R12: 0000000000000001 [ 494.801067][T13127] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 494.801099][T13127] [ 495.071812][ T5885] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 495.150565][ T5942] usb 5-1: Using ep0 maxpacket: 32 [ 495.157705][ T5942] usb 5-1: config 4 has an invalid interface number: 126 but max is 0 [ 495.166232][ T5942] usb 5-1: config 4 has no interface number 0 [ 495.172541][ T5942] usb 5-1: config 4 interface 126 altsetting 8 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 495.183569][ T5942] usb 5-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x8, skipping [ 495.194523][ T5942] usb 5-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x1, skipping [ 495.205343][ T5942] usb 5-1: config 4 interface 126 has no altsetting 0 [ 495.218073][ T5942] usb 5-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.6e [ 495.227461][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.235604][ T5942] usb 5-1: Product: syz [ 495.239804][ T5942] usb 5-1: Manufacturer: syz [ 495.244668][ T5942] usb 5-1: SerialNumber: syz [ 495.250823][ T5885] usb 2-1: Using ep0 maxpacket: 16 [ 495.268807][ T5885] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 495.279586][ T5885] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 495.304577][ T5885] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 495.314433][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 495.323687][ T5885] usb 2-1: SerialNumber: syz [ 495.343591][T13129] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 495.352180][T13129] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 495.360181][T13138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2286'. [ 495.378314][T13138] IPVS: set_ctl: invalid protocol: 34868 224.0.0.1:20002 [ 495.479885][ T5942] usb 5-1: Found UVC 0.00 device syz (19ab:1000) [ 495.493216][ T5942] usb 5-1: No valid video chain found. [ 495.526928][ T5942] usb 5-1: USB disconnect, device number 23 [ 496.150724][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 496.157008][T12697] Bluetooth: hci2: command 0x0c1a tx timeout [ 496.230624][ T5835] Bluetooth: hci5: command 0x0411 tx timeout [ 496.236909][T12697] Bluetooth: hci1: command 0x0c1a tx timeout [ 496.285956][T13150] /dev/rnullb0: Can't open blockdev [ 496.478519][T13151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 496.486407][T13151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 496.494417][T13151] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 496.501117][T13151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 496.512059][T13151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2289'. [ 496.610453][ T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 496.790747][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 496.813618][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 496.823029][ T24] usb 5-1: config 1 has an invalid interface number: 211 but max is 0 [ 496.835196][ T24] usb 5-1: config 1 has no interface number 0 [ 496.843028][ T24] usb 5-1: config 1 interface 211 has no altsetting 0 [ 496.853668][ T24] usb 5-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 496.865453][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.876300][ T24] usb 5-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 496.950692][ T24] usb 5-1: Manufacturer: Б [ 496.955279][ T24] usb 5-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱񋸇馩瘔剪쫞ﺝ旟捘 [ 497.213703][ T24] ftdi_sio 5-1:1.211: FTDI USB Serial Device converter detected [ 497.227205][ T24] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 497.265949][ T24] usb 5-1: USB disconnect, device number 24 [ 497.302237][ T24] ftdi_sio 5-1:1.211: device disconnected [ 497.819677][ T5885] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 497.849485][ T5885] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 497.866390][ T5885] usb 2-1: USB disconnect, device number 18 [ 498.010199][T13172] i2c i2c-0: Invalid block write size 34 [ 498.037064][T13174] random: crng reseeded on system resumption [ 498.280466][ T5833] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 498.461030][ T5833] usb 3-1: Using ep0 maxpacket: 32 [ 498.494229][ T5833] usb 3-1: config 4 has an invalid interface number: 126 but max is 0 [ 498.526220][ T5833] usb 3-1: config 4 has no interface number 0 [ 498.550685][T12697] Bluetooth: hci1: command 0x0c1a tx timeout [ 498.550730][ T5835] Bluetooth: hci5: command 0x0411 tx timeout [ 498.556965][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 498.563120][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 498.582094][ T5833] usb 3-1: config 4 interface 126 altsetting 8 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 498.620532][ T5833] usb 3-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x8, skipping [ 498.640513][ T5833] usb 3-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x1, skipping [ 498.651547][ T5833] usb 3-1: config 4 interface 126 has no altsetting 0 [ 498.661603][ T5833] usb 3-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.6e [ 498.670897][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.680220][ T5833] usb 3-1: Product: syz [ 498.689013][ T5833] usb 3-1: Manufacturer: syz [ 498.696277][ T5833] usb 3-1: SerialNumber: syz [ 498.840770][T13185] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2302'. [ 498.950662][ T5833] usb 3-1: Found UVC 0.00 device syz (19ab:1000) [ 498.957151][ T5833] usb 3-1: No valid video chain found. [ 498.988236][ T5833] usb 3-1: USB disconnect, device number 66 [ 499.018685][T13182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 499.034313][T13182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 499.050090][T13182] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 499.063016][T13182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 499.310704][ T5942] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 499.340549][ T5885] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 499.450529][ T5833] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 499.460690][ T5942] usb 2-1: Using ep0 maxpacket: 8 [ 499.470161][ T5942] usb 2-1: unable to get BOS descriptor or descriptor too short [ 499.470627][ T5885] usb 1-1: device descriptor read/64, error -71 [ 499.479290][ T5942] usb 2-1: config 1 has an invalid interface number: 211 but max is 0 [ 499.496192][ T5942] usb 2-1: config 1 has no interface number 0 [ 499.502805][ T5942] usb 2-1: config 1 interface 211 has no altsetting 0 [ 499.516893][ T5942] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 499.526175][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.536487][ T5942] usb 2-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 499.565664][ T5942] usb 2-1: Manufacturer: Б [ 499.570241][ T5942] usb 2-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭 [ 499.600565][ T5833] usb 5-1: Using ep0 maxpacket: 16 [ 499.607761][ T5833] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 499.620657][ T5833] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 499.632340][ T5833] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 499.642440][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 499.650900][ T5833] usb 5-1: SerialNumber: syz [ 499.672490][T13194] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 499.679904][T13194] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 499.720592][ T5885] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 499.805884][ T5942] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected [ 499.826930][ T5942] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 499.847962][ T5942] usb 2-1: USB disconnect, device number 19 [ 499.850733][ T5885] usb 1-1: device descriptor read/64, error -71 [ 499.869750][ T5942] ftdi_sio 2-1:1.211: device disconnected [ 499.973953][ T5885] usb usb1-port1: attempt power cycle [ 500.340799][ T5885] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 500.391521][ T5885] usb 1-1: device descriptor read/8, error -71 [ 500.640499][ T5885] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 500.673953][ T5885] usb 1-1: device descriptor read/8, error -71 [ 500.740576][ T24] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 500.791085][ T5885] usb usb1-port1: unable to enumerate USB device [ 500.881784][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 500.893714][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 500.903756][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 500.916791][T13221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 500.925359][ T24] usb 3-1: config 1 has an invalid interface number: 211 but max is 0 [ 500.937445][T13221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 500.943514][ T24] usb 3-1: config 1 has no interface number 0 [ 500.949736][ T24] usb 3-1: config 1 interface 211 has no altsetting 0 [ 500.958166][T13221] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 500.974539][ T24] usb 3-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 500.987053][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.995681][T13224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2315'. [ 501.005010][ T24] usb 3-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 501.044047][T13221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 501.051157][ T24] usb 3-1: Manufacturer: Б [ 501.100875][ T24] usb 3-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭 [ 501.230053][T13226] i2c i2c-0: Invalid block write size 34 [ 501.333669][ T24] ftdi_sio 3-1:1.211: FTDI USB Serial Device converter detected [ 501.345769][ T24] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 501.356207][ T24] usb 3-1: USB disconnect, device number 67 [ 501.363957][ T24] ftdi_sio 3-1:1.211: device disconnected [ 501.470560][ T5913] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 501.594269][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.606620][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.623117][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 501.630505][ T5913] usb 2-1: config 4 has an invalid interface number: 126 but max is 0 [ 501.638749][ T5913] usb 2-1: config 4 has no interface number 0 [ 501.645127][ T5913] usb 2-1: config 4 interface 126 altsetting 8 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 501.656268][ T5913] usb 2-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x8, skipping [ 501.667048][ T5913] usb 2-1: config 4 interface 126 altsetting 8 has a duplicate endpoint with address 0x1, skipping [ 501.677835][ T5913] usb 2-1: config 4 interface 126 has no altsetting 0 [ 501.687634][ T5913] usb 2-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.6e [ 501.696786][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.705296][ T5913] usb 2-1: Product: syz [ 501.709642][ T5913] usb 2-1: Manufacturer: syz [ 501.714467][ T5913] usb 2-1: SerialNumber: syz [ 501.828831][T13229] FAULT_INJECTION: forcing a failure. [ 501.828831][T13229] name failslab, interval 1, probability 0, space 0, times 0 [ 501.843295][T13229] CPU: 0 UID: 0 PID: 13229 Comm: syz.0.2317 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 501.843327][T13229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 501.843341][T13229] Call Trace: [ 501.843350][T13229] [ 501.843360][T13229] dump_stack_lvl+0x189/0x250 [ 501.843390][T13229] ? __pfx____ratelimit+0x10/0x10 [ 501.843412][T13229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 501.843429][T13229] ? __pfx__printk+0x10/0x10 [ 501.843452][T13229] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 501.843477][T13229] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 501.843501][T13229] ? preempt_schedule+0xae/0xc0 [ 501.843522][T13229] ? dev_loopback_xmit+0x2f6/0x490 [ 501.843549][T13229] should_fail_ex+0x414/0x560 [ 501.843576][T13229] should_failslab+0xa8/0x100 [ 501.843596][T13229] __kmalloc_noprof+0xcb/0x4f0 [ 501.843621][T13229] ? ___neigh_create+0x6d5/0x2260 [ 501.843651][T13229] ___neigh_create+0x6d5/0x2260 [ 501.843684][T13229] ? __ipv6_neigh_lookup_noref+0x531/0x710 [ 501.843715][T13229] ? dev_loopback_xmit+0x2f6/0x490 [ 501.843736][T13229] ip6_finish_output2+0xb4d/0x16a0 [ 501.843769][T13229] ? ip6_finish_output2+0x701/0x16a0 [ 501.843809][T13229] ? __pfx_ip6_finish_output2+0x10/0x10 [ 501.843841][T13229] ? ip6_mtu+0x7d/0x3f0 [ 501.843868][T13229] ? ip6_mtu+0x7d/0x3f0 [ 501.843890][T13229] ip6_finish_output+0x234/0x7d0 [ 501.843920][T13229] ip6_mr_output+0xba9/0x1040 [ 501.843952][T13229] ? __pfx_ip6t_do_table+0x10/0x10 [ 501.843992][T13229] ? __pfx_ip6_mr_output+0x10/0x10 [ 501.844024][T13229] ? __ip6_local_out+0x609/0x870 [ 501.844045][T13229] ? __ip6_local_out+0x82c/0x870 [ 501.844062][T13229] ? __lock_acquire+0xab9/0xd20 [ 501.844098][T13229] ? __ip6_local_out+0x609/0x870 [ 501.844134][T13229] ? skb_dst+0x4f/0xd0 [ 501.844166][T13229] ? dst_output+0x177/0x1c0 [ 501.844182][T13229] ? ip6_send_skb+0x10f/0x390 [ 501.844206][T13229] ip6_send_skb+0x1d5/0x390 [ 501.844240][T13229] rawv6_push_pending_frames+0x6e9/0x8d0 [ 501.844273][T13229] ? __pfx_rawv6_push_pending_frames+0x10/0x10 [ 501.844301][T13229] ? __pfx_raw6_getfrag+0x10/0x10 [ 501.844328][T13229] rawv6_sendmsg+0x1331/0x1820 [ 501.844366][T13229] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 501.844413][T13229] ? __pfx_aa_sk_perm+0x10/0x10 [ 501.844440][T13229] ? sock_rps_record_flow+0x19/0x410 [ 501.844466][T13229] ? inet_sendmsg+0x2f4/0x370 [ 501.844486][T13229] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 501.844514][T13229] __sock_sendmsg+0x19c/0x270 [ 501.844535][T13229] __sys_sendto+0x3bd/0x520 [ 501.844565][T13229] ? __pfx___sys_sendto+0x10/0x10 [ 501.844592][T13229] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 501.844632][T13229] ? __fget_files+0x3a0/0x420 [ 501.844666][T13229] ? ksys_write+0x22a/0x250 [ 501.844686][T13229] ? __pfx_ksys_write+0x10/0x10 [ 501.844714][T13229] __x64_sys_sendto+0xde/0x100 [ 501.844748][T13229] do_syscall_64+0xfa/0x3b0 [ 501.844773][T13229] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.844798][T13229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.844813][T13229] ? clear_bhb_loop+0x60/0xb0 [ 501.844832][T13229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.844846][T13229] RIP: 0033:0x7fc91c98e929 [ 501.844865][T13229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.844884][T13229] RSP: 002b:00007fc91d8b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 501.844907][T13229] RAX: ffffffffffffffda RBX: 00007fc91cbb5fa0 RCX: 00007fc91c98e929 [ 501.844922][T13229] RDX: 000000000000001a RSI: 0000200000019100 RDI: 0000000000000003 [ 501.844935][T13229] RBP: 00007fc91d8b9090 R08: 0000000000000000 R09: 0000000000000000 [ 501.844949][T13229] R10: 0000000000003b00 R11: 0000000000000246 R12: 0000000000000001 [ 501.844959][T13229] R13: 0000000000000000 R14: 00007fc91cbb5fa0 R15: 00007ffffacbbfe8 [ 501.844983][T13229] [ 502.287358][ T5833] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 502.299362][ T5833] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 502.314687][ T5833] usb 5-1: USB disconnect, device number 25 [ 502.438445][ T5913] usb 2-1: Found UVC 0.00 device syz (19ab:1000) [ 502.456077][ T5913] usb 2-1: No valid video chain found. [ 502.510237][ T5913] usb 2-1: USB disconnect, device number 20 [ 502.664292][T13241] Mount JFS Failure: -22 [ 502.678183][T13241] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 502.710143][T13243] usb usb7: usbfs: process 13243 (syz.0.2324) did not claim interface 0 before use [ 502.954063][T12697] Bluetooth: hci0: command 0x0c1a tx timeout [ 502.961125][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 503.030507][ T51] Bluetooth: hci5: command 0x0411 tx timeout [ 503.081049][T13248] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 503.087287][T13248] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 503.105929][T13248] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 503.110566][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 503.128375][T13248] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 503.231537][T13245] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2325'. [ 503.491266][T13252] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 503.507555][T13252] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 503.514825][T13252] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 503.524783][T13252] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 503.550514][ T5833] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 503.573898][T13250] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2327'. [ 503.610533][ T5885] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 503.709010][ T5833] usb 2-1: Using ep0 maxpacket: 8 [ 503.716967][ T5833] usb 2-1: unable to get BOS descriptor or descriptor too short [ 503.733671][ T5833] usb 2-1: config 1 has an invalid interface number: 211 but max is 0 [ 503.751460][ T5833] usb 2-1: config 1 has no interface number 0 [ 503.758002][ T5833] usb 2-1: config 1 interface 211 has no altsetting 0 [ 503.770510][ T5885] usb 3-1: Using ep0 maxpacket: 16 [ 503.776010][ T5833] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 503.789200][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.797751][ T5885] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 503.808292][ T5885] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 503.818701][ T5833] usb 2-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 503.849018][ T5885] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 503.849489][T13272] qnx4: no qnx4 filesystem (no root dir). [ 503.860172][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 503.873744][ T5833] usb 2-1: Manufacturer: Б [ 503.878359][ T5833] usb 2-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭 [ 503.888809][ T5885] usb 3-1: SerialNumber: syz [ 503.905286][T13262] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 503.914833][T13274] 9pnet_fd: Insufficient options for proto=fd [ 503.920164][T13262] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 504.149589][ T5833] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected [ 504.161631][ T5833] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 504.179151][ T5833] usb 2-1: USB disconnect, device number 21 [ 504.193954][ T5833] ftdi_sio 2-1:1.211: device disconnected [ 504.260689][T13282] usb usb7: usbfs: process 13282 (syz.4.2335) did not claim interface 0 before use [ 504.403664][T13285] FAULT_INJECTION: forcing a failure. [ 504.403664][T13285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.417558][T13285] CPU: 0 UID: 0 PID: 13285 Comm: syz.0.2337 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 504.417590][T13285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 504.417605][T13285] Call Trace: [ 504.417618][T13285] [ 504.417627][T13285] dump_stack_lvl+0x189/0x250 [ 504.417657][T13285] ? __pfx____ratelimit+0x10/0x10 [ 504.417683][T13285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 504.417707][T13285] ? __pfx__printk+0x10/0x10 [ 504.417732][T13285] ? __might_fault+0xb0/0x130 [ 504.417767][T13285] should_fail_ex+0x414/0x560 [ 504.417804][T13285] _copy_from_user+0x2d/0xb0 [ 504.417838][T13285] ___sys_recvmsg+0x12e/0x510 [ 504.417865][T13285] ? __pfx____sys_recvmsg+0x10/0x10 [ 504.417919][T13285] ? __might_fault+0xb0/0x130 [ 504.417946][T13285] do_recvmmsg+0x307/0x770 [ 504.417975][T13285] ? __pfx_do_recvmmsg+0x10/0x10 [ 504.418009][T13285] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 504.418061][T13285] __x64_sys_recvmmsg+0x190/0x240 [ 504.418092][T13285] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 504.418111][T13285] ? rcu_is_watching+0x15/0xb0 [ 504.418137][T13285] ? do_syscall_64+0xbe/0x3b0 [ 504.418167][T13285] do_syscall_64+0xfa/0x3b0 [ 504.418193][T13285] ? lockdep_hardirqs_on+0x9c/0x150 [ 504.418223][T13285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.418244][T13285] ? clear_bhb_loop+0x60/0xb0 [ 504.418269][T13285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.418289][T13285] RIP: 0033:0x7fc91c98e929 [ 504.418308][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.418326][T13285] RSP: 002b:00007fc91d8b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 504.418349][T13285] RAX: ffffffffffffffda RBX: 00007fc91cbb5fa0 RCX: 00007fc91c98e929 [ 504.418370][T13285] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003 [ 504.418384][T13285] RBP: 00007fc91d8b9090 R08: 0000000000000000 R09: 0000000000000000 [ 504.418398][T13285] R10: 0000000040000120 R11: 0000000000000246 R12: 0000000000000001 [ 504.418411][T13285] R13: 0000000000000000 R14: 00007fc91cbb5fa0 R15: 00007ffffacbbfe8 [ 504.418443][T13285] [ 504.680309][T13288] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2338'. [ 504.692667][T13288] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2338'. [ 504.703939][T13288] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2338'. [ 504.714104][T13288] exFAT-fs (rnullb0): invalid boot record signature [ 504.737102][T13288] exFAT-fs (rnullb0): failed to read boot sector [ 504.743772][T13288] exFAT-fs (rnullb0): failed to recognize exfat type [ 505.024512][T13291] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 505.040797][T13291] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 505.051272][T13291] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 505.080218][T13302] FAULT_INJECTION: forcing a failure. [ 505.080218][T13302] name failslab, interval 1, probability 0, space 0, times 0 [ 505.094311][T13291] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 505.097911][T13302] CPU: 1 UID: 0 PID: 13302 Comm: syz.1.2342 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 505.097945][T13302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 505.097961][T13302] Call Trace: [ 505.097971][T13302] [ 505.097982][T13302] dump_stack_lvl+0x189/0x250 [ 505.098017][T13302] ? __pfx____ratelimit+0x10/0x10 [ 505.098049][T13302] ? __pfx_dump_stack_lvl+0x10/0x10 [ 505.098076][T13302] ? __pfx__printk+0x10/0x10 [ 505.098110][T13302] ? ref_tracker_alloc+0x318/0x460 [ 505.098138][T13302] should_fail_ex+0x414/0x560 [ 505.098180][T13302] should_failslab+0xa8/0x100 [ 505.098213][T13302] kmem_cache_alloc_noprof+0x73/0x3c0 [ 505.098237][T13302] ? skb_clone+0x212/0x3a0 [ 505.098267][T13302] skb_clone+0x212/0x3a0 [ 505.098295][T13302] __netlink_deliver_tap+0x404/0x850 [ 505.098341][T13302] ? netlink_deliver_tap+0x2e/0x1b0 [ 505.098375][T13302] netlink_deliver_tap+0x19c/0x1b0 [ 505.098407][T13302] netlink_unicast+0x72f/0x8d0 [ 505.098449][T13302] netlink_sendmsg+0x805/0xb30 [ 505.098496][T13302] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.098533][T13302] ? aa_sock_msg_perm+0xf1/0x1d0 [ 505.098562][T13302] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 505.098596][T13302] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.098629][T13302] __sock_sendmsg+0x21c/0x270 [ 505.098664][T13302] ____sys_sendmsg+0x505/0x830 [ 505.098710][T13302] ? __pfx_____sys_sendmsg+0x10/0x10 [ 505.098757][T13302] ? import_iovec+0x74/0xa0 [ 505.098797][T13302] ___sys_sendmsg+0x21f/0x2a0 [ 505.098846][T13302] ? __pfx____sys_sendmsg+0x10/0x10 [ 505.098927][T13302] ? __fget_files+0x2a/0x420 [ 505.098958][T13302] ? __fget_files+0x3a0/0x420 [ 505.099003][T13302] __x64_sys_sendmsg+0x19b/0x260 [ 505.099044][T13302] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 505.099090][T13302] ? __pfx_ksys_write+0x10/0x10 [ 505.099116][T13302] ? rcu_is_watching+0x15/0xb0 [ 505.099147][T13302] ? do_syscall_64+0xbe/0x3b0 [ 505.099181][T13302] do_syscall_64+0xfa/0x3b0 [ 505.099209][T13302] ? lockdep_hardirqs_on+0x9c/0x150 [ 505.099237][T13302] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.099261][T13302] ? clear_bhb_loop+0x60/0xb0 [ 505.099291][T13302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.099314][T13302] RIP: 0033:0x7f53d5f8e929 [ 505.099335][T13302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.099357][T13302] RSP: 002b:00007f53d6e94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 505.099383][T13302] RAX: ffffffffffffffda RBX: 00007f53d61b5fa0 RCX: 00007f53d5f8e929 [ 505.099401][T13302] RDX: 0000000000048000 RSI: 0000200000000000 RDI: 0000000000000003 [ 505.099417][T13302] RBP: 00007f53d6e94090 R08: 0000000000000000 R09: 0000000000000000 [ 505.099433][T13302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 505.099447][T13302] R13: 0000000000000000 R14: 00007f53d61b5fa0 R15: 00007ffea472a968 [ 505.099483][T13302] [ 505.106452][T13303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2339'. [ 505.759398][T13314] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2340'. [ 505.826210][T13316] binder: BINDER_SET_CONTEXT_MGR already set [ 505.833257][T13316] binder: 13311:13316 ioctl 4018620d 2000000001c0 returned -16 [ 505.954910][T13300] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 505.964336][T13300] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 505.971687][T13300] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 505.977829][T13300] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 506.175093][T13322] usb usb7: usbfs: process 13322 (syz.4.2347) did not claim interface 0 before use [ 506.316443][ T51] Bluetooth: hci1: Unable to find connection for big 0x00 [ 506.325767][ T51] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 506.391176][ T5885] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 506.416461][ T5885] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 506.443808][ T5885] usb 3-1: USB disconnect, device number 68 [ 506.740550][ T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 506.882304][T13345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2354'. [ 506.892375][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 506.913323][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 506.922332][T13342] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 506.928611][T13342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 506.950662][ T24] usb 2-1: config 1 has an invalid interface number: 211 but max is 0 [ 506.958906][ T24] usb 2-1: config 1 has no interface number 0 [ 507.000591][ T24] usb 2-1: config 1 interface 211 has no altsetting 0 [ 507.020953][T13342] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 507.027621][T13342] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 507.036749][ T24] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 507.053917][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.070501][ T24] usb 2-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 507.153458][ T24] usb 2-1: Manufacturer: Б [ 507.158038][ T24] usb 2-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊 [ 507.275596][T12697] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 507.284431][T12697] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 507.310887][T12697] Bluetooth: hci2: Unable to find connection for big 0x00 [ 507.318624][T12697] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 507.358578][T13350] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 507.375911][T13350] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 507.402602][ T24] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected [ 507.411118][T13350] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 507.425603][ T24] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 507.428353][T13350] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 507.449982][ T24] usb 2-1: USB disconnect, device number 22 [ 507.480072][ T24] ftdi_sio 2-1:1.211: device disconnected [ 507.531651][T13350] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2356'. [ 507.730571][ T5913] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 507.890435][ T5913] usb 1-1: Using ep0 maxpacket: 16 [ 507.897039][T12697] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 507.900097][ T5913] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 507.906718][T12697] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 507.950648][ T5913] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 507.962890][ T5913] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 507.975586][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 508.020151][ T5913] usb 1-1: SerialNumber: syz [ 508.042367][T13358] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 508.050258][T13358] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 508.088625][T13370] FAULT_INJECTION: forcing a failure. [ 508.088625][T13370] name failslab, interval 1, probability 0, space 0, times 0 [ 508.106732][T13370] CPU: 1 UID: 0 PID: 13370 Comm: syz.1.2364 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 508.106763][T13370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.106778][T13370] Call Trace: [ 508.106794][T13370] [ 508.106804][T13370] dump_stack_lvl+0x189/0x250 [ 508.106834][T13370] ? __pfx____ratelimit+0x10/0x10 [ 508.106861][T13370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 508.106885][T13370] ? __pfx__printk+0x10/0x10 [ 508.106916][T13370] ? ref_tracker_alloc+0x318/0x460 [ 508.106941][T13370] should_fail_ex+0x414/0x560 [ 508.106978][T13370] should_failslab+0xa8/0x100 [ 508.107006][T13370] kmem_cache_alloc_noprof+0x73/0x3c0 [ 508.107029][T13370] ? skb_clone+0x212/0x3a0 [ 508.107054][T13370] skb_clone+0x212/0x3a0 [ 508.107079][T13370] __netlink_deliver_tap+0x404/0x850 [ 508.107122][T13370] ? netlink_deliver_tap+0x2e/0x1b0 [ 508.107151][T13370] netlink_deliver_tap+0x19c/0x1b0 [ 508.107180][T13370] netlink_unicast+0x72f/0x8d0 [ 508.107218][T13370] netlink_sendmsg+0x805/0xb30 [ 508.107256][T13370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.107301][T13370] ? aa_sock_msg_perm+0xf1/0x1d0 [ 508.107326][T13370] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 508.107356][T13370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.107384][T13370] __sock_sendmsg+0x21c/0x270 [ 508.107412][T13370] ____sys_sendmsg+0x505/0x830 [ 508.107450][T13370] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.107492][T13370] ? import_iovec+0x74/0xa0 [ 508.107527][T13370] ___sys_sendmsg+0x21f/0x2a0 [ 508.107561][T13370] ? __pfx____sys_sendmsg+0x10/0x10 [ 508.107630][T13370] ? __fget_files+0x2a/0x420 [ 508.107658][T13370] ? __fget_files+0x3a0/0x420 [ 508.107698][T13370] __x64_sys_sendmsg+0x19b/0x260 [ 508.107738][T13370] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 508.107779][T13370] ? __pfx_ksys_write+0x10/0x10 [ 508.107827][T13370] ? rcu_is_watching+0x15/0xb0 [ 508.107853][T13370] ? do_syscall_64+0xbe/0x3b0 [ 508.107882][T13370] do_syscall_64+0xfa/0x3b0 [ 508.107906][T13370] ? lockdep_hardirqs_on+0x9c/0x150 [ 508.107930][T13370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.107949][T13370] ? clear_bhb_loop+0x60/0xb0 [ 508.107974][T13370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.107994][T13370] RIP: 0033:0x7f53d5f8e929 [ 508.108013][T13370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.108031][T13370] RSP: 002b:00007f53d6e94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.108055][T13370] RAX: ffffffffffffffda RBX: 00007f53d61b5fa0 RCX: 00007f53d5f8e929 [ 508.108071][T13370] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 508.108084][T13370] RBP: 00007f53d6e94090 R08: 0000000000000000 R09: 0000000000000000 [ 508.108097][T13370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.108110][T13370] R13: 0000000000000000 R14: 00007f53d61b5fa0 R15: 00007ffea472a968 [ 508.108143][T13370] [ 508.800835][T13384] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 508.810690][T12697] Bluetooth: hci5: Unable to find connection for big 0x00 [ 508.829910][T12697] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 508.881705][T13391] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2367'. [ 508.924304][T13384] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 508.944692][T13384] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 508.974794][T13384] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 509.400698][ T5885] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 509.502835][T13406] FAULT_INJECTION: forcing a failure. [ 509.502835][T13406] name failslab, interval 1, probability 0, space 0, times 0 [ 509.529625][T13406] CPU: 1 UID: 0 PID: 13406 Comm: syz.4.2375 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 509.529667][T13406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 509.529680][T13406] Call Trace: [ 509.529690][T13406] [ 509.529699][T13406] dump_stack_lvl+0x189/0x250 [ 509.529729][T13406] ? __pfx____ratelimit+0x10/0x10 [ 509.529756][T13406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.529779][T13406] ? __pfx__printk+0x10/0x10 [ 509.529810][T13406] ? __pfx___might_resched+0x10/0x10 [ 509.529831][T13406] ? fs_reclaim_acquire+0x7d/0x100 [ 509.529863][T13406] should_fail_ex+0x414/0x560 [ 509.529901][T13406] should_failslab+0xa8/0x100 [ 509.529928][T13406] __kmalloc_cache_noprof+0x70/0x3d0 [ 509.529951][T13406] ? vhost_task_create+0xf6/0x290 [ 509.529980][T13406] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 509.530007][T13406] vhost_task_create+0xf6/0x290 [ 509.530034][T13406] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 509.530063][T13406] ? __pfx_vhost_task_create+0x10/0x10 [ 509.530097][T13406] ? __pfx_vhost_task_fn+0x10/0x10 [ 509.530133][T13406] ? kasan_save_track+0x4f/0x80 [ 509.530153][T13406] ? kasan_save_track+0x3e/0x80 [ 509.530179][T13406] kvm_mmu_post_init_vm+0x147/0x2b0 [ 509.530214][T13406] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 509.530247][T13406] ? __mutex_trylock_common+0x153/0x260 [ 509.530275][T13406] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 509.530307][T13406] ? rcu_is_watching+0x15/0xb0 [ 509.530327][T13406] ? look_up_lock_class+0x74/0x170 [ 509.530356][T13406] ? register_lock_class+0x51/0x320 [ 509.530394][T13406] ? __lock_acquire+0xab9/0xd20 [ 509.530456][T13406] kvm_vcpu_ioctl+0x95c/0xe90 [ 509.530489][T13406] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 509.530510][T13406] ? __lock_acquire+0xab9/0xd20 [ 509.530572][T13406] ? __fget_files+0x2a/0x420 [ 509.530606][T13406] ? __fget_files+0x2a/0x420 [ 509.530633][T13406] ? __fget_files+0x3a0/0x420 [ 509.530674][T13406] ? __fget_files+0x2a/0x420 [ 509.530707][T13406] ? bpf_lsm_file_ioctl+0x9/0x20 [ 509.530726][T13406] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 509.530751][T13406] __se_sys_ioctl+0xfc/0x170 [ 509.530777][T13406] do_syscall_64+0xfa/0x3b0 [ 509.530805][T13406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.530824][T13406] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 509.530844][T13406] ? clear_bhb_loop+0x60/0xb0 [ 509.530870][T13406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.530891][T13406] RIP: 0033:0x7ff267f8e929 [ 509.530911][T13406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.530930][T13406] RSP: 002b:00007ff268e21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 509.530953][T13406] RAX: ffffffffffffffda RBX: 00007ff2681b5fa0 RCX: 00007ff267f8e929 [ 509.530969][T13406] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 509.530982][T13406] RBP: 00007ff268e21090 R08: 0000000000000000 R09: 0000000000000000 [ 509.530996][T13406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.531009][T13406] R13: 0000000000000000 R14: 00007ff2681b5fa0 R15: 00007ffe85f9fea8 [ 509.531042][T13406] [ 509.860858][ T5885] usb 3-1: Using ep0 maxpacket: 8 [ 509.868360][ T5885] usb 3-1: unable to get BOS descriptor or descriptor too short [ 509.877691][ T5885] usb 3-1: config 1 has an invalid interface number: 211 but max is 0 [ 509.886143][ T5885] usb 3-1: config 1 has no interface number 0 [ 509.901197][ T5885] usb 3-1: config 1 interface 211 has no altsetting 0 [ 509.913049][ T5885] usb 3-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 509.930458][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.938598][ T5885] usb 3-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 510.004006][T12697] Bluetooth: hci1: Unable to find connection for big 0x00 [ 510.013019][T12697] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 510.067698][ T5885] usb 3-1: Manufacturer: Б [ 510.083690][ T5885] usb 3-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊 [ 510.164086][T12697] Bluetooth: hci1: unexpected event for opcode 0x042f [ 510.229699][T12697] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 510.239110][T12697] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 510.335617][ T5885] ftdi_sio 3-1:1.211: FTDI USB Serial Device converter detected [ 510.345319][ T5885] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 510.360344][ T5885] usb 3-1: USB disconnect, device number 69 [ 510.371319][ T5885] ftdi_sio 3-1:1.211: device disconnected [ 510.419141][ T5913] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 510.458681][ T5913] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 510.489578][ T5913] usb 1-1: USB disconnect, device number 6 [ 510.713877][T13426] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 510.732848][T13426] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 510.739749][T13428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2381'. [ 510.762653][T13426] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 510.803696][T13426] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 511.027849][T12697] Bluetooth: hci0: Unable to find connection for big 0x00 [ 511.060480][ T5913] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 511.163884][T13443] netlink: 'syz.1.2388': attribute type 21 has an invalid length. [ 511.230590][ T5913] usb 5-1: Using ep0 maxpacket: 32 [ 511.249991][ T5913] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 511.260823][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.273132][ T5913] usb 5-1: config 0 descriptor?? [ 511.292396][ T5913] gspca_main: sunplus-2.14.0 probing 041e:400b [ 511.480443][ T5885] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 511.520780][ T5942] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 511.640493][ T5885] usb 1-1: Using ep0 maxpacket: 16 [ 511.648252][ T5885] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 511.658684][ T5885] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 511.671146][ T5885] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 511.683143][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 511.691405][ T5885] usb 1-1: SerialNumber: syz [ 511.696277][T12697] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 511.704201][T12697] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 511.711093][ T5942] usb 2-1: Using ep0 maxpacket: 8 [ 511.716604][ T5942] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 511.731041][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.731278][T13445] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 511.747704][T13445] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 511.768301][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 511.779201][ T5942] pvrusb2: ********** [ 511.783764][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 511.794480][ T5942] pvrusb2: Important functionality might not be entirely working. [ 511.802455][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 511.814339][ T5942] pvrusb2: ********** [ 511.954192][ T2345] pvrusb2: Invalid write control endpoint [ 512.049821][ T2345] pvrusb2: Invalid write control endpoint [ 512.055989][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 512.069461][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 512.084927][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 512.098192][ T2345] pvrusb2: Device being rendered inoperable [ 512.104292][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 512.111595][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 512.120416][ T2345] pvrusb2: Attached sub-driver cx25840 [ 512.125940][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 512.136139][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 512.148138][ T5913] gspca_sunplus: reg_w_riv err -71 [ 512.159687][T13448] pvrusb2: Attempted to execute control transfer when device not ok [ 512.167898][ T5913] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 512.176928][ T5942] usb 2-1: USB disconnect, device number 23 [ 512.198797][ T5913] usb 5-1: USB disconnect, device number 26 [ 512.530701][ T2154] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 512.680494][ T2154] usb 3-1: Using ep0 maxpacket: 8 [ 512.716786][ T2154] usb 3-1: unable to get BOS descriptor or descriptor too short [ 512.732780][ T2154] usb 3-1: config 1 has an invalid interface number: 211 but max is 0 [ 512.750651][ T2154] usb 3-1: config 1 has no interface number 0 [ 512.756861][ T2154] usb 3-1: config 1 interface 211 has no altsetting 0 [ 512.776194][ T2154] usb 3-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 512.790521][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.790787][T12697] Bluetooth: hci2: command 0x0c1a tx timeout [ 512.798737][ T2154] usb 3-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 512.798775][ T2154] usb 3-1: Manufacturer: Б [ 512.798792][ T2154] usb 3-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊 [ 512.808417][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 512.870722][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 512.895198][ T51] Bluetooth: hci0: Unable to find connection for big 0x00 [ 513.090523][ T2154] ftdi_sio 3-1:1.211: FTDI USB Serial Device converter detected [ 513.114480][ T2154] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 513.142385][ T2154] usb 3-1: USB disconnect, device number 70 [ 513.157956][ T2154] ftdi_sio 3-1:1.211: device disconnected [ 513.345309][T13469] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 513.393022][T13469] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 513.399676][T13469] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 513.408825][T13469] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 513.420537][T13476] FAULT_INJECTION: forcing a failure. [ 513.420537][T13476] name failslab, interval 1, probability 0, space 0, times 0 [ 513.437854][T13476] CPU: 0 UID: 0 PID: 13476 Comm: syz.1.2399 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 513.437884][T13476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 513.437897][T13476] Call Trace: [ 513.437906][T13476] [ 513.437915][T13476] dump_stack_lvl+0x189/0x250 [ 513.437945][T13476] ? __pfx____ratelimit+0x10/0x10 [ 513.437973][T13476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 513.437997][T13476] ? __pfx__printk+0x10/0x10 [ 513.438023][T13476] ? __pfx___might_resched+0x10/0x10 [ 513.438045][T13476] ? fs_reclaim_acquire+0x7d/0x100 [ 513.438078][T13476] should_fail_ex+0x414/0x560 [ 513.438116][T13476] should_failslab+0xa8/0x100 [ 513.438144][T13476] __kmalloc_noprof+0xcb/0x4f0 [ 513.438167][T13476] ? sctp_auth_make_key_vector+0xd8/0x300 [ 513.438201][T13476] sctp_auth_make_key_vector+0xd8/0x300 [ 513.438238][T13476] sctp_auth_asoc_create_secret+0x45/0x810 [ 513.438284][T13476] sctp_auth_asoc_init_active_key+0x14b/0x730 [ 513.438314][T13476] ? trace_kmalloc+0x1f/0xd0 [ 513.438333][T13476] ? sctp_auth_set_key+0x32a/0x930 [ 513.438365][T13476] sctp_auth_set_key+0x60b/0x930 [ 513.438403][T13476] sctp_setsockopt_auth_key+0x21a/0x640 [ 513.438432][T13476] sctp_setsockopt+0x506/0x1200 [ 513.438462][T13476] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 513.438493][T13476] do_sock_setsockopt+0x25a/0x3e0 [ 513.438528][T13476] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 513.438564][T13476] ? __fget_files+0x2a/0x420 [ 513.438603][T13476] __x64_sys_setsockopt+0x18b/0x220 [ 513.438641][T13476] do_syscall_64+0xfa/0x3b0 [ 513.438667][T13476] ? lockdep_hardirqs_on+0x9c/0x150 [ 513.438692][T13476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.438714][T13476] ? clear_bhb_loop+0x60/0xb0 [ 513.438739][T13476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.438761][T13476] RIP: 0033:0x7f53d5f8e929 [ 513.438780][T13476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.438799][T13476] RSP: 002b:00007f53d6e73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 513.438821][T13476] RAX: ffffffffffffffda RBX: 00007f53d61b6080 RCX: 00007f53d5f8e929 [ 513.438838][T13476] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003 [ 513.438851][T13476] RBP: 00007f53d6e73090 R08: 00000000000000ed R09: 0000000000000000 [ 513.438864][T13476] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000001 [ 513.438877][T13476] R13: 0000000000000001 R14: 00007f53d61b6080 R15: 00007ffea472a968 [ 513.438909][T13476] [ 513.954333][T12697] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 513.965276][T12697] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 514.030656][ T2154] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 514.180440][ T2154] usb 2-1: Using ep0 maxpacket: 8 [ 514.191815][ T2154] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 514.210413][ T2154] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.243422][ T2154] pvrusb2: Hardware description: Terratec Grabster AV400 [ 514.261260][ T5885] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 514.262444][ T2154] pvrusb2: ********** [ 514.284392][ T2154] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 514.299176][ T5885] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 514.299560][ T2154] pvrusb2: Important functionality might not be entirely working. [ 514.316011][ T5885] usb 1-1: USB disconnect, device number 7 [ 514.318170][ T2154] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 514.353562][ T2154] pvrusb2: ********** [ 514.455461][ T2345] pvrusb2: Invalid write control endpoint [ 514.564305][ T2345] pvrusb2: Invalid write control endpoint [ 514.581184][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 514.596221][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 514.609096][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 514.626378][ T2345] pvrusb2: Device being rendered inoperable [ 514.633077][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 514.643849][T12697] Bluetooth: hci2: Unable to find connection for big 0x00 [ 514.652658][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 514.670715][T13482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.689888][ T2345] pvrusb2: Attached sub-driver cx25840 [ 514.699356][T13482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.707566][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 514.718921][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 514.721011][T13482] pvrusb2: Attempted to execute control transfer when device not ok [ 514.774631][ T2154] usb 2-1: USB disconnect, device number 24 [ 514.829171][T13505] FAULT_INJECTION: forcing a failure. [ 514.829171][T13505] name failslab, interval 1, probability 0, space 0, times 0 [ 514.849737][T13505] CPU: 0 UID: 0 PID: 13505 Comm: syz.2.2408 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 514.849774][T13505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.849788][T13505] Call Trace: [ 514.849797][T13505] [ 514.849806][T13505] dump_stack_lvl+0x189/0x250 [ 514.849836][T13505] ? __pfx____ratelimit+0x10/0x10 [ 514.849863][T13505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.849887][T13505] ? __pfx__printk+0x10/0x10 [ 514.849914][T13505] ? __pfx___might_resched+0x10/0x10 [ 514.849936][T13505] ? fs_reclaim_acquire+0x7d/0x100 [ 514.849969][T13505] should_fail_ex+0x414/0x560 [ 514.850016][T13505] should_failslab+0xa8/0x100 [ 514.850044][T13505] __kmalloc_noprof+0xcb/0x4f0 [ 514.850066][T13505] ? security_task_alloc+0x4d/0x360 [ 514.850096][T13505] ? perf_event_init_task+0x12d/0x4b0 [ 514.850121][T13505] security_task_alloc+0x4d/0x360 [ 514.850156][T13505] copy_process+0x1530/0x3c00 [ 514.850197][T13505] ? copy_process+0x97f/0x3c00 [ 514.850228][T13505] ? __pfx_copy_process+0x10/0x10 [ 514.850264][T13505] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 514.850293][T13505] vhost_task_create+0x1c4/0x290 [ 514.850322][T13505] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 514.850350][T13505] ? __pfx_vhost_task_create+0x10/0x10 [ 514.850383][T13505] ? __pfx_vhost_task_fn+0x10/0x10 [ 514.850417][T13505] ? kasan_save_track+0x4f/0x80 [ 514.850436][T13505] ? kasan_save_track+0x3e/0x80 [ 514.850462][T13505] kvm_mmu_post_init_vm+0x147/0x2b0 [ 514.850496][T13505] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 514.850533][T13505] ? __mutex_trylock_common+0x153/0x260 [ 514.850561][T13505] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 514.850593][T13505] ? rcu_is_watching+0x15/0xb0 [ 514.850614][T13505] ? look_up_lock_class+0x74/0x170 [ 514.850642][T13505] ? register_lock_class+0x51/0x320 [ 514.850679][T13505] ? __lock_acquire+0xab9/0xd20 [ 514.850741][T13505] kvm_vcpu_ioctl+0x95c/0xe90 [ 514.850773][T13505] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 514.850794][T13505] ? __lock_acquire+0xab9/0xd20 [ 514.850846][T13505] ? __fget_files+0x2a/0x420 [ 514.850878][T13505] ? __fget_files+0x2a/0x420 [ 514.850906][T13505] ? __fget_files+0x3a0/0x420 [ 514.850934][T13505] ? __fget_files+0x2a/0x420 [ 514.850967][T13505] ? bpf_lsm_file_ioctl+0x9/0x20 [ 514.850999][T13505] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 514.851024][T13505] __se_sys_ioctl+0xfc/0x170 [ 514.851049][T13505] do_syscall_64+0xfa/0x3b0 [ 514.851075][T13505] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.851100][T13505] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.851121][T13505] ? clear_bhb_loop+0x60/0xb0 [ 514.851148][T13505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.851169][T13505] RIP: 0033:0x7f167878e929 [ 514.851188][T13505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.851207][T13505] RSP: 002b:00007f16795c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 514.851231][T13505] RAX: ffffffffffffffda RBX: 00007f16789b6080 RCX: 00007f167878e929 [ 514.851247][T13505] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 514.851260][T13505] RBP: 00007f16795c2090 R08: 0000000000000000 R09: 0000000000000000 [ 514.851274][T13505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.851287][T13505] R13: 0000000000000001 R14: 00007f16789b6080 R15: 00007ffc54b66798 [ 514.851321][T13505] [ 514.859749][T13506] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2410'. [ 515.093316][T13510] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2410'. [ 515.271596][T12697] Bluetooth: hci0: command 0x0c1a tx timeout [ 515.455248][T12697] Bluetooth: hci5: command 0x0411 tx timeout [ 515.458641][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 515.650537][ T2154] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 515.670864][T13507] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 515.678920][T13507] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 515.685347][T13507] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 515.691979][T13507] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 515.800443][ T2154] usb 3-1: Using ep0 maxpacket: 8 [ 515.807758][ T2154] usb 3-1: unable to get BOS descriptor or descriptor too short [ 515.822288][ T2154] usb 3-1: config 1 has an invalid interface number: 211 but max is 0 [ 515.835274][ T2154] usb 3-1: config 1 has no interface number 0 [ 515.853514][ T2154] usb 3-1: config 1 interface 211 has no altsetting 0 [ 515.875078][ T2154] usb 3-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 515.892660][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.913135][ T2154] usb 3-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 515.948767][ T2154] usb 3-1: Manufacturer: Б [ 515.974996][ T2154] usb 3-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱񋸇馩瘔 [ 516.000635][ T5913] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 516.102836][T12697] Bluetooth: hci2: Unable to find connection for big 0x00 [ 516.156413][ T5913] usb 2-1: Using ep0 maxpacket: 16 [ 516.165276][ T5913] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 516.177533][ T5913] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 516.196452][ T5913] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 516.220692][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 516.229602][ T5913] usb 2-1: SerialNumber: syz [ 516.233735][T13535] netlink: 'syz.0.2420': attribute type 29 has an invalid length. [ 516.235995][ T2154] ftdi_sio 3-1:1.211: FTDI USB Serial Device converter detected [ 516.242911][T13535] netlink: 'syz.0.2420': attribute type 29 has an invalid length. [ 516.261885][T13535] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2420'. [ 516.270074][T13521] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 516.279790][ T2154] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 516.290646][T13521] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 516.295418][ T2154] usb 3-1: USB disconnect, device number 71 [ 516.312533][ T2154] ftdi_sio 3-1:1.211: device disconnected [ 516.660480][ T5885] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 516.820432][ T5885] usb 1-1: Using ep0 maxpacket: 8 [ 516.834184][ T5885] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 516.850486][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.858681][ T5885] usb 1-1: Product: syz [ 516.872895][ T5885] usb 1-1: Manufacturer: syz [ 516.877633][ T5885] usb 1-1: SerialNumber: syz [ 516.889004][ T5885] usb 1-1: config 0 descriptor?? [ 516.930467][ T5833] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 516.986614][T13550] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 516.995336][T13550] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 517.005775][T13550] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 517.020794][T13550] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 517.080597][ T5833] usb 5-1: Using ep0 maxpacket: 16 [ 517.095186][ T5833] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 517.111936][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.123670][ T5885] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 517.135751][ T5833] usb 5-1: Product: syz [ 517.143372][ T5833] usb 5-1: Manufacturer: syz [ 517.153913][ T5833] usb 5-1: SerialNumber: syz [ 517.188560][ T5833] usb 5-1: config 0 descriptor?? [ 517.211963][ T5833] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 517.410651][ T5833] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 517.439165][ T5833] usb 5-1: USB disconnect, device number 27 [ 517.772300][T12697] Bluetooth: hci5: Unable to find connection for big 0x00 [ 518.341479][T13542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 518.354309][T13542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 518.400862][ T5901] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 518.550550][ T5901] usb 5-1: Using ep0 maxpacket: 8 [ 518.563024][ T5901] usb 5-1: unable to get BOS descriptor or descriptor too short [ 518.577302][ T5901] usb 5-1: config 1 has an invalid interface number: 211 but max is 0 [ 518.586695][ T5901] usb 5-1: config 1 has no interface number 0 [ 518.598560][ T5901] usb 5-1: config 1 interface 211 has no altsetting 0 [ 518.615471][ T5901] usb 5-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 518.625194][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.638631][ T5901] usb 5-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 518.674469][ T5901] usb 5-1: Manufacturer: Б [ 518.679213][ T5901] usb 5-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱񋸇 [ 518.755914][ T5913] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 518.784785][ T5913] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 518.788885][ T5885] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 518.824269][ T5885] usb 1-1: USB disconnect, device number 8 [ 518.825326][ T5913] usb 2-1: USB disconnect, device number 25 [ 518.924661][ T5901] ftdi_sio 5-1:1.211: FTDI USB Serial Device converter detected [ 518.955233][ T5901] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 518.978309][ T5901] usb 5-1: USB disconnect, device number 28 [ 519.006885][ T5901] ftdi_sio 5-1:1.211: device disconnected [ 519.031426][T12697] Bluetooth: hci1: command 0x0c1a tx timeout [ 519.031424][ T51] Bluetooth: hci5: command 0x0411 tx timeout [ 519.031481][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 519.037670][T12697] Bluetooth: hci0: command 0x0c1a tx timeout [ 519.060005][T13579] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 519.083705][T13579] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 519.098838][T13579] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 519.106144][T13579] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 519.560510][ T5913] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 519.582803][T13597] NILFS (rnullb0): couldn't find nilfs on the device [ 519.594788][T13597] NILFS (rnullb0): couldn't find nilfs on the device [ 519.710596][ T5913] usb 3-1: Using ep0 maxpacket: 32 [ 519.731709][ T5901] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 520.280526][ T5942] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 520.450540][ T5942] usb 2-1: Using ep0 maxpacket: 16 [ 520.469371][ T5942] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 520.505332][ T5942] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 520.560574][ T5942] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 520.583952][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 520.632156][ T5942] usb 2-1: SerialNumber: syz [ 520.682252][T13603] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 520.716775][T13603] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 520.790394][ T5901] usb 5-1: Using ep0 maxpacket: 32 [ 521.110495][T12697] Bluetooth: hci1: command 0x0c1a tx timeout [ 521.110540][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 521.122789][ T51] Bluetooth: hci5: command 0x0411 tx timeout [ 521.297107][T13607] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 521.340528][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 521.369322][T13607] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 521.446417][T13607] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 521.465656][T13607] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 522.123033][T13612] FAULT_INJECTION: forcing a failure. [ 522.123033][T13612] name failslab, interval 1, probability 0, space 0, times 0 [ 522.140108][T13612] CPU: 1 UID: 0 PID: 13612 Comm: syz.0.2446 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 522.140141][T13612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 522.140156][T13612] Call Trace: [ 522.140166][T13612] [ 522.140177][T13612] dump_stack_lvl+0x189/0x250 [ 522.140212][T13612] ? __pfx____ratelimit+0x10/0x10 [ 522.140241][T13612] ? __pfx_dump_stack_lvl+0x10/0x10 [ 522.140268][T13612] ? __pfx__printk+0x10/0x10 [ 522.140301][T13612] ? __pfx___might_resched+0x10/0x10 [ 522.140330][T13612] ? fs_reclaim_acquire+0x7d/0x100 [ 522.140367][T13612] should_fail_ex+0x414/0x560 [ 522.140407][T13612] should_failslab+0xa8/0x100 [ 522.140455][T13612] __kmalloc_cache_noprof+0x70/0x3d0 [ 522.140480][T13612] ? vhost_task_create+0xf6/0x290 [ 522.140509][T13612] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 522.140538][T13612] vhost_task_create+0xf6/0x290 [ 522.140561][T13612] ? finish_task_switch+0x18b/0x950 [ 522.140591][T13612] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 522.140621][T13612] ? __pfx_vhost_task_create+0x10/0x10 [ 522.140657][T13612] ? __pfx_vhost_task_fn+0x10/0x10 [ 522.140688][T13612] ? rcu_is_watching+0x15/0xb0 [ 522.140711][T13612] ? trace_sched_exit_tp+0x38/0x120 [ 522.140740][T13612] ? __schedule+0x1713/0x4d00 [ 522.140770][T13612] kvm_mmu_post_init_vm+0x147/0x2b0 [ 522.140805][T13612] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 522.140843][T13612] ? __mutex_trylock_common+0x153/0x260 [ 522.140870][T13612] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 522.140903][T13612] ? rcu_is_watching+0x15/0xb0 [ 522.140934][T13612] ? irqentry_exit+0x74/0x90 [ 522.140960][T13612] ? lockdep_hardirqs_on+0x9c/0x150 [ 522.140984][T13612] ? preempt_schedule+0xae/0xc0 [ 522.141011][T13612] ? preempt_schedule_common+0x83/0xd0 [ 522.141037][T13612] ? preempt_schedule+0xae/0xc0 [ 522.141061][T13612] ? __pfx_preempt_schedule+0x10/0x10 [ 522.141098][T13612] ? preempt_schedule_thunk+0x16/0x30 [ 522.141139][T13612] kvm_vcpu_ioctl+0x95c/0xe90 [ 522.141173][T13612] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 522.141196][T13612] ? __lock_acquire+0xab9/0xd20 [ 522.141251][T13612] ? __fget_files+0x2a/0x420 [ 522.141286][T13612] ? __fget_files+0x2a/0x420 [ 522.141322][T13612] ? __fget_files+0x3a0/0x420 [ 522.141351][T13612] ? __fget_files+0x2a/0x420 [ 522.141385][T13612] ? bpf_lsm_file_ioctl+0x9/0x20 [ 522.141407][T13612] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 522.141433][T13612] __se_sys_ioctl+0xfc/0x170 [ 522.141461][T13612] do_syscall_64+0xfa/0x3b0 [ 522.141491][T13612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.141512][T13612] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 522.141534][T13612] ? clear_bhb_loop+0x60/0xb0 [ 522.141561][T13612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.141584][T13612] RIP: 0033:0x7fc91c98e929 [ 522.141605][T13612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.141624][T13612] RSP: 002b:00007fc91d8b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 522.141649][T13612] RAX: ffffffffffffffda RBX: 00007fc91cbb5fa0 RCX: 00007fc91c98e929 [ 522.141665][T13612] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 522.141678][T13612] RBP: 00007fc91d8b9090 R08: 0000000000000000 R09: 0000000000000000 [ 522.141692][T13612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.141705][T13612] R13: 0000000000000000 R14: 00007fc91cbb5fa0 R15: 00007ffffacbbfe8 [ 522.141739][T13612] [ 522.176934][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.531143][ T5913] usb 3-1: unable to get BOS descriptor or descriptor too short [ 522.560660][ T5913] usb 3-1: no configurations [ 522.565479][ T5913] usb 3-1: can't read configurations, error -22 [ 522.582896][ T5901] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 522.602281][ T5901] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 522.611995][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.644455][ T5901] usb 5-1: config 0 descriptor?? [ 522.653767][ T5901] usb 5-1: can't set config #0, error -71 [ 522.663180][ T5901] usb 5-1: USB disconnect, device number 29 [ 522.860015][T13623] FAULT_INJECTION: forcing a failure. [ 522.860015][T13623] name failslab, interval 1, probability 0, space 0, times 0 [ 522.873177][T13623] CPU: 0 UID: 0 PID: 13623 Comm: syz.2.2451 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 522.873222][T13623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 522.873235][T13623] Call Trace: [ 522.873244][T13623] [ 522.873254][T13623] dump_stack_lvl+0x189/0x250 [ 522.873284][T13623] ? __pfx____ratelimit+0x10/0x10 [ 522.873305][T13623] ? __pfx_dump_stack_lvl+0x10/0x10 [ 522.873325][T13623] ? __pfx__printk+0x10/0x10 [ 522.873355][T13623] ? __pfx___might_resched+0x10/0x10 [ 522.873384][T13623] should_fail_ex+0x414/0x560 [ 522.873425][T13623] should_failslab+0xa8/0x100 [ 522.873452][T13623] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 522.873471][T13623] ? __alloc_skb+0x112/0x2d0 [ 522.873492][T13623] ? __pfx___mutex_trylock_common+0x10/0x10 [ 522.873524][T13623] __alloc_skb+0x112/0x2d0 [ 522.873558][T13623] netlink_dump+0x22b/0xe20 [ 522.873589][T13623] ? __netlink_lookup+0xbd/0x810 [ 522.873619][T13623] ? __pfx_netlink_dump+0x10/0x10 [ 522.873648][T13623] ? netlink_lookup+0x30/0x200 [ 522.873676][T13623] ? netlink_lookup+0x30/0x200 [ 522.873700][T13623] ? netlink_lookup+0x30/0x200 [ 522.873731][T13623] __netlink_dump_start+0x5cb/0x7e0 [ 522.873764][T13623] rtnetlink_rcv_msg+0x9eb/0xb70 [ 522.873785][T13623] ? __pfx_rtnl_dump_all+0x10/0x10 [ 522.873806][T13623] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 522.873835][T13623] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 522.873860][T13623] ? ref_tracker_free+0x63a/0x7d0 [ 522.873881][T13623] ? __pfx_rtnl_dumpit+0x10/0x10 [ 522.873908][T13623] ? __pfx_rtnl_dump_all+0x10/0x10 [ 522.873937][T13623] ? __skb_clone+0x63/0x7a0 [ 522.873979][T13623] netlink_rcv_skb+0x205/0x470 [ 522.874009][T13623] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 522.874039][T13623] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 522.874079][T13623] ? netlink_deliver_tap+0x2e/0x1b0 [ 522.874101][T13623] ? netlink_deliver_tap+0x2e/0x1b0 [ 522.874125][T13623] netlink_unicast+0x758/0x8d0 [ 522.874158][T13623] netlink_sendmsg+0x805/0xb30 [ 522.874205][T13623] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.874233][T13623] ? __lock_acquire+0xab9/0xd20 [ 522.874258][T13623] ? aa_sock_msg_perm+0xf1/0x1d0 [ 522.874277][T13623] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 522.874304][T13623] ? __pfx_netlink_sendmsg+0x10/0x10 [ 522.874334][T13623] __sock_sendmsg+0x21c/0x270 [ 522.874361][T13623] sock_write_iter+0x258/0x330 [ 522.874387][T13623] ? __pfx_sock_write_iter+0x10/0x10 [ 522.874413][T13623] ? bpf_lsm_file_permission+0x9/0x20 [ 522.874426][T13623] ? security_file_permission+0x75/0x290 [ 522.874464][T13623] vfs_write+0x548/0xa90 [ 522.874497][T13623] ? __pfx_sock_write_iter+0x10/0x10 [ 522.874519][T13623] ? __pfx_vfs_write+0x10/0x10 [ 522.874555][T13623] ? __fget_files+0x2a/0x420 [ 522.874595][T13623] ksys_write+0x145/0x250 [ 522.874624][T13623] ? __pfx_ksys_write+0x10/0x10 [ 522.874657][T13623] ? do_syscall_64+0xbe/0x3b0 [ 522.874690][T13623] do_syscall_64+0xfa/0x3b0 [ 522.874715][T13623] ? lockdep_hardirqs_on+0x9c/0x150 [ 522.874741][T13623] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.874763][T13623] ? clear_bhb_loop+0x60/0xb0 [ 522.874789][T13623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.874811][T13623] RIP: 0033:0x7f167878e929 [ 522.874831][T13623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.874850][T13623] RSP: 002b:00007f16795e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 522.874873][T13623] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878e929 [ 522.874889][T13623] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000003 [ 522.874902][T13623] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 522.874915][T13623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.874929][T13623] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 522.874961][T13623] [ 523.279219][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 523.304551][ T5942] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 523.337580][ T5942] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 523.353244][ T5942] usb 2-1: USB disconnect, device number 26 [ 523.436902][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 523.460487][ T5901] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 523.466937][ T5839] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 523.476764][ T5839] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 523.510780][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 523.620461][ T5901] usb 5-1: Using ep0 maxpacket: 8 [ 523.627864][ T5901] usb 5-1: unable to get BOS descriptor or descriptor too short [ 523.637599][ T5901] usb 5-1: config 1 has an invalid interface number: 211 but max is 0 [ 523.646107][ T5901] usb 5-1: config 1 has no interface number 0 [ 523.652423][ T5901] usb 5-1: config 1 interface 211 has no altsetting 0 [ 523.662542][ T5901] usb 5-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 523.671994][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.680125][ T5901] usb 5-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 523.710858][ T5901] usb 5-1: Manufacturer: Б [ 523.715826][ T5901] usb 5-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 523.954307][ T5901] ftdi_sio 5-1:1.211: FTDI USB Serial Device converter detected [ 523.963228][ T5901] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 523.978571][ T5901] usb 5-1: USB disconnect, device number 30 [ 523.991727][ T5901] ftdi_sio 5-1:1.211: device disconnected [ 524.285771][T13636] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 524.292024][T13636] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 524.298217][T13636] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 524.306764][T13636] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 524.556268][ T5913] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 524.592957][T13650] FAULT_INJECTION: forcing a failure. [ 524.592957][T13650] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 524.607019][T13650] CPU: 1 UID: 0 PID: 13650 Comm: syz.2.2460 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 524.607048][T13650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 524.607061][T13650] Call Trace: [ 524.607070][T13650] [ 524.607079][T13650] dump_stack_lvl+0x189/0x250 [ 524.607107][T13650] ? __pfx____ratelimit+0x10/0x10 [ 524.607133][T13650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 524.607155][T13650] ? __pfx__printk+0x10/0x10 [ 524.607179][T13650] ? __might_fault+0xb0/0x130 [ 524.607216][T13650] should_fail_ex+0x414/0x560 [ 524.607261][T13650] _copy_from_user+0x2d/0xb0 [ 524.607296][T13650] kstrtouint_from_user+0xc4/0x170 [ 524.607327][T13650] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 524.607375][T13650] proc_fail_nth_write+0x88/0x240 [ 524.607407][T13650] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 524.607445][T13650] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 524.607479][T13650] vfs_write+0x27b/0xa90 [ 524.607515][T13650] ? __pfx_vfs_write+0x10/0x10 [ 524.607542][T13650] ? __fget_files+0x2a/0x420 [ 524.607576][T13650] ? __fget_files+0x3a0/0x420 [ 524.607603][T13650] ? __fget_files+0x2a/0x420 [ 524.607642][T13650] ksys_write+0x145/0x250 [ 524.607670][T13650] ? __pfx_ksys_write+0x10/0x10 [ 524.607702][T13650] ? do_syscall_64+0xbe/0x3b0 [ 524.607734][T13650] do_syscall_64+0xfa/0x3b0 [ 524.607759][T13650] ? lockdep_hardirqs_on+0x9c/0x150 [ 524.607784][T13650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.607806][T13650] ? clear_bhb_loop+0x60/0xb0 [ 524.607832][T13650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.607853][T13650] RIP: 0033:0x7f167878d3df [ 524.607873][T13650] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 524.607890][T13650] RSP: 002b:00007f16795e3030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 524.607914][T13650] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f167878d3df [ 524.607929][T13650] RDX: 0000000000000001 RSI: 00007f16795e30a0 RDI: 0000000000000004 [ 524.607942][T13650] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 524.607955][T13650] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 524.607968][T13650] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 524.608001][T13650] [ 524.919625][ T5839] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 524.931901][ T5839] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 524.955704][T13666] FAULT_INJECTION: forcing a failure. [ 524.955704][T13666] name failslab, interval 1, probability 0, space 0, times 0 [ 524.969332][T13666] CPU: 0 UID: 0 PID: 13666 Comm: syz.0.2466 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 524.969361][T13666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 524.969376][T13666] Call Trace: [ 524.969385][T13666] [ 524.969399][T13666] dump_stack_lvl+0x189/0x250 [ 524.969429][T13666] ? __pfx____ratelimit+0x10/0x10 [ 524.969457][T13666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 524.969481][T13666] ? __pfx__printk+0x10/0x10 [ 524.969512][T13666] ? __pfx___might_resched+0x10/0x10 [ 524.969539][T13666] should_fail_ex+0x414/0x560 [ 524.969576][T13666] should_failslab+0xa8/0x100 [ 524.969604][T13666] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 524.969629][T13666] ? __alloc_skb+0x112/0x2d0 [ 524.969663][T13666] __alloc_skb+0x112/0x2d0 [ 524.969697][T13666] tcp_stream_alloc_skb+0x3d/0x340 [ 524.969726][T13666] tcp_sendmsg_locked+0x1f46/0x5630 [ 524.969759][T13666] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 524.969826][T13666] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 524.969849][T13666] ? __local_bh_enable_ip+0x12d/0x1c0 [ 524.969874][T13666] ? __local_bh_enable_ip+0x12d/0x1c0 [ 524.969909][T13666] tcp_sendmsg+0x2f/0x50 [ 524.969933][T13666] __sock_sendmsg+0x19c/0x270 [ 524.969961][T13666] __sys_sendto+0x3bd/0x520 [ 524.969992][T13666] ? __pfx___sys_sendto+0x10/0x10 [ 524.970029][T13666] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 524.970071][T13666] ? __fget_files+0x3a0/0x420 [ 524.970112][T13666] ? ksys_write+0x22a/0x250 [ 524.970140][T13666] ? __pfx_ksys_write+0x10/0x10 [ 524.970163][T13666] ? rcu_is_watching+0x15/0xb0 [ 524.970189][T13666] __x64_sys_sendto+0xde/0x100 [ 524.970222][T13666] do_syscall_64+0xfa/0x3b0 [ 524.970247][T13666] ? lockdep_hardirqs_on+0x9c/0x150 [ 524.970272][T13666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.970293][T13666] ? clear_bhb_loop+0x60/0xb0 [ 524.970318][T13666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.970338][T13666] RIP: 0033:0x7fc91c98e929 [ 524.970357][T13666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.970376][T13666] RSP: 002b:00007fc91d8b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 524.970399][T13666] RAX: ffffffffffffffda RBX: 00007fc91cbb5fa0 RCX: 00007fc91c98e929 [ 524.970415][T13666] RDX: 0000000000000006 RSI: 00002000000028c0 RDI: 0000000000000003 [ 524.970429][T13666] RBP: 00007fc91d8b9090 R08: 0000000000000000 R09: 0000000000000000 [ 524.970442][T13666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 524.970454][T13666] R13: 0000000000000000 R14: 00007fc91cbb5fa0 R15: 00007ffffacbbfe8 [ 524.970484][T13666] [ 524.971892][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 524.982701][ T5901] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 524.995300][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.200716][ T5901] usb 5-1: Using ep0 maxpacket: 16 [ 525.227171][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.242839][ T5901] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 525.246156][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 525.288384][ T5901] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 525.298886][ T5913] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 525.317743][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.319765][ T5901] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 525.332303][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 525.344784][ T5913] usb 2-1: config 0 descriptor?? [ 525.354007][ T5901] usb 5-1: SerialNumber: syz [ 525.381384][T13658] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 525.388984][T13658] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 525.832011][T13676] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 525.845038][T13676] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 525.870583][T13684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2469'. [ 525.880240][T13676] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 525.892708][T13676] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 526.009449][ T5913] usbhid 2-1:0.0: can't add hid device: -71 [ 526.015789][ T5913] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 526.041302][ T5913] usb 2-1: USB disconnect, device number 27 [ 526.141189][ T5833] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 526.320595][ T5833] usb 1-1: Using ep0 maxpacket: 8 [ 526.332074][ T5833] usb 1-1: unable to get BOS descriptor or descriptor too short [ 526.351148][ T5833] usb 1-1: config 1 has an invalid interface number: 211 but max is 0 [ 526.359504][ T5833] usb 1-1: config 1 has no interface number 0 [ 526.372611][ T5833] usb 1-1: config 1 interface 211 has no altsetting 0 [ 526.384316][ T5833] usb 1-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 526.394181][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.402901][ T5833] usb 1-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 526.433760][ T5833] usb 1-1: Manufacturer: Б [ 526.438489][ T5833] usb 1-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 526.610504][ T5913] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 526.658760][T13700] gfs2: not a GFS2 filesystem [ 526.668576][T13700] gfs2: not a GFS2 filesystem [ 526.674811][ T5833] ftdi_sio 1-1:1.211: FTDI USB Serial Device converter detected [ 526.676587][T13700] gfs2: not a GFS2 filesystem [ 526.687957][ T5833] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 526.697094][T13700] gfs2: not a GFS2 filesystem [ 526.709097][ T5833] usb 1-1: USB disconnect, device number 9 [ 526.716360][T13700] gfs2: not a GFS2 filesystem [ 526.731806][ T5833] ftdi_sio 1-1:1.211: device disconnected [ 526.744359][T13700] gfs2: not a GFS2 filesystem [ 526.750139][T13700] gfs2: not a GFS2 filesystem [ 526.776951][T13700] gfs2: not a GFS2 filesystem [ 526.784919][T13700] gfs2: not a GFS2 filesystem [ 526.790822][ T5913] usb 3-1: Using ep0 maxpacket: 32 [ 526.794465][T13700] gfs2: not a GFS2 filesystem [ 526.815660][T13700] gfs2: not a GFS2 filesystem [ 526.847646][T13700] gfs2: not a GFS2 filesystem [ 526.866426][T13700] gfs2: not a GFS2 filesystem [ 526.906255][T13700] gfs2: not a GFS2 filesystem [ 526.936637][T13700] gfs2: not a GFS2 filesystem [ 526.984344][T13700] gfs2: not a GFS2 filesystem [ 527.007401][T13700] gfs2: not a GFS2 filesystem [ 527.028984][T13700] gfs2: not a GFS2 filesystem [ 527.046195][T13700] gfs2: not a GFS2 filesystem [ 527.065795][T13700] gfs2: not a GFS2 filesystem [ 527.098765][T13700] gfs2: not a GFS2 filesystem [ 527.123523][T13700] gfs2: not a GFS2 filesystem [ 527.148189][T13700] gfs2: not a GFS2 filesystem [ 527.166978][T13700] gfs2: not a GFS2 filesystem [ 527.187389][T13700] gfs2: not a GFS2 filesystem [ 527.233494][T13700] gfs2: not a GFS2 filesystem [ 527.262403][T13700] gfs2: not a GFS2 filesystem [ 527.288803][T13700] gfs2: not a GFS2 filesystem [ 527.325994][T13700] gfs2: not a GFS2 filesystem [ 527.360149][T13700] gfs2: not a GFS2 filesystem [ 527.384703][T13700] gfs2: not a GFS2 filesystem [ 527.413025][T13700] gfs2: not a GFS2 filesystem [ 527.449518][T13700] gfs2: not a GFS2 filesystem [ 527.500988][ T5839] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 527.510068][ T5839] Bluetooth: hci2: unexpected event for opcode 0x2062 [ 527.811267][ T5901] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 527.910461][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 527.916588][ T51] Bluetooth: hci5: command 0x0411 tx timeout [ 527.923096][T12697] Bluetooth: hci0: command 0x0c1a tx timeout [ 528.110558][ T5942] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 528.335989][ T5942] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 528.393060][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.440772][ T5942] usb 2-1: Product: syz [ 528.459044][ T5942] usb 2-1: Manufacturer: syz [ 528.485157][ T5942] usb 2-1: SerialNumber: syz [ 528.553286][ T5942] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 528.818658][ T2154] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 528.830787][ T5901] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 529.204520][T13715] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2481'. [ 529.332015][ T5942] usb 2-1: USB disconnect, device number 28 [ 529.412724][ T5901] usb 5-1: USB disconnect, device number 31 [ 529.446668][ T5913] usb 3-1: unable to get BOS descriptor or descriptor too short [ 529.463926][T13716] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 529.476296][ T5913] usb 3-1: no configurations [ 529.492093][ T5913] usb 3-1: can't read configurations, error -22 [ 529.527785][T13716] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 529.539913][T13716] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 529.547874][T13716] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 529.636826][T13725] FAULT_INJECTION: forcing a failure. [ 529.636826][T13725] name failslab, interval 1, probability 0, space 0, times 0 [ 529.653188][T13725] CPU: 1 UID: 0 PID: 13725 Comm: syz.2.2484 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 529.653220][T13725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 529.653234][T13725] Call Trace: [ 529.653243][T13725] [ 529.653254][T13725] dump_stack_lvl+0x189/0x250 [ 529.653284][T13725] ? __pfx____ratelimit+0x10/0x10 [ 529.653311][T13725] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.653336][T13725] ? __pfx__printk+0x10/0x10 [ 529.653363][T13725] ? __pfx___might_resched+0x10/0x10 [ 529.653384][T13725] ? fs_reclaim_acquire+0x7d/0x100 [ 529.653418][T13725] should_fail_ex+0x414/0x560 [ 529.653455][T13725] should_failslab+0xa8/0x100 [ 529.653483][T13725] __kmalloc_noprof+0xcb/0x4f0 [ 529.653506][T13725] ? tomoyo_encode+0x28b/0x550 [ 529.653535][T13725] tomoyo_encode+0x28b/0x550 [ 529.653565][T13725] tomoyo_realpath_from_path+0x58d/0x5d0 [ 529.653604][T13725] tomoyo_path_perm+0x213/0x4b0 [ 529.653637][T13725] ? tomoyo_path_perm+0x1e3/0x4b0 [ 529.653668][T13725] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 529.653709][T13725] ? filemap_check_errors+0xd2/0x120 [ 529.653763][T13725] ? bdev_mark_dead+0x9f/0x170 [ 529.653812][T13725] security_inode_getattr+0x12f/0x330 [ 529.653844][T13725] vfs_getattr+0x23/0x70 [ 529.653877][T13725] loop_assign_backing_file+0x222/0x400 [ 529.653910][T13725] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 529.653938][T13725] ? bd_prepare_to_claim+0x3f1/0x490 [ 529.653991][T13725] ? __asan_memcpy+0x40/0x70 [ 529.654025][T13725] ? loop_set_status_from_info+0x185/0x250 [ 529.654057][T13725] loop_configure+0x7d5/0xfa0 [ 529.654103][T13725] ? __pfx_loop_configure+0x10/0x10 [ 529.654166][T13725] lo_ioctl+0x79b/0x2410 [ 529.654206][T13725] ? __pfx_lo_ioctl+0x10/0x10 [ 529.654231][T13725] ? ima_match_policy+0x10b/0x2150 [ 529.654259][T13725] ? look_up_lock_class+0x74/0x170 [ 529.654288][T13725] ? register_lock_class+0x51/0x320 [ 529.654325][T13725] ? __lock_acquire+0xab9/0xd20 [ 529.654366][T13725] ? process_measurement+0x3d8/0x1a40 [ 529.654399][T13725] ? __lock_acquire+0xab9/0xd20 [ 529.654438][T13725] ? __lock_acquire+0xab9/0xd20 [ 529.654483][T13725] ? __lock_acquire+0xab9/0xd20 [ 529.654527][T13725] ? __lock_acquire+0xab9/0xd20 [ 529.654581][T13725] ? is_bpf_text_address+0x26/0x2b0 [ 529.654619][T13725] ? is_bpf_text_address+0x292/0x2b0 [ 529.654649][T13725] ? is_bpf_text_address+0x26/0x2b0 [ 529.654684][T13725] ? kernel_text_address+0xa5/0xe0 [ 529.654712][T13725] ? __kernel_text_address+0xd/0x40 [ 529.654740][T13725] ? unwind_get_return_address+0x4d/0x90 [ 529.654761][T13725] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 529.654786][T13725] ? arch_stack_walk+0xfc/0x150 [ 529.654829][T13725] ? stack_trace_save+0x9c/0xe0 [ 529.654857][T13725] ? stack_depot_save_flags+0x40/0x900 [ 529.654900][T13725] ? kasan_save_track+0x4f/0x80 [ 529.654920][T13725] ? kasan_save_track+0x3e/0x80 [ 529.654937][T13725] ? kasan_save_free_info+0x46/0x50 [ 529.654964][T13725] ? __kasan_slab_free+0x62/0x70 [ 529.654983][T13725] ? kfree+0x18e/0x440 [ 529.655001][T13725] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 529.655029][T13725] ? security_file_ioctl+0xcb/0x2d0 [ 529.655057][T13725] ? __se_sys_ioctl+0x47/0x170 [ 529.655076][T13725] ? do_syscall_64+0xfa/0x3b0 [ 529.655099][T13725] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.655147][T13725] ? do_vfs_ioctl+0xf37/0x1990 [ 529.655173][T13725] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 529.655204][T13725] ? kasan_quarantine_put+0xdd/0x220 [ 529.655234][T13725] ? blkdev_common_ioctl+0xfc3/0x2450 [ 529.655264][T13725] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 529.655297][T13725] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 529.655328][T13725] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 529.655356][T13725] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 529.655386][T13725] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 529.655465][T13725] ? __pfx_lo_ioctl+0x10/0x10 [ 529.655493][T13725] blkdev_ioctl+0x5a5/0x6d0 [ 529.655526][T13725] ? __pfx_blkdev_ioctl+0x10/0x10 [ 529.655552][T13725] ? __fget_files+0x2a/0x420 [ 529.655586][T13725] ? bpf_lsm_file_ioctl+0x9/0x20 [ 529.655607][T13725] ? __pfx_blkdev_ioctl+0x10/0x10 [ 529.655635][T13725] __se_sys_ioctl+0xfc/0x170 [ 529.655662][T13725] do_syscall_64+0xfa/0x3b0 [ 529.655688][T13725] ? lockdep_hardirqs_on+0x9c/0x150 [ 529.655713][T13725] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.655734][T13725] ? clear_bhb_loop+0x60/0xb0 [ 529.655760][T13725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.655781][T13725] RIP: 0033:0x7f167878e929 [ 529.655801][T13725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.655826][T13725] RSP: 002b:00007f16795e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 529.655850][T13725] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878e929 [ 529.655865][T13725] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000004 [ 529.655879][T13725] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 529.655892][T13725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.655905][T13725] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 529.655939][T13725] [ 529.655967][T13725] ERROR: Out of memory at tomoyo_realpath_from_path. [ 529.730585][ T5901] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 529.757748][T13725] loop6: detected capacity change from 0 to 7 [ 529.920551][ T5901] usb 5-1: Using ep0 maxpacket: 32 [ 529.924004][ T2154] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 529.938012][T13725] Dev loop6: unable to read RDB block 7 [ 529.952397][ T2154] ath9k_htc: Failed to initialize the device [ 529.982755][ T5901] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 529.990892][ T5942] usb 2-1: ath9k_htc: USB layer deinitialized [ 530.000689][T13725] loop6: AHDI p3 p4 [ 530.232555][ T5901] usb 5-1: config 0 has no interface number 0 [ 530.238789][ T5901] usb 5-1: config 0 interface 132 has no altsetting 0 [ 530.246236][T13725] loop6: partition table partially beyond EOD, truncated [ 530.254527][T13725] loop6: p3 start 1886353253 is beyond EOD, truncated [ 530.266728][ T5901] usb 5-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75 [ 530.276532][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.287964][ T5901] usb 5-1: Product: syz [ 530.292605][ T5901] usb 5-1: Manufacturer: syz [ 530.297293][ T5901] usb 5-1: SerialNumber: syz [ 530.321946][ T5901] usb 5-1: config 0 descriptor?? [ 530.457901][T13726] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2483'. [ 530.571216][T13730] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.577374][T13730] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 530.584815][T13730] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 530.591613][T13730] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 530.980424][ T5913] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 531.000542][ T5942] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 531.010635][ T5885] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 531.130587][ T5913] usb 2-1: Using ep0 maxpacket: 8 [ 531.141118][ T5913] usb 2-1: unable to get BOS descriptor or descriptor too short [ 531.153308][ T5913] usb 2-1: config 1 has an invalid interface number: 211 but max is 0 [ 531.161741][ T5942] usb 3-1: Using ep0 maxpacket: 16 [ 531.167097][ T5913] usb 2-1: config 1 has no interface number 0 [ 531.177229][ T5913] usb 2-1: config 1 interface 211 has no altsetting 0 [ 531.180488][ T5885] usb 1-1: Using ep0 maxpacket: 32 [ 531.184318][ T5942] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 531.199979][ T5942] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 531.211335][ T5885] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 531.213044][ T5913] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 531.234740][ T5885] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 531.236358][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.246177][ T5885] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 531.253148][ T5942] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 531.266822][ T5885] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 531.281139][ T5913] usb 2-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 531.285153][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.313081][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 531.313113][ T5942] usb 3-1: SerialNumber: syz [ 531.317475][ T5913] usb 2-1: Manufacturer: Б [ 531.327813][T13733] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 531.329544][ T5913] usb 2-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 531.338478][T13733] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 531.377043][ T5885] usb 1-1: config 0 descriptor?? [ 531.583330][ T5913] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected [ 531.603333][ T5913] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 531.622108][ T5913] usb 2-1: USB disconnect, device number 29 [ 531.643611][ T5913] ftdi_sio 2-1:1.211: device disconnected [ 531.643630][ T5901] cdc_subset 5-1:0.132: probe with driver cdc_subset failed with error -71 [ 531.714159][ T5901] usb 5-1: USB disconnect, device number 32 [ 532.035806][ T5885] usbhid 1-1:0.0: can't add hid device: -71 [ 532.049523][ T5885] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 532.070685][ T5885] usb 1-1: USB disconnect, device number 10 [ 532.200227][T13741] omfs: Invalid superblock (0) [ 532.266463][ T51] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 532.277713][ T51] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 532.280770][ T5913] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 532.440473][ T5913] usb 5-1: Using ep0 maxpacket: 16 [ 532.449211][ T5913] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1040, setting to 1024 [ 532.463001][ T5913] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 532.473215][ T5913] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 532.640781][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 532.640816][ T5839] Bluetooth: hci5: command 0x0411 tx timeout [ 532.646924][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 532.942852][T13746] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 532.953288][T13746] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 532.959713][T13746] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 532.984182][T13753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2491'. [ 532.990936][T13746] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 533.321263][T13756] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 533.328580][T13756] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 533.344299][T13756] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 533.346490][T13761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2494'. [ 533.374964][T13756] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 533.420488][ T5901] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 533.585825][ T5901] usb 1-1: Using ep0 maxpacket: 32 [ 533.696459][T13764] FAULT_INJECTION: forcing a failure. [ 533.696459][T13764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 533.747263][T13764] CPU: 0 UID: 0 PID: 13764 Comm: syz.0.2495 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 533.747297][T13764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 533.747312][T13764] Call Trace: [ 533.747322][T13764] [ 533.747332][T13764] dump_stack_lvl+0x189/0x250 [ 533.747362][T13764] ? __pfx____ratelimit+0x10/0x10 [ 533.747390][T13764] ? __pfx_dump_stack_lvl+0x10/0x10 [ 533.747414][T13764] ? __pfx__printk+0x10/0x10 [ 533.747447][T13764] ? __might_fault+0xb0/0x130 [ 533.747483][T13764] should_fail_ex+0x414/0x560 [ 533.747520][T13764] _copy_from_user+0x2d/0xb0 [ 533.747554][T13764] snd_seq_oss_write+0x515/0x930 [ 533.747595][T13764] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 533.747620][T13764] ? common_file_perm+0x199/0x200 [ 533.747648][T13764] ? security_file_permission+0x75/0x290 [ 533.747683][T13764] odev_write+0x5a/0x80 [ 533.747713][T13764] ? __pfx_odev_write+0x10/0x10 [ 533.747744][T13764] vfs_write+0x27b/0xa90 [ 533.747785][T13764] ? __pfx_vfs_write+0x10/0x10 [ 533.747812][T13764] ? __fget_files+0x2a/0x420 [ 533.747844][T13764] ? __fget_files+0x2a/0x420 [ 533.747872][T13764] ? __fget_files+0x3a0/0x420 [ 533.747900][T13764] ? __fget_files+0x2a/0x420 [ 533.747938][T13764] ksys_write+0x145/0x250 [ 533.747966][T13764] ? __pfx_ksys_write+0x10/0x10 [ 533.747988][T13764] ? rcu_is_watching+0x15/0xb0 [ 533.748016][T13764] ? do_syscall_64+0xbe/0x3b0 [ 533.748048][T13764] do_syscall_64+0xfa/0x3b0 [ 533.748073][T13764] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.748098][T13764] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.748119][T13764] ? clear_bhb_loop+0x60/0xb0 [ 533.748146][T13764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.748167][T13764] RIP: 0033:0x7fc91c98e929 [ 533.748186][T13764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.748205][T13764] RSP: 002b:00007fc91d898038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 533.748227][T13764] RAX: ffffffffffffffda RBX: 00007fc91cbb6080 RCX: 00007fc91c98e929 [ 533.748243][T13764] RDX: 0000000000000232 RSI: 00002000000004c0 RDI: 0000000000000004 [ 533.748257][T13764] RBP: 00007fc91d898090 R08: 0000000000000000 R09: 0000000000000000 [ 533.748271][T13764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 533.748284][T13764] R13: 0000000000000001 R14: 00007fc91cbb6080 R15: 00007ffffacbbfe8 [ 533.748318][T13764] [ 534.092456][ T5942] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 534.113822][ T5942] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 534.130621][ T5942] usb 3-1: USB disconnect, device number 76 [ 534.550842][ T5942] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 534.790729][ T5942] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.856989][ T5942] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 534.928150][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.943861][ T5913] usb 5-1: string descriptor 0 read error: -71 [ 535.000621][ T5913] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 535.037961][ T5942] usb 3-1: config 0 descriptor?? [ 535.069733][ T5942] pwc: Askey VC010 type 2 USB webcam detected. [ 535.085350][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.147504][ T5913] usb 5-1: can't set config #1, error -71 [ 535.206275][ T5913] usb 5-1: USB disconnect, device number 33 [ 535.350548][ T51] Bluetooth: hci5: command 0x0411 tx timeout [ 535.356694][T12697] Bluetooth: hci2: command 0x0c1a tx timeout [ 535.362921][T12697] Bluetooth: hci0: command 0x0c1a tx timeout [ 535.440565][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 535.467375][ T5942] pwc: recv_control_msg error -32 req 02 val 2b00 [ 535.486892][ T5942] pwc: recv_control_msg error -32 req 02 val 2700 [ 535.503500][ T5942] pwc: recv_control_msg error -32 req 02 val 2c00 [ 535.533109][ T5942] pwc: recv_control_msg error -32 req 04 val 1000 [ 535.540780][ T5913] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 535.553350][ T5942] pwc: recv_control_msg error -32 req 04 val 1300 [ 535.564745][ T5942] pwc: recv_control_msg error -32 req 04 val 1400 [ 535.576259][ T5942] pwc: recv_control_msg error -32 req 02 val 2000 [ 535.586849][ T5942] pwc: recv_control_msg error -32 req 02 val 2100 [ 535.599175][ T5942] pwc: recv_control_msg error -32 req 04 val 1500 [ 535.618497][ T5942] pwc: recv_control_msg error -32 req 02 val 2500 [ 535.628532][ T5942] pwc: recv_control_msg error -32 req 02 val 2400 [ 535.641497][ T5942] pwc: recv_control_msg error -32 req 02 val 2600 [ 535.649472][ T5942] pwc: recv_control_msg error -32 req 02 val 2900 [ 535.659661][ T5942] pwc: recv_control_msg error -32 req 02 val 2800 [ 535.668560][ T5942] pwc: recv_control_msg error -32 req 04 val 1100 [ 535.678729][ T5942] pwc: recv_control_msg error -32 req 04 val 1200 [ 535.690064][ T5942] pwc: Registered as video103. [ 535.716625][ T5913] usb 5-1: Using ep0 maxpacket: 8 [ 535.727966][ T5942] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input44 [ 535.756012][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short [ 535.766454][ T5913] usb 5-1: config 1 has an invalid interface number: 211 but max is 0 [ 535.783018][ T5913] usb 5-1: config 1 has no interface number 0 [ 535.819125][ T5913] usb 5-1: config 1 interface 211 has no altsetting 0 [ 535.854451][ T5913] usb 5-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 535.865428][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.899669][ T5913] usb 5-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 535.936404][ T5913] usb 5-1: Manufacturer: Б [ 535.945142][ T5913] usb 5-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 536.211049][ T5913] ftdi_sio 5-1:1.211: FTDI USB Serial Device converter detected [ 536.226192][ T5913] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 536.236922][ T5901] usb 1-1: unable to get BOS descriptor or descriptor too short [ 536.260462][ T5901] usb 1-1: no configurations [ 536.265171][ T5901] usb 1-1: can't read configurations, error -22 [ 536.296887][ T5913] usb 5-1: USB disconnect, device number 34 [ 536.341615][ T5913] ftdi_sio 5-1:1.211: device disconnected [ 536.363622][ T51] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 536.380517][ T51] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 536.392075][T13775] /dev/rnullb0: Can't open blockdev [ 536.404333][ T7069] usb 3-1: USB disconnect, device number 77 [ 536.540015][T13780] Invalid logical block size (18) [ 536.860849][T13785] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 536.861326][T13784] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2504'. [ 536.866894][ T7069] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 536.886276][T13785] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 536.892757][T13785] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 536.899035][T13785] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 537.046742][ T7069] usb 3-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 537.055882][ T7069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.064203][ T7069] usb 3-1: Product: syz [ 537.068394][ T7069] usb 3-1: Manufacturer: syz [ 537.073070][ T7069] usb 3-1: SerialNumber: syz [ 537.080091][ T7069] usb 3-1: config 0 descriptor?? [ 537.150465][ T5913] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 537.300429][ T5913] usb 5-1: Using ep0 maxpacket: 16 [ 537.307433][ T5913] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 537.317816][ T5913] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 537.328819][ T5913] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 537.338157][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 537.346394][ T5913] usb 5-1: SerialNumber: syz [ 537.355872][T13790] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 537.363450][T13790] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 537.700722][ T7069] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 537.711476][ T7069] asix 3-1:0.0: probe with driver asix failed with error -71 [ 537.723440][ T7069] usb 3-1: USB disconnect, device number 78 [ 538.870564][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 538.950697][ T5839] Bluetooth: hci5: command 0x0411 tx timeout [ 538.954179][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 538.956805][T12697] Bluetooth: hci2: command 0x0c1a tx timeout [ 539.808443][ T5913] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 539.827046][ T5913] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 539.836790][ T5913] usb 5-1: USB disconnect, device number 35 [ 539.940207][T13795] FAULT_INJECTION: forcing a failure. [ 539.940207][T13795] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 539.972403][T13795] CPU: 1 UID: 0 PID: 13795 Comm: syz.2.2508 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 539.972433][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 539.972447][T13795] Call Trace: [ 539.972456][T13795] [ 539.972465][T13795] dump_stack_lvl+0x189/0x250 [ 539.972494][T13795] ? __pfx____ratelimit+0x10/0x10 [ 539.972519][T13795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 539.972543][T13795] ? __pfx__printk+0x10/0x10 [ 539.972578][T13795] should_fail_ex+0x414/0x560 [ 539.972615][T13795] _copy_to_user+0x31/0xb0 [ 539.972636][T13795] simple_read_from_buffer+0xe1/0x170 [ 539.972668][T13795] proc_fail_nth_read+0x1df/0x250 [ 539.972710][T13795] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 539.972743][T13795] ? rw_verify_area+0x258/0x650 [ 539.972766][T13795] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 539.972798][T13795] vfs_read+0x1fd/0x980 [ 539.972826][T13795] ? __pfx___mutex_lock+0x10/0x10 [ 539.972852][T13795] ? __pfx_vfs_read+0x10/0x10 [ 539.972878][T13795] ? __fget_files+0x2a/0x420 [ 539.972909][T13795] ? __fget_files+0x3a0/0x420 [ 539.972935][T13795] ? __fget_files+0x2a/0x420 [ 539.972970][T13795] ksys_read+0x145/0x250 [ 539.972992][T13795] ? __fget_files+0x3a0/0x420 [ 539.973022][T13795] ? __pfx_ksys_read+0x10/0x10 [ 539.973051][T13795] ? do_syscall_64+0xbe/0x3b0 [ 539.973082][T13795] do_syscall_64+0xfa/0x3b0 [ 539.973106][T13795] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.973131][T13795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.973151][T13795] ? clear_bhb_loop+0x60/0xb0 [ 539.973176][T13795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.973196][T13795] RIP: 0033:0x7f167878d33c [ 539.973214][T13795] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 539.973231][T13795] RSP: 002b:00007f16795e3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 539.973253][T13795] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878d33c [ 539.973268][T13795] RDX: 000000000000000f RSI: 00007f16795e30a0 RDI: 0000000000000004 [ 539.973281][T13795] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 539.973294][T13795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.973306][T13795] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 539.973338][T13795] [ 540.460414][ T7069] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 540.561591][T13799] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 540.567769][T13799] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 540.577765][T13813] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2506'. [ 540.610421][ T7069] usb 1-1: Using ep0 maxpacket: 8 [ 540.623501][ T7069] usb 1-1: unable to get BOS descriptor or descriptor too short [ 540.633078][ T7069] usb 1-1: config 1 has an invalid interface number: 211 but max is 0 [ 540.641873][ T7069] usb 1-1: config 1 has no interface number 0 [ 540.647998][ T7069] usb 1-1: config 1 interface 211 has no altsetting 0 [ 540.659767][ T7069] usb 1-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 540.661708][T13799] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 540.670282][ T7069] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.683070][ T7069] usb 1-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 540.732176][ T7069] usb 1-1: Manufacturer: Б [ 540.736750][ T7069] usb 1-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 540.770672][T13799] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 540.966380][T13819] omfs: Invalid superblock (0) [ 541.003874][ T7069] ftdi_sio 1-1:1.211: FTDI USB Serial Device converter detected [ 541.016043][ T7069] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 541.042736][ T7069] usb 1-1: USB disconnect, device number 13 [ 541.063682][ T7069] ftdi_sio 1-1:1.211: device disconnected [ 541.102233][T13823] FAULT_INJECTION: forcing a failure. [ 541.102233][T13823] name failslab, interval 1, probability 0, space 0, times 0 [ 541.115058][T13823] CPU: 1 UID: 0 PID: 13823 Comm: syz.2.2513 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 541.115106][T13823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 541.115121][T13823] Call Trace: [ 541.115131][T13823] [ 541.115141][T13823] dump_stack_lvl+0x189/0x250 [ 541.115170][T13823] ? __pfx____ratelimit+0x10/0x10 [ 541.115197][T13823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.115221][T13823] ? __pfx__printk+0x10/0x10 [ 541.115247][T13823] ? __pfx___might_resched+0x10/0x10 [ 541.115269][T13823] ? fs_reclaim_acquire+0x7d/0x100 [ 541.115300][T13823] should_fail_ex+0x414/0x560 [ 541.115337][T13823] should_failslab+0xa8/0x100 [ 541.115363][T13823] kmem_cache_alloc_noprof+0x73/0x3c0 [ 541.115387][T13823] ? security_file_alloc+0x34/0x330 [ 541.115421][T13823] security_file_alloc+0x34/0x330 [ 541.115453][T13823] init_file+0x93/0x2f0 [ 541.115487][T13823] alloc_empty_file+0x6e/0x1d0 [ 541.115520][T13823] alloc_file_pseudo+0x13d/0x210 [ 541.115556][T13823] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 541.115585][T13823] ? evm_inode_alloc_security+0x40/0xb0 [ 541.115614][T13823] ? security_inode_alloc+0xd5/0x330 [ 541.115650][T13823] sock_alloc_file+0xb8/0x2e0 [ 541.115679][T13823] do_accept+0x34b/0x680 [ 541.115712][T13823] ? __pfx_do_accept+0x10/0x10 [ 541.115771][T13823] __sys_accept4+0x11c/0x1c0 [ 541.115802][T13823] ? __pfx___sys_accept4+0x10/0x10 [ 541.115829][T13823] ? __pfx_ksys_write+0x10/0x10 [ 541.115851][T13823] ? rcu_is_watching+0x15/0xb0 [ 541.115879][T13823] __x64_sys_accept+0x7d/0x90 [ 541.115908][T13823] do_syscall_64+0xfa/0x3b0 [ 541.115938][T13823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.115958][T13823] ? asm_sysvec_call_function_single+0x1a/0x20 [ 541.115979][T13823] ? clear_bhb_loop+0x60/0xb0 [ 541.116005][T13823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.116025][T13823] RIP: 0033:0x7f167878e929 [ 541.116044][T13823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.116063][T13823] RSP: 002b:00007f16795e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 541.116085][T13823] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878e929 [ 541.116101][T13823] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 541.116115][T13823] RBP: 00007f16795e3090 R08: 0000000000000000 R09: 0000000000000000 [ 541.116128][T13823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.116140][T13823] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 541.116172][T13823] [ 541.457615][ T5839] Bluetooth: hci5: unexpected Set CIG Parameters response data [ 541.465474][ T5839] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 541.560695][T13827] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 541.567362][T13827] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 541.577103][T13827] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 541.583680][T13827] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 541.665215][T13833] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2515'. [ 541.720594][ T5885] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 541.890491][ T5885] usb 2-1: Using ep0 maxpacket: 16 [ 541.897547][ T5885] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 541.908326][ T5885] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 541.927639][ T5885] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 541.938196][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 541.946447][ T5885] usb 2-1: SerialNumber: syz [ 541.958827][T13828] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 541.966353][T13828] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 542.004724][ T5942] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 542.160518][ T5942] usb 1-1: Using ep0 maxpacket: 8 [ 542.172011][ T5942] usb 1-1: unable to get BOS descriptor or descriptor too short [ 542.200047][ T5942] usb 1-1: config 1 has an invalid interface number: 211 but max is 0 [ 542.208898][ T5942] usb 1-1: config 1 has no interface number 0 [ 542.218173][ T5942] usb 1-1: config 1 interface 211 has no altsetting 0 [ 542.228246][ T5942] usb 1-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0 [ 542.242238][ T5942] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.250266][ T5942] usb 1-1: Product: 伮鄓蝍祧捯萣撺꣧⡚đ딀ᮯ恤Ⳛﮍ꣛均ﻧ鵧㾵㒌Ӌଞ⹇ꬲ㓄卍ᢏ핿⫘퉤륚漎煗ࢻ쓡쳝艷怡男柬ꔠ섦簹㞝网缴锽쀳⌯盠놻鵘㪛ꂈ磟嘃茏镇ʐ턖䪉ꚧꏯ뢭뭈쭒叚쮓恼ӎ븆〄瑁ⴌ抏ᒜ粮ꍗ㓏瞉臱瞈ᨿ禥훃ꬋ抸콈 [ 542.259209][T13849] wg0 speed is unknown, defaulting to 1000 [ 542.289121][ T5942] usb 1-1: Manufacturer: Б [ 542.294001][ T5942] usb 1-1: SerialNumber: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨コㇶ憻稒觊凥恱 [ 542.538836][T13855] vivid-000: ================= START STATUS ================= [ 542.555309][T13855] vivid-000: Test Pattern: 75% Colorbar [ 542.563758][T13855] vivid-000: Fill Percentage of Frame: 100 [ 542.569896][T13855] vivid-000: Horizontal Movement: No Movement [ 542.576543][ T5839] Bluetooth: hci5: Malformed HCI Event: 0x22 [ 542.576925][ T5942] ftdi_sio 1-1:1.211: FTDI USB Serial Device converter detected [ 542.599034][T13855] vivid-000: Vertical Movement: No Movement [ 542.605308][T13855] vivid-000: OSD Text Mode: All [ 542.610222][T13855] vivid-000: Show Border: false [ 542.634874][ T5942] ftdi_sio ttyUSB0: unknown device type: 0x90e0 [ 542.653803][T13855] vivid-000: Show Square: false [ 542.658842][T13855] vivid-000: Sensor Flipped Horizontally: false [ 542.668996][T13855] vivid-000: Sensor Flipped Vertically: false [ 542.683200][ T5942] usb 1-1: USB disconnect, device number 14 [ 542.697968][ T5942] ftdi_sio 1-1:1.211: device disconnected [ 542.718495][T13855] vivid-000: Insert SAV Code in Image: false [ 542.741462][T13855] vivid-000: Insert EAV Code in Image: false [ 542.782245][T13855] vivid-000: Insert Video Guard Band: false [ 542.800846][T13855] vivid-000: Reduced Framerate: false [ 542.819781][T13855] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 542.829940][T13855] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 542.841723][T13855] vivid-000: Enable Capture Cropping: true grabbed [ 542.848374][T13855] vivid-000: Enable Capture Composing: true grabbed [ 542.870703][T13855] vivid-000: Enable Capture Scaler: true grabbed [ 542.884286][T13855] vivid-000: Timestamp Source: End of Frame [ 542.891744][T13855] vivid-000: Colorspace: sRGB [ 542.896557][T13855] vivid-000: Transfer Function: Default [ 542.908983][T13855] vivid-000: Y'CbCr Encoding: Default [ 542.915214][T13855] vivid-000: HSV Encoding: Hue 0-179 [ 542.939443][T13855] vivid-000: Quantization: Default [ 542.944973][T13855] vivid-000: Apply Alpha To Red Only: false [ 542.954882][T13855] vivid-000: Standard Aspect Ratio: 4x3 [ 542.962618][T13855] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 542.974524][T13855] vivid-000: DV Timings: 640x480p59 inactive [ 542.982485][T13855] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 542.989951][T13855] vivid-000: Maximum EDID Blocks: 2 [ 542.998746][T13855] vivid-000: Limited RGB Range (16-235): false [ 543.005328][T13855] vivid-000: Rx RGB Quantization Range: Automatic [ 543.015272][T13855] vivid-000: Power Present: 0x00000001 [ 543.020914][T13855] tpg source WxH: 320x180 (R'G'B) [ 543.026201][T13855] tpg field: 1 [ 543.029654][T13855] tpg crop: (0,0)/320x180 [ 543.053758][T13855] tpg compose: (0,0)/320x180 [ 543.058473][T13855] tpg colorspace: 9 [ 543.075507][T13855] tpg transfer function: 7/7 [ 543.080227][T13855] tpg quantization: 1/1 [ 543.088200][T13855] tpg RGB range: 0/2 [ 543.096483][T13855] vivid-000: ================== END STATUS ================== [ 543.547299][ T5839] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 543.600538][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 543.600557][T12697] Bluetooth: hci5: command 0x0411 tx timeout [ 543.600599][T12697] Bluetooth: hci2: command 0x0c1a tx timeout [ 543.606747][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 544.187463][T13896] netlink: 'syz.4.2545': attribute type 10 has an invalid length. [ 544.416496][ T5885] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 544.437257][ T5885] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 544.447916][ T5885] usb 2-1: USB disconnect, device number 30 [ 544.566314][ T5839] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 544.732154][T13908] block device autoloading is deprecated and will be removed. [ 544.866072][T13915] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 1, id = 0 [ 544.871025][T13914] IPVS: stopping backup sync thread 13915 ... [ 544.981404][ T7069] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 545.143091][ T7069] usb 1-1: Using ep0 maxpacket: 8 [ 545.179303][ T7069] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 545.204397][ T7069] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 545.223948][ T7069] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 545.241451][T13925] ================================================================== [ 545.249579][T13925] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 545.257519][T13925] Read of size 8 at addr ffff888028992630 by task syz.2.2555/13925 [ 545.265442][T13925] [ 545.267800][T13925] CPU: 0 UID: 0 PID: 13925 Comm: syz.2.2555 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 545.267831][T13925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 545.267847][T13925] Call Trace: [ 545.267859][T13925] [ 545.267870][T13925] dump_stack_lvl+0x189/0x250 [ 545.267899][T13925] ? __virt_addr_valid+0x1c8/0x5c0 [ 545.267927][T13925] ? rcu_is_watching+0x15/0xb0 [ 545.267948][T13925] ? __kasan_check_byte+0x12/0x40 [ 545.267975][T13925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.267998][T13925] ? rcu_is_watching+0x15/0xb0 [ 545.268020][T13925] ? lock_release+0x4b/0x3e0 [ 545.268054][T13925] ? __virt_addr_valid+0x1c8/0x5c0 [ 545.268079][T13925] ? __virt_addr_valid+0x4a5/0x5c0 [ 545.268105][T13925] print_report+0xd2/0x2b0 [ 545.268135][T13925] ? pause_parse_request+0x40/0x160 [ 545.268161][T13925] kasan_report+0x118/0x150 [ 545.268188][T13925] ? pause_parse_request+0x40/0x160 [ 545.268218][T13925] ? __pfx_pause_parse_request+0x10/0x10 [ 545.268244][T13925] pause_parse_request+0x40/0x160 [ 545.268272][T13925] ? __pfx_pause_parse_request+0x10/0x10 [ 545.268298][T13925] ethnl_default_set_doit+0x2c1/0xa40 [ 545.268330][T13925] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 545.268364][T13925] genl_family_rcv_msg_doit+0x215/0x300 [ 545.268390][T13925] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 545.268418][T13925] ? bpf_lsm_capable+0x9/0x20 [ 545.268443][T13925] ? security_capable+0x7e/0x2e0 [ 545.268469][T13925] genl_rcv_msg+0x60e/0x790 [ 545.268492][T13925] ? __pfx_genl_rcv_msg+0x10/0x10 [ 545.268511][T13925] ? ref_tracker_free+0x63a/0x7d0 [ 545.268532][T13925] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 545.268565][T13925] ? __pfx_ref_tracker_free+0x10/0x10 [ 545.268592][T13925] netlink_rcv_skb+0x205/0x470 [ 545.268621][T13925] ? __pfx_genl_rcv_msg+0x10/0x10 [ 545.268643][T13925] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 545.268680][T13925] ? down_read+0x1ad/0x2e0 [ 545.268712][T13925] genl_rcv+0x28/0x40 [ 545.268730][T13925] netlink_unicast+0x758/0x8d0 [ 545.268761][T13925] netlink_sendmsg+0x805/0xb30 [ 545.268795][T13925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 545.268826][T13925] ? aa_sock_msg_perm+0xf1/0x1d0 [ 545.268851][T13925] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 545.268882][T13925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 545.268911][T13925] __sock_sendmsg+0x21c/0x270 [ 545.268938][T13925] ____sys_sendmsg+0x505/0x830 [ 545.268974][T13925] ? __pfx_____sys_sendmsg+0x10/0x10 [ 545.269012][T13925] ? import_iovec+0x74/0xa0 [ 545.269047][T13925] ___sys_sendmsg+0x21f/0x2a0 [ 545.269081][T13925] ? __pfx____sys_sendmsg+0x10/0x10 [ 545.269132][T13925] ? __fget_files+0x2a/0x420 [ 545.269162][T13925] ? __fget_files+0x3a0/0x420 [ 545.269196][T13925] __x64_sys_sendmsg+0x19b/0x260 [ 545.269232][T13925] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 545.269271][T13925] ? rcu_is_watching+0x15/0xb0 [ 545.269294][T13925] ? do_syscall_64+0xbe/0x3b0 [ 545.269324][T13925] do_syscall_64+0xfa/0x3b0 [ 545.269358][T13925] ? lockdep_hardirqs_on+0x9c/0x150 [ 545.269384][T13925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.269407][T13925] ? clear_bhb_loop+0x60/0xb0 [ 545.269431][T13925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.269454][T13925] RIP: 0033:0x7f167878e929 [ 545.269475][T13925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.269495][T13925] RSP: 002b:00007f16795e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 545.269519][T13925] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878e929 [ 545.269537][T13925] RDX: 00000000200048c4 RSI: 0000200000000000 RDI: 0000000000000003 [ 545.269553][T13925] RBP: 00007f1678810b39 R08: 0000000000000000 R09: 0000000000000000 [ 545.269569][T13925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.269584][T13925] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 545.269609][T13925] [ 545.269617][T13925] [ 545.652059][T13925] Allocated by task 13925: [ 545.656488][T13925] kasan_save_track+0x3e/0x80 [ 545.661186][T13925] __kasan_kmalloc+0x93/0xb0 [ 545.665791][T13925] __kmalloc_noprof+0x27a/0x4f0 [ 545.670650][T13925] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 545.676727][T13925] genl_family_rcv_msg_doit+0xb8/0x300 [ 545.682264][T13925] genl_rcv_msg+0x60e/0x790 [ 545.686778][T13925] netlink_rcv_skb+0x205/0x470 [ 545.691561][T13925] genl_rcv+0x28/0x40 [ 545.695567][T13925] netlink_unicast+0x758/0x8d0 [ 545.700353][T13925] netlink_sendmsg+0x805/0xb30 [ 545.705135][T13925] __sock_sendmsg+0x21c/0x270 [ 545.709822][T13925] ____sys_sendmsg+0x505/0x830 [ 545.714624][T13925] ___sys_sendmsg+0x21f/0x2a0 [ 545.719319][T13925] __x64_sys_sendmsg+0x19b/0x260 [ 545.724310][T13925] do_syscall_64+0xfa/0x3b0 [ 545.728837][T13925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.734741][T13925] [ 545.737069][T13925] The buggy address belongs to the object at ffff888028992600 [ 545.737069][T13925] which belongs to the cache kmalloc-64 of size 64 [ 545.750959][T13925] The buggy address is located 8 bytes to the right of [ 545.750959][T13925] allocated 40-byte region [ffff888028992600, ffff888028992628) [ 545.765374][T13925] [ 545.767705][T13925] The buggy address belongs to the physical page: [ 545.774133][T13925] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28992 [ 545.782906][T13925] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 545.790381][T13925] page_type: f5(slab) [ 545.794383][T13925] raw: 00fff00000000000 ffff88801a8418c0 ffffea000175ffc0 dead000000000003 [ 545.802976][T13925] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 545.811588][T13925] page dumped because: kasan: bad access detected [ 545.818126][T13925] page_owner tracks the page as allocated [ 545.823850][T13925] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1036, tgid 1036 (kworker/u8:5), ts 18865849995, free_ts 15742837731 [ 545.843706][T13925] post_alloc_hook+0x240/0x2a0 [ 545.848503][T13925] get_page_from_freelist+0x21e4/0x22c0 [ 545.854071][T13925] __alloc_frozen_pages_noprof+0x181/0x370 [ 545.859908][T13925] alloc_pages_mpol+0x232/0x4a0 [ 545.864774][T13925] allocate_slab+0x8a/0x370 [ 545.869295][T13925] ___slab_alloc+0xbeb/0x1410 [ 545.873986][T13925] __kmalloc_noprof+0x305/0x4f0 [ 545.878936][T13925] security_task_alloc+0x4d/0x360 [ 545.883979][T13925] copy_process+0x1530/0x3c00 [ 545.888668][T13925] kernel_clone+0x21e/0x870 [ 545.893190][T13925] user_mode_thread+0xdd/0x140 [ 545.897987][T13925] call_usermodehelper_exec_work+0x5c/0x230 [ 545.903915][T13925] process_scheduled_works+0xae1/0x17b0 [ 545.909496][T13925] worker_thread+0x8a0/0xda0 [ 545.914102][T13925] kthread+0x70e/0x8a0 [ 545.918188][T13925] ret_from_fork+0x3fc/0x770 [ 545.922800][T13925] page last free pid 1209 tgid 1209 stack trace: [ 545.929128][T13925] __free_frozen_pages+0xb80/0xd80 [ 545.934262][T13925] vfree+0x25a/0x400 [ 545.938174][T13925] delayed_vfree_work+0x55/0x80 [ 545.943035][T13925] process_scheduled_works+0xae1/0x17b0 [ 545.948598][T13925] worker_thread+0x8a0/0xda0 [ 545.953192][T13925] kthread+0x70e/0x8a0 [ 545.957281][T13925] ret_from_fork+0x3fc/0x770 [ 545.961889][T13925] ret_from_fork_asm+0x1a/0x30 [ 545.966674][T13925] [ 545.969002][T13925] Memory state around the buggy address: [ 545.974632][T13925] ffff888028992500: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 545.982700][T13925] ffff888028992580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 545.990794][T13925] >ffff888028992600: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 545.999050][T13925] ^ [ 546.004686][T13925] ffff888028992680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 546.012762][T13925] ffff888028992700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 546.020841][T13925] ================================================================== [ 546.044683][T13925] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 546.051937][T13925] CPU: 1 UID: 0 PID: 13925 Comm: syz.2.2555 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 546.063512][T13925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 546.073599][T13925] Call Trace: [ 546.076918][T13925] [ 546.079878][T13925] dump_stack_lvl+0x99/0x250 [ 546.084506][T13925] ? __asan_memcpy+0x40/0x70 [ 546.089145][T13925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.094381][T13925] ? __pfx__printk+0x10/0x10 [ 546.099027][T13925] panic+0x2db/0x790 [ 546.102966][T13925] ? __pfx_panic+0x10/0x10 [ 546.107415][T13925] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 546.113347][T13925] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 546.119711][T13925] ? print_memory_metadata+0x314/0x400 [ 546.125222][T13925] ? pause_parse_request+0x40/0x160 [ 546.130464][T13925] check_panic_on_warn+0x89/0xb0 [ 546.135445][T13925] ? pause_parse_request+0x40/0x160 [ 546.140677][T13925] end_report+0x78/0x160 [ 546.144954][T13925] kasan_report+0x129/0x150 [ 546.149501][T13925] ? pause_parse_request+0x40/0x160 [ 546.154748][T13925] ? __pfx_pause_parse_request+0x10/0x10 [ 546.160423][T13925] pause_parse_request+0x40/0x160 [ 546.165484][T13925] ? __pfx_pause_parse_request+0x10/0x10 [ 546.171152][T13925] ethnl_default_set_doit+0x2c1/0xa40 [ 546.176572][T13925] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 546.182940][T13925] genl_family_rcv_msg_doit+0x215/0x300 [ 546.188518][T13925] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 546.194627][T13925] ? bpf_lsm_capable+0x9/0x20 [ 546.199337][T13925] ? security_capable+0x7e/0x2e0 [ 546.204311][T13925] genl_rcv_msg+0x60e/0x790 [ 546.208854][T13925] ? __pfx_genl_rcv_msg+0x10/0x10 [ 546.213903][T13925] ? ref_tracker_free+0x63a/0x7d0 [ 546.218941][T13925] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 546.224858][T13925] ? __pfx_ref_tracker_free+0x10/0x10 [ 546.230242][T13925] netlink_rcv_skb+0x205/0x470 [ 546.235028][T13925] ? __pfx_genl_rcv_msg+0x10/0x10 [ 546.240061][T13925] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 546.245370][T13925] ? down_read+0x1ad/0x2e0 [ 546.249804][T13925] genl_rcv+0x28/0x40 [ 546.253792][T13925] netlink_unicast+0x758/0x8d0 [ 546.258594][T13925] netlink_sendmsg+0x805/0xb30 [ 546.263390][T13925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.268695][T13925] ? aa_sock_msg_perm+0xf1/0x1d0 [ 546.273650][T13925] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 546.278969][T13925] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.284301][T13925] __sock_sendmsg+0x21c/0x270 [ 546.289011][T13925] ____sys_sendmsg+0x505/0x830 [ 546.293795][T13925] ? __pfx_____sys_sendmsg+0x10/0x10 [ 546.299101][T13925] ? import_iovec+0x74/0xa0 [ 546.303626][T13925] ___sys_sendmsg+0x21f/0x2a0 [ 546.308325][T13925] ? __pfx____sys_sendmsg+0x10/0x10 [ 546.313554][T13925] ? __fget_files+0x2a/0x420 [ 546.318161][T13925] ? __fget_files+0x3a0/0x420 [ 546.322859][T13925] __x64_sys_sendmsg+0x19b/0x260 [ 546.327814][T13925] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 546.333293][T13925] ? rcu_is_watching+0x15/0xb0 [ 546.338083][T13925] ? do_syscall_64+0xbe/0x3b0 [ 546.342795][T13925] do_syscall_64+0xfa/0x3b0 [ 546.347339][T13925] ? lockdep_hardirqs_on+0x9c/0x150 [ 546.352580][T13925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.358681][T13925] ? clear_bhb_loop+0x60/0xb0 [ 546.363390][T13925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.369318][T13925] RIP: 0033:0x7f167878e929 [ 546.373757][T13925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.393397][T13925] RSP: 002b:00007f16795e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 546.401851][T13925] RAX: ffffffffffffffda RBX: 00007f16789b5fa0 RCX: 00007f167878e929 [ 546.409837][T13925] RDX: 00000000200048c4 RSI: 0000200000000000 RDI: 0000000000000003 [ 546.417902][T13925] RBP: 00007f1678810b39 R08: 0000000000000000 R09: 0000000000000000 [ 546.425919][T13925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 546.433897][T13925] R13: 0000000000000000 R14: 00007f16789b5fa0 R15: 00007ffc54b66798 [ 546.441885][T13925] [ 546.445267][T13925] Kernel Offset: disabled [ 546.449616][T13925] Rebooting in 86400 seconds..