last executing test programs: 5m27.843273352s ago: executing program 3 (id=1540): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000000514010025bd7000fcdbdf25080001000000000008000300"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x50840) (fail_nth: 1) 5m27.516848476s ago: executing program 3 (id=1541): r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"1b00", 0x100, 0x5, 0x2, 0x800, 0x1, "f759e100edc710000000d9fc6300", "00d87640", "11f29a1b", "e8cc1304", ["8b59b4d766cbd6e4af000700", "c2fed6e1dcc98a1c907c6b40", "000000ff0000002000002400", "0000000000000000001000"]}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xc3a51000) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) prctl$PR_GET_SECUREBITS(0x1b) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix_mp={0x0, 0x0, 0x32315258}}) landlock_restrict_self(0xffffffffffffffff, 0x0) (async) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f00000001c0)={0x400, 0x300, 0x300, 0x0, 0x1000, 0xfffffffe, 0x0, 0x0, {0x0, 0xfffffff6, 0x3}, {0x0, 0x20000000}, {0x0, 0x1}, {}, 0x0, 0x190, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1}) (async) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0xb, &(0x7f0000000000)=0x800080, 0x4) 5m27.402451152s ago: executing program 3 (id=1543): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="d800000018007bf6e00212ba0d8105040a600000000f040b067c55a1bc0009003e0006990600000015000500fe800000d62c005401000000000000005aa7b755cbdbeb0300014002000c0901ac040098007f6f94007100a007a288747f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d345ef464095cae8c9010000730d7a5025ccca262f3db00f6b8267e04adcdf634c1f215ce3099ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d7f452a92307f01000e9703", 0xd9}], 0x1, 0x0, 0x0, 0x2663}, 0x4000004) 5m27.24428738s ago: executing program 3 (id=1545): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000002000010000ffffffffffffff81"], 0x20}}, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB='quota,grpquota_block_hardlimit=3']) chdir(&(0x7f0000000100)='./file0\x00') symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r3 = socket$kcm(0x10, 0x2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = userfaultfd(0x1) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) getsockname$packet(r4, 0x0, &(0x7f0000000500)) sendmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="d800000018007bf6e00212ba0d8105040a600000000f040b067c55a1bc0009003e0006990600000015000500fe800000d62c005401000000000000005aa7b755cbdbeb0300014002000c0901ac040098007f6f94007100a007a288747f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d345ef464095cae8c9010000730d7a5025ccca262f3db00f6b8267e04adcdf634c1f215ce3099ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d7f452a92307f01000e9703", 0xd9}], 0x1, 0x0, 0x0, 0x2663}, 0x4000004) 5m27.096854736s ago: executing program 3 (id=1546): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x440980, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) sendfile(r1, r0, 0x0, 0x7ffff002) 5m25.924435337s ago: executing program 3 (id=1550): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648d000) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r2, 0x29, 0x4a, 0x0, &(0x7f0000000180)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0xfffffffe, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x7, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x800) read$FUSE(r4, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) connect$pppl2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x0, 0x4, 0x3}}, 0x2e) 5m25.381129621s ago: executing program 32 (id=1550): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648d000) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r2, 0x29, 0x4a, 0x0, &(0x7f0000000180)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0xfffffffe, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x7, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x800) read$FUSE(r4, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) connect$pppl2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x0, 0x4, 0x3}}, 0x2e) 1m17.292035684s ago: executing program 2 (id=2834): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_DISALLOCATE(r2, 0x5608) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000040)=0x1) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x0, 0x0, 0x0) r4 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x68, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1m16.72096811s ago: executing program 2 (id=2839): mkdir(&(0x7f0000000540)='./file0\x00', 0x108) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x100000000000000, 0x0) 1m16.653445969s ago: executing program 2 (id=2841): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000080)='./file2\x00', 0x50) renameat2(r0, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000300)=""/104, 0x68) 1m16.563035949s ago: executing program 2 (id=2843): r0 = memfd_create(&(0x7f0000000400)='y\x105\xfb\a\x00\x83%\x1f\xe09@zr\xc2\xb9x0\x90P\x03\x00\x00\x00\x82\xd9\xf0\x14\xd7\'\xd1$\x9bl\xbcc\x04_\x86\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\xff\x7f\xc2G)5\x86\x7fki\x8f\xc6\xce\x90\xe4H\"j+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x150x0) sendmsg$NFC_CMD_DEP_LINK_UP(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00032abd7000fbdbdf250400000008000100", @ANYRES32=r4, @ANYBLOB="d2913b6b2cefed377fa3ca754a5a3bfca9a910276412803cfef5094c2c5fe215b5886e86b4b95c244d2b6e489964885244cf00bb37945a484093abdc9a64297107da8508d0107be0ad6dea3364c78565a25f18684f49aedddda0caa765b79e0a6bb0aa0b80d9757507b343ffe45a2863b534061e19731e44423231a66266a4a80abeafc4e588e32d50a25c686a178aba629d22790179fe84a9ae71e65c41048f77f7ffe4c9948c315911f4c0cfb3405f2ef4c2cabd2d63c2ca13e7dff2dad4e41c2a36b950d501291586090d20c2c4585e6d9538e8f43e55faedc2be550ad8ffa9"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000080) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="a79326bd7000fedbdf251f00000008000300", @ANYRES32=r5, @ANYBLOB="a639ad598d871e8e0056967bc676fe742178b6ed41354c977ac947dbbb3031a726e8ede655df93d4b9168763ac"], 0x1c}, 0x1, 0x0, 0x0, 0x2004c800}, 0x40000) r6 = socket$igmp(0x2, 0x3, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r7, 0x8004e500, &(0x7f00000000c0)=r7) ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @empty}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x4}}, 0x8, {0x2, 0x0, @empty}, 'team_slave_1\x00'}) 22.883625104s ago: executing program 1 (id=3140): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x1) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="120086dd05005600080054"], 0xfdef) 22.788303966s ago: executing program 5 (id=3142): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000500)={'syz0\x00', {0x8000, 0x7f, 0x3, 0x3}, 0x3a, [0x5, 0x1, 0x7, 0x83e, 0x5, 0xd, 0x6, 0x0, 0x7, 0x9, 0x4, 0x7, 0x1, 0x3ff, 0x3, 0xfffffff9, 0x27e8, 0xf93, 0x6, 0x3, 0x2, 0x1, 0x47dc, 0x10000, 0x4, 0x3, 0xfffffffc, 0x1, 0x0, 0x18, 0x8, 0x9, 0x190a, 0x1000, 0x23, 0x0, 0x4, 0x1, 0x1, 0x5, 0x2, 0xfd84, 0x200, 0x3, 0x6, 0x9, 0xffffffc0, 0x8, 0xe0000000, 0x5, 0x77, 0xb, 0x7, 0x5, 0x7, 0x22, 0x1, 0x7fffffff, 0x4, 0x80000000, 0xdc6, 0xfffffffc, 0x0, 0x7], [0x9, 0x1, 0x0, 0xffffc5b3, 0x2, 0x5, 0x2, 0xdc0, 0x0, 0x3, 0x2, 0x8, 0x6, 0x661b, 0x7, 0x5f, 0x7d, 0x10001, 0x2, 0x2, 0x8, 0x7, 0xbda, 0x80000000, 0x20, 0x4, 0x8, 0xfffffffc, 0x2, 0x9, 0x7fff, 0x4, 0x8, 0x6, 0x60, 0x6, 0x5, 0xfff, 0xfffffff9, 0x8, 0x6, 0xfffffffc, 0x7fffffff, 0x8, 0x8, 0x3, 0x2, 0xe14, 0x200, 0x7, 0x63, 0x8, 0x9, 0x7f, 0x3, 0xcbf, 0x200, 0x2, 0x2, 0x8, 0x3, 0x0, 0x400, 0x7], [0x9, 0x4, 0x0, 0x0, 0x6, 0x8, 0xffffff81, 0x4, 0x401, 0xb, 0x200, 0x9, 0xfe0, 0x5, 0x4, 0x40, 0xfffffff9, 0x956, 0x63, 0xb72, 0xf816, 0x57d, 0x0, 0x7, 0x1, 0x6, 0x1, 0xe9, 0x0, 0x3, 0x1, 0xfffffffb, 0x3, 0x3, 0x81, 0xf, 0x9, 0x3, 0x3cc, 0x9, 0xc, 0x800, 0x9e86, 0x31, 0x2, 0x0, 0x3, 0x7, 0x3, 0x6, 0x9, 0xe0, 0x7, 0x7f, 0x1ff, 0x6d, 0x7, 0xfffffffb, 0x1175, 0x5, 0x11d, 0x8f9b, 0x3, 0x6], [0x9, 0x5, 0xfffffbff, 0x5, 0x6, 0x5, 0x80000001, 0x7fff, 0xff, 0x0, 0x1, 0x1, 0x6, 0xffffd529, 0x408, 0x0, 0x2f5, 0x1ff, 0x8000, 0x3, 0x7f, 0x7fffffff, 0x40000000, 0x4b1, 0x6, 0xc, 0x5, 0x5, 0x508f, 0xc6, 0x81, 0x9, 0x7ea692d0, 0x2, 0x8, 0x1d59, 0xfff, 0xe10d, 0xc, 0x40, 0x4, 0x3, 0xfff, 0xfe, 0x1, 0x3, 0x366e, 0x7, 0xfffffffc, 0x8001, 0x3, 0x3, 0x4, 0x0, 0x8, 0x0, 0x3ff, 0x6, 0x0, 0x1, 0x9, 0xffffffff, 0x7, 0x5]}, 0x45c) (fail_nth: 4) 21.933719064s ago: executing program 5 (id=3143): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x18, 0xfb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x30000) 21.780413932s ago: executing program 1 (id=3144): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000000)={0x5b0, 0x7, [{0x3}, {0x6}, {0x7}, {0x1}, {0xb, 0x1}, {}, {0x0, 0x1}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) dup3(r0, r1, 0x80000) 21.667263391s ago: executing program 5 (id=3146): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0xf2, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe0, 0x3, 0x1, 0xfb, 0x30, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x9}, [@processing_unit={0x8, 0x24, 0x7, 0x4, 0x1, 0x7, "06"}, @selector_unit={0x6, 0x24, 0x5, 0x5, 0x0, 'B'}, @feature_unit={0xb, 0x24, 0x6, 0x1, 0x3, 0x2, [0x5, 0xa], 0x9}, @mixer_unit={0xa, 0x24, 0x4, 0x3, 0x40, "0cc1134b57"}, @feature_unit={0x9, 0x24, 0x6, 0x5, 0x5, 0x1, [0xa], 0x1}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x8, 0x0, 0xe2, 0xf8, "efe1b121d7"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x9, 0x4, 0x1, 0x1, "395653acf974ad35"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x0, 0xcfd8, 0x60, "e51cd0d6c174c6705b"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x8, 0xd, 0x6, {0x7, 0x25, 0x1, 0x82, 0x9, 0x8001}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xe, 0x1, 0x81, 0x8, "6e8680d593"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x5, 0x1, 0x6, 0x10, "79fe65", "ca2b"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x7, 0x7f, 0x87, "8a48ea"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0xe0, 0x1, 0x6, {0x7, 0x25, 0x1, 0x0, 0x9d, 0x1000}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0x5, 0xd, 0xd, 0x40, 0x5}, 0x5, &(0x7f0000000040)={0x5, 0xf, 0x5}, 0x6, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x412}}, {0x49, &(0x7f0000000280)=@string={0x49, 0x3, "a12936f68df6c81d27df0f74d772e8bb7577fd58593e143e879c917a4de3546161eb15816f4d62d41f5f1346dd182d76112adb7aaf4c8ef84971ba3eaf57480e88b1d4431cfb05"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x3001}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0xc1a}}, {0xa, &(0x7f0000000380)=@string={0xa, 0x3, "9b259e8f7f19c754"}}, {0xc4, &(0x7f0000000480)=@string={0xc4, 0x3, "0cfeccda02b37db401a3be85f5ad50eb82a9424e07b4e662e84849b8b8b097982ecca86c29992bda80bee8d3b532802fbfb52050e1eb1aab453d5ccef1e619f809e478edb6e5413a5645a57e622bcff0acba94f3e46f8a118945ad79cb48c15d31ae3218560352536b28bdd5f0d5d1a6da7487dd6a4bb41fe8ddbe7f2768e2014fbb7347a2a9402c298013ec0a659e6b5837e722442a4cfa2b750a7976b6d98d76a0b62ba68b99f746908cd45c94dde52b777c64cc6f01edfa379b0d319bc2beecfc"}}]}) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0003ba"], 0x0, 0x0}, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) 19.640926534s ago: executing program 1 (id=3154): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x18, 0xfb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x30000) 19.359149443s ago: executing program 1 (id=3157): ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x86e, {0xffffffff, 0xbde, 0x400, 0x10000}}) 19.182062887s ago: executing program 1 (id=3159): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x63, &(0x7f0000000200)=ANY=[@ANYBLOB="12010002020000102505a1a4400000000101090251000101010000090400000302020000052406000005240000000d240f01000000000100000000052401"], 0x0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x15c, 0x10, 0x1, 0x7fffffc, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4, 0x6c}, @in6=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x5, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}]}, 0x15c}}, 0x20000000) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$nci(r3, &(0x7f0000000100)=@NCI_OP_NFCEE_DISCOVER_NTF={0x2, 0x1, 0x3, 0x0, 0x6, {0x2, 0xa0, "a26a68e53f9918817854c340fc8424ee2f42ef6d0883cedf2ffbb4a8a54fadb6c096b77d8d5204f62dd2faf753ab8569a72c899bd357ee3778fe4768dcaa67c4d90d0c4ac06d1d5b233e8fe7697dc06f2e0e85ac5726c3ba11cd92c928acce5ecc38599b12803d0b8b444babb8448456c0db5b5738acbea7840466dbbc95b6e3ed6fd0f13d90a97ea928f47c19324fb6c94901b027527ccc7f1d3a20419b98cfe2a180d9650ef9a41cd1f087342ec58d0f77b9da03b65caf24553fe3a146c6ad28d4"}}, 0xc7) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000002", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf250c0000000800010001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4040085) 19.052980731s ago: executing program 4 (id=3160): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x60, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250101f2800c00180008ac0f000000000014000100"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 18.860318615s ago: executing program 4 (id=3161): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) (async) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "3e1461b2"}]}}, 0x0}, 0x0) (async) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x208083, 0x0) 18.359639263s ago: executing program 5 (id=3164): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x592e3000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x49, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000180)="0fc7bd559266b8020000000f23c80f21f86635000030000f23f8b800088ee064660f0f599f9a0f019e0e000f20d86635080000000f22d8f30f52c30fc79f0000f4", 0x41}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) pwritev(r3, &(0x7f0000001280), 0x0, 0xffffffff, 0xfffffffe) 17.830044435s ago: executing program 0 (id=3166): r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1) ioctl$TIOCGPTPEER(r0, 0x4004092b, 0x47ffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6}}}, &(0x7f0000000140)=0x84) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0) 17.57289884s ago: executing program 0 (id=3167): ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x86e, {0xffffffff, 0xbde, 0x400, 0x10000}}) 17.418171282s ago: executing program 0 (id=3168): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000080)='./file2\x00', 0x50) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000000300)=""/104, 0x68) 16.732350178s ago: executing program 4 (id=3169): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x2d}, 0x18) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$get_persistent(0x16, r0, 0xfffffffffffffff8) r1 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$get_persistent(0x16, r0, r1) quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f00000001c0)=@filename='./file0/../file0\x00', r0, &(0x7f0000000200)={0x18d, 0x5, 0x33e, 0xfffffffffffffff7, 0x4, 0x8000000000000001, 0x0, 0x7fff, 0x7}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)={'filter\x00', 0x0, [0x8, 0x4, 0x5, 0x100, 0x4]}, &(0x7f0000000080)=0x54) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000680)={0x0, {0x2, 0x100, @empty}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) r3 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x0) fchdir(r4) sendto$netrom(r4, &(0x7f00000000c0)="c3a1d9eac67a48696ef4152253d60cc9a01308e4293cc29cba056d7044e6de86d79c28d29f56527f2b4ea94fa67420e3f86d07c58b38179b8d0e39430f57b797562be62d354fa18597d760a8c4c6f956ba5ba4d79263bef6dc83ed560d1ad16d0c5efc5835ef266a4932da993951393f0136031f29146046848e74a3f7f67a784644b6eb6b034143e769a2b32b8d04f8a609270b2948d3d6c83bdc3257bb0e3537ad62582e150e543117c5", 0xab, 0x48000, 0x0, 0x0) 16.731680287s ago: executing program 0 (id=3177): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0x40000000, &(0x7f0000000200)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19f2, 0x3, 0x5, 0x2800, 0x9, 0x2, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) 16.627782767s ago: executing program 4 (id=3170): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="34ff7f00", @ANYRES16=r0, @ANYBLOB="010000000000000000000200000014000200626f6e643000000000000000000000000900010073797a3000000000"], 0x34}}, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="270e28bd71000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000) 16.576564123s ago: executing program 0 (id=3171): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4) write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4) write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000200)={0x30, r2, 0x1, 0x71bd25, 0x3, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xc0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}}, 0x4000000) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, 0x0, &(0x7f0000000000)=0x90) write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xc4) write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c) r6 = socket(0x2b, 0x1, 0x1) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) sendmsg$NL80211_CMD_DEL_INTERFACE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x4131b1373904e011) r7 = msgget$private(0x0, 0x0) msgsnd(r7, &(0x7f0000000400)=ANY=[@ANYBLOB="02"], 0xfd4, 0x0) msgrcv(r7, &(0x7f0000000180)={0x0, ""/195}, 0xcb, 0x1, 0x3000) msgctl$IPC_SET(r7, 0x1, &(0x7f0000001440)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x8c, 0xff}, 0x0, 0x0, 0x8000000000000001, 0x9, 0x2, 0x4, 0x4, 0x800, 0x81b0, 0x7fff, 0x0, 0xffffffffffffffff}) sendmsg$TIPC_CMD_GET_NODES(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8814}, 0x20040000) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54) write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick=0xffffffff, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffffd}, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time={0x5, 0x1}, {}, {}, @quote}], 0xc4) 16.504978243s ago: executing program 4 (id=3172): mount(&(0x7f0000000100)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='befs\x00', 0x58005, 0x0) 16.426773609s ago: executing program 4 (id=3173): sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x4, 0x8000) (async, rerun: 64) r0 = syz_open_dev$ptys(0xc, 0x3, 0x1) (rerun: 64) ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000040)) (async) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0xedb4000) (async, rerun: 32) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x8c00, 0x0) (rerun: 32) ioctl$TFD_IOC_SET_TICKS(r1, 0x40085400, &(0x7f00000000c0)=0x1) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6_vti0\x00', 0x0, 0x4, 0x8, 0x0, 0x66a4f0a2, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x0, 0x7, 0x8b6}}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x1, 0x6}, 0x10) (async, rerun: 32) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000200)={0x0, 0x0}) (rerun: 32) timer_create(0x6, &(0x7f0000000280)={0x0, 0x3, 0x0, @tid=r3}, &(0x7f00000002c0)=0x0) (async) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000300)={0x1c, 0x3, 0x2}) (async) r5 = creat(&(0x7f0000000340)='./file0\x00', 0x10) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000380)=""/213, 0xd5}, {&(0x7f0000000480)=""/63, 0x3f}, {&(0x7f00000004c0)=""/23, 0x17}], 0x3) timer_settime(r4, 0x0, &(0x7f0000000540)={{0x77359400}, {0x77359400}}, &(0x7f0000000580)) r6 = dup2(r0, r5) (async) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000005c0), 0x82001, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r7, 0xc018937d, &(0x7f0000000600)={{0x1, 0x1, 0x18, r6, {0x9}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_READY(r8, 0xc0189376, &(0x7f0000000640)={{0x1, 0x1, 0x18, r6, {0x3}}, './file0\x00'}) creat(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x230) (async) clock_nanosleep(0x1, 0x0, &(0x7f00000007c0), &(0x7f0000000800)) (async) syz_pidfd_open(r3, 0x0) (async) ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000840)={0x45, 0x1, 0x0, [{0xb3, 0xfffffffffffff801, 0x1, 0x8, 0x3, 0x81, 0x3, '\x00', 0x7fffffffffffffff}]}) (async) r9 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r9, &(0x7f00000008c0)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) (async) sched_rr_get_interval(r3, &(0x7f0000000900)) (async) timer_create(0x4, &(0x7f0000000940)={0x0, 0x13, 0x1, @tid=r3}, &(0x7f0000000980)) (async) close_range(r9, r1, 0x2) (async, rerun: 64) readv(r6, &(0x7f00000009c0), 0x0) (async, rerun: 64) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r6) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000b80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x6c, r10, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x62}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_FRAME={0x37, 0x33, @action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ffe}, @broadcast, @device_a, @from_mac=@broadcast, {0x6, 0xd}, @value=@ver_80211n={0x0, 0x7, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, @tdls_disc_req={0xc, 0xa, {0x7f, {0x65, 0x12, {@from_mac=@broadcast}}}}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20044800}, 0x800) 16.042953653s ago: executing program 0 (id=3174): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b805000000b9fa0000000f01d9660f78c4020a1bf7b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f00d0", 0x49}], 0x1, 0x10, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0x54}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000052000100000000000000000002"], 0x20}}, 0x0) r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x0, 0x0}, {0x2, 0x201, 0x0, 0x0}], 0x2}) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r7, 0x8040450a, &(0x7f00000010c0)=""/4096) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x8004, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x3, 0x17, 0x1, 0x407, 0x5, 0x9, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x4005a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x80000004, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x2, 0x408, 0x8004, 0x5, 0x9, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1ff, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0xa, 0xac8, 0xbf, 0x2, 0x4, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb30, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0xb, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x9, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id']) fadvise64(r5, 0x92, 0x5, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r5, 0xa471a000) 4.131709664s ago: executing program 34 (id=3159): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x63, &(0x7f0000000200)=ANY=[@ANYBLOB="12010002020000102505a1a4400000000101090251000101010000090400000302020000052406000005240000000d240f01000000000100000000052401"], 0x0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x15c, 0x10, 0x1, 0x7fffffc, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4, 0x6c}, @in6=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x5, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}]}, 0x15c}}, 0x20000000) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$nci(r3, &(0x7f0000000100)=@NCI_OP_NFCEE_DISCOVER_NTF={0x2, 0x1, 0x3, 0x0, 0x6, {0x2, 0xa0, "a26a68e53f9918817854c340fc8424ee2f42ef6d0883cedf2ffbb4a8a54fadb6c096b77d8d5204f62dd2faf753ab8569a72c899bd357ee3778fe4768dcaa67c4d90d0c4ac06d1d5b233e8fe7697dc06f2e0e85ac5726c3ba11cd92c928acce5ecc38599b12803d0b8b444babb8448456c0db5b5738acbea7840466dbbc95b6e3ed6fd0f13d90a97ea928f47c19324fb6c94901b027527ccc7f1d3a20419b98cfe2a180d9650ef9a41cd1f087342ec58d0f77b9da03b65caf24553fe3a146c6ad28d4"}}, 0xc7) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000002", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf250c0000000800010001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4040085) 3.14124267s ago: executing program 35 (id=3164): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x592e3000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x49, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000180)="0fc7bd559266b8020000000f23c80f21f86635000030000f23f8b800088ee064660f0f599f9a0f019e0e000f20d86635080000000f22d8f30f52c30fc79f0000f4", 0x41}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) pwritev(r3, &(0x7f0000001280), 0x0, 0xffffffff, 0xfffffffe) 1.103508556s ago: executing program 36 (id=3173): sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x4, 0x8000) (async, rerun: 64) r0 = syz_open_dev$ptys(0xc, 0x3, 0x1) (rerun: 64) ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000040)) (async) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0xedb4000) (async, rerun: 32) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x8c00, 0x0) (rerun: 32) ioctl$TFD_IOC_SET_TICKS(r1, 0x40085400, &(0x7f00000000c0)=0x1) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6_vti0\x00', 0x0, 0x4, 0x8, 0x0, 0x66a4f0a2, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x0, 0x7, 0x8b6}}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x1, 0x6}, 0x10) (async, rerun: 32) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000200)={0x0, 0x0}) (rerun: 32) timer_create(0x6, &(0x7f0000000280)={0x0, 0x3, 0x0, @tid=r3}, &(0x7f00000002c0)=0x0) (async) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000300)={0x1c, 0x3, 0x2}) (async) r5 = creat(&(0x7f0000000340)='./file0\x00', 0x10) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000380)=""/213, 0xd5}, {&(0x7f0000000480)=""/63, 0x3f}, {&(0x7f00000004c0)=""/23, 0x17}], 0x3) timer_settime(r4, 0x0, &(0x7f0000000540)={{0x77359400}, {0x77359400}}, &(0x7f0000000580)) r6 = dup2(r0, r5) (async) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000005c0), 0x82001, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r7, 0xc018937d, &(0x7f0000000600)={{0x1, 0x1, 0x18, r6, {0x9}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_READY(r8, 0xc0189376, &(0x7f0000000640)={{0x1, 0x1, 0x18, r6, {0x3}}, './file0\x00'}) creat(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x230) (async) clock_nanosleep(0x1, 0x0, &(0x7f00000007c0), &(0x7f0000000800)) (async) syz_pidfd_open(r3, 0x0) (async) ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000840)={0x45, 0x1, 0x0, [{0xb3, 0xfffffffffffff801, 0x1, 0x8, 0x3, 0x81, 0x3, '\x00', 0x7fffffffffffffff}]}) (async) r9 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r9, &(0x7f00000008c0)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) (async) sched_rr_get_interval(r3, &(0x7f0000000900)) (async) timer_create(0x4, &(0x7f0000000940)={0x0, 0x13, 0x1, @tid=r3}, &(0x7f0000000980)) (async) close_range(r9, r1, 0x2) (async, rerun: 64) readv(r6, &(0x7f00000009c0), 0x0) (async, rerun: 64) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r6) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000b80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x6c, r10, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x62}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_FRAME={0x37, 0x33, @action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ffe}, @broadcast, @device_a, @from_mac=@broadcast, {0x6, 0xd}, @value=@ver_80211n={0x0, 0x7, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, @tdls_disc_req={0xc, 0xa, {0x7f, {0x65, 0x12, {@from_mac=@broadcast}}}}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20044800}, 0x800) 0s ago: executing program 37 (id=3174): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b805000000b9fa0000000f01d9660f78c4020a1bf7b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f00d0", 0x49}], 0x1, 0x10, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0x54}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000052000100000000000000000002"], 0x20}}, 0x0) r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x0, 0x0}, {0x2, 0x201, 0x0, 0x0}], 0x2}) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r7, 0x8040450a, &(0x7f00000010c0)=""/4096) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x8004, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x3, 0x17, 0x1, 0x407, 0x5, 0x9, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x4005a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x80000004, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x2, 0x408, 0x8004, 0x5, 0x9, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1ff, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0xa, 0xac8, 0xbf, 0x2, 0x4, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb30, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0xb, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x9, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id']) fadvise64(r5, 0x92, 0x5, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r5, 0xa471a000) kernel console output (not intermixed with test programs): /0x250 [ 621.540336][T15067] ? __pfx_ksys_write+0x10/0x10 [ 621.540354][T15067] ? rcu_is_watching+0x15/0xb0 [ 621.540381][T15067] __x64_sys_setxattr+0xbc/0xe0 [ 621.540408][T15067] do_syscall_64+0xfa/0x3b0 [ 621.540430][T15067] ? lockdep_hardirqs_on+0x9c/0x150 [ 621.540451][T15067] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.540467][T15067] ? clear_bhb_loop+0x60/0xb0 [ 621.540489][T15067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.540505][T15067] RIP: 0033:0x7fbd1bb8e9a9 [ 621.540522][T15067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.540537][T15067] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 621.540557][T15067] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 621.540571][T15067] RDX: 0000000000000000 RSI: 00002000000016c0 RDI: 0000200000001680 [ 621.540582][T15067] RBP: 00007fbd1c95d090 R08: 0000000000000002 R09: 0000000000000000 [ 621.540594][T15067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.540605][T15067] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 621.540634][T15067] [ 621.793358][T15059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 621.901755][T15059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 622.044505][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 622.058769][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 622.125411][ T9] usb 5-1: USB disconnect, device number 92 [ 622.201704][T15080] netlink: 'syz.0.2913': attribute type 20 has an invalid length. [ 622.545513][T15090] overlayfs: failed to resolve './file1': -2 [ 622.577109][T15091] netlink: 1760 bytes leftover after parsing attributes in process `syz.1.2903'. [ 622.684773][ T30] audit: type=1326 audit(1753739965.623:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15093 comm="syz.0.2916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbd1bb8e9a9 code=0x0 [ 622.790422][T15095] Bluetooth: hci4: Frame reassembly failed (-84) [ 622.814222][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 624.030652][ T5854] usb 2-1: USB disconnect, device number 91 [ 624.302657][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.309088][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.415297][T15107] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2920'. [ 624.467100][T15107] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2920'. [ 624.510074][T15107] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2920'. [ 624.719701][T15123] overlayfs: failed to resolve './file1': -2 [ 624.855166][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 624.863389][T12567] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 624.962367][T15127] binder: 15125:15127 unknown command 0 [ 624.968010][T15127] binder: 15125:15127 ioctl c0306201 2000000003c0 returned -22 [ 625.267948][T15135] FAULT_INJECTION: forcing a failure. [ 625.267948][T15135] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 625.302437][T15135] CPU: 1 UID: 0 PID: 15135 Comm: syz.4.2928 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 625.302464][T15135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 625.302474][T15135] Call Trace: [ 625.302483][T15135] [ 625.302491][T15135] dump_stack_lvl+0x189/0x250 [ 625.302521][T15135] ? __pfx____ratelimit+0x10/0x10 [ 625.302545][T15135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 625.302568][T15135] ? __pfx__printk+0x10/0x10 [ 625.302593][T15135] ? fs_reclaim_acquire+0x7d/0x100 [ 625.302625][T15135] should_fail_ex+0x414/0x560 [ 625.302651][T15135] prepare_alloc_pages+0x213/0x610 [ 625.302681][T15135] __alloc_frozen_pages_noprof+0x123/0x370 [ 625.302702][T15135] ? __lock_acquire+0xab9/0xd20 [ 625.302724][T15135] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 625.302753][T15135] ? policy_nodemask+0x27c/0x720 [ 625.302776][T15135] alloc_pages_mpol+0x232/0x4a0 [ 625.302802][T15135] alloc_pages_noprof+0xa9/0x190 [ 625.302824][T15135] __pud_alloc+0x3a/0x260 [ 625.302848][T15135] __handle_mm_fault+0x33a0/0x5440 [ 625.302873][T15135] ? mt_find+0x46f/0x5f0 [ 625.302901][T15135] ? __pfx___handle_mm_fault+0x10/0x10 [ 625.302940][T15135] ? find_vma+0xe7/0x160 [ 625.302957][T15135] ? __pfx_find_vma+0x10/0x10 [ 625.302977][T15135] handle_mm_fault+0x40a/0x8e0 [ 625.303014][T15135] do_user_addr_fault+0x764/0x1390 [ 625.303050][T15135] exc_page_fault+0x76/0xf0 [ 625.303075][T15135] asm_exc_page_fault+0x26/0x30 [ 625.303091][T15135] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 625.303112][T15135] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 625.303126][T15135] RSP: 0018:ffffc90004f8fb98 EFLAGS: 00050202 [ 625.303143][T15135] RAX: 00007ffffffff001 RBX: 0000000000000050 RCX: 0000000000000050 [ 625.303155][T15135] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc90004f8fbe0 [ 625.303168][T15135] RBP: ffffc90004f8fcb0 R08: ffffc90004f8fc2f R09: 1ffff920009f1f85 [ 625.303180][T15135] R10: dffffc0000000000 R11: fffff520009f1f86 R12: ffffc90004f8fbe0 [ 625.303194][T15135] R13: 1ffff920009f1f78 R14: ffffc90004f8fbe0 R15: 0000200000000000 [ 625.303225][T15135] _copy_from_user+0x7a/0xb0 [ 625.303246][T15135] inet6_ioctl+0x180/0x280 [ 625.303267][T15135] ? __pfx_inet6_ioctl+0x10/0x10 [ 625.303285][T15135] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 625.303316][T15135] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 625.303343][T15135] sock_do_ioctl+0xdc/0x300 [ 625.303368][T15135] ? __pfx_sock_do_ioctl+0x10/0x10 [ 625.303386][T15135] ? __lock_acquire+0xab9/0xd20 [ 625.303420][T15135] sock_ioctl+0x576/0x790 [ 625.303444][T15135] ? __pfx_sock_ioctl+0x10/0x10 [ 625.303465][T15135] ? __fget_files+0x2a/0x420 [ 625.303486][T15135] ? __fget_files+0x3a0/0x420 [ 625.303508][T15135] ? __fget_files+0x2a/0x420 [ 625.303533][T15135] ? bpf_lsm_file_ioctl+0x9/0x20 [ 625.303552][T15135] ? __pfx_sock_ioctl+0x10/0x10 [ 625.303573][T15135] __se_sys_ioctl+0xf9/0x170 [ 625.303595][T15135] do_syscall_64+0xfa/0x3b0 [ 625.303617][T15135] ? lockdep_hardirqs_on+0x9c/0x150 [ 625.303637][T15135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.303655][T15135] ? clear_bhb_loop+0x60/0xb0 [ 625.303676][T15135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.303692][T15135] RIP: 0033:0x7f3c5f18e9a9 [ 625.303708][T15135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.303722][T15135] RSP: 002b:00007f3c5ff1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.303741][T15135] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18e9a9 [ 625.303754][T15135] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000003 [ 625.303766][T15135] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 625.303777][T15135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.303788][T15135] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 625.303818][T15135] [ 625.905260][T15146] FAULT_INJECTION: forcing a failure. [ 625.905260][T15146] name fail_iommufd, interval 1, probability 0, space 0, times 1 [ 625.952820][T15146] CPU: 1 UID: 0 PID: 15146 Comm: syz.1.2929 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 625.952846][T15146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 625.952855][T15146] Call Trace: [ 625.952862][T15146] [ 625.952869][T15146] dump_stack_lvl+0x189/0x250 [ 625.952905][T15146] ? __pfx____ratelimit+0x10/0x10 [ 625.952926][T15146] ? __pfx_dump_stack_lvl+0x10/0x10 [ 625.952945][T15146] ? __pfx__printk+0x10/0x10 [ 625.952977][T15146] should_fail_ex+0x414/0x560 [ 625.953002][T15146] iommufd_get_object+0x78/0x4b0 [ 625.953027][T15146] ? __pfx_iommufd_get_object+0x10/0x10 [ 625.953060][T15146] iommufd_ioas_map+0x283/0x4c0 [ 625.953088][T15146] ? __pfx_iommufd_ioas_map+0x10/0x10 [ 625.953115][T15146] iommufd_fops_ioctl+0x45e/0x580 [ 625.953141][T15146] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 625.953167][T15146] ? __fget_files+0x2a/0x420 [ 625.953194][T15146] ? __fget_files+0x2a/0x420 [ 625.953218][T15146] ? bpf_lsm_file_ioctl+0x9/0x20 [ 625.953234][T15146] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 625.953256][T15146] __se_sys_ioctl+0xf9/0x170 [ 625.953278][T15146] do_syscall_64+0xfa/0x3b0 [ 625.953299][T15146] ? lockdep_hardirqs_on+0x9c/0x150 [ 625.953318][T15146] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.953335][T15146] ? clear_bhb_loop+0x60/0xb0 [ 625.953355][T15146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.953372][T15146] RIP: 0033:0x7fa1ca18e9a9 [ 625.953389][T15146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.953402][T15146] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.953420][T15146] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 625.953431][T15146] RDX: 0000200000001140 RSI: 0000000000003b85 RDI: 0000000000000003 [ 625.953443][T15146] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 625.953453][T15146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.953463][T15146] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 625.953489][T15146] [ 626.325918][T15151] FAULT_INJECTION: forcing a failure. [ 626.325918][T15151] name failslab, interval 1, probability 0, space 0, times 0 [ 626.374219][T15151] CPU: 0 UID: 0 PID: 15151 Comm: syz.1.2933 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 626.374245][T15151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 626.374256][T15151] Call Trace: [ 626.374264][T15151] [ 626.374273][T15151] dump_stack_lvl+0x189/0x250 [ 626.374300][T15151] ? __pfx____ratelimit+0x10/0x10 [ 626.374322][T15151] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.374344][T15151] ? __pfx__printk+0x10/0x10 [ 626.374370][T15151] ? __pfx___might_resched+0x10/0x10 [ 626.374390][T15151] ? fs_reclaim_acquire+0x7d/0x100 [ 626.374415][T15151] should_fail_ex+0x414/0x560 [ 626.374441][T15151] should_failslab+0xa8/0x100 [ 626.374462][T15151] __kmalloc_noprof+0xcb/0x4f0 [ 626.374485][T15151] ? kfree+0x4d/0x440 [ 626.374499][T15151] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 626.374521][T15151] tomoyo_realpath_from_path+0xe3/0x5d0 [ 626.374540][T15151] ? tomoyo_domain+0xd9/0x130 [ 626.374563][T15151] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 626.374597][T15151] tomoyo_path_number_perm+0x1e8/0x5a0 [ 626.374622][T15151] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 626.374660][T15151] ? __lock_acquire+0xab9/0xd20 [ 626.374699][T15151] ? __fget_files+0x2a/0x420 [ 626.374725][T15151] ? __fget_files+0x2a/0x420 [ 626.374746][T15151] ? __fget_files+0x3a0/0x420 [ 626.374766][T15151] ? __fget_files+0x2a/0x420 [ 626.374793][T15151] security_file_ioctl+0xcb/0x2d0 [ 626.374817][T15151] __se_sys_ioctl+0x47/0x170 [ 626.374840][T15151] do_syscall_64+0xfa/0x3b0 [ 626.374860][T15151] ? lockdep_hardirqs_on+0x9c/0x150 [ 626.374882][T15151] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.374900][T15151] ? clear_bhb_loop+0x60/0xb0 [ 626.374926][T15151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.374943][T15151] RIP: 0033:0x7fa1ca18e9a9 [ 626.374960][T15151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.374975][T15151] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 626.374995][T15151] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 626.375008][T15151] RDX: 0000200000000040 RSI: 000000004020aed2 RDI: 0000000000000004 [ 626.375021][T15151] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 626.375031][T15151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 626.375042][T15151] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 626.375071][T15151] [ 626.375127][T15151] ERROR: Out of memory at tomoyo_realpath_from_path. [ 626.732854][T15161] overlayfs: failed to resolve './file0': -2 [ 626.840764][T12567] Bluetooth: unknown link type 128 [ 626.850196][T15165] random: crng reseeded on system resumption [ 626.871665][ T30] audit: type=1326 audit(1753739969.824:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15164 comm="syz.4.2937" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c5f18e9a9 code=0x0 [ 626.901827][T15167] FAULT_INJECTION: forcing a failure. [ 626.901827][T15167] name failslab, interval 1, probability 0, space 0, times 0 [ 626.921608][T15167] CPU: 1 UID: 0 PID: 15167 Comm: syz.0.2938 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 626.921634][T15167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 626.921645][T15167] Call Trace: [ 626.921653][T15167] [ 626.921661][T15167] dump_stack_lvl+0x189/0x250 [ 626.921687][T15167] ? __pfx____ratelimit+0x10/0x10 [ 626.921713][T15167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.921734][T15167] ? __pfx__printk+0x10/0x10 [ 626.921762][T15167] ? __pfx___might_resched+0x10/0x10 [ 626.921782][T15167] ? fs_reclaim_acquire+0x7d/0x100 [ 626.921807][T15167] should_fail_ex+0x414/0x560 [ 626.921833][T15167] should_failslab+0xa8/0x100 [ 626.921855][T15167] kmem_cache_alloc_noprof+0x73/0x3c0 [ 626.921873][T15167] ? ep_ptable_queue_proc+0x5c/0x200 [ 626.921901][T15167] ep_ptable_queue_proc+0x5c/0x200 [ 626.921927][T15167] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 626.921948][T15167] dma_buf_poll+0xbc/0x740 [ 626.921973][T15167] ? __pfx_dma_buf_poll+0x10/0x10 [ 626.921990][T15167] ep_insert+0x1161/0x19e0 [ 626.922027][T15167] ? __pfx_ep_insert+0x10/0x10 [ 626.922048][T15167] ? __pfx___mutex_lock+0x10/0x10 [ 626.922070][T15167] ? __fget_files+0x2a/0x420 [ 626.922093][T15167] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 626.922115][T15167] ? __fget_files+0x3a0/0x420 [ 626.922135][T15167] ? __fget_files+0x2a/0x420 [ 626.922167][T15167] do_epoll_ctl+0x7f4/0xe80 [ 626.922198][T15167] __x64_sys_epoll_ctl+0x163/0x1a0 [ 626.922224][T15167] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 626.922243][T15167] ? rcu_is_watching+0x15/0xb0 [ 626.922270][T15167] ? do_syscall_64+0xbe/0x3b0 [ 626.922297][T15167] do_syscall_64+0xfa/0x3b0 [ 626.922316][T15167] ? lockdep_hardirqs_on+0x9c/0x150 [ 626.922337][T15167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.922353][T15167] ? clear_bhb_loop+0x60/0xb0 [ 626.922373][T15167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.922389][T15167] RIP: 0033:0x7fbd1bb8e9a9 [ 626.922405][T15167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.922418][T15167] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 626.922436][T15167] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 626.922448][T15167] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000003 [ 626.922457][T15167] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 626.922468][T15167] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 626.922478][T15167] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 626.922506][T15167] [ 627.237943][T15173] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 627.245326][T15173] IPv6: NLM_F_CREATE should be set when creating new route [ 627.252603][T15173] IPv6: NLM_F_CREATE should be set when creating new route [ 627.259864][T15173] IPv6: NLM_F_CREATE should be set when creating new route [ 627.792920][T15182] sg_write: data in/out 1684960011/42 bytes for SCSI command 0x0-- guessing data in; [ 627.792920][T15182] program syz.0.2943 not setting count and/or reply_len properly [ 627.957163][T15190] overlayfs: failed to resolve './file0': -2 [ 628.024110][ T5854] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 628.091996][T15195] FAULT_INJECTION: forcing a failure. [ 628.091996][T15195] name failslab, interval 1, probability 0, space 0, times 0 [ 628.143807][T15195] CPU: 1 UID: 0 PID: 15195 Comm: syz.1.2948 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 628.143834][T15195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 628.143845][T15195] Call Trace: [ 628.143852][T15195] [ 628.143860][T15195] dump_stack_lvl+0x189/0x250 [ 628.143888][T15195] ? __pfx____ratelimit+0x10/0x10 [ 628.143909][T15195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 628.143931][T15195] ? __pfx__printk+0x10/0x10 [ 628.143958][T15195] ? __pfx___might_resched+0x10/0x10 [ 628.143978][T15195] ? fs_reclaim_acquire+0x7d/0x100 [ 628.144003][T15195] should_fail_ex+0x414/0x560 [ 628.144029][T15195] should_failslab+0xa8/0x100 [ 628.144050][T15195] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 628.144069][T15195] ? __d_alloc+0x36/0x7a0 [ 628.144091][T15195] __d_alloc+0x36/0x7a0 [ 628.144113][T15195] d_alloc_parallel+0xe5/0x15e0 [ 628.144153][T15195] ? __lock_acquire+0xab9/0xd20 [ 628.144171][T15195] ? __pfx_d_alloc_parallel+0x10/0x10 [ 628.144193][T15195] ? __raw_spin_lock_init+0x45/0x100 [ 628.144216][T15195] ? __init_waitqueue_head+0xa9/0x150 [ 628.144243][T15195] __lookup_slow+0x116/0x3d0 [ 628.144265][T15195] ? __pfx___lookup_slow+0x10/0x10 [ 628.144296][T15195] ? down_read+0x1ad/0x2e0 [ 628.144316][T15195] lookup_one_unlocked+0x127/0x250 [ 628.144341][T15195] ovl_lookup_single+0x2c8/0xd70 [ 628.144375][T15195] ? __pfx_ovl_lookup_single+0x10/0x10 [ 628.144419][T15195] ovl_lookup_layer+0x377/0x450 [ 628.144445][T15195] ? seqcount_lockdep_reader_access+0x122/0x1c0 [ 628.144480][T15195] ovl_lookup+0x471/0x1bc0 [ 628.144509][T15195] ? d_alloc_parallel+0x2f0/0x15e0 [ 628.144532][T15195] ? d_alloc_parallel+0x14ae/0x15e0 [ 628.144566][T15195] ? __pfx_ovl_lookup+0x10/0x10 [ 628.144588][T15195] ? __lock_acquire+0xab9/0xd20 [ 628.144608][T15195] ? __pfx_d_alloc_parallel+0x10/0x10 [ 628.144625][T15195] ? look_up_lock_class+0x74/0x170 [ 628.144651][T15195] ? __raw_spin_lock_init+0x45/0x100 [ 628.144675][T15195] ? __init_waitqueue_head+0xa9/0x150 [ 628.144703][T15195] __lookup_slow+0x294/0x3d0 [ 628.144724][T15195] ? __pfx___lookup_slow+0x10/0x10 [ 628.144759][T15195] ? down_read+0x1ad/0x2e0 [ 628.144778][T15195] lookup_slow+0x53/0x70 [ 628.144798][T15195] walk_component+0x2d2/0x400 [ 628.144814][T15195] ? path_lookupat+0x156/0x430 [ 628.144835][T15195] path_lookupat+0x163/0x430 [ 628.144861][T15195] filename_lookup+0x212/0x570 [ 628.144886][T15195] ? __pfx_filename_lookup+0x10/0x10 [ 628.144930][T15195] ? strncpy_from_user+0x150/0x290 [ 628.144955][T15195] ? getname_flags+0x1e5/0x540 [ 628.144977][T15195] user_path_at+0x3a/0x60 [ 628.144997][T15195] __se_sys_name_to_handle_at+0x180/0x8a0 [ 628.145027][T15195] ? __pfx___se_sys_name_to_handle_at+0x10/0x10 [ 628.145049][T15195] ? ksys_write+0x22a/0x250 [ 628.145079][T15195] ? do_syscall_64+0xbe/0x3b0 [ 628.145100][T15195] ? __x64_sys_name_to_handle_at+0x20/0xc0 [ 628.145127][T15195] do_syscall_64+0xfa/0x3b0 [ 628.145147][T15195] ? lockdep_hardirqs_on+0x9c/0x150 [ 628.145169][T15195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.145186][T15195] ? clear_bhb_loop+0x60/0xb0 [ 628.145207][T15195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.145224][T15195] RIP: 0033:0x7fa1ca18e9a9 [ 628.145240][T15195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.145256][T15195] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012f [ 628.145275][T15195] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 628.145289][T15195] RDX: 0000200000000140 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 628.145302][T15195] RBP: 00007fa1cb0d0090 R08: 0000000000000600 R09: 0000000000000000 [ 628.145313][T15195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.145324][T15195] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 628.145354][T15195] [ 628.588491][ T5854] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 628.599072][ T5854] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 628.608197][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.627454][ T5854] usb 5-1: config 0 descriptor?? [ 628.638872][ T5854] pwc: Askey VC010 type 2 USB webcam detected. [ 628.683911][ T5917] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 628.810021][T15204] dlm: plock device version mismatch: kernel (1.2.0), user (1.6.16) [ 628.836658][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 628.847320][ T5917] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 628.856333][T12567] Bluetooth: hci1: command 0x0406 tx timeout [ 628.866789][ T5917] usb 1-1: config 0 has no interface number 0 [ 628.880511][ T5917] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 628.898093][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.908205][ T5917] usb 1-1: Product: syz [ 628.912383][ T5917] usb 1-1: Manufacturer: syz [ 628.920857][ T5917] usb 1-1: SerialNumber: syz [ 628.929864][ T5917] usb 1-1: config 0 descriptor?? [ 628.961706][ T5917] smsc95xx v2.0.0 [ 629.045227][ T5854] pwc: recv_control_msg error -32 req 02 val 2b00 [ 629.065429][ T5854] pwc: recv_control_msg error -32 req 02 val 2700 [ 629.074028][ T5854] pwc: recv_control_msg error -32 req 02 val 2c00 [ 629.081189][ T5854] pwc: recv_control_msg error -32 req 04 val 1000 [ 629.095606][ T5854] pwc: recv_control_msg error -32 req 04 val 1300 [ 629.113743][ T5854] pwc: recv_control_msg error -32 req 04 val 1400 [ 629.124240][ T5854] pwc: recv_control_msg error -32 req 02 val 2000 [ 629.147281][ T5854] pwc: recv_control_msg error -32 req 02 val 2100 [ 629.159366][ T5854] pwc: recv_control_msg error -32 req 04 val 1500 [ 629.184661][ T5854] pwc: recv_control_msg error -32 req 02 val 2500 [ 629.197742][ T5854] pwc: recv_control_msg error -32 req 02 val 2400 [ 629.206121][ T5854] pwc: recv_control_msg error -32 req 02 val 2600 [ 629.367621][ T5917] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 629.383908][ T5917] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 629.476031][T15218] fuse: Unknown parameter './file0' [ 629.483308][ T5854] pwc: recv_control_msg error -32 req 02 val 2800 [ 629.508069][T15219] overlayfs: failed to resolve './file0': -2 [ 629.709273][ T5854] pwc: recv_control_msg error -71 req 04 val 1200 [ 629.733342][ T5854] pwc: Registered as video103. [ 629.755260][ T5854] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input115 [ 629.825469][ T5854] usb 5-1: USB disconnect, device number 93 [ 629.920616][T15226] trusted_key: encrypted_key: insufficient parameters specified [ 630.191249][T15230] FAULT_INJECTION: forcing a failure. [ 630.191249][T15230] name failslab, interval 1, probability 0, space 0, times 0 [ 630.208085][T15230] CPU: 1 UID: 0 PID: 15230 Comm: syz.1.2960 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 630.208112][T15230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 630.208123][T15230] Call Trace: [ 630.208131][T15230] [ 630.208139][T15230] dump_stack_lvl+0x189/0x250 [ 630.208165][T15230] ? __pfx____ratelimit+0x10/0x10 [ 630.208190][T15230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 630.208213][T15230] ? __pfx__printk+0x10/0x10 [ 630.208240][T15230] ? __pfx___might_resched+0x10/0x10 [ 630.208264][T15230] should_fail_ex+0x414/0x560 [ 630.208290][T15230] should_failslab+0xa8/0x100 [ 630.208311][T15230] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 630.208332][T15230] ? __kasan_kmalloc+0x93/0xb0 [ 630.208349][T15230] ? ip6_setup_cork+0x6c1/0x10e0 [ 630.208372][T15230] kmemdup_noprof+0x2b/0x70 [ 630.208396][T15230] ip6_setup_cork+0x6c1/0x10e0 [ 630.208422][T15230] ip6_make_skb+0x1bd/0x410 [ 630.208438][T15230] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 630.208482][T15230] ? __pfx_ip6_make_skb+0x10/0x10 [ 630.208521][T15230] ? ip6_dst_hoplimit+0x96/0x350 [ 630.208541][T15230] ? ip6_dst_hoplimit+0x96/0x350 [ 630.208565][T15230] udpv6_sendmsg+0x1b78/0x24b0 [ 630.208601][T15230] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 630.208625][T15230] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 630.208653][T15230] ? __pfx___might_resched+0x10/0x10 [ 630.208690][T15230] ? aa_sk_perm+0x81e/0x950 [ 630.208725][T15230] ? inet_send_prepare+0x5c/0x270 [ 630.208749][T15230] ? inet6_sendmsg+0xe4/0x120 [ 630.208771][T15230] __sock_sendmsg+0xe5/0x270 [ 630.208797][T15230] ____sys_sendmsg+0x52d/0x830 [ 630.208832][T15230] ? __pfx_____sys_sendmsg+0x10/0x10 [ 630.208859][T15230] ? import_iovec+0x74/0xa0 [ 630.208882][T15230] ___sys_sendmsg+0x21f/0x2a0 [ 630.208904][T15230] ? __pfx____sys_sendmsg+0x10/0x10 [ 630.208956][T15230] ? __fget_files+0x2a/0x420 [ 630.208978][T15230] ? __fget_files+0x3a0/0x420 [ 630.209011][T15230] __sys_sendmmsg+0x227/0x430 [ 630.209036][T15230] ? __pfx___sys_sendmmsg+0x10/0x10 [ 630.209052][T15230] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 630.209117][T15230] ? ksys_write+0x22a/0x250 [ 630.209141][T15230] ? __pfx_ksys_write+0x10/0x10 [ 630.209159][T15230] ? rcu_is_watching+0x15/0xb0 [ 630.209186][T15230] __x64_sys_sendmmsg+0xa0/0xc0 [ 630.209208][T15230] do_syscall_64+0xfa/0x3b0 [ 630.209230][T15230] ? lockdep_hardirqs_on+0x9c/0x150 [ 630.209251][T15230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.209268][T15230] ? clear_bhb_loop+0x60/0xb0 [ 630.209290][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.209307][T15230] RIP: 0033:0x7fa1ca18e9a9 [ 630.209323][T15230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.209336][T15230] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 630.209357][T15230] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 630.209370][T15230] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003 [ 630.209383][T15230] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 630.209395][T15230] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001 [ 630.209405][T15230] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 630.209434][T15230] [ 631.077572][T15242] overlayfs: failed to resolve './file0': -2 [ 631.097941][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 631.108916][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 631.122168][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 631.132367][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 631.183820][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 631.411540][ T5917] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71 [ 631.427592][ T5917] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 631.486246][ T5917] usb 1-1: USB disconnect, device number 56 [ 631.846316][T15243] chnl_net:caif_netlink_parms(): no params data found [ 632.176444][T15243] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.185352][T15243] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.192630][T15243] bridge_slave_0: entered allmulticast mode [ 632.201856][T15243] bridge_slave_0: entered promiscuous mode [ 632.210739][T15243] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.218103][T15243] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.225610][T15243] bridge_slave_1: entered allmulticast mode [ 632.232321][T15273] /dev/rnullb0: Can't open blockdev [ 632.242161][T15243] bridge_slave_1: entered promiscuous mode [ 632.334571][T15243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 632.354142][T15243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 632.481539][T15243] team0: Port device team_slave_0 added [ 632.506758][T15243] team0: Port device team_slave_1 added [ 632.629420][T15243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 632.647290][T15243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 632.710604][T15243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 632.736711][T15243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 632.753479][T15243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 632.801079][T15243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 632.847662][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.988993][T15243] hsr_slave_0: entered promiscuous mode [ 633.002830][T15243] hsr_slave_1: entered promiscuous mode [ 633.021498][T15243] debugfs: 'hsr0' already exists in 'hsr' [ 633.036655][T15243] Cannot create hsr debugfs directory [ 633.253218][T12567] Bluetooth: hci4: command tx timeout [ 633.492291][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.518597][T15299] syz.1.2983: attempt to access beyond end of device [ 633.518597][T15299] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 633.656125][T15243] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 633.679646][T15243] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 633.688322][T15304] FAULT_INJECTION: forcing a failure. [ 633.688322][T15304] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 633.706833][T15243] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 633.719906][T15243] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 633.727117][T15304] CPU: 0 UID: 0 PID: 15304 Comm: syz.4.2984 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 633.727141][T15304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 633.727152][T15304] Call Trace: [ 633.727159][T15304] [ 633.727167][T15304] dump_stack_lvl+0x189/0x250 [ 633.727193][T15304] ? __pfx____ratelimit+0x10/0x10 [ 633.727217][T15304] ? __pfx_dump_stack_lvl+0x10/0x10 [ 633.727239][T15304] ? __pfx__printk+0x10/0x10 [ 633.727263][T15304] ? fs_reclaim_acquire+0x7d/0x100 [ 633.727291][T15304] should_fail_ex+0x414/0x560 [ 633.727317][T15304] prepare_alloc_pages+0x213/0x610 [ 633.727346][T15304] __alloc_frozen_pages_noprof+0x123/0x370 [ 633.727372][T15304] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 633.727408][T15304] alloc_pages_bulk_noprof+0x560/0x710 [ 633.727430][T15304] ? rcu_is_watching+0x15/0xb0 [ 633.727453][T15304] ? trace_kmalloc+0x1f/0xd0 [ 633.727469][T15304] ? __kmalloc_noprof+0x29b/0x4f0 [ 633.727486][T15304] ? copy_splice_read+0x143/0x9b0 [ 633.727512][T15304] copy_splice_read+0x173/0x9b0 [ 633.727545][T15304] ? __pfx_copy_splice_read+0x10/0x10 [ 633.727564][T15304] ? look_up_lock_class+0x74/0x170 [ 633.727588][T15304] ? register_lock_class+0x51/0x320 [ 633.727611][T15304] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 633.727639][T15304] ? alloc_pipe_info+0x374/0x4d0 [ 633.727662][T15304] ? __pfx_copy_splice_read+0x10/0x10 [ 633.727682][T15304] splice_direct_to_actor+0x4a9/0xcc0 [ 633.727724][T15304] ? __pfx_direct_splice_actor+0x10/0x10 [ 633.727746][T15304] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 633.727778][T15304] do_splice_direct+0x181/0x270 [ 633.727803][T15304] ? __pfx_do_splice_direct+0x10/0x10 [ 633.727825][T15304] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 633.727855][T15304] ? rw_verify_area+0x255/0x4d0 [ 633.727879][T15304] do_sendfile+0x4da/0x7e0 [ 633.727896][T15304] ? __pfx_vfs_write+0x10/0x10 [ 633.727928][T15304] ? __pfx_do_sendfile+0x10/0x10 [ 633.727945][T15304] ? __fget_files+0x3a0/0x420 [ 633.727978][T15304] __se_sys_sendfile64+0x13e/0x190 [ 633.728005][T15304] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 633.728026][T15304] ? rcu_is_watching+0x15/0xb0 [ 633.728051][T15304] ? do_syscall_64+0xbe/0x3b0 [ 633.728076][T15304] do_syscall_64+0xfa/0x3b0 [ 633.728097][T15304] ? lockdep_hardirqs_on+0x9c/0x150 [ 633.728118][T15304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.728136][T15304] ? clear_bhb_loop+0x60/0xb0 [ 633.728157][T15304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.728174][T15304] RIP: 0033:0x7f3c5f18e9a9 [ 633.728190][T15304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.728206][T15304] RSP: 002b:00007f3c5ff1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 633.728225][T15304] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18e9a9 [ 633.728238][T15304] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 633.728249][T15304] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 633.728260][T15304] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 633.728271][T15304] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 633.728300][T15304] [ 634.210541][T15311] FAULT_INJECTION: forcing a failure. [ 634.210541][T15311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 634.272566][T15311] CPU: 0 UID: 0 PID: 15311 Comm: syz.4.2986 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 634.272593][T15311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 634.272604][T15311] Call Trace: [ 634.272612][T15311] [ 634.272621][T15311] dump_stack_lvl+0x189/0x250 [ 634.272649][T15311] ? __pfx____ratelimit+0x10/0x10 [ 634.272672][T15311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 634.272695][T15311] ? __pfx__printk+0x10/0x10 [ 634.272718][T15311] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 634.272747][T15311] should_fail_ex+0x414/0x560 [ 634.272772][T15311] _copy_from_user+0x2d/0xb0 [ 634.272792][T15311] sg_io+0x29f/0x8a0 [ 634.272820][T15311] scsi_ioctl+0x1399/0x1fb0 [ 634.272845][T15311] ? __pfx_scsi_ioctl+0x10/0x10 [ 634.272891][T15311] ? kasan_quarantine_put+0xdd/0x220 [ 634.272909][T15311] ? __pfx___might_resched+0x10/0x10 [ 634.272935][T15311] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 634.272963][T15311] ? scsi_block_when_processing_errors+0x390/0x470 [ 634.272986][T15311] ? __pfx_scsi_block_when_processing_errors+0x10/0x10 [ 634.273028][T15311] sg_ioctl+0x1886/0x2230 [ 634.273051][T15311] ? __pfx_sg_ioctl+0x10/0x10 [ 634.273068][T15311] ? __fget_files+0x2a/0x420 [ 634.273092][T15311] ? __fget_files+0x2a/0x420 [ 634.273120][T15311] ? __fget_files+0x3a0/0x420 [ 634.273141][T15311] ? __fget_files+0x2a/0x420 [ 634.273165][T15311] ? bpf_lsm_file_ioctl+0x9/0x20 [ 634.273183][T15311] ? __pfx_sg_ioctl+0x10/0x10 [ 634.273201][T15311] __se_sys_ioctl+0xf9/0x170 [ 634.273223][T15311] do_syscall_64+0xfa/0x3b0 [ 634.273245][T15311] ? lockdep_hardirqs_on+0x9c/0x150 [ 634.273265][T15311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.273282][T15311] ? clear_bhb_loop+0x60/0xb0 [ 634.273302][T15311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.273318][T15311] RIP: 0033:0x7f3c5f18e9a9 [ 634.273334][T15311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.273349][T15311] RSP: 002b:00007f3c5ff1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 634.273369][T15311] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18e9a9 [ 634.273383][T15311] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000006 [ 634.273396][T15311] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 634.273407][T15311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 634.273418][T15311] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 634.273447][T15311] [ 634.289349][T15243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.575209][T15243] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.596444][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.603667][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.625780][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.633022][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 635.258569][T15243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 635.333473][T12567] Bluetooth: hci4: command tx timeout [ 635.921123][ T30] audit: type=1326 audit(1753739978.875:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15350 comm="syz.1.2996" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa1ca18e9a9 code=0x0 [ 635.961465][ T5917] usb 1-1: new full-speed USB device number 57 using dummy_hcd [ 636.082941][T15243] veth0_vlan: entered promiscuous mode [ 636.116912][T15243] veth1_vlan: entered promiscuous mode [ 636.130653][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 636.153110][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.178649][ T5917] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 636.200965][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.218548][T15243] veth0_macvtap: entered promiscuous mode [ 636.229631][ T5917] usb 1-1: config 0 descriptor?? [ 636.247404][T15243] veth1_macvtap: entered promiscuous mode [ 636.298012][T15243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 636.316999][T15243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 636.342218][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.362268][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.391044][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.426424][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.510337][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.526408][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 636.574055][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.589601][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 636.680940][ T5917] hid_parser_main: 4 callbacks suppressed [ 636.680964][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.729079][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.736341][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.744660][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.751558][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.758885][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.781713][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.812738][ T5917] savu 0003:1E7D:2D5A.005A: unknown main item tag 0x0 [ 636.849054][ T5917] savu 0003:1E7D:2D5A.005A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 636.902913][ T5917] usb 1-1: USB disconnect, device number 57 [ 637.075451][T15357] fido_id[15357]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 637.339560][T15371] /dev/rnullb0: Can't open blockdev [ 637.412862][T12567] Bluetooth: hci4: command tx timeout [ 637.565833][T15377] /dev/rnullb0: Can't open blockdev [ 637.592420][T15378] /dev/rnullb0: Can't open blockdev [ 637.909088][T15387] FAULT_INJECTION: forcing a failure. [ 637.909088][T15387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 637.954975][T15387] CPU: 1 UID: 0 PID: 15387 Comm: syz.4.3009 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 637.955003][T15387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 637.955014][T15387] Call Trace: [ 637.955022][T15387] [ 637.955030][T15387] dump_stack_lvl+0x189/0x250 [ 637.955057][T15387] ? __pfx____ratelimit+0x10/0x10 [ 637.955080][T15387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 637.955102][T15387] ? __pfx__printk+0x10/0x10 [ 637.955139][T15387] should_fail_ex+0x414/0x560 [ 637.955167][T15387] __kvm_read_guest_page+0x18d/0x240 [ 637.955195][T15387] kvm_fetch_guest_virt+0x12b/0x170 [ 637.955218][T15387] ? __pfx_kvm_fetch_guest_virt+0x10/0x10 [ 637.955236][T15387] __do_insn_fetch_bytes+0x2f9/0x6d0 [ 637.955265][T15387] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 637.955286][T15387] ? rcu_is_watching+0x15/0xb0 [ 637.955308][T15387] ? trace_kvm_tdp_mmu_spte_changed+0x8a/0x220 [ 637.955328][T15387] ? handle_changed_spte+0x1cd/0x10a0 [ 637.955357][T15387] x86_decode_insn+0x33c/0x5310 [ 637.955392][T15387] ? kvm_tdp_mmu_map+0xd54/0x1d30 [ 637.955427][T15387] ? __pfx_x86_decode_insn+0x10/0x10 [ 637.955463][T15387] ? __asan_memset+0x22/0x50 [ 637.955487][T15387] ? init_decode_cache+0x78/0x90 [ 637.955508][T15387] ? init_emulate_ctxt+0x4d6/0x660 [ 637.955532][T15387] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 637.955555][T15387] ? __phys_addr+0xd3/0x180 [ 637.955576][T15387] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 637.955592][T15387] ? __get_current_cr3_fast+0x90/0x150 [ 637.955614][T15387] x86_emulate_instruction+0x60a/0x1ef0 [ 637.955645][T15387] ? vmx_vcpu_run+0x1743/0x2900 [ 637.955673][T15387] ? __pfx_x86_emulate_instruction+0x10/0x10 [ 637.955697][T15387] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 637.955718][T15387] ? __pfx_current_save_fsgs+0x10/0x10 [ 637.955742][T15387] ? __lock_acquire+0xab9/0xd20 [ 637.955762][T15387] ? handle_io+0x1e3/0x270 [ 637.955779][T15387] ? __pfx_handle_io+0x10/0x10 [ 637.955794][T15387] vmx_handle_exit+0x1090/0x18a0 [ 637.955825][T15387] ? vcpu_run+0x35f2/0x6fa0 [ 637.955856][T15387] vcpu_run+0x434f/0x6fa0 [ 637.955893][T15387] ? vcpu_run+0x35f2/0x6fa0 [ 637.955960][T15387] ? __pfx_vcpu_run+0x10/0x10 [ 637.955983][T15387] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 637.956012][T15387] ? rcu_is_watching+0x15/0xb0 [ 637.956036][T15387] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 637.956063][T15387] ? __mutex_trylock_common+0x153/0x260 [ 637.956087][T15387] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 637.956110][T15387] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 637.956132][T15387] ? rcu_is_watching+0x15/0xb0 [ 637.956152][T15387] ? trace_contention_end+0x39/0x120 [ 637.956173][T15387] ? __mutex_lock+0x335/0x1360 [ 637.956202][T15387] ? kasan_quarantine_put+0xdd/0x220 [ 637.956225][T15387] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 637.956249][T15387] ? __pfx___mutex_lock+0x10/0x10 [ 637.956273][T15387] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 637.956298][T15387] ? do_vfs_ioctl+0xbe8/0x1430 [ 637.956319][T15387] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 637.956343][T15387] kvm_vcpu_ioctl+0x95c/0xe90 [ 637.956372][T15387] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 637.956392][T15387] ? __lock_acquire+0xab9/0xd20 [ 637.956432][T15387] ? __fget_files+0x2a/0x420 [ 637.956459][T15387] ? __fget_files+0x2a/0x420 [ 637.956480][T15387] ? __fget_files+0x3a0/0x420 [ 637.956501][T15387] ? __fget_files+0x2a/0x420 [ 637.956526][T15387] ? bpf_lsm_file_ioctl+0x9/0x20 [ 637.956544][T15387] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 637.956567][T15387] __se_sys_ioctl+0xf9/0x170 [ 637.956590][T15387] do_syscall_64+0xfa/0x3b0 [ 637.956611][T15387] ? lockdep_hardirqs_on+0x9c/0x150 [ 637.956632][T15387] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.956648][T15387] ? clear_bhb_loop+0x60/0xb0 [ 637.956669][T15387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.956685][T15387] RIP: 0033:0x7f3c5f18e9a9 [ 637.956703][T15387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.956717][T15387] RSP: 002b:00007f3c5ff1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 637.956737][T15387] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18e9a9 [ 637.956749][T15387] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 637.956761][T15387] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 637.956772][T15387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.956782][T15387] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 637.956812][T15387] [ 638.886666][T15408] FAULT_INJECTION: forcing a failure. [ 638.886666][T15408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.931767][T15408] CPU: 0 UID: 0 PID: 15408 Comm: syz.0.3015 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 638.931794][T15408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 638.931805][T15408] Call Trace: [ 638.931811][T15408] [ 638.931820][T15408] dump_stack_lvl+0x189/0x250 [ 638.931848][T15408] ? __pfx____ratelimit+0x10/0x10 [ 638.931871][T15408] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.931894][T15408] ? __pfx__printk+0x10/0x10 [ 638.931925][T15408] should_fail_ex+0x414/0x560 [ 638.931952][T15408] _copy_to_user+0x31/0xb0 [ 638.931972][T15408] simple_read_from_buffer+0xe1/0x170 [ 638.931999][T15408] proc_fail_nth_read+0x1b3/0x220 [ 638.932019][T15408] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 638.932039][T15408] ? rw_verify_area+0x2a6/0x4d0 [ 638.932057][T15408] ? __lock_acquire+0xab9/0xd20 [ 638.932074][T15408] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 638.932094][T15408] vfs_read+0x1fd/0x980 [ 638.932114][T15408] ? fdget_pos+0x247/0x320 [ 638.932133][T15408] ? __pfx___mutex_lock+0x10/0x10 [ 638.932158][T15408] ? __pfx_vfs_read+0x10/0x10 [ 638.932180][T15408] ? __fget_files+0x2a/0x420 [ 638.932207][T15408] ? __fget_files+0x3a0/0x420 [ 638.932228][T15408] ? __fget_files+0x2a/0x420 [ 638.932259][T15408] ksys_read+0x145/0x250 [ 638.932282][T15408] ? __pfx_ksys_read+0x10/0x10 [ 638.932301][T15408] ? rcu_is_watching+0x15/0xb0 [ 638.932327][T15408] ? do_syscall_64+0xbe/0x3b0 [ 638.932352][T15408] do_syscall_64+0xfa/0x3b0 [ 638.932371][T15408] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.932393][T15408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.932410][T15408] ? clear_bhb_loop+0x60/0xb0 [ 638.932432][T15408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.932449][T15408] RIP: 0033:0x7fbd1bb8d3bc [ 638.932465][T15408] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 638.932487][T15408] RSP: 002b:00007fbd1c95d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 638.932506][T15408] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8d3bc [ 638.932520][T15408] RDX: 000000000000000f RSI: 00007fbd1c95d0a0 RDI: 0000000000000005 [ 638.932531][T15408] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 638.932542][T15408] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 638.932553][T15408] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 638.932583][T15408] [ 638.972061][ T24] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 639.341487][T15419] /dev/rnullb0: Can't open blockdev [ 639.341895][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 639.369157][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 639.401626][ T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 639.464657][ T24] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 639.482401][ T24] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 639.492268][ T51] Bluetooth: hci4: command tx timeout [ 639.515431][ T24] usb 5-1: Product: syz [ 639.529424][ T24] usb 5-1: Manufacturer: syz [ 639.544332][ T24] usb 5-1: SerialNumber: syz [ 639.592276][ T24] usb 5-1: config 0 descriptor?? [ 639.804695][T15431] syz.5.3022: attempt to access beyond end of device [ 639.804695][T15431] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 639.822145][T15431] SQUASHFS error: Failed to read block 0x0: -5 [ 639.828596][T15431] unable to read squashfs_super_block [ 639.851126][ T24] usb 5-1: USB disconnect, device number 94 [ 640.321527][T15442] FAULT_INJECTION: forcing a failure. [ 640.321527][T15442] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 640.334895][T15442] CPU: 1 UID: 0 PID: 15442 Comm: syz.1.3028 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 640.334922][T15442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 640.334933][T15442] Call Trace: [ 640.334941][T15442] [ 640.334950][T15442] dump_stack_lvl+0x189/0x250 [ 640.334977][T15442] ? __pfx____ratelimit+0x10/0x10 [ 640.335001][T15442] ? __pfx_dump_stack_lvl+0x10/0x10 [ 640.335022][T15442] ? __pfx__printk+0x10/0x10 [ 640.335045][T15442] ? __might_fault+0xb0/0x130 [ 640.335075][T15442] should_fail_ex+0x414/0x560 [ 640.335102][T15442] _copy_from_user+0x2d/0xb0 [ 640.335122][T15442] memdup_user+0x5e/0xd0 [ 640.335145][T15442] strndup_user+0x68/0xd0 [ 640.335168][T15442] __se_sys_mount+0xde/0x410 [ 640.335192][T15442] ? ksys_write+0x22a/0x250 [ 640.335215][T15442] ? __pfx___se_sys_mount+0x10/0x10 [ 640.335236][T15442] ? rcu_is_watching+0x15/0xb0 [ 640.335262][T15442] ? do_syscall_64+0xbe/0x3b0 [ 640.335283][T15442] ? __x64_sys_mount+0x20/0xc0 [ 640.335307][T15442] do_syscall_64+0xfa/0x3b0 [ 640.335328][T15442] ? lockdep_hardirqs_on+0x9c/0x150 [ 640.335348][T15442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.335364][T15442] ? clear_bhb_loop+0x60/0xb0 [ 640.335385][T15442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.335402][T15442] RIP: 0033:0x7fa1ca18e9a9 [ 640.335419][T15442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 640.335434][T15442] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 640.335453][T15442] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 640.335467][T15442] RDX: 0000200000000380 RSI: 0000200000000200 RDI: 0000200000000000 [ 640.335479][T15442] RBP: 00007fa1cb0d0090 R08: 0000200000000240 R09: 0000000000000000 [ 640.335491][T15442] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 640.335502][T15442] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 640.335530][T15442] [ 640.760568][T15447] /dev/rnullb0: Can't open blockdev [ 640.981919][ T9] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 641.059603][T15453] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 641.091831][ T120] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 641.162357][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 641.182618][ T9] usb 2-1: too many configurations: 161, using maximum allowed: 8 [ 641.204291][ T9] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 149 [ 641.216509][ T9] usb 2-1: can't read configurations, error -22 [ 641.252964][ T120] usb 5-1: Using ep0 maxpacket: 16 [ 641.260035][ T120] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 641.282803][ T120] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 641.300454][ T120] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 641.328817][ T120] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 641.351626][ T9] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 641.368859][T15457] FAULT_INJECTION: forcing a failure. [ 641.368859][T15457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 641.385911][ T120] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 641.406362][T15457] CPU: 0 UID: 0 PID: 15457 Comm: syz.0.3034 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 641.406386][T15457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 641.406397][T15457] Call Trace: [ 641.406405][T15457] [ 641.406414][T15457] dump_stack_lvl+0x189/0x250 [ 641.406439][T15457] ? __pfx____ratelimit+0x10/0x10 [ 641.406466][T15457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 641.406497][T15457] ? __pfx__printk+0x10/0x10 [ 641.406530][T15457] should_fail_ex+0x414/0x560 [ 641.406556][T15457] _copy_to_user+0x31/0xb0 [ 641.406576][T15457] simple_read_from_buffer+0xe1/0x170 [ 641.406603][T15457] proc_fail_nth_read+0x1b3/0x220 [ 641.406625][T15457] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 641.406644][T15457] ? rw_verify_area+0x2a6/0x4d0 [ 641.406662][T15457] ? __lock_acquire+0xab9/0xd20 [ 641.406678][T15457] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 641.406697][T15457] vfs_read+0x1fd/0x980 [ 641.406715][T15457] ? fdget_pos+0x247/0x320 [ 641.406733][T15457] ? __pfx___mutex_lock+0x10/0x10 [ 641.406757][T15457] ? __pfx_vfs_read+0x10/0x10 [ 641.406779][T15457] ? __fget_files+0x2a/0x420 [ 641.406806][T15457] ? __fget_files+0x3a0/0x420 [ 641.406825][T15457] ? __fget_files+0x2a/0x420 [ 641.406855][T15457] ksys_read+0x145/0x250 [ 641.406877][T15457] ? __pfx_ksys_read+0x10/0x10 [ 641.406895][T15457] ? rcu_is_watching+0x15/0xb0 [ 641.406921][T15457] ? do_syscall_64+0xbe/0x3b0 [ 641.406947][T15457] do_syscall_64+0xfa/0x3b0 [ 641.406967][T15457] ? lockdep_hardirqs_on+0x9c/0x150 [ 641.406990][T15457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.407007][T15457] ? clear_bhb_loop+0x60/0xb0 [ 641.407029][T15457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.407046][T15457] RIP: 0033:0x7fbd1bb8d3bc [ 641.407062][T15457] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 641.407076][T15457] RSP: 002b:00007fbd1c95d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 641.407096][T15457] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8d3bc [ 641.407109][T15457] RDX: 000000000000000f RSI: 00007fbd1c95d0a0 RDI: 0000000000000004 [ 641.407120][T15457] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 641.407132][T15457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 641.407142][T15457] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 641.407172][T15457] [ 641.408405][ T120] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 641.827596][ T120] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 641.837595][ T120] usb 5-1: Manufacturer: syz [ 641.842379][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 641.849223][ T9] usb 2-1: too many configurations: 161, using maximum allowed: 8 [ 641.859244][ T9] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 149 [ 641.868257][ T9] usb 2-1: can't read configurations, error -22 [ 641.915052][ T9] usb usb2-port1: attempt power cycle [ 641.935930][ T120] usb 5-1: config 0 descriptor?? [ 641.963409][T15471] FAULT_INJECTION: forcing a failure. [ 641.963409][T15471] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 641.979626][T15471] CPU: 1 UID: 0 PID: 15471 Comm: syz.0.3039 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 641.979653][T15471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 641.979665][T15471] Call Trace: [ 641.979672][T15471] [ 641.979681][T15471] dump_stack_lvl+0x189/0x250 [ 641.979709][T15471] ? __pfx____ratelimit+0x10/0x10 [ 641.979733][T15471] ? __pfx_dump_stack_lvl+0x10/0x10 [ 641.979755][T15471] ? __pfx__printk+0x10/0x10 [ 641.979790][T15471] should_fail_ex+0x414/0x560 [ 641.979816][T15471] _copy_to_user+0x31/0xb0 [ 641.979838][T15471] simple_read_from_buffer+0xe1/0x170 [ 641.979866][T15471] proc_fail_nth_read+0x1b3/0x220 [ 641.979888][T15471] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 641.979910][T15471] ? rw_verify_area+0x2a6/0x4d0 [ 641.979930][T15471] ? __lock_acquire+0xab9/0xd20 [ 641.979946][T15471] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 641.979967][T15471] vfs_read+0x1fd/0x980 [ 641.979987][T15471] ? fdget_pos+0x247/0x320 [ 641.980007][T15471] ? __pfx___mutex_lock+0x10/0x10 [ 641.980031][T15471] ? __pfx_vfs_read+0x10/0x10 [ 641.980053][T15471] ? __fget_files+0x2a/0x420 [ 641.980080][T15471] ? __fget_files+0x3a0/0x420 [ 641.980102][T15471] ? __fget_files+0x2a/0x420 [ 641.980134][T15471] ksys_read+0x145/0x250 [ 641.980157][T15471] ? __pfx_ksys_read+0x10/0x10 [ 641.980182][T15471] ? rcu_is_watching+0x15/0xb0 [ 641.980209][T15471] ? do_syscall_64+0xbe/0x3b0 [ 641.980235][T15471] do_syscall_64+0xfa/0x3b0 [ 641.980256][T15471] ? lockdep_hardirqs_on+0x9c/0x150 [ 641.980277][T15471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.980294][T15471] ? clear_bhb_loop+0x60/0xb0 [ 641.980315][T15471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.980332][T15471] RIP: 0033:0x7fbd1bb8d3bc [ 641.980349][T15471] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 641.980365][T15471] RSP: 002b:00007fbd1c95d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 641.980385][T15471] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8d3bc [ 641.980398][T15471] RDX: 000000000000000f RSI: 00007fbd1c95d0a0 RDI: 0000000000000004 [ 641.980410][T15471] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 641.980421][T15471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 641.980430][T15471] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 641.980459][T15471] [ 642.331802][ T9] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 642.363565][ T5854] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 642.384893][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 642.395204][ T9] usb 2-1: too many configurations: 161, using maximum allowed: 8 [ 642.406651][ T9] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 149 [ 642.421457][ T120] rc_core: IR keymap rc-hauppauge not found [ 642.428842][ T9] usb 2-1: can't read configurations, error -22 [ 642.447717][ T120] Registered IR keymap rc-empty [ 642.460695][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.476681][ T30] audit: type=1326 audit(1753739985.436:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15474 comm="syz.0.3040" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd1bb8e9a9 code=0x0 [ 642.521775][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.534504][ T5854] usb 6-1: unable to get BOS descriptor or descriptor too short [ 642.545834][ T5854] usb 6-1: not running at top speed; connect to a high speed hub [ 642.556362][ T5854] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 642.563627][ T120] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 642.570347][ T5854] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 642.596392][ T5854] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 642.604384][ T120] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input116 [ 642.605799][ T5854] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.619745][ T9] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 642.630749][ T5854] usb 6-1: Product: syz [ 642.645787][ T5854] usb 6-1: Manufacturer: syz [ 642.650514][ T5854] usb 6-1: SerialNumber: syz [ 642.658576][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.671881][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 642.683799][ T9] usb 2-1: too many configurations: 161, using maximum allowed: 8 [ 642.707849][ T9] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 149 [ 642.721346][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.741312][ T9] usb 2-1: can't read configurations, error -22 [ 642.752751][ T9] usb usb2-port1: unable to enumerate USB device [ 642.759200][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.784243][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.832766][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.853071][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.868285][T15469] /dev/rnullb0: Can't open blockdev [ 642.881653][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.888740][ T5854] usb 6-1: 0:2 : does not exist [ 642.895240][ T5854] usb 6-1: unit 6 not found! [ 642.907228][ T5854] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 642.924108][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 642.930418][ T5854] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 642.954477][ T5854] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5) [ 642.971478][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 643.000261][ T5854] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5) [ 643.011325][ T120] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 643.016790][ T5854] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5) [ 643.048800][ T5854] usb 6-1: USB disconnect, device number 2 [ 643.051645][ T120] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 643.081430][ T120] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 643.128953][ T120] usb 5-1: USB disconnect, device number 95 [ 643.299184][T15481] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 643.821156][ T120] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 643.930116][T15495] FAULT_INJECTION: forcing a failure. [ 643.930116][T15495] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 643.973240][T15495] CPU: 1 UID: 0 PID: 15495 Comm: syz.1.3047 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 643.973267][T15495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 643.973278][T15495] Call Trace: [ 643.973286][T15495] [ 643.973296][T15495] dump_stack_lvl+0x189/0x250 [ 643.973323][T15495] ? __pfx____ratelimit+0x10/0x10 [ 643.973346][T15495] ? __pfx_dump_stack_lvl+0x10/0x10 [ 643.973368][T15495] ? __pfx__printk+0x10/0x10 [ 643.973402][T15495] should_fail_ex+0x414/0x560 [ 643.973429][T15495] _copy_to_user+0x31/0xb0 [ 643.973450][T15495] simple_read_from_buffer+0xe1/0x170 [ 643.973478][T15495] proc_fail_nth_read+0x1b3/0x220 [ 643.973501][T15495] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 643.973523][T15495] ? rw_verify_area+0x2a6/0x4d0 [ 643.973543][T15495] ? __lock_acquire+0xab9/0xd20 [ 643.973561][T15495] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 643.973581][T15495] vfs_read+0x1fd/0x980 [ 643.973600][T15495] ? fdget_pos+0x247/0x320 [ 643.973620][T15495] ? __pfx___mutex_lock+0x10/0x10 [ 643.973643][T15495] ? __pfx_vfs_read+0x10/0x10 [ 643.973664][T15495] ? __fget_files+0x2a/0x420 [ 643.973692][T15495] ? __fget_files+0x3a0/0x420 [ 643.973713][T15495] ? __fget_files+0x2a/0x420 [ 643.973744][T15495] ksys_read+0x145/0x250 [ 643.973767][T15495] ? __pfx_ksys_read+0x10/0x10 [ 643.973785][T15495] ? rcu_is_watching+0x15/0xb0 [ 643.973811][T15495] ? do_syscall_64+0xbe/0x3b0 [ 643.973839][T15495] do_syscall_64+0xfa/0x3b0 [ 643.973859][T15495] ? lockdep_hardirqs_on+0x9c/0x150 [ 643.973881][T15495] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.973898][T15495] ? clear_bhb_loop+0x60/0xb0 [ 643.973920][T15495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.973937][T15495] RIP: 0033:0x7fa1ca18d3bc [ 643.973953][T15495] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 643.973967][T15495] RSP: 002b:00007fa1cb0d0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 643.973993][T15495] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18d3bc [ 643.974007][T15495] RDX: 000000000000000f RSI: 00007fa1cb0d00a0 RDI: 0000000000000004 [ 643.974018][T15495] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 643.974030][T15495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.974041][T15495] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 643.974069][T15495] [ 644.468296][ T120] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 644.514402][ T120] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.518038][T15501] netlink: 'syz.1.3048': attribute type 5 has an invalid length. [ 644.544025][T15501] nbd: nbd1 already in use [ 644.557328][ T120] usb 6-1: Product: syz [ 644.567721][ T120] usb 6-1: Manufacturer: syz [ 644.581670][ T120] usb 6-1: SerialNumber: syz [ 644.624369][ T120] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 644.662231][ T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 644.781006][ T5917] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 644.902869][ T5938] usb 6-1: USB disconnect, device number 3 [ 644.970916][ T5917] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 644.994143][ T5917] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 645.023052][ T5917] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 645.040903][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.051153][T12386] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 645.059235][ T5917] usb 5-1: Product: syz [ 645.069394][ T5917] usb 5-1: Manufacturer: syz [ 645.074184][ T5917] usb 5-1: SerialNumber: syz [ 645.114388][ T5917] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 645.230915][T12386] usb 1-1: Using ep0 maxpacket: 8 [ 645.243923][T12386] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 645.260855][T12386] usb 1-1: config 179 has no interface number 0 [ 645.277362][T12386] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 645.300270][T12386] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 645.318334][ T5917] usb 5-1: USB disconnect, device number 96 [ 645.342124][T12386] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 645.383251][T12386] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 645.415525][T12386] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 645.449333][T12386] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 645.469557][T12386] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.496176][T15504] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 645.741592][ T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 645.753441][T12386] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input117 [ 645.760384][ T9] ath9k_htc: Failed to initialize the device [ 645.804785][ T5938] usb 6-1: ath9k_htc: USB layer deinitialized [ 645.927024][T15504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.946356][T15504] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.150933][ T30] audit: type=1326 audit(1753739989.107:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.4.3052" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c5f18e9a9 code=0x0 [ 647.149926][T15527] FAULT_INJECTION: forcing a failure. [ 647.149926][T15527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.193431][ T30] audit: type=1326 audit(1753739990.147:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15523 comm="syz.1.3057" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa1ca18e9a9 code=0x0 [ 647.199346][T15527] CPU: 0 UID: 0 PID: 15527 Comm: syz.4.3058 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 647.199374][T15527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 647.199386][T15527] Call Trace: [ 647.199393][T15527] [ 647.199401][T15527] dump_stack_lvl+0x189/0x250 [ 647.199429][T15527] ? __pfx____ratelimit+0x10/0x10 [ 647.199452][T15527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 647.199473][T15527] ? __pfx__printk+0x10/0x10 [ 647.199507][T15527] should_fail_ex+0x414/0x560 [ 647.199533][T15527] _copy_to_user+0x31/0xb0 [ 647.199553][T15527] simple_read_from_buffer+0xe1/0x170 [ 647.199581][T15527] proc_fail_nth_read+0x1b3/0x220 [ 647.199603][T15527] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 647.199624][T15527] ? rw_verify_area+0x2a6/0x4d0 [ 647.199643][T15527] ? __lock_acquire+0xab9/0xd20 [ 647.199659][T15527] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 647.199679][T15527] vfs_read+0x1fd/0x980 [ 647.199704][T15527] ? fdget_pos+0x247/0x320 [ 647.199724][T15527] ? __pfx___mutex_lock+0x10/0x10 [ 647.199746][T15527] ? __pfx_vfs_read+0x10/0x10 [ 647.199768][T15527] ? __fget_files+0x2a/0x420 [ 647.199795][T15527] ? __fget_files+0x3a0/0x420 [ 647.199815][T15527] ? __fget_files+0x2a/0x420 [ 647.199845][T15527] ksys_read+0x145/0x250 [ 647.199868][T15527] ? __pfx_ksys_read+0x10/0x10 [ 647.199885][T15527] ? rcu_is_watching+0x15/0xb0 [ 647.199911][T15527] ? do_syscall_64+0xbe/0x3b0 [ 647.199936][T15527] do_syscall_64+0xfa/0x3b0 [ 647.199956][T15527] ? lockdep_hardirqs_on+0x9c/0x150 [ 647.199977][T15527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.199994][T15527] ? clear_bhb_loop+0x60/0xb0 [ 647.200014][T15527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.200030][T15527] RIP: 0033:0x7f3c5f18d3bc [ 647.200045][T15527] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 647.200059][T15527] RSP: 002b:00007f3c5ff1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 647.200078][T15527] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18d3bc [ 647.200091][T15527] RDX: 000000000000000f RSI: 00007f3c5ff1f0a0 RDI: 0000000000000007 [ 647.200101][T15527] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 647.200113][T15527] R10: 00000000000000fd R11: 0000000000000246 R12: 0000000000000001 [ 647.200123][T15527] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 647.200150][T15527] [ 647.431902][T15531] fuse: Unknown parameter 'rootmo`e' [ 647.502283][T15524] kexec: Could not allocate control_code_buffer [ 647.918483][ T5854] usb 1-1: USB disconnect, device number 58 [ 647.918555][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 647.918604][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 647.997550][T15542] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3064'. [ 648.044048][T15543] netlink: 14601 bytes leftover after parsing attributes in process `syz.5.3063'. [ 648.077369][ T30] audit: type=1326 audit(1753739991.037:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15545 comm="syz.4.3066" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c5f18e9a9 code=0x0 [ 648.778917][T15541] delete_channel: no stack [ 649.270274][ T24] psmouse serio3: Failed to reset mouse on : -5 [ 649.485058][T15569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3072'. [ 649.964143][T15581] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 650.005916][T15581] /dev/rnullb0: Can't open blockdev [ 650.095987][ T30] audit: type=1326 audit(1753739993.058:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15584 comm="syz.0.3077" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd1bb8e9a9 code=0x0 [ 650.175261][T15588] netlink: 'syz.4.3078': attribute type 5 has an invalid length. [ 650.224692][T15588] nbd: nbd4 already in use [ 651.118736][T15601] FAULT_INJECTION: forcing a failure. [ 651.118736][T15601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 651.172916][T15601] CPU: 0 UID: 0 PID: 15601 Comm: syz.0.3082 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 651.172942][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 651.172953][T15601] Call Trace: [ 651.172961][T15601] [ 651.172969][T15601] dump_stack_lvl+0x189/0x250 [ 651.172997][T15601] ? __pfx____ratelimit+0x10/0x10 [ 651.173021][T15601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 651.173043][T15601] ? __pfx__printk+0x10/0x10 [ 651.173065][T15601] ? __might_fault+0xb0/0x130 [ 651.173097][T15601] should_fail_ex+0x414/0x560 [ 651.173124][T15601] _copy_from_user+0x2d/0xb0 [ 651.173144][T15601] kstrtouint_from_user+0xc4/0x170 [ 651.173171][T15601] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 651.173212][T15601] proc_fail_nth_write+0x88/0x200 [ 651.173233][T15601] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 651.173257][T15601] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 651.173282][T15601] vfs_write+0x27b/0xa90 [ 651.173313][T15601] ? __pfx_vfs_write+0x10/0x10 [ 651.173335][T15601] ? __fget_files+0x2a/0x420 [ 651.173363][T15601] ? __fget_files+0x3a0/0x420 [ 651.173384][T15601] ? __fget_files+0x2a/0x420 [ 651.173415][T15601] ksys_write+0x145/0x250 [ 651.173439][T15601] ? __pfx_ksys_write+0x10/0x10 [ 651.173466][T15601] ? do_syscall_64+0xbe/0x3b0 [ 651.173493][T15601] do_syscall_64+0xfa/0x3b0 [ 651.173513][T15601] ? lockdep_hardirqs_on+0x9c/0x150 [ 651.173535][T15601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.173553][T15601] ? clear_bhb_loop+0x60/0xb0 [ 651.173574][T15601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.173591][T15601] RIP: 0033:0x7fbd1bb8d45f [ 651.173608][T15601] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 651.173623][T15601] RSP: 002b:00007fbd1c93c030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 651.173649][T15601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbd1bb8d45f [ 651.173662][T15601] RDX: 0000000000000001 RSI: 00007fbd1c93c0a0 RDI: 0000000000000004 [ 651.173674][T15601] RBP: 00007fbd1c93c090 R08: 0000000000000000 R09: 0000000000000000 [ 651.173684][T15601] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 651.173695][T15601] R13: 0000000000000000 R14: 00007fbd1bdb6080 R15: 00007fffcf06eb98 [ 651.173725][T15601] [ 651.860004][ T5854] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 651.882113][T15607] FAULT_INJECTION: forcing a failure. [ 651.882113][T15607] name failslab, interval 1, probability 0, space 0, times 0 [ 651.905525][T15607] CPU: 0 UID: 0 PID: 15607 Comm: syz.0.3084 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 651.905549][T15607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 651.905559][T15607] Call Trace: [ 651.905566][T15607] [ 651.905574][T15607] dump_stack_lvl+0x189/0x250 [ 651.905601][T15607] ? __pfx____ratelimit+0x10/0x10 [ 651.905624][T15607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 651.905646][T15607] ? __pfx__printk+0x10/0x10 [ 651.905670][T15607] ? __pfx___might_resched+0x10/0x10 [ 651.905690][T15607] ? fs_reclaim_acquire+0x7d/0x100 [ 651.905715][T15607] should_fail_ex+0x414/0x560 [ 651.905740][T15607] should_failslab+0xa8/0x100 [ 651.905761][T15607] kmem_cache_alloc_noprof+0x73/0x3c0 [ 651.905780][T15607] ? security_file_alloc+0x34/0x330 [ 651.905805][T15607] security_file_alloc+0x34/0x330 [ 651.905827][T15607] init_file+0x93/0x2f0 [ 651.905847][T15607] alloc_empty_file+0x6e/0x1d0 [ 651.905865][T15607] path_openat+0x107/0x3830 [ 651.905883][T15607] ? arch_stack_walk+0xfc/0x150 [ 651.905932][T15607] ? kasan_save_track+0x4f/0x80 [ 651.905947][T15607] ? kasan_save_track+0x3e/0x80 [ 651.905962][T15607] ? __kasan_slab_alloc+0x6c/0x80 [ 651.905979][T15607] ? getname_flags+0xb8/0x540 [ 651.905995][T15607] ? __pfx_path_openat+0x10/0x10 [ 651.906013][T15607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.906049][T15607] do_filp_open+0x1fa/0x410 [ 651.906067][T15607] ? __lock_acquire+0xab9/0xd20 [ 651.906087][T15607] ? __pfx_do_filp_open+0x10/0x10 [ 651.906129][T15607] ? _raw_spin_unlock+0x28/0x50 [ 651.906149][T15607] ? alloc_fd+0x64c/0x6c0 [ 651.906182][T15607] do_sys_openat2+0x121/0x1c0 [ 651.906203][T15607] ? __pfx_do_sys_openat2+0x10/0x10 [ 651.906221][T15607] ? ksys_write+0x22a/0x250 [ 651.906245][T15607] ? __pfx_ksys_write+0x10/0x10 [ 651.906269][T15607] __x64_sys_openat+0x138/0x170 [ 651.906293][T15607] do_syscall_64+0xfa/0x3b0 [ 651.906315][T15607] ? lockdep_hardirqs_on+0x9c/0x150 [ 651.906344][T15607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.906361][T15607] ? clear_bhb_loop+0x60/0xb0 [ 651.906382][T15607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.906399][T15607] RIP: 0033:0x7fbd1bb8e9a9 [ 651.906415][T15607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 651.906431][T15607] RSP: 002b:00007fbd1c93c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 651.906450][T15607] RAX: ffffffffffffffda RBX: 00007fbd1bdb6080 RCX: 00007fbd1bb8e9a9 [ 651.906463][T15607] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 651.906476][T15607] RBP: 00007fbd1c93c090 R08: 0000000000000000 R09: 0000000000000000 [ 651.906487][T15607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 651.906497][T15607] R13: 0000000000000001 R14: 00007fbd1bdb6080 R15: 00007fffcf06eb98 [ 651.906526][T15607] [ 652.009766][ T5854] usb 6-1: device descriptor read/64, error -71 [ 652.219858][T15609] FAULT_INJECTION: forcing a failure. [ 652.219858][T15609] name failslab, interval 1, probability 0, space 0, times 0 [ 652.255705][T15609] CPU: 0 UID: 0 PID: 15609 Comm: syz.0.3085 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 652.255733][T15609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 652.255744][T15609] Call Trace: [ 652.255752][T15609] [ 652.255760][T15609] dump_stack_lvl+0x189/0x250 [ 652.255789][T15609] ? __pfx____ratelimit+0x10/0x10 [ 652.255812][T15609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 652.255835][T15609] ? __pfx__printk+0x10/0x10 [ 652.255863][T15609] ? __pfx___might_resched+0x10/0x10 [ 652.255883][T15609] ? fs_reclaim_acquire+0x7d/0x100 [ 652.255910][T15609] should_fail_ex+0x414/0x560 [ 652.255937][T15609] should_failslab+0xa8/0x100 [ 652.255959][T15609] __kmalloc_cache_noprof+0x70/0x3d0 [ 652.255978][T15609] ? fuse_lookup_name+0x1b5/0x860 [ 652.256004][T15609] fuse_lookup_name+0x1b5/0x860 [ 652.256031][T15609] ? __lock_acquire+0xab9/0xd20 [ 652.256053][T15609] ? __pfx_fuse_lookup_name+0x10/0x10 [ 652.256073][T15609] ? fuse_lock_inode+0xd3/0x120 [ 652.256108][T15609] ? percpu_ref_get_many+0x19/0x140 [ 652.256143][T15609] fuse_lookup+0x1e9/0x640 [ 652.256171][T15609] ? __pfx_fuse_lookup+0x10/0x10 [ 652.256188][T15609] ? do_raw_spin_lock+0x121/0x290 [ 652.256223][T15609] ? do_raw_spin_unlock+0x122/0x240 [ 652.256250][T15609] ? _raw_spin_unlock+0x28/0x50 [ 652.256277][T15609] ? d_alloc+0x144/0x190 [ 652.256299][T15609] lookup_one_qstr_excl+0x12e/0x360 [ 652.256323][T15609] filename_create+0x224/0x3c0 [ 652.256350][T15609] ? __pfx_filename_create+0x10/0x10 [ 652.256382][T15609] do_mknodat+0x184/0x4d0 [ 652.256406][T15609] ? __pfx_do_mknodat+0x10/0x10 [ 652.256429][T15609] ? getname_flags+0x1e5/0x540 [ 652.256450][T15609] __x64_sys_mknod+0x8c/0xa0 [ 652.256471][T15609] do_syscall_64+0xfa/0x3b0 [ 652.256493][T15609] ? lockdep_hardirqs_on+0x9c/0x150 [ 652.256514][T15609] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.256532][T15609] ? clear_bhb_loop+0x60/0xb0 [ 652.256553][T15609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.256571][T15609] RIP: 0033:0x7fbd1bb8e9a9 [ 652.256588][T15609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.256603][T15609] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 652.256623][T15609] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 652.256636][T15609] RDX: 0000000000000700 RSI: 00000000a002c000 RDI: 00002000000002c0 [ 652.256649][T15609] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 652.256661][T15609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.256672][T15609] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 652.256704][T15609] [ 652.450111][ T5854] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 652.749776][ T5854] usb 6-1: device descriptor read/64, error -71 [ 652.861474][ T5854] usb usb6-port1: attempt power cycle [ 653.039845][ T24] misc userio: Buffer overflowed, userio client isn't keeping up [ 653.209711][ T5854] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 653.241736][ T5854] usb 6-1: device descriptor read/8, error -71 [ 653.489535][ T5854] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 653.511145][ T5854] usb 6-1: device descriptor read/8, error -71 [ 653.624479][ T5854] usb usb6-port1: unable to enumerate USB device [ 653.822691][T15625] FAULT_INJECTION: forcing a failure. [ 653.822691][T15625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.838984][T15625] CPU: 1 UID: 0 PID: 15625 Comm: syz.4.3090 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 653.839011][T15625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 653.839023][T15625] Call Trace: [ 653.839031][T15625] [ 653.839039][T15625] dump_stack_lvl+0x189/0x250 [ 653.839067][T15625] ? __pfx____ratelimit+0x10/0x10 [ 653.839097][T15625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.839120][T15625] ? __pfx__printk+0x10/0x10 [ 653.839156][T15625] should_fail_ex+0x414/0x560 [ 653.839182][T15625] _copy_to_user+0x31/0xb0 [ 653.839204][T15625] simple_read_from_buffer+0xe1/0x170 [ 653.839231][T15625] proc_fail_nth_read+0x1b3/0x220 [ 653.839254][T15625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 653.839276][T15625] ? rw_verify_area+0x2a6/0x4d0 [ 653.839296][T15625] ? __lock_acquire+0xab9/0xd20 [ 653.839314][T15625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 653.839337][T15625] vfs_read+0x1fd/0x980 [ 653.839355][T15625] ? fdget_pos+0x247/0x320 [ 653.839373][T15625] ? __pfx___mutex_lock+0x10/0x10 [ 653.839395][T15625] ? __pfx_vfs_read+0x10/0x10 [ 653.839416][T15625] ? __fget_files+0x2a/0x420 [ 653.839442][T15625] ? __fget_files+0x3a0/0x420 [ 653.839463][T15625] ? __fget_files+0x2a/0x420 [ 653.839493][T15625] ksys_read+0x145/0x250 [ 653.839516][T15625] ? __pfx_ksys_read+0x10/0x10 [ 653.839533][T15625] ? rcu_is_watching+0x15/0xb0 [ 653.839560][T15625] ? do_syscall_64+0xbe/0x3b0 [ 653.839586][T15625] do_syscall_64+0xfa/0x3b0 [ 653.839607][T15625] ? lockdep_hardirqs_on+0x9c/0x150 [ 653.839629][T15625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.839646][T15625] ? clear_bhb_loop+0x60/0xb0 [ 653.839668][T15625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.839685][T15625] RIP: 0033:0x7f3c5f18d3bc [ 653.839702][T15625] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 653.839718][T15625] RSP: 002b:00007f3c5ff1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 653.839737][T15625] RAX: ffffffffffffffda RBX: 00007f3c5f3b5fa0 RCX: 00007f3c5f18d3bc [ 653.839750][T15625] RDX: 000000000000000f RSI: 00007f3c5ff1f0a0 RDI: 0000000000000004 [ 653.839762][T15625] RBP: 00007f3c5ff1f090 R08: 0000000000000000 R09: 0000000000000000 [ 653.839773][T15625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.839784][T15625] R13: 0000000000000000 R14: 00007f3c5f3b5fa0 R15: 00007fffe9623e88 [ 653.839813][T15625] [ 654.206374][T15628] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 654.280591][T15630] FAULT_INJECTION: forcing a failure. [ 654.280591][T15630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 654.305963][T15630] CPU: 0 UID: 0 PID: 15630 Comm: syz.0.3092 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 654.305991][T15630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 654.306003][T15630] Call Trace: [ 654.306010][T15630] [ 654.306019][T15630] dump_stack_lvl+0x189/0x250 [ 654.306046][T15630] ? __pfx____ratelimit+0x10/0x10 [ 654.306070][T15630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.306092][T15630] ? __pfx__printk+0x10/0x10 [ 654.306115][T15630] ? __might_fault+0xb0/0x130 [ 654.306145][T15630] should_fail_ex+0x414/0x560 [ 654.306171][T15630] _copy_from_user+0x2d/0xb0 [ 654.306191][T15630] ___sys_sendmsg+0x158/0x2a0 [ 654.306214][T15630] ? __pfx____sys_sendmsg+0x10/0x10 [ 654.306269][T15630] ? __fget_files+0x2a/0x420 [ 654.306298][T15630] ? __fget_files+0x3a0/0x420 [ 654.306330][T15630] __sys_sendmmsg+0x227/0x430 [ 654.306354][T15630] ? __pfx___sys_sendmmsg+0x10/0x10 [ 654.306371][T15630] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 654.306420][T15630] ? ksys_write+0x22a/0x250 [ 654.306443][T15630] ? __pfx_ksys_write+0x10/0x10 [ 654.306461][T15630] ? rcu_is_watching+0x15/0xb0 [ 654.306488][T15630] __x64_sys_sendmmsg+0xa0/0xc0 [ 654.306509][T15630] do_syscall_64+0xfa/0x3b0 [ 654.306531][T15630] ? lockdep_hardirqs_on+0x9c/0x150 [ 654.306553][T15630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.306571][T15630] ? clear_bhb_loop+0x60/0xb0 [ 654.306592][T15630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.306609][T15630] RIP: 0033:0x7fbd1bb8e9a9 [ 654.306625][T15630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.306640][T15630] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 654.306659][T15630] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 654.306673][T15630] RDX: 0000000000000002 RSI: 0000200000004900 RDI: 0000000000000003 [ 654.306685][T15630] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 654.306697][T15630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.306708][T15630] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 654.306737][T15630] [ 654.773462][T15635] FAULT_INJECTION: forcing a failure. [ 654.773462][T15635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 654.803204][ T24] input: PS/2 Generic Mouse as /devices/serio3/input/input118 [ 654.858674][T15635] CPU: 1 UID: 0 PID: 15635 Comm: syz.0.3093 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 654.858702][T15635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 654.858713][T15635] Call Trace: [ 654.858721][T15635] [ 654.858729][T15635] dump_stack_lvl+0x189/0x250 [ 654.858757][T15635] ? __pfx____ratelimit+0x10/0x10 [ 654.858781][T15635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.858803][T15635] ? __pfx__printk+0x10/0x10 [ 654.858825][T15635] ? __might_fault+0xb0/0x130 [ 654.858856][T15635] should_fail_ex+0x414/0x560 [ 654.858882][T15635] strncpy_from_user+0x36/0x290 [ 654.858906][T15635] getname_flags+0xf3/0x540 [ 654.858928][T15635] __x64_sys_rename+0x6a/0x90 [ 654.858952][T15635] do_syscall_64+0xfa/0x3b0 [ 654.858973][T15635] ? lockdep_hardirqs_on+0x9c/0x150 [ 654.858994][T15635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.859015][T15635] ? clear_bhb_loop+0x60/0xb0 [ 654.859036][T15635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.859052][T15635] RIP: 0033:0x7fbd1bb8e9a9 [ 654.859068][T15635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.859082][T15635] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 654.859109][T15635] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 654.859123][T15635] RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 0000200000000500 [ 654.859136][T15635] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 654.859147][T15635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.859157][T15635] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 654.859181][T15635] [ 655.241100][ T24] psmouse serio3: Failed to enable mouse on [ 655.599483][T15657] netlink: 'syz.4.3100': attribute type 21 has an invalid length. [ 655.616167][T15657] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.3100'. [ 655.629292][ T9] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 655.809579][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 655.830843][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 655.853392][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 655.875481][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 655.885635][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 655.907727][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 655.926087][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 655.936471][ T6142] usb 5-1: new full-speed USB device number 97 using dummy_hcd [ 655.952143][ T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 655.969119][ T9] usb 1-1: Manufacturer: syz [ 655.977753][ T9] usb 1-1: config 0 descriptor?? [ 656.102293][ T6142] usb 5-1: not running at top speed; connect to a high speed hub [ 656.118192][ T6142] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 656.129424][ T6142] usb 5-1: config 1 interface 0 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 656.147494][ T6142] usb 5-1: config 1 interface 0 has no altsetting 0 [ 656.157628][ T6142] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 656.168773][ T6142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.177204][ T6142] usb 5-1: Product: 傗쐆읇㴨Ē㨩卋㟣慣屓뀉莗㱥⿢ﶉ画涳ꣿ㉡ﺍ㩺䁐൨ꃧ禅尦ܾ(혩砤ᡄ⦆皪︆航೎뼴䇨㒑徢鋛⩕农ᓊ菧둸⠫飈ᴊ矤ꪆղᱭ戱㵗蚹峥꥕筛ⷍ鵨췓ኽ젌曪꛶Ѻ겡ꩩ꫞聤㱄匊泎彰Ⲗ詬齄耏ꏥꛅ畖苶꡽측ӫ퐓췵欢벶ꤵ좕䊢䧐肕꟞⪌欃셞٘⩋ [ 656.211696][ T6142] usb 5-1: Manufacturer: ᧖䁏햱⯋領捑䐢琡㎳咕᲏⿧腉ꏸ댣荌겡漪鬼抸塤騚蝁嵻菼͖内ᑢ횲₴哅ⰺ팛异옥ﺪ挥캱ଣ嘵橊觽ᓎ☕嵟䵿甊㜟正鮿⻀ἦ䧚甧胃⹲䄖 [ 656.257427][ T6142] usb 5-1: SerialNumber: 殢삸쐒뻐} [ 656.288625][ T6142] usb 5-1: rejected 1 configuration due to insufficient available bus power [ 656.333832][ T6142] usb 5-1: no configuration chosen from 1 choice [ 656.359553][ T9] rc_core: IR keymap rc-hauppauge not found [ 656.379310][ T9] Registered IR keymap rc-empty [ 656.392792][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 656.419187][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 656.471630][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 656.535736][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input119 [ 656.574919][T15680] FAULT_INJECTION: forcing a failure. [ 656.574919][T15680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.599526][T15680] CPU: 1 UID: 0 PID: 15680 Comm: syz.1.3106 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 656.599551][T15680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 656.599561][T15680] Call Trace: [ 656.599569][T15680] [ 656.599577][T15680] dump_stack_lvl+0x189/0x250 [ 656.599602][T15680] ? __pfx____ratelimit+0x10/0x10 [ 656.599625][T15680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 656.599645][T15680] ? __pfx__printk+0x10/0x10 [ 656.599679][T15680] should_fail_ex+0x414/0x560 [ 656.599704][T15680] _copy_to_user+0x31/0xb0 [ 656.599725][T15680] simple_read_from_buffer+0xe1/0x170 [ 656.599752][T15680] proc_fail_nth_read+0x1b3/0x220 [ 656.599774][T15680] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 656.599795][T15680] ? rw_verify_area+0x2a6/0x4d0 [ 656.599813][T15680] ? __lock_acquire+0xab9/0xd20 [ 656.599828][T15680] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 656.599845][T15680] vfs_read+0x1fd/0x980 [ 656.599871][T15680] ? fdget_pos+0x247/0x320 [ 656.599890][T15680] ? __pfx___mutex_lock+0x10/0x10 [ 656.599912][T15680] ? __pfx_vfs_read+0x10/0x10 [ 656.599933][T15680] ? __fget_files+0x2a/0x420 [ 656.599956][T15680] ? __fget_files+0x3a0/0x420 [ 656.599973][T15680] ? __fget_files+0x2a/0x420 [ 656.599997][T15680] ksys_read+0x145/0x250 [ 656.600016][T15680] ? __pfx_ksys_read+0x10/0x10 [ 656.600032][T15680] ? __secure_computing+0xe2/0x2a0 [ 656.600055][T15680] do_syscall_64+0xfa/0x3b0 [ 656.600073][T15680] ? lockdep_hardirqs_on+0x9c/0x150 [ 656.600090][T15680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.600104][T15680] ? clear_bhb_loop+0x60/0xb0 [ 656.600121][T15680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.600135][T15680] RIP: 0033:0x7fa1ca18d3bc [ 656.600151][T15680] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 656.600163][T15680] RSP: 002b:00007fa1cb0d0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 656.600178][T15680] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18d3bc [ 656.600188][T15680] RDX: 000000000000000f RSI: 00007fa1cb0d00a0 RDI: 0000000000000006 [ 656.600197][T15680] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 656.600206][T15680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.600214][T15680] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 656.600236][T15680] [ 656.854843][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 656.862363][ C0] mceusb 1-1:0.0: short-range (0x5b) receiver active [ 656.909069][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 656.937559][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 656.998093][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.059279][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.119969][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.177870][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.225511][T15691] Invalid ELF header magic: != ELF [ 657.229092][T15689] netlink: 'syz.5.3107': attribute type 5 has an invalid length. [ 657.248051][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.288908][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.292870][T15689] nbd: nbd5 already in use [ 657.313286][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 657.369268][ T9] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 657.378357][ T9] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x5b active) [ 657.437678][ T9] usb 1-1: USB disconnect, device number 59 [ 658.249332][ T24] usb 2-1: new full-speed USB device number 96 using dummy_hcd [ 658.413787][ T24] usb 2-1: config 0 has an invalid interface number: 244 but max is 0 [ 658.422291][ T24] usb 2-1: config 0 has no interface number 0 [ 658.428438][ T24] usb 2-1: config 0 interface 244 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 658.448745][ T24] usb 2-1: config 0 interface 244 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 658.480997][ T24] usb 2-1: config 0 interface 244 altsetting 0 endpoint 0x84 has invalid maxpacket 1794, setting to 64 [ 658.505496][ T24] usb 2-1: config 0 interface 244 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 658.525700][ T24] usb 2-1: config 0 interface 244 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 658.551061][ T9] usb 5-1: USB disconnect, device number 97 [ 658.571874][ T24] usb 2-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=c6.c3 [ 658.582231][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.603098][ T24] usb 2-1: Product: syz [ 658.613526][ T24] usb 2-1: Manufacturer: syz [ 658.621948][ T24] usb 2-1: SerialNumber: syz [ 658.650231][ T24] usb 2-1: config 0 descriptor?? [ 658.670847][T15702] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 658.681628][ T24] iuu_phoenix 2-1:0.244: iuu_phoenix converter detected [ 658.715201][ T24] usb 2-1: iuu_phoenix converter now attached to ttyUSB0 [ 658.895836][T15702] fuse: Bad value for 'fd' [ 658.931654][T15710] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 658.945559][ T24] usb 2-1: USB disconnect, device number 96 [ 658.986476][ T24] iuu_phoenix ttyUSB0: iuu_phoenix converter now disconnected from ttyUSB0 [ 659.024524][ T24] iuu_phoenix 2-1:0.244: device disconnected [ 659.071458][T15714] FAULT_INJECTION: forcing a failure. [ 659.071458][T15714] name failslab, interval 1, probability 0, space 0, times 0 [ 659.091264][T15714] CPU: 0 UID: 0 PID: 15714 Comm: syz.0.3119 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 659.091290][T15714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 659.091300][T15714] Call Trace: [ 659.091308][T15714] [ 659.091316][T15714] dump_stack_lvl+0x189/0x250 [ 659.091343][T15714] ? __pfx____ratelimit+0x10/0x10 [ 659.091367][T15714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.091387][T15714] ? __pfx__printk+0x10/0x10 [ 659.091411][T15714] ? __pfx___might_resched+0x10/0x10 [ 659.091431][T15714] ? fs_reclaim_acquire+0x7d/0x100 [ 659.091456][T15714] should_fail_ex+0x414/0x560 [ 659.091481][T15714] should_failslab+0xa8/0x100 [ 659.091502][T15714] kmem_cache_alloc_noprof+0x73/0x3c0 [ 659.091519][T15714] ? security_file_alloc+0x34/0x330 [ 659.091543][T15714] security_file_alloc+0x34/0x330 [ 659.091564][T15714] init_file+0x93/0x2f0 [ 659.091584][T15714] alloc_empty_file+0x6e/0x1d0 [ 659.091602][T15714] path_openat+0x107/0x3830 [ 659.091620][T15714] ? arch_stack_walk+0xfc/0x150 [ 659.091665][T15714] ? kasan_save_track+0x4f/0x80 [ 659.091680][T15714] ? kasan_save_track+0x3e/0x80 [ 659.091694][T15714] ? __kasan_slab_alloc+0x6c/0x80 [ 659.091710][T15714] ? getname_flags+0xb8/0x540 [ 659.091725][T15714] ? __pfx_path_openat+0x10/0x10 [ 659.091741][T15714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.091777][T15714] do_filp_open+0x1fa/0x410 [ 659.091795][T15714] ? __lock_acquire+0xab9/0xd20 [ 659.091814][T15714] ? __pfx_do_filp_open+0x10/0x10 [ 659.091850][T15714] ? _raw_spin_unlock+0x28/0x50 [ 659.091869][T15714] ? alloc_fd+0x64c/0x6c0 [ 659.091907][T15714] do_sys_openat2+0x121/0x1c0 [ 659.091927][T15714] ? __pfx_do_sys_openat2+0x10/0x10 [ 659.091946][T15714] ? ksys_write+0x22a/0x250 [ 659.091969][T15714] ? __pfx_ksys_write+0x10/0x10 [ 659.091986][T15714] ? rcu_is_watching+0x15/0xb0 [ 659.092010][T15714] __x64_sys_openat+0x138/0x170 [ 659.092032][T15714] do_syscall_64+0xfa/0x3b0 [ 659.092054][T15714] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.092075][T15714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.092092][T15714] ? clear_bhb_loop+0x60/0xb0 [ 659.092113][T15714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.092129][T15714] RIP: 0033:0x7fbd1bb8d310 [ 659.092145][T15714] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 659.092160][T15714] RSP: 002b:00007fbd1c95cf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 659.092179][T15714] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fbd1bb8d310 [ 659.092192][T15714] RDX: 0000000000000002 RSI: 00007fbd1c95cfa0 RDI: 00000000ffffff9c [ 659.092204][T15714] RBP: 00007fbd1c95cfa0 R08: 0000000000000000 R09: 0000000000000000 [ 659.092215][T15714] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 659.092225][T15714] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 659.092252][T15714] [ 659.151690][T15717] FAULT_INJECTION: forcing a failure. [ 659.151690][T15717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 659.156051][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.401346][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.415255][T15717] CPU: 0 UID: 0 PID: 15717 Comm: syz.4.3120 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 659.415281][T15717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 659.415293][T15717] Call Trace: [ 659.415301][T15717] [ 659.415309][T15717] dump_stack_lvl+0x189/0x250 [ 659.415334][T15717] ? __pfx____ratelimit+0x10/0x10 [ 659.415357][T15717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.415379][T15717] ? __pfx__printk+0x10/0x10 [ 659.415414][T15717] should_fail_ex+0x414/0x560 [ 659.415439][T15717] _copy_to_user+0x31/0xb0 [ 659.415461][T15717] simple_read_from_buffer+0xe1/0x170 [ 659.415490][T15717] proc_fail_nth_read+0x1b3/0x220 [ 659.415513][T15717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 659.415535][T15717] ? rw_verify_area+0x2a6/0x4d0 [ 659.415555][T15717] ? __lock_acquire+0xab9/0xd20 [ 659.415573][T15717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 659.415593][T15717] vfs_read+0x1fd/0x980 [ 659.415611][T15717] ? fdget_pos+0x247/0x320 [ 659.415632][T15717] ? __pfx___mutex_lock+0x10/0x10 [ 659.415655][T15717] ? __pfx_vfs_read+0x10/0x10 [ 659.415677][T15717] ? __fget_files+0x2a/0x420 [ 659.415705][T15717] ? __fget_files+0x3a0/0x420 [ 659.415726][T15717] ? __fget_files+0x2a/0x420 [ 659.415757][T15717] ksys_read+0x145/0x250 [ 659.415777][T15717] ? __fget_files+0x3a0/0x420 [ 659.415800][T15717] ? __pfx_ksys_read+0x10/0x10 [ 659.415827][T15717] ? do_syscall_64+0xbe/0x3b0 [ 659.415854][T15717] do_syscall_64+0xfa/0x3b0 [ 659.415881][T15717] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.415903][T15717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.415921][T15717] ? clear_bhb_loop+0x60/0xb0 [ 659.415943][T15717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.415960][T15717] RIP: 0033:0x7f3c5f18d3bc [ 659.415976][T15717] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 659.415991][T15717] RSP: 002b:00007f3c5cff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 659.416010][T15717] RAX: ffffffffffffffda RBX: 00007f3c5f3b6080 RCX: 00007f3c5f18d3bc [ 659.416024][T15717] RDX: 000000000000000f RSI: 00007f3c5cff60a0 RDI: 0000000000000003 [ 659.416035][T15717] RBP: 00007f3c5cff6090 R08: 0000000000000000 R09: 0000000000000000 [ 659.416047][T15717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 659.416058][T15717] R13: 0000000000000001 R14: 00007f3c5f3b6080 R15: 00007fffe9623e88 [ 659.416087][T15717] [ 659.507339][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.751873][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.198589][ T24] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 660.317859][T15732] FAULT_INJECTION: forcing a failure. [ 660.317859][T15732] name failslab, interval 1, probability 0, space 0, times 0 [ 660.328351][ T24] usb 6-1: device descriptor read/64, error -71 [ 660.359020][T15732] CPU: 0 UID: 0 PID: 15732 Comm: syz.0.3126 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 660.359045][T15732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 660.359056][T15732] Call Trace: [ 660.359064][T15732] [ 660.359073][T15732] dump_stack_lvl+0x189/0x250 [ 660.359101][T15732] ? __pfx____ratelimit+0x10/0x10 [ 660.359124][T15732] ? __pfx_dump_stack_lvl+0x10/0x10 [ 660.359146][T15732] ? __pfx__printk+0x10/0x10 [ 660.359174][T15732] ? __pfx___might_resched+0x10/0x10 [ 660.359194][T15732] ? fs_reclaim_acquire+0x7d/0x100 [ 660.359220][T15732] should_fail_ex+0x414/0x560 [ 660.359247][T15732] should_failslab+0xa8/0x100 [ 660.359268][T15732] __kmalloc_noprof+0xcb/0x4f0 [ 660.359287][T15732] ? kfree+0x4d/0x440 [ 660.359301][T15732] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 660.359324][T15732] tomoyo_realpath_from_path+0xe3/0x5d0 [ 660.359356][T15732] tomoyo_check_open_permission+0x1c1/0x3b0 [ 660.359378][T15732] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 660.359396][T15732] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 660.359418][T15732] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 660.359438][T15732] ? ovl_iterate+0xdbd/0x1f40 [ 660.359491][T15732] ? lockref_get+0x15/0x60 [ 660.359515][T15732] ? tomoyo_file_open+0x165/0x220 [ 660.359539][T15732] security_file_open+0xb1/0x270 [ 660.359561][T15732] do_dentry_open+0x384/0x13f0 [ 660.359596][T15732] ? vfs_open+0x31/0x340 [ 660.359618][T15732] vfs_open+0x3b/0x340 [ 660.359638][T15732] dentry_open+0x61/0xa0 [ 660.359654][T15732] ovl_dir_read+0x85/0x5f0 [ 660.359683][T15732] ? __pfx_ovl_dir_read+0x10/0x10 [ 660.359701][T15732] ? ovl_path_upper+0x105/0x170 [ 660.359721][T15732] ? ovl_path_next+0x3b8/0x470 [ 660.359747][T15732] ovl_dir_read_merged+0x19d/0x360 [ 660.359769][T15732] ? __pfx_ovl_dir_read_merged+0x10/0x10 [ 660.359789][T15732] ? __pfx_ovl_fill_merge+0x10/0x10 [ 660.359816][T15732] ? __kasan_kmalloc+0x93/0xb0 [ 660.359837][T15732] ? ovl_iterate+0xcf6/0x1f40 [ 660.359861][T15732] ovl_iterate+0xdbd/0x1f40 [ 660.359879][T15732] ? __lock_acquire+0xab9/0xd20 [ 660.359913][T15732] ? __pfx_ovl_iterate+0x10/0x10 [ 660.359931][T15732] ? aa_file_perm+0x13e/0x11b0 [ 660.359964][T15732] ? __lock_acquire+0xab9/0xd20 [ 660.359994][T15732] ? wrap_directory_iterator+0x5a/0xe0 [ 660.360028][T15732] ? down_write+0x162/0x1f0 [ 660.360045][T15732] ? __pfx_down_write+0x10/0x10 [ 660.360063][T15732] ? wrap_directory_iterator+0x52/0xe0 [ 660.360084][T15732] ? __pfx_ovl_iterate+0x10/0x10 [ 660.360105][T15732] wrap_directory_iterator+0x93/0xe0 [ 660.360128][T15732] iterate_dir+0x396/0x570 [ 660.360153][T15732] __se_sys_getdents64+0xe4/0x260 [ 660.360177][T15732] ? __pfx___se_sys_getdents64+0x10/0x10 [ 660.360194][T15732] ? ksys_write+0x22a/0x250 [ 660.360212][T15732] ? __pfx_filldir64+0x10/0x10 [ 660.360234][T15732] ? __pfx_ksys_write+0x10/0x10 [ 660.360251][T15732] ? rcu_is_watching+0x15/0xb0 [ 660.360277][T15732] ? do_syscall_64+0xbe/0x3b0 [ 660.360303][T15732] do_syscall_64+0xfa/0x3b0 [ 660.360321][T15732] ? lockdep_hardirqs_on+0x9c/0x150 [ 660.360342][T15732] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.360358][T15732] ? clear_bhb_loop+0x60/0xb0 [ 660.360378][T15732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.360394][T15732] RIP: 0033:0x7fbd1bb8e9a9 [ 660.360411][T15732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.360425][T15732] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 660.360443][T15732] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 660.360456][T15732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 660.360466][T15732] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 660.360476][T15732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.360488][T15732] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 660.360517][T15732] [ 660.360525][T15732] ERROR: Out of memory at tomoyo_realpath_from_path. [ 660.588351][ T24] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 660.928286][ T24] usb 6-1: device descriptor read/64, error -71 [ 661.050485][ T24] usb usb6-port1: attempt power cycle [ 661.518179][ T24] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 661.552781][ T24] usb 6-1: device descriptor read/8, error -71 [ 661.726693][T15739] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 661.798234][ T24] usb 6-1: new low-speed USB device number 11 using dummy_hcd [ 661.841660][ T24] usb 6-1: device descriptor read/8, error -71 [ 661.937455][T15761] FAULT_INJECTION: forcing a failure. [ 661.937455][T15761] name failslab, interval 1, probability 0, space 0, times 0 [ 661.956443][ T24] usb usb6-port1: unable to enumerate USB device [ 661.987188][T15761] CPU: 0 UID: 0 PID: 15761 Comm: syz.1.3133 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 661.987221][T15761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 661.987231][T15761] Call Trace: [ 661.987240][T15761] [ 661.987248][T15761] dump_stack_lvl+0x189/0x250 [ 661.987276][T15761] ? __pfx____ratelimit+0x10/0x10 [ 661.987299][T15761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 661.987321][T15761] ? __pfx__printk+0x10/0x10 [ 661.987345][T15761] ? __pfx___might_resched+0x10/0x10 [ 661.987366][T15761] ? fs_reclaim_acquire+0x7d/0x100 [ 661.987392][T15761] should_fail_ex+0x414/0x560 [ 661.987419][T15761] should_failslab+0xa8/0x100 [ 661.987441][T15761] kmem_cache_alloc_noprof+0x73/0x3c0 [ 661.987459][T15761] ? security_file_alloc+0x34/0x330 [ 661.987483][T15761] security_file_alloc+0x34/0x330 [ 661.987505][T15761] init_file+0x93/0x2f0 [ 661.987526][T15761] alloc_empty_file+0x6e/0x1d0 [ 661.987545][T15761] path_openat+0x107/0x3830 [ 661.987564][T15761] ? arch_stack_walk+0xfc/0x150 [ 661.987613][T15761] ? kasan_save_track+0x4f/0x80 [ 661.987639][T15761] ? kasan_save_track+0x3e/0x80 [ 661.987654][T15761] ? __kasan_slab_alloc+0x6c/0x80 [ 661.987671][T15761] ? getname_flags+0xb8/0x540 [ 661.987688][T15761] ? __pfx_path_openat+0x10/0x10 [ 661.987705][T15761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.987743][T15761] do_filp_open+0x1fa/0x410 [ 661.987760][T15761] ? __lock_acquire+0xab9/0xd20 [ 661.987782][T15761] ? __pfx_do_filp_open+0x10/0x10 [ 661.987823][T15761] ? _raw_spin_unlock+0x28/0x50 [ 661.987844][T15761] ? alloc_fd+0x64c/0x6c0 [ 661.987877][T15761] do_sys_openat2+0x121/0x1c0 [ 661.987899][T15761] ? __pfx_do_sys_openat2+0x10/0x10 [ 661.987919][T15761] ? ksys_write+0x22a/0x250 [ 661.987942][T15761] ? __pfx_ksys_write+0x10/0x10 [ 661.987957][T15761] ? rcu_is_watching+0x15/0xb0 [ 661.987979][T15761] __x64_sys_open+0x11e/0x150 [ 661.987999][T15761] do_syscall_64+0xfa/0x3b0 [ 661.988020][T15761] ? lockdep_hardirqs_on+0x9c/0x150 [ 661.988040][T15761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.988057][T15761] ? clear_bhb_loop+0x60/0xb0 [ 661.988077][T15761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.988092][T15761] RIP: 0033:0x7fa1ca18e9a9 [ 661.988107][T15761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.988121][T15761] RSP: 002b:00007fa1cb0d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 661.988140][T15761] RAX: ffffffffffffffda RBX: 00007fa1ca3b5fa0 RCX: 00007fa1ca18e9a9 [ 661.988152][T15761] RDX: 0000000000000000 RSI: 0000000000129282 RDI: 00002000000000c0 [ 661.988163][T15761] RBP: 00007fa1cb0d0090 R08: 0000000000000000 R09: 0000000000000000 [ 661.988174][T15761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 661.988184][T15761] R13: 0000000000000000 R14: 00007fa1ca3b5fa0 R15: 00007ffcd7edfc38 [ 661.988212][T15761] [ 662.272225][ C0] vkms_vblank_simulate: vblank timer overrun [ 663.069400][T15786] input: syz0 as /devices/virtual/input/input120 [ 663.137370][T15788] FAULT_INJECTION: forcing a failure. [ 663.137370][T15788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 663.238175][T15788] CPU: 0 UID: 0 PID: 15788 Comm: syz.5.3142 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 663.238204][T15788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 663.238214][T15788] Call Trace: [ 663.238221][T15788] [ 663.238229][T15788] dump_stack_lvl+0x189/0x250 [ 663.238257][T15788] ? __pfx____ratelimit+0x10/0x10 [ 663.238293][T15788] ? __pfx_dump_stack_lvl+0x10/0x10 [ 663.238315][T15788] ? __pfx__printk+0x10/0x10 [ 663.238338][T15788] ? __might_fault+0xb0/0x130 [ 663.238369][T15788] should_fail_ex+0x414/0x560 [ 663.238396][T15788] _copy_from_user+0x2d/0xb0 [ 663.238416][T15788] input_event_from_user+0xb2/0x280 [ 663.238435][T15788] ? __pfx_input_event_from_user+0x10/0x10 [ 663.238459][T15788] ? input_event+0xc7/0xe0 [ 663.238481][T15788] uinput_write+0x279/0xfc0 [ 663.238510][T15788] ? __pfx_uinput_write+0x10/0x10 [ 663.238529][T15788] ? bpf_lsm_file_permission+0x9/0x20 [ 663.238546][T15788] ? security_file_permission+0x75/0x290 [ 663.238569][T15788] ? rw_verify_area+0x255/0x4d0 [ 663.238589][T15788] ? __lock_acquire+0xab9/0xd20 [ 663.238606][T15788] ? __pfx_uinput_write+0x10/0x10 [ 663.238624][T15788] vfs_write+0x27b/0xa90 [ 663.238653][T15788] ? __pfx_vfs_write+0x10/0x10 [ 663.238676][T15788] ? __fget_files+0x2a/0x420 [ 663.238701][T15788] ? __fget_files+0x2a/0x420 [ 663.238722][T15788] ? __fget_files+0x3a0/0x420 [ 663.238743][T15788] ? __fget_files+0x2a/0x420 [ 663.238774][T15788] ksys_write+0x145/0x250 [ 663.238797][T15788] ? __pfx_ksys_write+0x10/0x10 [ 663.238824][T15788] ? do_syscall_64+0xbe/0x3b0 [ 663.238850][T15788] do_syscall_64+0xfa/0x3b0 [ 663.238872][T15788] ? lockdep_hardirqs_on+0x9c/0x150 [ 663.238893][T15788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.238911][T15788] ? clear_bhb_loop+0x60/0xb0 [ 663.238932][T15788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.238948][T15788] RIP: 0033:0x7f9ece38e9a9 [ 663.238965][T15788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.238980][T15788] RSP: 002b:00007f9ecf17f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 663.239000][T15788] RAX: ffffffffffffffda RBX: 00007f9ece5b6080 RCX: 00007f9ece38e9a9 [ 663.239013][T15788] RDX: 000000000000045c RSI: 0000200000000500 RDI: 0000000000000003 [ 663.239025][T15788] RBP: 00007f9ecf17f090 R08: 0000000000000000 R09: 0000000000000000 [ 663.239036][T15788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.239046][T15788] R13: 0000000000000001 R14: 00007f9ece5b6080 R15: 00007ffc28cc63b8 [ 663.239076][T15788] [ 663.984863][T15791] overlayfs: failed to resolve './file0': -2 [ 664.327929][ T6142] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 664.467768][ T5917] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 664.502115][ T6142] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 664.521064][ T6142] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 664.549477][ T6142] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 664.568891][ T6142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 664.610800][ T6142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 664.654681][ T5917] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 664.696220][ T6142] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 664.705454][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.725403][ T6142] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 664.734386][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.747605][ T6142] usb 2-1: Product: syz [ 664.755318][ T6142] usb 2-1: Manufacturer: syz [ 664.775568][ T5917] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 664.801750][ T6142] cdc_wdm 2-1:1.0: skipping garbage [ 664.806989][ T6142] cdc_wdm 2-1:1.0: skipping garbage [ 664.823175][ T5917] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 664.839292][ T6142] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 664.845708][ T5917] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 664.868079][ T6142] cdc_wdm 2-1:1.0: Unknown control protocol [ 664.874708][ T5917] usb 6-1: Manufacturer: syz [ 664.895604][ T5917] usb 6-1: config 0 descriptor?? [ 665.030149][ T6142] usb 2-1: USB disconnect, device number 97 [ 665.065065][T15822] fuse: Unknown parameter 'L' [ 665.327343][T15800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.462366][T15800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.930366][ T5917] appleir 0003:05AC:8243.005B: unknown main item tag 0x0 [ 665.990370][ T5917] appleir 0003:05AC:8243.005B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 666.047366][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 666.047902][ T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 666.140440][ T9] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 666.237140][T15840] overlayfs: failed to resolve './file0': -2 [ 666.569306][T15853] overlayfs: missing 'workdir' [ 666.598404][T15849] kvm: user requested TSC rate below hardware speed [ 666.652205][T15849] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 666.818699][T15861] netlink: 'syz.4.3160': attribute type 1 has an invalid length. [ 666.835861][T15861] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3160'. [ 666.937227][ T5917] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 667.107184][ T5917] usb 2-1: Using ep0 maxpacket: 16 [ 667.120776][ T5917] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 667.139156][ T5917] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 667.173747][ T5917] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.192470][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 667.211436][ T5917] usb 2-1: SerialNumber: syz [ 667.237522][T12386] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 667.398016][T12386] usb 5-1: Using ep0 maxpacket: 16 [ 667.408604][ T120] usb 6-1: USB disconnect, device number 12 [ 667.436485][T12386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 667.453487][T12386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 667.478305][T15881] FAULT_INJECTION: forcing a failure. [ 667.478305][T15881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 667.497283][T12386] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 667.538508][T15881] CPU: 0 UID: 0 PID: 15881 Comm: syz.0.3163 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 667.538534][T15881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 667.538545][T15881] Call Trace: [ 667.538553][T15881] [ 667.538562][T15881] dump_stack_lvl+0x189/0x250 [ 667.538594][T15881] ? __pfx____ratelimit+0x10/0x10 [ 667.538617][T15881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 667.538640][T15881] ? __pfx__printk+0x10/0x10 [ 667.538662][T15881] ? __might_fault+0xb0/0x130 [ 667.538691][T15881] should_fail_ex+0x414/0x560 [ 667.538718][T15881] _copy_from_iter+0x1db/0x16f0 [ 667.538740][T15881] ? rcu_is_watching+0x15/0xb0 [ 667.538762][T15881] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 667.538784][T15881] ? __pfx__copy_from_iter+0x10/0x10 [ 667.538810][T15881] ? __build_skb_around+0x257/0x3e0 [ 667.538831][T15881] ? netlink_sendmsg+0x642/0xb30 [ 667.538852][T15881] ? skb_put+0x11b/0x210 [ 667.538873][T15881] netlink_sendmsg+0x6b2/0xb30 [ 667.538904][T15881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 667.538930][T15881] ? aa_sock_msg_perm+0xf1/0x1d0 [ 667.538955][T15881] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 667.538976][T15881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 667.538997][T15881] __sock_sendmsg+0x219/0x270 [ 667.539019][T15881] ____sys_sendmsg+0x505/0x830 [ 667.539040][T15881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 667.539065][T15881] ? import_iovec+0x74/0xa0 [ 667.539085][T15881] ___sys_sendmsg+0x21f/0x2a0 [ 667.539103][T15881] ? __pfx____sys_sendmsg+0x10/0x10 [ 667.539159][T15881] ? __fget_files+0x2a/0x420 [ 667.539180][T15881] ? __fget_files+0x3a0/0x420 [ 667.539209][T15881] __x64_sys_sendmsg+0x19b/0x260 [ 667.539229][T15881] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 667.539258][T15881] ? __pfx_ksys_write+0x10/0x10 [ 667.539277][T15881] ? rcu_is_watching+0x15/0xb0 [ 667.539302][T15881] ? do_syscall_64+0xbe/0x3b0 [ 667.539328][T15881] do_syscall_64+0xfa/0x3b0 [ 667.539348][T15881] ? lockdep_hardirqs_on+0x9c/0x150 [ 667.539369][T15881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.539387][T15881] ? clear_bhb_loop+0x60/0xb0 [ 667.539408][T15881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.539424][T15881] RIP: 0033:0x7fbd1bb8e9a9 [ 667.539440][T15881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.539455][T15881] RSP: 002b:00007fbd1c95d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 667.539475][T15881] RAX: ffffffffffffffda RBX: 00007fbd1bdb5fa0 RCX: 00007fbd1bb8e9a9 [ 667.539488][T15881] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 667.539500][T15881] RBP: 00007fbd1c95d090 R08: 0000000000000000 R09: 0000000000000000 [ 667.539511][T15881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 667.539522][T15881] R13: 0000000000000000 R14: 00007fbd1bdb5fa0 R15: 00007fffcf06eb98 [ 667.539549][T15881] [ 667.553552][T12386] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 667.765832][T15886] overlayfs: failed to resolve './file1': -2 [ 667.798025][T12386] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.879148][T12386] usb 5-1: config 0 descriptor?? [ 668.126663][T15895] /dev/rnullb0: Can't open blockdev [ 668.311163][T15865] /dev/rnullb0: Can't open blockdev [ 668.343761][T12386] input: HID 0955:7214 Haptics as /devices/virtual/input/input121 [ 668.366961][ T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 668.385017][ T9] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 668.462532][T15902] overlayfs: missing 'workdir' [ 668.550515][T12386] shield 0003:0955:7214.005C: Registered Thunderstrike controller [ 668.588209][T12386] shield 0003:0955:7214.005C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 668.692656][ T5854] shield 0003:0955:7214.005C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 668.708871][T12386] usb 5-1: USB disconnect, device number 98 [ 668.729821][ T5854] shield 0003:0955:7214.005C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 668.750717][ T5854] shield 0003:0955:7214.005C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 668.795245][ T5854] shield 0003:0955:7214.005C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 670.766921][ T51] Bluetooth: hci3: command 0x0405 tx timeout [ 670.773049][ T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 670.785157][ T9] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 672.292302][ T5917] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 672.309060][ T5917] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 672.315526][ T5917] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 672.926248][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 672.933526][ T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 672.946188][ T9] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 685.731680][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.738207][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.158051][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.165706][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 765.071126][ T31] INFO: task syz.2.2883:14990 blocked for more than 143 seconds. [ 765.081616][ T31] Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 [ 765.088749][ T31] Blocked by coredump. [ 765.094125][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 765.103095][ T31] task:syz.2.2883 state:D stack:25096 pid:14990 tgid:14990 ppid:13513 task_flags:0x40004c flags:0x00004000 [ 765.115421][ T31] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 765.118711][ T31] [ 765.122042][ T31] __schedule+0x1737/0x4d30 [ 765.126750][ T31] ? __lock_acquire+0xab9/0xd20 [ 765.132035][ T31] ? schedule+0x165/0x360 [ 765.136379][ T31] ? __lock_acquire+0xab9/0xd20 [ 765.144540][ T31] ? __pfx___schedule+0x10/0x10 [ 765.149435][ T31] ? schedule+0x91/0x360 [ 765.154055][ T31] schedule+0x165/0x360 [ 765.158229][ T31] schedule_preempt_disabled+0x13/0x30 [ 765.169597][ T31] rwsem_down_read_slowpath+0x5fd/0x8f0 [ 765.175994][ T31] ? rwsem_down_read_slowpath+0x4b8/0x8f0 [ 765.220993][ T31] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 765.227109][ T31] ? exit_mm+0xcc/0x2c0 [ 765.232902][ T31] ? __pfx_mm_release+0x10/0x10 [ 765.237779][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.264123][ T31] down_read+0x98/0x2e0 [ 765.268331][ T31] exit_mm+0xcc/0x2c0 [ 765.278958][ T31] ? __pfx_exit_mm+0x10/0x10 [ 765.287796][ T31] ? rcu_is_watching+0x15/0xb0 [ 765.292870][ T31] do_exit+0x648/0x2300 [ 765.297063][ T31] ? preempt_schedule_common+0x83/0xd0 [ 765.306987][ T31] ? preempt_schedule+0xae/0xc0 [ 765.314398][ T31] ? __pfx_do_exit+0x10/0x10 [ 765.319018][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 765.328334][ T31] do_group_exit+0x21c/0x2d0 [ 765.334211][ T31] __x64_sys_exit_group+0x3f/0x40 [ 765.339253][ T31] x64_sys_call+0x21f7/0x2200 [ 765.347821][ T31] do_syscall_64+0xfa/0x3b0 [ 765.352599][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.358675][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 765.368767][ T31] ? clear_bhb_loop+0x60/0xb0 [ 765.375043][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.384688][ T31] RIP: 0033:0x7f750178e9a9 [ 765.389123][ T31] RSP: 002b:00007ffc0bd311f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 765.398176][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f750178e9a9 [ 765.409945][ T31] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 765.418248][ T31] RBP: 00007ffc0bd3125c R08: 000000090bd312ef R09: 0000000000000044 [ 765.429995][ T31] R10: 00000000000000c4 R11: 0000000000000246 R12: 000000000000005d [ 765.438269][ T31] R13: 0000000000000044 R14: 0000000000095de3 R15: 00007ffc0bd312b0 [ 765.446561][ T31] [ 765.449614][ T31] INFO: task syz.2.2883:14991 blocked for more than 143 seconds. [ 765.462558][ T31] Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 [ 765.469671][ T31] Blocked by coredump. [ 765.474639][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 765.486493][ T31] task:syz.2.2883 state:D stack:23784 pid:14991 tgid:14990 ppid:13513 task_flags:0x40054c flags:0x00004000 [ 765.499614][ T31] Call Trace: [ 765.506700][ T31] [ 765.509651][ T31] __schedule+0x1737/0x4d30 [ 765.514576][ T31] ? __lock_acquire+0xab9/0xd20 [ 765.519447][ T31] ? schedule+0x165/0x360 [ 765.527653][ T31] ? __lock_acquire+0xab9/0xd20 [ 765.534772][ T31] ? __pfx___schedule+0x10/0x10 [ 765.539661][ T31] ? schedule+0x91/0x360 [ 765.547843][ T31] schedule+0x165/0x360 [ 765.553970][ T31] schedule_preempt_disabled+0x13/0x30 [ 765.559448][ T31] rwsem_down_read_slowpath+0x5fd/0x8f0 [ 765.569069][ T31] ? rwsem_down_read_slowpath+0x4b8/0x8f0 [ 765.575123][ T31] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 765.585252][ T31] ? exit_mm+0xcc/0x2c0 [ 765.589441][ T31] ? __pfx_mm_release+0x10/0x10 [ 765.595070][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.600305][ T31] down_read+0x98/0x2e0 [ 765.608546][ T31] exit_mm+0xcc/0x2c0 [ 765.612834][ T31] ? __pfx_exit_mm+0x10/0x10 [ 765.617444][ T31] ? rcu_is_watching+0x15/0xb0 [ 765.622565][ T31] do_exit+0x648/0x2300 [ 765.626741][ T31] ? cgroup_freezing+0x20/0x350 [ 765.632014][ T31] ? __pfx_do_exit+0x10/0x10 [ 765.636637][ T31] ? cgroup_freezing+0x20/0x350 [ 765.643648][ T31] ? cgroup_freezing+0x20/0x350 [ 765.648524][ T31] do_group_exit+0x21c/0x2d0 [ 765.653543][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.658759][ T31] get_signal+0x1286/0x1340 [ 765.663727][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 765.669295][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 765.675854][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 765.681578][ T31] exit_to_user_mode_loop+0x75/0x110 [ 765.686873][ T31] do_syscall_64+0x2bd/0x3b0 [ 765.691888][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.697102][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.703616][ T31] ? clear_bhb_loop+0x60/0xb0 [ 765.708320][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.714689][ T31] RIP: 0033:0x7f750178e9a9 [ 765.719117][ T31] RSP: 002b:00007f74ff5f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 765.727930][ T31] RAX: fffffffffffffe00 RBX: 00007f75019b5fa8 RCX: 00007f750178e9a9 [ 765.736467][ T31] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f75019b5fa8 [ 765.744690][ T31] RBP: 00007f75019b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 765.753747][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75019b5fac [ 765.762902][ T31] R13: 0000000000000000 R14: 00007ffc0bd30db0 R15: 00007ffc0bd30e98 [ 765.772065][ T31] [ 765.775186][ T31] [ 765.775186][ T31] Showing all locks held in the system: [ 765.790835][ T31] 4 locks held by kworker/0:0/9: [ 765.795798][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 765.908782][ T31] #1: ffffc900000e7bc0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 765.923628][ T31] #2: ffffffff8fc15b08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180 [ 765.933229][ T31] #3: ffff88806ad9a100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 765.947376][ T31] 1 lock held by khungtaskd/31: [ 765.952379][ T31] #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 765.962436][ T31] 4 locks held by kworker/u8:3/44: [ 765.967551][ T31] #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 765.977589][ T31] #1: ffff8880b8724008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 765.988208][ T31] #2: ffff8880b8725918 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 [ 765.997300][ T31] #3: ffffffff9a0f5a48 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420 [ 766.007696][ T31] 2 locks held by getty/5607: [ 766.012701][ T31] #0: ffff88814caca0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 766.022778][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 766.033300][ T31] 3 locks held by kworker/0:5/5938: [ 766.038499][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 766.049914][ T31] #1: ffffc900046c7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 766.063827][ T31] #2: ffffffff8fc15b08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 766.075561][ T31] 1 lock held by syz.2.2883/14990: [ 766.080990][ T31] #0: ffff88807d35a220 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 [ 766.089819][ T31] 1 lock held by syz.2.2883/14991: [ 766.097482][ T31] #0: ffff88807d35a220 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 [ 766.110418][ T31] 2 locks held by syz.2.2883/15003: [ 766.115636][ T31] 2 locks held by syz.4.3129/15748: [ 766.124440][ T31] #0: ffff88806ad9a100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 766.134362][ T31] #1: ffffffff8fc15b08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 766.148294][ T31] 3 locks held by syz.1.3159/15856: [ 766.153557][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.165633][ T31] #1: ffff888031880100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 766.176242][ T31] #2: ffffffff8fc15b08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 766.189776][ T31] 1 lock held by syz.5.3164/15875: [ 766.195861][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.210318][ T31] 1 lock held by syz.4.3173/15919: [ 766.215505][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.229536][ T31] 1 lock held by syz.0.3174/15925: [ 766.234722][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.246766][ T31] 1 lock held by syz.0.3174/15926: [ 766.251980][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.264038][ T31] 1 lock held by syz-executor/15928: [ 766.269334][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.277897][ T31] 1 lock held by syz-executor/15930: [ 766.287805][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.296383][ T31] 1 lock held by syz-executor/15932: [ 766.306161][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.317085][ T31] 1 lock held by syz-executor/15935: [ 766.326021][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.336497][ T31] 1 lock held by syz-executor/15943: [ 766.345386][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.354008][ T31] 1 lock held by syz-executor/15945: [ 766.359503][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.371817][ T31] 1 lock held by syz-executor/15947: [ 766.377115][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.387108][ T31] 1 lock held by syz-executor/15949: [ 766.395805][ T31] #0: ffffffff8edd8d08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 766.406309][ T31] [ 766.408662][ T31] ============================================= [ 766.408662][ T31] [ 766.420779][ T31] NMI backtrace for cpu 1 [ 766.420795][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 766.420816][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 766.420827][ T31] Call Trace: [ 766.420836][ T31] [ 766.420844][ T31] dump_stack_lvl+0x189/0x250 [ 766.420873][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 766.420895][ T31] ? __pfx__printk+0x10/0x10 [ 766.420929][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 766.420952][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 766.420975][ T31] ? __pfx__printk+0x10/0x10 [ 766.421012][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 766.421034][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 766.421057][ T31] watchdog+0xf93/0xfe0 [ 766.421081][ T31] ? watchdog+0x1de/0xfe0 [ 766.421104][ T31] kthread+0x70e/0x8a0 [ 766.421130][ T31] ? __pfx_watchdog+0x10/0x10 [ 766.421147][ T31] ? __pfx_kthread+0x10/0x10 [ 766.421170][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 766.421192][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 766.421212][ T31] ? __pfx_kthread+0x10/0x10 [ 766.421234][ T31] ret_from_fork+0x3f9/0x770 [ 766.421256][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 766.421282][ T31] ? __switch_to_asm+0x39/0x70 [ 766.421297][ T31] ? __switch_to_asm+0x33/0x70 [ 766.421312][ T31] ? __pfx_kthread+0x10/0x10 [ 766.421335][ T31] ret_from_fork_asm+0x1a/0x30 [ 766.421365][ T31] [ 766.421373][ T31] Sending NMI from CPU 1 to CPUs 0: [ 766.574931][ C0] NMI backtrace for cpu 0 [ 766.574948][ C0] CPU: 0 UID: 0 PID: 15003 Comm: syz.2.2883 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 766.574967][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 766.574976][ C0] RIP: 0010:kasan_check_range+0x9f/0x2c0 [ 766.574999][ C0] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd [ 766.575012][ C0] RSP: 0018:ffffc90003ffea80 EFLAGS: 00000246 [ 766.575027][ C0] RAX: 1ffff920007ffd01 RBX: ffffffffffffffff RCX: ffffffff81730d88 [ 766.575040][ C0] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc90003ffebf8 [ 766.575050][ C0] RBP: 0000000000000000 R08: ffffc90003ffec07 R09: 1ffff920007ffd80 [ 766.575061][ C0] R10: dffffc0000000000 R11: fffff520007ffd80 R12: 0000000000000002 [ 766.575072][ C0] R13: ffffc90003ffebf8 R14: fffff520007ffd81 R15: 1ffff920007ffd7f [ 766.575084][ C0] FS: 00007f74ff5d56c0(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000 [ 766.575098][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 766.575109][ C0] CR2: 000055f6d8c47fb0 CR3: 000000005fb3c000 CR4: 00000000003526f0 [ 766.575123][ C0] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000 [ 766.575133][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 766.575143][ C0] Call Trace: [ 766.575149][ C0] [ 766.575158][ C0] __asan_memset+0x22/0x50 [ 766.575178][ C0] unwind_next_frame+0xc98/0x2390 [ 766.575200][ C0] ? unwind_next_frame+0xa5/0x2390 [ 766.575217][ C0] ? do_vmi_align_munmap+0x2a7/0x420 [ 766.575244][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 766.575264][ C0] arch_stack_walk+0x11c/0x150 [ 766.575284][ C0] ? do_vmi_munmap+0x253/0x2e0 [ 766.575304][ C0] stack_trace_save+0x9c/0xe0 [ 766.575321][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 766.575340][ C0] ? mas_update_gap+0x237/0xac0 [ 766.575358][ C0] kasan_save_stack+0x3e/0x60 [ 766.575372][ C0] ? kasan_save_stack+0x3e/0x60 [ 766.575384][ C0] ? kasan_record_aux_stack+0xbd/0xd0 [ 766.575401][ C0] ? call_rcu+0x157/0x9c0 [ 766.575418][ C0] ? mas_wr_store_entry+0x1f1b/0x25b0 [ 766.575434][ C0] ? mas_store_gfp+0x7b1/0x860 [ 766.575450][ C0] ? do_vmi_align_munmap+0x2a7/0x420 [ 766.575490][ C0] kasan_record_aux_stack+0xbd/0xd0 [ 766.575508][ C0] ? __pfx_mt_free_rcu+0x10/0x10 [ 766.575521][ C0] call_rcu+0x157/0x9c0 [ 766.575536][ C0] ? __lock_acquire+0xab9/0xd20 [ 766.575557][ C0] ? __pfx_call_rcu+0x10/0x10 [ 766.575572][ C0] ? __lock_acquire+0xab9/0xd20 [ 766.575589][ C0] ? mas_replace_node+0x472/0x7b0 [ 766.575606][ C0] mas_wr_store_entry+0x1f1b/0x25b0 [ 766.575635][ C0] ? __pfx_mas_wr_store_entry+0x10/0x10 [ 766.575651][ C0] ? arch_stack_walk+0xfc/0x150 [ 766.575674][ C0] ? stack_trace_save+0x9c/0xe0 [ 766.575694][ C0] ? stack_depot_save_flags+0x40/0x900 [ 766.575716][ C0] ? kasan_save_track+0x4f/0x80 [ 766.575729][ C0] ? kasan_save_track+0x3e/0x80 [ 766.575741][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 766.575755][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 766.575770][ C0] ? mas_alloc_nodes+0x2e9/0x8e0 [ 766.575786][ C0] ? mas_store_gfp+0x46c/0x860 [ 766.575802][ C0] ? do_vmi_align_munmap+0x2a7/0x420 [ 766.575819][ C0] ? do_vmi_munmap+0x253/0x2e0 [ 766.575835][ C0] ? do_munmap+0xe1/0x140 [ 766.575849][ C0] ? mremap_to+0x2df/0x7a0 [ 766.575866][ C0] ? __se_sys_mremap+0xa0b/0xef0 [ 766.575882][ C0] ? do_syscall_64+0xfa/0x3b0 [ 766.575900][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.575941][ C0] ? mas_alloc_nodes+0x3a6/0x8e0 [ 766.575963][ C0] mas_store_gfp+0x7b1/0x860 [ 766.575985][ C0] ? __pfx_mas_store_gfp+0x10/0x10 [ 766.576007][ C0] ? __mas_set_range+0x12f/0x3c0 [ 766.576023][ C0] do_vmi_align_munmap+0x2a7/0x420 [ 766.576050][ C0] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 766.576081][ C0] do_vmi_munmap+0x253/0x2e0 [ 766.576102][ C0] do_munmap+0xe1/0x140 [ 766.576118][ C0] ? __pfx_do_munmap+0x10/0x10 [ 766.576136][ C0] ? bpf_lsm_mmap_addr+0x9/0x20 [ 766.576150][ C0] ? security_mmap_addr+0x71/0x270 [ 766.576172][ C0] mremap_to+0x2df/0x7a0 [ 766.576193][ C0] ? __pfx_mremap_to+0x10/0x10 [ 766.576213][ C0] ? check_prep_vma+0x740/0xae0 [ 766.576241][ C0] __se_sys_mremap+0xa0b/0xef0 [ 766.576269][ C0] ? __pfx___se_sys_mremap+0x10/0x10 [ 766.576293][ C0] ? exc_page_fault+0x76/0xf0 [ 766.576312][ C0] ? do_user_addr_fault+0xc8a/0x1390 [ 766.576330][ C0] ? do_syscall_64+0xbe/0x3b0 [ 766.576347][ C0] ? __x64_sys_mremap+0x20/0xc0 [ 766.576366][ C0] do_syscall_64+0xfa/0x3b0 [ 766.576383][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 766.576401][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.576416][ C0] ? clear_bhb_loop+0x60/0xb0 [ 766.576432][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.576446][ C0] RIP: 0033:0x7f750178e9a9 [ 766.576460][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 766.576472][ C0] RSP: 002b:00007f74ff5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 766.576487][ C0] RAX: ffffffffffffffda RBX: 00007f75019b6080 RCX: 00007f750178e9a9 [ 766.576499][ C0] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 00002000007ff000 [ 766.576509][ C0] RBP: 00007f7501810d69 R08: 0000200000580000 R09: 0000000000000000 [ 766.576520][ C0] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 766.576529][ C0] R13: 0000000000000001 R14: 00007f75019b6080 R15: 00007ffc0bd30e98 [ 766.576547][ C0] [ 767.128269][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 767.135119][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 767.146404][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 767.156465][ T31] Call Trace: [ 767.159747][ T31] [ 767.162677][ T31] dump_stack_lvl+0x99/0x250 [ 767.167279][ T31] ? __asan_memcpy+0x40/0x70 [ 767.171883][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 767.177084][ T31] ? __pfx__printk+0x10/0x10 [ 767.181702][ T31] vpanic+0x281/0x750 [ 767.185687][ T31] ? __pfx_vpanic+0x10/0x10 [ 767.190188][ T31] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 767.195737][ T31] ? preempt_schedule+0xae/0xc0 [ 767.200596][ T31] ? preempt_schedule_common+0x83/0xd0 [ 767.206068][ T31] panic+0xb9/0xc0 [ 767.209791][ T31] ? __pfx_panic+0x10/0x10 [ 767.214208][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 767.219586][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 767.225744][ T31] watchdog+0xfd2/0xfe0 [ 767.229923][ T31] ? watchdog+0x1de/0xfe0 [ 767.234262][ T31] kthread+0x70e/0x8a0 [ 767.238346][ T31] ? __pfx_watchdog+0x10/0x10 [ 767.243023][ T31] ? __pfx_kthread+0x10/0x10 [ 767.247706][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 767.252912][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 767.258115][ T31] ? __pfx_kthread+0x10/0x10 [ 767.262714][ T31] ret_from_fork+0x3f9/0x770 [ 767.267312][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 767.272435][ T31] ? __switch_to_asm+0x39/0x70 [ 767.277199][ T31] ? __switch_to_asm+0x33/0x70 [ 767.281962][ T31] ? __pfx_kthread+0x10/0x10 [ 767.286566][ T31] ret_from_fork_asm+0x1a/0x30 [ 767.291346][ T31] [ 767.294622][ T31] Kernel Offset: disabled [ 767.298937][ T31] Rebooting in 86400 seconds..