last executing test programs: 17.394739024s ago: executing program 0 (id=900): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000340)=""/222, 0xde}], 0x1}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="8401000017"], 0x184}}, 0x0) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='cpuset\x00', 0x2028000, 0x0) 17.366844042s ago: executing program 0 (id=902): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 6) 16.806699601s ago: executing program 0 (id=904): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r1, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x20}}, 0x0) mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ext2\x00', 0x200000, 0x0) 16.609435994s ago: executing program 0 (id=910): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socketpair(0x6, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r4, {0x7, 0x9, 0x0, 0x31008003, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r5}, 0x10) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r6, r3, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x85402, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x12, r7, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000a40)={'wlan0\x00', 0x0}) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getenv(0x4201, r9, 0x0, &(0x7f0000000080)) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, r11, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) madvise(&(0x7f0000304000/0x2000)=nil, 0x2000, 0x4) r12 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r12, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}}) ioctl$sock_inet_SIOCSIFADDR(r12, 0x8916, &(0x7f0000001040)={'lo\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x36}}}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)={0x38, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x0, 0x7}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}]]}, 0x38}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) socket$igmp6(0xa, 0x3, 0x2) 16.243839878s ago: executing program 0 (id=912): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 7) 15.880538517s ago: executing program 0 (id=918): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0) read$nci(r0, &(0x7f0000000100)=""/107, 0x6b) (async) write$nci(r0, 0x0, 0x4) (async) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) (async) sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x88, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x0) (async) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f00000000c0)=0x8000000000000000) (async) r3 = socket$can_bcm(0x1d, 0x2, 0x2) r4 = socket(0xa, 0x1, 0x0) ioctl(r4, 0x100, &(0x7f0000000000)) (async) connect$can_bcm(r3, &(0x7f00000005c0), 0x10) (async) recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x10002, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) (async, rerun: 64) mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) (rerun: 64) 15.48632461s ago: executing program 32 (id=918): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0) read$nci(r0, &(0x7f0000000100)=""/107, 0x6b) (async) write$nci(r0, 0x0, 0x4) (async) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) (async) sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x88, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x0) (async) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f00000000c0)=0x8000000000000000) (async) r3 = socket$can_bcm(0x1d, 0x2, 0x2) r4 = socket(0xa, 0x1, 0x0) ioctl(r4, 0x100, &(0x7f0000000000)) (async) connect$can_bcm(r3, &(0x7f00000005c0), 0x10) (async) recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x10002, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) (async, rerun: 64) mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) (rerun: 64) 5.693415849s ago: executing program 4 (id=961): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x2) accept$phonet_pipe(r2, &(0x7f0000000180), &(0x7f00000001c0)=0x10) r3 = dup3(r2, r0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1600) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 5.502364456s ago: executing program 4 (id=964): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) cachestat(r0, &(0x7f0000000000)={0x10, 0x9}, 0x0, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r1, 0x0) r2 = socket(0x15, 0x5, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[]) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000001b40)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0x100000001, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$sock(r7, &(0x7f0000000740)={&(0x7f00000001c0)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@timestamping={{0x10, 0x1, 0x4f, 0x1}}], 0x10}, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, 0x0, 0xa) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) dup2(r8, r6) recvmsg(r1, 0x0, 0x40) 4.61411145s ago: executing program 4 (id=969): r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0) sendfile(r2, r2, 0x0, 0x9) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000000)={0x30, r3, 0x1, 0x70bd2a, 0x25dfdbf5, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x7}]}]}, 0x30}}, 0x40084) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r5, 0xc0709411, &(0x7f00000002c0)={{0x0, 0x7, 0xd9, 0x10, 0x6, 0x9, 0x7, 0xad, 0x7a094f89, 0x2, 0x8, 0x9, 0x3, 0xefd, 0x1ff}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$VHOST_SET_FEATURES(r5, 0x4008af83, &(0x7f0000000040)) mount(&(0x7f0000000000)=@sr0, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='jffs2\x00', 0x200482, 0x0) listxattr(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000180)=""/67, 0x43) 4.383152783s ago: executing program 4 (id=970): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0xf0ffffff, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 4.072925715s ago: executing program 4 (id=972): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, 0x0, &(0x7f0000000200)={0x0, 0xa, 0x1, 0xf}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000002c0)={0x20, 0x81, 0x3, "29ea6f"}, &(0x7f0000000300)={0x20, 0x82, 0x1, ','}, &(0x7f0000000340)={0x20, 0x83, 0x3, "f08bad"}, &(0x7f0000000380)={0x20, 0x84, 0x1, 'W'}, &(0x7f00000003c0)={0x20, 0x85, 0x3, "d0a847"}}) 3.770606623s ago: executing program 3 (id=974): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder1\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x9) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'team_slave_0\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x32, 0x11, 0x1, {0xa, @udp_ip4_spec={@rand_addr=0x64010101, @multicast1, 0x4e21, 0x4e22, 0x5d}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5, 0xfb44, [0x5, 0x9]}, @esp_ip4_spec={@local, @private=0xa010100, 0x9}, {0x0, @broadcast, 0x8, 0x3ff, [0x2]}, 0x4, 0x2}}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x201000c, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) bind$netlink(r4, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbf8, 0x1000000}, 0x13) move_mount(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', r2, &(0x7f0000000200)='./file0\x00', 0x0) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="030300000000fcffffff0c00000008000300", @ANYRES32=r6, @ANYBLOB="44705854fcbe5d9f34308a9625652bd57cc68d0050ea24286ee17868a81606f15a0bd6652d5f73ad22526bf634bb4bc1c9a9e64b"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x12, r4, 0x0) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r8, 0x0, 0x40, &(0x7f0000000080)="8c5d7b87b32ecae06a01000000364ab911d8c33439477a7591f6914e91c6821ee7163f8ae1896184d48797997716158aad89f66dd67480ce8ff178ef748cfcdcf54127d5ff9767719df8b5c6ee52a3031395cbcaebf10a3b7cddafa2c0fa6aa2", 0x60) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNAPSHOT_S2RAM(r4, 0x330b) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r9, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="130300000007fddbdf250f"], 0x14}, 0x1, 0x0, 0x0, 0xc8c5}, 0x4852) r11 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000bc0), 0x40002, 0x0) ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0}) 2.008140901s ago: executing program 2 (id=982): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000100)={0xffffffffffffffdf, 0x0}) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x8001, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x40, 0x8, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r2, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r3) sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x24, r4, 0x207, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x200040c0}, 0x880) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x50b880, 0x0) mmap(&(0x7f000078a000/0x11000)=nil, 0x11000, 0x5a051feb1e984a1d, 0x202812, r5, 0x7dfff000) 1.92238863s ago: executing program 1 (id=983): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x8}) (async, rerun: 32) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (rerun: 32) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) writev(r1, &(0x7f00000006c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f00000002c0)="8d09327c", 0x4}, {&(0x7f0000000100)="b03ef9880b815221ff28eac1d4f49bcad59f71c0ef", 0x15}], 0x3) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000001c0)="66b9800000c00f326635004000000f300f2335660f38049408a06766c74424000f5200006766c7442402008000006766c744240600000000670f011c2467260f7938360f01c30f20d86635200000000f22d8360f302e0f01b400000f01c9", 0x5e}], 0x1, 0x0, 0x0, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103000000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad000905"], 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000280)={0x3, 0x6}, 0x4) (async, rerun: 64) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x80, 0x1c, {0x3, 0x2070, 0x1000, 0x9, 0x4, 0x8000, 0xfffd, 0x8, 0x3906, 0xfffc, 0x401, 0xfb}}, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) (async, rerun: 32) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async, rerun: 64) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async, rerun: 64) preadv(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1, 0x4, 0x1ff) (async) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async) recvmmsg(r5, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}], 0x1}, 0x101}], 0x4, 0x40010020, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="320200007d01000005f1000000000400000000000000040000000000000000000000000000000000000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05"], 0x232) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) (async) ptrace$poke(0x5, r7, &(0x7f0000000080), 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r4, 0x93774000) 1.878700536s ago: executing program 2 (id=984): iopl(0x3) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, 0x0}) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz0\x00', 0x200002, 0x0) syz_clone3(&(0x7f0000000380)={0x4080, 0x0, 0x0, 0x0, {0x9}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r0], 0x0, {r1}}, 0x58) (async) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x12c8405, 0x0) (async) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000780)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) (async) llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async) r3 = syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r3, 0xc0485630, &(0x7f0000000100)={0x6, "39f0fe4ce3202112398d33700c4455cec9acc39ba4c172b849aea3960f589bcb"}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff}) socket$kcm(0x29, 0x7, 0x0) (async) ioctl$DRM_IOCTL_GEM_CLOSE(r4, 0x40086409, &(0x7f00000000c0)) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r5, 0xc01064c7, &(0x7f0000000300)={0x21, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0]}) (async) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f00000001c0)) 1.83687712s ago: executing program 1 (id=985): r0 = socket(0x8000000010, 0x80808, 0x957) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x2d, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000040)={0x2d, 0x0, 0x7ffe}, 0xc) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r2) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x14, r4, 0x5, 0x0, 0x0, {0x22}}, 0x14}}, 0x4000000) r5 = syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x44801) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000800", [0x0, 0x2000000000001]}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb8}}, 0x0) write(r0, &(0x7f00000004c0)="fc0000001c000704ab5b2509b868030003ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400604033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177332e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd5339ec2a0f0d1bcae5fa0f5fcbbc7bc190bd06a76a715498fe9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd64338034a084f2013cd1890058a10000c880ac801fe4af", 0xfc) mount(&(0x7f0000000000)=@sg0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x209802, 0x0) 1.782448603s ago: executing program 2 (id=986): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648d000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r1, 0x11}}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000011c0)=ANY=[@ANYRES8=0x0]) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={0x0, 0x102000, 0x1800, 0x0, 0x2}, 0x20) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000200)='.\x02\x00', 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) accept$alg(0xffffffffffffffff, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.683638849s ago: executing program 1 (id=987): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x40000047ffffe, 0x1a2c42) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e770a00000000000000930606f9000000000f000000000600"}}) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) write$P9_RVERSION(r3, &(0x7f0000000040)=ANY=[], 0x15) read$FUSE(r0, &(0x7f0000003240)={0x2020}, 0x2020) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_msfilter(r4, 0x0, 0x29, 0x0, 0x2ff00) mkdirat(r0, &(0x7f0000000000)='./cgroup\x00', 0x4) mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0) 1.577704731s ago: executing program 2 (id=988): creat(&(0x7f0000000040)='./file0\x00', 0x12c) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x23f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x10, 0x1, [{{0x9, 0x4, 0x0, 0xab, 0x1, 0x3, 0x1, 0x2, 0x6f, {0x9, 0x21, 0x4, 0xf9, 0x1, {0x22, 0x9a8}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x4}}}}}]}}]}}, 0x0) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x12c) (async) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x23f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x10, 0x1, [{{0x9, 0x4, 0x0, 0xab, 0x1, 0x3, 0x1, 0x2, 0x6f, {0x9, 0x21, 0x4, 0xf9, 0x1, {0x22, 0x9a8}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x4}}}}}]}}]}}, 0x0) (async) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0) (async) 1.346647208s ago: executing program 1 (id=989): r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980912, 0x0, '\x00', @string=0x0}}) r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') mount(&(0x7f0000000180)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='bfs\x00', 0x208003, 0x0) 1.31350993s ago: executing program 1 (id=990): bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1.208568439s ago: executing program 1 (id=991): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) fadvise64(r0, 0x92, 0x5, 0x2) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000440)=0xe) mmap(&(0x7f0000879000/0x2000)=nil, 0x2000, 0x100000c, 0x30, r0, 0xa613b000) pipe2$9p(&(0x7f0000000000), 0x84000) 698.611491ms ago: executing program 3 (id=992): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4c, 0x200000000000000, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 635.256722ms ago: executing program 4 (id=993): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x48c}) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x20800, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0x6) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f00000044c0)={0xc, r4}) r5 = syz_open_dev$loop(&(0x7f0000000180), 0xfffffffffffffffe, 0x10000) r6 = signalfd4(r5, &(0x7f00000000c0)={[0xd5]}, 0x8, 0x80c00) read$FUSE(r6, &(0x7f0000001180)={0x2020}, 0x2020) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x111000, 0x0) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r7, 0x3b72, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000200000000000000000000800006f84572443462bb2db80083d3298a2bbabf1dfcc3c7bfb6357b5c76b890a4a49d1f79cd10e6f98a9b11f80c7bcb4d9e56fc05475c8b774f0d380d11b0a554405083c224d3a7a826f4cd8395e182fc953d58c24ddae480fe802236e606927b95494b997558d3b05a04b7b4a3fbf444acd3db79e34e3a47c4062008472945f22f34b41a3bf0e69e1d1e"]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r1, 0x2000) socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x93774000) 616.637904ms ago: executing program 3 (id=994): mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x1) mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001440)='./file0\x00', &(0x7f0000000080)='romfs\x00', 0x208ac00, 0x0) 454.569798ms ago: executing program 3 (id=995): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x1) fchdir(r2) ioctl$PTP_PEROUT_REQUEST(r2, 0x40383d03, &(0x7f0000000140)={{0xfffffffffffffffd, 0xffffff81}, {0x4, 0x2}, 0x7a54, 0x1}) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x8) lseek(r3, 0x9, 0x4) ioctl$SNDCTL_DSP_GETIPTR(r2, 0x800c5011, &(0x7f0000000080)) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000280)={0xc, 0x0, 0x0}) ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f00000002c0)={&(0x7f000053c000/0x2000)=nil, 0x2000}) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f00000006c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) setsockopt$inet_group_source_req(r5, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) setsockopt$inet_group_source_req(r5, 0x0, 0x2c, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000200)={0x18, r4, 0x1, 0x0, &(0x7f00000001c0)=[{0x0, 0x3ea4}]}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x6, r4, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x3ea4}) ioctl$IOMMU_DESTROY$ioas(r2, 0x3b80, &(0x7f0000000100)={0x8, r4}) r6 = syz_open_dev$video4linux(&(0x7f0000000400), 0x800000000401, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000340), 0x4) ioctl$VIDIOC_G_EXT_CTRLS(r6, 0xc040564a, &(0x7f0000000200)={0x0, 0x1, 0x100b, 0xffffffffffffffff, 0x0, 0x0}) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) writev(r7, &(0x7f0000000300)=[{&(0x7f0000000680)="580000004b8004023655fdbaded39d65000b4824ca940417a3cd3639e431e8e2125f6c00940f6a0325010ebc0000000000000080001328baf0fffeffe809005300fff5dd02000000000000000c10003d5bcf6916b4114b32793792c395da89991a8be619c7ce1ecf8b6e3501aeb67cdb99f356f9518492cbf6d88e98f0df275f9f6dd0e185ac9b0b8902c883e0b63cf78a6f36b97cab227f62b6d35dcd058a8957d1bbf401e51d4302cbc17c3201e7b12fa4daac244b96d402183b429bbe400236cd1f8d50f2568ac466a6d40024f87588cbe7808c481b157f18acb07cee62b1d238ba704435ee1c055697eb1ee0e2cfa36d2efbf1ac9fa85fe4", 0xfdae}], 0x1) 397.925045ms ago: executing program 3 (id=996): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x40082, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000280)={0x6000, 0x80600}) fadvise64(r0, 0x94, 0x6e, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b00)={0x18, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4, 0x2}]}, 0x18}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) 277.060136ms ago: executing program 3 (id=997): syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x6e, 0x40, 0xb7, 0x40, 0x9e1, 0x5121, 0x40c1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3c, 0xac, 0x24}}]}}]}}, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 230.394954ms ago: executing program 2 (id=998): r0 = socket(0x2d, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0) r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1ff, 0x0) ioctl$LOOP_SET_FD(r1, 0xc0045003, 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0xa0, 0x4) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, 0x0, &(0x7f00000000c0)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x2b, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000010000000000000073797a3100000000080004400000000f0000000000000030000000e7080003eadfc64c4c934a7027e5cf099dc438707aedd979"], 0x64}, 0x1, 0x0, 0x0, 0x840}, 0x0) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0x7, 0xb, 0xfffffffe}) write$bt_hci(r6, &(0x7f0000000080)=ANY=[], 0x6) mmap(&(0x7f0000358000/0x2000)=nil, 0x2000, 0x3000002, 0x4000010, r5, 0x93774000) 0s ago: executing program 2 (id=999): bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) kernel console output (not intermixed with test programs): tsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.020147][ T5897] usb 2-1: config 0 interface 0 has no altsetting 0 [ 181.027070][ T5897] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 181.036788][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.056016][ T5897] usb 2-1: config 0 descriptor?? [ 181.101070][ T8142] tipc: Failed to obtain node identity [ 181.106697][ T8142] tipc: Enabling of bearer rejected, failed to enable media [ 181.496858][ T5897] lenovo 0003:17EF:6067.0004: item fetching failed at offset 0/2 [ 181.524598][ T5897] lenovo 0003:17EF:6067.0004: hid_parse failed [ 181.545019][ T5897] lenovo 0003:17EF:6067.0004: probe with driver lenovo failed with error -22 [ 181.676084][ T10] usb 1-1: USB disconnect, device number 39 [ 181.743418][ T8123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.787763][ T8123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.829664][ T8123] /dev/rnullb0: Can't open blockdev [ 181.861021][ T8123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.892199][ T8123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.929538][ T10] usb 2-1: USB disconnect, device number 38 [ 182.231858][ T8154] loop2: detected capacity change from 0 to 7 [ 182.251999][ T8154] Dev loop2: unable to read RDB block 7 [ 182.267171][ T8154] loop2: unable to read partition table [ 182.283703][ T8154] loop2: partition table beyond EOD, truncated [ 182.304298][ T8154] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 182.572443][ T8156] /dev/rnullb0: Can't open blockdev [ 182.607162][ T8156] /dev/rnullb0: Can't open blockdev [ 182.631416][ T8156] /dev/rnullb0: Can't open blockdev [ 182.662556][ T8156] /dev/rnullb0: Can't open blockdev [ 182.687075][ T8156] /dev/rnullb0: Can't open blockdev [ 182.719306][ T8156] /dev/rnullb0: Can't open blockdev [ 182.741355][ T8156] /dev/rnullb0: Can't open blockdev [ 182.773955][ T8156] /dev/rnullb0: Can't open blockdev [ 182.796937][ T8156] /dev/rnullb0: Can't open blockdev [ 182.832764][ T8156] /dev/rnullb0: Can't open blockdev [ 182.851363][ T8156] /dev/rnullb0: Can't open blockdev [ 182.867564][ T8161] /dev/rnullb0: Can't open blockdev [ 182.873780][ T8156] /dev/rnullb0: Can't open blockdev [ 182.902130][ T8156] /dev/rnullb0: Can't open blockdev [ 182.916891][ T8156] /dev/rnullb0: Can't open blockdev [ 182.938959][ T8156] /dev/rnullb0: Can't open blockdev [ 182.963705][ T8156] /dev/rnullb0: Can't open blockdev [ 182.994434][ T8156] /dev/rnullb0: Can't open blockdev [ 183.019132][ T8156] /dev/rnullb0: Can't open blockdev [ 183.032625][ T8163] FAULT_INJECTION: forcing a failure. [ 183.032625][ T8163] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 183.052406][ T8156] /dev/rnullb0: Can't open blockdev [ 183.061793][ T8156] /dev/rnullb0: Can't open blockdev [ 183.067275][ T8163] CPU: 0 UID: 0 PID: 8163 Comm: syz.1.675 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 183.067300][ T8163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.067310][ T8163] Call Trace: [ 183.067318][ T8163] [ 183.067325][ T8163] dump_stack_lvl+0x189/0x250 [ 183.067353][ T8163] ? __pfx____ratelimit+0x10/0x10 [ 183.067375][ T8163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.067397][ T8163] ? __pfx__printk+0x10/0x10 [ 183.067420][ T8163] ? fs_reclaim_acquire+0x7d/0x100 [ 183.067448][ T8163] should_fail_ex+0x414/0x560 [ 183.067474][ T8163] prepare_alloc_pages+0x213/0x610 [ 183.067502][ T8163] __alloc_frozen_pages_noprof+0x123/0x370 [ 183.067526][ T8163] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 183.067564][ T8163] alloc_pages_bulk_noprof+0x560/0x710 [ 183.067593][ T8163] ? alloc_pages_noprof+0xbe/0x190 [ 183.067613][ T8163] kasan_populate_vmalloc+0xba/0x1a0 [ 183.067641][ T8163] alloc_vmap_area+0xd51/0x1490 [ 183.067674][ T8163] ? __pfx_alloc_vmap_area+0x10/0x10 [ 183.067690][ T8163] ? __kasan_kmalloc+0x93/0xb0 [ 183.067711][ T8163] ? __get_vm_area_node+0x13f/0x300 [ 183.067729][ T8163] ? io_region_init_ptr+0x24d/0x350 [ 183.067746][ T8163] __get_vm_area_node+0x1f8/0x300 [ 183.067767][ T8163] ? io_region_init_ptr+0x24d/0x350 [ 183.067785][ T8163] vmap+0x162/0x310 [ 183.067802][ T8163] ? io_region_init_ptr+0x24d/0x350 [ 183.067823][ T8163] io_region_init_ptr+0x24d/0x350 [ 183.067842][ T8163] ? __pfx_io_region_init_ptr+0x10/0x10 [ 183.067862][ T8163] ? io_pin_pages+0xcf/0x1a0 [ 183.067879][ T8163] ? io_region_pin_pages+0xbe/0x190 [ 183.067899][ T8163] io_create_region+0x3a4/0x480 [ 183.067922][ T8163] io_allocate_scq_urings+0x235/0x7f0 [ 183.067947][ T8163] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 183.067967][ T8163] ? bpf_lsm_capable+0x9/0x20 [ 183.067980][ T8163] ? security_capable+0x7e/0x2e0 [ 183.068004][ T8163] io_uring_create+0x52b/0xb60 [ 183.068032][ T8163] __se_sys_io_uring_setup+0x264/0x270 [ 183.068054][ T8163] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 183.068084][ T8163] ? rcu_is_watching+0x15/0xb0 [ 183.068110][ T8163] ? do_syscall_64+0xbe/0x3b0 [ 183.068136][ T8163] do_syscall_64+0xfa/0x3b0 [ 183.068156][ T8163] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.068183][ T8163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.068200][ T8163] ? clear_bhb_loop+0x60/0xb0 [ 183.068220][ T8163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.068237][ T8163] RIP: 0033:0x7f543b98e9a9 [ 183.068253][ T8163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.068267][ T8163] RSP: 002b:00007f54397f5fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 183.068286][ T8163] RAX: ffffffffffffffda RBX: 00007f543bbb5fa0 RCX: 00007f543b98e9a9 [ 183.068299][ T8163] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 183.068310][ T8163] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 183.068321][ T8163] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 183.068331][ T8163] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 183.068357][ T8163] [ 183.378662][ T8156] /dev/rnullb0: Can't open blockdev [ 183.516971][ T8165] sp0: Synchronizing with TNC [ 183.940474][ T8164] [U] [ 184.194186][ T8174] trusted_key: encrypted_key: keylen parameter is missing [ 184.204922][ T8174] netlink: 44 bytes leftover after parsing attributes in process `syz.2.679'. [ 184.224642][ T8174] netlink: 88 bytes leftover after parsing attributes in process `syz.2.679'. [ 184.281692][ T8181] loop2: detected capacity change from 0 to 7 [ 184.289763][ T8181] Dev loop2: unable to read RDB block 7 [ 184.295493][ T8181] loop2: unable to read partition table [ 184.301876][ T8181] loop2: partition table beyond EOD, truncated [ 184.321953][ T8181] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 184.328296][ T5897] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 184.530621][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 184.539671][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.552432][ T5897] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 184.560844][ T8189] loop6: detected capacity change from 0 to 7 [ 184.574364][ C1] blk_print_req_error: 24 callbacks suppressed [ 184.574383][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.574786][ T5897] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 184.580638][ C1] buffer_io_error: 23 callbacks suppressed [ 184.580653][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.581864][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.607774][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.612707][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.639055][ T5897] usb 2-1: Product: syz [ 184.642743][ T8190] FAT-fs (rnullb0): bogus number of FAT structure [ 184.643585][ T5897] usb 2-1: Manufacturer: syz [ 184.654619][ T8190] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 184.655509][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.670601][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.683238][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.692534][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.702045][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.711244][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.722333][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.731641][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.739858][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.740269][ T5897] usb 2-1: SerialNumber: syz [ 184.749073][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.751878][ T8189] ldm_validate_partition_table(): Disk read failed. [ 184.757810][ T5897] usb 2-1: config 0 descriptor?? [ 184.766767][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.782876][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.791851][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.801080][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.811846][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 184.821069][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 184.833344][ T8189] Dev loop6: unable to read RDB block 0 [ 184.840785][ T8189] loop6: unable to read partition table [ 184.846731][ T8189] loop6: partition table beyond EOD, truncated [ 184.862536][ T8189] loop_reread_partitions: partition scan of loop6 (被x() failed (rc=-5) [ 184.990268][ T8196] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 184.997483][ T8196] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 184.999099][ T8194] FAULT_INJECTION: forcing a failure. [ 184.999099][ T8194] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 185.028487][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.3.686 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 185.028512][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.028522][ T8194] Call Trace: [ 185.028530][ T8194] [ 185.028538][ T8194] dump_stack_lvl+0x189/0x250 [ 185.028565][ T8194] ? __pfx____ratelimit+0x10/0x10 [ 185.028592][ T8194] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.028613][ T8194] ? __pfx__printk+0x10/0x10 [ 185.028636][ T8194] ? fs_reclaim_acquire+0x7d/0x100 [ 185.028666][ T8194] should_fail_ex+0x414/0x560 [ 185.028691][ T8194] prepare_alloc_pages+0x213/0x610 [ 185.028725][ T8194] __alloc_frozen_pages_noprof+0x123/0x370 [ 185.028750][ T8194] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 185.028789][ T8194] alloc_pages_bulk_noprof+0x560/0x710 [ 185.028819][ T8194] ? alloc_pages_noprof+0xbe/0x190 [ 185.028843][ T8194] kasan_populate_vmalloc+0xba/0x1a0 [ 185.028873][ T8194] alloc_vmap_area+0xd51/0x1490 [ 185.028906][ T8194] ? __pfx_alloc_vmap_area+0x10/0x10 [ 185.028922][ T8194] ? __kasan_kmalloc+0x93/0xb0 [ 185.028942][ T8194] ? __get_vm_area_node+0x13f/0x300 [ 185.028960][ T8194] ? io_region_init_ptr+0x24d/0x350 [ 185.028977][ T8194] __get_vm_area_node+0x1f8/0x300 [ 185.028996][ T8194] ? io_region_init_ptr+0x24d/0x350 [ 185.029014][ T8194] vmap+0x162/0x310 [ 185.029030][ T8194] ? io_region_init_ptr+0x24d/0x350 [ 185.029051][ T8194] io_region_init_ptr+0x24d/0x350 [ 185.029070][ T8194] ? __pfx_io_region_init_ptr+0x10/0x10 [ 185.029090][ T8194] ? io_pin_pages+0xcf/0x1a0 [ 185.029107][ T8194] ? io_region_pin_pages+0xbe/0x190 [ 185.029126][ T8194] io_create_region+0x3a4/0x480 [ 185.029152][ T8194] io_allocate_scq_urings+0x235/0x7f0 [ 185.029182][ T8194] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 185.029208][ T8194] ? bpf_lsm_capable+0x9/0x20 [ 185.029225][ T8194] ? security_capable+0x7e/0x2e0 [ 185.029253][ T8194] io_uring_create+0x52b/0xb60 [ 185.029281][ T8194] __se_sys_io_uring_setup+0x264/0x270 [ 185.029302][ T8194] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 185.029333][ T8194] ? rcu_is_watching+0x15/0xb0 [ 185.029359][ T8194] ? do_syscall_64+0xbe/0x3b0 [ 185.029385][ T8194] do_syscall_64+0xfa/0x3b0 [ 185.029404][ T8194] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.029425][ T8194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.029441][ T8194] ? clear_bhb_loop+0x60/0xb0 [ 185.029460][ T8194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.029474][ T8194] RIP: 0033:0x7ff83d98e9a9 [ 185.029490][ T8194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.029503][ T8194] RSP: 002b:00007ff83e89efc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 185.029521][ T8194] RAX: ffffffffffffffda RBX: 00007ff83dbb5fa0 RCX: 00007ff83d98e9a9 [ 185.029534][ T8194] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 185.029544][ T8194] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 185.029555][ T8194] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 185.029565][ T8194] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 185.029591][ T8194] [ 185.413583][ T8201] omfs: Invalid superblock (0) [ 185.427527][ T8203] loop2: detected capacity change from 0 to 7 [ 185.446241][ T5858] Dev loop2: unable to read RDB block 7 [ 185.452193][ T5858] loop2: unable to read partition table [ 185.458276][ T5858] loop2: partition table beyond EOD, truncated [ 185.486087][ T8203] Dev loop2: unable to read RDB block 7 [ 185.492904][ T8203] loop2: unable to read partition table [ 185.498903][ T8203] loop2: partition table beyond EOD, truncated [ 185.505088][ T8203] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 185.613389][ T8212] gfs2: not a GFS2 filesystem [ 185.628515][ T8211] gfs2: not a GFS2 filesystem [ 186.365282][ T8238] FAULT_INJECTION: forcing a failure. [ 186.365282][ T8238] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 186.382649][ T8238] CPU: 1 UID: 0 PID: 8238 Comm: syz.3.699 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 186.382676][ T8238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 186.382686][ T8238] Call Trace: [ 186.382694][ T8238] [ 186.382701][ T8238] dump_stack_lvl+0x189/0x250 [ 186.382727][ T8238] ? __pfx____ratelimit+0x10/0x10 [ 186.382750][ T8238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.382771][ T8238] ? __pfx__printk+0x10/0x10 [ 186.382794][ T8238] ? fs_reclaim_acquire+0x7d/0x100 [ 186.382823][ T8238] should_fail_ex+0x414/0x560 [ 186.382846][ T8238] prepare_alloc_pages+0x213/0x610 [ 186.382874][ T8238] __alloc_frozen_pages_noprof+0x123/0x370 [ 186.382898][ T8238] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 186.382936][ T8238] alloc_pages_bulk_noprof+0x560/0x710 [ 186.382964][ T8238] ? alloc_pages_noprof+0xbe/0x190 [ 186.382987][ T8238] kasan_populate_vmalloc+0xba/0x1a0 [ 186.383016][ T8238] alloc_vmap_area+0xd51/0x1490 [ 186.383049][ T8238] ? __pfx_alloc_vmap_area+0x10/0x10 [ 186.383064][ T8238] ? __kasan_kmalloc+0x93/0xb0 [ 186.383084][ T8238] ? __get_vm_area_node+0x13f/0x300 [ 186.383102][ T8238] ? io_region_init_ptr+0x24d/0x350 [ 186.383119][ T8238] __get_vm_area_node+0x1f8/0x300 [ 186.383139][ T8238] ? io_region_init_ptr+0x24d/0x350 [ 186.383157][ T8238] vmap+0x162/0x310 [ 186.383173][ T8238] ? io_region_init_ptr+0x24d/0x350 [ 186.383194][ T8238] io_region_init_ptr+0x24d/0x350 [ 186.383214][ T8238] ? __pfx_io_region_init_ptr+0x10/0x10 [ 186.383233][ T8238] ? io_pin_pages+0xcf/0x1a0 [ 186.383250][ T8238] ? io_region_pin_pages+0xbe/0x190 [ 186.383270][ T8238] io_create_region+0x3a4/0x480 [ 186.383295][ T8238] io_allocate_scq_urings+0x235/0x7f0 [ 186.383325][ T8238] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 186.383350][ T8238] ? bpf_lsm_capable+0x9/0x20 [ 186.383368][ T8238] ? security_capable+0x7e/0x2e0 [ 186.383397][ T8238] io_uring_create+0x52b/0xb60 [ 186.383425][ T8238] __se_sys_io_uring_setup+0x264/0x270 [ 186.383445][ T8238] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 186.383475][ T8238] ? rcu_is_watching+0x15/0xb0 [ 186.383501][ T8238] ? do_syscall_64+0xbe/0x3b0 [ 186.383525][ T8238] do_syscall_64+0xfa/0x3b0 [ 186.383546][ T8238] ? lockdep_hardirqs_on+0x9c/0x150 [ 186.383566][ T8238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.383587][ T8238] ? clear_bhb_loop+0x60/0xb0 [ 186.383606][ T8238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.383622][ T8238] RIP: 0033:0x7ff83d98e9a9 [ 186.383638][ T8238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.383658][ T8238] RSP: 002b:00007ff83e89efc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 186.383677][ T8238] RAX: ffffffffffffffda RBX: 00007ff83dbb5fa0 RCX: 00007ff83d98e9a9 [ 186.383690][ T8238] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 186.383701][ T8238] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 186.383712][ T8238] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 186.383722][ T8238] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 186.383749][ T8238] [ 186.757702][ T55] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 186.765075][ T8241] loop2: detected capacity change from 0 to 7 [ 186.774036][ T8241] Dev loop2: unable to read RDB block 7 [ 186.780052][ T8241] loop2: unable to read partition table [ 186.786110][ T8241] loop2: partition table beyond EOD, truncated [ 186.792766][ T8241] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 186.814263][ T8243] binder: 8242:8243 ioctl 400c620e 2000000014c0 returned -22 [ 186.883288][ T8245] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 186.920849][ T55] usb 3-1: too many configurations: 228, using maximum allowed: 8 [ 186.940989][ T55] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 186.950229][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.958298][ T55] usb 3-1: Product: syz [ 186.962466][ T55] usb 3-1: Manufacturer: syz [ 186.967101][ T55] usb 3-1: SerialNumber: syz [ 186.983584][ T55] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 187.015283][ T43] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 187.156649][ T10] usb 2-1: USB disconnect, device number 39 [ 187.253024][ T8256] exFAT-fs (rnullb0): invalid boot record signature [ 187.271622][ T8256] exFAT-fs (rnullb0): failed to read boot sector [ 187.301492][ T8258] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 187.307675][ T8256] exFAT-fs (rnullb0): failed to recognize exfat type [ 187.546183][ T8271] FAULT_INJECTION: forcing a failure. [ 187.546183][ T8271] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 187.560790][ T8271] CPU: 0 UID: 0 PID: 8271 Comm: syz.0.709 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 187.560825][ T8271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 187.560835][ T8271] Call Trace: [ 187.560842][ T8271] [ 187.560850][ T8271] dump_stack_lvl+0x189/0x250 [ 187.560876][ T8271] ? __pfx____ratelimit+0x10/0x10 [ 187.560899][ T8271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.560920][ T8271] ? __pfx__printk+0x10/0x10 [ 187.560942][ T8271] ? fs_reclaim_acquire+0x7d/0x100 [ 187.560971][ T8271] should_fail_ex+0x414/0x560 [ 187.560995][ T8271] prepare_alloc_pages+0x213/0x610 [ 187.561022][ T8271] __alloc_frozen_pages_noprof+0x123/0x370 [ 187.561046][ T8271] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 187.561092][ T8271] alloc_pages_bulk_noprof+0x560/0x710 [ 187.561120][ T8271] ? alloc_pages_noprof+0xbe/0x190 [ 187.561142][ T8271] kasan_populate_vmalloc+0xba/0x1a0 [ 187.561172][ T8271] alloc_vmap_area+0xd51/0x1490 [ 187.561202][ T8271] ? __pfx_alloc_vmap_area+0x10/0x10 [ 187.561218][ T8271] ? __kasan_kmalloc+0x93/0xb0 [ 187.561238][ T8271] ? __get_vm_area_node+0x13f/0x300 [ 187.561254][ T8271] ? io_region_init_ptr+0x24d/0x350 [ 187.561271][ T8271] __get_vm_area_node+0x1f8/0x300 [ 187.561291][ T8271] ? io_region_init_ptr+0x24d/0x350 [ 187.561308][ T8271] vmap+0x162/0x310 [ 187.561324][ T8271] ? io_region_init_ptr+0x24d/0x350 [ 187.561341][ T8271] io_region_init_ptr+0x24d/0x350 [ 187.561361][ T8271] ? __pfx_io_region_init_ptr+0x10/0x10 [ 187.561385][ T8271] ? io_pin_pages+0xcf/0x1a0 [ 187.561402][ T8271] ? io_region_pin_pages+0xbe/0x190 [ 187.561422][ T8271] io_create_region+0x3a4/0x480 [ 187.561446][ T8271] io_allocate_scq_urings+0x235/0x7f0 [ 187.561472][ T8271] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 187.561494][ T8271] ? bpf_lsm_capable+0x9/0x20 [ 187.561510][ T8271] ? security_capable+0x7e/0x2e0 [ 187.561539][ T8271] io_uring_create+0x52b/0xb60 [ 187.561564][ T8271] __se_sys_io_uring_setup+0x264/0x270 [ 187.561584][ T8271] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 187.561611][ T8271] ? rcu_is_watching+0x15/0xb0 [ 187.561634][ T8271] ? do_syscall_64+0xbe/0x3b0 [ 187.561659][ T8271] do_syscall_64+0xfa/0x3b0 [ 187.561680][ T8271] ? lockdep_hardirqs_on+0x9c/0x150 [ 187.561701][ T8271] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.561718][ T8271] ? clear_bhb_loop+0x60/0xb0 [ 187.561737][ T8271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.561753][ T8271] RIP: 0033:0x7fbb8198e9a9 [ 187.561767][ T8271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.561781][ T8271] RSP: 002b:00007fbb82739fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 187.561798][ T8271] RAX: ffffffffffffffda RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9a9 [ 187.561821][ T8271] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 187.561831][ T8271] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 187.561841][ T8271] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 187.561851][ T8271] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 187.561877][ T8271] [ 188.161155][ T8280] 9pnet_fd: Insufficient options for proto=fd [ 188.204694][ T10] usb 3-1: USB disconnect, device number 30 [ 188.287708][ T43] usb 3-1: Service connection timeout for: 256 [ 188.294208][ T43] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 188.319472][ T43] ath9k_htc: Failed to initialize the device [ 188.334348][ T10] usb 3-1: ath9k_htc: USB layer deinitialized [ 188.417718][ T5910] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 188.553768][ T8287] loop2: detected capacity change from 0 to 7 [ 188.569180][ T8287] Dev loop2: unable to read RDB block 7 [ 188.576028][ T8287] loop2: unable to read partition table [ 188.597137][ T8287] loop2: partition table beyond EOD, truncated [ 188.618364][ T8287] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 188.628358][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 188.635344][ T5910] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 188.647135][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 188.677642][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 188.698066][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 188.721048][ T5910] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 188.730399][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.741733][ T5910] usb 1-1: Product: syz [ 188.745920][ T5910] usb 1-1: Manufacturer: syz [ 188.757883][ T5910] usb 1-1: SerialNumber: syz [ 188.765484][ T5910] usb 1-1: config 0 descriptor?? [ 188.850233][ T8293] /dev/rnullb0: Can't open blockdev [ 188.877921][ T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 189.027804][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 189.035172][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.055153][ T10] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 189.081207][ T10] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 189.099293][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.109741][ T5910] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 189.131069][ T10] usb 3-1: Product: syz [ 189.135263][ T10] usb 3-1: Manufacturer: syz [ 189.149184][ T10] usb 3-1: SerialNumber: syz [ 189.163506][ T10] usb 3-1: config 0 descriptor?? [ 189.290190][ T5910] usb 4-1: Using ep0 maxpacket: 32 [ 189.309566][ T10] usb 1-1: USB disconnect, device number 40 [ 189.320064][ T5910] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 189.350752][ T5910] usb 4-1: config 0 has no interface number 0 [ 189.367173][ T5910] usb 4-1: config 0 interface 12 has no altsetting 0 [ 189.376900][ T5910] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 189.398141][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.406178][ T5910] usb 4-1: Product: syz [ 189.417674][ T5910] usb 4-1: Manufacturer: syz [ 189.427657][ T5910] usb 4-1: SerialNumber: syz [ 189.435273][ T5910] usb 4-1: config 0 descriptor?? [ 189.768616][ T8251] syz.3.704 (8251) used greatest stack depth: 19896 bytes left [ 189.932855][ T8300] FAULT_INJECTION: forcing a failure. [ 189.932855][ T8300] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 189.946337][ T8300] CPU: 1 UID: 0 PID: 8300 Comm: syz.0.718 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 189.946362][ T8300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 189.946373][ T8300] Call Trace: [ 189.946383][ T8300] [ 189.946391][ T8300] dump_stack_lvl+0x189/0x250 [ 189.946417][ T8300] ? __pfx____ratelimit+0x10/0x10 [ 189.946438][ T8300] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.946451][ T8300] ? __pfx__printk+0x10/0x10 [ 189.946466][ T8300] ? fs_reclaim_acquire+0x7d/0x100 [ 189.946483][ T8300] should_fail_ex+0x414/0x560 [ 189.946504][ T8300] prepare_alloc_pages+0x213/0x610 [ 189.946531][ T8300] __alloc_frozen_pages_noprof+0x123/0x370 [ 189.946565][ T8300] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 189.946598][ T8300] alloc_pages_bulk_noprof+0x560/0x710 [ 189.946614][ T8300] ? alloc_pages_noprof+0xbe/0x190 [ 189.946628][ T8300] kasan_populate_vmalloc+0xba/0x1a0 [ 189.946647][ T8300] alloc_vmap_area+0xd51/0x1490 [ 189.946678][ T8300] ? __pfx_alloc_vmap_area+0x10/0x10 [ 189.946694][ T8300] ? __kasan_kmalloc+0x93/0xb0 [ 189.946715][ T8300] ? __get_vm_area_node+0x13f/0x300 [ 189.946733][ T8300] ? io_region_init_ptr+0x24d/0x350 [ 189.946746][ T8300] __get_vm_area_node+0x1f8/0x300 [ 189.946758][ T8300] ? io_region_init_ptr+0x24d/0x350 [ 189.946767][ T8300] vmap+0x162/0x310 [ 189.946777][ T8300] ? io_region_init_ptr+0x24d/0x350 [ 189.946789][ T8300] io_region_init_ptr+0x24d/0x350 [ 189.946799][ T8300] ? __pfx_io_region_init_ptr+0x10/0x10 [ 189.946816][ T8300] ? io_pin_pages+0xcf/0x1a0 [ 189.946833][ T8300] ? io_region_pin_pages+0xbe/0x190 [ 189.946853][ T8300] io_create_region+0x3a4/0x480 [ 189.946878][ T8300] io_allocate_scq_urings+0x235/0x7f0 [ 189.946901][ T8300] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 189.946917][ T8300] ? bpf_lsm_capable+0x9/0x20 [ 189.946929][ T8300] ? security_capable+0x7e/0x2e0 [ 189.946946][ T8300] io_uring_create+0x52b/0xb60 [ 189.946972][ T8300] __se_sys_io_uring_setup+0x264/0x270 [ 189.946993][ T8300] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 189.947024][ T8300] ? rcu_is_watching+0x15/0xb0 [ 189.947045][ T8300] ? do_syscall_64+0xbe/0x3b0 [ 189.947061][ T8300] do_syscall_64+0xfa/0x3b0 [ 189.947075][ T8300] ? lockdep_hardirqs_on+0x9c/0x150 [ 189.947088][ T8300] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.947097][ T8300] ? clear_bhb_loop+0x60/0xb0 [ 189.947116][ T8300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.947133][ T8300] RIP: 0033:0x7fbb8198e9a9 [ 189.947148][ T8300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.947162][ T8300] RSP: 002b:00007fbb82739fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 189.947180][ T8300] RAX: ffffffffffffffda RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9a9 [ 189.947192][ T8300] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 189.947198][ T8300] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 189.947204][ T8300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 189.947209][ T8300] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 189.947224][ T8300] [ 190.301102][ T8304] hfs: can't find a HFS filesystem on dev rnullb0 [ 190.677728][ T1213] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 190.827697][ T1213] usb 1-1: Using ep0 maxpacket: 32 [ 190.834775][ T1213] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 190.843079][ T1213] usb 1-1: config 0 has no interface number 0 [ 190.849335][ T1213] usb 1-1: config 0 interface 89 has no altsetting 0 [ 190.859726][ T1213] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 190.869085][ T1213] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.877690][ T1213] usb 1-1: Product: syz [ 190.883284][ T1213] usb 1-1: Manufacturer: syz [ 190.888675][ T1213] usb 1-1: SerialNumber: syz [ 190.894669][ T5910] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 190.902430][ T5910] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 190.912860][ T1213] usb 1-1: config 0 descriptor?? [ 190.918747][ T5910] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 190.926368][ T5910] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 190.937098][ T1213] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 190.946648][ T1213] em28xx 1-1:0.89: Video interface 89 found: bulk [ 190.960850][ T5910] usb 4-1: USB disconnect, device number 39 [ 191.192388][ T8313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.207250][ T8313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.392196][ T8317] binder: 8316:8317 ioctl c0306201 0 returned -14 [ 191.399268][ T1213] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 191.450618][ T8321] loop2: detected capacity change from 0 to 7 [ 191.460838][ T8321] Dev loop2: unable to read RDB block 7 [ 191.466538][ T8321] loop2: unable to read partition table [ 191.473842][ T8321] loop2: partition table beyond EOD, truncated [ 191.491203][ T1213] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 191.493786][ T8321] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 191.515727][ T1213] em28xx 1-1:0.89: board has no eeprom [ 191.528722][ T5910] usb 3-1: USB disconnect, device number 31 [ 191.608020][ T1213] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 191.629196][ T1213] em28xx 1-1:0.89: analog set to bulk mode. [ 191.635419][ T10] em28xx 1-1:0.89: Registering V4L2 extension [ 191.665528][ T8324] NILFS (rnullb0): couldn't find nilfs on the device [ 191.668447][ T1213] usb 1-1: USB disconnect, device number 41 [ 191.710040][ T1213] em28xx 1-1:0.89: Disconnecting em28xx [ 191.767845][ T10] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 191.775062][ T10] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 191.840332][ T10] em28xx 1-1:0.89: No AC97 audio processor [ 191.859082][ T10] usb 1-1: Decoder not found [ 191.863712][ T10] em28xx 1-1:0.89: failed to create media graph [ 191.887459][ T10] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 191.944917][ T10] em28xx 1-1:0.89: Registering snapshot button... [ 191.955204][ T8337] FAULT_INJECTION: forcing a failure. [ 191.955204][ T8337] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 191.973955][ T10] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input14 [ 191.977455][ T8339] vxfs: WRONG superblock magic 00000000 at 1 [ 191.991477][ T8337] CPU: 0 UID: 0 PID: 8337 Comm: syz.2.727 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 191.991498][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.991507][ T8337] Call Trace: [ 191.991514][ T8337] [ 191.991521][ T8337] dump_stack_lvl+0x189/0x250 [ 191.991546][ T8337] ? __pfx____ratelimit+0x10/0x10 [ 191.991565][ T8337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.991586][ T8337] ? __pfx__printk+0x10/0x10 [ 191.991610][ T8337] ? fs_reclaim_acquire+0x7d/0x100 [ 191.991638][ T8337] should_fail_ex+0x414/0x560 [ 191.991663][ T8337] prepare_alloc_pages+0x213/0x610 [ 191.991691][ T8337] __alloc_frozen_pages_noprof+0x123/0x370 [ 191.991714][ T8337] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 191.991746][ T8337] alloc_pages_bulk_noprof+0x560/0x710 [ 191.991770][ T8337] ? alloc_pages_noprof+0xbe/0x190 [ 191.991792][ T8337] kasan_populate_vmalloc+0xba/0x1a0 [ 191.991819][ T8337] alloc_vmap_area+0xd51/0x1490 [ 191.991849][ T8337] ? __pfx_alloc_vmap_area+0x10/0x10 [ 191.991863][ T8337] ? __kasan_kmalloc+0x93/0xb0 [ 191.991881][ T8337] ? __get_vm_area_node+0x13f/0x300 [ 191.991896][ T8337] ? io_region_init_ptr+0x24d/0x350 [ 191.991912][ T8337] __get_vm_area_node+0x1f8/0x300 [ 191.991928][ T8337] ? io_region_init_ptr+0x24d/0x350 [ 191.991945][ T8337] vmap+0x162/0x310 [ 191.991961][ T8337] ? io_region_init_ptr+0x24d/0x350 [ 191.991980][ T8337] io_region_init_ptr+0x24d/0x350 [ 191.991998][ T8337] ? __pfx_io_region_init_ptr+0x10/0x10 [ 191.992015][ T8337] ? io_pin_pages+0xcf/0x1a0 [ 191.992031][ T8337] ? io_region_pin_pages+0xbe/0x190 [ 191.992047][ T8337] io_create_region+0x3a4/0x480 [ 191.992069][ T8337] io_allocate_scq_urings+0x235/0x7f0 [ 191.992096][ T8337] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 191.992115][ T8337] ? bpf_lsm_capable+0x9/0x20 [ 191.992129][ T8337] ? security_capable+0x7e/0x2e0 [ 191.992152][ T8337] io_uring_create+0x52b/0xb60 [ 191.992174][ T8337] __se_sys_io_uring_setup+0x264/0x270 [ 191.992192][ T8337] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 191.992217][ T8337] ? rcu_is_watching+0x15/0xb0 [ 191.992237][ T8337] ? do_syscall_64+0xbe/0x3b0 [ 191.992260][ T8337] do_syscall_64+0xfa/0x3b0 [ 191.992278][ T8337] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.992297][ T8337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.992320][ T8337] ? clear_bhb_loop+0x60/0xb0 [ 191.992339][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.992352][ T8337] RIP: 0033:0x7f0a39d8e9a9 [ 191.992366][ T8337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.992379][ T8337] RSP: 002b:00007f0a3ac99fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 191.992396][ T8337] RAX: ffffffffffffffda RBX: 00007f0a39fb5fa0 RCX: 00007f0a39d8e9a9 [ 191.992406][ T8337] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 191.992416][ T8337] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 191.992427][ T8337] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 191.992436][ T8337] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 191.992460][ T8337] [ 191.995756][ T10] em28xx 1-1:0.89: Remote control support is not available for this card. [ 191.999542][ T8339] vxfs: WRONG superblock magic 00000000 at 8 [ 192.019652][ T1213] em28xx 1-1:0.89: Closing input extension [ 192.025626][ T8339] vxfs: can't find superblock. [ 192.044602][ T1213] em28xx 1-1:0.89: Deregistering snapshot button [ 192.415852][ T1213] em28xx 1-1:0.89: Freeing device [ 192.460044][ T8357] binder: 8356:8357 ioctl c0306201 0 returned -14 [ 192.650326][ T8366] netlink: 92 bytes leftover after parsing attributes in process `syz.1.736'. [ 192.688731][ T8364] loop2: detected capacity change from 0 to 7 [ 192.696521][ T8364] Dev loop2: unable to read RDB block 7 [ 192.703545][ T8364] loop2: unable to read partition table [ 192.718061][ T8364] loop2: partition table beyond EOD, truncated [ 192.745848][ T8364] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 192.823422][ T8374] FAULT_INJECTION: forcing a failure. [ 192.823422][ T8374] name failslab, interval 1, probability 0, space 0, times 0 [ 192.858541][ T8374] CPU: 0 UID: 0 PID: 8374 Comm: syz.1.738 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 192.858567][ T8374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 192.858577][ T8374] Call Trace: [ 192.858584][ T8374] [ 192.858592][ T8374] dump_stack_lvl+0x189/0x250 [ 192.858619][ T8374] ? __pfx____ratelimit+0x10/0x10 [ 192.858642][ T8374] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.858662][ T8374] ? __pfx__printk+0x10/0x10 [ 192.858690][ T8374] ? __pfx___might_resched+0x10/0x10 [ 192.858709][ T8374] ? fs_reclaim_acquire+0x7d/0x100 [ 192.858734][ T8374] should_fail_ex+0x414/0x560 [ 192.858758][ T8374] ? io_pin_pages+0x9a/0x1a0 [ 192.858771][ T8374] should_failslab+0xa8/0x100 [ 192.858792][ T8374] __kvmalloc_node_noprof+0x161/0x5f0 [ 192.858812][ T8374] ? io_pin_pages+0x9a/0x1a0 [ 192.858832][ T8374] io_pin_pages+0x9a/0x1a0 [ 192.858850][ T8374] io_region_pin_pages+0x7d/0x190 [ 192.858871][ T8374] io_create_region+0x386/0x480 [ 192.858896][ T8374] io_allocate_scq_urings+0x4e9/0x7f0 [ 192.858926][ T8374] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 192.858951][ T8374] ? bpf_lsm_capable+0x9/0x20 [ 192.858969][ T8374] ? security_capable+0x7e/0x2e0 [ 192.858997][ T8374] io_uring_create+0x52b/0xb60 [ 192.859026][ T8374] __se_sys_io_uring_setup+0x264/0x270 [ 192.859047][ T8374] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 192.859076][ T8374] ? rcu_is_watching+0x15/0xb0 [ 192.859102][ T8374] ? do_syscall_64+0xbe/0x3b0 [ 192.859126][ T8374] do_syscall_64+0xfa/0x3b0 [ 192.859146][ T8374] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.859167][ T8374] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.859184][ T8374] ? clear_bhb_loop+0x60/0xb0 [ 192.859204][ T8374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.859220][ T8374] RIP: 0033:0x7f543b98e9a9 [ 192.859242][ T8374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.859257][ T8374] RSP: 002b:00007f54397f5fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 192.859276][ T8374] RAX: ffffffffffffffda RBX: 00007f543bbb5fa0 RCX: 00007f543b98e9a9 [ 192.859289][ T8374] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000005b14 [ 192.859301][ T8374] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000 [ 192.859312][ T8374] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 192.859322][ T8374] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 192.859348][ T8374] [ 192.861561][ T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 193.160294][ T8383] exFAT-fs (rnullb0): invalid boot record signature [ 193.167192][ T8383] exFAT-fs (rnullb0): failed to read boot sector [ 193.187685][ T8383] exFAT-fs (rnullb0): failed to recognize exfat type [ 193.243367][ T8386] XFS (rnullb0): Invalid superblock magic number [ 193.262361][ T8394] binder: 8393:8394 ioctl c0306201 0 returned -14 [ 193.297679][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 193.304869][ T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 193.323736][ T24] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 193.348176][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.359619][ T24] usb 3-1: Product: syz [ 193.367882][ T24] usb 3-1: Manufacturer: syz [ 193.377913][ T24] usb 3-1: SerialNumber: syz [ 193.391579][ T24] usb 3-1: config 0 descriptor?? [ 193.642839][ T8409] FAULT_INJECTION: forcing a failure. [ 193.642839][ T8409] name failslab, interval 1, probability 0, space 0, times 0 [ 193.655922][ T8409] CPU: 1 UID: 0 PID: 8409 Comm: syz.0.748 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 193.655947][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.655959][ T8409] Call Trace: [ 193.655967][ T8409] [ 193.655975][ T8409] dump_stack_lvl+0x189/0x250 [ 193.656002][ T8409] ? __pfx____ratelimit+0x10/0x10 [ 193.656026][ T8409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.656046][ T8409] ? __pfx__printk+0x10/0x10 [ 193.656065][ T8409] ? __lock_acquire+0xab9/0xd20 [ 193.656090][ T8409] ? sig_get_ucounts+0x26/0x450 [ 193.656112][ T8409] should_fail_ex+0x414/0x560 [ 193.656137][ T8409] should_failslab+0xa8/0x100 [ 193.656159][ T8409] kmem_cache_alloc_noprof+0x73/0x3c0 [ 193.656184][ T8409] ? __send_signal_locked+0x22a/0xeb0 [ 193.656205][ T8409] ? sig_get_ucounts+0x3e4/0x450 [ 193.656226][ T8409] __send_signal_locked+0x22a/0xeb0 [ 193.656257][ T8409] force_sig_info_to_task+0x30c/0x590 [ 193.656290][ T8409] force_sig_fault+0xdc/0x130 [ 193.656311][ T8409] ? __pfx_force_sig_fault+0x10/0x10 [ 193.656325][ T8409] ? __up_read+0x280/0x680 [ 193.656351][ T8409] ? fixup_vdso_exception+0x2cc/0x300 [ 193.656377][ T8409] __bad_area_nosemaphore+0x3b3/0x780 [ 193.656396][ T8409] ? lock_mm_and_find_vma+0xfa/0x300 [ 193.656419][ T8409] ? do_user_addr_fault+0xf47/0x1390 [ 193.656439][ T8409] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 193.656463][ T8409] ? trace_page_fault_user+0x84/0x1e0 [ 193.656484][ T8409] exc_page_fault+0x76/0xf0 [ 193.656508][ T8409] asm_exc_page_fault+0x26/0x30 [ 193.656523][ T8409] RIP: 0033:0x7fbb8184e9da [ 193.656540][ T8409] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 01 00 14 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 dd [ 193.656554][ T8409] RSP: 002b:00007fbb82739fd0 EFLAGS: 00010217 [ 193.656570][ T8409] RAX: ffffffffffffffff RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9e3 [ 193.656583][ T8409] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 193.656593][ T8409] RBP: 0000200000000040 R08: 00000000ffffffff R09: 0000000000000000 [ 193.656604][ T8409] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff [ 193.656616][ T8409] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 193.656642][ T8409] [ 193.878611][ C1] vkms_vblank_simulate: vblank timer overrun [ 193.941321][ T8412] loop2: detected capacity change from 0 to 7 [ 193.965077][ T8412] Dev loop2: unable to read RDB block 7 [ 193.974104][ T8412] loop2: unable to read partition table [ 193.981059][ T8412] loop2: partition table beyond EOD, truncated [ 193.987767][ T8412] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 194.192675][ T24] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 194.215323][ T8426] NILFS (rnullb0): couldn't find nilfs on the device [ 194.363817][ T5856] Bluetooth: hci3: unexpected event 0x03 length: 5 < 11 [ 194.377672][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.379783][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 194.383994][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.395825][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 194.415895][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 194.428709][ T24] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 194.437998][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.446108][ T24] usb 1-1: Product: syz [ 194.457269][ T24] usb 1-1: Manufacturer: syz [ 194.462716][ T24] usb 1-1: SerialNumber: syz [ 194.473634][ T24] usb 1-1: config 0 descriptor?? [ 194.484810][ T24] streamzap 1-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?! [ 194.518459][ T8436] FAULT_INJECTION: forcing a failure. [ 194.518459][ T8436] name failslab, interval 1, probability 0, space 0, times 0 [ 194.531253][ T8436] CPU: 1 UID: 0 PID: 8436 Comm: syz.3.758 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 194.531269][ T8436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 194.531276][ T8436] Call Trace: [ 194.531281][ T8436] [ 194.531286][ T8436] dump_stack_lvl+0x189/0x250 [ 194.531305][ T8436] ? __pfx____ratelimit+0x10/0x10 [ 194.531320][ T8436] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.531334][ T8436] ? __pfx__printk+0x10/0x10 [ 194.531346][ T8436] ? __lock_acquire+0xab9/0xd20 [ 194.531360][ T8436] ? sig_get_ucounts+0x26/0x450 [ 194.531372][ T8436] should_fail_ex+0x414/0x560 [ 194.531387][ T8436] should_failslab+0xa8/0x100 [ 194.531400][ T8436] kmem_cache_alloc_noprof+0x73/0x3c0 [ 194.531411][ T8436] ? __send_signal_locked+0x22a/0xeb0 [ 194.531425][ T8436] ? sig_get_ucounts+0x3e4/0x450 [ 194.531437][ T8436] __send_signal_locked+0x22a/0xeb0 [ 194.531455][ T8436] force_sig_info_to_task+0x30c/0x590 [ 194.531475][ T8436] force_sig_fault+0xdc/0x130 [ 194.531487][ T8436] ? __pfx_force_sig_fault+0x10/0x10 [ 194.531495][ T8436] ? __up_read+0x280/0x680 [ 194.531511][ T8436] ? fixup_vdso_exception+0x2cc/0x300 [ 194.531525][ T8436] __bad_area_nosemaphore+0x3b3/0x780 [ 194.531540][ T8436] ? lock_mm_and_find_vma+0xfa/0x300 [ 194.531560][ T8436] ? do_user_addr_fault+0xf47/0x1390 [ 194.531578][ T8436] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 194.531600][ T8436] ? trace_page_fault_user+0x84/0x1e0 [ 194.531619][ T8436] exc_page_fault+0x76/0xf0 [ 194.531637][ T8436] asm_exc_page_fault+0x26/0x30 [ 194.531646][ T8436] RIP: 0033:0x7ff83d84e9da [ 194.531656][ T8436] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 01 00 14 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 dd [ 194.531664][ T8436] RSP: 002b:00007ff83e89efd0 EFLAGS: 00010217 [ 194.531673][ T8436] RAX: ffffffffffffffff RBX: 00007ff83dbb5fa0 RCX: 00007ff83d98e9e3 [ 194.531681][ T8436] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 194.531686][ T8436] RBP: 0000200000000040 R08: 00000000ffffffff R09: 0000000000000000 [ 194.531693][ T8436] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff [ 194.531699][ T8436] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 194.531713][ T8436] [ 194.753298][ C1] vkms_vblank_simulate: vblank timer overrun [ 194.796548][ T24] usb 1-1: USB disconnect, device number 42 [ 195.212407][ T8443] /dev/rnullb0: Can't open blockdev [ 195.405618][ T8448] loop2: detected capacity change from 0 to 7 [ 195.414680][ T5858] Dev loop2: unable to read RDB block 7 [ 195.421611][ T5858] loop2: unable to read partition table [ 195.429303][ T5858] loop2: partition table beyond EOD, truncated [ 195.437000][ T8448] Dev loop2: unable to read RDB block 7 [ 195.447084][ T8448] loop2: unable to read partition table [ 195.453946][ T8448] loop2: partition table beyond EOD, truncated [ 195.470703][ T8448] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 195.634140][ T8455] /dev/rnullb0: Can't open blockdev [ 195.704284][ T1213] usb 3-1: USB disconnect, device number 32 [ 195.842780][ T8466] FAULT_INJECTION: forcing a failure. [ 195.842780][ T8466] name failslab, interval 1, probability 0, space 0, times 0 [ 195.855445][ T8466] CPU: 0 UID: 0 PID: 8466 Comm: syz.0.768 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 195.855471][ T8466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 195.855481][ T8466] Call Trace: [ 195.855490][ T8466] [ 195.855497][ T8466] dump_stack_lvl+0x189/0x250 [ 195.855523][ T8466] ? __pfx____ratelimit+0x10/0x10 [ 195.855546][ T8466] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.855568][ T8466] ? __pfx__printk+0x10/0x10 [ 195.855587][ T8466] ? __lock_acquire+0xab9/0xd20 [ 195.855613][ T8466] ? sig_get_ucounts+0x26/0x450 [ 195.855635][ T8466] should_fail_ex+0x414/0x560 [ 195.855659][ T8466] should_failslab+0xa8/0x100 [ 195.855680][ T8466] kmem_cache_alloc_noprof+0x73/0x3c0 [ 195.855698][ T8466] ? __send_signal_locked+0x22a/0xeb0 [ 195.855718][ T8466] ? sig_get_ucounts+0x3e4/0x450 [ 195.855746][ T8466] __send_signal_locked+0x22a/0xeb0 [ 195.855777][ T8466] force_sig_info_to_task+0x30c/0x590 [ 195.855811][ T8466] force_sig_fault+0xdc/0x130 [ 195.855831][ T8466] ? __pfx_force_sig_fault+0x10/0x10 [ 195.855845][ T8466] ? __up_read+0x280/0x680 [ 195.855872][ T8466] ? fixup_vdso_exception+0x2cc/0x300 [ 195.855898][ T8466] __bad_area_nosemaphore+0x3b3/0x780 [ 195.855917][ T8466] ? lock_mm_and_find_vma+0xfa/0x300 [ 195.855939][ T8466] ? do_user_addr_fault+0xf47/0x1390 [ 195.855959][ T8466] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 195.855983][ T8466] ? trace_page_fault_user+0x84/0x1e0 [ 195.856004][ T8466] exc_page_fault+0x76/0xf0 [ 195.856028][ T8466] asm_exc_page_fault+0x26/0x30 [ 195.856045][ T8466] RIP: 0033:0x7fbb8184e9da [ 195.856061][ T8466] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 01 00 14 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 dd [ 195.856075][ T8466] RSP: 002b:00007fbb82739fd0 EFLAGS: 00010217 [ 195.856091][ T8466] RAX: ffffffffffffffff RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9e3 [ 195.856105][ T8466] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 195.856115][ T8466] RBP: 0000200000000040 R08: 00000000ffffffff R09: 0000000000000000 [ 195.856127][ T8466] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff [ 195.856138][ T8466] R13: 0000000000000000 R14: 0000000000005b14 R15: 0000000000000000 [ 195.856166][ T8466] [ 196.129279][ T8469] binder: BINDER_SET_CONTEXT_MGR already set [ 196.149035][ T8469] binder: 8468:8469 ioctl 4018620d 200000000040 returned -16 [ 196.249145][ T8473] tmpfs: Bad value for 'mpol' [ 196.383520][ T8479] loop2: detected capacity change from 0 to 7 [ 196.395493][ T8479] Dev loop2: unable to read RDB block 7 [ 196.403900][ T8479] loop2: unable to read partition table [ 196.461287][ T8479] loop2: partition table beyond EOD, truncated [ 196.472437][ T8479] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 196.908961][ T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 197.067739][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 197.074437][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 197.085589][ T24] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 197.094849][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.103004][ T24] usb 1-1: Product: syz [ 197.107273][ T24] usb 1-1: Manufacturer: syz [ 197.111991][ T24] usb 1-1: SerialNumber: syz [ 197.121785][ T24] usb 1-1: config 0 descriptor?? [ 199.489702][ T1213] usb 1-1: USB disconnect, device number 43 [ 201.572870][ T5856] Bluetooth: hci0: command 0x0406 tx timeout [ 201.573287][ T5851] Bluetooth: hci3: command 0x0406 tx timeout [ 201.582519][ T5856] Bluetooth: hci2: command 0x0406 tx timeout [ 201.587160][ T5851] Bluetooth: hci1: command 0x0406 tx timeout [ 223.658640][ T8498] pim6reg1: entered promiscuous mode [ 223.674245][ T8498] pim6reg1: entered allmulticast mode [ 223.848822][ T8510] /dev/rnullb0: Can't open blockdev [ 223.854695][ T8509] FAULT_INJECTION: forcing a failure. [ 223.854695][ T8509] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 223.877959][ T8509] CPU: 0 UID: 0 PID: 8509 Comm: syz.2.780 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 223.877982][ T8509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 223.877994][ T8509] Call Trace: [ 223.878002][ T8509] [ 223.878009][ T8509] dump_stack_lvl+0x189/0x250 [ 223.878035][ T8509] ? __pfx____ratelimit+0x10/0x10 [ 223.878058][ T8509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.878079][ T8509] ? __pfx__printk+0x10/0x10 [ 223.878114][ T8509] should_fail_ex+0x414/0x560 [ 223.878140][ T8509] _copy_to_user+0x31/0xb0 [ 223.878170][ T8509] simple_read_from_buffer+0xe1/0x170 [ 223.878198][ T8509] proc_fail_nth_read+0x1b3/0x220 [ 223.878220][ T8509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 223.878241][ T8509] ? rw_verify_area+0x2a6/0x4d0 [ 223.878260][ T8509] ? __lock_acquire+0xab9/0xd20 [ 223.878276][ T8509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 223.878296][ T8509] vfs_read+0x1fd/0x980 [ 223.878314][ T8509] ? fdget_pos+0x247/0x320 [ 223.878333][ T8509] ? __pfx___mutex_lock+0x10/0x10 [ 223.878356][ T8509] ? __pfx_vfs_read+0x10/0x10 [ 223.878377][ T8509] ? __fget_files+0x2a/0x420 [ 223.878402][ T8509] ? __fget_files+0x3a0/0x420 [ 223.878422][ T8509] ? __fget_files+0x2a/0x420 [ 223.878453][ T8509] ksys_read+0x145/0x250 [ 223.878476][ T8509] ? __pfx_ksys_read+0x10/0x10 [ 223.878502][ T8509] ? do_syscall_64+0xbe/0x3b0 [ 223.878528][ T8509] do_syscall_64+0xfa/0x3b0 [ 223.878548][ T8509] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.878569][ T8509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.878586][ T8509] ? clear_bhb_loop+0x60/0xb0 [ 223.878606][ T8509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.878622][ T8509] RIP: 0033:0x7f0a39d8d3bc [ 223.878637][ T8509] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 223.878649][ T8509] RSP: 002b:00007f0a3ac9a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 223.878667][ T8509] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0a39d8d3bc [ 223.878679][ T8509] RDX: 000000000000000f RSI: 00007f0a3ac9a0a0 RDI: 0000000000000003 [ 223.878689][ T8509] RBP: 00007f0a3ac9a090 R08: 0000000000000000 R09: 00007f0a3ac9a090 [ 223.878700][ T8509] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000000000002 [ 223.878709][ T8509] R13: 0000000000000000 R14: 00007f0a39fb5fa0 R15: 00007ffcedcea248 [ 223.878733][ T8509] [ 224.306004][ T8519] loop2: detected capacity change from 0 to 7 [ 224.316383][ T8519] Dev loop2: unable to read RDB block 7 [ 224.322092][ T8519] loop2: unable to read partition table [ 224.330946][ T8519] loop2: partition table beyond EOD, truncated [ 224.337177][ T8519] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 224.391668][ T8521] netlink: 44 bytes leftover after parsing attributes in process `syz.0.786'. [ 224.538048][ T24] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 224.691069][ T8543] /dev/rnullb0: Can't open blockdev [ 224.700981][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 224.708874][ T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 224.721034][ T24] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 224.731198][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.756530][ T24] usb 2-1: Product: syz [ 224.761315][ T24] usb 2-1: Manufacturer: syz [ 224.766872][ T24] usb 2-1: SerialNumber: syz [ 224.790715][ T24] usb 2-1: config 0 descriptor?? [ 224.867728][ T43] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 225.017633][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 225.024511][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.039209][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.049199][ T43] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice=1a.00 [ 225.058370][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.072449][ T43] usb 3-1: config 0 descriptor?? [ 225.510235][ T43] lua 0003:1E7D:2C2E.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.2-1/input0 [ 225.633989][ T8561] loop2: detected capacity change from 0 to 7 [ 225.643560][ T8522] Dev loop2: unable to read RDB block 7 [ 225.649501][ T8522] loop2: unable to read partition table [ 225.655873][ T8522] loop2: partition table beyond EOD, truncated [ 225.666409][ T8561] Dev loop2: unable to read RDB block 7 [ 225.666455][ T8561] loop2: unable to read partition table [ 225.666644][ T8561] loop2: partition table beyond EOD, truncated [ 225.666663][ T8561] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 225.749401][ T8541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.749778][ T8541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.924243][ T43] usb 3-1: USB disconnect, device number 33 [ 226.012505][ T8573] Can't find a SQUASHFS superblock on rnullb0 [ 226.021596][ T8573] Can't find a SQUASHFS superblock on rnullb0 [ 226.324834][ T8588] exFAT-fs (rnullb0): invalid boot record signature [ 226.331636][ T8588] exFAT-fs (rnullb0): failed to read boot sector [ 226.339670][ T8588] exFAT-fs (rnullb0): failed to recognize exfat type [ 226.400465][ T8590] loop2: detected capacity change from 0 to 7 [ 226.410897][ T8590] Dev loop2: unable to read RDB block 7 [ 226.416779][ T8590] loop2: unable to read partition table [ 226.423805][ T8590] loop2: partition table beyond EOD, truncated [ 226.433318][ T8590] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 226.551433][ T8598] FAT-fs (rnullb0): bogus number of reserved sectors [ 226.562030][ T8598] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 226.570036][ T8599] FAT-fs (rnullb0): bogus number of reserved sectors [ 226.580083][ T8599] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 226.897679][ T43] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 227.057837][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 227.068142][ T43] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 227.077239][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.098123][ T43] usb 1-1: config 0 descriptor?? [ 227.109947][ T43] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 227.297309][ T1213] usb 2-1: USB disconnect, device number 40 [ 227.667175][ T8623] loop2: detected capacity change from 0 to 7 [ 227.683470][ T8623] Dev loop2: unable to read RDB block 7 [ 227.689745][ T8623] loop2: unable to read partition table [ 227.695697][ T8623] loop2: partition table beyond EOD, truncated [ 227.705663][ T8623] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 228.404927][ T8629] hpfs: Bad magic ... probably not HPFS [ 228.798455][ T24] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 228.827103][ T8644] loop2: detected capacity change from 0 to 7 [ 228.839115][ T8522] Dev loop2: unable to read RDB block 7 [ 228.848543][ T8522] loop2: unable to read partition table [ 228.854502][ T8522] loop2: partition table beyond EOD, truncated [ 228.876536][ T8644] Dev loop2: unable to read RDB block 7 [ 228.882316][ T8644] loop2: unable to read partition table [ 228.888246][ T8644] loop2: partition table beyond EOD, truncated [ 228.894593][ T8644] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 228.948589][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 228.962098][ T8646] Malformed UNC in devname [ 228.962098][ T8646] [ 228.968046][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 228.973876][ T8646] CIFS: VFS: Malformed UNC in devname [ 228.998618][ T24] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 229.018462][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.037121][ T24] usb 2-1: Product: syz [ 229.047235][ T24] usb 2-1: Manufacturer: syz [ 229.057375][ T24] usb 2-1: SerialNumber: syz [ 229.073324][ T24] usb 2-1: config 0 descriptor?? [ 229.086217][ T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 229.344076][ T30] audit: type=1326 audit(1753360970.815:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.2.833" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0a39d8e9a9 code=0x0 [ 229.449975][ T8658] /dev/rnullb0: Can't open blockdev [ 230.178606][ T8659] hpfs: Bad magic ... probably not HPFS [ 230.309420][ T43] gspca_vc032x: reg_w err -110 [ 230.317850][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.324453][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.326342][ T8667] /dev/rnullb0: Can't open blockdev [ 230.335398][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335414][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335424][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335434][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335444][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335456][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335484][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335494][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335503][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335512][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335521][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335531][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335541][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335549][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335558][ T43] gspca_vc032x: I2c Bus Busy Wait 00 [ 230.335567][ T43] gspca_vc032x: Unknown sensor... [ 230.335663][ T43] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 230.480350][ T8669] /dev/rnullb0: Can't open blockdev [ 230.499678][ T24] gspca_ov534_9: sccb_write failed [ 230.539636][ T8671] loop2: detected capacity change from 0 to 7 [ 230.546774][ T8671] Dev loop2: unable to read RDB block 7 [ 230.554985][ T8671] loop2: unable to read partition table [ 230.560742][ T5897] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 230.564756][ T8671] loop2: partition table beyond EOD, truncated [ 230.575191][ T8671] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 230.706078][ T24] gspca_ov534_9: reg_w failed -71 [ 230.717716][ T5897] usb 4-1: Using ep0 maxpacket: 32 [ 230.724324][ T5897] usb 4-1: config 8 has an invalid interface number: 203 but max is 0 [ 230.732647][ T5897] usb 4-1: config 8 has no interface number 0 [ 230.738963][ T5897] usb 4-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 230.751715][ T5897] usb 4-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 230.762047][ T5897] usb 4-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 230.772210][ T5897] usb 4-1: config 8 interface 203 has no altsetting 0 [ 230.781151][ T5897] usb 4-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 230.790251][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.799302][ T5897] usb 4-1: Product: syz [ 230.803505][ T5897] usb 4-1: Manufacturer: syz [ 230.808510][ T5897] usb 4-1: SerialNumber: syz [ 230.816178][ T8665] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 230.823951][ T8665] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 230.877753][ T1213] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 230.947690][ T24] gspca_ov534_9: Unknown sensor 0000 [ 230.947790][ T24] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 230.966665][ T24] usb 2-1: USB disconnect, device number 41 [ 231.031803][ T1213] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 231.041128][ T1213] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.053942][ T1213] usb 3-1: config 0 descriptor?? [ 231.064509][ T1213] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 231.107409][ C0] port100 4-1:8.203: NFC: Urb failure (status -71) [ 231.120542][ C0] port100 4-1:8.203: NFC: Urb failure (status -71) [ 231.129638][ T5897] port100 4-1:8.203: NFC: Could not get supported command types [ 231.156668][ T5897] usb 4-1: USB disconnect, device number 40 [ 231.249900][ T24] usb 1-1: USB disconnect, device number 44 [ 231.384015][ T8689] i2c i2c-0: Invalid block write size 254 [ 231.468937][ T8673] vxfs: WRONG superblock magic 00000000 at 1 [ 231.470120][ T8693] QAT: failed to copy from user cfg_data. [ 231.475252][ T8673] vxfs: WRONG superblock magic 00000000 at 8 [ 231.511641][ T8673] vxfs: can't find superblock. [ 231.537513][ T1213] gp8psk: usb out operation failed. [ 231.560107][ T1213] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 231.577176][ T1213] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 231.597218][ T1213] usb 3-1: USB disconnect, device number 34 [ 231.685423][ T8701] loop2: detected capacity change from 0 to 7 [ 231.694661][ T8701] Dev loop2: unable to read RDB block 7 [ 231.701077][ T8701] loop2: unable to read partition table [ 231.706844][ T8701] loop2: partition table beyond EOD, truncated [ 231.714657][ T8701] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 231.749017][ T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 231.810074][ T8704] NILFS (rnullb0): couldn't find nilfs on the device [ 231.907839][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 231.917827][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.933413][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 231.945941][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 231.957355][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 231.974859][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 231.984518][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.992920][ T24] usb 1-1: Product: syz [ 231.997337][ T24] usb 1-1: Manufacturer: syz [ 232.005271][ T24] usb 1-1: SerialNumber: syz [ 232.015476][ T24] usb 1-1: config 0 descriptor?? [ 232.039799][ T24] xbox_remote_probe: Unexpected endpoint_in [ 232.240451][ T8693] /dev/rnullb0: Can't open blockdev [ 232.246553][ T24] usb 1-1: USB disconnect, device number 45 [ 232.299721][ T1213] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 232.377791][ T5910] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 232.380759][ T8714] FAULT_INJECTION: forcing a failure. [ 232.380759][ T8714] name failslab, interval 1, probability 0, space 0, times 0 [ 232.399905][ T8714] CPU: 0 UID: 0 PID: 8714 Comm: syz.3.853 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 232.399930][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 232.399940][ T8714] Call Trace: [ 232.399948][ T8714] [ 232.399955][ T8714] dump_stack_lvl+0x189/0x250 [ 232.399982][ T8714] ? __pfx____ratelimit+0x10/0x10 [ 232.400005][ T8714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.400027][ T8714] ? __pfx__printk+0x10/0x10 [ 232.400054][ T8714] ? __pfx___might_resched+0x10/0x10 [ 232.400073][ T8714] ? fs_reclaim_acquire+0x7d/0x100 [ 232.400098][ T8714] should_fail_ex+0x414/0x560 [ 232.400125][ T8714] should_failslab+0xa8/0x100 [ 232.400145][ T8714] __kmalloc_noprof+0xcb/0x4f0 [ 232.400162][ T8714] ? kfree+0x4d/0x440 [ 232.400176][ T8714] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 232.400198][ T8714] tomoyo_realpath_from_path+0xe3/0x5d0 [ 232.400215][ T8714] ? tomoyo_domain+0xd9/0x130 [ 232.400234][ T8714] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 232.400253][ T8714] tomoyo_path_number_perm+0x1e8/0x5a0 [ 232.400273][ T8714] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 232.400307][ T8714] ? __lock_acquire+0xab9/0xd20 [ 232.400344][ T8714] ? __fget_files+0x2a/0x420 [ 232.400375][ T8714] ? __fget_files+0x2a/0x420 [ 232.400395][ T8714] ? __fget_files+0x3a0/0x420 [ 232.400413][ T8714] ? __fget_files+0x2a/0x420 [ 232.400437][ T8714] security_file_ioctl+0xcb/0x2d0 [ 232.400458][ T8714] __se_sys_ioctl+0x47/0x170 [ 232.400477][ T8714] do_syscall_64+0xfa/0x3b0 [ 232.400496][ T8714] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.400510][ T8714] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.400520][ T8714] ? clear_bhb_loop+0x60/0xb0 [ 232.400532][ T8714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.400541][ T8714] RIP: 0033:0x7ff83d98e9a9 [ 232.400551][ T8714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.400559][ T8714] RSP: 002b:00007ff83e89f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.400570][ T8714] RAX: ffffffffffffffda RBX: 00007ff83dbb5fa0 RCX: 00007ff83d98e9a9 [ 232.400577][ T8714] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 232.400584][ T8714] RBP: 00007ff83e89f090 R08: 0000000000000000 R09: 0000000000000000 [ 232.400590][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.400595][ T8714] R13: 0000000000000000 R14: 00007ff83dbb5fa0 R15: 00007ffca28d3e18 [ 232.400610][ T8714] [ 232.400615][ T8714] ERROR: Out of memory at tomoyo_realpath_from_path. [ 232.687809][ T1213] usb 2-1: Using ep0 maxpacket: 32 [ 232.696745][ T1213] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 232.706215][ T1213] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.717471][ T1213] usb 2-1: Product: syz [ 232.721903][ T5910] usb 3-1: device descriptor read/64, error -71 [ 232.728665][ T1213] usb 2-1: Manufacturer: syz [ 232.733351][ T1213] usb 2-1: SerialNumber: syz [ 232.743815][ T1213] usb 2-1: config 0 descriptor?? [ 232.758616][ T1213] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 232.942321][ T8727] loop2: detected capacity change from 0 to 7 [ 232.950625][ T8505] Dev loop2: unable to read RDB block 7 [ 232.961325][ T8505] loop2: unable to read partition table [ 232.967278][ T8505] loop2: partition table beyond EOD, truncated [ 232.975357][ T8727] Dev loop2: unable to read RDB block 7 [ 232.981129][ T5910] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 232.991841][ T8727] loop2: unable to read partition table [ 232.998650][ T8727] loop2: partition table beyond EOD, truncated [ 233.017945][ T8727] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 233.128401][ T5910] usb 3-1: device descriptor read/64, error -71 [ 233.146713][ T8732] /dev/rnullb0: Can't open blockdev [ 233.156314][ T1323] Bluetooth: hci4: Frame reassembly failed (-84) [ 233.263696][ T5910] usb usb3-port1: attempt power cycle [ 233.283461][ T8739] FAULT_INJECTION: forcing a failure. [ 233.283461][ T8739] name failslab, interval 1, probability 0, space 0, times 0 [ 233.296471][ T8739] CPU: 0 UID: 0 PID: 8739 Comm: syz.0.862 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 233.296492][ T8739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 233.296502][ T8739] Call Trace: [ 233.296509][ T8739] [ 233.296516][ T8739] dump_stack_lvl+0x189/0x250 [ 233.296540][ T8739] ? __pfx____ratelimit+0x10/0x10 [ 233.296562][ T8739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.296585][ T8739] ? __pfx__printk+0x10/0x10 [ 233.296611][ T8739] ? __pfx___might_resched+0x10/0x10 [ 233.296628][ T8739] ? fs_reclaim_acquire+0x7d/0x100 [ 233.296650][ T8739] should_fail_ex+0x414/0x560 [ 233.296675][ T8739] should_failslab+0xa8/0x100 [ 233.296695][ T8739] __kmalloc_noprof+0xcb/0x4f0 [ 233.296714][ T8739] ? tomoyo_encode+0x28b/0x550 [ 233.296731][ T8739] tomoyo_encode+0x28b/0x550 [ 233.296751][ T8739] tomoyo_realpath_from_path+0x58d/0x5d0 [ 233.296776][ T8739] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 233.296803][ T8739] tomoyo_path_number_perm+0x1e8/0x5a0 [ 233.296826][ T8739] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 233.296850][ T8739] ? __lock_acquire+0xab9/0xd20 [ 233.296872][ T8739] ? __fget_files+0x2a/0x420 [ 233.296888][ T8739] ? __fget_files+0x2a/0x420 [ 233.296901][ T8739] ? __fget_files+0x3a0/0x420 [ 233.296914][ T8739] ? __fget_files+0x2a/0x420 [ 233.296930][ T8739] security_file_ioctl+0xcb/0x2d0 [ 233.296944][ T8739] __se_sys_ioctl+0x47/0x170 [ 233.296960][ T8739] do_syscall_64+0xfa/0x3b0 [ 233.296980][ T8739] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.297001][ T8739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.297017][ T8739] ? clear_bhb_loop+0x60/0xb0 [ 233.297036][ T8739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.297051][ T8739] RIP: 0033:0x7fbb8198e9a9 [ 233.297067][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.297082][ T8739] RSP: 002b:00007fbb8273a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.297101][ T8739] RAX: ffffffffffffffda RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9a9 [ 233.297114][ T8739] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 233.297125][ T8739] RBP: 00007fbb8273a090 R08: 0000000000000000 R09: 0000000000000000 [ 233.297136][ T8739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.297147][ T8739] R13: 0000000000000000 R14: 00007fbb81bb5fa0 R15: 00007ffd5c9b4b88 [ 233.297175][ T8739] [ 233.297215][ T8739] ERROR: Out of memory at tomoyo_realpath_from_path. [ 233.580178][ T8742] /dev/rnullb0: Can't open blockdev [ 233.786218][ T8748] mmap: syz.0.866 (8748) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 233.799262][ T8748] /dev/rnullb0: Can't open blockdev [ 233.808016][ T5910] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 233.849842][ T5910] usb 3-1: device descriptor read/8, error -71 [ 234.107836][ T5910] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 234.138303][ T5910] usb 3-1: device descriptor read/8, error -71 [ 234.148828][ T24] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 234.187747][ T1213] gspca_ov534_9: reg_r err -32 [ 234.209070][ T65] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96 [ 234.249454][ T5910] usb usb3-port1: unable to enumerate USB device [ 234.302335][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 234.311714][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.319823][ T24] usb 1-1: Product: syz [ 234.324030][ T24] usb 1-1: Manufacturer: syz [ 234.328836][ T24] usb 1-1: SerialNumber: syz [ 234.340297][ T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 234.357289][ T43] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 234.457683][ T1213] gspca_ov534_9: Unknown sensor 0000 [ 234.457775][ T1213] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 234.476123][ T1213] usb 2-1: USB disconnect, device number 42 [ 234.771604][ T1213] usb 1-1: USB disconnect, device number 46 [ 234.844326][ T8757] loop2: detected capacity change from 0 to 7 [ 234.852640][ T8757] Dev loop2: unable to read RDB block 7 [ 234.860526][ T8757] loop2: unable to read partition table [ 234.866579][ T8757] loop2: partition table beyond EOD, truncated [ 234.872955][ T8757] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 234.945460][ T8759] FAULT_INJECTION: forcing a failure. [ 234.945460][ T8759] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.959993][ T8759] CPU: 0 UID: 0 PID: 8759 Comm: syz.1.871 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 234.960018][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.960029][ T8759] Call Trace: [ 234.960036][ T8759] [ 234.960042][ T8759] dump_stack_lvl+0x189/0x250 [ 234.960069][ T8759] ? __pfx____ratelimit+0x10/0x10 [ 234.960091][ T8759] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.960112][ T8759] ? __pfx__printk+0x10/0x10 [ 234.960134][ T8759] ? __might_fault+0xb0/0x130 [ 234.960180][ T8759] should_fail_ex+0x414/0x560 [ 234.960205][ T8759] _copy_from_user+0x2d/0xb0 [ 234.960223][ T8759] binder_ioctl_write_read+0x124/0xa040 [ 234.960259][ T8759] ? is_bpf_text_address+0x292/0x2b0 [ 234.960278][ T8759] ? is_bpf_text_address+0x26/0x2b0 [ 234.960300][ T8759] ? kernel_text_address+0xa5/0xe0 [ 234.960317][ T8759] ? __kernel_text_address+0xd/0x40 [ 234.960332][ T8759] ? unwind_get_return_address+0x4d/0x90 [ 234.960353][ T8759] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 234.960375][ T8759] ? arch_stack_walk+0xfc/0x150 [ 234.960407][ T8759] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 234.960427][ T8759] ? stack_trace_save+0x9c/0xe0 [ 234.960450][ T8759] ? stack_depot_save_flags+0x40/0x900 [ 234.960479][ T8759] ? kasan_save_track+0x4f/0x80 [ 234.960494][ T8759] ? kasan_save_track+0x3e/0x80 [ 234.960508][ T8759] ? kasan_save_free_info+0x46/0x50 [ 234.960527][ T8759] ? __kasan_slab_free+0x62/0x70 [ 234.960542][ T8759] ? kfree+0x18e/0x440 [ 234.960556][ T8759] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 234.960575][ T8759] ? security_file_ioctl+0xcb/0x2d0 [ 234.960593][ T8759] ? __se_sys_ioctl+0x47/0x170 [ 234.960609][ T8759] ? do_syscall_64+0xfa/0x3b0 [ 234.960629][ T8759] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.960656][ T8759] ? __lock_acquire+0xab9/0xd20 [ 234.960673][ T8759] ? binder_debug+0x13f/0x1b0 [ 234.960700][ T8759] ? __pfx_binder_debug+0x10/0x10 [ 234.960719][ T8759] ? do_raw_spin_lock+0x121/0x290 [ 234.960757][ T8759] ? _raw_spin_unlock+0x28/0x50 [ 234.960776][ T8759] ? binder_get_thread+0x178/0x6d0 [ 234.960802][ T8759] binder_ioctl+0x3e0/0x19c0 [ 234.960818][ T8759] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 234.960840][ T8759] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 234.960863][ T8759] ? do_vfs_ioctl+0xbe8/0x1430 [ 234.960881][ T8759] ? __pfx_binder_ioctl+0x10/0x10 [ 234.960897][ T8759] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 234.960929][ T8759] ? __lock_acquire+0xab9/0xd20 [ 234.960966][ T8759] ? __fget_files+0x2a/0x420 [ 234.960990][ T8759] ? __fget_files+0x2a/0x420 [ 234.961010][ T8759] ? __fget_files+0x3a0/0x420 [ 234.961030][ T8759] ? __fget_files+0x2a/0x420 [ 234.961054][ T8759] ? bpf_lsm_file_ioctl+0x9/0x20 [ 234.961071][ T8759] ? __pfx_binder_ioctl+0x10/0x10 [ 234.961087][ T8759] __se_sys_ioctl+0xf9/0x170 [ 234.961108][ T8759] do_syscall_64+0xfa/0x3b0 [ 234.961129][ T8759] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.961155][ T8759] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.961171][ T8759] ? clear_bhb_loop+0x60/0xb0 [ 234.961192][ T8759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.961208][ T8759] RIP: 0033:0x7f543b98e9a9 [ 234.961223][ T8759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.961238][ T8759] RSP: 002b:00007f54397f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 234.961256][ T8759] RAX: ffffffffffffffda RBX: 00007f543bbb5fa0 RCX: 00007f543b98e9a9 [ 234.961269][ T8759] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 234.961281][ T8759] RBP: 00007f54397f6090 R08: 0000000000000000 R09: 0000000000000000 [ 234.961291][ T8759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.961301][ T8759] R13: 0000000000000000 R14: 00007f543bbb5fa0 R15: 00007fff06d41ce8 [ 234.961328][ T8759] [ 234.961337][ T8759] binder: 8758:8759 ioctl c0306201 200000000140 returned -14 [ 235.169147][ T5853] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 235.174669][ T5167] Bluetooth: hci4: command 0x1003 tx timeout [ 235.441292][ T43] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 235.476293][ T43] ath9k_htc: Failed to initialize the device [ 235.505633][ T1213] usb 1-1: ath9k_htc: USB layer deinitialized [ 235.533192][ T8772] /dev/rnullb0: Can't open blockdev [ 235.677763][ T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 235.847930][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 235.854823][ T24] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 235.865542][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.878243][ T1213] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 235.889914][ T24] usb 3-1: config 0 descriptor?? [ 235.978508][ T5938] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 236.070896][ T1213] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 236.082153][ T1213] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 236.094234][ T1213] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 236.103680][ T1213] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 236.115195][ T1213] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 236.137776][ T1213] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 236.146952][ T1213] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 236.155179][ T5938] usb 4-1: Using ep0 maxpacket: 32 [ 236.160371][ T1213] usb 1-1: Product: syz [ 236.164542][ T1213] usb 1-1: Manufacturer: syz [ 236.172798][ T5938] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 236.185141][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.196624][ T1213] cdc_wdm 1-1:1.0: skipping garbage [ 236.203688][ T1213] cdc_wdm 1-1:1.0: skipping garbage [ 236.212063][ T5938] usb 4-1: Product: syz [ 236.216244][ T5938] usb 4-1: Manufacturer: syz [ 236.226180][ T1213] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 236.232391][ T5938] usb 4-1: SerialNumber: syz [ 236.239419][ T1213] cdc_wdm 1-1:1.0: Unknown control protocol [ 236.248887][ T5938] usb 4-1: config 0 descriptor?? [ 236.266793][ T5938] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 236.406226][ C0] cdc_wdm 1-1:1.0: unknown notification 112 received: index 29811 len 29793 [ 236.506313][ T24] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 236.520141][ T24] asix 3-1:0.0: probe with driver asix failed with error -32 [ 236.610399][ T1213] usb 1-1: USB disconnect, device number 47 [ 236.682580][ T8781] loop2: detected capacity change from 0 to 7 [ 236.691452][ T8522] Dev loop2: unable to read RDB block 7 [ 236.697036][ T8522] loop2: unable to read partition table [ 236.703609][ T8522] loop2: partition table beyond EOD, truncated [ 236.712918][ T8781] Dev loop2: unable to read RDB block 7 [ 236.718862][ T8781] loop2: unable to read partition table [ 236.724701][ T8781] loop2: partition table beyond EOD, truncated [ 236.731084][ T8781] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 236.790085][ T8783] FAULT_INJECTION: forcing a failure. [ 236.790085][ T8783] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.806149][ T8783] CPU: 1 UID: 0 PID: 8783 Comm: syz.1.881 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 236.806175][ T8783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 236.806184][ T8783] Call Trace: [ 236.806190][ T8783] [ 236.806196][ T8783] dump_stack_lvl+0x189/0x250 [ 236.806220][ T8783] ? __pfx____ratelimit+0x10/0x10 [ 236.806241][ T8783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.806260][ T8783] ? __pfx__printk+0x10/0x10 [ 236.806282][ T8783] ? __might_fault+0xb0/0x130 [ 236.806309][ T8783] should_fail_ex+0x414/0x560 [ 236.806335][ T8783] _copy_from_user+0x2d/0xb0 [ 236.806354][ T8783] binder_ioctl_write_read+0xa61/0xa040 [ 236.806394][ T8783] ? __kernel_text_address+0xd/0x40 [ 236.806413][ T8783] ? arch_stack_walk+0xfc/0x150 [ 236.806444][ T8783] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 236.806465][ T8783] ? stack_trace_save+0x9c/0xe0 [ 236.806489][ T8783] ? stack_depot_save_flags+0x40/0x900 [ 236.806516][ T8783] ? kasan_save_track+0x4f/0x80 [ 236.806530][ T8783] ? kasan_save_track+0x3e/0x80 [ 236.806543][ T8783] ? kasan_save_free_info+0x46/0x50 [ 236.806560][ T8783] ? __kasan_slab_free+0x62/0x70 [ 236.806574][ T8783] ? kfree+0x18e/0x440 [ 236.806588][ T8783] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 236.806607][ T8783] ? security_file_ioctl+0xcb/0x2d0 [ 236.806624][ T8783] ? __se_sys_ioctl+0x47/0x170 [ 236.806640][ T8783] ? do_syscall_64+0xfa/0x3b0 [ 236.806660][ T8783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.806695][ T8783] ? __pfx_binder_debug+0x10/0x10 [ 236.806719][ T8783] ? do_raw_spin_lock+0x121/0x290 [ 236.806755][ T8783] ? _raw_spin_unlock+0x28/0x50 [ 236.806774][ T8783] ? binder_get_thread+0x178/0x6d0 [ 236.806800][ T8783] binder_ioctl+0x3e0/0x19c0 [ 236.806816][ T8783] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 236.806835][ T8783] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 236.806856][ T8783] ? do_vfs_ioctl+0xbe8/0x1430 [ 236.806874][ T8783] ? __pfx_binder_ioctl+0x10/0x10 [ 236.806890][ T8783] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 236.806928][ T8783] ? __lock_acquire+0xab9/0xd20 [ 236.806964][ T8783] ? __fget_files+0x2a/0x420 [ 236.806989][ T8783] ? __fget_files+0x2a/0x420 [ 236.807008][ T8783] ? __fget_files+0x3a0/0x420 [ 236.807029][ T8783] ? __fget_files+0x2a/0x420 [ 236.807052][ T8783] ? bpf_lsm_file_ioctl+0x9/0x20 [ 236.807068][ T8783] ? __pfx_binder_ioctl+0x10/0x10 [ 236.807084][ T8783] __se_sys_ioctl+0xf9/0x170 [ 236.807105][ T8783] do_syscall_64+0xfa/0x3b0 [ 236.807125][ T8783] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.807145][ T8783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.807161][ T8783] ? clear_bhb_loop+0x60/0xb0 [ 236.807181][ T8783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.807197][ T8783] RIP: 0033:0x7f543b98e9a9 [ 236.807212][ T8783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.807226][ T8783] RSP: 002b:00007f54397f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.807245][ T8783] RAX: ffffffffffffffda RBX: 00007f543bbb5fa0 RCX: 00007f543b98e9a9 [ 236.807257][ T8783] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 236.807269][ T8783] RBP: 00007f54397f6090 R08: 0000000000000000 R09: 0000000000000000 [ 236.807279][ T8783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.807289][ T8783] R13: 0000000000000000 R14: 00007f543bbb5fa0 R15: 00007fff06d41ce8 [ 236.807316][ T8783] [ 236.807349][ T8783] binder: 8782:8783 ioctl c0306201 200000000140 returned -14 [ 237.294358][ T8792] binder: 8791:8792 ioctl 80089418 200000000100 returned -22 [ 237.306236][ T8792] binder: 8791:8792 ioctl 5000943f 200000000600 returned -22 [ 237.443060][ T8801] binder: 8800:8801 unknown command 0 [ 237.449045][ T8801] binder: 8800:8801 ioctl c0306201 200000000140 returned -22 [ 237.547643][ T24] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 237.566576][ T8805] loop2: detected capacity change from 0 to 7 [ 237.574131][ T8805] Dev loop2: unable to read RDB block 7 [ 237.580513][ T8805] loop2: unable to read partition table [ 237.586569][ T8805] loop2: partition table beyond EOD, truncated [ 237.593673][ T8805] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 237.677451][ T5938] gspca_ov534_9: reg_r err -32 [ 237.709468][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 237.733860][ T24] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 237.747667][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.761846][ T24] usb 1-1: config 0 descriptor?? [ 237.767557][ T8794] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 237.937750][ T5938] gspca_ov534_9: Unknown sensor 0000 [ 237.937910][ T5938] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 237.958030][ T5938] usb 4-1: USB disconnect, device number 41 [ 238.196211][ T24] elan 0003:04F3:0755.0006: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 238.245677][ T8817] FAULT_INJECTION: forcing a failure. [ 238.245677][ T8817] name failslab, interval 1, probability 0, space 0, times 0 [ 238.258841][ T8817] CPU: 1 UID: 0 PID: 8817 Comm: syz.3.892 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 238.258866][ T8817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.258877][ T8817] Call Trace: [ 238.258884][ T8817] [ 238.258891][ T8817] dump_stack_lvl+0x189/0x250 [ 238.258917][ T8817] ? __pfx____ratelimit+0x10/0x10 [ 238.258939][ T8817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.258959][ T8817] ? __pfx__printk+0x10/0x10 [ 238.258986][ T8817] ? __pfx___might_resched+0x10/0x10 [ 238.259005][ T8817] ? fs_reclaim_acquire+0x7d/0x100 [ 238.259030][ T8817] should_fail_ex+0x414/0x560 [ 238.259055][ T8817] should_failslab+0xa8/0x100 [ 238.259084][ T8817] __kmalloc_cache_noprof+0x70/0x3d0 [ 238.259101][ T8817] ? binder_transaction+0x1736/0x6470 [ 238.259122][ T8817] binder_transaction+0x1736/0x6470 [ 238.259138][ T8817] ? ima_match_policy+0x10b/0x2150 [ 238.259162][ T8817] ? register_lock_class+0x51/0x320 [ 238.259186][ T8817] ? __lock_acquire+0xab9/0xd20 [ 238.259222][ T8817] ? __lock_acquire+0xab9/0xd20 [ 238.259245][ T8817] ? __pfx_binder_transaction+0x10/0x10 [ 238.259268][ T8817] ? __lock_acquire+0xab9/0xd20 [ 238.259295][ T8817] ? __might_fault+0xb0/0x130 [ 238.259335][ T8817] binder_ioctl_write_read+0xd6a/0xa040 [ 238.259380][ T8817] ? __kernel_text_address+0xd/0x40 [ 238.259399][ T8817] ? arch_stack_walk+0xfc/0x150 [ 238.259432][ T8817] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 238.259453][ T8817] ? stack_trace_save+0x9c/0xe0 [ 238.259477][ T8817] ? stack_depot_save_flags+0x40/0x900 [ 238.259506][ T8817] ? kasan_save_track+0x4f/0x80 [ 238.259520][ T8817] ? kasan_save_track+0x3e/0x80 [ 238.259534][ T8817] ? kasan_save_free_info+0x46/0x50 [ 238.259553][ T8817] ? __kasan_slab_free+0x62/0x70 [ 238.259567][ T8817] ? kfree+0x18e/0x440 [ 238.259581][ T8817] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 238.259599][ T8817] ? security_file_ioctl+0xcb/0x2d0 [ 238.259617][ T8817] ? __se_sys_ioctl+0x47/0x170 [ 238.259634][ T8817] ? do_syscall_64+0xfa/0x3b0 [ 238.259653][ T8817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.259689][ T8817] ? __pfx_binder_debug+0x10/0x10 [ 238.259708][ T8817] ? do_raw_spin_lock+0x121/0x290 [ 238.259746][ T8817] ? _raw_spin_unlock+0x28/0x50 [ 238.259765][ T8817] ? binder_get_thread+0x178/0x6d0 [ 238.259792][ T8817] binder_ioctl+0x3e0/0x19c0 [ 238.259807][ T8817] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 238.259828][ T8817] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 238.259851][ T8817] ? do_vfs_ioctl+0xbe8/0x1430 [ 238.259869][ T8817] ? __pfx_binder_ioctl+0x10/0x10 [ 238.259885][ T8817] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 238.259917][ T8817] ? __lock_acquire+0xab9/0xd20 [ 238.259954][ T8817] ? __fget_files+0x2a/0x420 [ 238.259979][ T8817] ? __fget_files+0x2a/0x420 [ 238.259998][ T8817] ? __fget_files+0x3a0/0x420 [ 238.260018][ T8817] ? __fget_files+0x2a/0x420 [ 238.260043][ T8817] ? bpf_lsm_file_ioctl+0x9/0x20 [ 238.260059][ T8817] ? __pfx_binder_ioctl+0x10/0x10 [ 238.260080][ T8817] __se_sys_ioctl+0xf9/0x170 [ 238.260100][ T8817] do_syscall_64+0xfa/0x3b0 [ 238.260120][ T8817] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.260140][ T8817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.260156][ T8817] ? clear_bhb_loop+0x60/0xb0 [ 238.260176][ T8817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.260192][ T8817] RIP: 0033:0x7ff83d98e9a9 [ 238.260208][ T8817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.260222][ T8817] RSP: 002b:00007ff83e89f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.260241][ T8817] RAX: ffffffffffffffda RBX: 00007ff83dbb5fa0 RCX: 00007ff83d98e9a9 [ 238.260253][ T8817] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 238.260265][ T8817] RBP: 00007ff83e89f090 R08: 0000000000000000 R09: 0000000000000000 [ 238.260275][ T8817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.260285][ T8817] R13: 0000000000000000 R14: 00007ff83dbb5fa0 R15: 00007ffca28d3e18 [ 238.260312][ T8817] [ 238.657421][ C1] vkms_vblank_simulate: vblank timer overrun [ 238.744875][ T8821] mkiss: ax0: crc mode is auto. [ 238.754859][ T24] usb 1-1: USB disconnect, device number 48 [ 238.766987][ T43] usb 3-1: USB disconnect, device number 39 [ 238.793628][ T8822] omfs: Invalid superblock (0) [ 238.805450][ T8821] syzkaller1: entered promiscuous mode [ 238.811488][ T8821] syzkaller1: entered allmulticast mode [ 239.052546][ T8831] loop2: detected capacity change from 0 to 7 [ 239.063570][ T8831] Dev loop2: unable to read RDB block 7 [ 239.069809][ T8831] loop2: unable to read partition table [ 239.075756][ T8831] loop2: partition table beyond EOD, truncated [ 239.082364][ T8831] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 239.304386][ T8838] netlink: 'syz.0.900': attribute type 29 has an invalid length. [ 239.313843][ T8838] netlink: 'syz.0.900': attribute type 29 has an invalid length. [ 239.375839][ T8842] FAULT_INJECTION: forcing a failure. [ 239.375839][ T8842] name failslab, interval 1, probability 0, space 0, times 0 [ 239.388771][ T8842] CPU: 1 UID: 0 PID: 8842 Comm: syz.0.902 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 239.388787][ T8842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 239.388794][ T8842] Call Trace: [ 239.388798][ T8842] [ 239.388801][ T8842] dump_stack_lvl+0x189/0x250 [ 239.388820][ T8842] ? __pfx____ratelimit+0x10/0x10 [ 239.388835][ T8842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.388848][ T8842] ? __pfx__printk+0x10/0x10 [ 239.388865][ T8842] ? __pfx___might_resched+0x10/0x10 [ 239.388876][ T8842] ? fs_reclaim_acquire+0x7d/0x100 [ 239.388892][ T8842] should_fail_ex+0x414/0x560 [ 239.388908][ T8842] should_failslab+0xa8/0x100 [ 239.388920][ T8842] __kmalloc_cache_noprof+0x70/0x3d0 [ 239.388931][ T8842] ? binder_transaction+0x181e/0x6470 [ 239.388943][ T8842] binder_transaction+0x181e/0x6470 [ 239.388965][ T8842] ? ima_match_policy+0x10b/0x2150 [ 239.388979][ T8842] ? register_lock_class+0x51/0x320 [ 239.388993][ T8842] ? __lock_acquire+0xab9/0xd20 [ 239.389012][ T8842] ? __lock_acquire+0xab9/0xd20 [ 239.389025][ T8842] ? __pfx_binder_transaction+0x10/0x10 [ 239.389037][ T8842] ? __lock_acquire+0xab9/0xd20 [ 239.389052][ T8842] ? __might_fault+0xb0/0x130 [ 239.389074][ T8842] binder_ioctl_write_read+0xd6a/0xa040 [ 239.389099][ T8842] ? __kernel_text_address+0xd/0x40 [ 239.389110][ T8842] ? arch_stack_walk+0xfc/0x150 [ 239.389130][ T8842] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 239.389143][ T8842] ? stack_trace_save+0x9c/0xe0 [ 239.389159][ T8842] ? stack_depot_save_flags+0x40/0x900 [ 239.389175][ T8842] ? kasan_save_track+0x4f/0x80 [ 239.389183][ T8842] ? kasan_save_track+0x3e/0x80 [ 239.389191][ T8842] ? kasan_save_free_info+0x46/0x50 [ 239.389203][ T8842] ? __kasan_slab_free+0x62/0x70 [ 239.389211][ T8842] ? kfree+0x18e/0x440 [ 239.389219][ T8842] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 239.389231][ T8842] ? security_file_ioctl+0xcb/0x2d0 [ 239.389242][ T8842] ? __se_sys_ioctl+0x47/0x170 [ 239.389252][ T8842] ? do_syscall_64+0xfa/0x3b0 [ 239.389265][ T8842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.389284][ T8842] ? __pfx_binder_debug+0x10/0x10 [ 239.389297][ T8842] ? do_raw_spin_lock+0x121/0x290 [ 239.389319][ T8842] ? _raw_spin_unlock+0x28/0x50 [ 239.389335][ T8842] ? binder_get_thread+0x178/0x6d0 [ 239.389361][ T8842] binder_ioctl+0x3e0/0x19c0 [ 239.389376][ T8842] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 239.389396][ T8842] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 239.389420][ T8842] ? do_vfs_ioctl+0xbe8/0x1430 [ 239.389437][ T8842] ? __pfx_binder_ioctl+0x10/0x10 [ 239.389449][ T8842] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 239.389467][ T8842] ? __lock_acquire+0xab9/0xd20 [ 239.389487][ T8842] ? __fget_files+0x2a/0x420 [ 239.389503][ T8842] ? __fget_files+0x2a/0x420 [ 239.389516][ T8842] ? __fget_files+0x3a0/0x420 [ 239.389529][ T8842] ? __fget_files+0x2a/0x420 [ 239.389545][ T8842] ? bpf_lsm_file_ioctl+0x9/0x20 [ 239.389555][ T8842] ? __pfx_binder_ioctl+0x10/0x10 [ 239.389563][ T8842] __se_sys_ioctl+0xf9/0x170 [ 239.389576][ T8842] do_syscall_64+0xfa/0x3b0 [ 239.389589][ T8842] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.389602][ T8842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.389611][ T8842] ? clear_bhb_loop+0x60/0xb0 [ 239.389633][ T8842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.389642][ T8842] RIP: 0033:0x7fbb8198e9a9 [ 239.389652][ T8842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.389660][ T8842] RSP: 002b:00007fbb8273a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 239.389672][ T8842] RAX: ffffffffffffffda RBX: 00007fbb81bb5fa0 RCX: 00007fbb8198e9a9 [ 239.389679][ T8842] RDX: 0000200000000140 RSI: 00000000c0306201 RDI: 0000000000000003 [ 239.389685][ T8842] RBP: 00007fbb8273a090 R08: 0000000000000000 R09: 0000000000000000 [ 239.389691][ T8842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.389697][ T8842] R13: 0000000000000000 R14: 00007fbb81bb5fa0 R15: 00007ffd5c9b4b88 [ 239.389713][ T8842] [ 239.787515][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.826603][ T8828] orangefs_mount: mount request failed with -4 [ 239.895380][ T8847] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 239.957900][ T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 240.109807][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 240.121985][ T24] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 240.131950][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.140137][ T24] usb 3-1: Product: syz [ 240.144334][ T24] usb 3-1: Manufacturer: syz [ 240.149030][ T24] usb 3-1: SerialNumber: syz [ 240.156643][ T24] usb 3-1: config 0 descriptor?? [ 240.166801][ T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 240.174437][ T8859] loop2: detected capacity change from 0 to 7 [ 240.188903][ T8859] Dev loop2: unable to read RDB block 7 [ 240.197324][ T8859] loop2: unable to read partition table [ 240.207439][ T8859] loop2: partition table beyond EOD, truncated [ 240.214410][ T8859] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 240.275000][ T30] audit: type=1804 audit(1753360981.745:5): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.910" name="/newroot/240/file1" dev="fuse" ino=1 res=1 errno=0 [ 240.325757][ T30] audit: type=1800 audit(1753360981.745:6): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.910" name="/" dev="fuse" ino=1 res=0 errno=0 [ 240.489392][ T30] audit: type=1800 audit(1753360981.775:7): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.910" name="/" dev="fuse" ino=1 res=0 errno=0 [ 241.062637][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.192315][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.291039][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.338408][ T8890] cgroup: Invalid name [ 241.449786][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.593125][ T24] gspca_ov534_9: reg_r err -32 [ 241.789272][ T49] bridge_slave_1: left allmulticast mode [ 241.805244][ T49] bridge_slave_1: left promiscuous mode [ 241.821828][ T5167] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 241.831688][ T5167] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 241.840145][ T5167] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 241.850865][ T5167] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 241.857833][ T24] gspca_ov534_9: Unknown sensor 0000 [ 241.857947][ T24] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 241.862111][ T24] usb 3-1: USB disconnect, device number 40 [ 241.880439][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.908442][ T5167] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 241.973716][ T49] bridge_slave_0: left allmulticast mode [ 242.006022][ T49] bridge_slave_0: left promiscuous mode [ 242.026561][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.477840][ T24] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 242.647681][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 242.661108][ T24] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 242.677710][ T24] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32 [ 242.711377][ T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 242.731224][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.741233][ T24] usb 3-1: Product: ㍸饙暂獋縣욮矖龛秥ῌ캘䉰죨踠ᜒ梎ꌀ섀♄t꒚훅厜朦鸕ⵀ릛呃쑆휓뺩䃒ᣏ㞊䧻弖栐盓갖⬕蚴䙤숾쵛᜸䜁ҕ俢炨ꑤᙊ籵Ӥ洀퀢뮼 [ 242.777803][ T24] usb 3-1: Manufacturer: 鱁뗖熖ㆳ샨带䚌攬⬶኷켅휈ᲆ炪瀱喍ᘒ䨲ၹ䪗堙줾嚎ß徃 [ 242.790343][ T24] usb 3-1: SerialNumber: ы [ 242.936528][ T8947] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 242.946757][ T8947] UDF-fs: Scanning with blocksize 4096 failed [ 243.032378][ T8928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 243.045855][ T8928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.077974][ T8928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 243.094247][ T8928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.107877][ T43] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 243.126971][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.129997][ T24] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 243.145638][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.146167][ T24] cdc_ncm 3-1:1.0: bind() failure [ 243.161521][ T49] bond0 (unregistering): Released all slaves [ 243.170518][ T24] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 243.177471][ T24] cdc_ncm 3-1:1.1: bind() failure [ 243.197314][ T24] usb 3-1: USB disconnect, device number 41 [ 243.288159][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 243.303339][ T43] usb 4-1: config 0 has an invalid interface number: 127 but max is 0 [ 243.325658][ T43] usb 4-1: config 0 has no interface number 0 [ 243.360410][ T43] usb 4-1: config 0 interface 127 has no altsetting 0 [ 243.381891][ T8911] vxcan1 speed is unknown, defaulting to 1000 [ 243.393274][ T43] usb 4-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.0f [ 243.413582][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.414182][ T49] IPVS: stopping backup sync thread 6724 ... [ 243.426560][ T43] usb 4-1: Product: syz [ 243.439457][ T43] usb 4-1: Manufacturer: syz [ 243.449691][ T43] usb 4-1: SerialNumber: syz [ 243.466825][ T43] usb 4-1: config 0 descriptor?? [ 243.701002][ T8944] binder: BINDER_SET_CONTEXT_MGR already set [ 243.707052][ T8944] binder: 8943:8944 ioctl 4018620d 200000000040 returned -16 [ 243.724673][ T43] usb-storage 4-1:0.127: USB Mass Storage device detected [ 243.809569][ T43] usb-storage 4-1:0.127: Quirks match for vid 05ab pid 0060: 2 [ 243.961265][ T43] usb 4-1: USB disconnect, device number 42 [ 243.974137][ T5853] Bluetooth: hci0: command tx timeout [ 244.319863][ T5938] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 244.337774][ T24] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 244.414812][ T8978] /dev/rnullb0: Can't open blockdev [ 244.472943][ T49] hsr_slave_0: left promiscuous mode [ 244.479182][ T49] hsr_slave_1: left promiscuous mode [ 244.485196][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 244.493613][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 244.502906][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 244.512596][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 244.513647][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 244.520378][ T5938] usb 3-1: Using ep0 maxpacket: 32 [ 244.541192][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.551297][ T24] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 244.560542][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.571814][ T24] usb 2-1: config 0 descriptor?? [ 244.582620][ T49] veth1_macvtap: left promiscuous mode [ 244.588889][ T49] veth0_macvtap: left promiscuous mode [ 244.595013][ T49] veth1_vlan: left promiscuous mode [ 244.601356][ T49] veth0_vlan: left promiscuous mode [ 244.606747][ T5938] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 244.616093][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.624153][ T5938] usb 3-1: Product: syz [ 244.628547][ T5938] usb 3-1: Manufacturer: syz [ 244.633324][ T5938] usb 3-1: SerialNumber: syz [ 244.638326][ T5897] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 244.649776][ T5938] usb 3-1: config 0 descriptor?? [ 244.658846][ T5938] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 244.819085][ T5897] usb 4-1: Using ep0 maxpacket: 32 [ 244.826480][ T5897] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 244.836135][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.856519][ T5897] usb 4-1: config 0 descriptor?? [ 244.893312][ T5897] as10x_usb: device has been detected [ 244.911450][ T5897] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 244.949920][ T5897] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 244.997350][ T5897] as10x_usb: error during firmware upload part1 [ 245.006594][ T5897] Registered device nBox DVB-T Dongle [ 245.025573][ T24] aquacomputer_d5next 0003:0C70:F00B.0007: hidraw0: USB HID v0.00 Device [HID 0c70:f00b] on usb-dummy_hcd.1-1/input0 [ 245.093762][ T5897] usb 4-1: USB disconnect, device number 43 [ 245.152728][ T5897] Unregistered device nBox DVB-T Dongle [ 245.155335][ T5897] as10x_usb: device has been disconnected [ 245.420872][ T49] team0 (unregistering): Port device team_slave_1 removed [ 245.474481][ T49] team0 (unregistering): Port device team_slave_0 removed [ 245.729399][ T8983] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.049901][ T5853] Bluetooth: hci0: command tx timeout [ 246.093748][ T5938] gspca_ov534_9: reg_r err -32 [ 246.359718][ T24] usb 2-1: reset full-speed USB device number 43 using dummy_hcd [ 246.387766][ T5938] gspca_ov534_9: Unknown sensor 0000 [ 246.387864][ T5938] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 246.434615][ T5938] usb 3-1: USB disconnect, device number 42 [ 246.521782][ T8989] binder: BINDER_SET_CONTEXT_MGR already set [ 246.533728][ T8989] binder: 8988:8989 ioctl 4018620d 200000000040 returned -16 [ 246.751612][ T8995] /dev/rnullb0: Can't open blockdev [ 246.930126][ T8911] chnl_net:caif_netlink_parms(): no params data found [ 247.295880][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.307760][ T55] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 247.313864][ T8911] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.322662][ T8911] bridge_slave_0: entered allmulticast mode [ 247.330808][ T8911] bridge_slave_0: entered promiscuous mode [ 247.341289][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.350123][ T8911] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.357359][ T8911] bridge_slave_1: entered allmulticast mode [ 247.399267][ T8911] bridge_slave_1: entered promiscuous mode [ 247.467769][ T55] usb 3-1: device descriptor read/64, error -71 [ 247.520473][ T8911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.543440][ T8911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.632636][ T8911] team0: Port device team_slave_0 added [ 247.648646][ T8911] team0: Port device team_slave_1 added [ 247.720148][ T55] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 247.742560][ T8911] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.758252][ T8911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.817632][ T8911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.859640][ T8911] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.866612][ T8911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.897986][ T55] usb 3-1: device descriptor read/64, error -71 [ 247.932845][ T8911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.995328][ T43] usb 2-1: USB disconnect, device number 43 [ 248.009301][ T55] usb usb3-port1: attempt power cycle [ 248.073389][ T8911] hsr_slave_0: entered promiscuous mode [ 248.082182][ T8911] hsr_slave_1: entered promiscuous mode [ 248.128150][ T5853] Bluetooth: hci0: command tx timeout [ 248.167806][ T43] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 248.338832][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 248.347930][ T55] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 248.361582][ T43] usb 2-1: config 1 interface 0 altsetting 98 endpoint 0x81 has an invalid bInterval 85, changing to 10 [ 248.387890][ T43] usb 2-1: config 1 interface 0 altsetting 98 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 248.410173][ T55] usb 3-1: device descriptor read/8, error -71 [ 248.431100][ T43] usb 2-1: config 1 interface 0 has no altsetting 0 [ 248.444360][ T43] usb 2-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.40 [ 248.465333][ T8911] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 248.466323][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.490274][ T43] usb 2-1: Product: syz [ 248.494727][ T43] usb 2-1: Manufacturer: syz [ 248.494730][ T8911] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 248.502108][ T43] usb 2-1: SerialNumber: syz [ 248.525183][ T8911] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 248.543675][ T8911] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 248.647980][ T55] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 248.678691][ T55] usb 3-1: device descriptor read/8, error -71 [ 248.706803][ T8911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.721941][ T5938] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 248.724162][ T9015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.739745][ T9015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.767106][ T9015] binder_alloc: 9014: binder_alloc_buf, no vma [ 248.789334][ T43] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input16 [ 248.801236][ T55] usb usb3-port1: unable to enumerate USB device [ 248.816987][ T5202] bcm5974 2-1:1.0: could not read from device [ 248.832699][ T5202] bcm5974 2-1:1.0: could not read from device [ 248.834471][ T8911] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.854544][ T5202] bcm5974 2-1:1.0: could not read from device [ 248.860486][ T43] usb 2-1: USB disconnect, device number 44 [ 248.901300][ T5938] usb 4-1: Using ep0 maxpacket: 32 [ 248.916000][ T4082] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.923257][ T4082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.946583][ T5938] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 248.956026][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.971296][ T5938] usb 4-1: Product: syz [ 248.976359][ T5938] usb 4-1: Manufacturer: syz [ 248.984082][ T4082] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.991289][ T4082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.004175][ T5938] usb 4-1: SerialNumber: syz [ 249.016660][ T5938] usb 4-1: config 0 descriptor?? [ 249.030611][ T5938] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 249.363480][ T8911] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.399733][ T9071] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 249.956433][ T8911] veth0_vlan: entered promiscuous mode [ 250.002804][ T8911] veth1_vlan: entered promiscuous mode [ 250.102253][ T8911] veth0_macvtap: entered promiscuous mode [ 250.133191][ T8911] veth1_macvtap: entered promiscuous mode [ 250.157092][ T8911] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.177128][ T8911] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.207856][ T5853] Bluetooth: hci0: command tx timeout [ 250.242944][ T4415] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.267172][ T4415] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.276360][ T4415] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.286213][ T4415] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.397147][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.414063][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.457255][ T5938] gspca_ov534_9: reg_r err -32 [ 250.472514][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.485462][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.548047][ T55] usb 3-1: new full-speed USB device number 47 using dummy_hcd [ 250.651740][ T9102] loop2: detected capacity change from 0 to 7 [ 250.660006][ T9102] Dev loop2: unable to read RDB block 7 [ 250.665763][ T9102] loop2: unable to read partition table [ 250.680111][ T9102] loop2: partition table beyond EOD, truncated [ 250.696748][ T9102] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 250.731031][ T9106] overlay: filesystem on ./bus is read-only [ 250.738785][ T5938] gspca_ov534_9: Unknown sensor 0000 [ 250.738874][ T5938] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 250.742299][ T55] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 250.756860][ T5938] usb 4-1: USB disconnect, device number 44 [ 250.806269][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.841055][ T55] usb 3-1: Product: syz [ 250.850915][ T55] usb 3-1: Manufacturer: syz [ 250.855553][ T55] usb 3-1: SerialNumber: syz [ 250.902727][ T55] usb 3-1: config 0 descriptor?? [ 251.125766][ T9118] FAT-fs (rnullb0): bogus number of reserved sectors [ 251.128066][ T55] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 251.156330][ T9118] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 251.269233][ T9121] FAT-fs (rnullb0): bogus number of reserved sectors [ 251.276002][ T9121] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 251.338909][ T55] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 251.398885][ T5938] usb 2-1: new low-speed USB device number 45 using dummy_hcd [ 251.537720][ T5938] usb 2-1: device descriptor read/64, error -71 [ 251.575598][ T55] usb 3-1: USB disconnect, device number 47 [ 251.739144][ T9134] vxfs: WRONG superblock magic 00000000 at 1 [ 251.745196][ T9134] vxfs: WRONG superblock magic 00000000 at 8 [ 251.766676][ T9134] vxfs: can't find superblock. [ 251.819587][ T5938] usb 2-1: new low-speed USB device number 46 using dummy_hcd [ 251.968154][ T5938] usb 2-1: device descriptor read/64, error -71 [ 251.978620][ T9142] afs: Unknown parameter 'context' [ 252.098677][ T5938] usb usb2-port1: attempt power cycle [ 252.118369][ T9147] batadv_slave_0: entered promiscuous mode [ 252.162860][ T9148] loop2: detected capacity change from 0 to 7 [ 252.195066][ T9148] Dev loop2: unable to read RDB block 7 [ 252.230597][ T9148] loop2: unable to read partition table [ 252.235057][ T9151] MTD: Couldn't look up '/dev/sr0': -2 [ 252.255378][ T9148] loop2: partition table beyond EOD, truncated [ 252.288175][ T9148] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 252.467655][ T5938] usb 2-1: new low-speed USB device number 47 using dummy_hcd [ 252.510959][ T5938] usb 2-1: device descriptor read/8, error -71 [ 252.542584][ T9156] binder: BINDER_SET_CONTEXT_MGR already set [ 252.559058][ T9156] binder: 9153:9156 ioctl 4018620d 200000000040 returned -16 [ 252.777707][ T5938] usb 2-1: new low-speed USB device number 48 using dummy_hcd [ 252.796019][ T9146] batadv_slave_0: left promiscuous mode [ 252.809044][ T5938] usb 2-1: device descriptor read/8, error -71 [ 252.978262][ T5938] usb usb2-port1: unable to enumerate USB device [ 252.987815][ T55] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 253.064716][ T9177] netlink: 128 bytes leftover after parsing attributes in process `syz.2.975'. [ 253.075076][ T9177] netlink: 20 bytes leftover after parsing attributes in process `syz.2.975'. [ 253.167730][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 253.176656][ T55] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 253.178137][ T5910] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 253.337970][ T5910] usb 4-1: device descriptor read/64, error -71 [ 253.587707][ T5910] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 253.737855][ T5910] usb 4-1: device descriptor read/64, error -71 [ 253.868235][ T5910] usb usb4-port1: attempt power cycle [ 254.006852][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.070141][ T55] usb 5-1: Product: syz [ 254.074343][ T55] usb 5-1: Manufacturer: syz [ 254.079160][ T55] usb 5-1: SerialNumber: syz [ 254.086649][ T55] usb 5-1: config 0 descriptor?? [ 254.096606][ T55] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 254.190041][ T9197] netlink: 'syz.1.978': attribute type 21 has an invalid length. [ 254.198413][ T9197] netlink: 128 bytes leftover after parsing attributes in process `syz.1.978'. [ 254.219704][ T5910] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 254.259916][ T5910] usb 4-1: device descriptor read/8, error -71 [ 254.519593][ T5910] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 254.546966][ T9213] loop2: detected capacity change from 0 to 7 [ 254.561948][ T8505] Dev loop2: unable to read RDB block 7 [ 254.569700][ T5910] usb 4-1: device descriptor read/8, error -71 [ 254.575643][ T8505] loop2: unable to read partition table [ 254.583513][ T8505] loop2: partition table beyond EOD, truncated [ 254.603074][ T9213] Dev loop2: unable to read RDB block 7 [ 254.611261][ T9213] loop2: unable to read partition table [ 254.617337][ T9213] loop2: partition table beyond EOD, truncated [ 254.631510][ T9213] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 254.693087][ T5910] usb usb4-port1: unable to enumerate USB device [ 254.944413][ T9231] loop9: detected capacity change from 0 to 7 [ 254.956059][ T9231] Dev loop9: unable to read RDB block 7 [ 254.966466][ T9231] loop9: AHDI p1 p2 [ 254.971470][ T9231] loop9: partition table partially beyond EOD, truncated [ 254.983779][ T9231] loop9: p1 start 1835360114 is beyond EOD, truncated [ 255.131005][ T9236] loop4: detected capacity change from 0 to 2560 [ 255.162686][ T9236] buffer_io_error: 10 callbacks suppressed [ 255.162705][ T9236] Buffer I/O error on dev loop4, logical block 0, lost async page write [ 255.186997][ T9236] Buffer I/O error on dev loop4, logical block 1, lost async page write [ 255.196415][ T9236] Buffer I/O error on dev loop4, logical block 2, lost async page write [ 255.205616][ T9236] Buffer I/O error on dev loop4, logical block 3, lost async page write [ 255.215503][ T9236] Buffer I/O error on dev loop4, logical block 4, lost async page write [ 255.224116][ T9236] Buffer I/O error on dev loop4, logical block 5, lost async page write [ 255.232641][ T9236] Buffer I/O error on dev loop4, logical block 6, lost async page write [ 255.241133][ T9236] Buffer I/O error on dev loop4, logical block 7, lost async page write [ 255.249756][ T9236] Buffer I/O error on dev loop4, logical block 8, lost async page write [ 255.259958][ T9236] Buffer I/O error on dev loop4, logical block 9, lost async page write [ 255.274234][ T9240] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 255.284345][ T9240] UDF-fs: Scanning with blocksize 4096 failed [ 255.435690][ T9244] loop2: detected capacity change from 0 to 7 [ 255.443660][ T5910] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 255.450127][ T9244] Dev loop2: unable to read RDB block 7 [ 255.457081][ T9244] loop2: unable to read partition table [ 255.463464][ T9244] loop2: partition table beyond EOD, truncated [ 255.469866][ T9244] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 255.507062][ T55] gspca_ov534_9: reg_r err -32 [ 255.607789][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 255.614436][ T5910] usb 3-1: config 1 interface 0 has no altsetting 0 [ 255.623368][ T5910] usb 3-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice= 0.40 [ 255.632499][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.640602][ T5910] usb 3-1: Product: syz [ 255.644877][ T5910] usb 3-1: Manufacturer: syz [ 255.649633][ T5910] usb 3-1: SerialNumber: syz [ 255.769857][ T55] gspca_ov534_9: Unknown sensor 0000 [ 255.769932][ T55] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 255.786278][ T55] usb 5-1: USB disconnect, device number 2 [ 255.810762][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.817245][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.824337][ T1213] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 255.859039][ T9238] /dev/rnullb0: Can't open blockdev [ 255.867189][ T9249] /dev/rnullb0: Can't open blockdev [ 255.867415][ T9248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.881271][ T9248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.900815][ T5910] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input17 [ 255.911591][ T5202] bcm5974 3-1:1.0: could not read from device [ 255.920547][ T5202] bcm5974 3-1:1.0: could not read from device [ 255.928485][ T5202] bcm5974 3-1:1.0: could not read from device [ 255.945830][ T5202] bcm5974 3-1:1.0: could not read from device [ 255.952082][ T5910] usb 3-1: USB disconnect, device number 48 [ 255.989775][ T1213] usb 2-1: Using ep0 maxpacket: 8 [ 255.998451][ T1213] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 256.006734][ T1213] usb 2-1: config 179 has no interface number 0 [ 256.022779][ T1213] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 256.044503][ T1213] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 256.066469][ T1213] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 256.079454][ T1213] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 256.128463][ T1213] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 256.144318][ T1213] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 256.153895][ T1213] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.172018][ T9255] Bluetooth: MGMT ver 1.23 [ 256.177965][ T9246] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 256.371671][ T9260] netlink: 'syz.3.996': attribute type 2 has an invalid length. [ 256.447441][ T1213] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input18 [ 256.584259][ T9264] netlink: 40 bytes leftover after parsing attributes in process `syz.2.998'. [ 256.780610][ T9266] loop2: detected capacity change from 0 to 7 [ 256.788096][ T1213] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 256.800608][ T8971] Dev loop2: unable to read RDB block 7 [ 256.800932][ T55] usb 2-1: USB disconnect, device number 49 [ 256.806226][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 256.820673][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 256.829718][ C0] ================================================================== [ 256.837885][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290 [ 256.845725][ C0] Read of size 4 at addr ffff88801e78b85c by task udevd/8971 [ 256.853104][ C0] [ 256.855437][ C0] CPU: 0 UID: 0 PID: 8971 Comm: udevd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 256.855463][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.855475][ C0] Call Trace: [ 256.855483][ C0] [ 256.855492][ C0] dump_stack_lvl+0x189/0x250 [ 256.855522][ C0] ? __kasan_check_byte+0x12/0x40 [ 256.855545][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.855569][ C0] ? lock_release+0x4b/0x3e0 [ 256.855594][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 256.855622][ C0] print_report+0xca/0x240 [ 256.855641][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 256.855669][ C0] kasan_report+0x118/0x150 [ 256.855690][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 256.855718][ C0] do_raw_spin_lock+0x23d/0x290 [ 256.855746][ C0] ? __wake_up_common_lock+0x2f/0x1f0 [ 256.855763][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 256.855794][ C0] _raw_spin_lock_irqsave+0xb3/0xf0 [ 256.855818][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 256.855840][ C0] ? kcov_remote_stop+0x78/0x6d0 [ 256.855861][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 256.855882][ C0] __usb_hcd_giveback_urb+0x4d7/0x690 [ 256.855909][ C0] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 256.855937][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 256.855966][ C0] ? usb_hcd_giveback_urb+0x10e/0x420 [ 256.855992][ C0] dummy_timer+0x862/0x4550 [ 256.856017][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.856051][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 256.856089][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 256.856114][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 256.856138][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 256.856161][ C0] __hrtimer_run_queues+0x529/0xc60 [ 256.856193][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 256.856216][ C0] ? read_tsc+0x9/0x20 [ 256.856235][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 256.856261][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 256.856287][ C0] handle_softirqs+0x286/0x870 [ 256.856311][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 256.856335][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 256.856358][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 256.856384][ C0] __irq_exit_rcu+0xca/0x1f0 [ 256.856403][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 256.856429][ C0] irq_exit_rcu+0x9/0x30 [ 256.856449][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 256.856475][ C0] [ 256.856483][ C0] [ 256.856490][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 256.856511][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 256.856538][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 65 46 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 56 46 1f 00 eb 06 e8 4f 46 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 4a 96 82 00 48 8b 1b 48 8b 44 24 [ 256.856555][ C0] RSP: 0018:ffffc90019a3efa0 EFLAGS: 00000293 [ 256.856573][ C0] RAX: 1ffffffff1db9687 RBX: ffffffff8edcb438 RCX: ffff888032118000 [ 256.856588][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 256.856600][ C0] RBP: ffffc90019a3f0f0 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6 [ 256.856616][ C0] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: dffffc0000000000 [ 256.856631][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8edcb3e0 [ 256.856653][ C0] ? console_flush_all+0x13a/0xc40 [ 256.856680][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 256.856710][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 256.856731][ C0] console_unlock+0xc4/0x270 [ 256.856755][ C0] ? __pfx_console_unlock+0x10/0x10 [ 256.856780][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 256.856801][ C0] vprintk_emit+0x5b7/0x7a0 [ 256.856825][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 256.856853][ C0] ? folio_mark_accessed+0x42c/0x8b0 [ 256.856883][ C0] _printk+0xcf/0x120 [ 256.856909][ C0] ? __pfx__printk+0x10/0x10 [ 256.856935][ C0] ? read_part_sector+0xca/0x2b0 [ 256.856959][ C0] amiga_partition+0x1b18/0x1d50 [ 256.856984][ C0] ? read_part_sector+0x1ea/0x2b0 [ 256.857007][ C0] ? sun_partition+0x2a9/0xed0 [ 256.857033][ C0] ? osf_partition+0x31c/0xb20 [ 256.857058][ C0] ? __pfx_amiga_partition+0x10/0x10 [ 256.857080][ C0] ? sgi_partition+0x7c2/0x9a0 [ 256.857108][ C0] ? irqentry_exit+0x74/0x90 [ 256.857132][ C0] ? __pfx_sun_partition+0x10/0x10 [ 256.857156][ C0] ? __pfx_msdos_partition+0x10/0x10 [ 256.857189][ C0] bdev_disk_changed+0x75f/0x14b0 [ 256.857220][ C0] ? __pfx_bdev_disk_changed+0x10/0x10 [ 256.857241][ C0] ? wait_on_inode+0xc0/0x230 [ 256.857260][ C0] blkdev_get_whole+0x380/0x510 [ 256.857284][ C0] ? disk_block_events+0xab/0x120 [ 256.857301][ C0] bdev_open+0x31e/0xd30 [ 256.857327][ C0] blkdev_open+0x3a8/0x510 [ 256.857355][ C0] ? __pfx_blkdev_open+0x10/0x10 [ 256.857388][ C0] do_dentry_open+0x950/0x13f0 [ 256.857412][ C0] vfs_open+0x3b/0x340 [ 256.857427][ C0] ? path_openat+0x2ecd/0x3830 [ 256.857450][ C0] path_openat+0x2ee5/0x3830 [ 256.857470][ C0] ? arch_stack_walk+0xfc/0x150 [ 256.857505][ C0] ? __pfx_path_openat+0x10/0x10 [ 256.857524][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.857547][ C0] do_filp_open+0x1fa/0x410 [ 256.857564][ C0] ? __lock_acquire+0xab9/0xd20 [ 256.857584][ C0] ? __pfx_do_filp_open+0x10/0x10 [ 256.857610][ C0] ? _raw_spin_unlock+0x28/0x50 [ 256.857632][ C0] ? alloc_fd+0x64c/0x6c0 [ 256.857658][ C0] do_sys_openat2+0x121/0x1c0 [ 256.857674][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 256.857694][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 256.857716][ C0] __x64_sys_openat+0x138/0x170 [ 256.857737][ C0] do_syscall_64+0xfa/0x3b0 [ 256.857761][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.857778][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 256.857796][ C0] ? clear_bhb_loop+0x60/0xb0 [ 256.857817][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.857835][ C0] RIP: 0033:0x7f48028a7407 [ 256.857852][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 256.857869][ C0] RSP: 002b:00007ffd83e95e90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 256.857888][ C0] RAX: ffffffffffffffda RBX: 00007f4802f96880 RCX: 00007f48028a7407 [ 256.857903][ C0] RDX: 00000000000a0800 RSI: 0000556434077540 RDI: ffffffffffffff9c [ 256.857918][ C0] RBP: 0000556434060910 R08: 0000000000000000 R09: 0000000000000000 [ 256.857930][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556434082080 [ 256.857943][ C0] R13: 0000556434078430 R14: 0000000000000000 R15: 0000556434082080 [ 256.857964][ C0] [ 256.857971][ C0] [ 257.492578][ C0] Allocated by task 1213: [ 257.496999][ C0] kasan_save_track+0x3e/0x80 [ 257.501684][ C0] __kasan_kmalloc+0x93/0xb0 [ 257.506260][ C0] __kmalloc_cache_noprof+0x230/0x3d0 [ 257.511630][ C0] xpad_probe+0x428/0x1fc0 [ 257.516043][ C0] usb_probe_interface+0x668/0xc30 [ 257.521161][ C0] really_probe+0x26d/0x9e0 [ 257.525738][ C0] __driver_probe_device+0x18c/0x2f0 [ 257.531020][ C0] driver_probe_device+0x4f/0x430 [ 257.536117][ C0] __device_attach_driver+0x2ce/0x530 [ 257.541476][ C0] bus_for_each_drv+0x24e/0x2e0 [ 257.546315][ C0] __device_attach+0x2b8/0x400 [ 257.551062][ C0] bus_probe_device+0x185/0x260 [ 257.555910][ C0] device_add+0x7b6/0xb50 [ 257.560229][ C0] usb_set_configuration+0x1a87/0x20e0 [ 257.565719][ C0] usb_generic_driver_probe+0x8d/0x150 [ 257.571178][ C0] usb_probe_device+0x1c1/0x390 [ 257.576012][ C0] really_probe+0x26d/0x9e0 [ 257.580497][ C0] __driver_probe_device+0x18c/0x2f0 [ 257.585765][ C0] driver_probe_device+0x4f/0x430 [ 257.590860][ C0] __device_attach_driver+0x2ce/0x530 [ 257.596302][ C0] bus_for_each_drv+0x24e/0x2e0 [ 257.601156][ C0] __device_attach+0x2b8/0x400 [ 257.605925][ C0] bus_probe_device+0x185/0x260 [ 257.610783][ C0] device_add+0x7b6/0xb50 [ 257.615102][ C0] usb_new_device+0xa39/0x16f0 [ 257.619856][ C0] hub_event+0x2958/0x4a20 [ 257.624261][ C0] process_scheduled_works+0xade/0x17b0 [ 257.629796][ C0] worker_thread+0x8a0/0xda0 [ 257.634375][ C0] kthread+0x70e/0x8a0 [ 257.638468][ C0] ret_from_fork+0x3f9/0x770 [ 257.643100][ C0] ret_from_fork_asm+0x1a/0x30 [ 257.647856][ C0] [ 257.650164][ C0] Freed by task 55: [ 257.653963][ C0] kasan_save_track+0x3e/0x80 [ 257.658623][ C0] kasan_save_free_info+0x46/0x50 [ 257.663748][ C0] __kasan_slab_free+0x62/0x70 [ 257.668512][ C0] kfree+0x18e/0x440 [ 257.672392][ C0] xpad_disconnect+0x350/0x480 [ 257.677139][ C0] usb_unbind_interface+0x26b/0x910 [ 257.682323][ C0] device_release_driver_internal+0x4d6/0x800 [ 257.688377][ C0] bus_remove_device+0x34d/0x410 [ 257.693324][ C0] device_del+0x511/0x8e0 [ 257.697633][ C0] usb_disable_device+0x3e9/0x8a0 [ 257.702643][ C0] usb_disconnect+0x330/0x950 [ 257.707303][ C0] hub_event+0x1cf5/0x4a20 [ 257.711704][ C0] process_scheduled_works+0xade/0x17b0 [ 257.717233][ C0] worker_thread+0x8a0/0xda0 [ 257.721806][ C0] kthread+0x70e/0x8a0 [ 257.725864][ C0] ret_from_fork+0x3f9/0x770 [ 257.730516][ C0] ret_from_fork_asm+0x1a/0x30 [ 257.735263][ C0] [ 257.737589][ C0] Last potentially related work creation: [ 257.743378][ C0] kasan_save_stack+0x3e/0x60 [ 257.748039][ C0] kasan_record_aux_stack+0xbd/0xd0 [ 257.753401][ C0] insert_work+0x3d/0x330 [ 257.757800][ C0] __queue_work+0xcd2/0xfb0 [ 257.762288][ C0] queue_work_on+0x181/0x270 [ 257.766856][ C0] xpad_irq_in+0xb57/0x2590 [ 257.771341][ C0] __usb_hcd_giveback_urb+0x41a/0x690 [ 257.776790][ C0] dummy_timer+0x862/0x4550 [ 257.781278][ C0] __hrtimer_run_queues+0x529/0xc60 [ 257.786464][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 257.791560][ C0] handle_softirqs+0x286/0x870 [ 257.796394][ C0] __irq_exit_rcu+0xca/0x1f0 [ 257.800988][ C0] irq_exit_rcu+0x9/0x30 [ 257.805221][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 257.810843][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 257.816804][ C0] [ 257.819110][ C0] Second to last potentially related work creation: [ 257.825673][ C0] kasan_save_stack+0x3e/0x60 [ 257.830417][ C0] kasan_record_aux_stack+0xbd/0xd0 [ 257.835658][ C0] insert_work+0x3d/0x330 [ 257.839971][ C0] __queue_work+0xcd2/0xfb0 [ 257.844468][ C0] queue_work_on+0x181/0x270 [ 257.849052][ C0] xpad_irq_in+0xb57/0x2590 [ 257.853575][ C0] __usb_hcd_giveback_urb+0x41a/0x690 [ 257.858934][ C0] dummy_timer+0x862/0x4550 [ 257.863444][ C0] __hrtimer_run_queues+0x529/0xc60 [ 257.868627][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 257.873762][ C0] handle_softirqs+0x286/0x870 [ 257.878509][ C0] __irq_exit_rcu+0xca/0x1f0 [ 257.883082][ C0] irq_exit_rcu+0x9/0x30 [ 257.887305][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 257.892925][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 257.898890][ C0] [ 257.901194][ C0] The buggy address belongs to the object at ffff88801e78b800 [ 257.901194][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 257.915247][ C0] The buggy address is located 92 bytes inside of [ 257.915247][ C0] freed 1024-byte region [ffff88801e78b800, ffff88801e78bc00) [ 257.929040][ C0] [ 257.931347][ C0] The buggy address belongs to the physical page: [ 257.937836][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e788 [ 257.946578][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 257.955057][ C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 257.963020][ C0] page_type: f5(slab) [ 257.966988][ C0] raw: 00fff00000000040 ffff88801a841dc0 0000000000000000 dead000000000001 [ 257.975567][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 257.984151][ C0] head: 00fff00000000040 ffff88801a841dc0 0000000000000000 dead000000000001 [ 257.992953][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 258.001611][ C0] head: 00fff00000000003 ffffea000079e201 00000000ffffffff 00000000ffffffff [ 258.010269][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 258.018916][ C0] page dumped because: kasan: bad access detected [ 258.025409][ C0] page_owner tracks the page as allocated [ 258.031104][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4415, tgid 4415 (kworker/u8:8), ts 81430087465, free_ts 81404093739 [ 258.050468][ C0] post_alloc_hook+0x240/0x2a0 [ 258.055236][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 258.060786][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 258.066581][ C0] alloc_pages_mpol+0x232/0x4a0 [ 258.071418][ C0] allocate_slab+0x8a/0x370 [ 258.075921][ C0] ___slab_alloc+0xbeb/0x1410 [ 258.080585][ C0] __kmalloc_noprof+0x305/0x4f0 [ 258.085464][ C0] ___neigh_create+0x6d5/0x2260 [ 258.090387][ C0] ip6_finish_output2+0xb4d/0x16a0 [ 258.095482][ C0] ndisc_send_skb+0xb54/0x1440 [ 258.100332][ C0] ndisc_send_ns+0xcb/0x150 [ 258.104821][ C0] addrconf_dad_work+0xaae/0x14b0 [ 258.109843][ C0] process_scheduled_works+0xade/0x17b0 [ 258.115373][ C0] worker_thread+0x8a0/0xda0 [ 258.119947][ C0] kthread+0x70e/0x8a0 [ 258.124001][ C0] ret_from_fork+0x3f9/0x770 [ 258.128573][ C0] page last free pid 5843 tgid 5843 stack trace: [ 258.134879][ C0] __free_frozen_pages+0xbc4/0xd30 [ 258.140067][ C0] __put_partials+0x156/0x1a0 [ 258.144732][ C0] put_cpu_partial+0x17c/0x250 [ 258.149480][ C0] __slab_free+0x2d5/0x3c0 [ 258.153944][ C0] qlist_free_all+0x97/0x140 [ 258.158541][ C0] kasan_quarantine_reduce+0x148/0x160 [ 258.164157][ C0] __kasan_slab_alloc+0x22/0x80 [ 258.169079][ C0] __kmalloc_node_track_caller_noprof+0x216/0x4e0 [ 258.175478][ C0] kvasprintf+0xdc/0x190 [ 258.179710][ C0] kasprintf+0xd4/0x120 [ 258.183875][ C0] ieee80211_alloc_led_names+0x1de/0x2b0 [ 258.189496][ C0] ieee80211_alloc_hw_nm+0x18ca/0x1f20 [ 258.194967][ C0] mac80211_hwsim_new_radio+0x1ee/0x5340 [ 258.200601][ C0] hwsim_new_radio_nl+0xea4/0x1b10 [ 258.205700][ C0] genl_family_rcv_msg_doit+0x212/0x300 [ 258.211246][ C0] genl_rcv_msg+0x60e/0x790 [ 258.215733][ C0] [ 258.218133][ C0] Memory state around the buggy address: [ 258.224044][ C0] ffff88801e78b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 258.232260][ C0] ffff88801e78b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 258.240301][ C0] >ffff88801e78b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 258.248689][ C0] ^ [ 258.255694][ C0] ffff88801e78b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 258.263754][ C0] ffff88801e78b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 258.271903][ C0] ================================================================== [ 258.279989][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 258.287255][ C0] CPU: 0 UID: 0 PID: 8971 Comm: udevd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 258.298519][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 258.308562][ C0] Call Trace: [ 258.311828][ C0] [ 258.314658][ C0] dump_stack_lvl+0x99/0x250 [ 258.319507][ C0] ? __asan_memcpy+0x40/0x70 [ 258.324355][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.329574][ C0] ? __pfx__printk+0x10/0x10 [ 258.334246][ C0] vpanic+0x281/0x750 [ 258.338214][ C0] ? __pfx_print_hex_dump+0x10/0x10 [ 258.343488][ C0] ? __pfx_vpanic+0x10/0x10 [ 258.347981][ C0] panic+0xb9/0xc0 [ 258.351692][ C0] ? __pfx_panic+0x10/0x10 [ 258.356099][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 258.361993][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 258.367027][ C0] check_panic_on_warn+0x89/0xb0 [ 258.371951][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 258.377005][ C0] end_report+0x78/0x160 [ 258.381236][ C0] kasan_report+0x129/0x150 [ 258.385728][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 258.390743][ C0] do_raw_spin_lock+0x23d/0x290 [ 258.395672][ C0] ? __wake_up_common_lock+0x2f/0x1f0 [ 258.401039][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 258.406402][ C0] _raw_spin_lock_irqsave+0xb3/0xf0 [ 258.411601][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 258.417655][ C0] ? kcov_remote_stop+0x78/0x6d0 [ 258.422579][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 258.427767][ C0] __usb_hcd_giveback_urb+0x4d7/0x690 [ 258.433140][ C0] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 258.438938][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 258.444828][ C0] ? usb_hcd_giveback_urb+0x10e/0x420 [ 258.450190][ C0] dummy_timer+0x862/0x4550 [ 258.454689][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 258.461019][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 258.466412][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 258.471349][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 258.476362][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 258.481285][ C0] __hrtimer_run_queues+0x529/0xc60 [ 258.486486][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 258.492367][ C0] ? read_tsc+0x9/0x20 [ 258.496421][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 258.502216][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 258.507325][ C0] handle_softirqs+0x286/0x870 [ 258.512079][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 258.516930][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 258.522202][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 258.527559][ C0] __irq_exit_rcu+0xca/0x1f0 [ 258.532144][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 258.537449][ C0] irq_exit_rcu+0x9/0x30 [ 258.541677][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 258.547942][ C0] [ 258.550898][ C0] [ 258.553835][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 258.559814][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40 [ 258.565566][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 65 46 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 56 46 1f 00 eb 06 e8 4f 46 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 4a 96 82 00 48 8b 1b 48 8b 44 24 [ 258.585422][ C0] RSP: 0018:ffffc90019a3efa0 EFLAGS: 00000293 [ 258.591483][ C0] RAX: 1ffffffff1db9687 RBX: ffffffff8edcb438 RCX: ffff888032118000 [ 258.599441][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 258.607437][ C0] RBP: ffffc90019a3f0f0 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6 [ 258.615411][ C0] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: dffffc0000000000 [ 258.623377][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8edcb3e0 [ 258.631364][ C0] ? console_flush_all+0x13a/0xc40 [ 258.636487][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 258.641939][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 258.647470][ C0] console_unlock+0xc4/0x270 [ 258.652062][ C0] ? __pfx_console_unlock+0x10/0x10 [ 258.657273][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 258.662805][ C0] vprintk_emit+0x5b7/0x7a0 [ 258.667329][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 258.672347][ C0] ? folio_mark_accessed+0x42c/0x8b0 [ 258.677715][ C0] _printk+0xcf/0x120 [ 258.681693][ C0] ? __pfx__printk+0x10/0x10 [ 258.686273][ C0] ? read_part_sector+0xca/0x2b0 [ 258.691209][ C0] amiga_partition+0x1b18/0x1d50 [ 258.696163][ C0] ? read_part_sector+0x1ea/0x2b0 [ 258.701193][ C0] ? sun_partition+0x2a9/0xed0 [ 258.705958][ C0] ? osf_partition+0x31c/0xb20 [ 258.710717][ C0] ? __pfx_amiga_partition+0x10/0x10 [ 258.716068][ C0] ? sgi_partition+0x7c2/0x9a0 [ 258.720858][ C0] ? irqentry_exit+0x74/0x90 [ 258.725443][ C0] ? __pfx_sun_partition+0x10/0x10 [ 258.730542][ C0] ? __pfx_msdos_partition+0x10/0x10 [ 258.735820][ C0] bdev_disk_changed+0x75f/0x14b0 [ 258.740838][ C0] ? __pfx_bdev_disk_changed+0x10/0x10 [ 258.746283][ C0] ? wait_on_inode+0xc0/0x230 [ 258.750951][ C0] blkdev_get_whole+0x380/0x510 [ 258.755796][ C0] ? disk_block_events+0xab/0x120 [ 258.760818][ C0] bdev_open+0x31e/0xd30 [ 258.765241][ C0] blkdev_open+0x3a8/0x510 [ 258.769654][ C0] ? __pfx_blkdev_open+0x10/0x10 [ 258.774769][ C0] do_dentry_open+0x950/0x13f0 [ 258.779541][ C0] vfs_open+0x3b/0x340 [ 258.783609][ C0] ? path_openat+0x2ecd/0x3830 [ 258.788382][ C0] path_openat+0x2ee5/0x3830 [ 258.792962][ C0] ? arch_stack_walk+0xfc/0x150 [ 258.797816][ C0] ? __pfx_path_openat+0x10/0x10 [ 258.802744][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.808807][ C0] do_filp_open+0x1fa/0x410 [ 258.813320][ C0] ? __lock_acquire+0xab9/0xd20 [ 258.818159][ C0] ? __pfx_do_filp_open+0x10/0x10 [ 258.823176][ C0] ? _raw_spin_unlock+0x28/0x50 [ 258.828016][ C0] ? alloc_fd+0x64c/0x6c0 [ 258.832347][ C0] do_sys_openat2+0x121/0x1c0 [ 258.837012][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 258.842287][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 258.847647][ C0] __x64_sys_openat+0x138/0x170 [ 258.852482][ C0] do_syscall_64+0xfa/0x3b0 [ 258.856977][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.863026][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 258.869168][ C0] ? clear_bhb_loop+0x60/0xb0 [ 258.873847][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.879749][ C0] RIP: 0033:0x7f48028a7407 [ 258.884209][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 258.903823][ C0] RSP: 002b:00007ffd83e95e90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 258.912254][ C0] RAX: ffffffffffffffda RBX: 00007f4802f96880 RCX: 00007f48028a7407 [ 258.920217][ C0] RDX: 00000000000a0800 RSI: 0000556434077540 RDI: ffffffffffffff9c [ 258.928176][ C0] RBP: 0000556434060910 R08: 0000000000000000 R09: 0000000000000000 [ 258.936136][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556434082080 [ 258.944094][ C0] R13: 0000556434078430 R14: 0000000000000000 R15: 0000556434082080 [ 258.952062][ C0] [ 258.955348][ C0] Kernel Offset: disabled [ 258.959685][ C0] Rebooting in 86400 seconds..