last executing test programs: 8.127264972s ago: executing program 1 (id=210): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0xff04, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x4008054) write$nci(r2, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) r6 = socket(0x1e, 0x4, 0x0) write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="5001", @ANYRES8=r3, @ANYRES16=r6], 0x14) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f00000002c0)=0x8) r8 = syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582020002"], 0x0) syz_usb_control_io$uac1(r8, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000ae00090400"], 0x0) syz_usb_control_io$hid(r8, 0x0, &(0x7f0000001c00)={0x2c, &(0x7f0000001a00)={0x20, 0xf, 0x4, "624c9637"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r8, 0x0, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000340)=[@acquire_done], 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r8, &(0x7f0000001580)={0x14, &(0x7f00000013c0)={0x20, 0x5, 0x2, {0x2, 0x5}}, &(0x7f00000014c0)={0x0, 0x3, 0x2, @string={0x2}}}, &(0x7f0000001800)={0x44, &(0x7f00000015c0)={0xf47109fa39a027d9, 0x9, 0x4, "6d13d1cb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x0, 0x41d, &(0x7f0000000dc0)={{0x12, 0x1, 0x201, 0x8f, 0xf, 0xf9, 0x40, 0x4d8, 0x82, 0x3dff, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40b, 0x3, 0x3, 0x9, 0x80, 0x2, "", [{{0x9, 0x4, 0x11, 0x10, 0xf, 0x18, 0xdd, 0xb6, 0x5, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "59cafb8b"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xb1f1, 0x58a}}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "e18a"}, {0x5, 0x24, 0x0, 0xaeed}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x80, 0x3, 0x7}, [@acm={0x4, 0x24, 0x2, 0xa}, @network_terminal={0x7, 0x24, 0xa, 0x9, 0x5, 0x2, 0x2}, @mbim_extended={0x8, 0x24, 0x1c, 0x4, 0x6, 0x7fff}]}], [{{0x9, 0x5, 0xb, 0x4, 0x30, 0xad, 0x9, 0x8}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x4, 0x0, 0x80, [@generic={0xbf, 0xa, "8e1975586c7ccf3a89b89105518bdfaaf59b8dceceeb0f69d2738b2de3cfcea6c9f82ab3af3fc1a1a7280071dd41921c084c5237d91fb7ef495c89ca340caad10860ac884b686c8c3172270f3fb711ced99365ea10be3763d954d6ea3668416434dfcba17502dfc9f35f4d6ffc09aa0cb94abd42c32ab9c26ef27385e062a01bc074c5f4df95a31fc6d29af7e21510a0153d9a0bb266df3f43d499780f46828b1c5e54566dc48efc597eb347187fe81b0037b138ccb075dc39f901df15"}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0xc8, 0x1}]}}, {{0x9, 0x5, 0xb, 0x10, 0x8, 0x9, 0x7, 0x9}}, {{0x9, 0x5, 0x4, 0xc, 0x40, 0x2, 0x6, 0x6}}, {{0x9, 0x5, 0xd, 0x0, 0x200, 0x3, 0xd, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xfa, 0x7}]}}, {{0x9, 0x5, 0x2, 0x10, 0x208, 0x7, 0x89, 0x81}}, {{0x9, 0x5, 0x6, 0x0, 0x40, 0xfc, 0x7, 0x9}}, {{0x9, 0x5, 0xe, 0x4, 0x8, 0x8, 0x1, 0x2, [@generic={0xff, 0x30, "ab68030f7c30a21f998551f74ebb608c0922297072ea7dc9575767b2fb211fe0e04dc22d41bcd423db3c9bd370eecbe3dd59c0fc7e0e7ae918f208b74c1176962ad265849d15461d0837174ff375be62e440402b2088bf52d772d296647bbe5ec7f27752c99e586f42caf27c1d90000bf40c5d6cd65187e2d3fbf60bef024e97621cd703af88501aaa39d4093cd34c00aceff2ccb07b004eab05057b828dc4a9837b8d371e3dd2d3b3e0b13faa435f21fd71983de2c8445d3ec321e2a1e486c1d4e86d9536ef0dfa2a6b34780d36843419d5a59402296937f708d107aa57f8ca37038ec098f7cea555efc79ef295c562b2521a3b2b0656946df860ceb5"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x3ff, 0xff, 0x2, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x8, 0x7}]}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x2, 0x0, 0x2}}, {{0x9, 0x5, 0x1a, 0x0, 0x200, 0x7, 0xd7, 0xf}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x9, 0xfb, 0x8}}, {{0x9, 0x5, 0xd, 0x10, 0x8, 0x1b, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x91, 0xff00}]}}, {{0x9, 0x5, 0xd, 0xc, 0x20, 0x0, 0x6, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x7de}]}}, {{0x9, 0x5, 0xf, 0x3, 0x400, 0x8, 0x4, 0x8}}]}}, {{0x9, 0x4, 0x11, 0xca, 0x7, 0xfb, 0xab, 0xe8, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0x3, 0x17}, [@feature_unit={0xd, 0x24, 0x6, 0x3, 0x6, 0x3, [0x1, 0x5, 0x2], 0x8}]}], [{{0x9, 0x5, 0xd, 0x2, 0x400, 0x8, 0x2, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xfb, 0x30}]}}, {{0x9, 0x5, 0x4, 0x3, 0x40, 0x5, 0x35, 0x8}}, {{0x9, 0x5, 0x9, 0x0, 0x200, 0x8, 0x2, 0x8}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x0, 0x3ff}]}}, {{0x9, 0x5, 0x5, 0xc, 0x8, 0xf1, 0xb}}, {{0x9, 0x5, 0xa, 0xc, 0x400, 0xd2, 0x1, 0xb4, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5, 0x1}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x7, 0x7}]}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0x5, 0xff, 0xe}}]}}, {{0x9, 0x4, 0x5e, 0xc, 0x0, 0x60, 0x88, 0x58, 0x4, [@generic={0xc6, 0x22, "4a9fefd4e54c0fa42de819136d24c6e3a8f2079f1cff1300400bbf4e490331c1358f0820f1184257d671fc437956558c4295fb8ea0f36f86986459a7b52224736a99f04f90b7cbeb3d2dda276016e8ccf0f959b8040c3a9c79a71d172035157b0847318fa8ff19dd4795ab6d337f76a92927023b5e4661afc7c6ae323a33053f9c4146139b77ff2d19657ac65678f396dd96fd3a90cce8387222472280f62b074c18c6f15e82683ca7cbb0ec5f26f12fd47f8e4bbf9c8fb24c50648d8797d6be9e4d2458"}]}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x8, 0x3, 0x8, 0x20, 0x4}, 0xd1, &(0x7f0000000100)={0x5, 0xf, 0xd1, 0x2, [@ptm_cap={0x3}, @generic={0xc9, 0x10, 0x3, "298d5ddd2ca4b88092ee857ad6a6eb82cd3ca24b9e0994e7d347936c981268ea2ee7af2a03c7a0635eb4095138e5bf26a9bcadbae3458006ec0147cfe1d1bf0c4590b85958cd0fe96299e5eb036e975affbdb1d169b19081648763770c239de3d7e27768a6f57d2c15af1ffebdd1f2231246398cb0a2af8b41c71f00838297767d6744d08f3e1b77f4d2bb074328bb5ca3b52ced8cd7e56d988cdc3833158bc2355acb90c5bf7d4ed5ba16877fd4ee8791dc295e29719bf4fc185d23858c07d4871ab48092e5"}]}, 0x9, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x804}}, {0x94, &(0x7f0000000580)=@string={0x94, 0x3, "e281ffe28e1369d0adcd82baa0c23acdea6bdc78c5fe06a0bf2960f6fe4797d97b8a960b57c269717eaa6f407cbbfde7c46d2a0a22792cbcd31cada2ba491140d6b0fdcdd990cfeb936809e24a7d72a5cecb7ea57b326ac3948f59ff43524b8d274b26fb3957b3c752cd2fffa1418cf0ae58242226c0603e716664a74142d925ffc81f10c92c75bbf91d36a25d6b404bcd56"}}, {0xe3, &(0x7f0000000640)=@string={0xe3, 0x3, "884d471fff2a3c00d6f578a9b2b4cc7618e1e1344cda13152a899162219ff304971dab43197d261771d6cb69f397c32c17f62f71dc190aed5b81182bb9b20dcdaf75a8292c6e44c7429568096ddc946f0bcf928fc6067e2f91f607a6bf1c09287b8e064dac8f4333ce7c63475894f421501a18314d670d0d8ed30f9a655d5469e1c344ab19b7db5207b523ddfec0e77efccbc77578bcf0a61942b83262bc43228f63ad7fefcec87b9a7676ba7a6faf00c39292bafbc612f0f8d0e6a915ab90a1cfed41d26dddf6668414cfa3ad06048bc8f1d034367ea12fbe050f83bf49d5b0f2"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x436}}, {0xca, &(0x7f00000007c0)=@string={0xca, 0x3, "75a9e3cb62725b626f716bd036032c6cd7915c1afb35d0c321242ba7e2966b5f92399eeb82f4e65988e95923b001f84049151380806a19c6f47284cfc2e56dd6e3278cf44c67fe7d0325c2b6d0ca2f9978ddfa5c1203f99e093718c89f2cebc9bb3b1694312781cbc61045263faa3b5d879af1448e0a8c6382ea18c5681da6a9554a5dd0477b1188e4220daa779f0ba163d089c7dd575d41ecaa0bc2397b5fe780d2f6e1451af65937dbec351e977be25b4c96a195834b9b64ff4ecdcf776b29ce56b85b7fb3e83a"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x100c}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x4800}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x21c}}, {0x81, &(0x7f0000000980)=@string={0x81, 0x3, "18c350eff04869ab0ca44af251c6337e167aab489b1bda81b2472e9ddde7da9876f0ce73fa188ceed5a09e7e20fe1db883aca6e700fa46686148ae643eb20d9f97d076ad1511dbc5a36180114ee69ddb34e74afb28f379a1c8dbd34d99196735fe747e1b0a90fda388ca65b2cba5bf45ffe8b699e93f63a553b55630399bfc"}}]}) 5.845287289s ago: executing program 1 (id=223): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000240)={&(0x7f0000000040)=[{0x5, 0x1a00, 0x0, 0x0}, {0x800, 0x2000, 0x0, 0x0}, {0x7, 0x8800, 0x47, &(0x7f0000000100)="0f2404b34941c23a0d162a5e7ce17f0878e0d805daa2376feebe3b2f578c142267ae6eaaf70b20affd69e959bbf7635c73a8a3fb4b1a56fa155d3639f063eb42a4d9346b4594c2"}], 0x3}) 4.174461548s ago: executing program 0 (id=228): pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 4.091895214s ago: executing program 0 (id=229): sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000940)=ANY=[], 0x120) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1) readv(r3, &(0x7f0000000ac0)=[{0x0}, {&(0x7f0000000640)=""/221, 0xdd}], 0x2) (fail_nth: 1) close_range(r2, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) 4.008588684s ago: executing program 0 (id=230): sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000940)=ANY=[], 0x120) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1) readv(r3, &(0x7f0000000ac0)=[{0x0}, {&(0x7f0000000640)=""/221, 0xdd}], 0x2) close_range(r2, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) 3.959578889s ago: executing program 0 (id=231): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0xfefffffa, 0x80) syz_open_procfs(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) 2.669117968s ago: executing program 1 (id=235): r0 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180), &(0x7f00000001c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4613, &(0x7f0000000640)={0x0, 0xd17f, 0x20, 0x2, 0x37d, 0x0, r0}, &(0x7f0000000dc0), &(0x7f0000000280)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000004c0)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "7c80690ea8c8123e", "f92dafad9e3b473a1eaac151fe41ea97", "ee367a98", "74aff2072572aca8"}, 0x28) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000300)="fb55", 0x2}], 0x1) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0xf3a, 0x0) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0xb0, 0x453, 0x20, 0x70bd2d, 0x25dfdbff, "c2641b0a30a5fda5082e6ebdb52abd83617419053c6a7de9645ef3ac4dd25a90183d158206ca5cc908a5575b6896961234bd1c7c36d534d8f162adda68a4fc4bb3ca546736d045db62a0c063732309466b7a0da008208e69d0e7825535e1208d175f0e5593839b7b593cb9f00827a7373b5cf91442047b11fe0071b5bad467aa356d23779ad6387ce07a88b42f4bf70b8956c49d146659d22e913b4b4888", ["", "", ""]}, 0xb0}, 0x1, 0x0, 0x0, 0x4400c000}, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2d, &(0x7f0000000000)={0xf8e2, {{0xa, 0x4e20, 0x4, @remote, 0x3}}, {{0xa, 0x4e21, 0x81, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2c}}, 0xfffffff6}}}, 0x108) 2.62982043s ago: executing program 0 (id=236): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) (fail_nth: 1) 2.519451919s ago: executing program 1 (id=237): timer_create(0x5, &(0x7f0000001700)={0x0, 0x1, 0x1, @thr={&(0x7f0000001600)="ad9b", 0x0}}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x1a2c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x0, 0x14a1ff, 0x0, 0x0, 0x1a, 0x1c, "3384020bbe82b398000000000000000000001d0ec0c1b4e9b1c4369d03740100ceaac594b3d6d741dd17c1c50d38ef2a565ef1e80000000058966500", "a9103939c787a16c1ca4f837026d1a8554feac911e1cd130e04d528539f3d3289737f0374c72a964a02447a75df8a6ca7f040000000000000072fd29f35239d2", "24431a1e77a68e174f00", [0x9, 0x400]}}) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000000080)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda6617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df00", 0x1000}}, 0x1006) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r3, 0x0, 0xfe33) ioctl$KDSKBMETA(r2, 0x4b63, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000001540)={0x0, 0xfffffffffffffffd, 0xcc, 0x4, @scatter={0x7, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000040)=""/93, 0x5d}, {&(0x7f00000000c0)=""/5, 0x5}, {&(0x7f0000000100)=""/64, 0x40}, {&(0x7f0000000200)=""/121, 0x79}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/47, 0x2f}]}, &(0x7f0000001340)="c5441ff963eae5466afce30c35d8dfe70950ab60609c0142562a665149e1c7313ec9cf5c205cd1e908e2429a8af54257ebea91d1a4180b1b766a5146d872abcaea3690e400f751295ac1ba58ae7d5f88f51c639fd0bbe3bf60133ec0fca3898fcc8e650b09d7c160ce7dc1a52489440480490080edd4951ae0551b7d4e17158aa78dbb4c7c3a6695761c47731136d64ca20ac7d466483a1e2094834eac3d2f4f085eec1892db1d51f5483613c22aca7f40e1c348541fa811905bbf4524183d5c521cf99c8168c17b26310ea3", &(0x7f0000001440)=""/159, 0x43a, 0x25, 0x2, &(0x7f0000001500)}) 2.216941906s ago: executing program 0 (id=240): bind$alg(0xffffffffffffffff, 0x0, 0x0) timer_create(0x1, 0x0, 0x0) gettid() r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220800000046ce5c15c1f1fb"], 0x0}, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x890}, 0x40048c4) syz_emit_vhci(&(0x7f0000000500)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, "1701731af1ddcb72bf204235505b0c85", 0x8}}}, 0x1a) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3) socket$inet_mptcp(0x2, 0x1, 0x106) 2.10240307s ago: executing program 1 (id=242): syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) setreuid(0x0, 0xee00) setrlimit(0x40000000000008, &(0x7f00000002c0)={0x4, 0x9}) r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_LOCK(r0, 0xb) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r1, @ANYBLOB=',rootmode=0', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) read$FUSE(r1, 0x0, 0x0) write$FUSE_INIT(r1, 0x0, 0x0) ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8) r2 = syz_open_dev$media(0x0, 0xc0, 0xc641) ioctl$MEDIA_IOC_G_TOPOLOGY(r2, 0xc0487c04, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{r7, r8+10000000}, {0x0, 0x3938700}}, 0x0) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r9, 0x541c, &(0x7f0000000040)) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000080)) r10 = socket$can_j1939(0x1d, 0x2, 0x7) close(r10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffffffffbffff) 2.015907699s ago: executing program 1 (id=243): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000240)={&(0x7f0000000040)=[{0x5, 0x1a00, 0x0, 0x0}, {0x800, 0x2000, 0x0, 0x0}, {0x7, 0x8800, 0x47, &(0x7f0000000100)="0f2404b34941c23a0d162a5e7ce17f0878e0d805daa2376feebe3b2f578c142267ae6eaaf70b20affd69e959bbf7635c73a8a3fb4b1a56fa155d3639f063eb42a4d9346b4594c2"}], 0x3}) 1.311203435s ago: executing program 3 (id=246): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x7a, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0x7f03) (fail_nth: 1) 1.019523277s ago: executing program 3 (id=247): r0 = syz_open_procfs(0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 1.006419509s ago: executing program 3 (id=248): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'wg1\x00', &(0x7f0000000300)=@ethtool_cmd={0x17, 0x6, 0x6, 0x907, 0x7, 0x40, 0x8, 0x3, 0x42, 0x8c, 0x2d8a52ea, 0x2000000, 0x5, 0x56, 0x7f, 0x6eace88a, [0x4, 0xa2]}}) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990041000000600000000800a0147c030000080026009a03000008009f000b"], 0x40}}, 0x0) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3fb, 0x20, 0x70bd25, 0x25dfdbff, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4040}, 0x400c001) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20010, 0xffffffffffffffff, 0xffffffffffffd000) mount(0x0, 0x0, 0x0, 0x805800, &(0x7f0000000140)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x03@\xf7\x97D(\xc0\xcd\x1a%.\xd6\x9d\x1a\xba7\xd9r \xa4\x1b&\xa2\xc9\f\xb8\x1b\xefO\bI\xf2a\xf0K\xc3\xc1*\xe3Nk\x13O\xde*\x8d7\x10\xdcX\x82\xf9\xf3\b\xa8\x86\x9f\xf4:\xe4\x91\x8c\xda?\xa1\xc7\xec\xe13\xbd?\x82\xc9\xcc\xed\"\xca\x0eu\x11u\x04\xc8\xf7\nO\xb8\x13\xa1\xdf\xdd#\xc7\n\x94\xc9S;\x85>\x9b\xb3X\xb1\x88\xed\xcdu\xc1YY\'$\xb9\x8b\xd3\'\x81\x16\xd8\xeb\xf4]\x01\x19\xd3\x14s\xc1\xdd#v\xbfq+\x00\x00\x00\x00\x00\x00') sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000520f668d000000000000627bb02100000a6c000000060a0104000000000000000002000000400004803c0001800a0001006d617463680000002c00028014000300f4f03b0200000000001108116b61979e090001006c3274700000000008000240000000000900010073797a30000000000900020073797a32000000001400000000000000000a00"/148], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 657.667225ms ago: executing program 3 (id=249): r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x10802) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000300)=@filter={'filter\x00', 0xe, 0x1, 0x176, [0x0, 0x200000000180, 0x200000000296, 0x2000000002c6], 0x0, &(0x7f0000000040), &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0x1, 0x1, [{0x3, 0x6c, 0x6004, 'xfrm0\x00', 'wlan0\x00', 'rose0\x00', 'veth0_vlan\x00', @empty, [0xff], @broadcast, [0xff, 0xff, 0xff, 0xff], 0x6e, 0xb6, 0xe6, [], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0xe, 0xf0, {0x9}}}}], @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x1}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}]}, 0x1ee) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0xfffffffc, 0x5, 0x22, 0x401, 0x1, 0x0, 0x10001, 0x1000008, 0x7, 0x3ff, 0x802, 0x3ff, 0x9, 0x2, 0x9, 0xe1cb, 0x3ff, 0x4, 0x3, 0x392, 0x80000088, 0xfffffefe, 0xa, 0xfffffff5, 0x2, 0x3, 0x0, 0x0, 0x4, 0x101, 0xdffffffa]}) ioctl$COMEDI_SETRSUBD(r1, 0x6410) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x10802) (async) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000300)=@filter={'filter\x00', 0xe, 0x1, 0x176, [0x0, 0x200000000180, 0x200000000296, 0x2000000002c6], 0x0, &(0x7f0000000040), &(0x7f0000000180)=[{0x0, '\x00', 0x0, 0x1, 0x1, [{0x3, 0x6c, 0x6004, 'xfrm0\x00', 'wlan0\x00', 'rose0\x00', 'veth0_vlan\x00', @empty, [0xff], @broadcast, [0xff, 0xff, 0xff, 0xff], 0x6e, 0xb6, 0xe6, [], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0xe, 0xf0, {0x9}}}}], @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x1}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}]}, 0x1ee) (async) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) (async) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) (async) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0xfffffffc, 0x5, 0x22, 0x401, 0x1, 0x0, 0x10001, 0x1000008, 0x7, 0x3ff, 0x802, 0x3ff, 0x9, 0x2, 0x9, 0xe1cb, 0x3ff, 0x4, 0x3, 0x392, 0x80000088, 0xfffffefe, 0xa, 0xfffffff5, 0x2, 0x3, 0x0, 0x0, 0x4, 0x101, 0xdffffffa]}) (async) ioctl$COMEDI_SETRSUBD(r1, 0x6410) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) 556.300483ms ago: executing program 3 (id=250): syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010003000000ff1c1b1f1c4000010203010902240001010800fe09040000020301025f09210800060122cb0f09058103ff03"], 0x0) r0 = syz_usb_connect(0x4, 0x4a, &(0x7f0000000200)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502", @ANYBLOB="8d83150fddc3dfe22f47e287906c9f6291a5be2606481f26bfb2b4caaf4a1e40595f5262b1c8767ed2c5796880b2b2e43305d8ac01ee93e97e0886462ccb609abe7e75ea9179a6d157047bbd2cc552ac887df8e33e005c6cf464dbe8133d14d95db936638030ffb351865ab39150127549bd1957c282e5f7aecfe2b00f2237f73a64333532267144611eab275e600f41975da02bd53792d3c046af536a4996c69f80ffffffffffffff4461e2f0197e042b5eaf932e0ddcddb1829c581e367e9d9fd86ed6daf3c34390dd34eb595cb8f04c409399afc4246f453541d277a0f0ac4d5af5533e48df4687", @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES8], 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000400)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000cc0)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23", 0x64) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000200)=ANY=[]) 395.937186ms ago: executing program 2 (id=252): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='illinois', 0x8) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7db", 0xc5}], 0x1}}], 0x2, 0x2090) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 351.906514ms ago: executing program 2 (id=253): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)='ecryptfs\x00', 0x0, 0x0) (rerun: 32) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) (async, rerun: 64) r0 = socket(0x40000000015, 0x5, 0x0) (rerun: 64) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x1d, &(0x7f0000000000)=0xfffffffffffffffe, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1) (async, rerun: 32) r2 = socket(0x10, 0x3, 0x0) (rerun: 32) write(r2, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) syz_io_uring_setup(0x7cc2, &(0x7f0000000040)={0x0, 0x4808, 0x20000, 0x2, 0x149, 0x0, r1}, &(0x7f00000000c0), &(0x7f00000001c0)) 223.560424ms ago: executing program 2 (id=254): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='wchan\x00') pread64(r0, 0x0, 0x0, 0x41e) 223.236683ms ago: executing program 2 (id=255): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(r0, &(0x7f0000001000/0x3000)=nil, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) msync(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000f80)=@newsa={0x10c, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x400, 0x0, 0x0, 0x80, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x94e, 0x7}, {0x40000, 0x1, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @replay_thresh={0x8, 0xb, 0xa6d0}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4c000}, 0x4000084) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000011c0)='ipvlan0\x00', 0x10) connect$phonet_pipe(r1, 0x0, 0x0) ioctl$SIOCPNENABLEPIPE(r1, 0x89ed, 0x0) shmat(r0, &(0x7f0000ffd000/0x2000)=nil, 0x0) 83.909091ms ago: executing program 2 (id=256): r0 = syz_open_procfs(0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 57.657306ms ago: executing program 3 (id=257): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x7000001, 0x40010, r0, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x3, 0x1, 0x0, 0x0, 0x0, 0x7fffffff}) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000ffa000/0x2000)=nil, 0x2000}, 0x1}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_debug_messages', 0x101, 0x0) write$FUSE_DIRENT(r2, 0x0, 0x200001d0) chroot(&(0x7f0000000000)='./cgroup\x00') ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1}) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=258): r0 = socket(0x3, 0xa, 0x401) sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008200800000000000000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) r1 = syz_usb_connect(0x2, 0x36, &(0x7f0000000700)=ANY=[@ANYRES16=0x0, @ANYRES64=r0, @ANYRESOCT=r0], 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000240)=@add_del={0x2, &(0x7f00000006c0)='veth1_to_team\x00'}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@textreal={0x8, &(0x7f0000000280)="0fc75d000f01cb45ba430066ed66b9750b00000f3266b8000000800f23c00f21f8663502000a000f23f82e0f01caba420066b80000008066ef640f090f05", 0x3e}], 0x1, 0x4, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$unlink(0x9, r6, 0xfffffffffffffffe) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_SET_PIT2(r8, 0x4070aea0, &(0x7f0000000140)={[{0xffffffff, 0x0, 0x6, 0x3, 0x40, 0x2, 0x42, 0x9, 0x5, 0xbd, 0x2, 0x5, 0x9}, {0x1, 0x9, 0x7, 0x1, 0x8, 0x4, 0x49, 0x7f, 0x2, 0x1, 0x9, 0xf, 0x20000000006}, {0x2, 0x5, 0x5, 0x0, 0x2, 0x9, 0x8, 0x40, 0x5, 0x1, 0x2, 0x3}], 0x4}) write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="00008917d18004"], 0xb2) r9 = socket$inet6(0xa, 0x2, 0x6) bind$inet6(r9, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r9, &(0x7f00000005c0)={0xa, 0x40, 0x7, @mcast2, 0x2}, 0x1c) personality(0xbe4e602dc9e6c1d3) uname(&(0x7f0000000040)=""/138) r10 = socket$netlink(0x10, 0x3, 0x8000000004) r11 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) pidfd_send_signal(r11, 0x0, &(0x7f00000000c0)={0x0, 0xb57, 0x2}, 0x0) writev(r10, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) syz_usb_control_io$hid(r1, &(0x7f00000014c0)={0x24, 0x0, &(0x7f0000001400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0be}}, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 79.815999][ T6045] Call Trace: [ 79.816006][ T6045] [ 79.816013][ T6045] dump_stack_lvl+0xe8/0x150 [ 79.816043][ T6045] should_fail_ex+0x412/0x560 [ 79.816075][ T6045] should_failslab+0xa8/0x100 [ 79.816096][ T6045] __kmalloc_noprof+0xe8/0x760 [ 79.816122][ T6045] ? tomoyo_encode+0x28b/0x550 [ 79.816153][ T6045] tomoyo_encode+0x28b/0x550 [ 79.816183][ T6045] tomoyo_realpath_from_path+0x58d/0x5d0 [ 79.816218][ T6045] ? tomoyo_path_number_perm+0x219/0x630 [ 79.816240][ T6045] tomoyo_path_number_perm+0x246/0x630 [ 79.816265][ T6045] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 79.816289][ T6045] ? __lock_acquire+0x6b5/0x2cf0 [ 79.816325][ T6045] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 79.816369][ T6045] ? __fget_files+0x2a/0x420 [ 79.816394][ T6045] ? __fget_files+0x2a/0x420 [ 79.816415][ T6045] ? __fget_files+0x3a0/0x420 [ 79.816436][ T6045] ? __fget_files+0x2a/0x420 [ 79.816463][ T6045] security_file_ioctl+0xc3/0x2a0 [ 79.816485][ T6045] __se_sys_ioctl+0x47/0x170 [ 79.816506][ T6045] do_syscall_64+0x14d/0xf80 [ 79.816521][ T6045] ? trace_irq_disable+0x3b/0x150 [ 79.816541][ T6045] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.816558][ T6045] ? clear_bhb_loop+0x40/0x90 [ 79.816579][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.816597][ T6045] RIP: 0033:0x7fb0f479c799 [ 79.816613][ T6045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 79.816627][ T6045] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.816645][ T6045] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 79.816658][ T6045] RDX: 0000200000000140 RSI: 0000000000008913 RDI: 0000000000000004 [ 79.816669][ T6045] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 79.816680][ T6045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.816690][ T6045] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 79.816718][ T6045] [ 79.816736][ T6045] ERROR: Out of memory at tomoyo_realpath_from_path. [ 80.172006][ T6057] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.209383][ T5951] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 80.310683][ T6062] FAULT_INJECTION: forcing a failure. [ 80.310683][ T6062] name failslab, interval 1, probability 0, space 0, times 0 [ 80.323592][ T6062] CPU: 0 UID: 0 PID: 6062 Comm: syz.3.47 Not tainted syzkaller #0 PREEMPT(full) [ 80.323614][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 80.323624][ T6062] Call Trace: [ 80.323630][ T6062] [ 80.323635][ T6062] dump_stack_lvl+0xe8/0x150 [ 80.323653][ T6062] should_fail_ex+0x412/0x560 [ 80.323667][ T6062] should_failslab+0xa8/0x100 [ 80.323678][ T6062] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 80.323693][ T6062] ? __alloc_skb+0x186/0x7d0 [ 80.323707][ T6062] ? __alloc_skb+0x1d0/0x7d0 [ 80.323719][ T6062] ? __local_bh_enable_ip+0xd0/0x130 [ 80.323736][ T6062] __alloc_skb+0x1d0/0x7d0 [ 80.323752][ T6062] netlink_sendmsg+0x5d4/0xb40 [ 80.323771][ T6062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 80.323785][ T6062] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 80.323804][ T6062] ? __pfx_netlink_sendmsg+0x10/0x10 [ 80.323817][ T6062] sock_sendmsg_nosec+0x112/0x150 [ 80.323830][ T6062] ____sys_sendmsg+0x589/0x8c0 [ 80.323845][ T6062] ? __pfx_____sys_sendmsg+0x10/0x10 [ 80.323859][ T6062] ? import_iovec+0x73/0xa0 [ 80.323872][ T6062] ___sys_sendmsg+0x2a5/0x360 [ 80.323885][ T6062] ? __pfx____sys_sendmsg+0x10/0x10 [ 80.323930][ T6062] ? __fget_files+0x2a/0x420 [ 80.323951][ T6062] ? __fget_files+0x3a0/0x420 [ 80.323978][ T6062] __x64_sys_sendmsg+0x1bd/0x2a0 [ 80.323990][ T6062] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 80.324004][ T6062] ? __pfx_ksys_write+0x10/0x10 [ 80.324019][ T6062] do_syscall_64+0x14d/0xf80 [ 80.324027][ T6062] ? trace_irq_disable+0x3b/0x150 [ 80.324038][ T6062] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.324048][ T6062] ? clear_bhb_loop+0x40/0x90 [ 80.324059][ T6062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.324069][ T6062] RIP: 0033:0x7f9ff1f9c799 [ 80.324079][ T6062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 80.324087][ T6062] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.324098][ T6062] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 80.324104][ T6062] RDX: 0000000004000840 RSI: 0000200000000240 RDI: 0000000000000003 [ 80.324111][ T6062] RBP: 00007f9ff2d77090 R08: 0000000000000000 R09: 0000000000000000 [ 80.324116][ T6062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.324122][ T6062] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 80.324136][ T6062] [ 80.424638][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 80.605100][ T6066] loop5: detected capacity change from 0 to 2640 [ 80.625869][ T6066] Buffer I/O error on dev loop5, logical block 0, async page read [ 80.638473][ T6066] Buffer I/O error on dev loop5, logical block 0, async page read [ 80.646290][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.646334][ T5951] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 80.646356][ T5951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.649297][ T5951] usb 2-1: config 0 descriptor?? [ 80.659067][ T6066] Buffer I/O error on dev loop5, logical block 0, async page read [ 80.694846][ T6066] Buffer I/O error on dev loop5, logical block 0, async page read [ 80.709168][ T6069] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 80.717924][ T6066] Buffer I/O error on dev loop5, logical block 1, async page read [ 80.725919][ T6066] Dev loop5: unable to read RDB block 8 [ 80.731594][ T6066] Buffer I/O error on dev loop5, logical block 3, async page read [ 80.739543][ T6066] loop5: unable to read partition table [ 80.745545][ T6066] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 80.756782][ T5854] Buffer I/O error on dev loop5, logical block 3, async page read [ 80.886647][ T6074] FAULT_INJECTION: forcing a failure. [ 80.886647][ T6074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.900442][ T6074] CPU: 0 UID: 0 PID: 6074 Comm: syz.0.52 Not tainted syzkaller #0 PREEMPT(full) [ 80.900465][ T6074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 80.900475][ T6074] Call Trace: [ 80.900482][ T6074] [ 80.900489][ T6074] dump_stack_lvl+0xe8/0x150 [ 80.900518][ T6074] should_fail_ex+0x412/0x560 [ 80.900542][ T6074] _copy_from_user+0x2d/0xb0 [ 80.900564][ T6074] ___sys_sendmsg+0x1c6/0x360 [ 80.900588][ T6074] ? __pfx____sys_sendmsg+0x10/0x10 [ 80.900637][ T6074] ? __fget_files+0x2a/0x420 [ 80.900659][ T6074] ? __fget_files+0x3a0/0x420 [ 80.900690][ T6074] __x64_sys_sendmsg+0x1bd/0x2a0 [ 80.900712][ T6074] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 80.900739][ T6074] ? __pfx_ksys_write+0x10/0x10 [ 80.900769][ T6074] do_syscall_64+0x14d/0xf80 [ 80.900785][ T6074] ? trace_irq_disable+0x3b/0x150 [ 80.900804][ T6074] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.900821][ T6074] ? clear_bhb_loop+0x40/0x90 [ 80.900842][ T6074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.900858][ T6074] RIP: 0033:0x7f390d99c799 [ 80.900874][ T6074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 80.900887][ T6074] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.900904][ T6074] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 80.900917][ T6074] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003 [ 80.900927][ T6074] RBP: 00007f390e8db090 R08: 0000000000000000 R09: 0000000000000000 [ 80.900937][ T6074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.900946][ T6074] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 80.900972][ T6074] [ 81.077688][ T5951] aquacomputer_d5next 0003:0C70:F0B6.0005: item fetching failed at offset 5/7 [ 81.113402][ T5951] aquacomputer_d5next 0003:0C70:F0B6.0005: probe with driver aquacomputer_d5next failed with error -22 [ 81.122015][ T6072] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 81.137356][ T6072] block device autoloading is deprecated and will be removed. [ 81.263371][ T24] cfg80211: failed to load regulatory.db [ 81.279367][ T24] usb 2-1: USB disconnect, device number 7 [ 81.445850][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 81.611692][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 81.618931][ T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 81.627865][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 81.638156][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 81.649608][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 81.658973][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.673421][ T9] usb 1-1: Product: syz [ 81.682909][ T9] usb 1-1: Manufacturer: syz [ 81.692518][ T9] usb 1-1: SerialNumber: syz [ 81.744832][ T9] usb 1-1: 0:2 : does not exist [ 82.099666][ T5924] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 82.119594][ T5951] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 82.153458][ T6094] loop5: detected capacity change from 0 to 2640 [ 82.161249][ T6094] Buffer I/O error on dev loop5, logical block 0, async page read [ 82.169576][ T6094] Buffer I/O error on dev loop5, logical block 0, async page read [ 82.178256][ T6094] ldm_validate_partition_table(): Disk read failed. [ 82.185609][ T6094] Dev loop5: unable to read RDB block 0 [ 82.191507][ T6094] loop5: unable to read partition table [ 82.198943][ T6094] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 82.251004][ T5924] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 82.267492][ T5924] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.278966][ T5924] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 82.288981][ T5924] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 82.301800][ T5924] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 82.309442][ T5951] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 82.310997][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 82.319447][ T5951] usb 3-1: config 0 has no interface number 0 [ 82.333381][ T5951] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.335069][ T5924] usb 2-1: Product: syz [ 82.346454][ T5951] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.358709][ T5951] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 82.367754][ T5924] usb 2-1: Manufacturer: syz [ 82.373158][ T5951] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.384087][ T5924] cdc_wdm 2-1:1.0: skipping garbage [ 82.401018][ T5951] usb 3-1: config 0 descriptor?? [ 82.402073][ T5924] cdc_wdm 2-1:1.0: skipping garbage [ 82.417051][ T5924] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 82.530800][ T5905] usb 1-1: USB disconnect, device number 4 [ 82.588403][ T9] usb 2-1: USB disconnect, device number 8 [ 82.608398][ T6092] Zero length message leads to an empty skb [ 82.617639][ T6092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.626386][ T6092] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.832242][ T5951] usbhid 3-1:0.1: can't add hid device: -71 [ 82.839597][ T5951] usbhid 3-1:0.1: probe with driver usbhid failed with error -71 [ 82.851702][ T5951] usb 3-1: USB disconnect, device number 4 [ 83.128087][ T5163] Bluetooth: hci1: command 0x0406 tx timeout [ 83.278245][ T6111] /dev/sg0: Can't lookup blockdev [ 83.291271][ T5924] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 83.381163][ T6116] loop5: detected capacity change from 0 to 2640 [ 83.390212][ T6116] ldm_validate_partition_table(): Disk read failed. [ 83.396909][ T6116] Dev loop5: unable to read RDB block 0 [ 83.403639][ T6116] loop5: unable to read partition table [ 83.412204][ T6116] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 83.451357][ T5924] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 83.460188][ T5924] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 83.470737][ T5924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 83.480153][ T5924] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 83.494538][ T5924] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 83.506334][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 83.514996][ T5924] usb 1-1: Product: syz [ 83.524586][ T9] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 83.535010][ T5924] usb 1-1: Manufacturer: syz [ 83.555905][ T5924] cdc_wdm 1-1:1.0: skipping garbage [ 83.562642][ T5924] cdc_wdm 1-1:1.0: skipping garbage [ 83.568200][ T5924] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 83.683423][ T5905] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 83.685534][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 83.701931][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.711708][ T9] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 83.720763][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.730908][ T9] usb 4-1: config 0 descriptor?? [ 83.766568][ T5951] usb 1-1: USB disconnect, device number 5 [ 83.829027][ T5905] usb 3-1: Using ep0 maxpacket: 32 [ 83.835843][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.846948][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.857003][ T5905] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 83.866138][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.876997][ T5905] usb 3-1: config 0 descriptor?? [ 84.135646][ T9] aquacomputer_d5next 0003:0C70:F0B6.0006: item fetching failed at offset 5/7 [ 84.145402][ T9] aquacomputer_d5next 0003:0C70:F0B6.0006: probe with driver aquacomputer_d5next failed with error -22 [ 84.334582][ T5951] usb 4-1: USB disconnect, device number 4 [ 84.467251][ T6128] FAULT_INJECTION: forcing a failure. [ 84.467251][ T6128] name failslab, interval 1, probability 0, space 0, times 0 [ 84.481737][ T6128] CPU: 1 UID: 0 PID: 6128 Comm: syz.1.73 Not tainted syzkaller #0 PREEMPT(full) [ 84.481759][ T6128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 84.481769][ T6128] Call Trace: [ 84.481776][ T6128] [ 84.481786][ T6128] dump_stack_lvl+0xe8/0x150 [ 84.481815][ T6128] should_fail_ex+0x412/0x560 [ 84.481840][ T6128] should_failslab+0xa8/0x100 [ 84.481860][ T6128] __kmalloc_noprof+0xe8/0x760 [ 84.481884][ T6128] ? tomoyo_encode+0x28b/0x550 [ 84.481912][ T6128] tomoyo_encode+0x28b/0x550 [ 84.481939][ T6128] tomoyo_realpath_from_path+0x58d/0x5d0 [ 84.481973][ T6128] ? tomoyo_path_number_perm+0x219/0x630 [ 84.481995][ T6128] tomoyo_path_number_perm+0x246/0x630 [ 84.482019][ T6128] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 84.482044][ T6128] ? __lock_acquire+0x6b5/0x2cf0 [ 84.482079][ T6128] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 84.482117][ T6128] ? __fget_files+0x2a/0x420 [ 84.482142][ T6128] ? __fget_files+0x2a/0x420 [ 84.482163][ T6128] ? __fget_files+0x3a0/0x420 [ 84.482183][ T6128] ? __fget_files+0x2a/0x420 [ 84.482209][ T6128] security_file_ioctl+0xc3/0x2a0 [ 84.482232][ T6128] __se_sys_ioctl+0x47/0x170 [ 84.482251][ T6128] do_syscall_64+0x14d/0xf80 [ 84.482267][ T6128] ? trace_irq_disable+0x3b/0x150 [ 84.482287][ T6128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.482305][ T6128] ? clear_bhb_loop+0x40/0x90 [ 84.482325][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.482343][ T6128] RIP: 0033:0x7f44b199c799 [ 84.482359][ T6128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.482373][ T6128] RSP: 002b:00007f44b2844028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.482392][ T6128] RAX: ffffffffffffffda RBX: 00007f44b1c15fa0 RCX: 00007f44b199c799 [ 84.482404][ T6128] RDX: 00002000000001c0 RSI: 00000000c008561c RDI: 0000000000000003 [ 84.482415][ T6128] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 84.482426][ T6128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.482436][ T6128] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 84.482465][ T6128] [ 84.482531][ T6128] ERROR: Out of memory at tomoyo_realpath_from_path. [ 84.553682][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 84.558401][ T5905] usbhid 3-1:0.0: can't add hid device: -32 [ 84.611922][ T6130] netlink: 36 bytes leftover after parsing attributes in process `syz.1.74'. [ 84.613297][ T5905] usbhid 3-1:0.0: probe with driver usbhid failed with error -32 [ 84.720139][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 84.755465][ T9] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.766433][ T9] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.776251][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 84.783150][ T9] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 84.792845][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.803435][ T9] usb 1-1: config 0 descriptor?? [ 84.880220][ T6134] overlayfs: failed to resolve './file0': -2 [ 84.889199][ T6134] netlink: 20 bytes leftover after parsing attributes in process `syz.3.76'. [ 84.926282][ T5906] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 84.987213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 85.092637][ T5906] usb 2-1: Using ep0 maxpacket: 16 [ 85.114715][ T5906] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 85.129844][ T5906] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 85.143507][ T5906] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.157921][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.191712][ T5906] usb 2-1: Product: Ⰱ [ 85.195950][ T5906] usb 2-1: Manufacturer:  [ 85.201251][ T5906] usb 2-1: SerialNumber: Х [ 85.221535][ T9] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0 [ 85.229012][ T9] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0 [ 85.236461][ T9] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0 [ 85.244150][ T9] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0 [ 85.252793][ T6143] netlink: 'syz.3.79': attribute type 4 has an invalid length. [ 85.260658][ T9] nzxt-smart2 0003:1E71:2009.0007: unknown main item tag 0x0 [ 85.276203][ T9] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 85.413733][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.424557][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.438914][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.438914][ T5905] usb 1-1: USB disconnect, device number 6 [ 85.459026][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.474244][ T6132] misc userio: No port type given on /dev/userio [ 85.540011][ T6146] misc userio: The device must be registered before sending interrupts [ 85.551962][ T6146] 8021q: VLANs not supported on ip6_vti0 [ 85.974886][ T6148] FAULT_INJECTION: forcing a failure. [ 85.974886][ T6148] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.988063][ T6148] CPU: 0 UID: 0 PID: 6148 Comm: syz.0.80 Not tainted syzkaller #0 PREEMPT(full) [ 85.988076][ T6148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 85.988082][ T6148] Call Trace: [ 85.988087][ T6148] [ 85.988092][ T6148] dump_stack_lvl+0xe8/0x150 [ 85.988110][ T6148] should_fail_ex+0x412/0x560 [ 85.988126][ T6148] strncpy_from_user+0x36/0x2b0 [ 85.988139][ T6148] do_getname+0x77/0x250 [ 85.988152][ T6148] do_sys_openat2+0xca/0x200 [ 85.988166][ T6148] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.988179][ T6148] ? ksys_write+0x242/0x270 [ 85.988189][ T6148] ? __pfx_ksys_write+0x10/0x10 [ 85.988199][ T6148] __x64_sys_openat+0x138/0x170 [ 85.988213][ T6148] do_syscall_64+0x14d/0xf80 [ 85.988222][ T6148] ? trace_irq_disable+0x3b/0x150 [ 85.988234][ T6148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.988243][ T6148] ? clear_bhb_loop+0x40/0x90 [ 85.988254][ T6148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.988264][ T6148] RIP: 0033:0x7f390d99c799 [ 85.988274][ T6148] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.988286][ T6148] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.988303][ T6148] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 85.988315][ T6148] RDX: 0000000000183341 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 85.988326][ T6148] RBP: 00007f390e8db090 R08: 0000000000000000 R09: 0000000000000000 [ 85.988337][ T6148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.988346][ T6148] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 85.988363][ T6148] [ 86.401290][ T826] usb 3-1: USB disconnect, device number 5 [ 87.662211][ T5163] Bluetooth: hci2: command 0x0406 tx timeout [ 87.718082][ T5906] cdc_ncm 2-1:1.0: bind() failure [ 87.734930][ T5906] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 87.741798][ T5906] cdc_ncm 2-1:1.1: bind() failure [ 87.755833][ T5906] usb 2-1: USB disconnect, device number 9 [ 87.867268][ T6161] netdevsim netdevsim2 : renamed from netdevsim0 (while UP) [ 87.916447][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.86'. [ 87.992791][ T6168] netlink: 168 bytes leftover after parsing attributes in process `syz.3.88'. [ 88.077786][ T6172] FAULT_INJECTION: forcing a failure. [ 88.077786][ T6172] name failslab, interval 1, probability 0, space 0, times 0 [ 88.091232][ T6172] CPU: 1 UID: 0 PID: 6172 Comm: syz.2.90 Not tainted syzkaller #0 PREEMPT(full) [ 88.091253][ T6172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 88.091263][ T6172] Call Trace: [ 88.091270][ T6172] [ 88.091277][ T6172] dump_stack_lvl+0xe8/0x150 [ 88.091306][ T6172] should_fail_ex+0x412/0x560 [ 88.091336][ T6172] should_failslab+0xa8/0x100 [ 88.091357][ T6172] __kmalloc_noprof+0xe8/0x760 [ 88.091383][ T6172] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 88.091415][ T6172] tomoyo_realpath_from_path+0xe3/0x5d0 [ 88.091451][ T6172] ? tomoyo_path_number_perm+0x219/0x630 [ 88.091473][ T6172] tomoyo_path_number_perm+0x246/0x630 [ 88.091499][ T6172] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 88.091524][ T6172] ? __lock_acquire+0x6b5/0x2cf0 [ 88.091560][ T6172] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 88.091597][ T6172] ? __fget_files+0x2a/0x420 [ 88.091623][ T6172] ? __fget_files+0x2a/0x420 [ 88.091644][ T6172] ? __fget_files+0x3a0/0x420 [ 88.091683][ T6172] ? __fget_files+0x2a/0x420 [ 88.091709][ T6172] security_file_ioctl+0xc3/0x2a0 [ 88.091732][ T6172] __se_sys_ioctl+0x47/0x170 [ 88.091753][ T6172] do_syscall_64+0x14d/0xf80 [ 88.091768][ T6172] ? trace_irq_disable+0x3b/0x150 [ 88.091789][ T6172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.091806][ T6172] ? clear_bhb_loop+0x40/0x90 [ 88.091828][ T6172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.091846][ T6172] RIP: 0033:0x7fb0f479c799 [ 88.091862][ T6172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 88.091876][ T6172] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.091897][ T6172] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 88.091910][ T6172] RDX: 0000200000000280 RSI: 000000008010640b RDI: 0000000000000003 [ 88.091921][ T6172] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 88.091932][ T6172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.091942][ T6172] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 88.091971][ T6172] [ 88.091988][ T6172] ERROR: Out of memory at tomoyo_realpath_from_path. [ 88.147971][ T5906] usb 2-1: new low-speed USB device number 10 using dummy_hcd [ 88.156727][ T808] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 88.315941][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 88.347493][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.357669][ T5906] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 88.372964][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.383818][ T5906] usb 2-1: config 0 descriptor?? [ 88.402768][ T5924] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 88.474171][ T808] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.484480][ T808] usb 1-1: config 0 interface 0 has no altsetting 0 [ 88.493535][ T808] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 88.502734][ T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.512093][ T808] usb 1-1: Product: syz [ 88.516353][ T808] usb 1-1: Manufacturer: syz [ 88.521187][ T808] usb 1-1: SerialNumber: syz [ 88.528051][ T808] usb 1-1: config 0 descriptor?? [ 88.537105][ T808] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 88.549890][ T808] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 88.559897][ T808] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 88.568695][ T808] usb 1-1: media controller created [ 88.579971][ T5924] usb 4-1: Using ep0 maxpacket: 32 [ 88.586750][ T808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 88.588038][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.612214][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.629531][ T5924] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 88.638661][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.651344][ T5924] usb 4-1: config 0 descriptor?? [ 88.652156][ T808] DVB: Unable to find symbol tda10046_attach() [ 88.667886][ T808] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 88.676618][ T808] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 88.816615][ T5906] aquacomputer_d5next 0003:0C70:F0B6.0008: item fetching failed at offset 5/7 [ 88.826441][ T5906] aquacomputer_d5next 0003:0C70:F0B6.0008: probe with driver aquacomputer_d5next failed with error -22 [ 88.948427][ T6163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.957272][ T6163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.967195][ T808] dvb_usb_m920x 1-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 88.982687][ T808] usb 1-1: USB disconnect, device number 7 [ 89.019908][ T5906] usb 2-1: USB disconnect, device number 10 [ 89.069685][ T5924] ft260 0003:0403:6030.0009: unknown main item tag 0x0 [ 89.076774][ T5924] ft260 0003:0403:6030.0009: unknown main item tag 0x0 [ 89.264355][ T5924] ft260 0003:0403:6030.0009: failed to retrieve chip version [ 89.274027][ T5924] ft260 0003:0403:6030.0009: probe with driver ft260 failed with error -32 [ 89.327882][ T6182] FAULT_INJECTION: forcing a failure. [ 89.327882][ T6182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.341105][ T6182] CPU: 0 UID: 0 PID: 6182 Comm: syz.2.94 Not tainted syzkaller #0 PREEMPT(full) [ 89.341125][ T6182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.341135][ T6182] Call Trace: [ 89.341142][ T6182] [ 89.341149][ T6182] dump_stack_lvl+0xe8/0x150 [ 89.341177][ T6182] should_fail_ex+0x412/0x560 [ 89.341201][ T6182] _copy_from_iter+0x1d3/0x1670 [ 89.341218][ T6182] ? format_decode+0x60f/0xe10 [ 89.341244][ T6182] ? vsnprintf+0xdf1/0xee0 [ 89.341264][ T6182] ? __pfx__copy_from_iter+0x10/0x10 [ 89.341297][ T6182] tun_get_user+0x267/0x4300 [ 89.341324][ T6182] ? unwind_get_return_address+0x4d/0x90 [ 89.341361][ T6182] ? __pfx_tun_get_user+0x10/0x10 [ 89.341386][ T6182] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 89.341410][ T6182] ? lockdep_hardirqs_on+0x7a/0x110 [ 89.341436][ T6182] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 89.341459][ T6182] ? save_netdev_trace_buffer+0x4e2/0x610 [ 89.341491][ T6182] ? ref_tracker_alloc+0x35c/0x4c0 [ 89.341510][ T6182] ? tun_chr_write_iter+0x60/0x210 [ 89.341533][ T6182] ? vfs_write+0x61d/0xb90 [ 89.341555][ T6182] ? ksys_write+0x150/0x270 [ 89.341571][ T6182] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 89.341596][ T6182] ? tun_get+0x1c/0x2f0 [ 89.341625][ T6182] ? tun_get+0x1c/0x2f0 [ 89.341648][ T6182] ? tun_get+0x1c/0x2f0 [ 89.341677][ T6182] tun_chr_write_iter+0x113/0x210 [ 89.341703][ T6182] vfs_write+0x61d/0xb90 [ 89.341726][ T6182] ? __pfx_vfs_write+0x10/0x10 [ 89.341760][ T6182] ? __fget_files+0x2a/0x420 [ 89.341789][ T6182] ksys_write+0x150/0x270 [ 89.341807][ T6182] ? __pfx_ksys_write+0x10/0x10 [ 89.341832][ T6182] do_syscall_64+0x14d/0xf80 [ 89.341846][ T6182] ? trace_irq_disable+0x3b/0x150 [ 89.341857][ T6182] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.341867][ T6182] ? clear_bhb_loop+0x40/0x90 [ 89.341878][ T6182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.341888][ T6182] RIP: 0033:0x7fb0f479c799 [ 89.341898][ T6182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.341906][ T6182] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 89.341917][ T6182] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 89.341924][ T6182] RDX: 0000000000000052 RSI: 00002000000006c0 RDI: 0000000000000003 [ 89.341930][ T6182] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 89.341935][ T6182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.341941][ T6182] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 89.341955][ T6182] [ 89.795235][ T6189] FAULT_INJECTION: forcing a failure. [ 89.795235][ T6189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.808697][ T6189] CPU: 0 UID: 0 PID: 6189 Comm: syz.0.97 Not tainted syzkaller #0 PREEMPT(full) [ 89.808718][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.808728][ T6189] Call Trace: [ 89.808735][ T6189] [ 89.808742][ T6189] dump_stack_lvl+0xe8/0x150 [ 89.808771][ T6189] should_fail_ex+0x412/0x560 [ 89.808795][ T6189] _copy_from_user+0x2d/0xb0 [ 89.808816][ T6189] __sys_bind+0x1c6/0x410 [ 89.808842][ T6189] ? __pfx___sys_bind+0x10/0x10 [ 89.808876][ T6189] ? __pfx_ksys_write+0x10/0x10 [ 89.808900][ T6189] __x64_sys_bind+0x7a/0x90 [ 89.808925][ T6189] do_syscall_64+0x14d/0xf80 [ 89.808940][ T6189] ? trace_irq_disable+0x3b/0x150 [ 89.808960][ T6189] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.808976][ T6189] ? clear_bhb_loop+0x40/0x90 [ 89.809006][ T6189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.809024][ T6189] RIP: 0033:0x7f390d99c799 [ 89.809040][ T6189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.809054][ T6189] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 89.809073][ T6189] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 89.809085][ T6189] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000004 [ 89.809096][ T6189] RBP: 00007f390e8db090 R08: 0000000000000000 R09: 0000000000000000 [ 89.809106][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.809116][ T6189] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 89.809144][ T6189] [ 90.006645][ T6193] capability: warning: `syz.2.98' uses deprecated v2 capabilities in a way that may be insecure [ 90.044394][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.076556][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.088195][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.106676][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.155969][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.170973][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.193420][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.207404][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.232660][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.252742][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.268669][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.282110][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.296138][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.305673][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.315092][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.325722][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.336847][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.346643][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.357313][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.366864][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.376252][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.385663][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.395075][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.409590][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.419058][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.429929][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.440926][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.450349][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.460341][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.469757][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.479318][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.488811][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.498394][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.508061][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.517732][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.528250][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.538868][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.548536][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.558011][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.567630][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.577263][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.587615][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.597243][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.606736][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.616296][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.627925][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.637510][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.646998][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.656573][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.666817][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.681435][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.690864][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.700259][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.710209][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.719622][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.731774][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.741897][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.754899][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.764491][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.773868][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.783458][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.794022][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.803460][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.812924][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.822356][ T6192] program syz.2.98 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.919546][ T6211] FAULT_INJECTION: forcing a failure. [ 90.919546][ T6211] name failslab, interval 1, probability 0, space 0, times 0 [ 90.940935][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz.2.103 Not tainted syzkaller #0 PREEMPT(full) [ 90.940957][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 90.940968][ T6211] Call Trace: [ 90.940974][ T6211] [ 90.940981][ T6211] dump_stack_lvl+0xe8/0x150 [ 90.941011][ T6211] should_fail_ex+0x412/0x560 [ 90.941036][ T6211] should_failslab+0xa8/0x100 [ 90.941056][ T6211] __kmalloc_noprof+0xe8/0x760 [ 90.941083][ T6211] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 90.941114][ T6211] tomoyo_realpath_from_path+0xe3/0x5d0 [ 90.941149][ T6211] ? tomoyo_path_number_perm+0x219/0x630 [ 90.941170][ T6211] tomoyo_path_number_perm+0x246/0x630 [ 90.941193][ T6211] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 90.941217][ T6211] ? __lock_acquire+0x6b5/0x2cf0 [ 90.941251][ T6211] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 90.941284][ T6211] ? __fget_files+0x2a/0x420 [ 90.941308][ T6211] ? __fget_files+0x2a/0x420 [ 90.941329][ T6211] ? __fget_files+0x3a0/0x420 [ 90.941349][ T6211] ? __fget_files+0x2a/0x420 [ 90.941375][ T6211] security_file_ioctl+0xc3/0x2a0 [ 90.941395][ T6211] __se_sys_ioctl+0x47/0x170 [ 90.941413][ T6211] do_syscall_64+0x14d/0xf80 [ 90.941429][ T6211] ? trace_irq_disable+0x3b/0x150 [ 90.941448][ T6211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.941466][ T6211] ? clear_bhb_loop+0x40/0x90 [ 90.941487][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.941503][ T6211] RIP: 0033:0x7fb0f479c799 [ 90.941520][ T6211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.941533][ T6211] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.941552][ T6211] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 90.941564][ T6211] RDX: 0000200000000100 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 90.941575][ T6211] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 90.941585][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.941595][ T6211] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 90.941624][ T6211] [ 90.941631][ T6211] ERROR: Out of memory at tomoyo_realpath_from_path. [ 91.171728][ T808] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 91.341092][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 91.368244][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.378677][ T808] usb 1-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 91.397958][ T5951] usb 4-1: USB disconnect, device number 5 [ 91.405498][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.442465][ T808] usb 1-1: config 0 descriptor?? [ 91.448704][ T6226] FAULT_INJECTION: forcing a failure. [ 91.448704][ T6226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.468969][ T6226] CPU: 1 UID: 0 PID: 6226 Comm: syz.1.110 Not tainted syzkaller #0 PREEMPT(full) [ 91.468993][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 91.469003][ T6226] Call Trace: [ 91.469009][ T6226] [ 91.469016][ T6226] dump_stack_lvl+0xe8/0x150 [ 91.469046][ T6226] should_fail_ex+0x412/0x560 [ 91.469070][ T6226] _copy_to_user+0x31/0xb0 [ 91.469093][ T6226] fanotify_read+0xdb5/0x2b20 [ 91.469141][ T6226] ? __pfx_fanotify_read+0x10/0x10 [ 91.469165][ T6226] ? kstrtoull+0x12f/0x1d0 [ 91.469201][ T6226] ? __asan_memset+0x22/0x50 [ 91.469228][ T6226] ? __pfx_woken_wake_function+0x10/0x10 [ 91.469254][ T6226] ? bpf_lsm_file_permission+0x9/0x20 [ 91.469271][ T6226] ? security_file_permission+0x75/0x260 [ 91.469293][ T6226] ? rw_verify_area+0x2a6/0x4d0 [ 91.469322][ T6226] vfs_readv+0x587/0x840 [ 91.469353][ T6226] ? __pfx_fanotify_read+0x10/0x10 [ 91.469378][ T6226] ? __pfx_vfs_readv+0x10/0x10 [ 91.469412][ T6226] ? __fget_files+0x2a/0x420 [ 91.469439][ T6226] ? __fget_files+0x3a0/0x420 [ 91.469460][ T6226] ? __fget_files+0x2a/0x420 [ 91.469488][ T6226] do_readv+0x154/0x2e0 [ 91.469510][ T6226] ? __pfx_do_readv+0x10/0x10 [ 91.469541][ T6226] do_syscall_64+0x14d/0xf80 [ 91.469556][ T6226] ? trace_irq_disable+0x3b/0x150 [ 91.469577][ T6226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.469594][ T6226] ? clear_bhb_loop+0x40/0x90 [ 91.469615][ T6226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.469633][ T6226] RIP: 0033:0x7f44b199c799 [ 91.469649][ T6226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.469663][ T6226] RSP: 002b:00007f44b2844028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 91.469681][ T6226] RAX: ffffffffffffffda RBX: 00007f44b1c15fa0 RCX: 00007f44b199c799 [ 91.469693][ T6226] RDX: 0000000000000001 RSI: 0000200000000c40 RDI: 0000000000000005 [ 91.469704][ T6226] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 91.469715][ T6226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.469725][ T6226] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 91.469752][ T6226] [ 91.742023][ T6230] netlink: 252 bytes leftover after parsing attributes in process `syz.2.112'. [ 91.913821][ T808] aquacomputer_d5next 0003:0C70:F0B6.000A: item fetching failed at offset 5/7 [ 91.927996][ T808] aquacomputer_d5next 0003:0C70:F0B6.000A: probe with driver aquacomputer_d5next failed with error -22 [ 92.032153][ T6244] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 92.116361][ T5951] usb 1-1: USB disconnect, device number 8 [ 92.564444][ T5951] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 92.733017][ T5951] usb 3-1: Using ep0 maxpacket: 32 [ 92.746883][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.763187][ T6258] FAULT_INJECTION: forcing a failure. [ 92.763187][ T6258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.775235][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.786572][ T5951] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 92.796043][ T6258] CPU: 0 UID: 0 PID: 6258 Comm: syz.0.121 Not tainted syzkaller #0 PREEMPT(full) [ 92.796062][ T6258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 92.796072][ T6258] Call Trace: [ 92.796079][ T6258] [ 92.796086][ T6258] dump_stack_lvl+0xe8/0x150 [ 92.796114][ T6258] should_fail_ex+0x412/0x560 [ 92.796138][ T6258] _copy_from_user+0x2d/0xb0 [ 92.796158][ T6258] ___sys_sendmsg+0x1c6/0x360 [ 92.796181][ T6258] ? __pfx____sys_sendmsg+0x10/0x10 [ 92.796204][ T6258] ? kstrtouint+0x6e/0xe0 [ 92.796260][ T6258] ? __fget_files+0x2a/0x420 [ 92.796283][ T6258] ? __fget_files+0x3a0/0x420 [ 92.796315][ T6258] __sys_sendmmsg+0x27c/0x4e0 [ 92.796341][ T6258] ? __pfx___sys_sendmmsg+0x10/0x10 [ 92.796359][ T6258] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 92.796397][ T6258] ? ksys_write+0x242/0x270 [ 92.796416][ T6258] ? __pfx_ksys_write+0x10/0x10 [ 92.796438][ T6258] __x64_sys_sendmmsg+0xa0/0xc0 [ 92.796458][ T6258] do_syscall_64+0x14d/0xf80 [ 92.796473][ T6258] ? trace_irq_disable+0x3b/0x150 [ 92.796492][ T6258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.796509][ T6258] ? clear_bhb_loop+0x40/0x90 [ 92.796530][ T6258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.796547][ T6258] RIP: 0033:0x7f390d99c799 [ 92.796563][ T6258] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.796576][ T6258] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 92.796594][ T6258] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 92.796606][ T6258] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004 [ 92.796617][ T6258] RBP: 00007f390e8db090 R08: 0000000000000000 R09: 0000000000000000 [ 92.796628][ T6258] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001 [ 92.796638][ T6258] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 92.796665][ T6258] [ 92.799999][ T5951] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.867184][ T6259] netlink: zone id is out of range [ 92.922268][ T5951] usb 3-1: config 0 descriptor?? [ 92.946013][ T6259] netlink: zone id is out of range [ 93.027638][ T6259] netlink: zone id is out of range [ 93.067814][ T6259] netlink: zone id is out of range [ 93.079896][ T6259] netlink: zone id is out of range [ 93.085454][ T6259] netlink: zone id is out of range [ 93.091529][ T6259] netlink: zone id is out of range [ 93.100183][ T6259] netlink: zone id is out of range [ 93.128087][ T6259] netlink: zone id is out of range [ 93.136647][ T6259] netlink: zone id is out of range [ 93.475597][ T5951] ft260 0003:0403:6030.000B: unknown main item tag 0x0 [ 93.492528][ T5951] ft260 0003:0403:6030.000B: unknown main item tag 0x0 [ 93.534204][ T6274] FAULT_INJECTION: forcing a failure. [ 93.534204][ T6274] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 93.561268][ T6276] netlink: 8 bytes leftover after parsing attributes in process `syz.1.128'. [ 93.562476][ T6274] CPU: 1 UID: 0 PID: 6274 Comm: syz.0.124 Not tainted syzkaller #0 PREEMPT(full) [ 93.562498][ T6274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 93.562508][ T6274] Call Trace: [ 93.562515][ T6274] [ 93.562522][ T6274] dump_stack_lvl+0xe8/0x150 [ 93.562551][ T6274] should_fail_ex+0x412/0x560 [ 93.562579][ T6274] prepare_alloc_pages+0x22a/0x650 [ 93.562604][ T6274] __alloc_frozen_pages_noprof+0x119/0x3d0 [ 93.562626][ T6274] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 93.562656][ T6274] ? __pfx_policy_nodemask+0x10/0x10 [ 93.562684][ T6274] alloc_pages_mpol+0x235/0x490 [ 93.562707][ T6274] folio_alloc_mpol_noprof+0x39/0x160 [ 93.562729][ T6274] vma_alloc_folio_noprof+0xe1/0x1e0 [ 93.562749][ T6274] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 93.562778][ T6274] do_pte_missing+0x159d/0x33f0 [ 93.562806][ T6274] ? handle_mm_fault+0xee/0x3170 [ 93.562833][ T6274] handle_mm_fault+0x1bd7/0x3170 [ 93.562868][ T6274] ? handle_mm_fault+0xee/0x3170 [ 93.562898][ T6274] ? __pfx_handle_mm_fault+0x10/0x10 [ 93.562919][ T6274] ? lock_vma_under_rcu+0x45a/0x500 [ 93.562943][ T6274] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 93.562982][ T6274] do_user_addr_fault+0xa73/0x1340 [ 93.563013][ T6274] ? rcu_is_watching+0x15/0xb0 [ 93.563030][ T6274] ? trace_page_fault_user+0x84/0x210 [ 93.563056][ T6274] exc_page_fault+0x6a/0xc0 [ 93.563081][ T6274] asm_exc_page_fault+0x26/0x30 [ 93.563098][ T6274] RIP: 0033:0x7f390d85df4b [ 93.563114][ T6274] Code: 00 00 00 48 8d 3d 3d a7 1a 00 48 89 c1 31 c0 e8 9b 32 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 a7 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 93.563127][ T6274] RSP: 002b:00007f390e8b8fa0 EFLAGS: 00010206 [ 93.563142][ T6274] RAX: 0000000000000000 RBX: 00007f390dc16090 RCX: 0000000000000000 [ 93.563154][ T6274] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00002000000000c0 [ 93.563164][ T6274] RBP: 00007f390e8ba090 R08: 0000000000000000 R09: 0000000000000000 [ 93.563174][ T6274] R10: 00002000000000c0 R11: 0000000000000000 R12: 0000000000000001 [ 93.563184][ T6274] R13: 00007f390dc16128 R14: 00007f390dc16090 R15: 00007ffddad224d8 [ 93.563212][ T6274] [ 93.563432][ T6274] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 93.793565][ T5951] ft260 0003:0403:6030.000B: failed to retrieve chip version [ 93.801358][ T5951] ft260 0003:0403:6030.000B: probe with driver ft260 failed with error -32 [ 94.177551][ T6283] FAULT_INJECTION: forcing a failure. [ 94.177551][ T6283] name failslab, interval 1, probability 0, space 0, times 0 [ 94.190505][ T6283] CPU: 1 UID: 0 PID: 6283 Comm: syz.0.130 Not tainted syzkaller #0 PREEMPT(full) [ 94.190527][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 94.190537][ T6283] Call Trace: [ 94.190545][ T6283] [ 94.190552][ T6283] dump_stack_lvl+0xe8/0x150 [ 94.190589][ T6283] should_fail_ex+0x412/0x560 [ 94.190614][ T6283] should_failslab+0xa8/0x100 [ 94.190634][ T6283] __kvmalloc_node_noprof+0x178/0x8a0 [ 94.190653][ T6283] ? traverse+0xde/0x580 [ 94.190678][ T6283] traverse+0xde/0x580 [ 94.190699][ T6283] ? aa_file_perm+0x192/0x15e0 [ 94.190732][ T6283] seq_read_iter+0xd08/0xe10 [ 94.190759][ T6283] ? __asan_memset+0x22/0x50 [ 94.190789][ T6283] seq_read+0x367/0x480 [ 94.190816][ T6283] ? __pfx_seq_read+0x10/0x10 [ 94.190842][ T6283] ? apparmor_file_permission+0x1f4/0x300 [ 94.190869][ T6283] ? __pfx_seq_read+0x10/0x10 [ 94.190885][ T6283] proc_reg_read+0x1e9/0x2e0 [ 94.190910][ T6283] ? __pfx_proc_reg_read+0x10/0x10 [ 94.190936][ T6283] vfs_read+0x20c/0xa70 [ 94.190961][ T6283] ? ksys_write+0x1e6/0x270 [ 94.190984][ T6283] ? __pfx_vfs_read+0x10/0x10 [ 94.191011][ T6283] ? __fget_files+0x2a/0x420 [ 94.191036][ T6283] ? __fget_files+0x2a/0x420 [ 94.191070][ T6283] ? __fget_files+0x3a0/0x420 [ 94.191092][ T6283] ? __fget_files+0x2a/0x420 [ 94.191122][ T6283] __x64_sys_pread64+0x199/0x230 [ 94.191143][ T6283] ? __pfx___x64_sys_pread64+0x10/0x10 [ 94.191172][ T6283] do_syscall_64+0x14d/0xf80 [ 94.191188][ T6283] ? trace_irq_disable+0x3b/0x150 [ 94.191208][ T6283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.191226][ T6283] ? clear_bhb_loop+0x40/0x90 [ 94.191248][ T6283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.191265][ T6283] RIP: 0033:0x7f390d99c799 [ 94.191282][ T6283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.191296][ T6283] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 94.191314][ T6283] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 94.191327][ T6283] RDX: 0000000000001007 RSI: 0000200000001600 RDI: 0000000000000003 [ 94.191338][ T6283] RBP: 00007f390e8db090 R08: 0000000000000000 R09: 0000000000000000 [ 94.191349][ T6283] R10: 0000000000000097 R11: 0000000000000246 R12: 0000000000000001 [ 94.191359][ T6283] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 94.191388][ T6283] [ 94.623286][ T6291] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 95.055892][ T808] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 95.126271][ T6309] FAULT_INJECTION: forcing a failure. [ 95.126271][ T6309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.140077][ T6309] CPU: 1 UID: 0 PID: 6309 Comm: syz.3.139 Not tainted syzkaller #0 PREEMPT(full) [ 95.140090][ T6309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 95.140096][ T6309] Call Trace: [ 95.140101][ T6309] [ 95.140105][ T6309] dump_stack_lvl+0xe8/0x150 [ 95.140123][ T6309] should_fail_ex+0x412/0x560 [ 95.140136][ T6309] _copy_from_user+0x2d/0xb0 [ 95.140149][ T6309] ___sys_sendmsg+0x1c6/0x360 [ 95.140162][ T6309] ? __pfx____sys_sendmsg+0x10/0x10 [ 95.140201][ T6309] ? __fget_files+0x2a/0x420 [ 95.140223][ T6309] ? __fget_files+0x3a0/0x420 [ 95.140252][ T6309] __x64_sys_sendmsg+0x1bd/0x2a0 [ 95.140271][ T6309] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 95.140286][ T6309] ? __pfx_ksys_write+0x10/0x10 [ 95.140300][ T6309] do_syscall_64+0x14d/0xf80 [ 95.140308][ T6309] ? trace_irq_disable+0x3b/0x150 [ 95.140320][ T6309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.140330][ T6309] ? clear_bhb_loop+0x40/0x90 [ 95.140341][ T6309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.140350][ T6309] RIP: 0033:0x7f9ff1f9c799 [ 95.140360][ T6309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.140368][ T6309] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.140380][ T6309] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 95.140391][ T6309] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 95.140401][ T6309] RBP: 00007f9ff2d77090 R08: 0000000000000000 R09: 0000000000000000 [ 95.140412][ T6309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.140422][ T6309] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 95.140448][ T6309] [ 95.400850][ T808] usb 1-1: Using ep0 maxpacket: 8 [ 95.407465][ T808] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 95.417018][ T808] usb 1-1: config 179 has no interface number 0 [ 95.423334][ T808] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 95.434882][ T808] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 95.446855][ T808] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 95.453879][ T6313] FAULT_INJECTION: forcing a failure. [ 95.453879][ T6313] name failslab, interval 1, probability 0, space 0, times 0 [ 95.458383][ T808] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 95.471703][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.1.141 Not tainted syzkaller #0 PREEMPT(full) [ 95.471722][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 95.471732][ T6313] Call Trace: [ 95.471739][ T6313] [ 95.471746][ T6313] dump_stack_lvl+0xe8/0x150 [ 95.471775][ T6313] should_fail_ex+0x412/0x560 [ 95.471799][ T6313] should_failslab+0xa8/0x100 [ 95.471819][ T6313] __kmalloc_noprof+0xe8/0x760 [ 95.471845][ T6313] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 95.471875][ T6313] tomoyo_realpath_from_path+0xe3/0x5d0 [ 95.471910][ T6313] ? tomoyo_path_number_perm+0x219/0x630 [ 95.471931][ T6313] tomoyo_path_number_perm+0x246/0x630 [ 95.471962][ T6313] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 95.471987][ T6313] ? __lock_acquire+0x6b5/0x2cf0 [ 95.472022][ T6313] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 95.472058][ T6313] ? __fget_files+0x2a/0x420 [ 95.472082][ T6313] ? __fget_files+0x2a/0x420 [ 95.472103][ T6313] ? __fget_files+0x3a0/0x420 [ 95.472123][ T6313] ? __fget_files+0x2a/0x420 [ 95.472147][ T6313] security_file_ioctl+0xc3/0x2a0 [ 95.472170][ T6313] __se_sys_ioctl+0x47/0x170 [ 95.472190][ T6313] do_syscall_64+0x14d/0xf80 [ 95.472208][ T6313] ? trace_irq_disable+0x3b/0x150 [ 95.472227][ T6313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.472244][ T6313] ? clear_bhb_loop+0x40/0x90 [ 95.472265][ T6313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.472282][ T6313] RIP: 0033:0x7f44b199c799 [ 95.472298][ T6313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.472311][ T6313] RSP: 002b:00007f44b2844028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.472329][ T6313] RAX: ffffffffffffffda RBX: 00007f44b1c15fa0 RCX: 00007f44b199c799 [ 95.472341][ T6313] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 95.472351][ T6313] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 95.472361][ T6313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.472371][ T6313] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 95.472399][ T6313] [ 95.472416][ T6313] ERROR: Out of memory at tomoyo_realpath_from_path. [ 95.483492][ T808] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 95.723129][ T808] usb 1-1: config 179 interface 65 has no altsetting 0 [ 95.733081][ T808] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 95.742512][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.787867][ T808] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input5 [ 95.871062][ T5198] input input5: unable to receive magic message: -110 [ 95.911680][ T5906] usb 3-1: USB disconnect, device number 6 [ 95.988199][ T6317] XFS (nbd1): SB validate failed with error -5. [ 96.031569][ T6303] input input5: unable to receive magic message: -32 [ 96.171773][ T6330] FAULT_INJECTION: forcing a failure. [ 96.171773][ T6330] name failslab, interval 1, probability 0, space 0, times 0 [ 96.187426][ T6330] CPU: 1 UID: 0 PID: 6330 Comm: syz.2.145 Not tainted syzkaller #0 PREEMPT(full) [ 96.187446][ T6330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 96.187456][ T6330] Call Trace: [ 96.187466][ T6330] [ 96.187472][ T6330] dump_stack_lvl+0xe8/0x150 [ 96.187500][ T6330] should_fail_ex+0x412/0x560 [ 96.187523][ T6330] should_failslab+0xa8/0x100 [ 96.187543][ T6330] __kmalloc_noprof+0xe8/0x760 [ 96.187569][ T6330] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 96.187598][ T6330] tomoyo_realpath_from_path+0xe3/0x5d0 [ 96.187632][ T6330] ? tomoyo_path_number_perm+0x219/0x630 [ 96.187655][ T6330] tomoyo_path_number_perm+0x246/0x630 [ 96.187678][ T6330] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 96.187703][ T6330] ? __lock_acquire+0x6b5/0x2cf0 [ 96.187738][ T6330] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 96.187772][ T6330] ? __fget_files+0x2a/0x420 [ 96.187796][ T6330] ? __fget_files+0x2a/0x420 [ 96.187817][ T6330] ? __fget_files+0x3a0/0x420 [ 96.187837][ T6330] ? __fget_files+0x2a/0x420 [ 96.187862][ T6330] security_file_ioctl+0xc3/0x2a0 [ 96.187892][ T6330] __se_sys_ioctl+0x47/0x170 [ 96.187913][ T6330] do_syscall_64+0x14d/0xf80 [ 96.187928][ T6330] ? trace_irq_disable+0x3b/0x150 [ 96.187948][ T6330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.187965][ T6330] ? clear_bhb_loop+0x40/0x90 [ 96.187987][ T6330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.188003][ T6330] RIP: 0033:0x7fb0f479c799 [ 96.188020][ T6330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 96.188034][ T6330] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.188052][ T6330] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 96.188065][ T6330] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 96.188074][ T6330] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 96.188085][ T6330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.188095][ T6330] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 96.188122][ T6330] [ 96.188490][ T6330] ERROR: Out of memory at tomoyo_realpath_from_path. [ 96.822187][ T6358] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 96.926655][ T5906] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 97.075572][ T5906] usb 2-1: Using ep0 maxpacket: 32 [ 97.083451][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.094925][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.106468][ T5906] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 97.122331][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.143883][ T5906] usb 2-1: config 0 descriptor?? [ 97.215967][ T6368] ieee802154 phy0 wpan0: encryption failed: -22 [ 97.325862][ T6373] FAULT_INJECTION: forcing a failure. [ 97.325862][ T6373] name failslab, interval 1, probability 0, space 0, times 0 [ 97.339762][ T6373] CPU: 0 UID: 0 PID: 6373 Comm: syz.3.159 Not tainted syzkaller #0 PREEMPT(full) [ 97.339781][ T6373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.339791][ T6373] Call Trace: [ 97.339798][ T6373] [ 97.339806][ T6373] dump_stack_lvl+0xe8/0x150 [ 97.339835][ T6373] should_fail_ex+0x412/0x560 [ 97.339860][ T6373] should_failslab+0xa8/0x100 [ 97.339877][ T6373] __kmalloc_noprof+0xe8/0x760 [ 97.339890][ T6373] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 97.339903][ T6373] ? tls_get_rec+0xbf/0x670 [ 97.339915][ T6373] tls_get_rec+0xbf/0x670 [ 97.339925][ T6373] ? __local_bh_enable_ip+0xd0/0x130 [ 97.339955][ T6373] tls_sw_sendmsg+0x4d7/0x2430 [ 97.339980][ T6373] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 97.340018][ T6373] ? __lock_acquire+0x6b5/0x2cf0 [ 97.340042][ T6373] ? __pfx_tls_sw_sendmsg+0x10/0x10 [ 97.340054][ T6373] ? aa_sk_perm+0x6d5/0x900 [ 97.340068][ T6373] ? sock_rps_record_flow+0x19/0x350 [ 97.340083][ T6373] ? inet_send_prepare+0x5c/0x270 [ 97.340105][ T6373] ? inet6_sendmsg+0x101/0x120 [ 97.340125][ T6373] ? __pfx_inet6_sendmsg+0x10/0x10 [ 97.340143][ T6373] sock_sendmsg_nosec+0x90/0x150 [ 97.340167][ T6373] sock_write_iter+0x302/0x410 [ 97.340181][ T6373] ? __pfx_sock_write_iter+0x10/0x10 [ 97.340203][ T6373] do_iter_readv_writev+0x619/0x8c0 [ 97.340215][ T6373] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 97.340229][ T6373] ? bpf_lsm_file_permission+0x9/0x20 [ 97.340245][ T6373] ? security_file_permission+0x75/0x260 [ 97.340267][ T6373] ? rw_verify_area+0x255/0x4d0 [ 97.340295][ T6373] vfs_writev+0x33c/0x990 [ 97.340325][ T6373] ? __pfx_vfs_writev+0x10/0x10 [ 97.340359][ T6373] ? __fget_files+0x2a/0x420 [ 97.340376][ T6373] ? __fget_files+0x3a0/0x420 [ 97.340388][ T6373] ? __fget_files+0x2a/0x420 [ 97.340415][ T6373] do_writev+0x154/0x2e0 [ 97.340438][ T6373] ? __pfx_do_writev+0x10/0x10 [ 97.340469][ T6373] do_syscall_64+0x14d/0xf80 [ 97.340485][ T6373] ? trace_irq_disable+0x3b/0x150 [ 97.340505][ T6373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.340521][ T6373] ? clear_bhb_loop+0x40/0x90 [ 97.340533][ T6373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.340542][ T6373] RIP: 0033:0x7f9ff1f9c799 [ 97.340553][ T6373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.340567][ T6373] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 97.340586][ T6373] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 97.340598][ T6373] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 97.340609][ T6373] RBP: 00007f9ff2d77090 R08: 0000000000000000 R09: 0000000000000000 [ 97.340619][ T6373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.340629][ T6373] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 97.340652][ T6373] [ 97.785925][ T6380] loop5: detected capacity change from 0 to 2640 [ 97.793481][ T6380] buffer_io_error: 42 callbacks suppressed [ 97.793497][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.807806][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.817214][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.826638][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.834589][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.842868][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.852005][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.860990][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.871089][ T6380] ldm_validate_partition_table(): Disk read failed. [ 97.877731][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.888394][ T6380] Buffer I/O error on dev loop5, logical block 0, async page read [ 97.889190][ T5924] usb 1-1: USB disconnect, device number 9 [ 97.896304][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 97.911062][ T6380] Dev loop5: unable to read RDB block 0 [ 97.925103][ T6380] loop5: unable to read partition table [ 97.936733][ T5906] ft260 0003:0403:6030.000C: unknown main item tag 0x0 [ 97.944840][ T5906] ft260 0003:0403:6030.000C: unknown main item tag 0x0 [ 97.945873][ T6380] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 98.001042][ T808] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 98.085757][ T6383] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 98.122547][ T5906] ft260 0003:0403:6030.000C: failed to retrieve chip version [ 98.130846][ T5906] ft260 0003:0403:6030.000C: probe with driver ft260 failed with error -32 [ 98.175905][ T808] usb 4-1: Using ep0 maxpacket: 32 [ 98.189744][ T5163] Bluetooth: hci0: command 0x0406 tx timeout [ 98.196637][ T808] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 98.215841][ T808] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 98.227308][ T808] usb 4-1: config 0 interface 0 has no altsetting 0 [ 98.254283][ T808] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 98.271747][ T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.283180][ T808] usb 4-1: Product: syz [ 98.288116][ T808] usb 4-1: Manufacturer: syz [ 98.292750][ T808] usb 4-1: SerialNumber: syz [ 98.300867][ T808] usb 4-1: config 0 descriptor?? [ 98.416657][ T6396] binder_alloc: 6395: pid 6395 spamming oneway? 1 buffers allocated for a total size of 4096 [ 98.430585][ T6396] binder_alloc: 6395: pid 6395 spamming oneway? 2 buffers allocated for a total size of 5120 [ 98.549905][ T6402] binder_alloc: 6401: pid 6401 spamming oneway? 1 buffers allocated for a total size of 4096 [ 98.560931][ T6402] FAULT_INJECTION: forcing a failure. [ 98.560931][ T6402] name failslab, interval 1, probability 0, space 0, times 0 [ 98.574064][ T6402] CPU: 1 UID: 0 PID: 6402 Comm: syz.2.169 Not tainted syzkaller #0 PREEMPT(full) [ 98.574088][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 98.574098][ T6402] Call Trace: [ 98.574105][ T6402] [ 98.574111][ T6402] dump_stack_lvl+0xe8/0x150 [ 98.574148][ T6402] should_fail_ex+0x412/0x560 [ 98.574173][ T6402] should_failslab+0xa8/0x100 [ 98.574193][ T6402] __kmalloc_noprof+0xe8/0x760 [ 98.574220][ T6402] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 98.574252][ T6402] tomoyo_realpath_from_path+0xe3/0x5d0 [ 98.574286][ T6402] ? tomoyo_path_number_perm+0x219/0x630 [ 98.574309][ T6402] tomoyo_path_number_perm+0x246/0x630 [ 98.574333][ T6402] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.574357][ T6402] ? __lock_acquire+0x6b5/0x2cf0 [ 98.574394][ T6402] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 98.574430][ T6402] ? __fget_files+0x2a/0x420 [ 98.574456][ T6402] ? __fget_files+0x2a/0x420 [ 98.574477][ T6402] ? __fget_files+0x3a0/0x420 [ 98.574498][ T6402] ? __fget_files+0x2a/0x420 [ 98.574524][ T6402] security_file_ioctl+0xc3/0x2a0 [ 98.574547][ T6402] __se_sys_ioctl+0x47/0x170 [ 98.574568][ T6402] do_syscall_64+0x14d/0xf80 [ 98.574583][ T6402] ? trace_irq_disable+0x3b/0x150 [ 98.574603][ T6402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.574620][ T6402] ? clear_bhb_loop+0x40/0x90 [ 98.574642][ T6402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.574659][ T6402] RIP: 0033:0x7fb0f479c799 [ 98.574676][ T6402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.574689][ T6402] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.574707][ T6402] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 98.574720][ T6402] RDX: 0000200000000c00 RSI: 00000000c0306201 RDI: 0000000000000003 [ 98.574731][ T6402] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 98.574742][ T6402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.574752][ T6402] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 98.574781][ T6402] [ 98.574827][ T6402] ERROR: Out of memory at tomoyo_realpath_from_path. [ 98.796711][ T6402] binder_alloc: 6401: pid 6401 spamming oneway? 2 buffers allocated for a total size of 5120 [ 98.796818][ T808] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 98.857062][ T6405] binder_alloc: 6404: pid 6404 spamming oneway? 1 buffers allocated for a total size of 4096 [ 98.869109][ T6405] binder_alloc: 6404: pid 6404 spamming oneway? 2 buffers allocated for a total size of 5120 [ 98.880982][ T6405] FAULT_INJECTION: forcing a failure. [ 98.880982][ T6405] name failslab, interval 1, probability 0, space 0, times 0 [ 98.893629][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.2.170 Not tainted syzkaller #0 PREEMPT(full) [ 98.893649][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 98.893659][ T6405] Call Trace: [ 98.893666][ T6405] [ 98.893673][ T6405] dump_stack_lvl+0xe8/0x150 [ 98.893697][ T6405] should_fail_ex+0x412/0x560 [ 98.893712][ T6405] should_failslab+0xa8/0x100 [ 98.893724][ T6405] __kvmalloc_node_noprof+0x178/0x8a0 [ 98.893738][ T6405] ? seq_read_iter+0x202/0xe10 [ 98.893752][ T6405] seq_read_iter+0x202/0xe10 [ 98.893762][ T6405] ? register_lock_class+0x31/0x2e0 [ 98.893776][ T6405] ? aa_file_perm+0x192/0x15e0 [ 98.893794][ T6405] ? __asan_memset+0x22/0x50 [ 98.893811][ T6405] seq_read+0x367/0x480 [ 98.893824][ T6405] ? __pfx_seq_read+0x10/0x10 [ 98.893835][ T6405] ? __debugfs_file_get+0x5e0/0x720 [ 98.893850][ T6405] ? __pfx___debugfs_file_get+0x10/0x10 [ 98.893863][ T6405] ? apparmor_file_permission+0x1f4/0x300 [ 98.893877][ T6405] full_proxy_read+0x127/0x1f0 [ 98.893891][ T6405] ? __pfx_full_proxy_read+0x10/0x10 [ 98.893905][ T6405] vfs_read+0x20c/0xa70 [ 98.893918][ T6405] ? fdget_pos+0x246/0x320 [ 98.893929][ T6405] ? ksys_write+0x1e6/0x270 [ 98.893939][ T6405] ? __pfx___mutex_lock+0x10/0x10 [ 98.893950][ T6405] ? __pfx_vfs_read+0x10/0x10 [ 98.893964][ T6405] ? __fget_files+0x2a/0x420 [ 98.893978][ T6405] ? __fget_files+0x3a0/0x420 [ 98.893989][ T6405] ? __fget_files+0x2a/0x420 [ 98.894005][ T6405] ksys_read+0x150/0x270 [ 98.894015][ T6405] ? __pfx_ksys_read+0x10/0x10 [ 98.894030][ T6405] do_syscall_64+0x14d/0xf80 [ 98.894039][ T6405] ? trace_irq_disable+0x3b/0x150 [ 98.894050][ T6405] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.894059][ T6405] ? clear_bhb_loop+0x40/0x90 [ 98.894071][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.894081][ T6405] RIP: 0033:0x7fb0f479c799 [ 98.894096][ T6405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.894104][ T6405] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.894115][ T6405] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 98.894122][ T6405] RDX: 0000000000002020 RSI: 0000200000007fc0 RDI: 0000000000000006 [ 98.894128][ T6405] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 98.894133][ T6405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.894139][ T6405] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 98.894154][ T6405] [ 99.404376][ T6414] loop5: detected capacity change from 0 to 2640 [ 99.411714][ T6414] ldm_validate_partition_table(): Disk read failed. [ 99.418627][ T6414] Dev loop5: unable to read RDB block 0 [ 99.424328][ T6414] loop5: unable to read partition table [ 99.430431][ T6414] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 99.436080][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 99.501098][ T808] usb 4-1: USB disconnect, device number 6 [ 99.646195][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 99.653947][ T9] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 99.662374][ T9] usb 3-1: config 179 has no interface number 0 [ 99.668936][ T9] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 99.680484][ T9] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 99.699151][ T9] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 99.711179][ T9] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 99.722986][ T9] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 99.736617][ T9] usb 3-1: config 179 interface 65 has no altsetting 0 [ 99.743742][ T9] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 99.755271][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.785923][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input6 [ 99.854598][ T5198] input input6: unable to receive magic message: -110 [ 99.902306][ T5198] input input6: unable to receive magic message: -32 [ 99.954878][ T5198] input input6: unable to receive magic message: -32 [ 99.981532][ T6408] input input6: unable to receive magic message: -32 [ 100.144295][ T6444] binder_alloc: 6443: pid 6443 spamming oneway? 1 buffers allocated for a total size of 4096 [ 100.156855][ T6444] binder_alloc: 6443: pid 6443 spamming oneway? 2 buffers allocated for a total size of 5120 [ 100.263592][ T9] usb 2-1: USB disconnect, device number 11 [ 100.646118][ T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 100.755183][ T808] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 100.794936][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 100.801563][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 100.815302][ T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 100.825558][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.837482][ T9] usb 2-1: config 0 descriptor?? [ 100.914041][ T808] usb 1-1: Using ep0 maxpacket: 8 [ 100.920571][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 100.931753][ T808] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 100.940900][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.952363][ T808] usb 1-1: config 0 descriptor?? [ 101.050160][ T9] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 101.164599][ T808] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 101.247307][ T6454] FAULT_INJECTION: forcing a failure. [ 101.247307][ T6454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.262848][ T6454] CPU: 1 UID: 0 PID: 6454 Comm: syz.1.177 Not tainted syzkaller #0 PREEMPT(full) [ 101.262870][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 101.262881][ T6454] Call Trace: [ 101.262888][ T6454] [ 101.262895][ T6454] dump_stack_lvl+0xe8/0x150 [ 101.262929][ T6454] should_fail_ex+0x412/0x560 [ 101.262954][ T6454] _copy_to_user+0x31/0xb0 [ 101.262978][ T6454] simple_read_from_buffer+0xe1/0x170 [ 101.263007][ T6454] proc_fail_nth_read+0x1bb/0x230 [ 101.263033][ T6454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 101.263060][ T6454] ? rw_verify_area+0x2a6/0x4d0 [ 101.263085][ T6454] ? lockdep_hardirqs_on+0x7a/0x110 [ 101.263110][ T6454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 101.263134][ T6454] vfs_read+0x20c/0xa70 [ 101.263159][ T6454] ? fdget_pos+0x246/0x320 [ 101.263186][ T6454] ? __pfx___mutex_lock+0x10/0x10 [ 101.263204][ T6454] ? __pfx_vfs_read+0x10/0x10 [ 101.263232][ T6454] ? __fget_files+0x2a/0x420 [ 101.263258][ T6454] ? __fget_files+0x3a0/0x420 [ 101.263280][ T6454] ? __fget_files+0x2a/0x420 [ 101.263310][ T6454] ksys_read+0x150/0x270 [ 101.263329][ T6454] ? __pfx_ksys_read+0x10/0x10 [ 101.263356][ T6454] do_syscall_64+0x14d/0xf80 [ 101.263372][ T6454] ? trace_irq_disable+0x3b/0x150 [ 101.263393][ T6454] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.263412][ T6454] ? clear_bhb_loop+0x40/0x90 [ 101.263433][ T6454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.263450][ T6454] RIP: 0033:0x7f44b195cfce [ 101.263467][ T6454] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 101.263480][ T6454] RSP: 002b:00007f44b2843fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 101.263499][ T6454] RAX: ffffffffffffffda RBX: 00007f44b28446c0 RCX: 00007f44b195cfce [ 101.263512][ T6454] RDX: 000000000000000f RSI: 00007f44b28440a0 RDI: 0000000000000005 [ 101.263522][ T6454] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 101.263533][ T6454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.263543][ T6454] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 101.263571][ T6454] [ 101.503134][ T5905] usb 2-1: USB disconnect, device number 12 [ 101.529714][ T808] usb 1-1: USB disconnect, device number 10 [ 101.907120][ T808] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 102.056141][ T808] usb 1-1: Using ep0 maxpacket: 8 [ 102.062679][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 102.073839][ T808] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 102.087513][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.097951][ T808] usb 1-1: config 0 descriptor?? [ 102.241227][ T5906] usb 3-1: USB disconnect, device number 7 [ 102.247173][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 102.292325][ T6466] loop5: detected capacity change from 0 to 2640 [ 102.302595][ T6466] ldm_validate_partition_table(): Disk read failed. [ 102.309958][ T6466] Dev loop5: unable to read RDB block 0 [ 102.312250][ T808] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 102.316566][ T6466] loop5: unable to read partition table [ 102.334058][ T6466] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 102.558409][ T6470] overlayfs: failed to resolve './file0': -2 [ 102.622893][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.183'. [ 102.721817][ T5906] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 102.834226][ T808] usb 1-1: USB disconnect, device number 11 [ 102.851411][ T5906] usb 3-1: device descriptor read/64, error -71 [ 103.029907][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 103.078806][ T6439] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 103.103031][ T5906] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 103.189146][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 103.201622][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.230880][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.243562][ T6488] netlink: 24 bytes leftover after parsing attributes in process `syz.0.188'. [ 103.247431][ T24] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 103.257460][ T5906] usb 3-1: device descriptor read/64, error -71 [ 103.262268][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.294694][ T24] usb 2-1: config 0 descriptor?? [ 103.324425][ T6488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.188'. [ 103.402306][ T5906] usb usb3-port1: attempt power cycle [ 103.536739][ T5905] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 103.705736][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 103.715398][ T5905] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.730621][ T24] ft260 0003:0403:6030.000D: unknown main item tag 0x0 [ 103.742342][ T5905] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 103.752167][ T24] ft260 0003:0403:6030.000D: unknown main item tag 0x0 [ 103.755408][ T5906] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 103.760474][ T5905] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 103.780417][ T5905] usb 4-1: config 0 interface 0 has no altsetting 0 [ 103.794711][ T5905] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 103.797021][ T5906] usb 3-1: device descriptor read/8, error -71 [ 103.808795][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.818222][ T6494] loop5: detected capacity change from 0 to 2640 [ 103.826199][ T5854] buffer_io_error: 53 callbacks suppressed [ 103.826212][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.826443][ T5905] usb 4-1: Product: syz [ 103.833892][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.851098][ T5905] usb 4-1: Manufacturer: syz [ 103.859429][ T5905] usb 4-1: SerialNumber: syz [ 103.867019][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.875923][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.879131][ T5905] usb 4-1: config 0 descriptor?? [ 103.883863][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.896798][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.904845][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.912861][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.921955][ T5854] ldm_validate_partition_table(): Disk read failed. [ 103.929205][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.930267][ T24] ft260 0003:0403:6030.000D: failed to retrieve chip version [ 103.937381][ T5854] Buffer I/O error on dev loop5, logical block 0, async page read [ 103.937426][ T5854] Dev loop5: unable to read RDB block 0 [ 103.937592][ T5854] loop5: unable to read partition table [ 103.968047][ T24] ft260 0003:0403:6030.000D: probe with driver ft260 failed with error -32 [ 103.968676][ T6494] ldm_validate_partition_table(): Disk read failed. [ 103.983486][ T6494] Dev loop5: unable to read RDB block 0 [ 103.992873][ T6494] loop5: unable to read partition table [ 103.998984][ T6494] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 104.055753][ T5906] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 104.094835][ T5906] usb 3-1: device descriptor read/8, error -71 [ 104.212992][ T5906] usb usb3-port1: unable to enumerate USB device [ 104.321695][ T24] usb 4-1: USB disconnect, device number 7 [ 104.411826][ T5906] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 104.560747][ T5906] usb 1-1: Using ep0 maxpacket: 8 [ 104.567254][ T5906] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 104.575585][ T5906] usb 1-1: config 179 has no interface number 0 [ 104.581990][ T5906] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 104.593286][ T5906] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 104.604740][ T5906] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 104.616166][ T5906] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 104.631939][ T5906] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 104.645642][ T5906] usb 1-1: config 179 interface 65 has no altsetting 0 [ 104.652987][ T5906] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 104.662095][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.683052][ T5906] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input7 [ 104.730597][ T5198] input input7: unable to receive magic message: -110 [ 104.819894][ T5198] input input7: unable to receive magic message: -32 [ 104.879706][ T6504] input input7: unable to receive magic message: -32 [ 105.565383][ T5906] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 105.714435][ T5906] usb 4-1: Using ep0 maxpacket: 16 [ 105.723352][ T5906] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 105.732516][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.740639][ T5906] usb 4-1: Product: syz [ 105.744860][ T5906] usb 4-1: Manufacturer: syz [ 105.750967][ T5906] usb 4-1: SerialNumber: syz [ 105.774143][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 105.923333][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 105.930021][ T9] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 105.938670][ T9] usb 3-1: config 0 has no interface number 0 [ 105.947088][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 105.957072][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.968386][ T5906] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 105.980792][ T9] usb 3-1: Product: syz [ 105.985418][ T9] usb 3-1: Manufacturer: syz [ 105.992980][ T9] usb 3-1: SerialNumber: syz [ 105.999485][ T5906] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 106.015517][ T9] usb 3-1: config 0 descriptor?? [ 106.021364][ T5906] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 106.030346][ T5906] usb 4-1: media controller created [ 106.041335][ T24] usb 2-1: USB disconnect, device number 13 [ 106.070653][ T5906] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 106.113605][ T5906] zl10353_read_register: readreg error (reg=127, ret==-71) [ 106.123565][ T6524] FAULT_INJECTION: forcing a failure. [ 106.123565][ T6524] name failslab, interval 1, probability 0, space 0, times 0 [ 106.136640][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 106.145219][ T6524] CPU: 1 UID: 0 PID: 6524 Comm: syz.1.196 Not tainted syzkaller #0 PREEMPT(full) [ 106.145241][ T6524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 106.145252][ T6524] Call Trace: [ 106.145259][ T6524] [ 106.145267][ T6524] dump_stack_lvl+0xe8/0x150 [ 106.145298][ T6524] should_fail_ex+0x412/0x560 [ 106.145323][ T6524] should_failslab+0xa8/0x100 [ 106.145344][ T6524] __kmalloc_noprof+0xe8/0x760 [ 106.145370][ T6524] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 106.145401][ T6524] tomoyo_realpath_from_path+0xe3/0x5d0 [ 106.145436][ T6524] ? tomoyo_path_number_perm+0x219/0x630 [ 106.145459][ T6524] tomoyo_path_number_perm+0x246/0x630 [ 106.145483][ T6524] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 106.145506][ T6524] ? __lock_acquire+0x6b5/0x2cf0 [ 106.145540][ T6524] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 106.145575][ T6524] ? __fget_files+0x2a/0x420 [ 106.145601][ T6524] ? __fget_files+0x2a/0x420 [ 106.145622][ T6524] ? __fget_files+0x3a0/0x420 [ 106.145646][ T6524] ? __fget_files+0x2a/0x420 [ 106.145671][ T6524] security_file_ioctl+0xc3/0x2a0 [ 106.145695][ T6524] __se_sys_ioctl+0x47/0x170 [ 106.145716][ T6524] do_syscall_64+0x14d/0xf80 [ 106.145731][ T6524] ? trace_irq_disable+0x3b/0x150 [ 106.145752][ T6524] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.145770][ T6524] ? clear_bhb_loop+0x40/0x90 [ 106.145791][ T6524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.145808][ T6524] RIP: 0033:0x7f44b199c799 [ 106.145824][ T6524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.145839][ T6524] RSP: 002b:00007f44b2844028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 106.145859][ T6524] RAX: ffffffffffffffda RBX: 00007f44b1c15fa0 RCX: 00007f44b199c799 [ 106.145879][ T6524] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003 [ 106.145890][ T6524] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 106.145901][ T6524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.145911][ T6524] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 106.145940][ T6524] [ 106.145957][ T6524] ERROR: Out of memory at tomoyo_realpath_from_path. [ 106.194218][ T5906] dvb_usb_gl861 4-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 106.389942][ T5906] usb 4-1: USB disconnect, device number 8 [ 106.453243][ T6518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.463352][ T6518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.635591][ T6526] netlink: 'syz.3.197': attribute type 10 has an invalid length. [ 106.964513][ T3551] Bluetooth: hci5: Frame reassembly failed (-84) [ 107.076016][ T6518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.086244][ T6518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.097033][ T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 107.108028][ T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 107.127681][ T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 107.138956][ T9] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 107.151615][ T9] usb 3-1: USB disconnect, device number 12 [ 107.211540][ T5906] usb 1-1: USB disconnect, device number 12 [ 107.217528][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 107.259389][ T6534] loop5: detected capacity change from 0 to 2640 [ 107.266309][ T6534] ldm_validate_partition_table(): Disk read failed. [ 107.273214][ T6534] Dev loop5: unable to read RDB block 0 [ 107.280813][ T6534] loop5: unable to read partition table [ 107.286932][ T6534] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 108.063066][ T24] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 108.093297][ T5906] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 108.123765][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 108.123950][ T5853] Bluetooth: hci4: command 0x1003 tx timeout [ 108.192410][ T24] usb 3-1: device descriptor read/64, error -71 [ 108.242204][ T5906] usb 1-1: Using ep0 maxpacket: 32 [ 108.249220][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.260862][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.271274][ T5906] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 108.281209][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.293275][ T5906] usb 1-1: config 0 descriptor?? [ 108.431363][ T24] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 108.560813][ T24] usb 3-1: device descriptor read/64, error -71 [ 108.672767][ T24] usb usb3-port1: attempt power cycle [ 108.693730][ T6548] FAULT_INJECTION: forcing a failure. [ 108.693730][ T6548] name failslab, interval 1, probability 0, space 0, times 0 [ 108.707533][ T6548] CPU: 0 UID: 0 PID: 6548 Comm: syz.1.205 Not tainted syzkaller #0 PREEMPT(full) [ 108.707547][ T6548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.707553][ T6548] Call Trace: [ 108.707557][ T6548] [ 108.707561][ T6548] dump_stack_lvl+0xe8/0x150 [ 108.707580][ T6548] should_fail_ex+0x412/0x560 [ 108.707594][ T6548] should_failslab+0xa8/0x100 [ 108.707605][ T6548] __kmalloc_noprof+0xe8/0x760 [ 108.707623][ T6548] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 108.707641][ T6548] tomoyo_realpath_from_path+0xe3/0x5d0 [ 108.707660][ T6548] ? tomoyo_path_number_perm+0x219/0x630 [ 108.707672][ T6548] tomoyo_path_number_perm+0x246/0x630 [ 108.707686][ T6548] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.707699][ T6548] ? __lock_acquire+0x6b5/0x2cf0 [ 108.707720][ T6548] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 108.707740][ T6548] ? __fget_files+0x2a/0x420 [ 108.707754][ T6548] ? __fget_files+0x2a/0x420 [ 108.707769][ T6548] ? __fget_files+0x3a0/0x420 [ 108.707780][ T6548] ? __fget_files+0x2a/0x420 [ 108.707794][ T6548] security_file_ioctl+0xc3/0x2a0 [ 108.707807][ T6548] __se_sys_ioctl+0x47/0x170 [ 108.707818][ T6548] do_syscall_64+0x14d/0xf80 [ 108.707826][ T6548] ? trace_irq_disable+0x3b/0x150 [ 108.707838][ T6548] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.707848][ T6548] ? clear_bhb_loop+0x40/0x90 [ 108.707860][ T6548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.707869][ T6548] RIP: 0033:0x7f44b199c799 [ 108.707879][ T6548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.707887][ T6548] RSP: 002b:00007f44b2844028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 108.707898][ T6548] RAX: ffffffffffffffda RBX: 00007f44b1c15fa0 RCX: 00007f44b199c799 [ 108.707905][ T6548] RDX: 0000200000000480 RSI: 00000000c05c6104 RDI: 0000000000000003 [ 108.707911][ T6548] RBP: 00007f44b2844090 R08: 0000000000000000 R09: 0000000000000000 [ 108.707917][ T6548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.707923][ T6548] R13: 00007f44b1c16038 R14: 00007f44b1c15fa0 R15: 00007ffc142ee018 [ 108.707938][ T6548] [ 108.707993][ T6548] ERROR: Out of memory at tomoyo_realpath_from_path. [ 108.933963][ T5906] ft260 0003:0403:6030.000E: unknown main item tag 0x0 [ 108.942805][ T5906] ft260 0003:0403:6030.000E: unknown main item tag 0x0 [ 109.000038][ T5163] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 109.005612][ T5839] Bluetooth: hci5: command 0x1003 tx timeout [ 109.012841][ T24] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 109.021350][ T5906] ft260 0003:0403:6030.000E: failed to retrieve chip version [ 109.032824][ T5906] ft260 0003:0403:6030.000E: probe with driver ft260 failed with error -32 [ 109.040819][ T24] usb 3-1: device descriptor read/8, error -71 [ 109.287751][ T24] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 109.307615][ T5906] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 109.308099][ T24] usb 3-1: device descriptor read/8, error -71 [ 109.430486][ T24] usb usb3-port1: unable to enumerate USB device [ 109.466908][ T5906] usb 2-1: Using ep0 maxpacket: 8 [ 109.473419][ T5906] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 109.481728][ T5906] usb 2-1: config 179 has no interface number 0 [ 109.489640][ T5906] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 109.500891][ T5906] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 109.512409][ T5906] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 109.524524][ T5906] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 109.535952][ T5906] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 109.549296][ T5906] usb 2-1: config 179 interface 65 has no altsetting 0 [ 109.556156][ T5906] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 109.565197][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.583952][ T5906] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input8 [ 109.636464][ T5198] input input8: unable to receive magic message: -110 [ 109.736181][ T5198] input input8: unable to receive magic message: -32 [ 109.796344][ T5198] input input8: unable to receive magic message: -32 [ 109.886062][ T24] usb 2-1: USB disconnect, device number 14 [ 109.886230][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 110.418989][ T6560] loop5: detected capacity change from 0 to 2640 [ 110.426117][ T6560] buffer_io_error: 49 callbacks suppressed [ 110.426131][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.442341][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.450264][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.458148][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.466002][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.473901][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.481748][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.490232][ T6560] Buffer I/O error on dev loop5, logical block 0, async page read [ 110.498722][ T6560] ldm_validate_partition_table(): Disk read failed. [ 110.498956][ T6561] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 110.505433][ T6560] Buffer I/O error on dev loop5, logical block 1, async page read [ 110.505453][ T6560] Dev loop5: unable to read RDB block 8 [ 110.505555][ T6560] loop5: unable to read partition table [ 110.548986][ T6560] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 110.951237][ T5906] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 111.121694][ T5906] usb 2-1: Using ep0 maxpacket: 32 [ 111.123753][ T5905] usb 1-1: USB disconnect, device number 13 [ 111.132846][ T5906] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 111.132877][ T5906] usb 2-1: config 0 has no interface number 0 [ 111.135356][ T5906] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 111.165414][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.173646][ T5906] usb 2-1: Product: syz [ 111.179306][ T5906] usb 2-1: Manufacturer: syz [ 111.186520][ T5906] usb 2-1: SerialNumber: syz [ 111.228134][ T5906] usb 2-1: config 0 descriptor?? [ 111.658625][ T5905] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 111.668471][ T6565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.678130][ T6565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.817995][ T5905] usb 1-1: Using ep0 maxpacket: 8 [ 111.825865][ T5905] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 111.834183][ T5905] usb 1-1: config 179 has no interface number 0 [ 111.840512][ T5905] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 111.851802][ T5905] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 111.863212][ T5905] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 111.876985][ T5905] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 111.888832][ T5905] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 111.902901][ T5905] usb 1-1: config 179 interface 65 has no altsetting 0 [ 111.909841][ T5905] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 111.918898][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.939870][ T5905] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input9 [ 111.997730][ T5198] input input9: unable to receive magic message: -110 [ 112.067638][ T5198] input input9: unable to receive magic message: -32 [ 112.149559][ T6586] input input9: unable to receive magic message: -32 [ 112.153776][ T6593] loop5: detected capacity change from 0 to 2640 [ 112.167324][ T9] usb 1-1: USB disconnect, device number 14 [ 112.167337][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 112.167386][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 112.192081][ T5854] ldm_validate_partition_table(): Disk read failed. [ 112.198900][ T5854] Dev loop5: unable to read RDB block 0 [ 112.204626][ T5854] loop5: unable to read partition table [ 112.212891][ T6593] ldm_validate_partition_table(): Disk read failed. [ 112.219998][ T6593] Dev loop5: unable to read RDB block 0 [ 112.225893][ T6593] loop5: unable to read partition table [ 112.232340][ T6593] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 112.291523][ T6565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.308016][ T6565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.318251][ T5906] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 112.332568][ T5906] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 112.347456][ T5906] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 112.373898][ T5906] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 112.382502][ T6596] netlink: 204 bytes leftover after parsing attributes in process `syz.2.219'. [ 112.398168][ T5906] usb 2-1: USB disconnect, device number 15 [ 112.433699][ T6598] netlink: 204 bytes leftover after parsing attributes in process `syz.2.220'. [ 112.443247][ T6598] FAULT_INJECTION: forcing a failure. [ 112.443247][ T6598] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.456702][ T6598] CPU: 1 UID: 0 PID: 6598 Comm: syz.2.220 Not tainted syzkaller #0 PREEMPT(full) [ 112.456722][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.456732][ T6598] Call Trace: [ 112.456739][ T6598] [ 112.456746][ T6598] dump_stack_lvl+0xe8/0x150 [ 112.456776][ T6598] should_fail_ex+0x412/0x560 [ 112.456800][ T6598] _copy_from_user+0x2d/0xb0 [ 112.456822][ T6598] ___sys_sendmsg+0x1c6/0x360 [ 112.456846][ T6598] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.456897][ T6598] ? __fget_files+0x2a/0x420 [ 112.456919][ T6598] ? __fget_files+0x3a0/0x420 [ 112.456951][ T6598] __x64_sys_sendmsg+0x1bd/0x2a0 [ 112.456973][ T6598] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 112.457001][ T6598] ? __pfx_ksys_write+0x10/0x10 [ 112.457028][ T6598] do_syscall_64+0x14d/0xf80 [ 112.457044][ T6598] ? trace_irq_disable+0x3b/0x150 [ 112.457064][ T6598] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.457082][ T6598] ? clear_bhb_loop+0x40/0x90 [ 112.457103][ T6598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.457121][ T6598] RIP: 0033:0x7fb0f479c799 [ 112.457137][ T6598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.457152][ T6598] RSP: 002b:00007fb0f561c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.457170][ T6598] RAX: ffffffffffffffda RBX: 00007fb0f4a15fa0 RCX: 00007fb0f479c799 [ 112.457183][ T6598] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 112.457194][ T6598] RBP: 00007fb0f561c090 R08: 0000000000000000 R09: 0000000000000000 [ 112.457204][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.457215][ T6598] R13: 00007fb0f4a16038 R14: 00007fb0f4a15fa0 R15: 00007fff8045e0c8 [ 112.457253][ T6598] [ 112.837267][ T6604] mmap: syz.0.222 (6604) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 112.914243][ T24] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 113.053797][ T24] usb 3-1: device descriptor read/64, error -71 [ 113.163555][ T5905] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 113.292997][ T24] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 113.312900][ T5905] usb 2-1: Using ep0 maxpacket: 32 [ 113.319349][ T5905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.330354][ T5905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.340254][ T5905] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 113.349386][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.359050][ T5905] usb 2-1: config 0 descriptor?? [ 113.422612][ T24] usb 3-1: device descriptor read/64, error -71 [ 113.532389][ T24] usb usb3-port1: attempt power cycle [ 113.775726][ T5905] ft260 0003:0403:6030.000F: unknown main item tag 0x0 [ 113.791433][ T5905] ft260 0003:0403:6030.000F: unknown main item tag 0x0 [ 113.881487][ T24] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 113.911850][ T24] usb 3-1: device descriptor read/8, error -71 [ 113.969972][ T5905] ft260 0003:0403:6030.000F: failed to retrieve chip version [ 113.986245][ T5905] ft260 0003:0403:6030.000F: probe with driver ft260 failed with error -32 [ 114.010993][ T6616] FAULT_INJECTION: forcing a failure. [ 114.010993][ T6616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.024334][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.3.225 Not tainted syzkaller #0 PREEMPT(full) [ 114.024356][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 114.024367][ T6616] Call Trace: [ 114.024375][ T6616] [ 114.024382][ T6616] dump_stack_lvl+0xe8/0x150 [ 114.024413][ T6616] should_fail_ex+0x412/0x560 [ 114.024439][ T6616] _copy_to_user+0x31/0xb0 [ 114.024464][ T6616] simple_read_from_buffer+0xe1/0x170 [ 114.024493][ T6616] proc_fail_nth_read+0x1bb/0x230 [ 114.024518][ T6616] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.024545][ T6616] ? rw_verify_area+0x2a6/0x4d0 [ 114.024577][ T6616] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.024602][ T6616] vfs_read+0x20c/0xa70 [ 114.024627][ T6616] ? fdget_pos+0x246/0x320 [ 114.024654][ T6616] ? __pfx___mutex_lock+0x10/0x10 [ 114.024673][ T6616] ? __pfx_vfs_read+0x10/0x10 [ 114.024701][ T6616] ? __fget_files+0x2a/0x420 [ 114.024728][ T6616] ? __fget_files+0x3a0/0x420 [ 114.024750][ T6616] ? __fget_files+0x2a/0x420 [ 114.024781][ T6616] ksys_read+0x150/0x270 [ 114.024800][ T6616] ? __pfx_ksys_read+0x10/0x10 [ 114.024828][ T6616] do_syscall_64+0x14d/0xf80 [ 114.024844][ T6616] ? trace_irq_disable+0x3b/0x150 [ 114.024865][ T6616] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.024883][ T6616] ? clear_bhb_loop+0x40/0x90 [ 114.024905][ T6616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.024923][ T6616] RIP: 0033:0x7f9ff1f5cfce [ 114.024940][ T6616] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 114.024955][ T6616] RSP: 002b:00007f9ff01d4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 114.024974][ T6616] RAX: ffffffffffffffda RBX: 00007f9ff01d56c0 RCX: 00007f9ff1f5cfce [ 114.024987][ T6616] RDX: 000000000000000f RSI: 00007f9ff01d50a0 RDI: 0000000000000005 [ 114.024999][ T6616] RBP: 00007f9ff01d5090 R08: 0000000000000000 R09: 0000000000000000 [ 114.025010][ T6616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.025021][ T6616] R13: 00007f9ff2216218 R14: 00007f9ff2216180 R15: 00007fff75ed7148 [ 114.025051][ T6616] [ 114.170286][ T24] usb 3-1: new low-speed USB device number 20 using dummy_hcd [ 114.260573][ T24] usb 3-1: device descriptor read/8, error -71 [ 114.298316][ T6619] netlink: 32 bytes leftover after parsing attributes in process `syz.3.226'. [ 114.369867][ T24] usb usb3-port1: unable to enumerate USB device [ 114.480787][ T6623] loop5: detected capacity change from 0 to 2640 [ 114.488997][ T5854] ldm_validate_partition_table(): Disk read failed. [ 114.495858][ T5854] Dev loop5: unable to read RDB block 0 [ 114.502770][ T5854] loop5: unable to read partition table [ 114.510654][ T6623] ldm_validate_partition_table(): Disk read failed. [ 114.517382][ T6623] Dev loop5: unable to read RDB block 0 [ 114.524016][ T6623] loop5: unable to read partition table [ 114.530033][ T6623] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 115.037690][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 115.187239][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 115.193687][ T9] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 115.202236][ T9] usb 1-1: config 179 has no interface number 0 [ 115.208727][ T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 115.220320][ T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 115.231740][ T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 115.243795][ T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 115.255249][ T9] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 115.268569][ T9] usb 1-1: config 179 interface 65 has no altsetting 0 [ 115.275446][ T9] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 115.284557][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.305751][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input10 [ 115.357235][ T5198] input input10: unable to receive magic message: -110 [ 115.447090][ T5198] input input10: unable to receive magic message: -32 [ 115.498362][ T5198] input input10: unable to receive magic message: -32 [ 115.556369][ C0] raw-gadget.2 gadget.0: ignoring, device is not running [ 115.563495][ T5198] input input10: unable to receive magic message: -32 [ 115.566102][ T9] usb 1-1: USB disconnect, device number 15 [ 115.566193][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 115.584635][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 115.793827][ T6640] netlink: 'syz.2.233': attribute type 21 has an invalid length. [ 115.803024][ T6640] IPv6: NLM_F_CREATE should be specified when creating new route [ 115.811648][ T6640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 115.819638][ T6640] IPv6: NLM_F_CREATE should be set when creating new route [ 115.826900][ T6640] IPv6: NLM_F_CREATE should be set when creating new route [ 115.834092][ T6640] IPv6: NLM_F_CREATE should be set when creating new route [ 116.059386][ T9] usb 2-1: USB disconnect, device number 16 [ 116.202544][ T6648] FAULT_INJECTION: forcing a failure. [ 116.202544][ T6648] name failslab, interval 1, probability 0, space 0, times 0 [ 116.219478][ T6648] CPU: 0 UID: 0 PID: 6648 Comm: syz.0.236 Not tainted syzkaller #0 PREEMPT(full) [ 116.219501][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.219512][ T6648] Call Trace: [ 116.219519][ T6648] [ 116.219526][ T6648] dump_stack_lvl+0xe8/0x150 [ 116.219554][ T6648] should_fail_ex+0x412/0x560 [ 116.219578][ T6648] should_failslab+0xa8/0x100 [ 116.219597][ T6648] __kmalloc_cache_noprof+0x88/0x660 [ 116.219623][ T6648] ? resv_map_alloc+0x51/0x2c0 [ 116.219651][ T6648] resv_map_alloc+0x51/0x2c0 [ 116.219677][ T6648] hugetlbfs_get_inode+0x68/0x690 [ 116.219696][ T6648] ? fput+0xa0/0xd0 [ 116.219722][ T6648] hugetlb_file_setup+0x21d/0x630 [ 116.219743][ T6648] ksys_mmap_pgoff+0x22e/0x760 [ 116.219773][ T6648] do_syscall_64+0x14d/0xf80 [ 116.219789][ T6648] ? trace_irq_disable+0x3b/0x150 [ 116.219809][ T6648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.219827][ T6648] ? clear_bhb_loop+0x40/0x90 [ 116.219857][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.219874][ T6648] RIP: 0033:0x7f390d99c799 [ 116.219891][ T6648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 116.219906][ T6648] RSP: 002b:00007f390e8db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 116.219924][ T6648] RAX: ffffffffffffffda RBX: 00007f390dc15fa0 RCX: 00007f390d99c799 [ 116.219936][ T6648] RDX: 0000000002000002 RSI: 0000000000ff5000 RDI: 0000200000000000 [ 116.219947][ T6648] RBP: 00007f390e8db090 R08: ffffffffffffffff R09: 0000000000000000 [ 116.219959][ T6648] R10: 000200000005c832 R11: 0000000000000246 R12: 0000000000000001 [ 116.219970][ T6648] R13: 00007f390dc16038 R14: 00007f390dc15fa0 R15: 00007ffddad224d8 [ 116.219998][ T6648] [ 116.238097][ T6650] loop5: detected capacity change from 0 to 2640 [ 116.390183][ T6655] buffer_io_error: 78 callbacks suppressed [ 116.390199][ T6655] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 116.438790][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.446899][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.455009][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.464902][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.472811][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.481138][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.489280][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.512975][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.532440][ T6650] ldm_validate_partition_table(): Disk read failed. [ 116.549439][ T6650] Buffer I/O error on dev loop5, logical block 0, async page read [ 116.567653][ T6650] Dev loop5: unable to read RDB block 0 [ 116.571754][ T6659] netlink: 48 bytes leftover after parsing attributes in process `syz.2.241'. [ 116.573958][ T6650] loop5: unable to read partition table [ 116.587953][ T6650] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 116.792950][ T9] usb 1-1: new low-speed USB device number 16 using dummy_hcd [ 116.923651][ T9] usb 1-1: device descriptor read/64, error -71 [ 116.942562][ T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 116.952667][ T5906] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 117.092203][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 117.098787][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.109796][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.112122][ T5906] usb 3-1: Using ep0 maxpacket: 8 [ 117.119588][ T24] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 117.127055][ T5906] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 117.133983][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.143532][ T5906] usb 3-1: config 179 has no interface number 0 [ 117.153342][ T24] usb 2-1: config 0 descriptor?? [ 117.162568][ T5906] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 117.174122][ T5906] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 117.187353][ T9] usb 1-1: new low-speed USB device number 17 using dummy_hcd [ 117.194962][ T5906] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 117.206506][ T5906] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 117.219324][ T5906] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 117.232692][ T5906] usb 3-1: config 179 interface 65 has no altsetting 0 [ 117.239564][ T5906] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 117.248609][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.268342][ T5906] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input11 [ 117.322817][ T5198] input input11: unable to receive magic message: -110 [ 117.344602][ T9] usb 1-1: device descriptor read/64, error -71 [ 117.376572][ T5198] input input11: unable to receive magic message: -32 [ 117.451727][ T9] usb usb1-port1: attempt power cycle [ 117.466200][ T30] audit: type=1800 audit(1773724469.935:5): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.246" name="bus" dev="overlay" ino=388 res=0 errno=0 [ 117.490549][ T6672] FAULT_INJECTION: forcing a failure. [ 117.490549][ T6672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.503678][ T6672] CPU: 1 UID: 0 PID: 6672 Comm: syz.3.246 Not tainted syzkaller #0 PREEMPT(full) [ 117.503700][ T6672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.503719][ T6672] Call Trace: [ 117.503727][ T6672] [ 117.503734][ T6672] dump_stack_lvl+0xe8/0x150 [ 117.503764][ T6672] should_fail_ex+0x412/0x560 [ 117.503789][ T6672] _copy_from_user+0x2d/0xb0 [ 117.503813][ T6672] __se_sys_sendfile64+0xac/0x1a0 [ 117.503837][ T6672] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 117.503867][ T6672] do_syscall_64+0x14d/0xf80 [ 117.503883][ T6672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.503900][ T6672] ? clear_bhb_loop+0x40/0x90 [ 117.503919][ T6672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.503936][ T6672] RIP: 0033:0x7f9ff1f9c799 [ 117.503953][ T6672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.503967][ T6672] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 117.503986][ T6672] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 117.503999][ T6672] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003 [ 117.504010][ T6672] RBP: 00007f9ff2d77090 R08: 0000000000000000 R09: 0000000000000000 [ 117.504021][ T6672] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001 [ 117.504031][ T6672] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 117.504060][ T6672] [ 117.663163][ T24] ft260 0003:0403:6030.0010: unknown main item tag 0x0 [ 117.670086][ T24] ft260 0003:0403:6030.0010: unknown main item tag 0x0 [ 117.691379][ C0] raw-gadget.2 gadget.2: ignoring, device is not running [ 117.698613][ T5198] input input11: unable to receive magic message: -32 [ 117.738800][ T5906] usb 3-1: USB disconnect, device number 21 [ 117.744840][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 117.790846][ T9] usb 1-1: new low-speed USB device number 18 using dummy_hcd [ 117.827010][ T9] usb 1-1: device descriptor read/8, error -71 [ 117.862841][ T24] ft260 0003:0403:6030.0010: failed to retrieve chip version [ 117.872164][ T24] ft260 0003:0403:6030.0010: probe with driver ft260 failed with error -5 [ 118.069821][ T9] usb 1-1: new low-speed USB device number 19 using dummy_hcd [ 118.104253][ T9] usb 1-1: device descriptor read/8, error -71 [ 118.108034][ T6680] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4) [ 118.121984][ T6680] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4) [ 118.220104][ T9] usb usb1-port1: unable to enumerate USB device [ 118.281959][ T6686] loop5: detected capacity change from 0 to 2640 [ 118.288894][ T6686] ldm_validate_partition_table(): Disk read failed. [ 118.295970][ T6686] Dev loop5: unable to read RDB block 0 [ 118.302269][ T6686] loop5: unable to read partition table [ 118.308700][ T6686] loop_reread_partitions: partition scan of loop5 (3 ) failed (rc=-5) [ 118.404931][ T6691] Device name cannot be null; rc = [-22] [ 118.411129][ T6691] Device name cannot be null; rc = [-22] [ 118.417010][ T6691] Device name cannot be null; rc = [-22] [ 118.423457][ T6691] Device name cannot be null; rc = [-22] [ 118.429350][ T6691] Device name cannot be null; rc = [-22] [ 118.435112][ T6691] Device name cannot be null; rc = [-22] [ 118.441312][ T6691] Device name cannot be null; rc = [-22] [ 118.447180][ T6691] Device name cannot be null; rc = [-22] [ 118.453175][ T6691] Device name cannot be null; rc = [-22] [ 118.459259][ T6691] Device name cannot be null; rc = [-22] [ 118.737920][ T6704] [ 118.740272][ T6704] ====================================================== [ 118.747276][ T6704] WARNING: possible circular locking dependency detected [ 118.754274][ T6704] syzkaller #0 Not tainted [ 118.758666][ T6704] ------------------------------------------------------ [ 118.765678][ T6704] syz.3.257/6704 is trying to acquire lock: [ 118.771552][ T6704] ffff88807dc98338 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 118.780437][ T6704] [ 118.780437][ T6704] but task is already holding lock: [ 118.787780][ T6704] ffff8880358a0fb0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 118.797510][ T6704] [ 118.797510][ T6704] which lock already depends on the new lock. [ 118.797510][ T6704] [ 118.807892][ T6704] [ 118.807892][ T6704] the existing dependency chain (in reverse order) is: [ 118.816887][ T6704] [ 118.816887][ T6704] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 118.825212][ T6704] down_read+0x47/0x2e0 [ 118.829875][ T6704] mfill_get_vma+0x162/0x660 [ 118.834974][ T6704] mfill_atomic_copy+0x1a8/0x1580 [ 118.840503][ T6704] userfaultfd_ioctl+0x2bbe/0x4c70 [ 118.846128][ T6704] __se_sys_ioctl+0xfc/0x170 [ 118.851218][ T6704] do_syscall_64+0x14d/0xf80 [ 118.856311][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.862705][ T6704] [ 118.862705][ T6704] -> #1 (vm_lock){++++}-{0:0}: [ 118.869639][ T6704] __vma_start_exclude_readers+0x28a/0x940 [ 118.875959][ T6704] __vma_start_write+0xdc/0x290 [ 118.881317][ T6704] mprotect_fixup+0x5eb/0xa80 [ 118.886499][ T6704] setup_arg_pages+0x565/0xac0 [ 118.891777][ T6704] load_elf_binary+0xc5e/0x2980 [ 118.897134][ T6704] bprm_execve+0x949/0x1470 [ 118.902145][ T6704] kernel_execve+0x844/0x930 [ 118.907247][ T6704] try_to_run_init_process+0x13/0x60 [ 118.913039][ T6704] kernel_init+0xad/0x1d0 [ 118.917877][ T6704] ret_from_fork+0x51e/0xb90 [ 118.922980][ T6704] ret_from_fork_asm+0x1a/0x30 [ 118.928247][ T6704] [ 118.928247][ T6704] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 118.935789][ T6704] __lock_acquire+0x15a5/0x2cf0 [ 118.941153][ T6704] lock_acquire+0xf0/0x2e0 [ 118.946077][ T6704] __might_fault+0xcb/0x130 [ 118.951089][ T6704] userfaultfd_ioctl+0x2372/0x4c70 [ 118.956714][ T6704] __se_sys_ioctl+0xfc/0x170 [ 118.961804][ T6704] do_syscall_64+0x14d/0xf80 [ 118.966892][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.973289][ T6704] [ 118.973289][ T6704] other info that might help us debug this: [ 118.973289][ T6704] [ 118.983493][ T6704] Chain exists of: [ 118.983493][ T6704] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 118.983493][ T6704] [ 118.996424][ T6704] Possible unsafe locking scenario: [ 118.996424][ T6704] [ 119.003851][ T6704] CPU0 CPU1 [ 119.009194][ T6704] ---- ---- [ 119.014543][ T6704] rlock(&ctx->map_changing_lock); [ 119.019731][ T6704] lock(vm_lock); [ 119.025953][ T6704] lock(&ctx->map_changing_lock); [ 119.033570][ T6704] rlock(&mm->mmap_lock); [ 119.037969][ T6704] [ 119.037969][ T6704] *** DEADLOCK *** [ 119.037969][ T6704] [ 119.046091][ T6704] 2 locks held by syz.3.257/6704: [ 119.051094][ T6704] #0: ffff888079a3b308 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 119.060313][ T6704] #1: ffff8880358a0fb0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 119.070486][ T6704] [ 119.070486][ T6704] stack backtrace: [ 119.076371][ T6704] CPU: 0 UID: 0 PID: 6704 Comm: syz.3.257 Not tainted syzkaller #0 PREEMPT(full) [ 119.076389][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 119.076399][ T6704] Call Trace: [ 119.076406][ T6704] [ 119.076412][ T6704] dump_stack_lvl+0xe8/0x150 [ 119.076436][ T6704] print_circular_bug+0x2e1/0x300 [ 119.076454][ T6704] check_noncircular+0x12e/0x150 [ 119.076472][ T6704] __lock_acquire+0x15a5/0x2cf0 [ 119.076497][ T6704] ? __kernel_text_address+0xd/0x30 [ 119.076516][ T6704] ? unwind_get_return_address+0x4d/0x90 [ 119.076530][ T6704] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 119.076557][ T6704] lock_acquire+0xf0/0x2e0 [ 119.076579][ T6704] ? __might_fault+0xaf/0x130 [ 119.076602][ T6704] ? __might_fault+0xaf/0x130 [ 119.076622][ T6704] __might_fault+0xcb/0x130 [ 119.076642][ T6704] ? __might_fault+0xaf/0x130 [ 119.076663][ T6704] userfaultfd_ioctl+0x2372/0x4c70 [ 119.076684][ T6704] ? __kasan_slab_free+0x5c/0x80 [ 119.076697][ T6704] ? kfree+0x1c5/0x650 [ 119.076721][ T6704] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 119.076749][ T6704] ? kasan_quarantine_put+0xbb/0x1f0 [ 119.076774][ T6704] ? tomoyo_path_number_perm+0x219/0x630 [ 119.076794][ T6704] ? tomoyo_path_number_perm+0x219/0x630 [ 119.076813][ T6704] ? do_vfs_ioctl+0x1166/0x1530 [ 119.076829][ T6704] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 119.076846][ T6704] ? do_futex+0x395/0x420 [ 119.076874][ T6704] ? __fget_files+0x2a/0x420 [ 119.076894][ T6704] ? __fget_files+0x2a/0x420 [ 119.076912][ T6704] ? __fget_files+0x3a0/0x420 [ 119.076930][ T6704] ? __fget_files+0x2a/0x420 [ 119.076950][ T6704] ? bpf_lsm_file_ioctl+0x9/0x20 [ 119.076964][ T6704] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 119.076985][ T6704] __se_sys_ioctl+0xfc/0x170 [ 119.076999][ T6704] do_syscall_64+0x14d/0xf80 [ 119.077012][ T6704] ? trace_irq_disable+0x3b/0x150 [ 119.077030][ T6704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.077044][ T6704] ? clear_bhb_loop+0x40/0x90 [ 119.077062][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.077077][ T6704] RIP: 0033:0x7f9ff1f9c799 [ 119.077095][ T6704] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.077109][ T6704] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.077125][ T6704] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 119.077136][ T6704] RDX: 0000200000000280 RSI: 00000000c020aa07 RDI: 0000000000000004 [ 119.077146][ T6704] RBP: 00007f9ff2032c99 R08: 0000000000000000 R09: 0000000000000000 [ 119.077156][ T6704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.077165][ T6704] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 119.077181][ T6704] [ 119.476590][ T9] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 119.607483][ T9] usb 3-1: device descriptor read/64, error -71 [ 119.855860][ T9] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 119.985531][ T9] usb 3-1: device descriptor read/64, error -71 [ 120.095674][ T9] usb usb3-port1: attempt power cycle [ 120.444584][ T9] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 120.453708][ T24] usb 2-1: USB disconnect, device number 17 [ 120.467197][ T9] usb 3-1: device descriptor read/8, error -71 [ 120.724061][ T9] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 120.744358][ T9] usb 3-1: device descriptor read/8, error -71 [ 120.853888][ T9] usb usb3-port1: unable to enumerate USB device [ 121.720489][ T6704] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI [ 121.732406][ T6704] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 121.740806][ T6704] CPU: 1 UID: 0 PID: 6704 Comm: syz.3.257 Not tainted syzkaller #0 PREEMPT(full) [ 121.749981][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 121.760019][ T6704] RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 [ 121.765473][ T6704] Code: 01 00 74 08 4c 89 f7 e8 44 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be [ 121.785067][ T6704] RSP: 0018:ffffc90003967460 EFLAGS: 00010006 [ 121.791123][ T6704] RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 [ 121.799076][ T6704] RDX: 1ffff9200072ce98 RSI: 0000000000000000 RDI: ffff88807dc982d0 [ 121.807030][ T6704] RBP: ffffc90003967560 R08: 0000000000000003 R09: 0000000000000004 [ 121.814984][ T6704] R10: dffffc0000000000 R11: fffff5200072cea8 R12: 0000000000000000 [ 121.822937][ T6704] R13: ffff88807dc982d0 R14: 0000000000000018 R15: ffffc90003967620 [ 121.830894][ T6704] FS: 00007f9ff2d776c0(0000) GS:ffff888124ee2000(0000) knlGS:0000000000000000 [ 121.839807][ T6704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.846375][ T6704] CR2: 00007f44b1be92f8 CR3: 00000000759f2000 CR4: 00000000003526f0 [ 121.854337][ T6704] Call Trace: [ 121.857603][ T6704] [ 121.860519][ T6704] ? rcu_is_watching+0x15/0xb0 [ 121.865269][ T6704] ? __pfx_rwsem_mark_wake+0x10/0x10 [ 121.870544][ T6704] ? do_raw_spin_lock+0x12b/0x2f0 [ 121.875555][ T6704] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 121.880914][ T6704] rwsem_del_wake_waiter+0x25d/0x2e0 [ 121.886190][ T6704] rwsem_down_read_slowpath+0x76c/0x940 [ 121.891724][ T6704] ? rwsem_down_read_slowpath+0x596/0x940 [ 121.897437][ T6704] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 121.903492][ T6704] ? rcu_is_watching+0x15/0xb0 [ 121.908236][ T6704] ? lock_acquire+0x57/0x2e0 [ 121.912830][ T6704] ? mmap_read_lock_killable+0x1d/0x70 [ 121.918283][ T6704] down_read_killable+0x9e/0x340 [ 121.923208][ T6704] mmap_read_lock_killable+0x1d/0x70 [ 121.928483][ T6704] lock_mm_and_find_vma+0x2d7/0x340 [ 121.933673][ T6704] ? do_user_addr_fault+0x2c9/0x1340 [ 121.938948][ T6704] do_user_addr_fault+0x330/0x1340 [ 121.944049][ T6704] ? rcu_is_watching+0x15/0xb0 [ 121.948795][ T6704] ? rcu_is_watching+0x15/0xb0 [ 121.953537][ T6704] ? trace_page_fault_kernel+0x84/0x210 [ 121.959074][ T6704] exc_page_fault+0x6a/0xc0 [ 121.963568][ T6704] asm_exc_page_fault+0x26/0x30 [ 121.968400][ T6704] RIP: 0010:__put_user_8+0xd/0x20 [ 121.973416][ T6704] Code: 89 01 31 c9 0f 01 ca e9 c1 79 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca e9 96 79 03 00 90 90 90 90 90 90 90 90 90 [ 121.993004][ T6704] RSP: 0018:ffffc90003967938 EFLAGS: 00050202 [ 121.999058][ T6704] RAX: ffffffffffffffea RBX: 0000000000000000 RCX: 0000200000000298 [ 122.007011][ T6704] RDX: ffffc900060b2000 RSI: ffffffff8c4a6260 RDI: ffffffff8c4a6220 [ 122.014966][ T6704] RBP: ffffc90003967ea8 R08: 0000000000000003 R09: 0000000000000004 [ 122.022916][ T6704] R10: dffffc0000000000 R11: fffffbfff1d46e44 R12: ffffffffffffffea [ 122.030871][ T6704] R13: ffff8880358a0dc0 R14: fffff5200072cf3c R15: 00007ffffffff000 [ 122.038830][ T6704] userfaultfd_ioctl+0x2381/0x4c70 [ 122.043932][ T6704] ? __kasan_slab_free+0x5c/0x80 [ 122.048851][ T6704] ? kfree+0x1c5/0x650 [ 122.052913][ T6704] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 122.058369][ T6704] ? kasan_quarantine_put+0xbb/0x1f0 [ 122.063646][ T6704] ? tomoyo_path_number_perm+0x219/0x630 [ 122.069266][ T6704] ? tomoyo_path_number_perm+0x219/0x630 [ 122.074882][ T6704] ? do_vfs_ioctl+0x1166/0x1530 [ 122.079717][ T6704] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 122.084735][ T6704] ? do_futex+0x395/0x420 [ 122.089069][ T6704] ? __fget_files+0x2a/0x420 [ 122.093646][ T6704] ? __fget_files+0x2a/0x420 [ 122.098226][ T6704] ? __fget_files+0x3a0/0x420 [ 122.102888][ T6704] ? __fget_files+0x2a/0x420 [ 122.107464][ T6704] ? bpf_lsm_file_ioctl+0x9/0x20 [ 122.112383][ T6704] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 122.117831][ T6704] __se_sys_ioctl+0xfc/0x170 [ 122.122404][ T6704] do_syscall_64+0x14d/0xf80 [ 122.126975][ T6704] ? trace_irq_disable+0x3b/0x150 [ 122.131985][ T6704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.138037][ T6704] ? clear_bhb_loop+0x40/0x90 [ 122.142700][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.148574][ T6704] RIP: 0033:0x7f9ff1f9c799 [ 122.152970][ T6704] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.172560][ T6704] RSP: 002b:00007f9ff2d77028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.180956][ T6704] RAX: ffffffffffffffda RBX: 00007f9ff2215fa0 RCX: 00007f9ff1f9c799 [ 122.188909][ T6704] RDX: 0000200000000280 RSI: 00000000c020aa07 RDI: 0000000000000004 [ 122.196864][ T6704] RBP: 00007f9ff2032c99 R08: 0000000000000000 R09: 0000000000000000 [ 122.204822][ T6704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.212777][ T6704] R13: 00007f9ff2216038 R14: 00007f9ff2215fa0 R15: 00007fff75ed7148 [ 122.220741][ T6704] [ 122.223744][ T6704] Modules linked in: [ 122.227630][ T6704] ---[ end trace 0000000000000000 ]--- [ 122.233070][ T6704] RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 [ 122.238521][ T6704] Code: 01 00 74 08 4c 89 f7 e8 44 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be [ 122.258106][ T6704] RSP: 0018:ffffc90003967460 EFLAGS: 00010006 [ 122.264158][ T6704] RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 [ 122.272112][ T6704] RDX: 1ffff9200072ce98 RSI: 0000000000000000 RDI: ffff88807dc982d0 [ 122.280064][ T6704] RBP: ffffc90003967560 R08: 0000000000000003 R09: 0000000000000004 [ 122.288020][ T6704] R10: dffffc0000000000 R11: fffff5200072cea8 R12: 0000000000000000 [ 122.295977][ T6704] R13: ffff88807dc982d0 R14: 0000000000000018 R15: ffffc90003967620 [ 122.303937][ T6704] FS: 00007f9ff2d776c0(0000) GS:ffff888124ee2000(0000) knlGS:0000000000000000 [ 122.312849][ T6704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.319414][ T6704] CR2: 00007f44b1be92f8 CR3: 00000000759f2000 CR4: 00000000003526f0 [ 122.327372][ T6704] Kernel panic - not syncing: Fatal exception [ 122.333652][ T6704] Kernel Offset: disabled [ 122.337954][ T6704] Rebooting in 86400 seconds..