last executing test programs: 2m51.323141348s ago: executing program 3 (id=2634): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) syz_usb_connect(0x0, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f6276000905000000000000000705e37e1b82e60905f202000006000009"], 0x0) write$snapshot(r0, 0x0, 0x0) 2m49.069052326s ago: executing program 3 (id=2640): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x2) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, 0x0, 0x0) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='.\x02\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f00000008c0)=""/31, 0x1f) 2m49.006839654s ago: executing program 3 (id=2642): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x74, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0xc, 0x1, 0x6, 0x0, {0x2, 0x4, 0x0, 0x2}, 0x8, 0xb, 0xc}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x800, 0x1, 0x0, 0x0, {0x0, 0x40, 0x0, 0x4, 0x0, 0x1, 0x1}, 0x8, 0x0, 0x4}}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x8}]}, 0x74}}, 0x4800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$cgroup_devices(r3, &(0x7f0000000200)='devices.allow\x00', 0x2, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) inotify_init() mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) ftruncate(r5, 0x2007ffb) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x102) sendfile(r4, r4, 0x0, 0x7ffff000) 2m47.795082906s ago: executing program 3 (id=2648): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) syz_usb_connect(0x0, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f6276000905000000000000000705e37e1b82e60905f202000006000009"], 0x0) write$snapshot(r0, 0x0, 0x0) 2m46.003023585s ago: executing program 3 (id=2656): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) read$FUSE(r3, &(0x7f00000026c0)={0x2020}, 0x2020) (fail_nth: 2) 2m45.82302651s ago: executing program 3 (id=2659): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007000010600000000000000000700000047"], 0x18}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r3, 0x0) connect$x25(r3, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f0000000700)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xae9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40000000, 0x0, 0x2, 0x0, 0x7ff, 0x4374, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10], [0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x1, 0x0, 0x0, 0x9b6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8a02, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3193, 0xfdff]}, 0x45c) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0x5501, 0x0) writev(r4, &(0x7f00000001c0)=[{&(0x7f0000008180)="91", 0x1}], 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) open_tree(r1, &(0x7f00000000c0)='./file0\x00', 0x80101) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x2202, 0x0) r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x141202, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x54) write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='-5'], 0x9) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x20010, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r7 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) fadvise64(r7, 0x92, 0x5, 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 2m30.750737783s ago: executing program 32 (id=2659): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007000010600000000000000000700000047"], 0x18}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r3, 0x0) connect$x25(r3, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f0000000700)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xae9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40000000, 0x0, 0x2, 0x0, 0x7ff, 0x4374, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10], [0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x1, 0x0, 0x0, 0x9b6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8a02, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3193, 0xfdff]}, 0x45c) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0x5501, 0x0) writev(r4, &(0x7f00000001c0)=[{&(0x7f0000008180)="91", 0x1}], 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) open_tree(r1, &(0x7f00000000c0)='./file0\x00', 0x80101) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x2202, 0x0) r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x141202, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x54) write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='-5'], 0x9) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x20010, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r7 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) fadvise64(r7, 0x92, 0x5, 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1m14.899404214s ago: executing program 0 (id=3089): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) (fail_nth: 1) 1m14.596441385s ago: executing program 0 (id=3091): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) socket(0x11, 0xa, 0x80000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x0, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x8, 0xa, 0x0, 0x0, @ipv4=@empty}]}]}, 0x28}], 0x1}, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, 0x0, 0x0) r5 = dup(r3) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r5, 0x0, 0xffffffdb) syz_open_dev$sndctrl(&(0x7f0000000040), 0x84, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, &(0x7f00000000c0)={'\x00', 0xdd, 0x3, 0x10000}) 1m12.803886184s ago: executing program 0 (id=3099): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffd) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001000), 0x581, 0x40000000, 0x0) (fail_nth: 8) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe) 1m12.486727952s ago: executing program 0 (id=3100): r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000080)) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x3, 0x4) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) sendmmsg$inet_sctp(r0, &(0x7f0000001880)=[{&(0x7f0000000000)=@in={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@sndinfo={0x20, 0x84, 0x2, {0x2, 0x200, 0xb54, 0xffff070d}}], 0x20}], 0x1, 0x10) 1m12.391230545s ago: executing program 0 (id=3101): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) listen(0xffffffffffffffff, 0x220c) listen(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418effef0004fcff", 0x58}], 0x1) 1m12.342179709s ago: executing program 0 (id=3102): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) lsetxattr$security_ima(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), &(0x7f0000000180)=@ng={0x4, 0xf, "c37fd16035caa88d469147bb02"}, 0xf, 0x1) r0 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x559}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e70600000000000000f6d15c3e681411f7a496c0da04ee49474362b24cb800edc500", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000300)="68b709ca6cfbe3b7ac8487d9aab38b9d194ea41fca57b35bbde5d901b02947737b6210d49a41ceeb1bfea659c175f7c6f3f4c846ae47b30949f61c35650bc428cca244edb0fe09ba", 0x0, 0x48) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 56.859460947s ago: executing program 33 (id=3102): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) lsetxattr$security_ima(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), &(0x7f0000000180)=@ng={0x4, 0xf, "c37fd16035caa88d469147bb02"}, 0xf, 0x1) r0 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x559}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e70600000000000000f6d15c3e681411f7a496c0da04ee49474362b24cb800edc500", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000300)="68b709ca6cfbe3b7ac8487d9aab38b9d194ea41fca57b35bbde5d901b02947737b6210d49a41ceeb1bfea659c175f7c6f3f4c846ae47b30949f61c35650bc428cca244edb0fe09ba", 0x0, 0x48) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 20.859207294s ago: executing program 5 (id=3333): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c2c2b0304000e0580a7b6070d63e286a5cefe", 0x5ac) (fail_nth: 11) 20.095618502s ago: executing program 5 (id=3334): r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000980), r1) sendmsg$NFC_CMD_GET_DEVICE(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES8, @ANYRES16=r2, @ANYRES16=r1, @ANYRES32=0x0, @ANYBLOB="3f29bcf4001368f58b2be7b1b03825e71d79f390ac64b982a7645dabc6e62d182a12d0e3f9"], 0x1c}, 0x1, 0x0, 0x0, 0x4005}, 0x40) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4c, &(0x7f0000002900)=0x659c, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181002, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1000000) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r7 = socket$pppl2tp(0x18, 0x1, 0x1) r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000040)={0x4b, 0x2, 0x0, "0ba7dfad1cfbb5a12e6a2bdee19988d940d2c1aebd746fc04a0026d174932d46"}) connect$pppl2tp(r7, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r7, 0x40047452, 0xffffffffffffffff) ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r9 = eventfd(0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r9, 0x0, 0x0, r9}) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]}) mkdirat(0xffffffffffffffff, 0x0, 0xa1) close_range(r10, 0xffffffffffffffff, 0x0) r11 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r11) r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r12, 0xc004743e, 0x110c230000) socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000001580), 0x80, &(0x7f0000000280)=ANY=[@ANYRES64=r12, @ANYRESHEX=r11, @ANYRES8, @ANYBLOB="c3b5f80f0036f9e4bce24b06ca541c46c9f11a354d779c25ac07f4f59b6186bd5828572d04b8d7d71bdd5fbb30f7df143e0cb7299bbf63b17cb01ba17278176480256dd0fb748ab8ec0d62e5c2ee4253cecfced13ee89ceb644b0654b328b63c1f8dc3f32530", @ANYBLOB=',\x00']) r13 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) ioctl$KVM_RESET_DIRTY_RINGS(r11, 0xaec7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r13, 0x2000) 19.027136729s ago: executing program 5 (id=3339): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffd) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001000), 0x581, 0x40000000, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'dummy0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe) 18.821321005s ago: executing program 5 (id=3342): r0 = creat(&(0x7f0000001380)='./file0\x00', 0x29) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x2, 0x3}) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) rt_tgsigqueueinfo(r2, r2, 0x8, &(0x7f0000000140)={0x24, 0x5, 0xfffffff9}) tkill(r2, 0xa) ptrace$peeksig(0x4209, r2, &(0x7f0000000600)={0x1, 0x0, 0x1}, &(0x7f00000002c0)=[{}]) read$FUSE(r0, &(0x7f00000013c0)={0x2020}, 0x2020) ioctl$LOOP_SET_FD(r0, 0x4c00, r0) 18.527070966s ago: executing program 5 (id=3344): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) (fail_nth: 9) 18.166929755s ago: executing program 5 (id=3346): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x0, 'queue1\x00', 0xb}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f00000000c0)={&(0x7f000037c000/0x2000)=nil, &(0x7f0000000000/0x3000)=nil, 0x2000, 0x2}) ptrace(0x10, r1) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ptrace$getregset(0x4204, r1, 0x200, &(0x7f00000001c0)={0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x4010, r0, 0xd494a000) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) close(r3) syz_usb_connect(0x4, 0x24, &(0x7f0000000200)=ANY=[], 0x0) ioctl$EVIOCRMFF(r3, 0x5501, &(0x7f0000000000)=0x200001) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 17.63307943s ago: executing program 34 (id=3346): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0xfffffffd, 0x0, 'queue1\x00', 0xb}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f00000000c0)={&(0x7f000037c000/0x2000)=nil, &(0x7f0000000000/0x3000)=nil, 0x2000, 0x2}) ptrace(0x10, r1) ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ptrace$getregset(0x4204, r1, 0x200, &(0x7f00000001c0)={0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x4010, r0, 0xd494a000) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) close(r3) syz_usb_connect(0x4, 0x24, &(0x7f0000000200)=ANY=[], 0x0) ioctl$EVIOCRMFF(r3, 0x5501, &(0x7f0000000000)=0x200001) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 7.997794637s ago: executing program 1 (id=3373): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1}) (fail_nth: 3) syz_usb_control_io$hid(r0, &(0x7f0000000800)={0x24, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 6.617604857s ago: executing program 4 (id=3374): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x680222, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f00000002c0)={0x2, [0x0, 0x0]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0) r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x28bd, 0x1903, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000300)) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)={0x24, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0xc, 0x2b, 0x0, 0x1, [@typed={0x8, 0x3, 0x0, 0x0, @fd}]}]}, 0x24}], 0x1}, 0x20000000) remap_file_pages(&(0x7f0000b27000/0x4000)=nil, 0x4000, 0x2000000, 0x1, 0x8000) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) madvise(&(0x7f00009a2000/0x3000)=nil, 0x3000, 0xe) read(r4, &(0x7f0000000040)=""/148, 0xffffff96) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x5c, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x8}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x87}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffff9}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x8}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x78}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 5.906730659s ago: executing program 6 (id=3347): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000600)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@subj_user={'subj_user', 0x3d, 'overlay\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@appraise_type}, {@obj_type={'obj_type', 0x3d, ':$(&'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@flag='nomand'}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@measure}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x2) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="c50109000000000000003ba2b003690c1a53f97b422db55dcd0cb300ea"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000001e40)={0x18, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000100000069"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.043107602s ago: executing program 1 (id=3375): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1}) syz_usb_control_io$hid(r0, &(0x7f0000000800)={0x24, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 4.602469538s ago: executing program 4 (id=3377): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1}) syz_usb_control_io$hid(r0, &(0x7f0000000800)={0x24, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 3.975033507s ago: executing program 2 (id=3381): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r1, 0x0, 0x2, 0x101}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r1, 0x0, 0x7, 0x1}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000040f8030003000040"]) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r1, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x19, 0x1, 0x70bd30, 0x25dfdc02, {0x1c}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44000) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r8 = syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_G_FREQUENCY(r8, 0xc02c5638, &(0x7f0000000000)) r9 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r9, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r8, 0x3b8c, &(0x7f0000000240)={0x30, r2, 0x0, 0x0, 0x4, 0x5, 0x2, &(0x7f0000000340)=""/109}) r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r10, 0x60b, 0x0) syz_usb_disconnect(r9) ioctl$FS_IOC_GETFLAGS(r10, 0x80086601, &(0x7f0000000080)) 2.849112133s ago: executing program 6 (id=3382): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0xeeee0000, 0xb, 0xfefffffb, 0xfffffffc, 0x0, [{0xf, 0xfc, 0x8, '\x00', 0xb4}, {0x83, 0x1, 0xa, '\x00', 0x4b}, {0xf9, 0xe, 0x7, '\x00', 0xda}, {0x0, 0x5, 0x0, '\x00', 0x8}, {0x8, 0xd, 0x8}, {0x2, 0x5, 0x6, '\x00', 0xfe}, {0x6, 0xe, 0x47, '\x00', 0x6}, {0x5, 0x90, 0x4, '\x00', 0xe9}, {0xe, 0x0, 0xa7, '\x00', 0x1}, {0x9, 0x6, 0x16, '\x00', 0x5}, {0x1, 0x9, 0x15, '\x00', 0xb}, {0x0, 0x3, 0x9b, '\x00', 0x7}, {0x1, 0xca, 0x80, '\x00', 0x4}, {0x3, 0xf1, 0x6, '\x00', 0xb2}, {0x8, 0x4, 0x0, '\x00', 0xfd}, {0x6, 0x0, 0x4, '\x00', 0x9}, {0x7, 0x2, 0x4, '\x00', 0x3}, {0xee, 0x6, 0x4, '\x00', 0xff}, {0xf, 0x41, 0x6, '\x00', 0x1}, {0x9, 0x3, 0x54, '\x00', 0x4}, {0x1, 0x3, 0x7, '\x00', 0x4}, {0xd, 0x40, 0x7, '\x00', 0x4}, {0x5, 0xfd, 0x7, '\x00', 0x2}, {0x5, 0x6, 0xfa, '\x00', 0x40}]}}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x9) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_DISALLOCATE(r3, 0x5608) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.450424676s ago: executing program 6 (id=3383): syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r0, &(0x7f00000002c0)=""/216, 0xd8) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) writev(r0, &(0x7f0000000180)=[{&(0x7f00000003c0)="8c", 0x1}], 0x1) close(r0) 2.221407501s ago: executing program 1 (id=3384): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) (fail_nth: 5) 2.159994366s ago: executing program 4 (id=3385): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x10000002, 0x0, 0x0, 0x0, 0xc6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.041442565s ago: executing program 2 (id=3386): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000001040)={&(0x7f0000000040)=[0x40, 0x1ff, 0x0, 0x3, 0x401, 0x5, 0x10001, 0x2, 0xfffffffb, 0x6, 0x8, 0x7, 0x0, 0xffff, 0x6, 0x2, 0x0, 0xeb71, 0x6, 0x6, 0xb, 0x3, 0xec99, 0x1, 0x5, 0x8000, 0x6, 0x80, 0x101, 0x0, 0xdf18, 0xd99e, 0x3, 0x7, 0x0, 0x3, 0x400, 0x8001, 0x9e6, 0x101, 0x5, 0x1, 0xa, 0x593, 0x6, 0x400, 0x8, 0x101, 0xa, 0xffffcfcb, 0x6, 0xfffffffe, 0x1, 0x2, 0x6, 0x2c97fd87, 0xbe, 0x9, 0x8001, 0x6, 0xffff, 0xfffffffd, 0x9, 0x87a, 0x9727, 0x8001, 0xf527, 0x7, 0x5, 0x9, 0x4, 0x3, 0x5, 0x3, 0x2, 0x1, 0x1000, 0x9, 0x3, 0x5, 0xc, 0x1, 0xf, 0xcdc6, 0x0, 0x4000000, 0x1200, 0xc0000000, 0xb, 0x7fffffff, 0x2, 0xc3, 0x4, 0x3ff, 0x9ba9, 0x9, 0x5ae, 0x100, 0x6, 0x5, 0x3, 0x1000, 0x2, 0x8e6f, 0x1c50, 0x4, 0x96, 0xffff32a3, 0x0, 0x10000, 0xffffffff, 0x6, 0x4234, 0x7fff, 0x5, 0xb6ed, 0x4, 0x9, 0x1000, 0xad, 0x0, 0x4, 0x0, 0x3, 0x4, 0x0, 0x80000000, 0x2, 0x4c, 0x80000000, 0x6, 0x81, 0x5, 0xf, 0x81, 0x6, 0x7, 0x6, 0x5, 0x7, 0x3, 0x40, 0xfff, 0x4, 0x4703, 0x9, 0xff, 0x4, 0x9, 0xedd, 0xfff, 0x5, 0x2, 0x10001, 0x401, 0x6, 0x5, 0x96c, 0x2, 0x7, 0xfd55, 0x0, 0x6, 0x4, 0x2, 0x101, 0x4, 0x8001, 0x460, 0x5, 0x7fff, 0x8, 0x8000, 0x3, 0x7f, 0x4, 0x0, 0xfffffff6, 0x3, 0x7ff, 0x2, 0x401, 0x7, 0xfffffc01, 0x2970ab14, 0x0, 0x1, 0x7, 0xfff, 0x5, 0x7877643, 0x6, 0x15fb, 0x7fff, 0x5, 0x40, 0x3, 0xffffff31, 0xffffffa0, 0x6, 0x2, 0x8000, 0x6, 0x32, 0x81, 0x81, 0x9, 0x5, 0x10, 0x1ff, 0x4c7, 0xa, 0x4, 0x10001, 0x8001, 0xd75f, 0x7ff, 0x4, 0xd, 0x0, 0x7, 0xdac3, 0x1, 0x6, 0x6, 0x200, 0x0, 0x8, 0xf8db, 0xffffff7f, 0x6, 0x6, 0x5, 0x80, 0x8, 0x9, 0x8, 0x0, 0x29, 0x2, 0x3, 0x0, 0x0, 0x6, 0x7f1, 0x5, 0x8000, 0x0, 0x3, 0x8, 0xb, 0x2, 0xe000, 0x8001, 0x5, 0x7fff, 0xd76, 0x9, 0xc, 0x7, 0x1fa, 0xfff, 0x8, 0x4, 0x10, 0x8000000, 0x3, 0x4, 0x19, 0x8, 0x6, 0x9, 0x3, 0xfffffffe, 0x6, 0x200, 0x5c59, 0x1, 0x0, 0x3, 0x80000001, 0xd, 0xc9, 0x2, 0x3, 0x8001, 0x1b87ca2, 0x4, 0x3, 0xec3, 0xfffffffd, 0x8, 0x3, 0x49a, 0x3, 0x0, 0x7, 0x4b, 0x8, 0x41, 0x9, 0x6, 0x5, 0x1, 0xe, 0x2, 0x8001, 0x9, 0x2, 0x1800, 0x1ff, 0x2, 0x0, 0x2, 0xa, 0xea1, 0x7fffffff, 0x3, 0x3, 0x3, 0xffffffff, 0x2c8c, 0x6, 0x0, 0xb8, 0x5, 0xfffffffb, 0xa, 0xf, 0x7, 0x7ff, 0xeb64, 0x9, 0x200, 0x8, 0x1ff, 0xfff, 0x7f, 0x0, 0x6, 0x8, 0x1, 0x0, 0xfffffff9, 0xfff, 0x731, 0x7, 0x4, 0x8831, 0x10000, 0x25, 0x40, 0x6, 0x6, 0x6, 0x6, 0x4, 0x7, 0x1, 0x4, 0x0, 0xf, 0x100, 0x0, 0x9, 0xf5, 0xf451, 0x9, 0x80, 0x2, 0x6, 0xde200000, 0x6, 0x8, 0xe2, 0x7fff, 0x400, 0x0, 0x7fffffff, 0x1, 0x80000001, 0x9, 0x5, 0xfffffff2, 0x2, 0x7, 0x8, 0x7, 0x3, 0x9, 0xce1b, 0x0, 0x7, 0x0, 0x81, 0x8, 0x9, 0x100, 0x8, 0x7ff, 0x5, 0xa4, 0x7, 0x6, 0x80000001, 0xa7, 0x5, 0x10, 0x886, 0x5, 0x7, 0x205, 0x96, 0x3, 0x8, 0x0, 0x9fa9, 0x6, 0x9, 0xfffffffe, 0x7, 0x5, 0x7, 0x4c46, 0x750d, 0x6, 0x8, 0x8, 0x10000, 0x3acdb4e9, 0x4, 0x1, 0x10001, 0x9, 0x6, 0xdc, 0xa, 0x7f, 0xa6fa, 0xa, 0x2, 0x3e, 0x6, 0xfae, 0x61, 0x6, 0x1, 0x4, 0x10000, 0x6, 0x5cd, 0x2, 0xca1a, 0x1, 0x7fff, 0xffffffff, 0x52f, 0x9, 0x0, 0x7fffffff, 0x3, 0xd, 0xffffffff, 0xbf6, 0x4, 0x4, 0xfa7, 0x0, 0x2, 0x9, 0xffffff1d, 0x7, 0x2, 0x7, 0xfff, 0x3, 0x1000, 0x3, 0x79, 0x1, 0x6, 0x7fffffff, 0xec, 0x4d9, 0x6, 0xfff, 0x0, 0x3, 0xffffffff, 0x28000, 0x80000000, 0x1, 0x5, 0x2, 0x3, 0x8001, 0x6, 0x3, 0x5918, 0xfffffffa, 0x8, 0xbff, 0x80, 0x80, 0x7ff, 0x40, 0xfffffff8, 0x6, 0x3, 0x3, 0x4, 0xffffffff, 0x0, 0x6, 0x9, 0xff, 0x8db0, 0x0, 0x3, 0x8, 0x6, 0x7b, 0x6, 0x5, 0x3, 0x10001, 0x3a2, 0xfffffffe, 0x0, 0xa, 0x9, 0x1000, 0x4b, 0x3ff, 0x0, 0x9, 0x3, 0x3, 0x3, 0xbe3, 0x3, 0x1, 0x8, 0xffff, 0x12000000, 0x8, 0x401, 0x841f, 0x4, 0xd, 0x4932, 0xee, 0x400, 0x8, 0x80000000, 0xffffffff, 0x0, 0x86, 0x5, 0x1, 0x0, 0x6, 0x9, 0x0, 0x8, 0x1, 0x5, 0xe, 0xd, 0x200, 0x7, 0x5, 0xffffff5d, 0xa10, 0x8, 0x9, 0x8b3, 0x1, 0xb, 0x7, 0x3, 0x1, 0x4, 0x81, 0xc, 0x2, 0xfffff002, 0x8, 0x3, 0x85f, 0x4, 0x40, 0xd173, 0x1, 0x8, 0x672, 0x4, 0x401, 0x4, 0x4, 0xffffffff, 0x86, 0x2, 0xfffffff7, 0xe, 0x9, 0x78, 0x2a3, 0x101, 0x10001, 0x66, 0x7ff, 0x7, 0x9, 0x80000000, 0x5, 0x2, 0x3ff, 0x7, 0x1355, 0xfffffffb, 0x3, 0x6, 0x9471, 0xffffffff, 0x4, 0x10, 0x0, 0xf, 0x2, 0x81, 0x80, 0x303, 0x3, 0x1, 0x2, 0x8000, 0x101, 0x0, 0x3, 0xd, 0x7, 0x0, 0x40, 0x5, 0x1, 0x4e62, 0x5, 0x0, 0x5, 0x3, 0x9a, 0x80, 0x7, 0x7, 0x28, 0x4, 0x5, 0x622c6f1b, 0xbd7, 0x5, 0x341, 0x3, 0x4, 0x1000, 0x8, 0xa5c, 0xf, 0x7, 0xb4, 0x5, 0xe577, 0x3, 0x200, 0xa5e, 0x4, 0x8, 0x7, 0x4, 0xe, 0x4, 0x2, 0x3, 0x3d7, 0x1, 0x0, 0x2, 0x4e, 0x6, 0x7f, 0x5, 0x6cb, 0x8, 0x8, 0x2, 0x3, 0x6, 0xfffffffb, 0xfe, 0x3100000, 0x5a503e72, 0x5, 0x7, 0x4, 0x4, 0xd45, 0xfffffff7, 0x2, 0x2d96, 0x2, 0x6, 0x5, 0x9, 0x5, 0x4, 0x14, 0x1, 0xa1c, 0xca, 0x8, 0x71, 0x1, 0xffffff7f, 0x0, 0x9, 0x0, 0x8, 0x8001, 0xb, 0x1, 0x5, 0x70a, 0x8, 0x1000, 0xffffb670, 0x3, 0x8, 0x6, 0x1, 0x5, 0x363, 0x7, 0x7ff, 0x7f, 0x7, 0x5, 0x5, 0x6, 0x5, 0x7, 0x6, 0x8, 0xffffffff, 0x100, 0x4, 0x8, 0x5, 0x5, 0x5, 0x1, 0x7, 0x8, 0x682a, 0xa5, 0x10000, 0x7, 0x1, 0x0, 0x4a, 0x3ff, 0x9e1f, 0x2, 0x6, 0x9000, 0x40, 0x4, 0x598c8a02, 0x2, 0x6897, 0x7, 0x4, 0xff, 0x364f9e5d, 0x0, 0x4, 0x2, 0x7fffffff, 0xfffffff7, 0xae8, 0x3, 0x6, 0x8, 0xe2, 0x8, 0xaf, 0x7, 0x1, 0x5, 0xffffff31, 0x0, 0xef, 0x1261, 0x401, 0x0, 0x0, 0xc, 0xfff, 0x7fff, 0x3740, 0xffffab02, 0xfffffffd, 0xff, 0x8080000, 0x7, 0x9, 0x1, 0x9, 0x8, 0x4, 0x8001, 0x1, 0x3, 0x9, 0x6, 0x40, 0x40, 0x4, 0x1, 0x8, 0x6, 0xff, 0x90d, 0x1, 0x7, 0x4, 0xffff, 0xa5, 0x80000000, 0x6, 0x3, 0x80000001, 0xb32, 0x89, 0x2, 0x5, 0x4c67, 0x994, 0x6, 0x40, 0x1, 0xfff, 0x2, 0x6, 0xb, 0xa6, 0x0, 0x8, 0x6b, 0x7, 0x0, 0x9, 0xfffffeff, 0x4, 0xfffffffc, 0x401, 0x10001, 0x9, 0xc, 0x9, 0x3, 0x8001, 0x7, 0x5c3b, 0x3, 0x8001, 0x8, 0x10000, 0x0, 0x4, 0x6, 0x2374, 0x2, 0x4, 0xb210, 0x6, 0xa8, 0x3, 0xe, 0x44, 0xb, 0x800, 0x3, 0xa6, 0x7, 0x9, 0x0, 0x8000, 0x390, 0x9, 0x3ff, 0x400000, 0x8, 0x4, 0x9, 0x0, 0x0, 0x6, 0xfffffff7, 0x1, 0x9, 0x6, 0x401, 0x9, 0x8, 0xf, 0x7, 0x8, 0x8, 0x0, 0x80000000, 0xe, 0x9, 0xb339, 0x8, 0x123, 0xb, 0x6, 0x0, 0x7, 0x20a, 0x874d00, 0x2, 0xff, 0x2307, 0x4, 0x48, 0x6, 0x400, 0xe9, 0x49, 0x2, 0x8, 0x0, 0x80000000, 0x1, 0xac10, 0x3e, 0xc, 0x919, 0x0, 0x6, 0x3, 0x5c237e9a, 0x2, 0x3ff, 0xfffff7b9, 0x4, 0x0, 0x2c25, 0x4, 0x1, 0x401, 0xa41, 0xfffffffc, 0x7, 0x9, 0x98e, 0x8, 0x1, 0x185, 0x38, 0x7, 0xffffffff, 0x800, 0x5, 0x4, 0x0, 0x4, 0x400, 0x3, 0x4, 0xfffff138, 0x6, 0x81, 0x400, 0x4, 0x3, 0x934, 0x4, 0x47d8, 0xb0, 0x4, 0x0, 0x40, 0x4, 0x51, 0x2, 0x3, 0x0, 0x2, 0x3, 0xc4, 0xcc, 0x100, 0x4, 0x9, 0xfe86, 0x400, 0xcd, 0x8, 0xffff7231, 0xaec7, 0x4, 0xa1, 0x2, 0x1, 0x10000, 0x4000, 0x7f, 0xc, 0xffffffff, 0x9, 0x8, 0x5], 0x3, 0x400, 0x8}) r1 = accept4$x25(0xffffffffffffffff, &(0x7f0000001080)={0x9, @remote}, &(0x7f00000010c0)=0x12, 0x80000) close_range(r0, r1, 0x0) epoll_create1(0x80000) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001100)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000001140)={0x48, @tick, 0x9, {0x7, 0xa2}, 0x8, 0x1, 0x80}) quotactl_fd$Q_SYNC(r1, 0xffffffff80000102, 0x0, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000001180)=0xa0000) socketpair(0x26, 0x4, 0x1, &(0x7f00000011c0)={0xffffffffffffffff}) r4 = fsopen(&(0x7f0000001200)='coda\x00', 0x0) r5 = socket$tipc(0x1e, 0x0, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r5, 0xf50f, 0x0) ioctl$MEDIA_REQUEST_IOC_QUEUE(r2, 0x7c80, 0x0) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000001240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION(r6, 0x79f, &(0x7f0000001280)=0x80000) newfstatat(0xffffffffffffff9c, &(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x7df4c94642cd487c) quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000802, r7, &(0x7f0000001380)={0x7, 0x3, 0x3, 0x400, 0x7, 0x5, 0xaa, 0xd, 0x1ea}) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000001400)) r8 = accept4(0xffffffffffffffff, &(0x7f0000001440)=@qipcrtr, &(0x7f00000014c0)=0x80, 0x800) shutdown(r8, 0x0) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000002500)={&(0x7f0000001500)=[0x8000, 0x200, 0x7, 0x9, 0x6, 0x4, 0x1, 0x6, 0x8, 0x7, 0x6, 0x8001, 0xfffffffa, 0x7f00000, 0x6, 0x81, 0x0, 0x7, 0x0, 0x138, 0x48b8, 0x7, 0x1, 0x8000, 0x3, 0xf, 0x6, 0x9, 0x7, 0x1, 0x3, 0x80000000, 0x226, 0xe, 0x1, 0x10001, 0x3d, 0x8, 0x1, 0x7, 0xd, 0x2, 0x2, 0x1, 0x7, 0x1, 0x1ff, 0x2, 0x7, 0x1, 0x2, 0x5, 0xa, 0x888a4b3, 0x8, 0x6, 0x4, 0x6, 0xf, 0x2, 0x10001, 0x8, 0x80, 0x8001, 0x8, 0x3, 0x2, 0x5, 0xb, 0xffffffff, 0x1, 0x0, 0xe, 0x1, 0x2, 0x101, 0x1b8e, 0xfff, 0x10001, 0x4, 0x8, 0x6, 0x5, 0x2, 0x1000, 0x7, 0x9, 0xee5b, 0x6, 0xfc000000, 0x2, 0x8000, 0x80, 0x9, 0x2, 0x9, 0x8, 0x200, 0x3, 0x2, 0x7fff, 0x7, 0x1, 0x2, 0x80, 0x1, 0x5, 0x0, 0x4, 0x81, 0xfffffff8, 0x1000, 0x1, 0x339, 0x1, 0xb521, 0x30000000, 0x9, 0x80000000, 0xd, 0x43c, 0x0, 0x85a1, 0x7, 0x6, 0xb39e, 0xf, 0x1, 0x5, 0x9, 0xeb, 0x0, 0x1, 0x3ff, 0x4c, 0x0, 0x9, 0x9, 0x3, 0x7, 0x1, 0x4, 0x3, 0xfffffffa, 0x9, 0x7, 0x9, 0x7, 0x2, 0x1, 0x8, 0x80, 0x6, 0x6, 0xf8, 0xe, 0x7, 0xf9, 0xe10d, 0x8, 0x1, 0x2, 0x3, 0x0, 0x9, 0x9ced9473, 0xee7c, 0x4, 0x3, 0x80, 0x3, 0x0, 0x9, 0x6, 0xda, 0x2, 0xb9, 0x9, 0xa, 0xffff, 0x40, 0xed, 0x8f48, 0x3d6d, 0x51252d92, 0x8, 0x8, 0x80000000, 0xf981, 0x3ff, 0x800, 0x6, 0x14, 0x1, 0x0, 0x7ff, 0x81, 0x7fff, 0xb86d, 0x9, 0x5, 0x3, 0x10000, 0xe, 0x0, 0x4, 0x9, 0x6, 0x1, 0x1, 0x1, 0xe320f9, 0x5, 0x8, 0x8, 0x4, 0x4, 0x9, 0x7, 0x6, 0x9, 0x6, 0x3, 0x1, 0x9, 0xb, 0x2, 0x8000, 0x40, 0xfffffffe, 0x9, 0x6, 0x3, 0x4, 0xe, 0x9, 0x4, 0xc7f, 0x4, 0x10, 0xfffffd34, 0x7fffffff, 0x2, 0x5, 0x3, 0x6, 0x9, 0x8, 0x6, 0xd, 0xd, 0x80, 0xd767, 0x0, 0xe, 0x42, 0xb, 0x7fff, 0xd8, 0x43e, 0x161, 0x1, 0x8, 0x80000001, 0x0, 0xfffffff9, 0xfffff899, 0x4, 0x6, 0x8, 0x2, 0x8d, 0x9, 0xb5, 0x4, 0x3, 0x8, 0x6, 0x8, 0xef, 0xfffff38b, 0x3, 0x19, 0x5, 0xff, 0x9c5000, 0x2, 0x1, 0xdb, 0x5, 0x0, 0x4, 0x0, 0x7, 0x3, 0x1, 0xf69, 0x9, 0x0, 0x3, 0xe, 0x1, 0x5, 0x1000, 0x0, 0x401, 0x80000001, 0xf42d, 0xfffffff7, 0x2b70, 0x9, 0x80000001, 0x0, 0x0, 0x3b5c, 0x9, 0x3, 0x1, 0xfffffffe, 0x4, 0x0, 0x3, 0x1000, 0xf9b1, 0x8, 0x0, 0x6, 0xffffffff, 0xc, 0x7, 0x5, 0x1782, 0x6, 0x8, 0x6f, 0x80000001, 0x4, 0x3, 0x2, 0x511f, 0x97, 0x3, 0x7, 0x5cb1, 0x8, 0xffffff98, 0x6, 0x3, 0x8, 0xfffffffd, 0xd, 0xe, 0x8, 0x3, 0x1, 0x9, 0x80000000, 0xf, 0x6, 0x3, 0xfffffffa, 0x6, 0x1b07215f, 0x8, 0x3, 0x7ff, 0x10, 0x1f944000, 0x8, 0x6, 0x1, 0x7, 0x5, 0x5, 0x10001, 0x7, 0xa55c, 0x6, 0x5f, 0x3, 0x6, 0x2, 0x467d, 0x8, 0xed6, 0x6, 0x5, 0x9, 0x31d7, 0x5, 0x6, 0xab43, 0x2, 0x3, 0x1, 0x0, 0x9, 0x7, 0x5, 0xffffffcf, 0x1, 0x6db3, 0x9, 0x1ff, 0x7fffffff, 0x68, 0x2, 0x9, 0x8, 0xeb3f, 0xffffffff, 0x5, 0x80000000, 0x5, 0x2, 0x6, 0x80, 0x4, 0xeb, 0xfff, 0x1ff, 0x9, 0x4, 0x9, 0x0, 0x401, 0x1, 0xac40, 0x80000000, 0x4, 0x7, 0xd, 0x6, 0x0, 0xffff0f2e, 0x5f04df6, 0x80000000, 0x8000000, 0x5, 0x4, 0x3, 0x3, 0x3, 0x5, 0xa07b, 0x40, 0x6, 0x3, 0x8b25, 0x2, 0xff, 0x3, 0x1200000, 0x100, 0x8, 0x3, 0x9, 0x4, 0x1, 0xfffffffb, 0x49c, 0xffff, 0x20, 0x2, 0x800, 0x8, 0x2, 0x1, 0x10, 0x2, 0x10db, 0x93f, 0x7, 0x200, 0x2, 0x4, 0xffff402d, 0x200, 0x6, 0x100, 0x8, 0x3, 0x4, 0x5, 0xfffffe00, 0x1, 0x2, 0x9, 0x9, 0x5, 0xffff3b5d, 0x6, 0xfff, 0x3b, 0x5, 0x6d, 0x80000001, 0x4, 0xffffffff, 0x10, 0x6, 0x7, 0x307, 0x8, 0x5, 0x6, 0x3, 0xe2, 0x5, 0x5, 0x9, 0x7, 0x4, 0x80000001, 0xffffff72, 0x200, 0x7, 0x8, 0x6, 0x1ff, 0x5, 0x5, 0x7ff, 0x2, 0x8, 0x8, 0xb78, 0x7, 0xd, 0xe, 0x0, 0x1000, 0xe10, 0xff, 0x482b, 0xa, 0x9, 0x2, 0x400, 0x5c5afc9c, 0x1, 0x1, 0x7, 0x1, 0x0, 0x401, 0x161c, 0x5, 0x4, 0xf, 0x8, 0x46f, 0x6, 0x4, 0x9, 0xe, 0xfffffffe, 0x7a917af1, 0xffffffff, 0x523, 0x8, 0x0, 0x8000, 0xff, 0x2, 0x3, 0xc, 0x5, 0x100, 0x495, 0x1ff, 0x180, 0x7fff, 0x10001, 0x0, 0x1000, 0x0, 0x80, 0x2, 0xf400, 0x1, 0x0, 0x2, 0x8000, 0x36ac, 0x2, 0x4, 0x6, 0x3, 0x0, 0x52f, 0x3, 0x1, 0x3, 0x7, 0x4, 0x8, 0x18a, 0xa, 0xfffffeff, 0xffff3caf, 0x3, 0xffffff5d, 0xd3, 0x65, 0xf990, 0xe, 0x7, 0x5, 0x2, 0x5, 0xfffffff7, 0xe59, 0x7, 0x8, 0x7, 0x80000000, 0x3, 0x2617, 0xfff, 0x8, 0x3, 0x3, 0x5, 0x6, 0x7, 0x9, 0x80000000, 0x8, 0x3, 0x5, 0x7, 0x0, 0x1, 0x81, 0x7, 0x2, 0x80, 0x8000, 0xb7a, 0x40, 0x8, 0x2, 0x81, 0x1, 0x1, 0x3ff, 0x5, 0xf9, 0x8, 0x2, 0x9, 0x4, 0xf7, 0x23, 0x8, 0x40, 0x100, 0x0, 0x2a7b, 0xfff, 0x2, 0x2, 0x88de, 0x5, 0x4, 0x400, 0xfffffff4, 0x1, 0x4, 0x3, 0x5c, 0x1, 0x6ed5, 0x5, 0x3, 0x12, 0x1ff, 0xd9, 0x9, 0x1, 0x8, 0x2, 0x0, 0x4, 0x66, 0x0, 0x3, 0xfffffff8, 0x4, 0x3, 0x7d, 0x5, 0x40, 0x10001, 0x1, 0x1000, 0x7, 0x180, 0x1f, 0xb, 0x40, 0x101, 0x1, 0xff, 0x6, 0x7, 0x3ff, 0x8, 0x0, 0x9, 0x2, 0x68b2ac2f, 0x4, 0x0, 0x4, 0x2, 0x400, 0x8, 0xffffffff, 0x0, 0x79db2d79, 0x7, 0x8, 0x9, 0xe, 0x7fffffff, 0x2, 0x780, 0xd, 0x9ad, 0x9, 0x2, 0x6, 0x4, 0x7, 0x0, 0x8, 0xfffffdc6, 0x6, 0x5, 0x7, 0x1000, 0x0, 0x2, 0x1000, 0x9, 0x0, 0x5, 0xbf, 0x7f, 0x55, 0x1ff, 0x10, 0x100, 0xea4, 0x9, 0x4, 0x8, 0xc, 0x3, 0x9, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x9, 0x6, 0x7, 0x224, 0xb, 0x200, 0xf, 0x81, 0x5, 0x100, 0x9a, 0xa, 0xffffffff, 0xfffffffa, 0x9, 0x44f, 0x1, 0x4da, 0x4, 0x8, 0x2, 0x5, 0x6, 0xe, 0x5, 0x7fffffff, 0x9, 0x6, 0x3, 0xfffffff8, 0xa6, 0x8, 0x5, 0x401, 0x3, 0x1, 0x1, 0x40, 0x0, 0x3, 0x8, 0x2, 0x7fffffff, 0xc, 0x0, 0x800, 0x7, 0xfffffffe, 0x7fffffff, 0x81, 0x1, 0x3, 0xed9, 0x3, 0x1000, 0x7, 0x972, 0x0, 0x18000000, 0xe, 0x80000001, 0x2d97, 0x1c, 0xe489, 0x2a, 0x9, 0x18, 0x4d63, 0x9, 0x6, 0x3661, 0x101, 0x5, 0x4, 0x200, 0x3, 0x8, 0x9, 0xca6d, 0x9, 0x0, 0x6, 0xfffffffe, 0x0, 0x1, 0x4, 0x0, 0xfff, 0x1, 0x0, 0x9, 0xa1c, 0x2a4a, 0x4, 0x9, 0x776, 0x2e, 0x7, 0x1, 0x7ff, 0x3f6, 0x1, 0x1, 0x954d, 0x91, 0x0, 0x9, 0x10000, 0x1, 0x0, 0x5, 0x7, 0x1, 0xa, 0x5, 0x80000001, 0x80000001, 0x9, 0xe1e1, 0xf186, 0x7ff, 0x4, 0x8, 0x5, 0x2, 0x3, 0x1ff, 0x3, 0x9, 0x3, 0x80000000, 0xb, 0x7, 0x5, 0x101, 0xfb, 0x5, 0x7b, 0xd820, 0x3, 0x18, 0x10000, 0x1, 0xb, 0x80000000, 0x1, 0x8000, 0x1ff, 0x7093, 0x2, 0x6, 0x945a, 0xfff, 0xfffffffe, 0x1000, 0x4000000, 0x126e, 0x5, 0x3, 0x4, 0x9, 0xfffffffa, 0xe00000, 0x7, 0xfff, 0x3, 0xfffffffa, 0xfffffeff, 0xa, 0x6, 0x8, 0xe, 0x7f, 0x3, 0x2, 0x2, 0xffff, 0x7ff, 0xd, 0x6e9, 0x8, 0xe, 0x200, 0x2, 0x7, 0x4, 0x1, 0x8, 0xb590, 0x1ff, 0x400000, 0x2, 0x6, 0x1000, 0x6, 0xfffffffa, 0x230, 0x6555, 0x3, 0xfffffff3, 0x5, 0xfffffffa, 0x0, 0x9760, 0x5, 0x0, 0x7, 0x1, 0x6, 0x9, 0x2, 0x2, 0x5, 0x400, 0x74, 0x2, 0xffff7fff, 0x401, 0x7, 0x0, 0xfff, 0x401, 0x9, 0x4, 0x8, 0x2ac8, 0x7, 0x6, 0x400, 0x3, 0xb, 0x1, 0x4, 0xffff, 0x7, 0x2, 0x7, 0x5e, 0x1, 0x2642, 0xfff, 0x3, 0x9, 0x25, 0x8, 0x5, 0x8, 0x75a, 0xe, 0x1000, 0xfffffff9, 0x0, 0x9, 0xfff, 0x7fffffff, 0x7, 0x8], 0x5, 0x400, 0x80000001}) setsockopt$sock_int(r5, 0x1, 0x13, &(0x7f0000002540)=0x7, 0x4) r9 = syz_open_dev$radio(&(0x7f0000002580), 0x3, 0x2) ioctl$FIDEDUPERANGE(r8, 0xc0189436, &(0x7f00000025c0)={0x7, 0x0, 0x6, 0x0, 0x0, [{{r0}, 0x2}, {{r4}}, {{r3}, 0xfffffffffffffff3}, {{r5}, 0x7}, {{r8}, 0x5}, {{r9}, 0x8000}]}) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f00000026c0)={0x2, {0x2, 0x0, 0x9, 0x9, 0x7fff}}) r10 = syz_open_dev$dri(&(0x7f0000002700), 0x3, 0x101000) quotactl_fd$Q_SYNC(r10, 0xffffffff80000102, 0x0, 0x0) ioctl$INCFS_IOC_PERMIT_FILL(r3, 0x40046721, &(0x7f0000002740)={r6}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, &(0x7f0000002780)) 1.953911299s ago: executing program 4 (id=3387): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x3, 0x4) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) sendmmsg$inet_sctp(r0, &(0x7f0000001880)=[{&(0x7f0000000000)=@in={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@sndinfo={0x20, 0x84, 0x2, {0x2, 0x200, 0xb54, 0xffff070d}}], 0x20}], 0x1, 0x10) 1.786947695s ago: executing program 2 (id=3388): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x2) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='.\x02\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f00000008c0)=""/31, 0x1f) (fail_nth: 8) 1.632501953s ago: executing program 4 (id=3389): ioprio_set$pid(0x2, 0x0, 0x4000) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) sendfile(r0, r0, 0x0, 0x7ffff000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x9095}}, './file0\x00'}) 1.546666185s ago: executing program 2 (id=3390): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c2c2b0304000e0580a7b6070d63e286a5cefe", 0x5ac) (fail_nth: 12) 1.255126123s ago: executing program 1 (id=3391): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000000, 0xf0cb2f4a0c2cfc5d, 0x0) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1, {0x7, 0x2b, 0x3, 0x200c0400, 0x0, 0x0, 0x0, 0xe382, 0x0, 0x0, 0x8}}, 0x50) read$FUSE(r0, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r2}, 0x10) 1.080177764s ago: executing program 2 (id=3392): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x700, {0x1, 0x0, 0x8003}}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x0) 674.576987ms ago: executing program 2 (id=3393): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1}) syz_usb_control_io$hid(r0, &(0x7f0000000800)={0x24, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 627.124838ms ago: executing program 4 (id=3394): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r1, 0x0, 0x2, 0x101}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r1, 0x0, 0x7, 0x1}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000040f8030003000040"]) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r1, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x19, 0x1, 0x70bd30, 0x25dfdc02, {0x1c}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x44000) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r8 = syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_G_FREQUENCY(r8, 0xc02c5638, &(0x7f0000000000)) r9 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r9, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r8, 0x3b8c, &(0x7f0000000240)={0x30, r2, 0x0, 0x0, 0x4, 0x5, 0x2, &(0x7f0000000340)=""/109}) r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r10, 0x60b, 0x0) syz_usb_disconnect(r9) ioctl$FS_IOC_GETFLAGS(r10, 0x80086601, &(0x7f0000000080)) 344.184086ms ago: executing program 1 (id=3395): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x10000002, 0x0, 0x0, 0x0, 0xc6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 1 (id=3396): r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = creat(&(0x7f0000000140)='./file0\x00', 0xf1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001500010300000000000000000a00000008000200", @ANYRES32=r2], 0x1c}}, 0x20000080) (async) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) (async) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="0620000000000000c910fc01000000000000000000000000000001010004010200010009e1fe46ee048e83899fefae8d13d8e6c5d307000000559f81b800a9577ff4e8b4247749b5b9f518bb04791ea35808ff56953811aae629df217b9c01c865836bff1057f96cfcc4e301b831453b29142a06a1578c16f62d67cc9ada5e43d5cba818152c8157fd54f89017de424a9641cca7823d3925e7593c8b9dcdef463b3bc7df77eac90dd00b4ee4b484d6660a0fc0d060ad2603d759b720aa21a572bc49e55296b127471d0abd334dc4a332983d9ff0a56a6ea23fc107d1b6a3e58309847f299dfb5bce461caa3da09c4b0ba712e9aebf64048d3b15684a848b457894c6070d72c5c2040000000500000000"], 0x110) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) fadvise64(r4, 0x92, 0x5, 0x2) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x22052, r4, 0x93771000) kernel console output (not intermixed with test programs): fx_do_recvmmsg+0x10/0x10 [ 663.524357][T14960] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 663.524395][T14960] __x64_sys_recvmmsg+0x190/0x240 [ 663.524421][T14960] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 663.524443][T14960] ? rcu_is_watching+0x15/0xb0 [ 663.524473][T14960] ? do_syscall_64+0xbe/0x3b0 [ 663.524498][T14960] do_syscall_64+0xfa/0x3b0 [ 663.524516][T14960] ? lockdep_hardirqs_on+0x9c/0x150 [ 663.524533][T14960] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.524552][T14960] ? clear_bhb_loop+0x60/0xb0 [ 663.524575][T14960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.524592][T14960] RIP: 0033:0x7fb3eb78ebe9 [ 663.524609][T14960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.524625][T14960] RSP: 002b:00007fb3ec66b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 663.524646][T14960] RAX: ffffffffffffffda RBX: 00007fb3eb9b5fa0 RCX: 00007fb3eb78ebe9 [ 663.524668][T14960] RDX: 0000000000000581 RSI: 0000200000001000 RDI: 0000000000000004 [ 663.524681][T14960] RBP: 00007fb3ec66b090 R08: 0000000000000000 R09: 0000000000000000 [ 663.524693][T14960] R10: 0000000040000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.524705][T14960] R13: 00007fb3eb9b6038 R14: 00007fb3eb9b5fa0 R15: 00007ffd3fe65a48 [ 663.524737][T14960] [ 663.551708][ T9] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 663.558284][T14951] bridge_slave_0: entered promiscuous mode [ 663.721870][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 663.731941][T14951] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.773345][T14951] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.783924][T14951] bridge_slave_1: entered allmulticast mode [ 663.795975][ T9] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 663.809865][T14951] bridge_slave_1: entered promiscuous mode [ 663.818855][ T9] usb 2-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 663.834501][ T9] usb 2-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 663.857591][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 663.876628][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 663.888934][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.897678][ T9] usb 2-1: Product: syz [ 663.902187][ T9] usb 2-1: Manufacturer: syz [ 663.906923][ T9] usb 2-1: SerialNumber: syz [ 663.934799][T14951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 663.956228][T14951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.061308][T14951] team0: Port device team_slave_0 added [ 664.078737][T14951] team0: Port device team_slave_1 added [ 664.139336][ T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 122 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 664.179843][T14951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.191086][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.217555][T14951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.231474][T14951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.238539][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.265553][T14951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.321456][T14951] hsr_slave_0: entered promiscuous mode [ 664.328276][T14951] hsr_slave_1: entered promiscuous mode [ 664.334834][T14951] debugfs: 'hsr0' already exists in 'hsr' [ 664.340598][T14951] Cannot create hsr debugfs directory [ 664.402418][T14954] usblp0:failed reading printer status (-71) [ 664.403594][T14556] usb 2-1: USB disconnect, device number 122 [ 664.424391][T13322] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 664.602326][T13322] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 41, changing to 9 [ 664.626065][T13322] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 664.628753][T14951] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 664.637263][T13322] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 664.664317][T13322] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 664.673587][T14951] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 664.681509][T13322] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.689545][T13322] usb 5-1: Product: Đ• [ 664.695005][T14951] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 664.699117][ T5859] usb 3-1: USB disconnect, device number 101 [ 664.720530][T13322] usb 5-1: Manufacturer: 鴀觾饯îşĺ¨ľî—ĄęĽ°íŽ„陇•즩锨謲ﰿ栩ꗻᶑ댲炅㜤쪽⊴ꛋ䲦仓⚗닰⹀îŁížâ—žëľ­ć±«ä‚‘菲⿸㇥ⲫጜ埰ꫯ全ط₩啠絫ṛíąć¬µâ…ľë¨Şî€‹ę¤”榀ᳰ撶竗ᇝç éˇá…łéł«ë–ŠćŽ€â¦’≏Ꭳă–ຎ롙뼝盬Კ㣕閪깢毜ă«ę™°ă˛ŻćŚşď€ç«ĺ¶ [ 664.764060][T13322] usb 5-1: SerialNumber: syz [ 664.790191][T14951] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 664.871651][ T24] usb 2-1: new low-speed USB device number 123 using dummy_hcd [ 665.002096][ T24] usb 2-1: device descriptor read/64, error -71 [ 665.030241][T14985] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 665.036939][T14951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.061624][ T5876] Bluetooth: hci5: command tx timeout [ 665.075049][T14951] 8021q: adding VLAN 0 to HW filter on device team0 [ 665.090734][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.098191][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.135018][ T755] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.142425][ T755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 665.181902][T13322] cdc_ncm 5-1:1.0: bind() failure [ 665.220285][T13322] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 665.228868][T13322] cdc_ncm 5-1:1.1: bind() failure [ 665.253312][T13322] usb 5-1: USB disconnect, device number 29 [ 665.271863][ T24] usb 2-1: new low-speed USB device number 124 using dummy_hcd [ 665.432978][ T24] usb 2-1: device descriptor read/64, error -71 [ 665.514451][T14951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 665.551919][ T24] usb usb2-port1: attempt power cycle [ 665.641756][ T5939] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 665.813646][ T5939] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 665.838266][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 665.852138][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 665.857906][T14951] veth0_vlan: entered promiscuous mode [ 665.867988][ T5939] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 665.880104][T14951] veth1_vlan: entered promiscuous mode [ 665.889197][ T5939] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 665.899074][ T5939] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 665.904983][ T24] usb 2-1: new low-speed USB device number 125 using dummy_hcd [ 665.907485][ T5939] usb 3-1: Manufacturer: syz [ 665.936970][ T5939] usb 3-1: config 0 descriptor?? [ 665.954006][T14951] veth0_macvtap: entered promiscuous mode [ 665.964386][ T24] usb 2-1: device descriptor read/8, error -71 [ 665.976206][T14951] veth1_macvtap: entered promiscuous mode [ 666.000567][T14951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 666.019564][T14951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 666.044319][ T9176] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.054987][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.061750][ T5859] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 666.065316][ T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.084697][ T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.211472][ T24] usb 2-1: new low-speed USB device number 126 using dummy_hcd [ 666.220990][ T9176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 666.244333][ T9176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 666.252211][T14954] usblp0: removed [ 666.262085][ T5859] usb 5-1: Using ep0 maxpacket: 16 [ 666.277032][ T24] usb 2-1: device descriptor read/8, error -71 [ 666.290729][ T5859] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 666.310181][ T5859] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 666.327485][ T5859] usb 5-1: config 0 has no interface number 0 [ 666.341163][ T5859] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 666.356870][ T8767] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 666.364988][ T5859] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.373590][ T8767] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 666.381935][ T5859] usb 5-1: Product: syz [ 666.386676][ T5859] usb 5-1: Manufacturer: syz [ 666.389536][ T5939] appleir 0003:05AC:8243.0038: unknown main item tag 0x0 [ 666.399672][ T5859] usb 5-1: SerialNumber: syz [ 666.411786][ T24] usb usb2-port1: unable to enumerate USB device [ 666.444723][ T5859] usb 5-1: config 0 descriptor?? [ 666.468407][ T5939] appleir 0003:05AC:8243.0038: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 666.635486][T15009] loop2: detected capacity change from 0 to 7 [ 666.678743][T11906] Dev loop2: unable to read RDB block 7 [ 666.684950][T11906] loop2: unable to read partition table [ 666.695052][T11906] loop2: partition table beyond EOD, truncated [ 666.719405][T15012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.752267][T15012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 666.756415][T15009] Dev loop2: unable to read RDB block 7 [ 666.796186][T15009] loop2: unable to read partition table [ 666.803294][T15009] loop2: partition table beyond EOD, truncated [ 666.809628][T15009] loop_reread_partitions: partition scan of loop2 (ţ被xü—źŃŕ– ) failed (rc=-5) [ 667.151587][ T5876] Bluetooth: hci5: command tx timeout [ 667.251410][T13322] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 667.361994][ T5932] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 667.411296][T13322] usb 2-1: Using ep0 maxpacket: 8 [ 667.418913][T13322] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 667.430873][T13322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 63208, setting to 1024 [ 667.442131][T13322] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 1024 [ 667.452335][T13322] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 667.461839][T13322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.475070][T13322] usb 2-1: config 0 descriptor?? [ 667.481419][T15019] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 667.491965][T13322] iowarrior 2-1:0.0: no interrupt-in endpoint found [ 667.514312][ T5932] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 667.530902][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 667.549241][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 667.559725][ T5932] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 667.576335][ T5932] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 667.585951][ T5932] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 667.594265][ T5932] usb 6-1: Manufacturer: syz [ 667.604364][ T5932] usb 6-1: config 0 descriptor?? [ 667.706338][ T5939] usb 2-1: USB disconnect, device number 127 [ 668.024068][ T5932] appleir 0003:05AC:8243.0039: unknown main item tag 0x0 [ 668.036181][ T5932] appleir 0003:05AC:8243.0039: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 668.296925][ T24] usb 3-1: USB disconnect, device number 102 [ 668.430871][T15024] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 668.987403][ T5859] usb 5-1: Found UVC 0.00 device syz (046d:08d3) [ 669.009725][ T5859] usb 5-1: No valid video chain found. [ 669.039285][ T5859] usb 5-1: USB disconnect, device number 30 [ 669.221712][ T5876] Bluetooth: hci5: command tx timeout [ 669.337265][T15045] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 669.381185][ T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 669.543902][ T9] usb 2-1: config index 0 descriptor too short (expected 19, got 18) [ 669.568556][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 669.590095][ T9] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 669.629291][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.651602][ T9] usb 2-1: Product: syz [ 669.655868][ T9] usb 2-1: Manufacturer: syz [ 669.670739][ T9] usb 2-1: SerialNumber: syz [ 669.691896][ T9] usb 2-1: config 0 descriptor?? [ 670.041571][ T5939] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 670.050951][T13322] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 670.055695][ T5932] usb 6-1: USB disconnect, device number 2 [ 670.215324][T13322] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 670.217530][ T5939] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 670.226393][T13322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.252378][T13322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.263540][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.264738][T13322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 670.280810][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.303139][ T5939] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 670.305606][T13322] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 670.318688][ T5939] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 670.330977][T13322] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 670.339397][ T5939] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 670.346729][T13322] usb 3-1: Manufacturer: syz [ 670.357660][ T5939] usb 5-1: Manufacturer: syz [ 670.360014][T13322] usb 3-1: config 0 descriptor?? [ 670.375800][ T5939] usb 5-1: config 0 descriptor?? [ 670.410995][ T5932] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 670.562933][ T5932] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 670.574121][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.593842][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.603868][ T5932] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 670.620310][ T5932] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 670.630187][ T5932] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 670.640523][ T5932] usb 6-1: Manufacturer: syz [ 670.649951][ T5932] usb 6-1: config 0 descriptor?? [ 670.786064][T13322] appleir 0003:05AC:8243.003A: unknown main item tag 0x0 [ 670.798611][ T5939] appleir 0003:05AC:8243.003B: unknown main item tag 0x0 [ 670.800665][T13322] appleir 0003:05AC:8243.003A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 670.832892][ T5939] appleir 0003:05AC:8243.003B: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 671.045429][T15053] FAULT_INJECTION: forcing a failure. [ 671.045429][T15053] name failslab, interval 1, probability 0, space 0, times 0 [ 671.063189][T15053] CPU: 0 UID: 0 PID: 15053 Comm: syz.2.3201 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 671.063222][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 671.063234][T15053] Call Trace: [ 671.063243][T15053] [ 671.063259][T15053] dump_stack_lvl+0x189/0x250 [ 671.063296][T15053] ? __pfx____ratelimit+0x10/0x10 [ 671.063318][T15053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 671.063345][T15053] ? __pfx__printk+0x10/0x10 [ 671.063381][T15053] ? __pfx___might_resched+0x10/0x10 [ 671.063407][T15053] ? fs_reclaim_acquire+0x7d/0x100 [ 671.063437][T15053] should_fail_ex+0x414/0x560 [ 671.063473][T15053] should_failslab+0xa8/0x100 [ 671.063498][T15053] __kmalloc_noprof+0xcb/0x4f0 [ 671.063517][T15053] ? kfree+0x4d/0x440 [ 671.063532][T15053] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 671.063577][T15053] tomoyo_realpath_from_path+0xe3/0x5d0 [ 671.063609][T15053] ? tomoyo_domain+0xd9/0x130 [ 671.063646][T15053] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 671.063671][T15053] tomoyo_path_number_perm+0x1e8/0x5a0 [ 671.063700][T15053] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 671.063745][T15053] ? __lock_acquire+0xab9/0xd20 [ 671.063793][T15053] ? __fget_files+0x2a/0x420 [ 671.063825][T15053] ? __fget_files+0x2a/0x420 [ 671.063850][T15053] ? __fget_files+0x3a0/0x420 [ 671.063875][T15053] ? __fget_files+0x2a/0x420 [ 671.063907][T15053] security_file_ioctl+0xcb/0x2d0 [ 671.063933][T15053] __se_sys_ioctl+0x47/0x170 [ 671.063958][T15053] do_syscall_64+0xfa/0x3b0 [ 671.063981][T15053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.064001][T15053] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 671.064022][T15053] ? clear_bhb_loop+0x60/0xb0 [ 671.064047][T15053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.064068][T15053] RIP: 0033:0x7f185818ebe9 [ 671.064088][T15053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.064107][T15053] RSP: 002b:00007f1859066038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 671.064131][T15053] RAX: ffffffffffffffda RBX: 00007f18583b5fa0 RCX: 00007f185818ebe9 [ 671.064165][T15053] RDX: 0000200000000400 RSI: 0000000081044804 RDI: 0000000000000004 [ 671.064179][T15053] RBP: 00007f1859066090 R08: 0000000000000000 R09: 0000000000000000 [ 671.064193][T15053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 671.064206][T15053] R13: 00007f18583b6038 R14: 00007f18583b5fa0 R15: 00007ffd1c8f7cf8 [ 671.064241][T15053] [ 671.064334][T15053] ERROR: Out of memory at tomoyo_realpath_from_path. [ 671.301031][ T5876] Bluetooth: hci5: command tx timeout [ 671.309521][ T5932] appleir 0003:05AC:8243.003C: unknown main item tag 0x0 [ 671.342187][ T5932] appleir 0003:05AC:8243.003C: hiddev2,hidraw2: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 672.157875][ T5859] usb 2-1: USB disconnect, device number 2 [ 672.620693][ T5859] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 672.790949][ T5859] usb 2-1: Using ep0 maxpacket: 8 [ 672.805711][ T3098] usb 5-1: USB disconnect, device number 31 [ 672.813238][ T5859] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 672.842885][ T5859] usb 2-1: config 0 has no interface number 0 [ 672.849062][ T5859] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 672.874898][ T5932] usb 3-1: USB disconnect, device number 103 [ 672.875036][ T5859] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 672.900480][ T5859] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 672.937086][ T5859] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 672.970302][ T5859] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 672.984375][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.007795][ T5859] usb 2-1: config 0 descriptor?? [ 673.055624][ T5859] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 673.170958][ T5859] usb 6-1: USB disconnect, device number 3 [ 673.282902][T15086] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 673.730625][ T5859] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 673.890604][ T5859] usb 6-1: Using ep0 maxpacket: 16 [ 673.898543][ T5859] usb 6-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 673.932496][ T5859] usb 6-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 673.967749][ T5859] usb 6-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 673.994637][ T5859] usb 6-1: config 1 interface 0 has no altsetting 0 [ 674.022137][T15099] FAULT_INJECTION: forcing a failure. [ 674.022137][T15099] name failslab, interval 1, probability 0, space 0, times 0 [ 674.035340][T15099] CPU: 1 UID: 0 PID: 15099 Comm: syz.2.3214 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 674.035371][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 674.035385][T15099] Call Trace: [ 674.035393][T15099] [ 674.035402][T15099] dump_stack_lvl+0x189/0x250 [ 674.035437][T15099] ? __pfx____ratelimit+0x10/0x10 [ 674.035459][T15099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.035488][T15099] ? __pfx__printk+0x10/0x10 [ 674.035524][T15099] ? __pfx___might_resched+0x10/0x10 [ 674.035550][T15099] ? fs_reclaim_acquire+0x7d/0x100 [ 674.035580][T15099] should_fail_ex+0x414/0x560 [ 674.035617][T15099] should_failslab+0xa8/0x100 [ 674.035643][T15099] __kmalloc_cache_noprof+0x70/0x3d0 [ 674.035665][T15099] ? ovl_iterate+0x137c/0x1f40 [ 674.035693][T15099] ovl_iterate+0x137c/0x1f40 [ 674.035713][T15099] ? __lock_acquire+0xab9/0xd20 [ 674.035756][T15099] ? __pfx_ovl_iterate+0x10/0x10 [ 674.035779][T15099] ? aa_file_perm+0x13a/0x1550 [ 674.035812][T15099] ? aa_file_perm+0x13a/0x1550 [ 674.035852][T15099] ? __pfx_ovl_fill_real+0x10/0x10 [ 674.035909][T15099] ? down_write+0x162/0x1f0 [ 674.035934][T15099] ? __pfx_down_write+0x10/0x10 [ 674.035957][T15099] ? wrap_directory_iterator+0x52/0xe0 [ 674.035982][T15099] ? __pfx_ovl_iterate+0x10/0x10 [ 674.036007][T15099] wrap_directory_iterator+0x96/0xe0 [ 674.036032][T15099] iterate_dir+0x396/0x570 [ 674.036061][T15099] __se_sys_getdents+0xe4/0x250 [ 674.036087][T15099] ? __pfx___se_sys_getdents+0x10/0x10 [ 674.036108][T15099] ? ksys_write+0x22a/0x250 [ 674.036129][T15099] ? __pfx_filldir+0x10/0x10 [ 674.036155][T15099] ? __pfx_ksys_write+0x10/0x10 [ 674.036176][T15099] ? rcu_is_watching+0x15/0xb0 [ 674.036210][T15099] ? do_syscall_64+0xbe/0x3b0 [ 674.036238][T15099] do_syscall_64+0xfa/0x3b0 [ 674.036257][T15099] ? lockdep_hardirqs_on+0x9c/0x150 [ 674.036287][T15099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.036309][T15099] ? clear_bhb_loop+0x60/0xb0 [ 674.036336][T15099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.036357][T15099] RIP: 0033:0x7f185818ebe9 [ 674.036377][T15099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.036394][T15099] RSP: 002b:00007f1859066038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 674.036417][T15099] RAX: ffffffffffffffda RBX: 00007f18583b5fa0 RCX: 00007f185818ebe9 [ 674.036432][T15099] RDX: 000000000000001f RSI: 00002000000008c0 RDI: 0000000000000005 [ 674.036446][T15099] RBP: 00007f1859066090 R08: 0000000000000000 R09: 0000000000000000 [ 674.036459][T15099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 674.036472][T15099] R13: 00007f18583b6038 R14: 00007f18583b5fa0 R15: 00007ffd1c8f7cf8 [ 674.036506][T15099] [ 674.395187][ T5859] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 674.404809][ T5859] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.412888][ T5859] usb 6-1: Product: syz [ 674.417086][ T5859] usb 6-1: Manufacturer: syz [ 674.421842][ T5859] usb 6-1: SerialNumber: syz [ 674.640556][ T3098] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 674.651743][ T5859] usblp 6-1:1.0: usblp1: USB Unidirectional printer dev 4 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 674.813044][ T3098] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 674.824256][ T3098] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 674.838338][ T3098] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 674.848628][ T3098] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 674.863734][ T3098] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 674.873846][ T3098] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 674.882458][ T3098] usb 5-1: Manufacturer: syz [ 674.891630][ T3098] usb 5-1: config 0 descriptor?? [ 674.965131][ T5940] usb 6-1: USB disconnect, device number 4 [ 675.323665][ C1] raw-gadget.2 gadget.4: ignoring, device is not running [ 675.331462][ C1] raw-gadget.2 gadget.4: ignoring, device is not running [ 675.339470][ C1] raw-gadget.2 gadget.4: ignoring, device is not running [ 675.349965][ T3098] usbhid 5-1:0.0: can't add hid device: -32 [ 675.358145][ T3098] usbhid 5-1:0.0: probe with driver usbhid failed with error -32 [ 675.378772][ T3098] usb 5-1: USB disconnect, device number 32 [ 675.397583][ T5940] usblp1: removed [ 675.446553][ T5932] usb 2-1: USB disconnect, device number 3 [ 675.446595][ C1] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 675.459391][ T5932] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 675.500032][T15107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3217'. [ 675.605388][T15111] binder: 15110:15111 ioctl c018620c 200000000140 returned -1 [ 675.740668][ T5940] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 675.782489][ T30] audit: type=1326 audit(1755066793.597:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15119 comm="syz.1.3221" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f321738ebe9 code=0x0 [ 675.883754][ T5940] usb 6-1: device descriptor read/64, error -71 [ 675.935376][T15123] random: crng reseeded on system resumption [ 676.140349][ T5940] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 676.190292][ T5932] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 676.290800][ T5940] usb 6-1: device descriptor read/64, error -71 [ 676.340979][ T5932] usb 5-1: Using ep0 maxpacket: 32 [ 676.353900][ T5932] usb 5-1: config 0 has an invalid interface number: 146 but max is 0 [ 676.362847][ T5932] usb 5-1: config 0 has no interface number 0 [ 676.368970][ T5932] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 676.382450][ T5932] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 676.394574][ T5932] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 676.406573][ T5932] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 676.417359][ T5940] usb usb6-port1: attempt power cycle [ 676.431963][ T5932] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 676.447802][ T5932] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 676.447912][T15125] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 676.457932][ T5932] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 676.457969][ T5932] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024 [ 676.457996][ T5932] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 676.458022][ T5932] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 676.460479][ T5932] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 676.522958][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.531106][ T5932] usb 5-1: Product: syz [ 676.535301][ T5932] usb 5-1: Manufacturer: syz [ 676.539989][ T5932] usb 5-1: SerialNumber: syz [ 676.547706][T15125] kvm: pic: level sensitive irq not supported [ 676.547820][T15125] kvm: pic: non byte read [ 676.547967][ T5932] usb 5-1: config 0 descriptor?? [ 676.569815][T15123] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 676.588304][ T5881] Bluetooth: hci6: command 0x1003 tx timeout [ 676.596045][ T5876] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 676.600991][T15123] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 676.645309][ T5932] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3 [ 676.664226][ T5932] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2 [ 676.748727][ T5932] scsi host1: microtekX6 [ 676.978886][T15134] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 677.456394][ T5940] usb 5-1: USB disconnect, device number 33 [ 677.462748][T15155] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 677.560550][ T43] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 677.721583][ T43] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 677.733065][ T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 677.744135][ T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 677.754025][ T43] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 677.768111][ T43] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 677.777811][ T43] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 677.786180][ T43] usb 6-1: Manufacturer: syz [ 677.791049][ T5859] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 677.803434][ T43] usb 6-1: config 0 descriptor?? [ 677.912436][ T3098] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 677.970075][ T5859] usb 3-1: Using ep0 maxpacket: 16 [ 677.978137][ T5859] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 677.988159][ T5859] usb 3-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 677.998369][ T5859] usb 3-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 678.030258][ T5859] usb 3-1: config 1 interface 0 has no altsetting 0 [ 678.044147][ T5859] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 678.053768][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.063000][ T5859] usb 3-1: Product: syz [ 678.067365][ T5859] usb 3-1: Manufacturer: syz [ 678.073657][ T5859] usb 3-1: SerialNumber: syz [ 678.100220][ T3098] usb 2-1: Using ep0 maxpacket: 32 [ 678.113589][ T3098] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 678.131235][ T3098] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 678.144026][ T3098] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 678.155788][ T3098] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 678.165344][ T3098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.178747][ T3098] usb 2-1: config 0 descriptor?? [ 678.191461][T15161] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 678.202184][ T3098] hub 2-1:0.0: USB hub found [ 678.230427][ T43] usbhid 6-1:0.0: can't add hid device: -71 [ 678.236642][ T43] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 678.257081][ T43] usb 6-1: USB disconnect, device number 8 [ 678.336680][ T5859] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 104 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 678.371732][T15166] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 678.421440][ T3098] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 678.443177][ T3098] usbhid 2-1:0.0: can't add hid device: -71 [ 678.449331][ T3098] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 678.494583][ T3098] usb 2-1: USB disconnect, device number 4 [ 678.591640][ T5859] usb 3-1: USB disconnect, device number 104 [ 678.600133][T15155] usblp0:failed reading printer status (-71) [ 678.645200][T15170] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 678.958747][T15178] FAULT_INJECTION: forcing a failure. [ 678.958747][T15178] name failslab, interval 1, probability 0, space 0, times 0 [ 678.976710][T15178] CPU: 0 UID: 0 PID: 15178 Comm: syz.4.3239 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 678.976741][T15178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 678.976755][T15178] Call Trace: [ 678.976765][T15178] [ 678.976775][T15178] dump_stack_lvl+0x189/0x250 [ 678.976812][T15178] ? __pfx____ratelimit+0x10/0x10 [ 678.976836][T15178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 678.976867][T15178] ? __pfx__printk+0x10/0x10 [ 678.976906][T15178] ? __pfx___might_resched+0x10/0x10 [ 678.976931][T15178] ? fs_reclaim_acquire+0x7d/0x100 [ 678.976962][T15178] should_fail_ex+0x414/0x560 [ 678.977000][T15178] should_failslab+0xa8/0x100 [ 678.977026][T15178] __kmalloc_noprof+0xcb/0x4f0 [ 678.977047][T15178] ? kfree+0x4d/0x440 [ 678.977063][T15178] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 678.977100][T15178] tomoyo_realpath_from_path+0xe3/0x5d0 [ 678.977148][T15178] tomoyo_check_open_permission+0x1c1/0x3b0 [ 678.977172][T15178] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 678.977194][T15178] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 678.977218][T15178] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 678.977242][T15178] ? wrap_directory_iterator+0x96/0xe0 [ 678.977304][T15178] ? lockref_get+0x15/0x60 [ 678.977336][T15178] ? tomoyo_file_open+0x165/0x220 [ 678.977374][T15178] security_file_open+0xb1/0x270 [ 678.977400][T15178] do_dentry_open+0x384/0x13f0 [ 678.977440][T15178] ? vfs_open+0x31/0x340 [ 678.977510][T15178] vfs_open+0x3b/0x340 [ 678.977540][T15178] dentry_open+0x61/0xa0 [ 678.977583][T15178] ovl_dir_read+0x85/0x5f0 [ 678.977616][T15178] ? __pfx_ovl_dir_read+0x10/0x10 [ 678.977635][T15178] ? __kasan_kmalloc+0x93/0xb0 [ 678.977666][T15178] ovl_iterate+0x14c5/0x1f40 [ 678.977687][T15178] ? __lock_acquire+0xab9/0xd20 [ 678.977730][T15178] ? __pfx_ovl_iterate+0x10/0x10 [ 678.977751][T15178] ? aa_file_perm+0x13a/0x1550 [ 678.977779][T15178] ? __pfx_ovl_fill_plain+0x10/0x10 [ 678.977814][T15178] ? __pfx_ovl_fill_real+0x10/0x10 [ 678.977870][T15178] ? down_write+0x162/0x1f0 [ 678.977893][T15178] ? __pfx_down_write+0x10/0x10 [ 678.977936][T15178] ? wrap_directory_iterator+0x52/0xe0 [ 678.977967][T15178] ? __pfx_ovl_iterate+0x10/0x10 [ 678.978007][T15178] wrap_directory_iterator+0x96/0xe0 [ 678.978040][T15178] iterate_dir+0x396/0x570 [ 678.978067][T15178] __se_sys_getdents+0xe4/0x250 [ 678.978093][T15178] ? __pfx___se_sys_getdents+0x10/0x10 [ 678.978118][T15178] ? ksys_write+0x22a/0x250 [ 678.978139][T15178] ? __pfx_filldir+0x10/0x10 [ 678.978162][T15178] ? __pfx_ksys_write+0x10/0x10 [ 678.978182][T15178] ? rcu_is_watching+0x15/0xb0 [ 678.978212][T15178] ? do_syscall_64+0xbe/0x3b0 [ 678.978244][T15178] do_syscall_64+0xfa/0x3b0 [ 678.978263][T15178] ? lockdep_hardirqs_on+0x9c/0x150 [ 678.978282][T15178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.978301][T15178] ? clear_bhb_loop+0x60/0xb0 [ 678.978326][T15178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.978346][T15178] RIP: 0033:0x7fb3eb78ebe9 [ 678.978365][T15178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.978383][T15178] RSP: 002b:00007fb3ec66b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 678.978406][T15178] RAX: ffffffffffffffda RBX: 00007fb3eb9b5fa0 RCX: 00007fb3eb78ebe9 [ 678.978421][T15178] RDX: 000000000000001f RSI: 00002000000008c0 RDI: 0000000000000005 [ 678.978435][T15178] RBP: 00007fb3ec66b090 R08: 0000000000000000 R09: 0000000000000000 [ 678.978455][T15178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 678.978468][T15178] R13: 00007fb3eb9b6038 R14: 00007fb3eb9b5fa0 R15: 00007ffd3fe65a48 [ 678.978505][T15178] [ 678.978515][T15178] ERROR: Out of memory at tomoyo_realpath_from_path. [ 679.070318][ T5859] usb 3-1: new low-speed USB device number 105 using dummy_hcd [ 679.372523][T15181] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 679.379766][T15181] /dev/rnullb0: Can't open blockdev [ 679.490061][ T5859] usb 3-1: device descriptor read/64, error -71 [ 679.750571][ T5859] usb 3-1: new low-speed USB device number 106 using dummy_hcd [ 679.890915][ T5859] usb 3-1: device descriptor read/64, error -71 [ 679.940174][ T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 680.000263][ T5859] usb usb3-port1: attempt power cycle [ 680.098858][ T43] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 680.110434][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.132359][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.143126][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 680.178534][ T43] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 680.192656][ T43] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 680.207517][ T43] usb 2-1: Manufacturer: syz [ 680.216831][ T43] usb 2-1: config 0 descriptor?? [ 680.236880][T15208] syz.5.3251: attempt to access beyond end of device [ 680.236880][T15208] loop5: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 680.254834][T15208] XFS (loop5): SB validate failed with error -5. [ 680.372225][T15214] syz.5.3251: attempt to access beyond end of device [ 680.372225][T15214] loop5: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 680.385666][ T5859] usb 3-1: new low-speed USB device number 107 using dummy_hcd [ 680.393738][T15214] XFS (loop5): SB validate failed with error -5. [ 680.442236][T15157] usblp0: removed [ 680.450940][ T5859] usb 3-1: device descriptor read/8, error -71 [ 680.631245][T15225] syz.5.3254: attempt to access beyond end of device [ 680.631245][T15225] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 680.638205][ T43] usbhid 2-1:0.0: can't add hid device: -71 [ 680.667414][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 680.693307][T15225] EXT4-fs (loop5): unable to read superblock [ 680.701622][ T43] usb 2-1: USB disconnect, device number 5 [ 681.088375][T15236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'. [ 681.097679][T15236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'. [ 681.169897][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 681.355399][ T9] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 681.386847][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 681.419428][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 681.441705][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 681.477122][ T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 681.491356][ T9] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 681.524666][ T9] usb 6-1: Manufacturer: syz [ 681.535959][ T9] usb 6-1: config 0 descriptor?? [ 681.639679][ T5859] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 681.678596][ T5859] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 681.711932][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.739668][ T5859] usb 3-1: Product: syz [ 681.750718][ T5859] usb 3-1: Manufacturer: syz [ 681.769663][ T5859] usb 3-1: SerialNumber: syz [ 681.789091][ T5859] usb 3-1: config 0 descriptor?? [ 681.965165][ T9] appleir 0003:05AC:8243.003D: unknown main item tag 0x0 [ 681.995174][ T9] appleir 0003:05AC:8243.003D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 682.024694][ T5859] usb-storage 3-1:0.0: USB Mass Storage device detected [ 682.405303][T15254] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 682.612390][T15258] FAULT_INJECTION: forcing a failure. [ 682.612390][T15258] name failslab, interval 1, probability 0, space 0, times 0 [ 682.627080][T15258] CPU: 1 UID: 0 PID: 15258 Comm: syz.1.3263 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 682.627111][T15258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 682.627125][T15258] Call Trace: [ 682.627134][T15258] [ 682.627143][T15258] dump_stack_lvl+0x189/0x250 [ 682.627179][T15258] ? __pfx____ratelimit+0x10/0x10 [ 682.627202][T15258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 682.627233][T15258] ? __pfx__printk+0x10/0x10 [ 682.627264][T15258] ? __pfx___might_resched+0x10/0x10 [ 682.627289][T15258] ? fs_reclaim_acquire+0x7d/0x100 [ 682.627319][T15258] should_fail_ex+0x414/0x560 [ 682.627354][T15258] should_failslab+0xa8/0x100 [ 682.627380][T15258] __kmalloc_cache_noprof+0x70/0x3d0 [ 682.627401][T15258] ? __alloc_workqueue+0x166/0x1b70 [ 682.627437][T15258] __alloc_workqueue+0x166/0x1b70 [ 682.627457][T15258] ? rcu_is_watching+0x15/0xb0 [ 682.627485][T15258] ? kfree+0x4d/0x440 [ 682.627515][T15258] alloc_workqueue_noprof+0xd4/0x210 [ 682.627544][T15258] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 682.627592][T15258] hci_register_dev+0x208/0x890 [ 682.627622][T15258] ? __raw_spin_lock_init+0x45/0x100 [ 682.627662][T15258] hci_uart_tty_ioctl+0x828/0xa00 [ 682.627691][T15258] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 682.627713][T15258] tty_ioctl+0x9c6/0xde0 [ 682.627735][T15258] ? __pfx_tty_ioctl+0x10/0x10 [ 682.627757][T15258] __se_sys_ioctl+0xf9/0x170 [ 682.627782][T15258] do_syscall_64+0xfa/0x3b0 [ 682.627804][T15258] ? lockdep_hardirqs_on+0x9c/0x150 [ 682.627825][T15258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.627847][T15258] ? clear_bhb_loop+0x60/0xb0 [ 682.627871][T15258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.627891][T15258] RIP: 0033:0x7f321738ebe9 [ 682.627911][T15258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.627929][T15258] RSP: 002b:00007f3218275038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 682.627952][T15258] RAX: ffffffffffffffda RBX: 00007f32175b5fa0 RCX: 00007f321738ebe9 [ 682.627968][T15258] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 682.627981][T15258] RBP: 00007f3218275090 R08: 0000000000000000 R09: 0000000000000000 [ 682.627996][T15258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 682.628009][T15258] R13: 00007f32175b6038 R14: 00007f32175b5fa0 R15: 00007fffe47e9658 [ 682.628043][T15258] [ 682.628106][T15258] Bluetooth: Can't register HCI device [ 682.939547][ T5859] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 683.090507][ T5859] usb 5-1: Using ep0 maxpacket: 16 [ 683.111736][ T5859] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 683.121973][ T5859] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 683.133115][ T5859] usb 5-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 683.148713][ T5859] usb 5-1: config 1 interface 0 has no altsetting 0 [ 683.159107][ T5859] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 683.168575][ T5859] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.176996][ T5859] usb 5-1: Product: syz [ 683.181556][ T5859] usb 5-1: Manufacturer: syz [ 683.186240][ T5859] usb 5-1: SerialNumber: syz [ 683.269659][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 683.413334][ T5859] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 34 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 683.429456][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 683.456839][ T9] usb 2-1: config 0 has an invalid interface number: 146 but max is 0 [ 683.465256][ T9] usb 2-1: config 0 has no interface number 0 [ 683.476416][ T9] usb 2-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 683.487512][ T9] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 683.504729][ T9] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 683.516179][ T9] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 683.545232][ T9] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 683.563758][ T9] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 683.575887][ T9] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 683.589237][ T9] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 683.604292][ T9] usb 2-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 683.620900][ T9] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 683.634592][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.656785][ T9] usb 2-1: Product: syz [ 683.661535][ T9] usb 2-1: Manufacturer: syz [ 683.666261][ T9] usb 2-1: SerialNumber: syz [ 683.680902][ T9] usb 2-1: config 0 descriptor?? [ 683.687156][T15260] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 683.695468][ T5859] usb 5-1: USB disconnect, device number 34 [ 683.700384][T15260] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 683.714777][ T5859] usblp1: removed [ 683.715492][ T9] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3 [ 683.728099][ T9] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2 [ 683.757630][ T9] scsi host1: microtekX6 [ 683.952432][ T24] usb 2-1: USB disconnect, device number 6 [ 684.085557][ T5932] usb 6-1: USB disconnect, device number 9 [ 684.229582][ T5859] usb 5-1: new low-speed USB device number 35 using dummy_hcd [ 684.359548][ T5859] usb 5-1: device descriptor read/64, error -71 [ 684.619720][ T5859] usb 5-1: new low-speed USB device number 36 using dummy_hcd [ 684.655438][T15272] loop2: detected capacity change from 0 to 7 [ 684.688837][ T9479] Dev loop2: unable to read RDB block 7 [ 684.704736][ T9479] loop2: unable to read partition table [ 684.713743][ T9479] loop2: partition table beyond EOD, truncated [ 684.769367][ T5859] usb 5-1: device descriptor read/64, error -71 [ 684.775888][T15272] Dev loop2: unable to read RDB block 7 [ 684.784799][T15272] loop2: unable to read partition table [ 684.794662][T15272] loop2: partition table beyond EOD, truncated [ 684.801215][T15272] loop_reread_partitions: partition scan of loop2 (ţ被xü—źŃŕ– ) failed (rc=-5) [ 684.918624][ T5859] usb usb5-port1: attempt power cycle [ 684.969667][T15280] FAULT_INJECTION: forcing a failure. [ 684.969667][T15280] name failslab, interval 1, probability 0, space 0, times 0 [ 684.990994][T15280] CPU: 1 UID: 0 PID: 15280 Comm: syz.5.3271 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 684.991027][T15280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 684.991040][T15280] Call Trace: [ 684.991049][T15280] [ 684.991059][T15280] dump_stack_lvl+0x189/0x250 [ 684.991096][T15280] ? __pfx____ratelimit+0x10/0x10 [ 684.991118][T15280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 684.991159][T15280] ? __pfx__printk+0x10/0x10 [ 684.991196][T15280] ? __pfx___might_resched+0x10/0x10 [ 684.991222][T15280] ? fs_reclaim_acquire+0x7d/0x100 [ 684.991253][T15280] should_fail_ex+0x414/0x560 [ 684.991289][T15280] should_failslab+0xa8/0x100 [ 684.991315][T15280] __kmalloc_noprof+0xcb/0x4f0 [ 684.991335][T15280] ? p9_client_prepare_req+0x383/0xeb0 [ 684.991365][T15280] ? p9_msg_buf_size+0x16aa/0x1ee0 [ 684.991399][T15280] p9_client_prepare_req+0x383/0xeb0 [ 684.991439][T15280] ? kasan_save_track+0x4f/0x80 [ 684.991467][T15280] ? kasan_save_track+0x3e/0x80 [ 684.991493][T15280] ? __kasan_kmalloc+0x93/0xb0 [ 684.991514][T15280] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 684.991542][T15280] ? v9fs_fid_lookup+0x9ab/0xb70 [ 684.991566][T15280] ? do_fchownat+0x161/0x270 [ 684.991591][T15280] ? __x64_sys_chown+0x82/0xa0 [ 684.991617][T15280] ? do_syscall_64+0xfa/0x3b0 [ 684.991638][T15280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.991677][T15280] p9_client_rpc+0x188/0xa70 [ 684.991724][T15280] ? __pfx_p9_client_rpc+0x10/0x10 [ 684.991768][T15280] ? rcu_is_watching+0x15/0xb0 [ 684.991795][T15280] ? trace_9p_fid_ref+0x7c/0x1d0 [ 684.991827][T15280] p9_client_attach+0x168/0x3c0 [ 684.991863][T15280] ? __pfx_p9_client_attach+0x10/0x10 [ 684.991893][T15280] ? _raw_spin_unlock+0x28/0x50 [ 684.991922][T15280] ? v9fs_fid_find_inode+0x1d2/0x220 [ 684.991949][T15280] v9fs_fid_lookup+0x9ab/0xb70 [ 684.991985][T15280] v9fs_vfs_setattr+0x188/0xb10 [ 684.992027][T15280] ? __pfx_v9fs_vfs_setattr+0x10/0x10 [ 684.992075][T15280] ? try_break_deleg+0x79/0x130 [ 684.992096][T15280] ? __pfx_v9fs_vfs_setattr+0x10/0x10 [ 684.992128][T15280] notify_change+0xb36/0xe40 [ 684.992172][T15280] chown_common+0x40c/0x5c0 [ 684.992213][T15280] ? __pfx_chown_common+0x10/0x10 [ 684.992254][T15280] ? mnt_get_write_access+0x223/0x2a0 [ 684.992288][T15280] do_fchownat+0x161/0x270 [ 684.992320][T15280] ? __pfx_do_fchownat+0x10/0x10 [ 684.992349][T15280] ? __pfx_ksys_write+0x10/0x10 [ 684.992371][T15280] ? rcu_is_watching+0x15/0xb0 [ 684.992405][T15280] __x64_sys_chown+0x82/0xa0 [ 684.992435][T15280] do_syscall_64+0xfa/0x3b0 [ 684.992457][T15280] ? lockdep_hardirqs_on+0x9c/0x150 [ 684.992478][T15280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.992498][T15280] ? clear_bhb_loop+0x60/0xb0 [ 684.992524][T15280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.992545][T15280] RIP: 0033:0x7f3877b8ebe9 [ 684.992565][T15280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.992584][T15280] RSP: 002b:00007f3878ae2038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 684.992608][T15280] RAX: ffffffffffffffda RBX: 00007f3877db5fa0 RCX: 00007f3877b8ebe9 [ 684.992624][T15280] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 00002000000003c0 [ 684.992638][T15280] RBP: 00007f3878ae2090 R08: 0000000000000000 R09: 0000000000000000 [ 684.992652][T15280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 684.992666][T15280] R13: 00007f3877db6038 R14: 00007f3877db5fa0 R15: 00007ffc7ff18668 [ 684.992701][T15280] [ 685.956074][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.970423][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.044914][T15240] kexec: Could not allocate control_code_buffer [ 686.083559][T14556] usb 3-1: USB disconnect, device number 108 [ 686.467748][T15283] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 686.473892][T15283] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 686.485270][T15283] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 686.492196][T15283] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 686.505453][T15283] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.513906][T15283] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 686.524764][T15283] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 686.532106][T15283] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 686.543223][T15283] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 686.551595][T15283] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 686.557833][T15283] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 686.568093][T15283] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 686.803663][T15304] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 686.819312][ T3098] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 686.827124][ T5859] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 686.979300][ T5859] usb 5-1: device descriptor read/64, error -71 [ 686.989783][ T3098] usb 3-1: Using ep0 maxpacket: 16 [ 687.005975][ T3098] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 687.024284][ T3098] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 687.035371][ T3098] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 687.046319][ T3098] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 687.055488][ T3098] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 687.073387][ T3098] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 687.083846][ T3098] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.092559][ T3098] usb 3-1: Product: ⎽俊୕栟퀉揢깳ᝲᤚ듻ᗪíłç±·á˛¬ę»¨áŚ±á«Žá†‚퇵䠱ꬻ晶摒섽á ěžšďˇě·śäščŠ˛ćľµďŁŕąŞ [ 687.106674][ T3098] usb 3-1: Manufacturer: Đ™ [ 687.119246][T14556] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 687.126876][ T3098] usb 3-1: SerialNumber: 攝圖éŽč«é«śëŁ¦ć’Łí’᤻ꑤ兠ěŚâ¨Żěľ‰éˇ˛ă »Ú¸ë„ˇăŞĄĺ¬żé§±ă´’éŽ‹çŠ§ě»™ď¬…ä ”îĽ¦č·©ŕ ‰ĺ·‹ęŻ«â…—čşîŚşäŠĄç—–çłâť‚鸤Ƅ諏ꡒ㢋鍙킾 [ 687.131207][T15300] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 687.229138][ T5859] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 687.309333][T14556] usb 2-1: Using ep0 maxpacket: 16 [ 687.317002][T14556] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 687.331882][T14556] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 687.345134][T14556] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 687.357006][T14556] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.366808][T14556] usb 2-1: Product: syz [ 687.369595][ T5859] usb 5-1: device descriptor read/64, error -71 [ 687.377683][T14556] usb 2-1: Manufacturer: syz [ 687.386270][T14556] usb 2-1: SerialNumber: syz [ 687.493336][ T5859] usb usb5-port1: attempt power cycle [ 687.619590][T14556] usb 2-1: 0:2 : does not exist [ 687.640055][T14556] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 687.666914][ T3098] usb 3-1: 0:2 : does not exist [ 687.670478][T14556] usb 2-1: USB disconnect, device number 7 [ 687.706253][ T3098] usb 3-1: USB disconnect, device number 109 [ 687.777334][ T9479] udevd[9479]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 687.791307][ T9757] udevd[9757]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 687.839438][ T5859] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 687.860104][ T5876] Bluetooth: hci3: command 0x0406 tx timeout [ 687.861305][ T5859] usb 5-1: device descriptor read/8, error -71 [ 688.128925][ T5859] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 688.169856][ T5859] usb 5-1: device descriptor read/8, error -71 [ 688.280364][ T5859] usb usb5-port1: unable to enumerate USB device [ 688.358716][T15325] 9pnet_fd: Insufficient options for proto=fd [ 688.400559][ T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 688.505841][ T5876] Bluetooth: hci4: command 0x0406 tx timeout [ 688.538903][ T9] usb 6-1: device descriptor read/64, error -71 [ 688.579016][ T5881] Bluetooth: hci1: command 0x0c1a tx timeout [ 688.579023][T13248] Bluetooth: hci0: command 0x0406 tx timeout [ 688.585718][ T5876] Bluetooth: hci5: command 0x0c1a tx timeout [ 688.597633][T14556] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 688.608918][ T5932] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 688.748964][T14556] usb 3-1: Using ep0 maxpacket: 8 [ 688.756161][T14556] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 688.765809][ T5932] usb 2-1: Using ep0 maxpacket: 16 [ 688.771143][T14556] usb 3-1: config 0 has no interface number 0 [ 688.777288][T14556] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 688.788497][ T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 688.796801][T14556] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 688.810264][T14556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 688.822808][T14556] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 688.836096][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.847161][T14556] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 688.856504][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.878861][T14556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.889868][ T5932] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 688.892068][T15327] omfs: Invalid superblock (0) [ 688.904792][T14556] usb 3-1: config 0 descriptor?? [ 688.913717][ T5932] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 688.923632][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.948857][ T9] usb 6-1: device descriptor read/64, error -71 [ 688.955513][T14556] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 688.990778][ T5932] usb 2-1: config 0 descriptor?? [ 689.061129][ T9] usb usb6-port1: attempt power cycle [ 689.146614][T15331] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 689.214873][T15334] FAULT_INJECTION: forcing a failure. [ 689.214873][T15334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 689.229646][T15334] CPU: 0 UID: 0 PID: 15334 Comm: syz.2.3288 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 689.229677][T15334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 689.229691][T15334] Call Trace: [ 689.229700][T15334] [ 689.229710][T15334] dump_stack_lvl+0x189/0x250 [ 689.229746][T15334] ? __pfx____ratelimit+0x10/0x10 [ 689.229773][T15334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 689.229804][T15334] ? __pfx__printk+0x10/0x10 [ 689.229836][T15334] ? get_sigframe+0x596/0x7d0 [ 689.229869][T15334] should_fail_ex+0x414/0x560 [ 689.229904][T15334] _copy_to_user+0x31/0xb0 [ 689.229933][T15334] copy_siginfo_to_user+0x22/0xc0 [ 689.229964][T15334] x64_setup_rt_frame+0x776/0xd40 [ 689.230013][T15334] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 689.230049][T15334] arch_do_signal_or_restart+0x3d7/0x750 [ 689.230074][T15334] ? __fget_files+0x3a0/0x420 [ 689.230107][T15334] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 689.230149][T15334] ? exit_to_user_mode_loop+0x40/0x110 [ 689.230178][T15334] exit_to_user_mode_loop+0x75/0x110 [ 689.230199][T15334] do_syscall_64+0x2bd/0x3b0 [ 689.230221][T15334] ? lockdep_hardirqs_on+0x9c/0x150 [ 689.230241][T15334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.230263][T15334] ? clear_bhb_loop+0x60/0xb0 [ 689.230288][T15334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.230308][T15334] RIP: 0033:0x7f185818ebe7 [ 689.230328][T15334] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 689.230348][T15334] RSP: 002b:00007f1859045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 689.230372][T15334] RAX: 0000000000000014 RBX: 00007f18583b6090 RCX: 00007f185818ebe9 [ 689.230385][T15334] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000004 [ 689.230398][T15334] RBP: 00007f1859045090 R08: 0000000000000000 R09: 0000000000000000 [ 689.230411][T15334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 689.230424][T15334] R13: 00007f18583b6128 R14: 00007f18583b6090 R15: 00007ffd1c8f7cf8 [ 689.230466][T15334] [ 689.446008][ C0] vkms_vblank_simulate: vblank timer overrun [ 689.555701][ C0] vkms_vblank_simulate: vblank timer overrun [ 689.564868][ T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 689.577079][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.587714][ T5932] microsoft 0003:045E:07DA.003E: ignoring exceeding usage max [ 689.597225][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.604586][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.612014][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.619467][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.626729][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.634033][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.641441][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.648735][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.656196][ T5932] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 689.674283][ T5932] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.003E/input/input56 [ 689.709430][ T9] usb 6-1: device descriptor read/8, error -71 [ 689.779355][ T5932] microsoft 0003:045E:07DA.003E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 689.934466][ T5932] usb 2-1: USB disconnect, device number 8 [ 689.941397][ T5876] Bluetooth: hci3: command 0x0406 tx timeout [ 689.978927][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 690.015211][ T9] usb 6-1: device descriptor read/8, error -71 [ 690.079758][T15335] fido_id[15335]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 690.158232][ T9] usb usb6-port1: unable to enumerate USB device [ 690.586166][ T5876] Bluetooth: hci4: command 0x0406 tx timeout [ 690.667586][ T5876] Bluetooth: hci5: command 0x0c1a tx timeout [ 690.667778][ T5881] Bluetooth: hci0: command 0x0406 tx timeout [ 690.673832][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 691.099818][T15350] kernel profiling enabled (shift: 63) [ 691.103285][T15352] random: crng reseeded on system resumption [ 691.108283][T15350] profiling shift: 63 too large [ 691.370939][ T5859] usb 3-1: USB disconnect, device number 110 [ 691.408620][ T5932] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 691.420324][ T5859] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 691.459616][T15357] FAULT_INJECTION: forcing a failure. [ 691.459616][T15357] name failslab, interval 1, probability 0, space 0, times 0 [ 691.500838][T15357] CPU: 1 UID: 0 PID: 15357 Comm: syz.2.3301 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 691.500871][T15357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 691.500884][T15357] Call Trace: [ 691.500893][T15357] [ 691.500903][T15357] dump_stack_lvl+0x189/0x250 [ 691.500938][T15357] ? __pfx____ratelimit+0x10/0x10 [ 691.500959][T15357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 691.500988][T15357] ? __pfx__printk+0x10/0x10 [ 691.501024][T15357] ? __pfx___might_resched+0x10/0x10 [ 691.501049][T15357] ? fs_reclaim_acquire+0x7d/0x100 [ 691.501090][T15357] should_fail_ex+0x414/0x560 [ 691.501125][T15357] should_failslab+0xa8/0x100 [ 691.501149][T15357] kmem_cache_alloc_noprof+0x73/0x3c0 [ 691.501169][T15357] ? alloc_empty_file+0x55/0x1d0 [ 691.501203][T15357] alloc_empty_file+0x55/0x1d0 [ 691.501232][T15357] dentry_open+0x44/0xa0 [ 691.501260][T15357] ovl_dir_read+0x85/0x5f0 [ 691.501294][T15357] ? __pfx_ovl_dir_read+0x10/0x10 [ 691.501311][T15357] ? __kasan_kmalloc+0x93/0xb0 [ 691.501341][T15357] ovl_iterate+0x14c5/0x1f40 [ 691.501363][T15357] ? __lock_acquire+0xab9/0xd20 [ 691.501406][T15357] ? __pfx_ovl_iterate+0x10/0x10 [ 691.501429][T15357] ? aa_file_perm+0x13a/0x1550 [ 691.501458][T15357] ? __pfx_ovl_fill_plain+0x10/0x10 [ 691.501494][T15357] ? __pfx_ovl_fill_real+0x10/0x10 [ 691.501551][T15357] ? down_write+0x162/0x1f0 [ 691.501575][T15357] ? __pfx_down_write+0x10/0x10 [ 691.501600][T15357] ? wrap_directory_iterator+0x52/0xe0 [ 691.501625][T15357] ? __pfx_ovl_iterate+0x10/0x10 [ 691.501648][T15357] wrap_directory_iterator+0x96/0xe0 [ 691.501674][T15357] iterate_dir+0x396/0x570 [ 691.501701][T15357] __se_sys_getdents+0xe4/0x250 [ 691.501728][T15357] ? __pfx___se_sys_getdents+0x10/0x10 [ 691.501747][T15357] ? ksys_write+0x22a/0x250 [ 691.501766][T15357] ? __pfx_filldir+0x10/0x10 [ 691.501791][T15357] ? __pfx_ksys_write+0x10/0x10 [ 691.501812][T15357] ? rcu_is_watching+0x15/0xb0 [ 691.501844][T15357] ? do_syscall_64+0xbe/0x3b0 [ 691.501870][T15357] do_syscall_64+0xfa/0x3b0 [ 691.501889][T15357] ? lockdep_hardirqs_on+0x9c/0x150 [ 691.501908][T15357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.501927][T15357] ? clear_bhb_loop+0x60/0xb0 [ 691.501954][T15357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.501972][T15357] RIP: 0033:0x7f185818ebe9 [ 691.501992][T15357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.502010][T15357] RSP: 002b:00007f1859066038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 691.502034][T15357] RAX: ffffffffffffffda RBX: 00007f18583b5fa0 RCX: 00007f185818ebe9 [ 691.502049][T15357] RDX: 000000000000001f RSI: 00002000000008c0 RDI: 0000000000000005 [ 691.502063][T15357] RBP: 00007f1859066090 R08: 0000000000000000 R09: 0000000000000000 [ 691.502085][T15357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 691.502098][T15357] R13: 00007f18583b6038 R14: 00007f18583b5fa0 R15: 00007ffd1c8f7cf8 [ 691.502132][T15357] [ 691.558834][ T5932] usb 2-1: device descriptor read/64, error -71 [ 692.070950][ T5932] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 692.208589][T14556] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 692.216522][ T5932] usb 2-1: device descriptor read/64, error -71 [ 692.349096][ T5932] usb usb2-port1: attempt power cycle [ 692.388681][T14556] usb 3-1: Using ep0 maxpacket: 8 [ 692.397603][T14556] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 692.406859][T14556] usb 3-1: config 0 has no interface number 0 [ 692.413406][T14556] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 692.427757][T14556] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 692.443133][T14556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 692.456533][T14556] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 692.470289][T14556] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 692.479854][T14556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.499566][T14556] usb 3-1: config 0 descriptor?? [ 692.528785][T14556] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 692.708535][ T5932] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 692.739083][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 692.745184][ T5876] Bluetooth: hci5: command 0x0c1a tx timeout [ 692.754183][ T5932] usb 2-1: device descriptor read/8, error -71 [ 692.802933][T15386] fuse: Bad value for 'group_id' [ 692.807931][T15386] fuse: Bad value for 'group_id' [ 692.998996][ T5932] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 693.029199][ T5932] usb 2-1: device descriptor read/8, error -71 [ 693.142383][ T5932] usb usb2-port1: unable to enumerate USB device [ 693.208629][T14556] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 693.368615][T14556] usb 5-1: Using ep0 maxpacket: 16 [ 693.375989][T14556] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 693.384670][T14556] usb 5-1: config 0 has no interface number 0 [ 693.391346][T14556] usb 5-1: config 0 interface 68 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 693.405500][T14556] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 693.415200][T14556] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.423436][T14556] usb 5-1: Product: syz [ 693.427829][T14556] usb 5-1: Manufacturer: syz [ 693.432525][T14556] usb 5-1: SerialNumber: syz [ 693.441819][T14556] usb 5-1: config 0 descriptor?? [ 693.462535][T14556] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 693.694085][ T755] usb 5-1: Failed to submit usb control message: -71 [ 693.694789][ T3098] usb 5-1: USB disconnect, device number 42 [ 693.702862][ T755] usb 5-1: unable to send the bmi data to the device: -71 [ 693.747799][ T755] usb 5-1: unable to get target info from device [ 693.761408][ T755] usb 5-1: could not get target info (-71) [ 693.767679][ T755] usb 5-1: could not probe fw (-71) [ 694.451361][T15400] FAULT_INJECTION: forcing a failure. [ 694.451361][T15400] name failslab, interval 1, probability 0, space 0, times 0 [ 694.487205][T15400] CPU: 0 UID: 0 PID: 15400 Comm: syz.4.3315 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 694.487239][T15400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 694.487252][T15400] Call Trace: [ 694.487262][T15400] [ 694.487271][T15400] dump_stack_lvl+0x189/0x250 [ 694.487307][T15400] ? __pfx____ratelimit+0x10/0x10 [ 694.487330][T15400] ? __pfx_dump_stack_lvl+0x10/0x10 [ 694.487360][T15400] ? __pfx__printk+0x10/0x10 [ 694.487398][T15400] ? __pfx___might_resched+0x10/0x10 [ 694.487430][T15400] should_fail_ex+0x414/0x560 [ 694.487464][T15400] should_failslab+0xa8/0x100 [ 694.487491][T15400] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 694.487514][T15400] ? __alloc_skb+0x112/0x2d0 [ 694.487541][T15400] __alloc_skb+0x112/0x2d0 [ 694.487570][T15400] tcp_stream_alloc_skb+0x3d/0x340 [ 694.487606][T15400] tcp_connect+0x146f/0x4ef0 [ 694.487653][T15400] ? ktime_get_with_offset+0x8c/0x2a0 [ 694.487692][T15400] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 694.487726][T15400] ? ktime_get_with_offset+0x8c/0x2a0 [ 694.487754][T15400] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 694.487788][T15400] ? __pfx_tcp_connect+0x10/0x10 [ 694.487817][T15400] ? get_random_u32+0x48e/0x940 [ 694.487842][T15400] ? lockdep_hardirqs_on+0x9c/0x150 [ 694.487874][T15400] ? __asan_memset+0x22/0x50 [ 694.487911][T15400] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 694.487948][T15400] ? inet6_hash_connect+0xd8/0x170 [ 694.487978][T15400] tcp_v6_connect+0x11f7/0x1870 [ 694.488022][T15400] ? __pfx_tcp_v6_connect+0x10/0x10 [ 694.488074][T15400] ? __local_bh_enable_ip+0x12d/0x1c0 [ 694.488099][T15400] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 694.488135][T15400] mptcp_connect+0x568/0x830 [ 694.488163][T15400] __inet_stream_connect+0x2ab/0xe80 [ 694.488203][T15400] ? __local_bh_enable_ip+0x12d/0x1c0 [ 694.488227][T15400] ? __pfx___inet_stream_connect+0x10/0x10 [ 694.488255][T15400] ? __local_bh_enable_ip+0x12d/0x1c0 [ 694.488279][T15400] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 694.488315][T15400] inet_stream_connect+0x66/0xa0 [ 694.488348][T15400] __sys_connect+0x316/0x440 [ 694.488371][T15400] ? __fget_files+0x3a0/0x420 [ 694.488399][T15400] ? __pfx___sys_connect+0x10/0x10 [ 694.488437][T15400] ? __pfx_ksys_write+0x10/0x10 [ 694.488459][T15400] ? rcu_is_watching+0x15/0xb0 [ 694.488493][T15400] __x64_sys_connect+0x7a/0x90 [ 694.488518][T15400] do_syscall_64+0xfa/0x3b0 [ 694.488540][T15400] ? lockdep_hardirqs_on+0x9c/0x150 [ 694.488560][T15400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.488582][T15400] ? clear_bhb_loop+0x60/0xb0 [ 694.488608][T15400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.488628][T15400] RIP: 0033:0x7fb3eb78ebe9 [ 694.488648][T15400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.488666][T15400] RSP: 002b:00007fb3ec66b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 694.488690][T15400] RAX: ffffffffffffffda RBX: 00007fb3eb9b5fa0 RCX: 00007fb3eb78ebe9 [ 694.488705][T15400] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003 [ 694.488719][T15400] RBP: 00007fb3ec66b090 R08: 0000000000000000 R09: 0000000000000000 [ 694.488732][T15400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 694.488746][T15400] R13: 00007fb3eb9b6038 R14: 00007fb3eb9b5fa0 R15: 00007ffd3fe65a48 [ 694.488781][T15400] [ 694.819550][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.919079][ T5876] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 695.125664][ T43] usb 3-1: USB disconnect, device number 111 [ 695.221500][ T43] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 695.329654][T15404] fuse: Unknown parameter 'group_i00000000000000000000' [ 695.417396][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.471353][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.491454][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.548542][T15404] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 695.635973][T15404] infiniband : RDMA CMA: cma_listen_on_dev, error -98 [ 695.706473][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.719570][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.746372][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.758468][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.772938][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.786315][T15404] virt_wifi0 speed is unknown, defaulting to 1000 [ 695.792936][ T5870] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 695.793901][T15418] FAULT_INJECTION: forcing a failure. [ 695.793901][T15418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 695.821297][T15418] CPU: 1 UID: 0 PID: 15418 Comm: syz.4.3321 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 695.821328][T15418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 695.821340][T15418] Call Trace: [ 695.821349][T15418] [ 695.821359][T15418] dump_stack_lvl+0x189/0x250 [ 695.821393][T15418] ? __pfx____ratelimit+0x10/0x10 [ 695.821415][T15418] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.821445][T15418] ? __pfx__printk+0x10/0x10 [ 695.821489][T15418] should_fail_ex+0x414/0x560 [ 695.821525][T15418] _copy_to_user+0x31/0xb0 [ 695.821552][T15418] simple_read_from_buffer+0xe1/0x170 [ 695.821584][T15418] proc_fail_nth_read+0x1b3/0x220 [ 695.821620][T15418] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 695.821654][T15418] ? rw_verify_area+0x2a6/0x4d0 [ 695.821677][T15418] ? __lock_acquire+0xab9/0xd20 [ 695.821698][T15418] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 695.821730][T15418] vfs_read+0x1fd/0xa30 [ 695.821751][T15418] ? fdget_pos+0x247/0x320 [ 695.821779][T15418] ? __pfx___mutex_lock+0x10/0x10 [ 695.821802][T15418] ? __pfx_vfs_read+0x10/0x10 [ 695.821827][T15418] ? __fget_files+0x2a/0x420 [ 695.821858][T15418] ? __fget_files+0x3a0/0x420 [ 695.821883][T15418] ? __fget_files+0x2a/0x420 [ 695.821919][T15418] ksys_read+0x145/0x250 [ 695.821946][T15418] ? __pfx_ksys_read+0x10/0x10 [ 695.821967][T15418] ? rcu_is_watching+0x15/0xb0 [ 695.822001][T15418] ? do_syscall_64+0xbe/0x3b0 [ 695.822026][T15418] do_syscall_64+0xfa/0x3b0 [ 695.822055][T15418] ? lockdep_hardirqs_on+0x9c/0x150 [ 695.822075][T15418] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.822096][T15418] ? clear_bhb_loop+0x60/0xb0 [ 695.822122][T15418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.822141][T15418] RIP: 0033:0x7fb3eb78d5fc [ 695.822161][T15418] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 695.822179][T15418] RSP: 002b:00007fb3ec66b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 695.822203][T15418] RAX: ffffffffffffffda RBX: 00007fb3eb9b5fa0 RCX: 00007fb3eb78d5fc [ 695.822218][T15418] RDX: 000000000000000f RSI: 00007fb3ec66b0a0 RDI: 0000000000000007 [ 695.822232][T15418] RBP: 00007fb3ec66b090 R08: 0000000000000000 R09: 0000000000000000 [ 695.822244][T15418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.822256][T15418] R13: 00007fb3eb9b6038 R14: 00007fb3eb9b5fa0 R15: 00007ffd3fe65a48 [ 695.822289][T15418] [ 696.148066][ T5870] usb 6-1: Using ep0 maxpacket: 8 [ 696.172611][ T5870] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 696.217421][ T5870] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 696.264472][ T5870] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 696.295736][ T5870] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 696.319496][ T5870] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 696.331026][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.362124][T15422] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 696.511085][T15427] kvm: emulating exchange as write [ 696.578205][ T5870] usb 6-1: GET_CAPABILITIES returned 0 [ 696.590135][ T5870] usbtmc 6-1:16.0: can't read capabilities [ 696.701901][T15432] FAULT_INJECTION: forcing a failure. [ 696.701901][T15432] name failslab, interval 1, probability 0, space 0, times 0 [ 696.733628][T15432] CPU: 0 UID: 0 PID: 15432 Comm: syz.4.3326 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 696.733660][T15432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 696.733673][T15432] Call Trace: [ 696.733682][T15432] [ 696.733692][T15432] dump_stack_lvl+0x189/0x250 [ 696.733726][T15432] ? __pfx____ratelimit+0x10/0x10 [ 696.733748][T15432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 696.733777][T15432] ? __pfx__printk+0x10/0x10 [ 696.733810][T15432] ? __pfx___might_resched+0x10/0x10 [ 696.733835][T15432] ? fs_reclaim_acquire+0x7d/0x100 [ 696.733864][T15432] should_fail_ex+0x414/0x560 [ 696.733900][T15432] should_failslab+0xa8/0x100 [ 696.733926][T15432] __kmalloc_noprof+0xcb/0x4f0 [ 696.733947][T15432] ? tomoyo_encode+0x28b/0x550 [ 696.733982][T15432] tomoyo_encode+0x28b/0x550 [ 696.734019][T15432] tomoyo_realpath_from_path+0x58d/0x5d0 [ 696.734065][T15432] tomoyo_check_open_permission+0x1c1/0x3b0 [ 696.734088][T15432] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 696.734110][T15432] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 696.734136][T15432] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 696.734159][T15432] ? wrap_directory_iterator+0x96/0xe0 [ 696.734217][T15432] ? lockref_get+0x15/0x60 [ 696.734249][T15432] ? tomoyo_file_open+0x165/0x220 [ 696.734298][T15432] security_file_open+0xb1/0x270 [ 696.734324][T15432] do_dentry_open+0x384/0x13f0 [ 696.734364][T15432] ? vfs_open+0x31/0x340 [ 696.734400][T15432] vfs_open+0x3b/0x340 [ 696.734435][T15432] dentry_open+0x61/0xa0 [ 696.734466][T15432] ovl_dir_read+0x85/0x5f0 [ 696.734501][T15432] ? __pfx_ovl_dir_read+0x10/0x10 [ 696.734520][T15432] ? __kasan_kmalloc+0x93/0xb0 [ 696.734554][T15432] ovl_iterate+0x14c5/0x1f40 [ 696.734576][T15432] ? __lock_acquire+0xab9/0xd20 [ 696.734621][T15432] ? __pfx_ovl_iterate+0x10/0x10 [ 696.734644][T15432] ? aa_file_perm+0x13a/0x1550 [ 696.734674][T15432] ? __pfx_ovl_fill_plain+0x10/0x10 [ 696.734711][T15432] ? __pfx_ovl_fill_real+0x10/0x10 [ 696.734770][T15432] ? down_write+0x162/0x1f0 [ 696.734795][T15432] ? __pfx_down_write+0x10/0x10 [ 696.734819][T15432] ? wrap_directory_iterator+0x52/0xe0 [ 696.734844][T15432] ? __pfx_ovl_iterate+0x10/0x10 [ 696.734869][T15432] wrap_directory_iterator+0x96/0xe0 [ 696.734897][T15432] iterate_dir+0x396/0x570 [ 696.734926][T15432] __se_sys_getdents+0xe4/0x250 [ 696.734954][T15432] ? __pfx___se_sys_getdents+0x10/0x10 [ 696.734975][T15432] ? ksys_write+0x22a/0x250 [ 696.734997][T15432] ? __pfx_filldir+0x10/0x10 [ 696.735022][T15432] ? __pfx_ksys_write+0x10/0x10 [ 696.735042][T15432] ? rcu_is_watching+0x15/0xb0 [ 696.735075][T15432] ? do_syscall_64+0xbe/0x3b0 [ 696.735103][T15432] do_syscall_64+0xfa/0x3b0 [ 696.735123][T15432] ? lockdep_hardirqs_on+0x9c/0x150 [ 696.735145][T15432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.735166][T15432] ? clear_bhb_loop+0x60/0xb0 [ 696.735193][T15432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.735214][T15432] RIP: 0033:0x7fb3eb78ebe9 [ 696.735235][T15432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.735253][T15432] RSP: 002b:00007fb3ec66b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 696.735278][T15432] RAX: ffffffffffffffda RBX: 00007fb3eb9b5fa0 RCX: 00007fb3eb78ebe9 [ 696.735301][T15432] RDX: 000000000000001f RSI: 00002000000008c0 RDI: 0000000000000005 [ 696.735315][T15432] RBP: 00007fb3ec66b090 R08: 0000000000000000 R09: 0000000000000000 [ 696.735328][T15432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 696.735341][T15432] R13: 00007fb3eb9b6038 R14: 00007fb3eb9b5fa0 R15: 00007ffd3fe65a48 [ 696.735377][T15432] [ 696.735407][T15432] ERROR: Out of memory at tomoyo_realpath_from_path. [ 696.853973][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 696.857094][T14556] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 697.296909][T14556] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 697.312436][T14556] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.321620][T14556] usb 2-1: Product: syz [ 697.326135][T14556] usb 2-1: Manufacturer: syz [ 697.335544][T14556] usb 2-1: SerialNumber: syz [ 697.346782][T14556] usb 2-1: config 0 descriptor?? [ 697.488012][ T5932] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 697.580601][T14556] usb-storage 2-1:0.0: USB Mass Storage device detected [ 697.647939][ T5932] usb 5-1: Using ep0 maxpacket: 32 [ 697.676583][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 697.702444][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 697.713429][ T5932] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 697.723191][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.744020][ T5932] usb 5-1: config 0 descriptor?? [ 697.762765][ T5932] hub 5-1:0.0: USB hub found [ 697.955636][T15437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 697.978284][T15437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.016889][T15437] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3328'. [ 698.075889][ T5932] hub 5-1:0.0: 1 port detected [ 698.378222][ T5859] usb 6-1: USB disconnect, device number 14 [ 698.666614][T15453] FAULT_INJECTION: forcing a failure. [ 698.666614][T15453] name failslab, interval 1, probability 0, space 0, times 0 [ 698.680012][T15453] CPU: 0 UID: 0 PID: 15453 Comm: syz.5.3333 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 698.680042][T15453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 698.680054][T15453] Call Trace: [ 698.680063][T15453] [ 698.680072][T15453] dump_stack_lvl+0x189/0x250 [ 698.680105][T15453] ? __pfx____ratelimit+0x10/0x10 [ 698.680127][T15453] ? __pfx_dump_stack_lvl+0x10/0x10 [ 698.680156][T15453] ? __pfx__printk+0x10/0x10 [ 698.680186][T15453] ? rht_lock+0xff/0x220 [ 698.680220][T15453] should_fail_ex+0x414/0x560 [ 698.680254][T15453] should_failslab+0xa8/0x100 [ 698.680280][T15453] __kmalloc_noprof+0xcb/0x4f0 [ 698.680300][T15453] ? br_switchdev_mdb_populate+0x18c/0x3e0 [ 698.680325][T15453] ? switchdev_deferred_enqueue+0x2d/0x240 [ 698.680353][T15453] ? __pfx_switchdev_port_obj_add_deferred+0x10/0x10 [ 698.680375][T15453] switchdev_deferred_enqueue+0x2d/0x240 [ 698.680404][T15453] br_switchdev_mdb_notify+0x25e/0x410 [ 698.680434][T15453] ? __pfx_br_switchdev_mdb_notify+0x10/0x10 [ 698.680479][T15453] ? br_multicast_new_group+0x41e/0x4b0 [ 698.680510][T15453] ? __pfx_br_multicast_star_g_host_state+0x10/0x10 [ 698.680537][T15453] ? tcp6_gso_segment+0x1340/0x16d0 [ 698.680567][T15453] __br_mdb_notify+0x73/0x970 [ 698.680591][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.680626][T15453] __br_multicast_add_group+0x84f/0xa30 [ 698.680658][T15453] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 698.680702][T15453] br_multicast_rcv+0x3a5f/0x74b0 [ 698.680762][T15453] ? __pfx_br_multicast_rcv+0x10/0x10 [ 698.680795][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.680826][T15453] ? ktime_get+0x3e/0x1f0 [ 698.680857][T15453] ? ktime_get+0x3e/0x1f0 [ 698.680892][T15453] ? ktime_get+0x3e/0x1f0 [ 698.680917][T15453] ? ktime_get+0x3e/0x1f0 [ 698.680943][T15453] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 698.680979][T15453] ? css_rstat_updated+0x23a/0x4f0 [ 698.681031][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.681071][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.681125][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.681158][T15453] ? br_dev_xmit+0x185/0x1840 [ 698.681189][T15453] ? br_allowed_ingress+0xd3/0x1040 [ 698.681220][T15453] ? arch_stack_walk+0xfc/0x150 [ 698.681263][T15453] br_dev_xmit+0xaf7/0x1840 [ 698.681293][T15453] ? br_dev_xmit+0x185/0x1840 [ 698.681330][T15453] ? __pfx_br_dev_xmit+0x10/0x10 [ 698.681354][T15453] ? validate_xmit_xfrm+0xbf/0x1160 [ 698.681377][T15453] ? __pfx_skb_network_protocol+0x10/0x10 [ 698.681411][T15453] ? __pfx_validate_xmit_xfrm+0x10/0x10 [ 698.681440][T15453] ? __pfx_passthru_features_check+0x10/0x10 [ 698.681485][T15453] dev_hard_start_xmit+0x2d4/0x830 [ 698.681534][T15453] __dev_queue_xmit+0x1b8d/0x3b50 [ 698.681563][T15453] ? register_lock_class+0x51/0x320 [ 698.681605][T15453] ? __dev_queue_xmit+0x27b/0x3b50 [ 698.681654][T15453] ? __pfx___dev_queue_xmit+0x10/0x10 [ 698.681684][T15453] ? read_seqbegin+0x122/0x250 [ 698.681704][T15453] ? neigh_resolve_output+0x438/0x750 [ 698.681725][T15453] ? lockdep_hardirqs_on+0x9c/0x150 [ 698.681748][T15453] ? read_seqbegin+0x1ac/0x250 [ 698.681769][T15453] ? __pfx_read_seqbegin+0x10/0x10 [ 698.681787][T15453] ? __local_bh_enable_ip+0x12d/0x1c0 [ 698.681813][T15453] ? eth_header+0x11b/0x200 [ 698.681840][T15453] ? __asan_memcpy+0x40/0x70 [ 698.681872][T15453] ? eth_header+0x11b/0x200 [ 698.681900][T15453] ? __pfx_eth_header+0x10/0x10 [ 698.681923][T15453] ? neigh_resolve_output+0x624/0x750 [ 698.681966][T15453] ip6_finish_output2+0x11fb/0x16a0 [ 698.682011][T15453] ? ip6_finish_output2+0x701/0x16a0 [ 698.682048][T15453] ? ip6_mtu+0x7d/0x3f0 [ 698.682076][T15453] ? __pfx_ip6_finish_output2+0x10/0x10 [ 698.682108][T15453] ? ip6_mtu+0x7d/0x3f0 [ 698.682135][T15453] ? ip6_mtu+0x321/0x3f0 [ 698.682165][T15453] ? ip6_finish_output+0x2ef/0x4e0 [ 698.682199][T15453] ip6_mr_output+0x4e9/0x1100 [ 698.682230][T15453] ? ip6_cork_release+0xce/0x150 [ 698.682266][T15453] ? ip6_mr_output+0x1ca/0x1100 [ 698.682295][T15453] ? ip6_cork_release+0x138/0x150 [ 698.682328][T15453] ? __pfx_ip6_mr_output+0x10/0x10 [ 698.682356][T15453] ? __ip6_make_skb+0x18c5/0x2190 [ 698.682403][T15453] ? __ip6_local_out+0x4db/0x870 [ 698.682425][T15453] ? __lock_acquire+0xab9/0xd20 [ 698.682470][T15453] ? skb_dst+0x4f/0xd0 [ 698.682494][T15453] ? dst_output+0x17b/0x1c0 [ 698.682515][T15453] ? ip6_send_skb+0x10f/0x390 [ 698.682548][T15453] ip6_send_skb+0x1d5/0x390 [ 698.682590][T15453] rawv6_push_pending_frames+0x6e9/0x8d0 [ 698.682624][T15453] ? __pfx_rawv6_push_pending_frames+0x10/0x10 [ 698.682652][T15453] ? __pfx_raw6_getfrag+0x10/0x10 [ 698.682682][T15453] rawv6_sendmsg+0x1331/0x1820 [ 698.682725][T15453] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 698.682761][T15453] ? aa_file_perm+0x13a/0x1550 [ 698.682809][T15453] ? __pfx_aa_sk_perm+0x10/0x10 [ 698.682840][T15453] ? sock_rps_record_flow+0x19/0x410 [ 698.682872][T15453] ? inet_sendmsg+0x2f4/0x370 [ 698.682900][T15453] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 698.682932][T15453] __sock_sendmsg+0x19c/0x270 [ 698.682969][T15453] sock_write_iter+0x258/0x330 [ 698.683013][T15453] ? __pfx_sock_write_iter+0x10/0x10 [ 698.683056][T15453] ? bpf_lsm_file_permission+0x9/0x20 [ 698.683086][T15453] ? security_file_permission+0x75/0x290 [ 698.683120][T15453] vfs_write+0x5c6/0xb30 [ 698.683152][T15453] ? __pfx_sock_write_iter+0x10/0x10 [ 698.683183][T15453] ? __pfx_vfs_write+0x10/0x10 [ 698.683221][T15453] ? __fget_files+0x2a/0x420 [ 698.683260][T15453] ksys_write+0x145/0x250 [ 698.683288][T15453] ? __pfx_ksys_write+0x10/0x10 [ 698.683309][T15453] ? rcu_is_watching+0x15/0xb0 [ 698.683344][T15453] ? do_syscall_64+0xbe/0x3b0 [ 698.683371][T15453] do_syscall_64+0xfa/0x3b0 [ 698.683392][T15453] ? lockdep_hardirqs_on+0x9c/0x150 [ 698.683412][T15453] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.683435][T15453] ? clear_bhb_loop+0x60/0xb0 [ 698.683461][T15453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.683482][T15453] RIP: 0033:0x7f3877b8ebe9 [ 698.683502][T15453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 698.683521][T15453] RSP: 002b:00007f3878ae2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 698.683545][T15453] RAX: ffffffffffffffda RBX: 00007f3877db5fa0 RCX: 00007f3877b8ebe9 [ 698.683561][T15453] RDX: 00000000000005ac RSI: 00002000000000c0 RDI: 0000000000000003 [ 698.683575][T15453] RBP: 00007f3878ae2090 R08: 0000000000000000 R09: 0000000000000000 [ 698.683589][T15453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 698.683601][T15453] R13: 00007f3877db6038 R14: 00007f3877db5fa0 R15: 00007ffc7ff18668 [ 698.683637][T15453] [ 699.325218][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.367236][ T5932] hub 5-1:0.0: activate --> -90 [ 699.375586][ C0] raw-gadget.2 gadget.4: ignoring, device is not running [ 699.384112][ T5932] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 699.385216][ T5859] usb 5-1: USB disconnect, device number 43 [ 699.520826][ T30] audit: type=1326 audit(1755066817.320:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.5.3334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3877b8ebe9 code=0x0 [ 700.003935][T15463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3337'. [ 700.052933][T15463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3337'. [ 700.182671][T15465] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 700.487584][ T5859] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 700.551382][T15469] Mount JFS Failure: -22 [ 700.661566][ T5859] usb 5-1: Using ep0 maxpacket: 16 [ 700.681599][ T5859] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 700.692819][ T5859] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 700.707392][ T5859] usb 5-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 700.727626][ T5859] usb 5-1: config 1 interface 0 has no altsetting 0 [ 700.753600][ T5859] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 700.773025][ T5859] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.790849][ T5859] usb 5-1: Product: syz [ 700.809524][T15474] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 700.816724][ T5859] usb 5-1: Manufacturer: syz [ 700.821699][ T5859] usb 5-1: SerialNumber: syz [ 700.838158][T15474] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 701.041965][ T5859] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 701.222409][T15428] kexec: Could not allocate control_code_buffer [ 701.247756][ T5859] usb 2-1: USB disconnect, device number 13 [ 701.297165][T15465] usblp0:failed reading printer status (-71) [ 701.307796][ T5932] usb 5-1: USB disconnect, device number 44 [ 701.375692][T15481] random: crng reseeded on system resumption [ 701.460410][ T9171] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.525654][T15481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3345'. [ 701.525980][T15464] usblp0: removed [ 701.679117][ T9171] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.757439][T14556] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 701.811074][ T9171] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.942922][ T9171] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.957379][T14556] usb 2-1: Using ep0 maxpacket: 32 [ 701.971515][T14556] usb 2-1: config 0 has an invalid interface number: 146 but max is 0 [ 701.993038][T14556] usb 2-1: config 0 has no interface number 0 [ 702.008004][T15485] team_slave_0: left promiscuous mode [ 702.014335][T14556] usb 2-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 702.040961][T15486] team_slave_0: entered promiscuous mode [ 702.041039][T14556] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 702.077407][T14556] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 702.113452][T14556] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 702.143213][T14556] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 702.163113][T14556] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 702.176522][T14556] usb 2-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 702.246087][T14556] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 702.255854][T15488] exFAT-fs (rnullb0): invalid boot record signature [ 702.300428][T15488] exFAT-fs (rnullb0): failed to read boot sector [ 702.307378][T14556] usb 2-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 702.336355][T15488] exFAT-fs (rnullb0): failed to recognize exfat type [ 702.382102][T15489] exFAT-fs (rnullb0): invalid boot record signature [ 702.382535][T14556] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 702.414445][T15489] exFAT-fs (rnullb0): failed to read boot sector [ 702.428186][ T9171] bridge_slave_1: left allmulticast mode [ 702.440314][T15489] exFAT-fs (rnullb0): failed to recognize exfat type [ 702.457659][T14556] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.457943][ T9171] bridge_slave_1: left promiscuous mode [ 702.481331][T14556] usb 2-1: Product: syz [ 702.488094][T14556] usb 2-1: Manufacturer: syz [ 702.492735][T14556] usb 2-1: SerialNumber: syz [ 702.497524][ T9171] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.555229][T14556] usb 2-1: config 0 descriptor?? [ 702.561753][ T9171] bridge_slave_0: left allmulticast mode [ 702.587989][T15482] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 702.600491][ T9171] bridge_slave_0: left promiscuous mode [ 702.619708][T14556] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk. [ 702.624162][ T9171] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.649835][T14556] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out. [ 702.853749][T14556] usb 2-1: USB disconnect, device number 14 [ 702.889562][ T5876] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 702.911237][ T5876] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 702.922229][ T5876] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 702.934236][ T5876] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 702.946035][ T5876] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 703.377701][T14556] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 703.568177][T14556] usb 5-1: Using ep0 maxpacket: 32 [ 703.575537][T14556] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 703.641623][T14556] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 703.662998][T14556] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.673341][T14556] usb 5-1: Product: syz [ 703.677673][T14556] usb 5-1: Manufacturer: syz [ 703.682430][T14556] usb 5-1: SerialNumber: syz [ 703.691898][T14556] usb 5-1: config 0 descriptor?? [ 703.815790][ T9171] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 703.830038][ T9171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 703.840118][ T9171] bond0 (unregistering): Released all slaves [ 703.924144][T14556] usb 5-1: USB disconnect, device number 45 [ 703.951785][T15500] virt_wifi0 speed is unknown, defaulting to 1000 [ 704.384658][ T9171] hsr_slave_0: left promiscuous mode [ 704.391739][ T9171] hsr_slave_1: left promiscuous mode [ 704.398594][ T9171] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 704.406023][ T9171] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 704.431631][ T9171] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.464615][ T9171] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 704.606650][ T9171] veth1_macvtap: left promiscuous mode [ 704.625250][ T9171] veth0_macvtap: left promiscuous mode [ 704.636658][ T9171] veth1_vlan: left promiscuous mode [ 704.667298][ T9171] veth0_vlan: left promiscuous mode [ 704.947089][ T43] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 705.070202][ T5876] Bluetooth: hci5: command tx timeout [ 705.167734][T15551] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 705.172653][ T43] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 705.183689][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.191833][ T43] usb 5-1: Product: syz [ 705.196037][ T43] usb 5-1: Manufacturer: syz [ 705.213712][ T43] usb 5-1: SerialNumber: syz [ 705.258549][ T43] usb 5-1: config 0 descriptor?? [ 705.522877][ T43] usb-storage 5-1:0.0: USB Mass Storage device detected [ 705.637469][ T3098] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 705.816429][T14556] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 705.822574][ T3098] usb 2-1: Using ep0 maxpacket: 16 [ 705.844915][ T3098] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 705.864167][ T3098] usb 2-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 705.875825][ T3098] usb 2-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 705.894201][ T3098] usb 2-1: config 1 interface 0 has no altsetting 0 [ 705.918100][ T3098] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 705.946164][ T3098] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.954836][ T3098] usb 2-1: Product: syz [ 705.959431][ T3098] usb 2-1: Manufacturer: syz [ 705.965424][ T3098] usb 2-1: SerialNumber: syz [ 705.987647][T14556] usb 3-1: Using ep0 maxpacket: 32 [ 706.032387][T14556] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 706.051053][T14556] usb 3-1: config 0 has no interface number 0 [ 706.061311][T14556] usb 3-1: config 0 interface 12 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 706.085690][T14556] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=2e.5f [ 706.095669][T14556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 706.114923][T14556] usb 3-1: Product: syz [ 706.123781][T14556] usb 3-1: Manufacturer: syz [ 706.134414][T14556] usb 3-1: SerialNumber: syz [ 706.156598][T14556] usb 3-1: config 0 descriptor?? [ 706.192408][T14556] iowarrior 3-1:0.12: no interrupt-in endpoint found [ 706.219782][ T3098] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 706.431743][ T9171] team0 (unregistering): Port device team_slave_1 removed [ 706.482520][T15554] usblp0:failed reading printer status (-71) [ 706.483003][ T3098] usb 2-1: USB disconnect, device number 15 [ 706.698384][ T9171] team0 (unregistering): Port device team_slave_0 removed [ 707.139850][ T5876] Bluetooth: hci5: command tx timeout [ 707.286022][ T3098] usb 3-1: USB disconnect, device number 112 [ 708.173909][T15551] usblp0: removed [ 708.331871][T15500] chnl_net:caif_netlink_parms(): no params data found [ 708.351672][ T5859] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 708.518750][ T5859] usb 3-1: Using ep0 maxpacket: 16 [ 708.547372][ T5859] usb 3-1: unable to get BOS descriptor or descriptor too short [ 708.556775][ T5859] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 708.585829][ T5859] usb 3-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a [ 708.651661][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.660007][ T5859] usb 3-1: Product: syz [ 708.664223][ T5859] usb 3-1: Manufacturer: syz [ 708.669154][ T5859] usb 3-1: SerialNumber: syz [ 708.908134][T15500] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.922983][T15500] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.962589][T15500] bridge_slave_0: entered allmulticast mode [ 708.982317][T15500] bridge_slave_0: entered promiscuous mode [ 709.224629][ T5876] Bluetooth: hci5: command tx timeout [ 709.314478][T15500] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.341190][T15500] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.362413][T15500] bridge_slave_1: entered allmulticast mode [ 709.385533][T15500] bridge_slave_1: entered promiscuous mode [ 709.583574][T15500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 709.628287][ T5859] kobil_sct 3-1:3.0: required endpoints missing [ 709.639553][T15500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.664192][ T5859] usb 3-1: USB disconnect, device number 113 [ 709.822516][T15500] team0: Port device team_slave_0 added [ 709.843705][T15500] team0: Port device team_slave_1 added [ 709.928645][ T3098] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 709.968921][T15500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 709.976053][T15500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 710.040254][T15500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 710.054844][T15500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 710.063556][T15500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 710.094679][T15500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 710.106705][ T3098] usb 2-1: Using ep0 maxpacket: 32 [ 710.114762][ T3098] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 710.126503][ T3098] usb 2-1: config 0 has no interface number 0 [ 710.142986][ T3098] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 710.167528][ T3098] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.175587][ T3098] usb 2-1: Product: syz [ 710.197056][ T3098] usb 2-1: Manufacturer: syz [ 710.209507][ T3098] usb 2-1: SerialNumber: syz [ 710.230365][ T3098] usb 2-1: config 0 descriptor?? [ 710.251067][ T3098] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 710.327641][T15500] hsr_slave_0: entered promiscuous mode [ 710.334853][T15500] hsr_slave_1: entered promiscuous mode [ 710.342386][T15500] debugfs: 'hsr0' already exists in 'hsr' [ 710.354813][T15500] Cannot create hsr debugfs directory [ 710.403815][T15541] kexec: Could not allocate control_code_buffer [ 710.477652][ T3098] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 710.482296][T14556] usb 5-1: USB disconnect, device number 46 [ 710.577647][ T3098] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 710.615950][T15606] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 710.662332][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 710.906151][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 710.923949][T14556] usb 2-1: USB disconnect, device number 16 [ 710.968284][T14556] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 711.027814][T14556] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 711.046460][ T5870] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 711.090429][T14556] quatech2 2-1:0.51: device disconnected [ 711.226395][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 711.241465][ T5870] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 711.274046][ T5870] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 711.297881][ T5870] usb 5-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 711.300901][ T5876] Bluetooth: hci5: command tx timeout [ 711.329001][ T5870] usb 5-1: config 1 interface 0 has no altsetting 0 [ 711.337796][T15500] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 711.370998][T15500] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 711.388425][ T5870] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 711.406536][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.451308][ T5870] usb 5-1: Product: syz [ 711.453888][T15500] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 711.459284][ T5870] usb 5-1: Manufacturer: syz [ 711.480661][T15500] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 711.496671][ T5870] usb 5-1: SerialNumber: syz [ 711.669384][ T3098] usb 3-1: new full-speed USB device number 114 using dummy_hcd [ 711.722483][ T5870] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 47 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 711.723997][T15500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.788673][T15500] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.806343][ T5932] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 711.812269][ T8767] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.821289][ T8767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 711.854175][ T3098] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 711.861965][ T3098] usb 3-1: can't read configurations, error -61 [ 711.884231][ T8767] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.891658][ T8767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 711.983619][T15606] usblp0:failed reading printer status (-71) [ 711.990449][ T5932] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 712.010125][ T5870] usb 5-1: USB disconnect, device number 47 [ 712.016847][ T3098] usb 3-1: new full-speed USB device number 115 using dummy_hcd [ 712.039430][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 712.071120][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 712.091320][ T5932] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 712.111215][ T5932] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 712.134051][ T5932] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 712.161521][ T5932] usb 2-1: Manufacturer: syz [ 712.184217][ T5932] usb 2-1: config 0 descriptor?? [ 712.198380][T15605] usblp0: removed [ 712.201147][ T3098] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 712.255234][ T3098] usb 3-1: can't read configurations, error -61 [ 712.268854][ T3098] usb usb3-port1: attempt power cycle [ 712.454897][T15500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.624612][ T5932] hid_parser_main: 6 callbacks suppressed [ 712.624640][ T5932] appleir 0003:05AC:8243.003F: unknown main item tag 0x0 [ 712.636283][ T3098] usb 3-1: new full-speed USB device number 116 using dummy_hcd [ 712.652407][ T5932] appleir 0003:05AC:8243.003F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 712.679927][ T3098] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 712.687850][ T3098] usb 3-1: can't read configurations, error -61 [ 712.846941][ T3098] usb 3-1: new full-speed USB device number 117 using dummy_hcd [ 712.877010][T15630] FAULT_INJECTION: forcing a failure. [ 712.877010][T15630] name failslab, interval 1, probability 0, space 0, times 0 [ 712.879870][ T3098] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 712.916302][T15630] CPU: 0 UID: 0 PID: 15630 Comm: syz.1.3373 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 712.916334][T15630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 712.916347][T15630] Call Trace: [ 712.916356][T15630] [ 712.916366][T15630] dump_stack_lvl+0x189/0x250 [ 712.916404][T15630] ? __pfx____ratelimit+0x10/0x10 [ 712.916424][T15630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 712.916451][T15630] ? __pfx__printk+0x10/0x10 [ 712.916484][T15630] ? __pfx___might_resched+0x10/0x10 [ 712.916509][T15630] ? fs_reclaim_acquire+0x7d/0x100 [ 712.916541][T15630] should_fail_ex+0x414/0x560 [ 712.916576][T15630] should_failslab+0xa8/0x100 [ 712.916601][T15630] __kmalloc_cache_noprof+0x70/0x3d0 [ 712.916622][T15630] ? hiddev_ioctl_string+0xfb/0x1e0 [ 712.916656][T15630] hiddev_ioctl_string+0xfb/0x1e0 [ 712.916690][T15630] hiddev_ioctl+0x4a7/0x1670 [ 712.916727][T15630] ? __pfx_hiddev_ioctl+0x10/0x10 [ 712.916772][T15630] ? __fget_files+0x2a/0x420 [ 712.916807][T15630] ? bpf_lsm_file_ioctl+0x9/0x20 [ 712.916837][T15630] ? __pfx_hiddev_ioctl+0x10/0x10 [ 712.916868][T15630] __se_sys_ioctl+0xf9/0x170 [ 712.916894][T15630] do_syscall_64+0xfa/0x3b0 [ 712.916916][T15630] ? lockdep_hardirqs_on+0x9c/0x150 [ 712.916943][T15630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.916963][T15630] ? clear_bhb_loop+0x60/0xb0 [ 712.916989][T15630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.917008][T15630] RIP: 0033:0x7f321738ebe9 [ 712.917028][T15630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.917046][T15630] RSP: 002b:00007f3218275038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 712.917071][T15630] RAX: ffffffffffffffda RBX: 00007f32175b5fa0 RCX: 00007f321738ebe9 [ 712.917087][T15630] RDX: 0000200000000400 RSI: 0000000081044804 RDI: 0000000000000004 [ 712.917101][T15630] RBP: 00007f3218275090 R08: 0000000000000000 R09: 0000000000000000 [ 712.917114][T15630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 712.917126][T15630] R13: 00007f32175b6038 R14: 00007f32175b5fa0 R15: 00007fffe47e9658 [ 712.917161][T15630] [ 713.139321][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.146527][ T3098] usb 3-1: can't read configurations, error -61 [ 713.174359][T15500] veth0_vlan: entered promiscuous mode [ 713.190030][ T3098] usb usb3-port1: unable to enumerate USB device [ 713.202633][T15500] veth1_vlan: entered promiscuous mode [ 713.263318][T15500] veth0_macvtap: entered promiscuous mode [ 713.276485][T15500] veth1_macvtap: entered promiscuous mode [ 713.300160][T15500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 713.316775][T15500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 713.335661][ T9173] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.345247][ T9173] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.355716][ T8767] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.368402][ T8767] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.446357][ T5870] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 713.487099][ T8767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.495353][ T8767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.534503][ T9171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.544901][ T9171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.607009][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 713.614767][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 713.632563][T15656] overlay: Unknown parameter 'subj_user' [ 713.651597][ T5870] usb 5-1: New USB device found, idVendor=28bd, idProduct=1903, bcdDevice= 0.00 [ 713.661627][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.682640][ T5870] usb 5-1: config 0 descriptor?? [ 713.880010][ T5859] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 714.016181][ T5859] usb 7-1: device descriptor read/64, error -71 [ 714.103196][ T5870] input: HID 28bd:1903 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28BD:1903.0040/input/input57 [ 714.196667][ T5870] uclogic 0003:28BD:1903.0040: input,hidraw1: USB HID v0.02 Mouse [HID 28bd:1903] on usb-dummy_hcd.4-1/input0 [ 714.266184][ T5859] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 714.308159][T15653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3374'. [ 714.351943][ T5870] usb 5-1: USB disconnect, device number 48 [ 714.407592][ T5859] usb 7-1: device descriptor read/64, error -71 [ 714.530424][ T5859] usb usb7-port1: attempt power cycle [ 714.875985][ T5859] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 714.907798][ T5932] usb 2-1: reset high-speed USB device number 17 using dummy_hcd [ 714.927917][ T5859] usb 7-1: device descriptor read/8, error -71 [ 715.155943][ T43] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 715.179317][ T5859] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 715.203846][T15670] 9p: Unknown Cache mode or invalid value readahea÷r [ 715.217729][ T5859] usb 7-1: device descriptor read/8, error -71 [ 715.336552][ T5859] usb usb7-port1: unable to enumerate USB device [ 715.349688][ T43] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 715.364706][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 715.385743][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 715.399077][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 715.417171][ T43] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 715.426531][ T43] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 715.434676][ T43] usb 5-1: Manufacturer: syz [ 715.443141][ T43] usb 5-1: config 0 descriptor?? [ 715.543147][T15674] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 715.815949][T14556] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 715.966157][T14556] usb 3-1: Using ep0 maxpacket: 16 [ 715.973830][T14556] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 715.983849][T14556] usb 3-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 715.993812][T14556] usb 3-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 716.008592][T14556] usb 3-1: config 1 interface 0 has no altsetting 0 [ 716.022749][T14556] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 716.039247][T14556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.051028][T14556] usb 3-1: Product: syz [ 716.055298][T14556] usb 3-1: Manufacturer: syz [ 716.062104][T14556] usb 3-1: SerialNumber: syz [ 716.733423][ T43] usbhid 5-1:0.0: can't add hid device: -71 [ 716.736842][T14556] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 118 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 716.758585][ T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 716.772266][ T43] usb 5-1: USB disconnect, device number 49 [ 716.800488][T14556] usb 3-1: USB disconnect, device number 118 [ 716.839775][T14556] usblp1: removed [ 717.322240][T14556] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 717.495879][T14556] usb 7-1: Using ep0 maxpacket: 8 [ 717.521965][T14556] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 717.544753][ T5932] usb 2-1: USB disconnect, device number 17 [ 717.550995][T14556] usb 7-1: config 0 has no interface number 0 [ 717.569833][T14556] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 717.588459][T14556] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 717.605390][T14556] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 717.622985][T14556] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 717.638295][T14556] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 717.673577][T14556] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.725218][T14556] usb 7-1: config 0 descriptor?? [ 717.759365][T15695] FAULT_INJECTION: forcing a failure. [ 717.759365][T15695] name failslab, interval 1, probability 0, space 0, times 0 [ 717.759883][T14556] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 717.781373][T15695] CPU: 1 UID: 0 PID: 15695 Comm: syz.2.3388 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 717.781403][T15695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 717.781417][T15695] Call Trace: [ 717.781426][T15695] [ 717.781435][T15695] dump_stack_lvl+0x189/0x250 [ 717.781471][T15695] ? __pfx____ratelimit+0x10/0x10 [ 717.781493][T15695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 717.781520][T15695] ? __pfx__printk+0x10/0x10 [ 717.781558][T15695] ? __pfx___might_resched+0x10/0x10 [ 717.781583][T15695] ? fs_reclaim_acquire+0x7d/0x100 [ 717.781614][T15695] should_fail_ex+0x414/0x560 [ 717.781650][T15695] should_failslab+0xa8/0x100 [ 717.781677][T15695] __kmalloc_noprof+0xcb/0x4f0 [ 717.781697][T15695] ? ovl_cache_entry_new+0x49/0x820 [ 717.781728][T15695] ovl_cache_entry_new+0x49/0x820 [ 717.781763][T15695] ovl_fill_plain+0x5a/0x1c0 [ 717.781786][T15695] ? __pfx_ovl_fill_plain+0x10/0x10 [ 717.781807][T15695] offset_readdir+0x1e6/0x560 [ 717.781830][T15695] ? down_read_killable+0x1d1/0x350 [ 717.781862][T15695] iterate_dir+0x396/0x570 [ 717.781892][T15695] ovl_dir_read+0x146/0x5f0 [ 717.781925][T15695] ? __pfx_ovl_dir_read+0x10/0x10 [ 717.781954][T15695] ? __kasan_kmalloc+0x93/0xb0 [ 717.781986][T15695] ovl_iterate+0x14c5/0x1f40 [ 717.782014][T15695] ? __lock_acquire+0xab9/0xd20 [ 717.782055][T15695] ? __pfx_ovl_iterate+0x10/0x10 [ 717.782075][T15695] ? aa_file_perm+0x13a/0x1550 [ 717.782101][T15695] ? __pfx_ovl_fill_plain+0x10/0x10 [ 717.782133][T15695] ? __pfx_ovl_fill_real+0x10/0x10 [ 717.782185][T15695] ? down_write+0x162/0x1f0 [ 717.782206][T15695] ? __pfx_down_write+0x10/0x10 [ 717.782228][T15695] ? wrap_directory_iterator+0x52/0xe0 [ 717.782249][T15695] ? __pfx_ovl_iterate+0x10/0x10 [ 717.782271][T15695] wrap_directory_iterator+0x96/0xe0 [ 717.782295][T15695] iterate_dir+0x396/0x570 [ 717.782320][T15695] __se_sys_getdents+0xe4/0x250 [ 717.782344][T15695] ? __pfx___se_sys_getdents+0x10/0x10 [ 717.782362][T15695] ? ksys_write+0x22a/0x250 [ 717.782381][T15695] ? __pfx_filldir+0x10/0x10 [ 717.782403][T15695] ? __pfx_ksys_write+0x10/0x10 [ 717.782421][T15695] ? rcu_is_watching+0x15/0xb0 [ 717.782450][T15695] ? do_syscall_64+0xbe/0x3b0 [ 717.782474][T15695] do_syscall_64+0xfa/0x3b0 [ 717.782492][T15695] ? lockdep_hardirqs_on+0x9c/0x150 [ 717.782510][T15695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.782528][T15695] ? clear_bhb_loop+0x60/0xb0 [ 717.782552][T15695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.782569][T15695] RIP: 0033:0x7f185818ebe9 [ 717.782588][T15695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.782604][T15695] RSP: 002b:00007f1859066038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 717.782625][T15695] RAX: ffffffffffffffda RBX: 00007f18583b5fa0 RCX: 00007f185818ebe9 [ 717.782639][T15695] RDX: 000000000000001f RSI: 00002000000008c0 RDI: 0000000000000005 [ 717.782652][T15695] RBP: 00007f1859066090 R08: 0000000000000000 R09: 0000000000000000 [ 717.782664][T15695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 717.782676][T15695] R13: 00007f18583b6038 R14: 00007f18583b5fa0 R15: 00007ffd1c8f7cf8 [ 717.782707][T15695] [ 718.882573][T15712] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 719.155645][ T5870] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 719.236794][T14556] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 719.325952][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 719.341569][ T5870] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 719.352361][ T5870] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 719.367770][ T5870] usb 5-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 719.383344][ T5870] usb 5-1: config 1 interface 0 has no altsetting 0 [ 719.394097][ T5870] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 719.424132][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.432698][ T5870] usb 5-1: Product: syz [ 719.441381][T14556] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 719.457690][ T5870] usb 5-1: Manufacturer: syz [ 719.462448][T14556] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 719.483878][ T5870] usb 5-1: SerialNumber: syz [ 719.504135][T14556] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 719.522016][T14556] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 719.545682][T14556] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 719.569456][T14556] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 719.591205][T14556] usb 3-1: Manufacturer: syz [ 719.612913][T14556] usb 3-1: config 0 descriptor?? [ 719.720547][ T5870] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 50 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8 [ 719.855968][ T31] INFO: task syz-executor:5866 blocked for more than 144 seconds. [ 719.870442][ T31] Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 [ 719.879311][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 719.892938][ T31] task:syz-executor state:D stack:21192 pid:5866 tgid:5866 ppid:1 task_flags:0x400140 flags:0x00004004 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 719.906388][ T31] Call Trace: [ 719.911443][ T31] [ 719.914595][ T31] __schedule+0x1798/0x4cc0 [ 719.924945][ T31] ? do_raw_spin_lock+0x121/0x290 [ 719.933882][ T31] ? __lock_acquire+0xab9/0xd20 [ 719.946495][ T31] ? __pfx___schedule+0x10/0x10 [ 719.952823][ T31] ? schedule+0x91/0x360 [ 719.961011][ T31] schedule+0x165/0x360 [ 719.971364][ T31] v9fs_evict_inode+0x170/0x320 [ 719.983964][ T43] usb 5-1: USB disconnect, device number 50 [ 719.995528][ T31] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 720.022773][ T31] ? __pfx_var_wake_function+0x10/0x10 [ 720.081744][ T43] usblp1: removed [ 720.087924][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 720.100381][T14556] usbhid 3-1:0.0: can't add hid device: -71 [ 720.125863][T14556] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 720.132724][ T31] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 720.170534][ T5859] usb 7-1: USB disconnect, device number 6 [ 720.170607][ C0] ldusb 7-1:0.55: usb_submit_urb failed (-19) [ 720.193708][ T31] evict+0x501/0x9c0 [ 720.248755][ T31] ? __pfx_evict+0x10/0x10 [ 720.253009][T14556] usb 3-1: USB disconnect, device number 119 [ 720.253247][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 720.265994][ T5859] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 720.282613][ T31] ? _raw_spin_unlock+0x28/0x50 [ 720.310531][ T31] ? iput+0x6d8/0x9d0 [ 720.328848][ T31] __dentry_kill+0x209/0x660 [ 720.333522][ T31] ? dput+0x37/0x2b0 [ 720.345943][ T31] dput+0x19f/0x2b0 [ 720.360431][ T31] shrink_dcache_for_umount+0xa0/0x170 [ 720.385792][ T31] generic_shutdown_super+0x67/0x2c0 [ 720.391160][ T31] kill_anon_super+0x3b/0x70 [ 720.409975][ T31] v9fs_kill_super+0x4c/0x90 [ 720.425415][ T31] deactivate_locked_super+0xbc/0x130 [ 720.430874][ T31] cleanup_mnt+0x425/0x4c0 [ 720.435706][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.441649][ T31] task_work_run+0x1d4/0x260 [ 720.446769][ T31] ? __pfx_task_work_run+0x10/0x10 [ 720.451928][ T31] ? __x64_sys_umount+0x122/0x160 [ 720.460345][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 720.465920][ T31] exit_to_user_mode_loop+0xec/0x110 [ 720.471466][ T31] do_syscall_64+0x2bd/0x3b0 [ 720.476964][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.482206][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.492603][ T31] ? clear_bhb_loop+0x60/0xb0 [ 720.502440][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.508538][ T31] RIP: 0033:0x7f2f4bb8ff17 [ 720.513081][ T31] RSP: 002b:00007ffe0a3271d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 720.521803][ T31] RAX: 0000000000000000 RBX: 00007f2f4bc11c05 RCX: 00007f2f4bb8ff17 [ 720.530261][ T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe0a327290 [ 720.538705][ T31] RBP: 00007ffe0a327290 R08: 0000000000000000 R09: 0000000000000000 [ 720.546842][ T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe0a328320 [ 720.555192][ T31] R13: 00007f2f4bc11c05 R14: 000000000008727d R15: 00007ffe0a328360 [ 720.563245][ T31] [ 720.568783][ T31] [ 720.568783][ T31] Showing all locks held in the system: [ 720.576605][ T31] 1 lock held by khungtaskd/31: [ 720.581494][ T31] #0: ffffffff8e539ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 720.591618][ T31] 2 locks held by getty/5628: [ 720.596374][ T31] #0: ffff8880339480a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 720.607653][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 720.618107][ T31] 1 lock held by syz-executor/5866: [ 720.623342][ T31] #0: ffff888078b9a0e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 720.637289][ T31] 3 locks held by kworker/0:2/14556: [ 720.642620][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 720.665314][ T31] #1: ffffc9000bcffbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 720.683193][ T31] #2: ffffffff8e53f978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 720.700589][ T31] 1 lock held by syz.0.3102/14746: [ 720.708747][ T31] #0: ffff888078b9a0e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x2a9/0x3b0 [ 720.719335][ T31] 1 lock held by syz.4.3394/15712: [ 720.724483][ T31] #0: ffffffff8e53f978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 720.752276][ T31] [ 720.754666][ T31] ============================================= [ 720.754666][ T31] [ 720.795295][ T31] NMI backtrace for cpu 0 [ 720.795319][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 720.795344][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 720.795363][ T31] Call Trace: [ 720.795373][ T31] [ 720.795383][ T31] dump_stack_lvl+0x189/0x250 [ 720.795421][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 720.795449][ T31] ? __pfx__printk+0x10/0x10 [ 720.795482][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 720.795508][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 720.795533][ T31] ? __pfx__printk+0x10/0x10 [ 720.795559][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 720.795581][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 720.795606][ T31] watchdog+0xf60/0xfa0 [ 720.795627][ T31] ? watchdog+0x1e2/0xfa0 [ 720.795648][ T31] kthread+0x70e/0x8a0 [ 720.795665][ T31] ? __pfx_watchdog+0x10/0x10 [ 720.795681][ T31] ? __pfx_kthread+0x10/0x10 [ 720.795707][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 720.795730][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.795744][ T31] ? __pfx_kthread+0x10/0x10 [ 720.795768][ T31] ret_from_fork+0x3f9/0x770 [ 720.795791][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 720.795816][ T31] ? __switch_to_asm+0x39/0x70 [ 720.795830][ T31] ? __switch_to_asm+0x33/0x70 [ 720.795845][ T31] ? __pfx_kthread+0x10/0x10 [ 720.795869][ T31] ret_from_fork_asm+0x1a/0x30 [ 720.796018][ T31] [ 720.796082][ T31] Sending NMI from CPU 0 to CPUs 1: [ 720.948900][ C1] NMI backtrace for cpu 1 [ 720.948919][ C1] CPU: 1 UID: 0 PID: 15721 Comm: syz.1.3396 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 720.948940][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 720.948950][ C1] RIP: 0010:debug_check_no_obj_freed+0x205/0x470 [ 720.948979][ C1] Code: 00 ff c3 48 8b 44 24 18 49 89 c7 48 85 c0 0f 84 45 02 00 00 4d 89 fe 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 <74> 08 4c 89 ff e8 e1 35 4a fd 49 8b 07 48 89 44 24 18 4d 8d 67 18 [ 720.948993][ C1] RSP: 0018:ffffc90003c677f8 EFLAGS: 00000046 [ 720.949009][ C1] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: dffffc0000000001 [ 720.949022][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90003c676e0 [ 720.949033][ C1] RBP: ffff888059993cd8 R08: 0000000000000003 R09: 0000000000000004 [ 720.949044][ C1] R10: dffffc0000000000 R11: fffff5200078cedc R12: ffff888059974a28 [ 720.949056][ C1] R13: ffff888072e96000 R14: 1ffff110060bfcaf R15: ffff8880305fe578 [ 720.949068][ C1] FS: 0000000000000000(0000) GS:ffff8881258da000(0000) knlGS:0000000000000000 [ 720.949082][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 720.949094][ C1] CR2: 0000565324586000 CR3: 000000000e336000 CR4: 00000000003526f0 [ 720.949110][ C1] Call Trace: [ 720.949118][ C1] [ 720.949128][ C1] ? __page_table_check_zero+0xba/0x530 [ 720.949151][ C1] __free_frozen_pages+0x4dd/0xd30 [ 720.949175][ C1] vfree+0x25a/0x400 [ 720.949192][ C1] ? __pfx_kcov_close+0x10/0x10 [ 720.949210][ C1] kcov_close+0x28/0x50 [ 720.949226][ C1] __fput+0x449/0xa70 [ 720.949246][ C1] task_work_run+0x1d4/0x260 [ 720.949265][ C1] ? __pfx_task_work_run+0x10/0x10 [ 720.949282][ C1] ? kmem_cache_free+0x18f/0x400 [ 720.949301][ C1] do_exit+0x6b5/0x2300 [ 720.949320][ C1] ? cgroup_freezing+0x20/0x350 [ 720.949344][ C1] ? __pfx_do_exit+0x10/0x10 [ 720.949360][ C1] ? cgroup_freezing+0x20/0x350 [ 720.949382][ C1] ? cgroup_freezing+0x20/0x350 [ 720.949408][ C1] do_group_exit+0x21c/0x2d0 [ 720.949424][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.949442][ C1] get_signal+0x1286/0x1340 [ 720.949470][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 720.949493][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 720.949519][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 720.949539][ C1] exit_to_user_mode_loop+0x75/0x110 [ 720.949556][ C1] do_syscall_64+0x2bd/0x3b0 [ 720.949573][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.949589][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.949606][ C1] ? clear_bhb_loop+0x60/0xb0 [ 720.949625][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.949640][ C1] RIP: 0033:0x7f321738ebe9 [ 720.949654][ C1] Code: Unable to access opcode bytes at 0x7f321738ebbf. [ 720.949663][ C1] RSP: 002b:00007f32182540e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 720.949680][ C1] RAX: fffffffffffffe00 RBX: 00007f32175b6098 RCX: 00007f321738ebe9 [ 720.949692][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f32175b6098 [ 720.949703][ C1] RBP: 00007f32175b6090 R08: 0000000000000000 R09: 0000000000000000 [ 720.949714][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 720.949732][ C1] R13: 00007f32175b6128 R14: 00007fffe47e9570 R15: 00007fffe47e9658 [ 720.949752][ C1] [ 721.195267][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 721.195298][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) [ 721.195323][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 721.195337][ T31] Call Trace: [ 721.195346][ T31] [ 721.195356][ T31] dump_stack_lvl+0x99/0x250 [ 721.195391][ T31] ? __asan_memcpy+0x40/0x70 [ 721.195419][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 721.195447][ T31] ? __pfx__printk+0x10/0x10 [ 721.195486][ T31] vpanic+0x281/0x750 [ 721.195522][ T31] ? __pfx_vpanic+0x10/0x10 [ 721.195543][ T31] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 721.195564][ T31] ? preempt_schedule+0xae/0xc0 [ 721.195593][ T31] ? preempt_schedule_common+0x83/0xd0 [ 721.195627][ T31] panic+0xb9/0xc0 [ 721.195649][ T31] ? __pfx_panic+0x10/0x10 [ 721.195673][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 721.195702][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 721.195731][ T31] watchdog+0xf9f/0xfa0 [ 721.195757][ T31] ? watchdog+0x1e2/0xfa0 [ 721.195791][ T31] kthread+0x70e/0x8a0 [ 721.195820][ T31] ? __pfx_watchdog+0x10/0x10 [ 721.195846][ T31] ? __pfx_kthread+0x10/0x10 [ 721.195876][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 721.195903][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 721.195920][ T31] ? __pfx_kthread+0x10/0x10 [ 721.195948][ T31] ret_from_fork+0x3f9/0x770 [ 721.195975][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 721.196005][ T31] ? __switch_to_asm+0x39/0x70 [ 721.196023][ T31] ? __switch_to_asm+0x33/0x70 [ 721.196041][ T31] ? __pfx_kthread+0x10/0x10 [ 721.196070][ T31] ret_from_fork_asm+0x1a/0x30 [ 721.196104][ T31] [ 721.442566][ T31] Kernel Offset: disabled [ 721.446887][ T31] Rebooting in 86400 seconds..